SlideShare a Scribd company logo

Setting Up a Cloud Server - Part 4 - Transcript.pdf

S
ShaiAlmog1

This is a part of an online Codename One course published around 2017 see it all for free at https://debugagent.com/series/cn1

Technology
1 of 16
Download to read offline
Setting up a Cloud Server - Part IV Now comes the world of pain, SSL support. This is actually not too horrible usually but I chose to go with the free lets encrypt option. That might have been a mistake in retrospect
server.port: 8443 security.require-ssl=true server.ssl.key-store:/home/builder/keystore.p12 server.ssl.key-store-password: password server.ssl.keyStoreType: PKCS12 server.ssl.keyAlias: tomcat application.properties ✦ We configure the path to the keystore, notice that setting this will break running locally so you might want to comment this out © Codename One 2017 all rights reserved In the IDE on our development machine lets open the application.properties and set several important variables. Notice that I will need to comment out these values when running locally since I can’t get SSL when running locally. The server must use SSL for everything as iOS won’t allow regular HTTP connections To do this I’ll define the server port to 8443 and require SSL. The next few lines point at the keystore file, password and alias. We’ll configure all of these values soon
scp ~/dev/AppBackendServer/target/ AppBackendServer-0.0.1-SNAPSHOT.jar builder@ip.of.remote.server:/home/builder From Desktop ✦ Copy the updated app to the server © Codename One 2017 all rights reserved I’ll need to redeploy the updated server with SSL setting by copying it to the server
$mv AppBackendServer-0.0.1-SNAPSHOT.jar AppBackendServer.jar Commands ✦ Replace the previous server version © Codename One 2017 all rights reserved And obviously I’ll need to do this line again too to move the uploaded file to replace the existing backend server.
DNS © Codename One 2017 all rights reserved build.majimob.com First we need to setup DNS for the server, assuming you already registered a domain setting the “A Record” to point at the ip address of your server gives it a name. You can’t apply https to an ip address and it’s not a good idea in the long run as it might pose a problem with scaling or migrating.
Lets Encrypt ✦ Normally certificate authorities work by verifying who you are via phone, Duns Number etc. ✦ Lets encrypt allows anyone to prove they own a domain and get a 90 day certificate ✦ 90 Days is painfully short but since the process is automated & free the assumption is you won’t notice ✦ JDK 8u101 added Lets Encrypt, if you have an older version you will need to upgrade or you will get an exception… © Codename One 2017 all rights reserved Lets for a second stop and explain how HTTPS works. The server sends a certificate which verifies the identity of the server (e.g. this really is build.majimob.com) and to prove that certificate it is signed by a “signing authority”. This signing authority is a company we trust to verify that identity. In the past signing authorities literally looked you up thru DUNS numbers which is a horrible thing I don’t want to go into right now. That way they could verify your identity. Lets encrypt was formed to allow everyone to get a valid SSL certificate for free. It does that by automating the process completely and the trick is composed of two pieces. The first is an application you run on your server to verify that this is the right server, the second trick is the short lifetime of a certificate. Only 90 days. Even if an exploit exists it will expire in 90 days naturally. Normally certificates last a year or two and it’s really painful to replace them. The 90 day time is horribly short and the reason it’s so short is so we would be forced to automate the process completely. That means our server should request a new certificate on its own without any action from us. That’s actually pretty cool, it would mean the certificate will always be renewed and current without any work from us once we do the actual work. One caveat for Java developers is this. In order to recognize a certificate authority the root certificate should be embedded into browsers and the JDK itself. Most devices/browsers etc. already recognize lets encrypt but the JDK only added it in update 8u101 which is pretty late in the game. That might mean you will need to update your JDK to access the secure site.
Lets Encrypt - On Spring Boot ✦ Sucks… ✦ Spring Boot makes a lot of things seamless but doesn’t do it for Lets Encrypt ✦ This might change in the future but this is what I had to do to get it to work… © Codename One 2017 all rights reserved So lets get this off the bat. I really regretted picking lets encrypt as I worked thru the process. It sucks on spring boot. The automation doesn’t work out of the box and I needed to do so much wizardry it’s amazing… I don’t understand why the guys at Spring or Tomcat didn’t implement builtin support for this out of the box. I hope they will add it in an update but I haven’t seen anything so far, I seriously hope the rest of this module becomes out of date.
#yum install epel-release Commands ✦ Install additional 3rd party repository for packages © Codename One 2017 all rights reserved We start by installing some packages required by lets encrypt, this is pretty much the instructions you can find online to do that. This isn’t a smooth experience in part because of the newness of lets encrypt. The first thing we install isn’t so much a thing as it is a 3rd party repository to look in for additional packages
#yum -y install yum-utils Commands ✦ Install additional utilities to fetch lets encrypt tool © Codename One 2017 all rights reserved Next we install some utilities that allow us use the config manager in the next step
#yum-config-manager --enable rhui- REGION-rhel-server-extras rhui-REGION- rhel-server-optional Commands ✦ Setup configuration for additional region required by lets encrypt © Codename One 2017 all rights reserved I honestly have no idea why the hell this is needed, but it’s part of the setup instructions so I went along with it
#yum install certbot Commands ✦ The lets encrypt command line tool to fetch the certificates © Codename One 2017 all rights reserved The certbot is a command line tool that allows us to renew certificates automatically. Certificate Robot - got it…
#service AppBackendServer stop Commands ✦ We run lets encrypt in sever mode so it opens it’s own server. We need to stop our server so it can bind to the ports © Codename One 2017 all rights reserved We need to stop the server if it’s running. The reason for this is clear when we understand how lets encrypt works. It can integrate with some servers but not with spring boot. So the alternative is to let it spin its own server on port 443 which we would normally need. So we need to shut down the server while we renew the certificate.
#certbot certonly --standalone -d build.majimob.com -d build.majimob.com --tls-sni-01-port 8443 --http-01-port 8080 Commands ✦ Runs a server and verifies your domain against lets encrypt then generates the certificate into place ✦ Replace build.majimob.com with your domain ✦ Notice the ports argument so it will work with the IP Tables change © Codename One 2017 all rights reserved Now that the server is off we can launch the certbot command which fetches a certificate from the lets encrypt service automatically. The command includes several arguments so lets review the important ones. —standalone means we’ll be using the standalone server and can’t use integrations to one of the existing supported servers. -d passed the domain name that we want the certificate for which needs to be the same one associated with the DNS from before. The next two arguments represent the actual ports used for the servers. Notice that port 80 and 443 will be used internally but since we redirect those to different local ports with the iptables setting we need to indicate the real local ports to use. 
 Running this one command should generate the certificate but it doesn’t end there…
openssl pkcs12 -export -in /etc/letsencrypt/live/ build.majimob.com/fullchain.pem -inkey /etc/ letsencrypt/live/build.majimob.com/privkey.pem -out /home/builder/keystore.p12 -name tomcat -CAfile 
 /etc/letsencrypt/live/build.majimob.com/chain.pem
 -caname root Commands ✦ Converts the certificate to the keystore format used by Java ✦ Notice the paths include the majimob domain so you will need to fix those… © Codename One 2017 all rights reserved This is another big obtuse command. Lets encrypt generates a certificate and saves it using a pem format which we can’t use from Java. We can use this openssl command to convert the pem file saved in the /etc/letsencrypt directory to the keystore format we need.
#chown builder /home/builder/keystore.p12 Commands ✦ The file was created under root, we need to change it’s ownership to the right user © Codename One 2017 all rights reserved We ran that command as root so I’m using the chown command to change the ownership of the file from root to builder. This is generally good practice for files within the user directory. It would have probably been a better idea to just run the openssl command as builder
#service AppBackendServer start Commands ✦ Server can go back up, https should work now for your domain! © Codename One 2017 all rights reserved Now that this is done I can relaunch the backend server and https should work as expected. But there is still one thing missing

