Howto: AWS beanstalk custom subdomain with HTTPS

How to configure my (tomcat) webapp running on AWS elastic beanstalk with an SSL certificate available at my custom subdomain


Why AWS?
– you can host your (tomcat) webapp on AWS beanstalk for free*
– you get a free SSL cert from AWS
– Problem: no HTTPS on elastic beanstalk URLs by default

Why not Heroku?
– Heroku has HTTPS out of the box, but…
– Heroku is super nice when building directly from github, but if you need some custom modifications or have a custom build process, beanstalk is more flexible

Needed steps for configuration:


1. create new SSL cert for HTTPS (via AWS, it’s free!)
– for e.g. “”
+ validation via email
-> create new free SSL certificate for your custom subdomain

2. setup app (e.g. tomcat webapp) at beanstalk
– during setup: set custom domain “Environment settings” – Name & Domain
-> setup new beanstalk environment at
– opt. check webapp with URL (tomcat apps runs on /healthcheck)

3. setup subdomain forwarding at your own domain provider
– CNAME ->
-> app runs at:
– opt. check webapp with URL

4. my beanstalk environment: configure LB
– configure – scaling -> load balancing: enable

5. my beanstalk environment: configure HTTPS
– Network Tier – Load Balancer
– Secure listener port: 443
– SSL certificate ID: pick your new SSL cert “”
– “Apply”

6. opt. beanstalk configure SSL for direct access
– configuraion – instances – EC2 key pair

7. EC2 instance – adapt security group, add ports
– add 80 (http), 22 (ssh), 443 (https)
– opt. 8080, 8443 (tomcat)
– opt 3306 (mysql)

My webapp runs on beanstalk (tomcat) with an SSL cert to my custom subdomain:

* if eligable AWS EC2 free tier


12 things I hate about iOS development

Originally posted as “10+ things I hate about iOS development” on Medium March 11.

As you might know, I finally released the first iOS versions of LIKE A HIPSTER and Hungry?. So I finally stumbled upon iOS development, although I tried to avoid for so long. And I’m not very happy with it.

I like to try out new technologies. I love to play around with stuff, especially mobile. So I submitted some more or less serious Android apps in the Google Play Store and developed also professional Android apps for Keyosk Tablets and Freewave. Since I already program with Java for 15 years now, it’s fun to develop Android apps because there are no obstacles concerning the language and it’s a very well thought-through framework.

But iOS is different. Why? Here are at least 10 reasons:

1. Swift is not intuitive

You can program iOS apps natively in Objective C or Swift. First I tried to learn Swift on my own because it’s the successor of Objective C (why learn an ancient language when starting iOS development from scratch?) but I soon realized that Swift and I were not made for each other. I never tried Objective C but Swift is super unintuitive and as some of you also might know I’m very impatient. But also pragmatic – so I checked some (Cordova) alternatives such as React Native and finally found Ionic. And this time it was love at first sight!

I’m a Java back-end (and Android) developer but usually I try to see the full picture of a software project so I would rather be called a “full-stack developer” nowadays. Usually I try to avoid front-end development because there are for sure better skilled people out there adjusting CSS and that other hardcore FE stuff, but with my current project George I slipped into AngularJS, which is very nice to work with, when you are used to the “law and order” of Java (I already had a talk or two about AngularJS at some conferences – here are my slides from Berlin).

Ionic is based on AngularJS so for me it was the perfect choice since I was already familiar with AngularJS. But developing for iOS means to use OS X.

2. Must use OS X

There is no way around it! You have to use OS X to build the iOS binaries and I never was a Mac user. Coming from the Java world which was from the very beginning conceptualized as platform independent it is strange to be bound to an OS.

So what I did was to virtualize OS X. Yeah, you might think now “WTF?”, but I really did! Some people warned me about it because it would be too slow or to complicated or so but I though I’ll give it a try anyway because “how hard can that be?” (famous last words!) and I really didn’t want to buy an overpriced MacBook.

So what I did was to get my hands on an OS X image and virtualize it with Oracle VirtualBox, which worked pretty well. The VM is fast, not slow at all! Also with the virtualization I didn’t have to switch computers all the time.

The only disadvantage of OS X as VM is that VirtualBox has a limitation of screen resolution on the virtual machine’s window in your original OS. So the VM’s window does not scale. But at least it is Unix… -ish.

