If I'm redirecting port 80 to 443 with ssl set up in nginx and proxy to my application on port 5000 do I still need to set up Spring boot to use SSL?

Question

Sorry if this should go into stackoverflow or security, it's kind of a middle of the road question.

I have nginx on an elastic beanstalk instance which is set to redirect 80 to 443 and is proxying 443 traffic to port 5000 which my Spring Boot app is listening on.

Spring Boot also has configuration to set ssl on using a p12 keystore. I'm wondering if someone can explain if both are required and why that's the case if so? In my mind it's encrypted between server and client until it gets to the Spring boot application so it should be fine but I'm not 100% on that

I guess you mean you redirect port 80 to 443 and then proxy the requests to port 5000 to your application? If so, then please edit your title and question. — Freddy, May 08 '19 at 19:02

score 1 · Accepted Answer · answered May 08 '19 at 20:00

1

Yes, you don't need SSL in your Spring application. Your client connection is already secure.

answered May 08 '19 at 20:00

Freddy

1,999
5
12

If I'm redirecting port 80 to 443 with ssl set up in nginx and proxy to my application on port 5000 do I still need to set up Spring boot to use SSL?

1 Answers1