Recommended

Setting Up a Cloud Server - Part 2 - Transcript.pdf
Setting Up a Cloud Server - Part 2 - Transcript.pdfSetting Up a Cloud Server - Part 2 - Transcript.pdf
Setting Up a Cloud Server - Part 2 - Transcript.pdfShaiAlmog1
 
Setting Up a Cloud Server - Part 1 - Transcript.pdf
Setting Up a Cloud Server - Part 1 - Transcript.pdfSetting Up a Cloud Server - Part 1 - Transcript.pdf
Setting Up a Cloud Server - Part 1 - Transcript.pdfShaiAlmog1
 
Setting Up a Cloud Server - Part 4.pdf
Setting Up a Cloud Server - Part 4.pdfSetting Up a Cloud Server - Part 4.pdf
Setting Up a Cloud Server - Part 4.pdfShaiAlmog1
 
Learn to Add an SSL Certificate Boost Your Site's Security.pdf
Learn to Add an SSL Certificate Boost Your Site's Security.pdfLearn to Add an SSL Certificate Boost Your Site's Security.pdf
Learn to Add an SSL Certificate Boost Your Site's Security.pdfReliqusConsulting
 
Making Spinnaker Go @ Stitch Fix
Making Spinnaker Go @ Stitch FixMaking Spinnaker Go @ Stitch Fix
Making Spinnaker Go @ Stitch FixDiana Tkachenko
 
Demystfying secure certs
Demystfying secure certsDemystfying secure certs
Demystfying secure certsGary Williams
 
Как мы взломали распределенные системы конфигурационного управления
Как мы взломали распределенные системы конфигурационного управленияКак мы взломали распределенные системы конфигурационного управления
Как мы взломали распределенные системы конфигурационного управленияPositive Hack Days
 
Configuring apache, php, my sql, ftp, ssl, ip tables phpmyadmin and server mo...
Configuring apache, php, my sql, ftp, ssl, ip tables phpmyadmin and server mo...Configuring apache, php, my sql, ftp, ssl, ip tables phpmyadmin and server mo...
Configuring apache, php, my sql, ftp, ssl, ip tables phpmyadmin and server mo...Chanaka Lasantha
 

Recommended

Setting Up a Cloud Server - Part 2 - Transcript.pdf
Setting Up a Cloud Server - Part 2 - Transcript.pdfSetting Up a Cloud Server - Part 2 - Transcript.pdf
Setting Up a Cloud Server - Part 2 - Transcript.pdfShaiAlmog1
 
Setting Up a Cloud Server - Part 1 - Transcript.pdf
Setting Up a Cloud Server - Part 1 - Transcript.pdfSetting Up a Cloud Server - Part 1 - Transcript.pdf
Setting Up a Cloud Server - Part 1 - Transcript.pdfShaiAlmog1
 
Setting Up a Cloud Server - Part 4.pdf
Setting Up a Cloud Server - Part 4.pdfSetting Up a Cloud Server - Part 4.pdf
Setting Up a Cloud Server - Part 4.pdfShaiAlmog1
 