3. Must use XCode

Another very limiting fact about developing iOS is that you can only upload the binaries in XCode! As far as I know there are alternative possibilities to the IDE such as JetBrains’ AppCode or alternatives to the build tools e.g. Fastlane or Ionic (also uses its own build tools) but you have to use XCode (at least from command-line) to submit the artifact to the iTunes app store.

I don’t like proprietary software. I’m an open source girl. And being limited and bound to something is kind of strange to me. So for actual development I use WebStorm that is per se a JavaScript IDE and then I commit the iOS stuff with Git to OS X and build and submit it there with XCode.

The one good thing about XCode is that the emulators start very fast. When starting an Android emulator you have to wait a minute or so for the Android OS to fully start up. At least one small advantage of iOS development.

4. Paid Apple developer account

If you want to contribute to the iTunes app store you have to buy a developer license. That’s very strange: So the community builds killer-features for the iPhone and they also have to pay for that?

It’s around €/$ 100 a year! At this point I don’t even see that the app will amortize this 100 euro/dollars in the foreseeable future.

In contrast to that gorgeous Android land it’s free to publish withing the developer program, you just have to pay a registration fee of $25.

5. Certificates, certificates, certificates

Generally speaking certificates and encryption are awesome! It’s the only way to secure communication or authenticate and authorize in a proper way.

For iOS development you need a bunch of certificates. Many certificates. Far too many! You need two for yourself (iOS Development and iOS Distribution). Then you need to register each of your development devices (e.g. your iPhone and iPad). Next you need to register your apps themselves (“App Identifier”) and last but not least you need a bunch of “iOS Provisioning Profiles”, again two per app – one for distribution and one for development – and also three (!) iOS Team Provisioning Profiles (at least they are managed by XCode itself).

In Android you just have two Java key-stores, one for development and one for releases. That’s it. Super secure and easy.

6. Keychain Access my ass

Unfortunately at one point the “Apple Worldwide Developer Relations Certification Authority” certificate expired (after only 2 years…) and it took me several hours to find out what was wrong because the error message just told me that my app developer certificates were not valid. Googling and trying to change my certificates also broke the currently published apps… Finally I got the right google-hit that this one certificate was expired. It was hidden in the Keychain Access tool by default, well because it was expired. But I already destroyed all my dear certificates, so I had to create all of them again.

Having all those certificates and your bought license you can finally start developing. In XCode of course.

7. XCode is too complicated

XCode is strange. Very strange. Especially when you are used to (Java) IDEs like IntelliJ, Eclipse or Android Studio.

For example if you want to release a build you have to add all these different versions of the app icons and launch images. Why aren’t they just generated automatically?

many many different icons

If you use Ionic it already generates a bunch of these icons and launch images in different resolutions but still you have to create a hand-full of them manually. And you have to associate these icons to the proper versions. It’s like playing Memory for developers!

And you’ll find the build artifacts under “Organizer”. Totally plausible, isn’t it? Why don’t you just call this menu item “Artifacts” or “Archive”?

Also you cannot archive an artifact if currently an emulator is selected as run-time device. Why not just automatically archive it for the default generic device?

Just to compare iOS and Android I’ll show you the number of clicks you need to release a version. In XCode you need to:

  • Click “Build”
  • Click “Archive” → the “Organizer” opens
  • select your version
  • click “Upload to App Store..” → a pop up opens
  • every single time you have to select our “Team”. Why not use defaults? This point will not change that often
  • send to Apple by clicking “Upload”

In Android Studio it’s:

  • Click “Generate signed APK” → a dialog opens
  • (enter keystore password if you like and) click “Next”
  • (choose build type and path if you like and) click “Finish”

This is only half the number of steps! And I also think the last step in Android Studio is not really necessary.

Apple always proudly presents its software and other products as super usable, but I really have to admit that, at least for the developer tools and developer experience, this does not seem to be the case.


8. Apple-XML

I call it “Apple-XML” because iOS uses XML in an unusual way, especially for the plist-file (Property List file), which is a config file for your iOS app. If you are lucky you don’t have to adapt it at all because the Cordova build tool already alters it for you but I ran into a Cordova plugin bug so I had to adjust this file myself.

