celina의 이것저것

스프링부트 http에서 https로 변경 포트매핑, let's encrypt SSL 인증서 발급 본문

9oormthonUNIV/[kakao x goorm] 구름톤 유니브 단풍톤

스프링부트 http에서 https로 변경 포트매핑, let's encrypt SSL 인증서 발급

celinayk 2024. 11. 26. 22:46
반응형

상황설명: 웹 서버가 기존에 HTTP인데 이걸 HTTPS로 변경하려고 하다가 에러가 발생했다.

 

<현재 환경세팅 관련>
**도메인을 route 53에서 샀는데 이 도메인을 내 서버 ip랑 미리 연결해놨다**

왜냐하면 Certbot을 사용하여 Let's Encrypt 인증서를 발급받으려면 도메인이 EC2 서버에 연결되어 있어야 한다.  Certbot은 도메인의 소유권을 확인하기 위해 도메인으로 요청을 보낸 후 해당 요청을 처리할 수 있어야 하기 때문!!

 

** Nginx를 사용하지 않고, 스프링 부트 자체적으로 HTTPS를 처리하도록 설정할것이다

 

 

 

우선 내가 HTTPS로 변경하기 위해 한것!

1. EC2에 Certbot 설치:
2. 인증서 발급 sudo certbot certonly --standalone -d api.우리서버도메인.com
3. openssl 명령어를 사용해 .p12 Keystore 파일 생성
4. Keystore 비밀번호를 설정함

sudo openssl pkcs12 -export \
  -in /etc/letsencrypt/live/api.우리서버도메인.com/fullchain.pem \
  -inkey /etc/letsencrypt/live/api.우리서버도메인.com/privkey.pem \
  -out /etc/letsencrypt/live/api.우리서버도메인.com/keystore.p12 \
  -name tomcat \
  -passout pass:your_keystore_password
ubuntu@ip-ip주소:~$ sudo ls -l /etc/letsencrypt/live/api.우리서버도메인.com/keystore.p12
-rw------- 1 root root 2781 Nov 23 13:17 /etc/letsencrypt/live/api.우리서버도메인.com/keystore.p12

 

이렇게 키스토어 파일을 생성했다.

 

5. Spring Boot 애플리케이션에서 HTTPS를 활성화하기 위해 application.properties를 수정

server.port=443
server.ssl.enabled=true
server.ssl.key-store=/etc/letsencrypt/live/api.우리서버도메인.com/keystore.p12
server.ssl.key-store-password=${keystore-password}
server.ssl.key-store-type=PKCS12

 

이렇게 properties파일을 수정했다. 참고로 키스토어 비밀번호는 파라미터 스토어를 사용하고 있어서 여기에 올려놨다!

 

 

그리고 https로 서버를 실행해보았는데 에러가 발생했다.

ubuntu@ip-172-31-5-199:~$ docker logs munhwahansang_server

  .   ____          _            __ _ _
 /\\ / ___'_ __ _ _(_)_ __  __ _ \ \ \ \
( ( )\___ | '_ | '_| | '_ \/ _ | \ \ \ \
 \\/  ___)| |_)| | | | | || (_| |  ) ) ) )
  '  |____| .__|_| |_|_| |_\__, | / / / /
 =========|_|==============|___/=/_/_/_/

 :: Spring Boot ::                (v3.3.5)

