Skip to main content

jEAP Spring Boot TLS Starter

jEAP Spring Boot TLS Starter is a Spring Boot starter that enables TLS on the embedded web server of a jEAP service simply by being on the classpath. At application start-up it generates a self-signed key/certificate pair on the fly, wires it into Spring Boot via an SSL bundle, and enables HTTP/2. It is intended for use cases where already-authenticated traffic must additionally be encrypted, for example between an AWS Application Load Balancer (ALB) and its targets. It provides:

  • TLS activation on the embedded web server with no application code changes
  • A self-signed certificate created at start-up (no externally provided certificate needed)
  • Automatic HTTP/2 support once TLS is enabled
  • A small set of jeap.web.tls.* properties to tune hostname, validity and enablement
  • The option to keep actuator endpoints reachable without TLS on a separate port

Documentation

Start with Getting started, then follow the links below.

TopicFile
Getting started (add the dependency, run over HTTPS)docs/getting-started.md
Configuration reference (jeap.web.tls.*)docs/configuration.md
How it works (environment post-processor, SSL bundle)docs/how-it-works.md
Actuator endpoints without TLSdocs/actuator-endpoints.md

Modules

Group id for all modules is ch.admin.bit.jeap; the version is managed by the jEAP Spring Boot parent. Consumers depend on jeap-spring-boot-tls-starter.

ModulePurpose
jeap-spring-boot-tls-starterThe starter: TLS environment post-processor, self-signed certificate factory
jeap-spring-boot-tls-starter-it-webmvcIntegration tests verifying TLS on the Spring MVC web stack