Date   

Re: IMPORTANT: Upcoming breaking changes in UAA V23/3.9.2/cf-release 248

Sree Tummidi
 

I have been informed by the CAPI team that the changes in Cloud Controller
to use the new rotatable signing key format is not yet in place and is
blocked on some fixes for CF-UAA-LIB
<https://www.pivotaltracker.com/n/projects/997278/stories/133947925>

For *CF-Release ONLY*, please continue to use the deprecated way of setting
the UAA JWT Signing and Verification key as mentioned below.
We will be sending out a separate notification on when we are ready to make
the switch to rotatable signing key format.

*uaa.jwt.signing_key:*
description: "The key used to sign the JWT-based OAuth2 tokens"
*uaa.jwt.verification_key:*
description: "The key used to verify JWT-based OAuth2 tokens"



Thanks,
Sree Tummidi
Staff Product Manager
Identity - Pivotal Cloud Foundry

On Mon, Nov 28, 2016 at 11:41 AM, Sree Tummidi <stummidi(a)pivotal.io> wrote:

Hi Michael,

This is the new way to specify the signing key used by UAA for signing the
JWT tokens. This format allows for rotation of the keys.
bosh-lite is currently using the deprecated properties mentioned below. We
will be changing these use the new rotatable properties in a subsequent
version.

Thank you bringing this up as I should have been clear in my
communication. UAA is no longer shipped with a default signing key. There
are two ways to set this key. I mentioned moving to the new format in my
previous email.

*Deprecated Format*

*uaa.jwt.signing_key:*
description: "Deprecated. Use uaa.jwt.policy.keys. The key used to sign
the JWT-based OAuth2 tokens"
*uaa.jwt.verification_key:*
description: "Deprecated. Use uaa.jwt.policy.keys. The key used to verify
JWT-based OAuth2 tokens"


*New Format (verification key needn't be set as we derive it from the
Private Key)*

*uaa.jwt.policy.keys:*
description: "Map of key IDs and signing keys, each defined with a
property `signingKey`"
example:
key-1:
signingKey: |
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----

* uaa.jwt.policy.active_key_id:*
description: "The ID of the JWT signing key to be used when signing
tokens."
example: "key-1"



Thanks,
Sree Tummidi
Staff Product Manager
Identity - Pivotal Cloud Foundry


On Mon, Nov 28, 2016 at 11:29 AM, Michael Fraenkel <
michael.fraenkel(a)gmail.com> wrote:

How are the following required when they aren't used in bosh-lite?


*uaa.jwt.policy.keys: *
* uaa.jwt.policy.active_key_id:*

How does one migrate from what we have to these?

- Michael


On 11/28/16 1:56 PM, Sree Tummidi wrote:

*Please read carefully if you are using UAA as standalone or as a bosh
release or part of cf-release*


Starting with UAA bosh release V23
<http://bosh.io/releases/github.com/cloudfoundry/uaa-release?version=23> which
packages UAA 3.9.2
<https://github.com/cloudfoundry/uaa/releases/tag/3.9.2> and *cf-release
248 (in works)* the following *properties have been made required.*

These are standard artifacts which can be generated using openssl. Please
refer the topic here
<https://github.com/cloudfoundry/uaa-release#generating-a-self-signed-certificate> on
how to generate a self signed cert.


*login.saml.serviceProviderCertificate:*
description: "UAA SAML Service provider certificate. This is used for
signing outgoing SAML Authentication Requests"
example: |
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE----

*login.saml.serviceProviderKey:*
description: "Private key for the service provider certificate."
example: |
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----


*uaa.jwt.policy.keys:*
description: "Map of key IDs and signing keys, each defined with a
property `signingKey`"
example:
key-1:
signingKey: |
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----

* uaa.jwt.policy.active_key_id:*
description: "The ID of the JWT signing key to be used when signing
tokens."
example: "key-1"


Thanks,
Sree Tummidi
Staff Product Manager
Identity - Pivotal Cloud Foundry




Re: Incubation proposal: Abacus Service Broker

Michael Maximilien
 

Hi, all,

Thanks to SAP and Hristo for moving this forward.

Since I don't see any questions nor comments on this proposal, other than
mine. As such, I propose to include this into the CF-Extensions PMC.

Next step is to do an inception and start the project.