Apple does not use the “proper” XML standard way such as:

<key name=”name”>value</key>

but in a way where key and value alternate in a list:

<plist version=”1.0″>

OK, this is very technical (and correct XML) and I also think it’s not a super bad thing but it just “itches” in by brain and I cannot scratch it.

9. iOS development limitations

There are unnecessary limitations developing iOS such as: You cannot use a transparent PNG as icons. Why not? A transparent icon would be so much nicer on the iPhone home screen!

It would also be very, very nice to use a GIF as launch image in iOS, but this is also not possible in Android.

10. Bad Usability of the iTunes Connect website

I just sum up some usability points:

  • The iTunes connect website does not work properly on Android’s internal chrome browser! The lower part of the website simply does not show up. That was pretty annoying since last weekend I was AFK and only had my Nexus with me and wanted to add Beta users to my iOS apps.
  • The website has a timeout of 30 minutes or so and it has disabled the possibility to save your password in your browser. Well Apple takes security serious, but in the wrong way! Every time I go to the iTunes website I have to enter my password which is very bad because of possible sniffing attacks, key-logger, or person simply standing behind you (“shoulder surfing”) if you have to enter your password all the time.
  • The website is also broken in that way that when you ran into a timeout you’re redirected to the the login form three times in a row because of improper session management. I hope, they’ll fix that soon!
  • Every time you submit a new release you have to pass several steps until you can finally submit a new version. You also have to answer the same questions all the time (does your app use encryption? does your app use ads?). But in a way that is consistent with XCode ;)
  • When you want to update your apps’ screenshots it also gets a little bit difficult: When you generate the screenshots on your emulators or devices you usually identify the device e.g. “iPhone 5”, “iPhone 6S” etc, but when you have to upload the iPhone 5 screenshot, iTunes Connect just shows you the screen-size e.g. “3,5 inch”, “4 inch”, “4,7 inch”, “5,5 inch”! Ok, maybe you might say now, that every iOS developer knows the resolutions of all iOS devices by heart, but I tell you, that’s again just one other point of your Tech-Stockholm Syndrome.

11. Crash TestFlight

I almost forgot to mention TestFlight, Apple’s beta testing tool! It is – you might guess it – complicated. A developer can add very good friends or other abusable people as Alpha or Beta testers and I’m very glad for every single one of them.

So you start adding their Apple ID email addresses and TestFlight sends them an email invite. To make things a little bit more juicy this email has to be opened on the test device itself, and since some people use a different email address as Apple ID than they regularly do, this is the first difficult obstacle for some. After opening the invite email on the device the poor testers have to install the TestFlight app on their device! So you need an app to test an app. At least the testers can submit feedback though this app – but actually no one did so far, they just texted me directly.

Another advantage of a distinct test management app would be to show you pending invitations for other app, but for some reason TestFlight doesn’t!

With Android you can decide whether you want to create an open or a closed Beta or Alpha (cannot choose that in iTunes), just add these people and they get the updates pushed via the Play Store. OK, they also receive an email and have to click on a confirmation link, but no special strings attached.

If you want to release a new Beta you have to wait for an Apple review, that might take some days (usually 5 days) and when the artifact is accepted by the Apple consortium is also is not directly published as Beta, but you again have to click yourself through the dialogs.

At least you don’t need a review with Alpha releases, but you cannot simply add Alpha users, you have to define a certain role for them in your company in iTunes Connect. So, who wants to be my new Alpha tester slash Chief Legal Officer?

12. No Hot-Fixes!

Last but not least: There is no extra workflow for hot-fixes!

This would be a killer argument against iOS development: If you find a bug or even if you find out you uploaded the wrong screenshot you have to wait for a new release to be approved.

If you are lucky you can request (with a simple contact form) a quicker release but this is not the standard way and Apple does not guarantee anything. So you release the bug-fix and hope for the best. And wait, 2–3 day or up to a week, to get your bug-fix deployed or app store entry changed.

In Android all releases are deployed in 2–3 hours. Just FYI ;)

Describing all of these problems I had with the setup and development of my iOS apps I’m even more proud that I was finally able to release the iOS versions of my apps LIKE A HIPSTER and Hungry?.


TL;DR  iOS sucks, long live queen Android!

Integration Test Coverage with Sonar

I love to develop test driven, but even more I love code analysis tools that show me what to improve. Sonar is quite “popular” and common for Java developers and I’m using it already for years in different projects.

