This version is still in development and is not considered stable yet. For the latest stable version, please use Spring Boot 3.3.4! |
This version is still in development and is not considered stable yet. For the latest stable version, please use Spring Boot 3.3.4! |
In addition to running Spring Boot applications by using java -jar
directly, it is also possible to run them as systemd
, init.d
or Windows services.
Installation as a systemd Service
systemd
is the successor of the System V init system and is now being used by many modern Linux distributions.
Spring Boot applications can be launched by using systemd
‘service’ scripts.
Assuming that you have a Spring Boot application packaged as an uber jar in /var/myapp
, to install it as a systemd
service, create a script named myapp.service
and place it in /etc/systemd/system
directory.
The following script offers an example:
[Unit]
Description=myapp
After=syslog.target network.target
[Service]
User=myapp
Group=myapp
Environment="JAVA_HOME=/path/to/java/home"
ExecStart=${JAVA_HOME}/bin/java -jar /var/myapp/myapp.jar
ExecStop=/bin/kill -15 $MAINPID
SuccessExitStatus=143
[Install]
WantedBy=multi-user.target
Remember to change the Description , User , Group , Environment and ExecStart fields for your application.
|
The ExecStart field does not declare the script action command, which means that the run command is used by default.
|
The user that runs the application, the PID file, and the console log file are managed by systemd
itself and therefore must be configured by using appropriate fields in the ‘service’ script.
Consult the service unit configuration man page for more details.
To flag the application to start automatically on system boot, use the following command:
$ systemctl enable myapp.service
Run man systemctl
for more details.
Remember to change the Description , User , Group , Environment and ExecStart fields for your application.
|
The ExecStart field does not declare the script action command, which means that the run command is used by default.
|
Installation as an init.d Service (System V)
To use your application as init.d
service, configure its build to produce a fully executable jar.
Fully executable jars work by embedding an extra script at the front of the file.
Currently, some tools do not accept this format, so you may not always be able to use this technique.
For example, jar -xf may silently fail to extract a jar or war that has been made fully executable.
It is recommended that you make your jar or war fully executable only if you intend to execute it directly, rather than running it with java -jar or deploying it to a servlet container.
|
A zip64-format jar file cannot be made fully executable.
Attempting to do so will result in a jar file that is reported as corrupt when executed directly or with java -jar .
A standard-format jar file that contains one or more zip64-format nested jars can be fully executable.
|
To create a ‘fully executable’ jar with Maven, use the following plugin configuration:
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<configuration>
<executable>true</executable>
</configuration>
</plugin>
The following example shows the equivalent Gradle configuration:
tasks.named('bootJar') {
launchScript()
}
It can then be symlinked to init.d
to support the standard start
, stop
, restart
, and status
commands.
The default launch script that is added to a fully executable jar supports most Linux distributions and is tested on CentOS and Ubuntu. Other platforms, such as OS X and FreeBSD, require the use of a custom script. The default scripts supports the following features:
-
Starts the services as the user that owns the jar file
-
Tracks the application’s PID by using
/var/run/<appname>/<appname>.pid
-
Writes console logs to
/var/log/<appname>.log
Assuming that you have a Spring Boot application installed in /var/myapp
, to install a Spring Boot application as an init.d
service, create a symlink, as follows:
$ sudo ln -s /var/myapp/myapp.jar /etc/init.d/myapp
Once installed, you can start and stop the service in the usual way. For example, on a Debian-based system, you could start it with the following command:
$ service myapp start
If your application fails to start, check the log file written to /var/log/<appname>.log for errors.
|
You can also flag the application to start automatically by using your standard operating system tools. For example, on Debian, you could use the following command:
$ update-rc.d myapp defaults <priority>
Securing an init.d Service
The following is a set of guidelines on how to secure a Spring Boot application that runs as an init.d service. It is not intended to be an exhaustive list of everything that should be done to harden an application and the environment in which it runs. |
When executed as root, as is the case when root is being used to start an init.d service, the default executable script runs the application as the user specified in the RUN_AS_USER
environment variable.
When the environment variable is not set, the user who owns the jar file is used instead.
You should never run a Spring Boot application as root
, so RUN_AS_USER
should never be root and your application’s jar file should never be owned by root.
Instead, create a specific user to run your application and set the RUN_AS_USER
environment variable or use chown
to make it the owner of the jar file, as shown in the following example:
$ chown bootapp:bootapp your-app.jar
In this case, the default executable script runs the application as the bootapp
user.
To reduce the chances of the application’s user account being compromised, you should consider preventing it from using a login shell.
For example, you can set the account’s shell to /usr/sbin/nologin .
|
You should also take steps to prevent the modification of your application’s jar file. Firstly, configure its permissions so that it cannot be written and can only be read or executed by its owner, as shown in the following example:
$ chmod 500 your-app.jar
Second, you should also take steps to limit the damage if your application or the account that is running it is compromised.
If an attacker does gain access, they could make the jar file writable and change its contents.
One way to protect against this is to make it immutable by using chattr
, as shown in the following example:
$ sudo chattr +i your-app.jar
This will prevent any user, including root, from modifying the jar.
If root is used to control the application’s service and you use a .conf
file to customize its startup, the .conf
file is read and evaluated by the root user.
It should be secured accordingly.
Use chmod
so that the file can only be read by the owner and use chown
to make root the owner, as shown in the following example:
$ chmod 400 your-app.conf
$ sudo chown root:root your-app.conf
Customizing the Startup Script
The default embedded startup script written by the Maven or Gradle plugin can be customized in a number of ways.
For most people, using the default script along with a few customizations is usually enough.
If you find you cannot customize something that you need to, use the embeddedLaunchScript
option to write your own file entirely.