2024-11-23T13:31:21.859Z  INFO 1 --- [back] [           main] com.munhwahansang.back.BackApplication   : Starting BackApplication v0.0.1-SNAPSHOT using Java 17.0.2 with PID 1 (/app.jar started by root in /)
2024-11-23T13:31:21.864Z  INFO 1 --- [back] [           main] com.munhwahansang.back.BackApplication   : No active profile set, falling back to 1 default profile: "default"
2024-11-23T13:31:21.985Z  INFO 1 --- [back] [           main] .a.c.a.c.p.ParameterStorePropertySources : Loading property from AWS Parameter Store with name: /SpringBoot/prod/, optional: false
2024-11-23T13:31:23.991Z  INFO 1 --- [back] [           main] .s.d.r.c.RepositoryConfigurationDelegate : Bootstrapping Spring Data JPA repositories in DEFAULT mode.
2024-11-23T13:31:24.238Z  INFO 1 --- [back] [           main] .s.d.r.c.RepositoryConfigurationDelegate : Finished Spring Data repository scanning in 220 ms. Found 6 JPA repository interfaces.
2024-11-23T13:31:25.148Z  WARN 1 --- [back] [           main] trationDelegate$BeanPostProcessorChecker : Bean 'org.springframework.ws.config.annotation.DelegatingWsConfiguration' of type [org.springframework.ws.config.annotation.DelegatingWsConfiguration$$SpringCGLIB$$0] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying). The currently created BeanPostProcessor [annotationActionEndpointMapping] is declared through a non-static factory method on that class; consider declaring it as static instead.
2024-11-23T13:31:25.256Z  INFO 1 --- [back] [           main] .w.s.a.s.AnnotationActionEndpointMapping : Supporting [WS-Addressing August 2004, WS-Addressing 1.0]
2024-11-23T13:31:26.052Z  INFO 1 --- [back] [           main] o.s.b.w.embedded.tomcat.TomcatWebServer  : Tomcat initialized with port 8080 (http)
2024-11-23T13:31:26.086Z  INFO 1 --- [back] [           main] o.apache.catalina.core.StandardService   : Starting service [Tomcat]
2024-11-23T13:31:26.087Z  INFO 1 --- [back] [           main] o.apache.catalina.core.StandardEngine    : Starting Servlet engine: [Apache Tomcat/10.1.31]
2024-11-23T13:31:26.314Z  INFO 1 --- [back] [           main] o.a.c.c.C.[Tomcat].[localhost].[/]       : Initializing Spring embedded WebApplicationContext
2024-11-23T13:31:26.317Z  INFO 1 --- [back] [           main] w.s.c.ServletWebServerApplicationContext : Root WebApplicationContext: initialization completed in 4325 ms
2024-11-23T13:31:27.321Z  INFO 1 --- [back] [           main] o.hibernate.jpa.internal.util.LogHelper  : HHH000204: Processing PersistenceUnitInfo [name: default]
2024-11-23T13:31:27.505Z  INFO 1 --- [back] [           main] org.hibernate.Version                    : HHH000412: Hibernate ORM core version 6.5.3.Final
2024-11-23T13:31:27.612Z  INFO 1 --- [back] [           main] o.h.c.internal.RegionFactoryInitiator    : HHH000026: Second-level cache disabled
2024-11-23T13:31:28.503Z  INFO 1 --- [back] [           main] o.s.o.j.p.SpringPersistenceUnitInfo      : No LoadTimeWeaver setup: ignoring JPA class transformer
2024-11-23T13:31:28.590Z  INFO 1 --- [back] [           main] com.zaxxer.hikari.HikariDataSource       : HikariPool-1 - Starting...
2024-11-23T13:31:29.118Z  INFO 1 --- [back] [           main] com.zaxxer.hikari.pool.HikariPool        : HikariPool-1 - Added connection com.mysql.cj.jdbc.ConnectionImpl@72b6fa98
2024-11-23T13:31:29.125Z  INFO 1 --- [back] [           main] com.zaxxer.hikari.HikariDataSource       : HikariPool-1 - Start completed.
2024-11-23T13:31:29.212Z  WARN 1 --- [back] [           main] org.hibernate.orm.deprecation            : HHH90000025: MySQL8Dialect does not need to be specified explicitly using 'hibernate.dialect' (remove the property setting and it will be selected by default)
2024-11-23T13:31:29.215Z  WARN 1 --- [back] [           main] org.hibernate.orm.deprecation            : HHH90000026: MySQL8Dialect has been deprecated; use org.hibernate.dialect.MySQLDialect instead
2024-11-23T13:31:32.637Z  INFO 1 --- [back] [           main] o.h.e.t.j.p.i.JtaPlatformInitiator       : HHH000489: No JTA platform available (set 'hibernate.transaction.jta.platform' to enable JTA platform integration)
2024-11-23T13:31:32.648Z  INFO 1 --- [back] [           main] j.LocalContainerEntityManagerFactoryBean : Initialized JPA EntityManagerFactory for persistence unit 'default'
2024-11-23T13:31:34.031Z  WARN 1 --- [back] [           main] JpaBaseConfiguration$JpaWebConfiguration : spring.jpa.open-in-view is enabled by default. Therefore, database queries may be performed during view rendering. Explicitly configure spring.jpa.open-in-view to disable this warning
2024-11-23T13:31:35.270Z  INFO 1 --- [back] [           main] o.s.b.w.embedded.tomcat.TomcatWebServer  : Tomcat started on port 8080 (http) with context path '/'
2024-11-23T13:31:35.334Z  INFO 1 --- [back] [           main] com.munhwahansang.back.BackApplication   : Started BackApplication in 18.318 seconds (process running for 20.128)
ubuntu@ip-172-31-5-199:~$

