Re: HTTPS for Java App

Christopher Piraino <cpiraino@...>

Hi Maaz,

We recently added the ability for the GoRouter to terminate SSL/TLS
with a manifest
still recommend that a load balancer sit in front of the deployment in
order to be able to scale horizontally.

Let me know if you have any questions!


On Tue, Jul 14, 2015 at 12:19 PM, Khan, Maaz <Maaz.Khan(a)> wrote:

Hi Dan,

Thanks for the comments.

I understand how HTTPS flow works for CF with Load balancer like F5 (i.e HTTPS
-> LB -> HTTP -> GoRouter -> HTTP -> Your App)

I read here (
that we can use HAProxy to enable HTTPS across the deployment.

Now since in our deployment we are using CF without HAProxy, I was
wondering if something can be done from the Gorouter point of view to
forward Https requests.



*From:* cf-dev-bounces(a) [mailto:
cf-dev-bounces(a)] *On Behalf Of *Daniel Mikusa
*Sent:* Tuesday, July 14, 2015 4:29 AM
*To:* Discussions about Cloud Foundry projects and the system overall.
*Subject:* Re: [cf-dev] HTTPS for Java App

On Mon, Jul 13, 2015 at 7:01 PM, Khan, Maaz <Maaz.Khan(a)> wrote:


We have CF 197 deployed in our environment (without HA Proxy).

Do you have a different load balancer then?

I am trying to push a standalone Spring boot JAR (with embedded tomcat).
The app starts properly but I can’t access it via https.

I have these settings for my spring boot app



remote_ip_header: x-forwarded-for

protocol_header: x-forwarded-proto


Within the app I have configured the tomcat to accept SSL connection using
this sample

Can someone please point out what I am missing in order to get Https
working for my app.

Usually this is not necessary. Your app would just need to listen on the
port assigned to it (i.e. via PORT env variable) and it would listen for
incoming HTTP traffic.

Do I need to enable something within the CF deployment ?

Usually what happens is that HTTPS traffic is terminated at your load
balancer (that's why I asked if you had one above). The load balancer will
then send a request to the go router which in turn directs the HTTP traffic
to your app.

Ex: Browser -> HTTPS -> LB -> HTTP -> GoRouter -> HTTP -> Your App

You can tell if the traffic came from the user's browser via HTTPS by
looking at the x-forwarded-proto header.




cf-dev mailing list

cf-dev mailing list

Join to automatically receive all group messages.