Customizing the Start Script When It Is Written
It often makes sense to customize elements of the start script as it is written into the jar file. For example, init.d scripts can provide a “description”. Since you know the description up front (and it need not change), you may as well provide it when the jar is generated.
To customize written elements, use the embeddedLaunchScriptProperties
option of the Spring Boot Maven plugin or the properties
property of the Spring Boot Gradle plugin’s launchScript
.
The following property substitutions are supported with the default script:
Name | Description | Gradle default | Maven default |
---|---|---|---|
|
The script mode. |
|
|
|
The |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Single-line version of |
|
|
|
|
|
|
|
|
|
|
The default value for |
Folder containing the jar |
Folder containing the jar |
|
Reference to a file script that should be inlined in the default launch script.
This can be used to set environmental variables such as |
||
|
Default value for |
||
|
Default value for |
||
|
Default value for |
||
|
Default value for the name of the PID file in |
||
|
Whether the |
|
|
|
Default value for |
60 |
60 |
Customizing a Script When It Runs
For items of the script that need to be customized after the jar has been written, you can use environment variables or a config file.
The following environment properties are supported with the default script:
Variable | Description |
---|---|
|
The “mode” of operation.
The default depends on the way the jar was built but is usually |
|
The user that will be used to run the application. When not set, the user that owns the jar file will be used. |
|
Whether the |
|
The root name of the pid folder ( |
|
The name of the folder in which to put log files ( |
|
The name of the folder from which to read .conf files (same folder as jar-file by default). |
|
The name of the log file in the |
|
The name of the app. If the jar is run from a symlink, the script guesses the app name. If it is not a symlink or you want to explicitly set the app name, this can be useful. |
|
The arguments to pass to the program (the Spring Boot app). |
|
The location of the |
|
Options that are passed to the JVM when it is launched. |
|
The explicit location of the jar file, in case the script is being used to launch a jar that it is not actually embedded. |
|
If not empty, sets the |
|
The time in seconds to wait when stopping the application before forcing a shutdown ( |
The PID_FOLDER , LOG_FOLDER , and LOG_FILENAME variables are only valid for an init.d service.
For systemd , the equivalent customizations are made by using the ‘service’ script.
See the service unit configuration man page for more details.
|
Using a Conf File
With the exception of JARFILE
and APP_NAME
, the settings listed in the preceding section can be configured by using a .conf
file.
The file is expected to be next to the jar file and have the same name but suffixed with .conf
rather than .jar
.
For example, a jar named /var/myapp/myapp.jar
uses the configuration file named /var/myapp/myapp.conf
, as shown in the following example:
JAVA_OPTS=-Xmx1024M
LOG_FOLDER=/custom/log/folder
If you do not like having the config file next to the jar file, you can set a CONF_FOLDER environment variable to customize the location of the config file.
|
To learn about securing this file appropriately, see the guidelines for securing an init.d service.
Fully executable jars work by embedding an extra script at the front of the file.
Currently, some tools do not accept this format, so you may not always be able to use this technique.
For example, jar -xf may silently fail to extract a jar or war that has been made fully executable.
It is recommended that you make your jar or war fully executable only if you intend to execute it directly, rather than running it with java -jar or deploying it to a servlet container.
|
A zip64-format jar file cannot be made fully executable.
Attempting to do so will result in a jar file that is reported as corrupt when executed directly or with java -jar .
A standard-format jar file that contains one or more zip64-format nested jars can be fully executable.
|
If your application fails to start, check the log file written to /var/log/<appname>.log for errors.
|
The following is a set of guidelines on how to secure a Spring Boot application that runs as an init.d service. It is not intended to be an exhaustive list of everything that should be done to harden an application and the environment in which it runs. |
To reduce the chances of the application’s user account being compromised, you should consider preventing it from using a login shell.
For example, you can set the account’s shell to /usr/sbin/nologin .
|
Name | Description | Gradle default | Maven default |
---|---|---|---|
|
The script mode. |
|
|
|
The |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Single-line version of |
|
|
|
|
|
|
|
|
|
|
The default value for |
Folder containing the jar |
Folder containing the jar |
|
Reference to a file script that should be inlined in the default launch script.
This can be used to set environmental variables such as |
||
|
Default value for |
||
|
Default value for |
||
|
Default value for |
||
|
Default value for the name of the PID file in |
||
|
Whether the |
|
|
|
Default value for |
60 |
60 |
Variable | Description |
---|---|
|
The “mode” of operation.
The default depends on the way the jar was built but is usually |
|
The user that will be used to run the application. When not set, the user that owns the jar file will be used. |
|
Whether the |
|
The root name of the pid folder ( |
|
The name of the folder in which to put log files ( |
|
The name of the folder from which to read .conf files (same folder as jar-file by default). |
|
The name of the log file in the |
|
The name of the app. If the jar is run from a symlink, the script guesses the app name. If it is not a symlink or you want to explicitly set the app name, this can be useful. |
|
The arguments to pass to the program (the Spring Boot app). |
|
The location of the |
|
Options that are passed to the JVM when it is launched. |
|
The explicit location of the jar file, in case the script is being used to launch a jar that it is not actually embedded. |
|
If not empty, sets the |
|
The time in seconds to wait when stopping the application before forcing a shutdown ( |
The PID_FOLDER , LOG_FOLDER , and LOG_FILENAME variables are only valid for an init.d service.
For systemd , the equivalent customizations are made by using the ‘service’ script.
See the service unit configuration man page for more details.
|
If you do not like having the config file next to the jar file, you can set a CONF_FOLDER environment variable to customize the location of the config file.
|
Microsoft Windows Services
A Spring Boot application can be started as a Windows service by using winsw
.
A (separately maintained sample) describes step-by-step how you can create a Windows service for your Spring Boot application.