Run Grails on HTTPS

Question

I want to run Grails on https on localhost. I have already configured HTTPS and can see the Apache page when localhost:443 is hit. Currently Grails runs on 8080. When I try running grails with grails -Dserver.port.https=443 run-app -https, I get Permission denied. I know this requires some kind of root access below port 1024. But when I try sudo grails run-app, this gives me command not found.

Any possible solutions?

Answer 1

Generally, it's a bad idea to run your web app as root. Practically speaking, your app becomes super exploitable. Any security flaw in your setup will suddenly give the attacker full root access to the server.

This is why it's more common to do one of the following:

• Run a proxy such as apache or nginx or haproxy on port 443 with https, and grails on port 8080 without https. Set up the proxy to forward all requests to your grails app at 8080. Make sure the grails app only listens to localhost, so you can't go directly to yoursite.com:8080.
• Run Grails at 8080, with https, only listening on localhost, and set up a netfilter/iptables rule to forward traffic on 443 to localhost 8080.

The two setups are essentialy the same. The main difference is whether to use a user level setup, or rely on an OS level service such as netfilters.