How to run Java SpringBoot apps in Alpine with OpenSSL

Question

How to run Java SpringBoot apps in Alpine with OpenSSL

2.5k Views Asked by Marcello DeSales At 05 April 2025 at 17:14

Problem

Running a Java application in Alpine Linux breaks when TLS calls are made
Some libraries like Apache's commons-crypto uses Native libraries like openssl for some of the calls
- Specifically org.apache.commons.crypto.cipher.OpenSslNative.initIDs()

Any of my SpringBoot apps work in JDK 8, JDK 11 and JDK 12 on Alpine 3.8

Setup of Alpine and JDK

All the setup is described at https://github.com/AdoptOpenJDK/openjdk-jdk11/issues/8#issue-382004417

Here's the Dockerfile I'm using

FROM alpine:3.8

# ca certificates: to support HTTPS calls to other services
# hadolint ignore=DL3008
RUN apk update && \
    apk add bash ca-certificates openssl --no-cache

RUN update-ca-certificates

ENV JAVA_HOME=/opt/jdk-custom/jre
ENV PATH="$PATH:$JAVA_HOME/bin"

Segmentation Fault on OpenSSL calls

The segmentation fault is as follows:

    ---------------  S U M M A R Y ------------

    Command Line: -XX:+UnlockExperimentalVMOptions -XX:+UseG1GC -XX:+UseStringDeduplication -XX:MaxRAMFraction=2 -XX:+HeapDumpOnOutOfMemoryError -XX:ErrorFile=/runtime/logs/error.log -XX:HeapDumpPath=/runtime/logs/error.heap.hprof -XX:+UnlockExperimentalVMOptions -Djdk.module.showModuleResolution=true -Djava.security.egd=file:/dev/./urandom /runtime/server.jar

    Host: Intel(R) Core(TM) i7-7820HQ CPU @ 2.90GHz, 6 cores, 7G, Alpine Linux v3.8
    Time: Sun Nov 18 15:28:22 2018 UTC elapsed time: 8 seconds (0d 0h 0m 8s)

    ---------------  T H R E A D  ---------------

    Current thread (0x000055e8239a7800):  JavaThread "main" [_thread_in_native, id=43, stack(0x00007f524b58f000,0x00007f524b68fab0)]

    Stack: [0x00007f524b58f000,0x00007f524b68fab0],  sp=0x00007f524b68c6d8,  free space=1013k
    Native frames: (J=compiled Java code, A=aot compiled Java code, j=interpreted, Vv=VM code, C=native code)
    C  0x0000000000000e16

    Java frames: (J=compiled Java code, j=interpreted, Vv=VM code)
    j  org.apache.commons.crypto.cipher.OpenSslNative.initIDs()V+0
    j  org.apache.commons.crypto.cipher.OpenSsl.<clinit>()V+8
    v  ~StubRoutines::call_stub
    j  org.apache.commons.crypto.cipher.OpenSslCipher.<init>(Ljava/util/Properties;Ljava/lang/String;)V+14
    v  ~StubRoutines::call_stub
  org.springframework.boot.SpringApplication.applyInitializers(Lorg/springframework/context/ConfigurableApplicationContext;)V+50
    j  org.springframework.boot.SpringApplication.prepareContext(Lorg/springframework/context/ConfigurableApplicationContext;Lorg/springframework/core/env/ConfigurableEnvironment;Lorg/springframework/boot/SpringApplicationRunListeners;Lorg/springframework/boot/ApplicationArguments;Lorg/springframework/boot/Banner;)V+14
    j  org.springframework.boot.SpringApplication.run([Ljava/lang/String;)Lorg/springframework/context/ConfigurableApplicationContext;+86
    j  org.springframework.boot.SpringApplication.run([Ljava/lang/Object;[Ljava/lang/String;)Lorg/springframework/context/ConfigurableApplicationContext;+9
    j  org.springframework.boot.SpringApplication.run(Ljava/lang/Object;[Ljava/lang/String;)Lorg/springframework/context/ConfigurableApplicationContext;+9

    v  ~StubRoutines::call_stub
    j  jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Ljava/lang/reflect/Method;Ljava/lang/Object;[Ljava/lang/Object;)Ljava/lang/Object;+0 java.base@11-ea
    j  jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Ljava/lang/Object;[Ljava/lang/Object;)Ljava/lang/Object;+100 java.base@11-ea
    j  jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Ljava/lang/Object;[Ljava/lang/Object;)Ljava/lang/Object;+6 java.base@11-ea
    j  java.lang.reflect.Method.invoke(Ljava/lang/Object;[Ljava/lang/Object;)Ljava/lang/Object;+59 java.base@11-ea
    j  org.springframework.boot.loader.MainMethodRunner.run()V+43
    j  org.springframework.boot.loader.Launcher.launch([Ljava/lang/String;Ljava/lang/String;Ljava/lang/ClassLoader;)V+14
    j  org.springframework.boot.loader.Launcher.launch([Ljava/lang/String;)V+19
    j  org.springframework.boot.loader.WarLauncher.main([Ljava/lang/String;)V+8
    v  ~StubRoutines::call_stub

Original Q&A

There are 1 best solutions below

**Marcello DeSales** · Answer 1

Solution

The user at https://github.com/docker-library/haproxy/issues/60#issue-300020803 mentioned that Alpine compiles with libressl and NOT openssl.
I can now run Any SpringBoot application in Alpine linux with the suggested dependencies to libressl libressl-dev
- JDK 8, Custom JDK 11 and JDK 12 with Jlink

Here's the updated Dockerfile

FROM alpine:3.8

# ca certificates: to support HTTPS calls to other services
# hadolint ignore=DL3008
RUN apk update && \
    apk add bash ca-certificates libressl libressl-dev --no-cache

RUN update-ca-certificates

ENV JAVA_HOME=/opt/jdk-custom/jre
ENV PATH="$PATH:$JAVA_HOME/bin"

How to run Java SpringBoot apps in Alpine with OpenSSL

Problem

Setup of Alpine and JDK

Segmentation Fault on OpenSSL calls

There are 1 best solutions below

Solution

Related Questions in SPRING-BOOT

Related Questions in DOCKER

Related Questions in OPENSSL

Related Questions in ALPINE-LINUX

Related Questions in LIBRESSL

Trending Questions

Popular # Hahtags

Popular Questions