If you want to see integration test coverage, you have to set the jacoco maven plugin together with the fail safe plugin in your maven config (pom.xml):

            <!-- integration tests -->
            <!-- for integration test coverage in sonar -->

      <!-- needs to be set for jacoco's forked process -->

argLine is used as additional param in the javaagent command line section jacoco uses (needs to be set, otherwise the maven opts are not set for the forked process – OutOfMemoryException and so on…). See jacoco’s documentation for details.

The result in Sonar is pretty amazing:


Aus der Serie “Ich bin Ingenieur, ich kann das”: Wie man sein Nexus 4 repariert

keep-calm-and-trust-me-i-m-an-engineer-74[1]Als Ingenieur hab ich keine Scheu davor, Geräte und Maschinen auseinander zu nehmen. Die  Eingeweide von Computern und Notebooks sind mir bestens bekannt, meine Vespa kenne ich auch nackt, letztens musste der Geschirrspüler dran glauben und alles, was zu schrauben war, habe ich in meiner Wohnung selbst erledigt. Allerdings ist es ein wenig spannender, ein Smartphone auseinander zu nehmen, weil alles super filigran ist und auf kleinstem Raum angeordnet.

Nach dem ich wiedermal das Display meines Handies durch Ungeschick zerbrochen habe, dieses mal aber leider nicht nur das Glas, sondern das gesamte Display, habe ich auf Ebay nach einem Ersatzteil gesucht und bekam es “prompt” nach einem Monat aus China geliefert. Natürlich ist man da skeptisch, wenn man ein Nicht-Originalersatzteil aus dem Land der aufgehenden Sonne geliefert bekommt, aber das macht es um so spannender. Nachdem ich mir bereits das Nexus 5 als Nachfolger gekauft hatte und das Ersatzteil gerade mal 35€ kostete, hatte ich nichts zu verlieren, denn ein zerstörtes Nexus 4 ist nichts mehr wert und eine Versicherung hatte ich nicht (jetzt schon!).

Also, Ersatzteil angekommen, alle winzigen Schrauendreher bereitgelegt und es kann schon los gehen!

Auf YouTube findet man diese Anleitung von, an die ich mich weitgehend gehalten habe:

Man braucht einen Föhn zum Erweitern des Metalrahmens. Weiters einen Kreuzschraubendreher und einen Torx T5 in Barbie-Größe, letzteren hatte ich bereits von einer anderen Reparatur, ich glaube an meiner Digitalkompaktkamera, bereits in meinem Tool-Sortiment. Außerdem ist es sinnvoll, das Gerät mit einem Plektron oder ähnlichem aus Plastik zu öffnen und nicht wie ich mit einem Buttermesser, dann hinterläßt man weniger sichtbare Spuren auf dem Gerät.







Die Reparatur hat etwa eine Stunde gedauert und ich denke, wenn ich das regelmäßig machen würde, könnte man das Gerät wohl in 10 Minuten reparieren. Ein Spaß war es allemal und der Patient hat überlebt und strahlt wieder in gewohntem Glanz.


Java: break, continue, return in Loops

Although this is pretty basic Java functionality I often have to look this up, because I confound these calls, esp. break and continue. So this is my cheat sheet:


for (..) {
  // leave loop immediately


for (..) {
  // continue loop with next iteration


for (..) {
  // leave calling method

SyBase: List Constraints to Foreign Key

select    "Foreign key name",    "Referenced table name", || ' -> ' || "Reference 1", || ' -> ' || "Reference 2", || ' -> ' || "Reference 3", || ' -> ' || "Reference 4"
sysobjects      tab                                       join
sysconstraints  con on        = con.tableid        join
sysobjects      fko on con.constrid  =             join
sysreferences   ref on con.constrid  = ref.constrid       join
sysobjects      par on        = ref.reftabid  left join
---- 1. Column
syscolumns      fk1 on ref.fokey1    = fk1.colid and
ref.tableid   =        left join
syscolumns      pk1 on ref.refkey1   = pk1.colid and
ref.reftabid  =        left join
---- 2. Column
syscolumns      fk2 on ref.fokey2    = fk2.colid and
ref.tableid   =        left join
syscolumns      pk2 on ref.refkey2   = pk2.colid and
ref.reftabid  =        left join
---- 3. Column
syscolumns      fk3 on ref.fokey3    = fk3.colid and
ref.tableid   =        left join
syscolumns      pk3 on ref.refkey3   = pk3.colid and
ref.reftabid  =        left join
---- 4. Column
syscolumns      fk4 on ref.fokey4    = fk4.colid and
ref.tableid   =        left join
syscolumns      pk4 on ref.refkey4   = pk4.colid and
ref.reftabid  =        -- Et cetera...
tab.type = 'U'      and = 'FOREIGN_KEY_NAME' and
fko.type = 'RI'

no comment ;)

