Skip to content

Enabling HTTPS

Jump to bottom
Kilemonn edited this page Dec 13, 2023 · 5 revisions

Although there is no MessageQueue specific configuration that needs to be applied to enable HTTPS for the application. This is an example of how you can enable HTTPS for a spring application.

By default, the MessageQueue does not have HTTPS enabled and is exposed on port 8080.

To enable HTTPS you'll need to provide your own SSL certificate and extend the current version of the image hosted at: https://hub.docker.com/r/kilemon/message-queue.

When extending this image you want to add your own SSL certificate into the container and take note of the generated file location as you'll need to reference it in the environment properties you provide to the MessageQueue.

Below is an example Dockerfile that you could use to generate a self-signed certificate.

Dockerfile Configuration:

FROM kilemon/message-queue:latest

# The generated cert will be placed at /messagequeue/keystore.p12 in the container (refer to path in docker compose file).
RUN ["keytool", "-genkeypair", "-alias", "sslcert", "-keyalg", "RSA", "-keysize", "4096", "-validity", "3650", "-dname", "CN=message-queue", "-keypass", "changeit", "-keystore", "keystore.p12", "-storeType", "PKCS12", "-storepass", "changeit"]

EXPOSE 8443

ENTRYPOINT ["java", "-jar", "messagequeue.jar"]

Docker-Compose Configuration:

Using docker compose you can reference and build this Dockerfile and pass in the appropriate parameters to enable HTTP on the MessageQueue application:

  • server.port - NOTE: The port set here must match the health check port below and the exposed port from the Dockerfile
  • server.ssl.enabled
  • server.ssl.key-store-type
  • server.ssl.key-store - NOTE: The keystore location needs to be relative to the application path. The application path is /messagequeue/messagequeue.jar depending where this is copied to when you are creating the image this will need to be updated.
  • server.ssl.key-store-password

docker-compose.yml:

version: "3.9"
services:
  queue:
    container_name: queue
    build: .
    ports:
      - "8443:8443"
    environment:
      MULTI_QUEUE_TYPE: IN_MEMORY
      server.port: 8443 # The port set here must match the health check port below and the exposed port from the Dockerfile
      server.ssl.enabled: true
      server.ssl.key-store-type: PKCS12
      server.ssl.key-store: keystore.p12 # This path is relative to the `messagequeue.jar` location. The full location is /messagequeue/keystore.p12 for this example
      server.ssl.key-store-password: changeit
    healthcheck:
      test: wget --no-check-certificate https://localhost:8443/queue/healthcheck # Example simple health check, disabling cert check for this example since it is self-signed
      start_period: 3s
      interval: 3s
      timeout: 3s
      retries: 5

Once this starts up you should be able to access the application using HTTPS on the exposed port 8443.

Clone this wiki locally