Learn to Add an SSL Certificate Boost Your Site's Security.pdf
Learn to Add an SSL Certificate Boost Your Site's Security.pdfLearn to Add an SSL Certificate Boost Your Site's Security.pdf
Learn to Add an SSL Certificate Boost Your Site's Security.pdfReliqusConsulting
 
Making Spinnaker Go @ Stitch Fix
Making Spinnaker Go @ Stitch FixMaking Spinnaker Go @ Stitch Fix
Making Spinnaker Go @ Stitch FixDiana Tkachenko
 
Demystfying secure certs
Demystfying secure certsDemystfying secure certs
Demystfying secure certsGary Williams
 
Как мы взломали распределенные системы конфигурационного управления
Как мы взломали распределенные системы конфигурационного управленияКак мы взломали распределенные системы конфигурационного управления
Как мы взломали распределенные системы конфигурационного управленияPositive Hack Days
 
Configuring apache, php, my sql, ftp, ssl, ip tables phpmyadmin and server mo...
Configuring apache, php, my sql, ftp, ssl, ip tables phpmyadmin and server mo...Configuring apache, php, my sql, ftp, ssl, ip tables phpmyadmin and server mo...
Configuring apache, php, my sql, ftp, ssl, ip tables phpmyadmin and server mo...Chanaka Lasantha
 
How To Install and Configure Apache SSL on CentOS 7
How To Install and Configure Apache SSL on CentOS 7How To Install and Configure Apache SSL on CentOS 7
How To Install and Configure Apache SSL on CentOS 7VCP Muthukrishna
 
Setting Up a Cloud Server - Part 3 - Transcript.pdf
Setting Up a Cloud Server - Part 3 - Transcript.pdfSetting Up a Cloud Server - Part 3 - Transcript.pdf
Setting Up a Cloud Server - Part 3 - Transcript.pdfShaiAlmog1
 
FreeBSD and Hardening Web Server
FreeBSD and Hardening Web ServerFreeBSD and Hardening Web Server
FreeBSD and Hardening Web ServerMuhammad Moinur Rahman
 
How to Implement Token Authentication Using the Django REST Framework
How to Implement Token Authentication Using the Django REST FrameworkHow to Implement Token Authentication Using the Django REST Framework
How to Implement Token Authentication Using the Django REST FrameworkKaty Slemon
 
Configuration of Self Signed SSL Certificate For CentOS 8
Configuration of Self Signed SSL Certificate For CentOS 8Configuration of Self Signed SSL Certificate For CentOS 8
Configuration of Self Signed SSL Certificate For CentOS 8Kaan Aslandağ
 
Abusing bleeding edge web standards for appsec glory
Abusing bleeding edge web standards for appsec gloryAbusing bleeding edge web standards for appsec glory
Abusing bleeding edge web standards for appsec gloryPriyanka Aash
 
How To Create a SSL Certificate on Nginx for Ubuntu.pptx
How To Create a SSL Certificate on Nginx for Ubuntu.pptxHow To Create a SSL Certificate on Nginx for Ubuntu.pptx
How To Create a SSL Certificate on Nginx for Ubuntu.pptxVEXXHOST Private Cloud
 
Digital certificates
Digital certificatesDigital certificates
Digital certificatesDouglasPickett
 
Implementation of ssl injava
Implementation of ssl injavaImplementation of ssl injava
Implementation of ssl injavatanujagrawal
 
i212764_CLC_A1_Report.docx.pdf
i212764_CLC_A1_Report.docx.pdfi212764_CLC_A1_Report.docx.pdf
i212764_CLC_A1_Report.docx.pdfAwaisShahid34
 
Serverless in Production, an experience report (cloudXchange)
Serverless in Production, an experience report (cloudXchange)Serverless in Production, an experience report (cloudXchange)
Serverless in Production, an experience report (cloudXchange)Yan Cui
 
AWS Lambda from the trenches
AWS Lambda from the trenchesAWS Lambda from the trenches
AWS Lambda from the trenchesYan Cui
 
320.1-Cryptography
320.1-Cryptography320.1-Cryptography
320.1-Cryptographybehrad eslamifar
 
Adobe Connect on-premise SSL Guide
Adobe Connect on-premise SSL GuideAdobe Connect on-premise SSL Guide
Adobe Connect on-premise SSL GuideRapidSSLOnline.com
 
Apache Web Server
Apache Web ServerApache Web Server
Apache Web Serverwebhostingguy
 
SREcon Europe 2016 - Full-mesh IPsec network at Hosted Graphite
SREcon Europe 2016 - Full-mesh IPsec network at Hosted GraphiteSREcon Europe 2016 - Full-mesh IPsec network at Hosted Graphite
SREcon Europe 2016 - Full-mesh IPsec network at Hosted GraphiteHostedGraphite
 
Serverless in production, an experience report (LNUG)
Serverless in production, an experience report (LNUG)Serverless in production, an experience report (LNUG)
Serverless in production, an experience report (LNUG)Yan Cui
 
Safe peak installation guide version 2.1
Safe peak installation guide version 2.1Safe peak installation guide version 2.1
Safe peak installation guide version 2.1Vladi Vexler
 
CukeUp! 2012: Michael Nacos on Just enough infrastructure for product develop...
CukeUp! 2012: Michael Nacos on Just enough infrastructure for product develop...CukeUp! 2012: Michael Nacos on Just enough infrastructure for product develop...
CukeUp! 2012: Michael Nacos on Just enough infrastructure for product develop...Skills Matter Talks
 