APN bob

Passwort: ppp
MCC: 232
MNC: 11
APN-Typ: default
Authentifizierungstyp: normal od. pap


MMS Empfang:
Name: data.bob MMS
Passwort: ppp
MMS-Port: 8001
MMS-Protokoll: WAP 2.0
MCC: 232
MNC: 11
Authentifizierungstyp: pap
APN-Typ: mms

siehe auch oder

Anmerkdung: Stellt man beim Internetempfang den APN-Typ nicht auf “default”, funktioniert der MMS Dienst nicht korrekt

Neuen Rechner aufsetzen

Meine Checkliste:

  • OS + Updates + fehlende Treiber
  • Daten-Partition erstellen
  • Festplattenverschlüsselung TrueCrypt
  • Virenschutz/Firewall
  • Internetprogramme
    • Firefox/Chrome + firebug +laafi amazon extension
    • Skype
    • Thunderbird + Lightning, Google Contacts, Google Kalender, Smiley Fixer, English Dictionary, Deutsches Wörterbuch, Provider for Google Calendar
    • Vuze
    • Cisco VPN client / OpenVPN client
  • Entwicklungsprogramme:
    • Java SDK, maven, Tomcat
    • IntelliJ
    • Sublime
    • putty
    • WinSCP
    • cygwin / PowerShell
  • anderes
    • Adobe PDF Reader
    • Photoshop
    • Open Office
    • VLC
    • WinAmp
    • WinRAR

Android-Handy verloren oder gestohlen?

Mit wurde vor kurzem mein geliebtes Nexus S gestohlen. Anfangs war ich etwas panisch, was dann alles zu erledigen ist, deswegen schreibe ich mir (und euch) eine Checkliste:

  • Google-Passwort ändern!
  • SIM-Karte sperren lassen und neue SIM-Karte organisieren (leider schickt Bob die per Post zu, also paar Werktage warten)
  • Diebstahls- oder Verlustanzeige bei Polizei aufgeben
  • Ersatzhandy mit Ersatznummer besorgen. Freunden/Familie/Firma bekannt geben
  • Neues Handy kaufen! Tipp: bei Ich hatte mein neues innerhalb von paar Stunden organisiert zu ca. 75% des Listenpreises mit 2 Jahren Garantie

Hilfereiche Apps in diesem Zusammenhang:

  • MyBackupPro: Macht lokal oder online ein Backup der Apps, Daten, Bilder, Einstellungen etc.
  • Lost Droid Finder: eine von vielen Android Finder Apps. Man kann eine SMS an’s Handy schicken und bekommt eines zurück mit der genauen GPS-Position oder man bekommt eine SMS, wenn eine neue SIM Karte eingelegt wurde.


Nachtrag:Leider stellt Google Backup und MyBackup Pro nicht alle Daten wieder her. So muss man noch folgendes machen, nachdem man das Backup eingespielt hat:

  • sich bei allen Apps wieder anmelden
  • Sicherheitsmuster wieder einrichten
  • Widgets auf dem Homescreen
  • Custom-Klingelton (mp3 kopieren in /media/audio/ringtones)
  • Sprache&Eingabe: Rechtschreibungsprüfung ausschalten

Java – CertificateException: No name matching xxx found

At paysafecard we have a lot to deal with certificates. For our test systems we use one SSL certificate for different sub-domains, e.g. one certificate for “; used for “; and “;.

But when you do this, you get a No name matching xxx found when trying to connect e.g. with new;

The work around for this problem is, to include the following in your Java class (found here):

public class ClassBla {
  static { {
      public boolean verify(String hostname, sslSession) {
        return true;

There is a way to import a certificate issued to a different domain for another certain (sub-)domain with the java keytool as well.