원인은 Docker 컨테이너 로그를 보면 애플리케이션은 정상적으로 실행되고 있지만, HTTPS 설정이 적용되지 않고 여전히 HTTP 포트(8080)에서 실행되고 있었다

 

문제를 해결하기 위해 시도해본것

1. appilication.properties파일을 깃허브 시크릿 레포에 저장을 해두고 있었는데 새롭게 https관련 환경이 생겨서 이걸 반영했다.

 

 

그런데 이번엔 또다른 에러 발생

ubuntu@ip-172-31-5-199:~$ docker logs munhwahansang_server

  .   ____          _            __ _ _
 /\\ / ___'_ __ _ _(_)_ __  __ _ \ \ \ \
( ( )\___ | '_ | '_| | '_ \/ _ | \ \ \ \
 \\/  ___)| |_)| | | | | || (_| |  ) ) ) )
  '  |____| .__|_| |_|_| |_\__, | / / / /
 =========|_|==============|___/=/_/_/_/

 :: Spring Boot ::                (v3.3.5)

2024-11-23T13:50:03.930Z  INFO 1 --- [back] [           main] com.munhwahansang.back.BackApplication   : Starting BackApplication v0.0.1-SNAPSHOT using Java 17.0.2 with PID 1 (/app.jar started by root in /)
2024-11-23T13:50:03.935Z  INFO 1 --- [back] [           main] com.munhwahansang.back.BackApplication   : No active profile set, falling back to 1 default profile: "default"
2024-11-23T13:50:04.066Z  INFO 1 --- [back] [           main] .a.c.a.c.p.ParameterStorePropertySources : Loading property from AWS Parameter Store with name: /SpringBoot/prod/, optional: false
2024-11-23T13:50:06.017Z  INFO 1 --- [back] [           main] .s.d.r.c.RepositoryConfigurationDelegate : Bootstrapping Spring Data JPA repositories in DEFAULT mode.
2024-11-23T13:50:06.234Z  INFO 1 --- [back] [           main] .s.d.r.c.RepositoryConfigurationDelegate : Finished Spring Data repository scanning in 202 ms. Found 6 JPA repository interfaces.
2024-11-23T13:50:07.083Z  WARN 1 --- [back] [           main] trationDelegate$BeanPostProcessorChecker : Bean 'org.springframework.ws.config.annotation.DelegatingWsConfiguration' of type [org.springframework.ws.config.annotation.DelegatingWsConfiguration$$SpringCGLIB$$0] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying). The currently created BeanPostProcessor [annotationActionEndpointMapping] is declared through a non-static factory method on that class; consider declaring it as static instead.
2024-11-23T13:50:07.301Z  INFO 1 --- [back] [           main] .w.s.a.s.AnnotationActionEndpointMapping : Supporting [WS-Addressing August 2004, WS-Addressing 1.0]
2024-11-23T13:50:08.049Z  WARN 1 --- [back] [           main] ConfigServletWebServerApplicationContext : Exception encountered during context initialization - cancelling refresh attempt: org.springframework.context.ApplicationContextException: Unable to start web server
2024-11-23T13:50:08.075Z  INFO 1 --- [back] [           main] .s.b.a.l.ConditionEvaluationReportLogger :

Error starting ApplicationContext. To display the condition evaluation report re-run your application with 'debug' enabled.
2024-11-23T13:50:08.139Z ERROR 1 --- [back] [           main] o.s.boot.SpringApplication               : Application run failed