Squid for Load-Balancing & Cache-Proxy ~ A techXpress Guide
Squid for Load-Balancing & Cache-Proxy ~ A techXpress GuideSquid for Load-Balancing & Cache-Proxy ~ A techXpress Guide
Squid for Load-Balancing & Cache-Proxy ~ A techXpress GuideAbhishek Kumar
 
The Duck Teaches Learn to debug from the masters. Local to production- kill ...
The Duck Teaches Learn to debug from the masters. Local to production- kill ...The Duck Teaches Learn to debug from the masters. Local to production- kill ...
The Duck Teaches Learn to debug from the masters. Local to production- kill ...ShaiAlmog1
 
create-netflix-clone-06-client-ui.pdf
create-netflix-clone-06-client-ui.pdfcreate-netflix-clone-06-client-ui.pdf
create-netflix-clone-06-client-ui.pdfShaiAlmog1
 

More Related Content

Similar to Setting Up a Cloud Server - Part 4 - Transcript.pdf

How To Install and Configure Apache SSL on CentOS 7
How To Install and Configure Apache SSL on CentOS 7How To Install and Configure Apache SSL on CentOS 7
How To Install and Configure Apache SSL on CentOS 7VCP Muthukrishna
 
Setting Up a Cloud Server - Part 3 - Transcript.pdf
Setting Up a Cloud Server - Part 3 - Transcript.pdfSetting Up a Cloud Server - Part 3 - Transcript.pdf
Setting Up a Cloud Server - Part 3 - Transcript.pdfShaiAlmog1
 
How to Implement Token Authentication Using the Django REST Framework
How to Implement Token Authentication Using the Django REST FrameworkHow to Implement Token Authentication Using the Django REST Framework
How to Implement Token Authentication Using the Django REST FrameworkKaty Slemon
 
Configuration of Self Signed SSL Certificate For CentOS 8
Configuration of Self Signed SSL Certificate For CentOS 8Configuration of Self Signed SSL Certificate For CentOS 8
Configuration of Self Signed SSL Certificate For CentOS 8Kaan Aslandağ
 
Abusing bleeding edge web standards for appsec glory
Abusing bleeding edge web standards for appsec gloryAbusing bleeding edge web standards for appsec glory
Abusing bleeding edge web standards for appsec gloryPriyanka Aash
 
How To Create a SSL Certificate on Nginx for Ubuntu.pptx
How To Create a SSL Certificate on Nginx for Ubuntu.pptxHow To Create a SSL Certificate on Nginx for Ubuntu.pptx
How To Create a SSL Certificate on Nginx for Ubuntu.pptxVEXXHOST Private Cloud
 
Implementation of ssl injava
Implementation of ssl injavaImplementation of ssl injava
Implementation of ssl injavatanujagrawal
 
i212764_CLC_A1_Report.docx.pdf
i212764_CLC_A1_Report.docx.pdfi212764_CLC_A1_Report.docx.pdf
i212764_CLC_A1_Report.docx.pdfAwaisShahid34
 
Serverless in Production, an experience report (cloudXchange)
Serverless in Production, an experience report (cloudXchange)Serverless in Production, an experience report (cloudXchange)
Serverless in Production, an experience report (cloudXchange)Yan Cui
 
AWS Lambda from the trenches
AWS Lambda from the trenchesAWS Lambda from the trenches
AWS Lambda from the trenchesYan Cui
 
Adobe Connect on-premise SSL Guide
Adobe Connect on-premise SSL GuideAdobe Connect on-premise SSL Guide
Adobe Connect on-premise SSL GuideRapidSSLOnline.com
 
SREcon Europe 2016 - Full-mesh IPsec network at Hosted Graphite
SREcon Europe 2016 - Full-mesh IPsec network at Hosted GraphiteSREcon Europe 2016 - Full-mesh IPsec network at Hosted Graphite
SREcon Europe 2016 - Full-mesh IPsec network at Hosted GraphiteHostedGraphite
 
Serverless in production, an experience report (LNUG)
Serverless in production, an experience report (LNUG)Serverless in production, an experience report (LNUG)
Serverless in production, an experience report (LNUG)Yan Cui
 
Safe peak installation guide version 2.1
Safe peak installation guide version 2.1Safe peak installation guide version 2.1
Safe peak installation guide version 2.1Vladi Vexler
 
CukeUp! 2012: Michael Nacos on Just enough infrastructure for product develop...
CukeUp! 2012: Michael Nacos on Just enough infrastructure for product develop...CukeUp! 2012: Michael Nacos on Just enough infrastructure for product develop...
CukeUp! 2012: Michael Nacos on Just enough infrastructure for product develop...Skills Matter Talks
 
Squid for Load-Balancing & Cache-Proxy ~ A techXpress Guide
Squid for Load-Balancing & Cache-Proxy ~ A techXpress GuideSquid for Load-Balancing & Cache-Proxy ~ A techXpress Guide
Squid for Load-Balancing & Cache-Proxy ~ A techXpress GuideAbhishek Kumar
 

Similar to Setting Up a Cloud Server - Part 4 - Transcript.pdf (20)

How To Install and Configure Apache SSL on CentOS 7
How To Install and Configure Apache SSL on CentOS 7How To Install and Configure Apache SSL on CentOS 7
How To Install and Configure Apache SSL on CentOS 7
 
