Re: HTTPS for Java App


Maaz
 

Hi Dan,

Thanks for the comments.
I understand how HTTPS flow works for CF with Load balancer like F5 (i.e HTTPS -> LB -> HTTP -> GoRouter -> HTTP -> Your App)

I read here (https://johnpfield.wordpress.com/2014/09/10/configuring-ssltls-for-cloud-foundry/) that we can use HAProxy to enable HTTPS across the deployment.
Now since in our deployment we are using CF without HAProxy, I was wondering if something can be done from the Gorouter point of view to forward Https requests.

Thanks
Maaz

From: cf-dev-bounces(a)lists.cloudfoundry.org [mailto:cf-dev-bounces(a)lists.cloudfoundry.org] On Behalf Of Daniel Mikusa
Sent: Tuesday, July 14, 2015 4:29 AM
To: Discussions about Cloud Foundry projects and the system overall.
Subject: Re: [cf-dev] HTTPS for Java App

On Mon, Jul 13, 2015 at 7:01 PM, Khan, Maaz <Maaz.Khan(a)emc.com<mailto:Maaz.Khan(a)emc.com>> wrote:
Hello,

We have CF 197 deployed in our environment (without HA Proxy).

Do you have a different load balancer then?

I am trying to push a standalone Spring boot JAR (with embedded tomcat). The app starts properly but I can’t access it via https.

I have these settings for my spring boot app
server:
tomcat:
remote_ip_header: x-forwarded-for
protocol_header: x-forwarded-proto

Also
Within the app I have configured the tomcat to accept SSL connection using this sample
https://github.com/spring-projects/spring-boot/blob/master/spring-boot-samples/spring-boot-sample-tomcat-multi-connectors/src/main/java/sample/tomcat/multiconnector/SampleTomcatTwoConnectorsApplication.java

Can someone please point out what I am missing in order to get Https working for my app.

Usually this is not necessary. Your app would just need to listen on the port assigned to it (i.e. via PORT env variable) and it would listen for incoming HTTP traffic.

Do I need to enable something within the CF deployment ?

Usually what happens is that HTTPS traffic is terminated at your load balancer (that's why I asked if you had one above). The load balancer will then send a request to the go router which in turn directs the HTTP traffic to your app.

Ex: Browser -> HTTPS -> LB -> HTTP -> GoRouter -> HTTP -> Your App

You can tell if the traffic came from the user's browser via HTTPS by looking at the x-forwarded-proto header.

Dan


Thanks
Maaz


_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org<mailto:cf-dev(a)lists.cloudfoundry.org>
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev

Join cf-dev@lists.cloudfoundry.org to automatically receive all group messages.