org.springframework.context.ApplicationContextException: Unable to start web server
        at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.onRefresh(ServletWebServerApplicationContext.java:165) ~[spring-boot-3.3.5.jar!/:3.3.5]
        at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:619) ~[spring-context-6.1.14.jar!/:6.1.14]
        at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.refresh(ServletWebServerApplicationContext.java:146) ~[spring-boot-3.3.5.jar!/:3.3.5]
        at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:754) ~[spring-boot-3.3.5.jar!/:3.3.5]
        at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:456) ~[spring-boot-3.3.5.jar!/:3.3.5]
        at org.springframework.boot.SpringApplication.run(SpringApplication.java:335) ~[spring-boot-3.3.5.jar!/:3.3.5]
        at org.springframework.boot.SpringApplication.run(SpringApplication.java:1363) ~[spring-boot-3.3.5.jar!/:3.3.5]
        at org.springframework.boot.SpringApplication.run(SpringApplication.java:1352) ~[spring-boot-3.3.5.jar!/:3.3.5]
        at com.munhwahansang.back.BackApplication.main(BackApplication.java:10) ~[!/:0.0.1-SNAPSHOT]
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:na]
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77) ~[na:na]
        at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:na]
        at java.base/java.lang.reflect.Method.invoke(Method.java:568) ~[na:na]
        at org.springframework.boot.loader.launch.Launcher.launch(Launcher.java:102) ~[app.jar:0.0.1-SNAPSHOT]
        at org.springframework.boot.loader.launch.Launcher.launch(Launcher.java:64) ~[app.jar:0.0.1-SNAPSHOT]
        at org.springframework.boot.loader.launch.JarLauncher.main(JarLauncher.java:40) ~[app.jar:0.0.1-SNAPSHOT]
Caused by: java.lang.IllegalStateException: Unable to create key store: Could not load store from '/etc/letsencrypt/live/api.munhwahansang.com/keystore.p12'
        at org.springframework.boot.ssl.jks.JksSslStoreBundle.createKeyStore(JksSslStoreBundle.java:112) ~[spring-boot-3.3.5.jar!/:3.3.5]
        at org.springframework.boot.ssl.jks.JksSslStoreBundle.lambda$new$0(JksSslStoreBundle.java:75) ~[spring-boot-3.3.5.jar!/:3.3.5]
        at org.springframework.util.function.SingletonSupplier.get(SingletonSupplier.java:106) ~[spring-core-6.1.14.jar!/:6.1.14]
        at org.springframework.boot.ssl.jks.JksSslStoreBundle.getKeyStore(JksSslStoreBundle.java:81) ~[spring-boot-3.3.5.jar!/:3.3.5]
        at org.springframework.boot.web.server.WebServerSslBundle.createKeyStore(WebServerSslBundle.java:157) ~[spring-boot-3.3.5.jar!/:3.3.5]
        at org.springframework.boot.web.server.WebServerSslBundle.createStoreBundle(WebServerSslBundle.java:147) ~[spring-boot-3.3.5.jar!/:3.3.5]
        at org.springframework.boot.web.server.WebServerSslBundle.get(WebServerSslBundle.java:142) ~[spring-boot-3.3.5.jar!/:3.3.5]
        at org.springframework.boot.web.server.AbstractConfigurableWebServerFactory.getSslBundle(AbstractConfigurableWebServerFactory.java:198) ~[spring-boot-3.3.5.jar!/:3.3.5]
        at org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory.customizeSsl(TomcatServletWebServerFactory.java:383) ~[spring-boot-3.3.5.jar!/:3.3.5]
        at org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory.customizeConnector(TomcatServletWebServerFactory.java:359) ~[spring-boot-3.3.5.jar!/:3.3.5]
        at org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory.getWebServer(TomcatServletWebServerFactory.java:212) ~[spring-boot-3.3.5.jar!/:3.3.5]
        at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.createWebServer(ServletWebServerApplicationContext.java:188) ~[spring-boot-3.3.5.jar!/:3.3.5]
        at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.onRefresh(ServletWebServerApplicationContext.java:162) ~[spring-boot-3.3.5.jar!/:3.3.5]
        ... 15 common frames omitted
Caused by: java.lang.IllegalStateException: Could not load store from '/etc/letsencrypt/live/api.munhwahansang.com/keystore.p12'
        at org.springframework.boot.ssl.jks.JksSslStoreBundle.loadKeyStore(JksSslStoreBundle.java:140) ~[spring-boot-3.3.5.jar!/:3.3.5]
        at org.springframework.boot.ssl.jks.JksSslStoreBundle.createKeyStore(JksSslStoreBundle.java:107) ~[spring-boot-3.3.5.jar!/:3.3.5]
        ... 27 common frames omitted
Caused by: java.io.FileNotFoundException: /etc/letsencrypt/live/api.munhwahansang.com/keystore.p12
        at org.springframework.core.io.FileSystemResource.getInputStream(FileSystemResource.java:196) ~[spring-core-6.1.14.jar!/:6.1.14]
        at org.springframework.boot.ssl.jks.JksSslStoreBundle.loadKeyStore(JksSslStoreBundle.java:135) ~[spring-boot-3.3.5.jar!/:3.3.5]
        ... 28 common frames omitted