Setting Up a Cloud Server - Part 3 - Transcript.pdf
Setting Up a Cloud Server - Part 3 - Transcript.pdfSetting Up a Cloud Server - Part 3 - Transcript.pdf
Setting Up a Cloud Server - Part 3 - Transcript.pdf
 
FreeBSD and Hardening Web Server
FreeBSD and Hardening Web ServerFreeBSD and Hardening Web Server
FreeBSD and Hardening Web Server
 
How to Implement Token Authentication Using the Django REST Framework
How to Implement Token Authentication Using the Django REST FrameworkHow to Implement Token Authentication Using the Django REST Framework
How to Implement Token Authentication Using the Django REST Framework
 
Configuration of Self Signed SSL Certificate For CentOS 8
Configuration of Self Signed SSL Certificate For CentOS 8Configuration of Self Signed SSL Certificate For CentOS 8
Configuration of Self Signed SSL Certificate For CentOS 8
 
Abusing bleeding edge web standards for appsec glory
Abusing bleeding edge web standards for appsec gloryAbusing bleeding edge web standards for appsec glory
Abusing bleeding edge web standards for appsec glory
 
How To Create a SSL Certificate on Nginx for Ubuntu.pptx
How To Create a SSL Certificate on Nginx for Ubuntu.pptxHow To Create a SSL Certificate on Nginx for Ubuntu.pptx
How To Create a SSL Certificate on Nginx for Ubuntu.pptx
 
Digital certificates
Digital certificatesDigital certificates
Digital certificates
 
Implementation of ssl injava
Implementation of ssl injavaImplementation of ssl injava
Implementation of ssl injava
 
i212764_CLC_A1_Report.docx.pdf
i212764_CLC_A1_Report.docx.pdfi212764_CLC_A1_Report.docx.pdf
i212764_CLC_A1_Report.docx.pdf
 
Serverless in Production, an experience report (cloudXchange)
Serverless in Production, an experience report (cloudXchange)Serverless in Production, an experience report (cloudXchange)
Serverless in Production, an experience report (cloudXchange)
 
AWS Lambda from the trenches
AWS Lambda from the trenchesAWS Lambda from the trenches
AWS Lambda from the trenches
 
320.1-Cryptography
320.1-Cryptography320.1-Cryptography
320.1-Cryptography
 
Adobe Connect on-premise SSL Guide
Adobe Connect on-premise SSL GuideAdobe Connect on-premise SSL Guide
Adobe Connect on-premise SSL Guide
 
Apache Web Server
Apache Web ServerApache Web Server
Apache Web Server
 
SREcon Europe 2016 - Full-mesh IPsec network at Hosted Graphite
SREcon Europe 2016 - Full-mesh IPsec network at Hosted GraphiteSREcon Europe 2016 - Full-mesh IPsec network at Hosted Graphite
SREcon Europe 2016 - Full-mesh IPsec network at Hosted Graphite
 
Serverless in production, an experience report (LNUG)
Serverless in production, an experience report (LNUG)Serverless in production, an experience report (LNUG)
Serverless in production, an experience report (LNUG)
 
Safe peak installation guide version 2.1
Safe peak installation guide version 2.1Safe peak installation guide version 2.1
Safe peak installation guide version 2.1
 
CukeUp! 2012: Michael Nacos on Just enough infrastructure for product develop...
CukeUp! 2012: Michael Nacos on Just enough infrastructure for product develop...CukeUp! 2012: Michael Nacos on Just enough infrastructure for product develop...
CukeUp! 2012: Michael Nacos on Just enough infrastructure for product develop...
 
Squid for Load-Balancing & Cache-Proxy ~ A techXpress Guide
Squid for Load-Balancing & Cache-Proxy ~ A techXpress GuideSquid for Load-Balancing & Cache-Proxy ~ A techXpress Guide
Squid for Load-Balancing & Cache-Proxy ~ A techXpress Guide
 

More from ShaiAlmog1

The Duck Teaches Learn to debug from the masters. Local to production- kill ...
The Duck Teaches Learn to debug from the masters. Local to production- kill ...The Duck Teaches Learn to debug from the masters. Local to production- kill ...
The Duck Teaches Learn to debug from the masters. Local to production- kill ...ShaiAlmog1
 
create-netflix-clone-06-client-ui.pdf
create-netflix-clone-06-client-ui.pdfcreate-netflix-clone-06-client-ui.pdf
create-netflix-clone-06-client-ui.pdfShaiAlmog1
 
create-netflix-clone-01-introduction_transcript.pdf
create-netflix-clone-01-introduction_transcript.pdfcreate-netflix-clone-01-introduction_transcript.pdf
create-netflix-clone-01-introduction_transcript.pdfShaiAlmog1
 
create-netflix-clone-02-server_transcript.pdf
create-netflix-clone-02-server_transcript.pdfcreate-netflix-clone-02-server_transcript.pdf
create-netflix-clone-02-server_transcript.pdfShaiAlmog1
 
create-netflix-clone-04-server-continued_transcript.pdf
create-netflix-clone-04-server-continued_transcript.pdfcreate-netflix-clone-04-server-continued_transcript.pdf
create-netflix-clone-04-server-continued_transcript.pdfShaiAlmog1
 
create-netflix-clone-01-introduction.pdf
create-netflix-clone-01-introduction.pdfcreate-netflix-clone-01-introduction.pdf
create-netflix-clone-01-introduction.pdfShaiAlmog1
 
