This spike is meant to provide minimal implementation for configuring the jdk.httpserver with https and compile it into:
- a shrunk JVM with
jlinkandJava Platform Module System - a native application with GraalVM CE
By default, the JVM provides all the security modules for configuring any security context, but when JPMS comes into play, you have to specify them directly
in the module-info, otherwise the JVM will be unable to configure certificates properly.
To run the HTTPS server, you need to generate self-signed certificates. You have three options:
- Use the provided shell script (Option 1 below)
- Follow the manual OpenSSL steps (Option 2 below)
- Use the built-in Java-based certificate generator (see "Running the Application" section)
We've provided a shell script that automates the certificate generation process:
# Make the script executable
chmod +x src/main/resources/io/trydent/httpserver/cert/generate-certs.sh
# Run the script from the project root
./src/main/resources/io/trydent/httpserver/cert/generate-certs.shIf you prefer to generate the certificates manually, follow these steps:
Make sure you have OpenSSL installed:
# For Debian/Ubuntu
sudo apt-get install openssl
# For Red Hat/Fedora
sudo dnf install opensslmkdir -p src/main/resources/io/trydent/httpserver/cert
cd src/main/resources/io/trydent/httpserver/cert# Generate a 2048-bit RSA private key
openssl genrsa -out private.key 2048# Generate a self-signed certificate valid for 365 days
openssl req -new -x509 -key private.key -out certificate.crt -days 365When prompted, enter the following information:
- Country Name: Your country code (e.g., US)
- State or Province: Your state
- Locality Name: Your city
- Organization Name: Your organization
- Organizational Unit: Your department
- Common Name: localhost (or your domain name)
- Email Address: Your email
# Copy the certificate to create a CA bundle
cp certificate.crt ca_bundle.crt# Convert the private key to PEM format
openssl pkcs8 -topk8 -inform PEM -in private.key -out private.pem -nocrypt# Generate an EC private key
openssl ecparam -name secp256r1 -genkey -noout -out alpenflow.io.private.key# Verify the certificate
openssl x509 -in certificate.crt -text -nooutAfter completing these steps, you'll have all the necessary certificate files in the correct location for the application to use.
After generating the certificates, you can build and run the application:
You can generate certificates directly from Java without using OpenSSL. This approach uses the built-in CertificateGenerator class which leverages the BouncyCastle library to create self-signed certificates programmatically:
# Build with Maven
mvn clean package
# Generate certificates using Java
java --module-path target/httpserver.jar --add-modules httpserver --enable-preview io.trydent.httpserver.Main --generate-certsThis will create all the necessary certificate files in the src/main/resources/io/trydent/httpserver/cert directory with default settings (valid for 365 days, with "localhost" as the common name).
After generating the certificates, you can run the application:
# Run with Java (using JPMS)
java --module-path target/httpserver.jar --add-modules httpserver --enable-preview io.trydent.httpserver.MainThe project is configured with the jlink Maven plugin, which creates a custom runtime image with only the required modules:
# Build with Maven (this will also create the jlink image)
mvn clean package
# Run the application using the generated runtime image
target/maven-jlink/classifiers/dist-${os.arch}/bin/httpserverThe HTTPS server will be available at https://localhost:443