Setting Up Nginx + Spring Boot with FreeSSL.cn on CentOS for Automatic 3‑Month HTTPS Renewal
This guide walks through installing Nginx and Java on CentOS, deploying a Spring Boot JAR, obtaining a free FreeSSL.cn certificate with acme.sh, configuring Nginx for HTTP‑to‑HTTPS redirection and SSL, and enabling automatic three‑month renewal via the built‑in cron job.
In a CentOS environment, you can combine Nginx and Spring Boot with a free FreeSSL.cn HTTPS certificate that automatically renews every three months by following these steps.
1. Install Nginx
sudo yum install nginx2. Install Java (if not present)
sudo yum install java3. Deploy the Spring Boot application
Package your Spring Boot project as a JAR and run it:
java -jar your-spring-boot-app.jar4. Install acme.sh
curl https://get.acme.sh | sh -s [email protected]5. Configure Nginx to redirect port 80 to HTTPS
Edit /etc/nginx/nginx.conf and add:
server {
listen 80;
server_name ai-ziyuan.techwisdom.cn;
location / {
return 301 https://$host$request_uri;
}
}Now requests to http://ai-ziyuan.techwisdom.cn are automatically redirected to https://ai-ziyuan.techwisdom.cn.
6. Obtain the SSL certificate
acme.sh --issue -d *.techwisdom.cn --dns dns_dp --server https://acme.freessl.cn/v2/DV90/directory/xxxxxxFollow the prompts to complete the issuance.
7. Configure the certificate in Nginx
Add the SSL settings to the http block of /etc/nginx/nginx.conf:
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
events { worker_connections 1024; }
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 4096;
include /etc/nginx/mime.types;
default_type application/octet-stream;
client_max_body_size 100M;
server {
listen 443 ssl;
server_name ai-ziyuan.techwisdom.cn;
access_log /var/log/nginx/ai-ziyuan.techwisdom.cn.access.log;
error_log /var/log/nginx/ai-ziyuan.techwisdom.cn.error.log;
ssl_certificate /home/server/ssl/*.techwisdom.cn_ecc/*.techwisdom.cn.cer;
ssl_certificate_key /home/server/ssl/*.techwisdom.cn_ecc/*.techwisdom.cn.key;
ssl_session_cache shared:SSL:30m;
ssl_session_timeout 60m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root html;
index index.html index.htm;
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://localhost:8000;
}
}
}8. Enable automatic certificate renewal
acme.sh creates a cron job that automatically renews the certificate; no manual action is required.
9. Restart Nginx
sudo systemctl restart nginxAfter restarting, Nginx serves the Spring Boot application over SSL using the free FreeSSL.cn certificate, and the certificate will renew automatically after three months. Regularly check Nginx and acme.sh logs to ensure everything operates correctly.
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
LuTiao Programming
LuTiao Programming is a friendly community offering free programming lessons. We inspire learners to explore new ideas and technologies and quickly acquire job-ready skills.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.