create-netflix-clone-06-client-ui_transcript.pdf
create-netflix-clone-06-client-ui_transcript.pdfcreate-netflix-clone-06-client-ui_transcript.pdf
create-netflix-clone-06-client-ui_transcript.pdfShaiAlmog1
 
create-netflix-clone-03-server.pdf
create-netflix-clone-03-server.pdfcreate-netflix-clone-03-server.pdf
create-netflix-clone-03-server.pdfShaiAlmog1
 
create-netflix-clone-04-server-continued.pdf
create-netflix-clone-04-server-continued.pdfcreate-netflix-clone-04-server-continued.pdf
create-netflix-clone-04-server-continued.pdfShaiAlmog1
 
create-netflix-clone-05-client-model_transcript.pdf
create-netflix-clone-05-client-model_transcript.pdfcreate-netflix-clone-05-client-model_transcript.pdf
create-netflix-clone-05-client-model_transcript.pdfShaiAlmog1
 
create-netflix-clone-03-server_transcript.pdf
create-netflix-clone-03-server_transcript.pdfcreate-netflix-clone-03-server_transcript.pdf
create-netflix-clone-03-server_transcript.pdfShaiAlmog1
 
create-netflix-clone-02-server.pdf
create-netflix-clone-02-server.pdfcreate-netflix-clone-02-server.pdf
create-netflix-clone-02-server.pdfShaiAlmog1
 
create-netflix-clone-05-client-model.pdf
create-netflix-clone-05-client-model.pdfcreate-netflix-clone-05-client-model.pdf
create-netflix-clone-05-client-model.pdfShaiAlmog1
 
Creating a Whatsapp Clone - Part II.pdf
Creating a Whatsapp Clone - Part II.pdfCreating a Whatsapp Clone - Part II.pdf
Creating a Whatsapp Clone - Part II.pdfShaiAlmog1
 
Creating a Whatsapp Clone - Part IX - Transcript.pdf
Creating a Whatsapp Clone - Part IX - Transcript.pdfCreating a Whatsapp Clone - Part IX - Transcript.pdf
Creating a Whatsapp Clone - Part IX - Transcript.pdfShaiAlmog1
 
Creating a Whatsapp Clone - Part II - Transcript.pdf
Creating a Whatsapp Clone - Part II - Transcript.pdfCreating a Whatsapp Clone - Part II - Transcript.pdf
Creating a Whatsapp Clone - Part II - Transcript.pdfShaiAlmog1
 
Creating a Whatsapp Clone - Part V - Transcript.pdf
Creating a Whatsapp Clone - Part V - Transcript.pdfCreating a Whatsapp Clone - Part V - Transcript.pdf
Creating a Whatsapp Clone - Part V - Transcript.pdfShaiAlmog1
 
Creating a Whatsapp Clone - Part IV - Transcript.pdf
Creating a Whatsapp Clone - Part IV - Transcript.pdfCreating a Whatsapp Clone - Part IV - Transcript.pdf
Creating a Whatsapp Clone - Part IV - Transcript.pdfShaiAlmog1
 
Creating a Whatsapp Clone - Part IV.pdf
Creating a Whatsapp Clone - Part IV.pdfCreating a Whatsapp Clone - Part IV.pdf
Creating a Whatsapp Clone - Part IV.pdfShaiAlmog1
 
Creating a Whatsapp Clone - Part I - Transcript.pdf
Creating a Whatsapp Clone - Part I - Transcript.pdfCreating a Whatsapp Clone - Part I - Transcript.pdf
Creating a Whatsapp Clone - Part I - Transcript.pdfShaiAlmog1
 

More from ShaiAlmog1 (20)

The Duck Teaches Learn to debug from the masters. Local to production- kill ...
The Duck Teaches Learn to debug from the masters. Local to production- kill ...The Duck Teaches Learn to debug from the masters. Local to production- kill ...
The Duck Teaches Learn to debug from the masters. Local to production- kill ...
 
create-netflix-clone-06-client-ui.pdf
create-netflix-clone-06-client-ui.pdfcreate-netflix-clone-06-client-ui.pdf
create-netflix-clone-06-client-ui.pdf
 
create-netflix-clone-01-introduction_transcript.pdf
create-netflix-clone-01-introduction_transcript.pdfcreate-netflix-clone-01-introduction_transcript.pdf
create-netflix-clone-01-introduction_transcript.pdf
 
create-netflix-clone-02-server_transcript.pdf
create-netflix-clone-02-server_transcript.pdfcreate-netflix-clone-02-server_transcript.pdf
create-netflix-clone-02-server_transcript.pdf
 
create-netflix-clone-04-server-continued_transcript.pdf
create-netflix-clone-04-server-continued_transcript.pdfcreate-netflix-clone-04-server-continued_transcript.pdf
create-netflix-clone-04-server-continued_transcript.pdf
 
create-netflix-clone-01-introduction.pdf
create-netflix-clone-01-introduction.pdfcreate-netflix-clone-01-introduction.pdf
create-netflix-clone-01-introduction.pdf
 
create-netflix-clone-06-client-ui_transcript.pdf
create-netflix-clone-06-client-ui_transcript.pdfcreate-netflix-clone-06-client-ui_transcript.pdf
create-netflix-clone-06-client-ui_transcript.pdf
 
create-netflix-clone-03-server.pdf
create-netflix-clone-03-server.pdfcreate-netflix-clone-03-server.pdf
create-netflix-clone-03-server.pdf
 
