jhipster - Spring Boot with Embedded Undertow behind AWS ELB - HTTP to HTTPS redirect

Question

I'm running a Spring boot (Jhipster/Undertow) application on port 8080 on an AWS EC2 instance.

I have an AWS ELB configured to redirect

 80 -> 8080
 443 (SSL termination happens here) -> 8080

The application uses Spring Security and if you user arrives to http://example.com I want it to redirect to https://example.com, to use SSL.

I have found various examples of configuring this in Tomcat but none using Undertow.

I have tried this, with a second port 8089, and it does redirect as required, but this causes port 8080 to also redirects which I don't want.

80 -> 8089
443 (SSL termination happens here) -> 8080

@Bean
public EmbeddedServletContainerFactory undertow() {

    UndertowEmbeddedServletContainerFactory undertow = new UndertowEmbeddedServletContainerFactory();
    undertow.addBuilderCustomizers(builder -> builder.addHttpListener(8089, "0.0.0.0"));
    undertow.addDeploymentInfoCustomizers(deploymentInfo -> {
        deploymentInfo.addSecurityConstraint(new SecurityConstraint()
                .addWebResourceCollection(new WebResourceCollection()
                        .addUrlPattern("/*"))
                .setTransportGuaranteeType(TransportGuaranteeType.CONFIDENTIAL)
                .setEmptyRoleSemantic(SecurityInfo.EmptyRoleSemantic.PERMIT))
                .setConfidentialPortManager(exchange -> 443);
    });
    return undertow;
}

How can I configure Undertow to achieve this?

Answer 1

This worked for me when I had the same problem:

Expose the port 80 from jhipster (you can change it in the application-prod.yml).

Amazon ELB when redirecting from http to https adds some headers, which you should address in the same file:

server: use-forward-headers: true port: 80

Also, you need to enforce the https from jhipster: https://jhipster.github.io/tips/007_tips_enforce_https.html