Stirling-PDF icon indicating copy to clipboard operation
Stirling-PDF copied to clipboard

Published 20 hours ago verified publisher icon Stirling-Tools

[Feature Request] use https (SSL) to secure web application

Open levinhao opened this issue 1 year ago • 2 comments

Currently from the documentation, cannot find any feature description to enable https to the web application. Suggest to add feature to enable SSL in settings.yaml to direct enable SSL to the whole site. Or is there any possible way to enable SSL for the time being ?

levinhao avatar Oct 16 '23 03:10 levinhao

Just setup a reverse proxy (example: apache2 or nginx) on your host machine and pass the traffic from 443/TCP to 8080/TCP.

Recommendation: Create a certificate from local CA (example: easy-rsa), instead of a self-signed certificate or use LE (Lets-Encrypt) if you don't want to import the RootCA to each device.

HeyWatchOutDude avatar Oct 16 '23 19:10 HeyWatchOutDude

Hello @levinhao you can add those lines in settings.yml to have https :

local:
  server:
    port: 443
server:
  port: 443
  ssl:
    key-store: /certs/my-cert.p12
    key-store-password: ${my-cert-password}

Working fine with a p12 certificate. If you have pem files, you can find command lines to convert, something like :

openssl pkcs12 -export -inkey my-key.key -in my-cert.pem -out my-cert.p12 -password pass:${my-cert-password}

PheelTi avatar Dec 03 '23 13:12 PheelTi

Closed with above answer, thanks!

Frooodle avatar Jan 04 '24 17:01 Frooodle

see error when I start latest docker..... The pk12 file was generated from an already IN USE production PEM file via

openssl pkcs12 -export -inkey siteprivate.key -in site.crt -out liberation.p12 -password pass:${secret}

Help :)

03:39:42.200 [main] ERROR o.s.boot.SpringApplication - Application run failed org.springframework.context.ApplicationContextException: Unable to start web server at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.onRefresh(ServletWebServerApplicationContext.java:165) at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:618) at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.refresh(ServletWebServerApplicationContext.java:146) at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:754) at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:456) at org.springframework.boot.SpringApplication.run(SpringApplication.java:334) at stirling.software.SPDF.SPdfApplication.main(SPdfApplication.java:58) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:568) at org.springframework.boot.loader.launch.Launcher.launch(Launcher.java:91) at org.springframework.boot.loader.launch.Launcher.launch(Launcher.java:53) at org.springframework.boot.loader.launch.JarLauncher.main(JarLauncher.java:58) Caused by: java.lang.IllegalStateException: Unable to create key store: Could not load store from '/etc/ssl/wildcard/liberation.p12' at org.springframework.boot.ssl.jks.JksSslStoreBundle.createKeyStore(JksSslStoreBundle.java:94) at org.springframework.boot.ssl.jks.JksSslStoreBundle.(JksSslStoreBundle.java:57) at org.springframework.boot.web.server.WebServerSslBundle.createJksKeyStoreBundle(WebServerSslBundle.java:90) at org.springframework.boot.web.server.WebServerSslBundle.createKeyStore(WebServerSslBundle.java:189) at org.springframework.boot.web.server.WebServerSslBundle.createStoreBundle(WebServerSslBundle.java:179) at org.springframework.boot.web.server.WebServerSslBundle.get(WebServerSslBundle.java:174) at org.springframework.boot.web.server.AbstractConfigurableWebServerFactory.getSslBundle(AbstractConfigurableWebServerFactory.java:225) at org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory.customizeSsl(TomcatServletWebServerFactory.java:373) at org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory.customizeConnector(TomcatServletWebServerFactory.java:349) at org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory.getWebServer(TomcatServletWebServerFactory.java:210) at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.createWebServer(ServletWebServerApplicationContext.java:188) at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.onRefresh(ServletWebServerApplicationContext.java:162) ... 13 common frames omitted Caused by: java.lang.IllegalStateException: Could not load store from '/etc/ssl/wildcard/liberation.p12' at org.springframework.boot.ssl.jks.JksSslStoreBundle.loadKeyStore(JksSslStoreBundle.java:123) at org.springframework.boot.ssl.jks.JksSslStoreBundle.createKeyStore(JksSslStoreBundle.java:89) ... 24 common frames omitted Caused by: java.io.FileNotFoundException: /etc/ssl/wildcard/liberation.p12 (No such file or directory) at java.base/java.io.FileInputStream.open0(Native Method) at java.base/java.io.FileInputStream.open(FileInputStream.java:216) at java.base/java.io.FileInputStream.(FileInputStream.java:157) at java.base/java.io.FileInputStream.(FileInputStream.java:111) at java.base/sun.net.www.protocol.file.FileURLConnection.connect(FileURLConnection.java:86) at java.base/sun.net.www.protocol.file.FileURLConnection.getInputStream(FileURLConnection.java:189) at java.base/java.net.URL.openStream(URL.java:1161) at org.springframework.boot.ssl.jks.JksSslStoreBundle.loadKeyStore(JksSslStoreBundle.java:118) ... 25 common frames omitted

local: server: port: 5443 server: port: 5443 ssl: key-store: /etc/ssl/wildcard/liberation.p12 key-store-password: ${secret} AutomaticallyGenerated: key: xxxxxxxxxxx

ivanbishop avatar Mar 06 '24 03:03 ivanbishop

see error when I start latest docker..... The pk12 file was generated from an already IN USE production PEM file via

openssl pkcs12 -export -inkey siteprivate.key -in site.crt -out liberation.p12 -password pass:${secret}