create-netflix-clone-04-server-continued.pdf
create-netflix-clone-04-server-continued.pdfcreate-netflix-clone-04-server-continued.pdf
create-netflix-clone-04-server-continued.pdf
 
create-netflix-clone-05-client-model_transcript.pdf
create-netflix-clone-05-client-model_transcript.pdfcreate-netflix-clone-05-client-model_transcript.pdf
create-netflix-clone-05-client-model_transcript.pdf
 
create-netflix-clone-03-server_transcript.pdf
create-netflix-clone-03-server_transcript.pdfcreate-netflix-clone-03-server_transcript.pdf
create-netflix-clone-03-server_transcript.pdf
 
create-netflix-clone-02-server.pdf
create-netflix-clone-02-server.pdfcreate-netflix-clone-02-server.pdf
create-netflix-clone-02-server.pdf
 
create-netflix-clone-05-client-model.pdf
create-netflix-clone-05-client-model.pdfcreate-netflix-clone-05-client-model.pdf
create-netflix-clone-05-client-model.pdf
 
Creating a Whatsapp Clone - Part II.pdf
Creating a Whatsapp Clone - Part II.pdfCreating a Whatsapp Clone - Part II.pdf
Creating a Whatsapp Clone - Part II.pdf
 
Creating a Whatsapp Clone - Part IX - Transcript.pdf
Creating a Whatsapp Clone - Part IX - Transcript.pdfCreating a Whatsapp Clone - Part IX - Transcript.pdf
Creating a Whatsapp Clone - Part IX - Transcript.pdf
 
Creating a Whatsapp Clone - Part II - Transcript.pdf
Creating a Whatsapp Clone - Part II - Transcript.pdfCreating a Whatsapp Clone - Part II - Transcript.pdf
Creating a Whatsapp Clone - Part II - Transcript.pdf
 
Creating a Whatsapp Clone - Part V - Transcript.pdf
Creating a Whatsapp Clone - Part V - Transcript.pdfCreating a Whatsapp Clone - Part V - Transcript.pdf
Creating a Whatsapp Clone - Part V - Transcript.pdf
 
Creating a Whatsapp Clone - Part IV - Transcript.pdf
Creating a Whatsapp Clone - Part IV - Transcript.pdfCreating a Whatsapp Clone - Part IV - Transcript.pdf
Creating a Whatsapp Clone - Part IV - Transcript.pdf
 
Creating a Whatsapp Clone - Part IV.pdf
Creating a Whatsapp Clone - Part IV.pdfCreating a Whatsapp Clone - Part IV.pdf
Creating a Whatsapp Clone - Part IV.pdf
 
Creating a Whatsapp Clone - Part I - Transcript.pdf
Creating a Whatsapp Clone - Part I - Transcript.pdfCreating a Whatsapp Clone - Part I - Transcript.pdf
Creating a Whatsapp Clone - Part I - Transcript.pdf
 

Recently uploaded

Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 

Recently uploaded (20)

Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 

Setting Up a Cloud Server - Part 4 - Transcript.pdf

  • 1. Setting up a Cloud Server - Part IV Now comes the world of pain, SSL support. This is actually not too horrible usually but I chose to go with the free lets encrypt option. That might have been a mistake in retrospect
  • 2. server.port: 8443 security.require-ssl=true server.ssl.key-store:/home/builder/keystore.p12 server.ssl.key-store-password: password server.ssl.keyStoreType: PKCS12 server.ssl.keyAlias: tomcat application.properties ✦ We configure the path to the keystore, notice that setting this will break running locally so you might want to comment this out © Codename One 2017 all rights reserved In the IDE on our development machine lets open the application.properties and set several important variables. Notice that I will need to comment out these values when running locally since I can’t get SSL when running locally. The server must use SSL for everything as iOS won’t allow regular HTTP connections To do this I’ll define the server port to 8443 and require SSL. The next few lines point at the keystore file, password and alias. We’ll configure all of these values soon
  • 3. scp ~/dev/AppBackendServer/target/ AppBackendServer-0.0.1-SNAPSHOT.jar builder@ip.of.remote.server:/home/builder From Desktop ✦ Copy the updated app to the server © Codename One 2017 all rights reserved I’ll need to redeploy the updated server with SSL setting by copying it to the server
  • 4. $mv AppBackendServer-0.0.1-SNAPSHOT.jar AppBackendServer.jar Commands ✦ Replace the previous server version © Codename One 2017 all rights reserved And obviously I’ll need to do this line again too to move the uploaded file to replace the existing backend server.
  • 5. DNS © Codename One 2017 all rights reserved build.majimob.com First we need to setup DNS for the server, assuming you already registered a domain setting the “A Record” to point at the ip address of your server gives it a name. You can’t apply https to an ip address and it’s not a good idea in the long run as it might pose a problem with scaling or migrating.
  • 6. Lets Encrypt ✦ Normally certificate authorities work by verifying who you are via phone, Duns Number etc. ✦ Lets encrypt allows anyone to prove they own a domain and get a 90 day certificate ✦ 90 Days is painfully short but since the process is automated & free the assumption is you won’t notice ✦ JDK 8u101 added Lets Encrypt, if you have an older version you will need to upgrade or you will get an exception… © Codename One 2017 all rights reserved Lets for a second stop and explain how HTTPS works. The server sends a certificate which verifies the identity of the server (e.g. this really is build.majimob.com) and to prove that certificate it is signed by a “signing authority”. This signing authority is a company we trust to verify that identity. In the past signing authorities literally looked you up thru DUNS numbers which is a horrible thing I don’t want to go into right now. That way they could verify your identity. Lets encrypt was formed to allow everyone to get a valid SSL certificate for free. It does that by automating the process completely and the trick is composed of two pieces. The first is an application you run on your server to verify that this is the right server, the second trick is the short lifetime of a certificate. Only 90 days. Even if an exploit exists it will expire in 90 days naturally. Normally certificates last a year or two and it’s really painful to replace them. The 90 day time is horribly short and the reason it’s so short is so we would be forced to automate the process completely. That means our server should request a new certificate on its own without any action from us. That’s actually pretty cool, it would mean the certificate will always be renewed and current without any work from us once we do the actual work. One caveat for Java developers is this. In order to recognize a certificate authority the root certificate should be embedded into browsers and the JDK itself. Most devices/browsers etc. already recognize lets encrypt but the JDK only added it in update 8u101 which is pretty late in the game. That might mean you will need to update your JDK to access the secure site.
  • 7. Lets Encrypt - On Spring Boot ✦ Sucks… ✦ Spring Boot makes a lot of things seamless but doesn’t do it for Lets Encrypt ✦ This might change in the future but this is what I had to do to get it to work… © Codename One 2017 all rights reserved So lets get this off the bat. I really regretted picking lets encrypt as I worked thru the process. It sucks on spring boot. The automation doesn’t work out of the box and I needed to do so much wizardry it’s amazing… I don’t understand why the guys at Spring or Tomcat didn’t implement builtin support for this out of the box. I hope they will add it in an update but I haven’t seen anything so far, I seriously hope the rest of this module becomes out of date.
  • 8. #yum install epel-release Commands ✦ Install additional 3rd party repository for packages © Codename One 2017 all rights reserved We start by installing some packages required by lets encrypt, this is pretty much the instructions you can find online to do that. This isn’t a smooth experience in part because of the newness of lets encrypt. The first thing we install isn’t so much a thing as it is a 3rd party repository to look in for additional packages
  • 9. #yum -y install yum-utils Commands ✦ Install additional utilities to fetch lets encrypt tool © Codename One 2017 all rights reserved Next we install some utilities that allow us use the config manager in the next step
  • 10. #yum-config-manager --enable rhui- REGION-rhel-server-extras rhui-REGION- rhel-server-optional Commands ✦ Setup configuration for additional region required by lets encrypt © Codename One 2017 all rights reserved I honestly have no idea why the hell this is needed, but it’s part of the setup instructions so I went along with it
  • 11. #yum install certbot Commands ✦ The lets encrypt command line tool to fetch the certificates © Codename One 2017 all rights reserved The certbot is a command line tool that allows us to renew certificates automatically. Certificate Robot - got it…
  • 12. #service AppBackendServer stop Commands ✦ We run lets encrypt in sever mode so it opens it’s own server. We need to stop our server so it can bind to the ports © Codename One 2017 all rights reserved We need to stop the server if it’s running. The reason for this is clear when we understand how lets encrypt works. It can integrate with some servers but not with spring boot. So the alternative is to let it spin its own server on port 443 which we would normally need. So we need to shut down the server while we renew the certificate.
  • 13. #certbot certonly --standalone -d build.majimob.com -d build.majimob.com --tls-sni-01-port 8443 --http-01-port 8080 Commands ✦ Runs a server and verifies your domain against lets encrypt then generates the certificate into place ✦ Replace build.majimob.com with your domain ✦ Notice the ports argument so it will work with the IP Tables change © Codename One 2017 all rights reserved Now that the server is off we can launch the certbot command which fetches a certificate from the lets encrypt service automatically. The command includes several arguments so lets review the important ones. —standalone means we’ll be using the standalone server and can’t use integrations to one of the existing supported servers. -d passed the domain name that we want the certificate for which needs to be the same one associated with the DNS from before. The next two arguments represent the actual ports used for the servers. Notice that port 80 and 443 will be used internally but since we redirect those to different local ports with the iptables setting we need to indicate the real local ports to use. 
 Running this one command should generate the certificate but it doesn’t end there…
  • 14. openssl pkcs12 -export -in /etc/letsencrypt/live/ build.majimob.com/fullchain.pem -inkey /etc/ letsencrypt/live/build.majimob.com/privkey.pem -out /home/builder/keystore.p12 -name tomcat -CAfile 
 /etc/letsencrypt/live/build.majimob.com/chain.pem
 -caname root Commands ✦ Converts the certificate to the keystore format used by Java ✦ Notice the paths include the majimob domain so you will need to fix those… © Codename One 2017 all rights reserved This is another big obtuse command. Lets encrypt generates a certificate and saves it using a pem format which we can’t use from Java. We can use this openssl command to convert the pem file saved in the /etc/letsencrypt directory to the keystore format we need.
  • 15. #chown builder /home/builder/keystore.p12 Commands ✦ The file was created under root, we need to change it’s ownership to the right user © Codename One 2017 all rights reserved We ran that command as root so I’m using the chown command to change the ownership of the file from root to builder. This is generally good practice for files within the user directory. It would have probably been a better idea to just run the openssl command as builder
  • 16. #service AppBackendServer start Commands ✦ Server can go back up, https should work now for your domain! © Codename One 2017 all rights reserved Now that this is done I can relaunch the backend server and https should work as expected. But there is still one thing missing