  .   ____          _            __ _ _
 /\\ / ___'_ __ _ _(_)_ __  __ _ \ \ \ \
( ( )\___ | '_ | '_| | '_ \/ _ | \ \ \ \
 \\/  ___)| |_)| | | | | || (_| |  ) ) ) )
  '  |____| .__|_| |_|_| |_\__, | / / / /
 =========|_|==============|___/=/_/_/_/

 :: Spring Boot ::                (v3.3.5)

2024-11-23T13:50:46.773Z  INFO 1 --- [back] [           main] com.munhwahansang.back.BackApplication   : Starting BackApplication v0.0.1-SNAPSHOT using Java 17.0.2 with PID 1 (/app.jar started by root in /)
2024-11-23T13:50:46.780Z  INFO 1 --- [back] [           main] com.munhwahansang.back.BackApplication   : No active profile set, falling back to 1 default profile: "default"
2024-11-23T13:50:46.905Z  INFO 1 --- [back] [           main] .a.c.a.c.p.ParameterStorePropertySources : Loading property from AWS Parameter Store with name: /SpringBoot/prod/, optional: false
2024-11-23T13:50:48.902Z  INFO 1 --- [back] [           main] .s.d.r.c.RepositoryConfigurationDelegate : Bootstrapping Spring Data JPA repositories in DEFAULT mode.
2024-11-23T13:50:49.129Z  INFO 1 --- [back] [           main] .s.d.r.c.RepositoryConfigurationDelegate : Finished Spring Data repository scanning in 205 ms. Found 6 JPA repository interfaces.
2024-11-23T13:50:50.031Z  WARN 1 --- [back] [           main] trationDelegate$BeanPostProcessorChecker : Bean 'org.springframework.ws.config.annotation.DelegatingWsConfiguration' of type [org.springframework.ws.config.annotation.DelegatingWsConfiguration$$SpringCGLIB$$0] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying). The currently created BeanPostProcessor [annotationActionEndpointMapping] is declared through a non-static factory method on that class; consider declaring it as static instead.
2024-11-23T13:50:50.137Z  INFO 1 --- [back] [           main] .w.s.a.s.AnnotationActionEndpointMapping : Supporting [WS-Addressing August 2004, WS-Addressing 1.0]
2024-11-23T13:50:50.843Z  WARN 1 --- [back] [           main] ConfigServletWebServerApplicationContext : Exception encountered during context initialization - cancelling refresh attempt: org.springframework.context.ApplicationContextException: Unable to start web server
2024-11-23T13:50:50.870Z  INFO 1 --- [back] [           main] .s.b.a.l.ConditionEvaluationReportLogger :

Error starting ApplicationContext. To display the condition evaluation report re-run your application with 'debug' enabled.
2024-11-23T13:50:50.924Z ERROR 1 --- [back] [           main] o.s.boot.SpringApplication               : Application run failed

