baseName = 'your-app'
version = version
executable = true (1)
mainClass = "com.shunya.App"
Running Spring Boot app as a service in unix
Upasana | May 20, 2019 | 3 min read | 4,494 views
You should never run a Spring Boot application as root, so your application’s jar file should never be owned by root. Instead, create a specific user to run your application and use chown to make it the owner of the jar file
Creating executable Jar
We can always run Spring Boot applications by using
java -jar <jarname> command, but it is also possible to make fully executable applications for Unix systems (centos, ubuntu, etc) that can be executed like any other executable binary and even registered with
systemd. This makes it easy to install and manage Spring Boot applications in production environment.
Spring boot 1.x and 2.x have slightly different way of creating fully executable jars. We will explore both the options:
Spring Boot 1.x
The following configuration is required in
build.gradle file in Spring Boot 1.x projects.
|This is required to make fully executable jar on unix system (Centos and Ubuntu)
Spring Boot 2.x
The following configuration in
build.gradle will make a fully executable jar in Spring Boot 2.x project.
baseName = 'your-app'
version = '0.1.0'
Create a .conf file
If you want to configure custom JVM properties or Spring Boot application run arguments, then you can create a .conf file with the same name as the Spring Boot application name and place it parallel to jar file.
your-app.jar is the name of your Spring Boot application, then you can create the following file.
This configuration will set 64 MB ram for the Spring Boot application and activate
Create a new user in linux
For enhanced security we must create a specific user to run the Spring Boot application as a service.
sudo useradd -s /sbin/nologin springboot
sudo useradd -s /usr/sbin/nologin springboot
sudo passwd springboot
To reduce the chances of the application’s user account being compromised, you should consider preventing it from using a login shell. For example, you can set the account’s shell to
/usr/sbin/nologin, this will limit your system’s attack surface.
springboot owner of the executable file
chown springboot:springboot your-app.jar
chmod 500 your-app.jar
This will configure jar’s permissions so that it can not be written and can only be read or executed by its owner
|Octal 500 = read + execute (r-x) for owner, group has 0 and world has zero permissions.
You can optionally make your jar file as immutable using the change attribute (chattr) command.
sudo chattr +i your-app.jar
|chattr +i sets the immutable filesystem attribute on the file. It differs from access control rules. Access controls are file attributes, immutable is a filesystem extended file attribute (may not be available). Only user with root privileges can set or unset this attribute.
Appropriate permissions should be set for the corresponding
.conf file as well.
.conf requires just read access (Octal 400) instead of read + execute (Octal 500) access
chmod 400 your-app.conf
Create Systemd service
Description=Your app description
Automatically restart process if it gets killed by OS
Append the below two attributes (
RestartSec) to automatically restart the process on failure.
The change will make Spring Boot application restart in case of failure with a delay of 30 seconds. If you stop the service using
systemctl command then restart will not happen.
Schedule service at system startup
To flag the application to start automatically on system boot, use the following command:
sudo systemctl enable your-app.service
Start an Stop the Service
systemctl can be used in Ubuntu 16.04 LTS and 18.04 LTS to start and stop the process.
sudo systemctl start your-app
sudo systemctl stop your-app
Top articles in this category:
- Setting a Random Port in Spring Boot Application at startup
- Run method on Spring Boot startup
- Spring Boot Sidecar
- Basic Auth Security in Spring Boot 2
- Redis rate limiter in Spring Boot
- Spring Boot multipart file upload server
- Feign RequestInterceptor in Spring Boot