Help :)

03:39:42.200 [main] ERROR o.s.boot.SpringApplication - Application run failed org.springframework.context.ApplicationContextException: Unable to start web server at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.onRefresh(ServletWebServerApplicationContext.java:165) at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:618) at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.refresh(ServletWebServerApplicationContext.java:146) at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:754) at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:456) at org.springframework.boot.SpringApplication.run(SpringApplication.java:334) at stirling.software.SPDF.SPdfApplication.main(SPdfApplication.java:58) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:568) at org.springframework.boot.loader.launch.Launcher.launch(Launcher.java:91) at org.springframework.boot.loader.launch.Launcher.launch(Launcher.java:53) at org.springframework.boot.loader.launch.JarLauncher.main(JarLauncher.java:58) Caused by: java.lang.IllegalStateException: Unable to create key store: Could not load store from '/etc/ssl/wildcard/liberation.p12' at org.springframework.boot.ssl.jks.JksSslStoreBundle.createKeyStore(JksSslStoreBundle.java:94) at org.springframework.boot.ssl.jks.JksSslStoreBundle.(JksSslStoreBundle.java:57) at org.springframework.boot.web.server.WebServerSslBundle.createJksKeyStoreBundle(WebServerSslBundle.java:90) at org.springframework.boot.web.server.WebServerSslBundle.createKeyStore(WebServerSslBundle.java:189) at org.springframework.boot.web.server.WebServerSslBundle.createStoreBundle(WebServerSslBundle.java:179) at org.springframework.boot.web.server.WebServerSslBundle.get(WebServerSslBundle.java:174) at org.springframework.boot.web.server.AbstractConfigurableWebServerFactory.getSslBundle(AbstractConfigurableWebServerFactory.java:225) at org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory.customizeSsl(TomcatServletWebServerFactory.java:373) at org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory.customizeConnector(TomcatServletWebServerFactory.java:349) at org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory.getWebServer(TomcatServletWebServerFactory.java:210) at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.createWebServer(ServletWebServerApplicationContext.java:188) at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.onRefresh(ServletWebServerApplicationContext.java:162) ... 13 common frames omitted Caused by: java.lang.IllegalStateException: Could not load store from '/etc/ssl/wildcard/liberation.p12' at org.springframework.boot.ssl.jks.JksSslStoreBundle.loadKeyStore(JksSslStoreBundle.java:123) at org.springframework.boot.ssl.jks.JksSslStoreBundle.createKeyStore(JksSslStoreBundle.java:89) ... 24 common frames omitted Caused by: java.io.FileNotFoundException: /etc/ssl/wildcard/liberation.p12 (No such file or directory) at java.base/java.io.FileInputStream.open0(Native Method) at java.base/java.io.FileInputStream.open(FileInputStream.java:216) at java.base/java.io.FileInputStream.(FileInputStream.java:157) at java.base/java.io.FileInputStream.(FileInputStream.java:111) at java.base/sun.net.www.protocol.file.FileURLConnection.connect(FileURLConnection.java:86) at java.base/sun.net.www.protocol.file.FileURLConnection.getInputStream(FileURLConnection.java:189) at java.base/java.net.URL.openStream(URL.java:1161) at org.springframework.boot.ssl.jks.JksSslStoreBundle.loadKeyStore(JksSslStoreBundle.java:118) ... 25 common frames omitted

local: server: port: 5443 server: port: 5443 ssl: key-store: /etc/ssl/wildcard/liberation.p12 key-store-password: ${secret} AutomaticallyGenerated: key: xxxxxxxxxxx

What docker tag label?

Frooodle avatar Mar 06 '24 07:03 Frooodle

EXAMPLE HTTPS and AUTH:

docker-compose:

version: '3.3'
services:
  stirling-pdf:
    image: frooodle/s-pdf:latest
    ports:
      - '4443:4443'
    environment:
      - DOCKER_ENABLE_SECURITY=true
      - SECURITY_INITIALLOGIN_USERNAME=admin
      - SECURITY_INITIALLOGIN_PASSWORD=admin
    volumes:
      - /location/of/trainingData:/usr/share/tesseract-ocr/5/tessdata #Required for extra OCR languages
      - /location/of/extraConfigs:/configs
#      - /location/of/customFiles:/customFiles/
#      - /location/of/logs:/logs/
      - /etc/certbot/example.com/cert/fullchain.pem:/configs/fullchain.pem
      - /etc/certbot/example.com/cert/privkey.pem:/configs/privkey.pem
    restart: unless-stopped

add to settings.yaml:

server:
  port: 4443
  ssl:
    certificate: /configs/fullchain.pem
    certificate-private-key: /configs/privkey.pem
#    trust-certificate: /path/ca-cert.crt

Restart container

butaford avatar Mar 25 '24 09:03 butaford

HTTPS works on standalone version with PEM key and certificate with this settings in file /opt/Stirling-PDF/configs/custom_settings.yml

server:
  port: 443
  ssl:
    certificate: /opt/Stirling-PDF/configs/fullchain.pem
    certificate-private-key: /opt/Stirling-PDF/configs/privkey.pem

STREKOZZEL avatar May 13 '24 15:05 STREKOZZEL