org.springframework.context.ApplicationContextException: Unable to start web server
        at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.onRefresh(ServletWebServerApplicationContext.java:165) ~[spring-boot-3.3.5.jar!/:3.3.5]
        at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:619) ~[spring-context-6.1.14.jar!/:6.1.14]
        at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.refresh(ServletWebServerApplicationContext.java:146) ~[spring-boot-3.3.5.jar!/:3.3.5]
        at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:754) ~[spring-boot-3.3.5.jar!/:3.3.5]
        at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:456) ~[spring-boot-3.3.5.jar!/:3.3.5]
        at org.springframework.boot.SpringApplication.run(SpringApplication.java:335) ~[spring-boot-3.3.5.jar!/:3.3.5]
        at org.springframework.boot.SpringApplication.run(SpringApplication.java:1363) ~[spring-boot-3.3.5.jar!/:3.3.5]
        at org.springframework.boot.SpringApplication.run(SpringApplication.java:1352) ~[spring-boot-3.3.5.jar!/:3.3.5]
        at com.munhwahansang.back.BackApplication.main(BackApplication.java:10) ~[!/:0.0.1-SNAPSHOT]
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:na]
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77) ~[na:na]
        at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:na]
        at java.base/java.lang.reflect.Method.invoke(Method.java:568) ~[na:na]
        at org.springframework.boot.loader.launch.Launcher.launch(Launcher.java:102) ~[app.jar:0.0.1-SNAPSHOT]
        at org.springframework.boot.loader.launch.Launcher.launch(Launcher.java:64) ~[app.jar:0.0.1-SNAPSHOT]
        at org.springframework.boot.loader.launch.JarLauncher.main(JarLauncher.java:40) ~[app.jar:0.0.1-SNAPSHOT]
Caused by: java.lang.IllegalStateException: Unable to create key store: Could not load store from '/etc/letsencrypt/live/api.munhwahansang.com/keystore.p12'
        at org.springframework.boot.ssl.jks.JksSslStoreBundle.createKeyStore(JksSslStoreBundle.java:112) ~[spring-boot-3.3.5.jar!/:3.3.5]
        at org.springframework.boot.ssl.jks.JksSslStoreBundle.lambda$new$0(JksSslStoreBundle.java:75) ~[spring-boot-3.3.5.jar!/:3.3.5]
        at org.springframework.util.function.SingletonSupplier.get(SingletonSupplier.java:106) ~[spring-core-6.1.14.jar!/:6.1.14]
        at org.springframework.boot.ssl.jks.JksSslStoreBundle.getKeyStore(JksSslStoreBundle.java:81) ~[spring-boot-3.3.5.jar!/:3.3.5]
        at org.springframework.boot.web.server.WebServerSslBundle.createKeyStore(WebServerSslBundle.java:157) ~[spring-boot-3.3.5.jar!/:3.3.5]
        at org.springframework.boot.web.server.WebServerSslBundle.createStoreBundle(WebServerSslBundle.java:147) ~[spring-boot-3.3.5.jar!/:3.3.5]
        at org.springframework.boot.web.server.WebServerSslBundle.get(WebServerSslBundle.java:142) ~[spring-boot-3.3.5.jar!/:3.3.5]
        at org.springframework.boot.web.server.AbstractConfigurableWebServerFactory.getSslBundle(AbstractConfigurableWebServerFactory.java:198) ~[spring-boot-3.3.5.jar!/:3.3.5]
        at org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory.customizeSsl(TomcatServletWebServerFactory.java:383) ~[spring-boot-3.3.5.jar!/:3.3.5]
        at org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory.customizeConnector(TomcatServletWebServerFactory.java:359) ~[spring-boot-3.3.5.jar!/:3.3.5]
        at org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory.getWebServer(TomcatServletWebServerFactory.java:212) ~[spring-boot-3.3.5.jar!/:3.3.5]
        at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.createWebServer(ServletWebServerApplicationContext.java:188) ~[spring-boot-3.3.5.jar!/:3.3.5]
        at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.onRefresh(ServletWebServerApplicationContext.java:162) ~[spring-boot-3.3.5.jar!/:3.3.5]
        ... 15 common frames omitted
Caused by: java.lang.IllegalStateException: Could not load store from '/etc/letsencrypt/live/api.munhwahansang.com/keystore.p12'
        at org.springframework.boot.ssl.jks.JksSslStoreBundle.loadKeyStore(JksSslStoreBundle.java:140) ~[spring-boot-3.3.5.jar!/:3.3.5]
        at org.springframework.boot.ssl.jks.JksSslStoreBundle.createKeyStore(JksSslStoreBundle.java:107) ~[spring-boot-3.3.5.jar!/:3.3.5]
        ... 27 common frames omitted
Caused by: java.io.FileNotFoundException: /etc/letsencrypt/live/api.munhwahansang.com/keystore.p12
        at org.springframework.core.io.FileSystemResource.getInputStream(FileSystemResource.java:196) ~[spring-core-6.1.14.jar!/:6.1.14]
        at org.springframework.boot.ssl.jks.JksSslStoreBundle.loadKeyStore(JksSslStoreBundle.java:135) ~[spring-boot-3.3.5.jar!/:3.3.5]
        ... 28 common frames omitted

ubuntu@ip-172-31-5-199:~$

원인은 HTTPS 설정이 실패하는 원인 키스토어 파일(/etc/letsencrypt/live/api.munhwahansang.com/keystore.p12)을 찾을 수 없기 때문

 

ubuntu@ip-172-31-5-199:~$ ls -l /etc/letsencrypt/live/api.munhwahansang.com/keystore.p12
ls: cannot access '/etc/letsencrypt/live/api.munhwahansang.com/keystore.p12': Permission denied

사용자가 키스토어 파일에 접근할 권한이 없어서 에러가 발생하고 있었다. 키스토어파일은 경로에 있는데(확인했음) 권한에 관련된 문제 같다.

 

ubuntu@ip-172-31-5-199:~$ sudo ls -l /etc/letsencrypt/live/api.munhwahansang.com/keystore.p12
-rw------- 1 root root 2781 Nov 23 13:17 /etc/letsencrypt/live/api.munhwahansang.com/keystore.p12

소유자가 root이고 권한이 -rw-------(읽기/쓰기 권한만 root 소유자에게 있음)으로 설정되어 있었다.

그래서 현재 사용자 또는 Docker 컨테이너가 이 파일에 접근할 수 없는 상태!!

 

권한을 수정했다.

1.

키스토어 파일(/etc/letsencrypt/live/api.munhwahansang.com/keystore.p12)에 읽기 권한을 추가

sudo chmod 644 /etc/letsencrypt/live/api.munhwahansang.com/keystore.p12

 

2.

키스토어 파일이 포함된 디렉터리(/etc/letsencrypt/live/api.munhwahansang.com 및 /etc/letsencrypt/live)에 실행 권한을 추가

sudo chmod 755 /etc/letsencrypt/live/api.munhwahansang.com
sudo chmod 755 /etc/letsencrypt/live

 

3. 도커 cicd파일수정

Docker 컨테이너가 키스토어 파일에 접근할 수 있어야 애플리케이션이 HTTPS를 활성화하고 다른 개발자도 HTTPS로 서비스에 접근할 수 있어서 옵션을 추가하였다.

-v /etc/letsencrypt:/etc/letsencrypt:ro \

Docker 컨테이너에서 키스토어 파일을 읽을 수 있도록 /etc/letsencrypt 디렉터리를 읽기 전용(ro)으로 마운트

 

 

참고

https://cocococo.tistory.com/entry/Spring-Boot-%EC%82%AC%EC%84%A4-SSL-%EC%9D%B8%EC%A6%9D%EC%84%9C-%EC%83%9D%EC%84%B1-%EB%B0%8F-%EC%A0%81%EC%9A%A9-%EB%B0%A9%EB%B2%95

 

[Spring Boot] 사설 SSL 인증서 생성 및 적용 방법

SSL(Secure Sockets Layer)란? SSL 인증서는 웹사이트나 애플리케이션과 사용자 사이의 통신을 암호화하고 보안하는 데 사용되는 디지털 인증서로 SS웹사이트의 신원을 확인하고 데이터 전송을 암호화

cocococo.tistory.com

https://back-stead.tistory.com/109

 

[SpringBoot] Let's encrypt - 스프링 부트 SSL/TLS 인증서 발급 받기

SSL/TLS인증서를 발급받기  들어가며이번 포스팅에서는 스프링 부트를 사용하는 애플리케이션이 Let`s encrypt를 이용한 SSL/TLS 인증서를 발급받고 설정하는 방법을 알아보도록 하겠습니다. SSL/TLS

back-stead.tistory.com

 

 

 

'9oormthonUNIV > [kakao x goorm] 구름톤 유니브 단풍톤' 카테고리의 다른 글

Failed to determine a suitable driver class, rds생성 및 ec2연동  (0) 2024.11.27
[ssh] Permission denied (publickey) 에러  (0) 2024.11.27
[ec2] Failed to connect to your instance  (0) 2024.11.27
caused by: java.lang.illegalargumentexception: could not resolve placeholder 'cloud.aws.credentials.access-key' in value "${cloud.aws.credentials.access-key}"  (0) 2024.11.27
스프링부트 http에서 https로 변경 포트매핑도중 에러 2  (0) 2024.11.26
'9oormthonUNIV/[kakao x goorm] 구름톤 유니브 단풍톤' Related Articles more
Comments