Hristo, happy to help you. Please let's connect offline or during CF-Abacus
weekly meetings von Friday. You can then announce details here afterwards.

Welcome. Best,

Max

On Wed, Nov 16, 2016 at 3:51 PM, Michael Maximilien <mmaximilien(a)gmail.com>
wrote:

Thank you Hirsto and SAP for submitting this proposal. A nice extension
for CF.

Made some minor editorial changes but overall proposal looks great.
Looking forward to see feedback (if any) from community.

Best,

Max

On Tue, Nov 15, 2016 at 8:03 AM, Iliev, Hristo <hristo.iliev(a)sap.com>
wrote:

Hello,

I would like to propose to the Extensions PMC a new incubation project
around Abacus.

Project name: Abacus Service Broker
Project proposal: https://docs.google.com/docume
nt/d/1zGYi0jGRX9kodn8WR8OHn6CSjo3BTorfuza121aIeuU/edit?usp=sharing
Proposed Project Lead: Hristo Iliev (SAP)
Proposed Scope: See the "Goals" and "Non-goals" sections in the proposal
Development Operating Model: Distributed Committer Model
Technical Approach: Refer to "Programming language" and "Deliverables" in
the proposal
Initial team committed: 3 engineers from SAP

I look forward to any questions or comments.

Regards,
Hristo Iliev, SAP




--
max
http://maximilien.org
http://blog.maximilien.com


--
max
http://maximilien.org
http://blog.maximilien.com


Re: IMPORTANT: Upcoming breaking changes in UAA V23/3.9.2/cf-release 248

Sree Tummidi
 

Hi Michael,

This is the new way to specify the signing key used by UAA for signing the
JWT tokens. This format allows for rotation of the keys.
bosh-lite is currently using the deprecated properties mentioned below. We
will be changing these use the new rotatable properties in a subsequent
version.

Thank you bringing this up as I should have been clear in my communication.
UAA is no longer shipped with a default signing key. There are two ways to
set this key. I mentioned moving to the new format in my previous email.

*Deprecated Format*

*uaa.jwt.signing_key:*
description: "Deprecated. Use uaa.jwt.policy.keys. The key used to sign the
JWT-based OAuth2 tokens"
*uaa.jwt.verification_key:*
description: "Deprecated. Use uaa.jwt.policy.keys. The key used to verify
JWT-based OAuth2 tokens"


*New Format (verification key needn't be set as we derive it from the
Private Key)*

*uaa.jwt.policy.keys:*
description: "Map of key IDs and signing keys, each defined with a
property `signingKey`"
example:
key-1:
signingKey: |
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----

* uaa.jwt.policy.active_key_id:*
description: "The ID of the JWT signing key to be used when signing
tokens."
example: "key-1"



Thanks,
Sree Tummidi
Staff Product Manager
Identity - Pivotal Cloud Foundry


On Mon, Nov 28, 2016 at 11:29 AM, Michael Fraenkel <
michael.fraenkel(a)gmail.com> wrote:

How are the following required when they aren't used in bosh-lite?


*uaa.jwt.policy.keys: *
* uaa.jwt.policy.active_key_id:*

How does one migrate from what we have to these?

- Michael


On 11/28/16 1:56 PM, Sree Tummidi wrote:

*Please read carefully if you are using UAA as standalone or as a bosh
release or part of cf-release*


Starting with UAA bosh release V23
<http://bosh.io/releases/github.com/cloudfoundry/uaa-release?version=23> which
packages UAA 3.9.2
<https://github.com/cloudfoundry/uaa/releases/tag/3.9.2> and *cf-release
248 (in works)* the following *properties have been made required.*

These are standard artifacts which can be generated using openssl. Please
refer the topic here
<https://github.com/cloudfoundry/uaa-release#generating-a-self-signed-certificate> on
how to generate a self signed cert.


*login.saml.serviceProviderCertificate:*
description: "UAA SAML Service provider certificate. This is used for
signing outgoing SAML Authentication Requests"
example: |
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE----

*login.saml.serviceProviderKey:*
description: "Private key for the service provider certificate."
example: |
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----


*uaa.jwt.policy.keys:*
description: "Map of key IDs and signing keys, each defined with a
property `signingKey`"
example:
key-1:
signingKey: |
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----

* uaa.jwt.policy.active_key_id:*
description: "The ID of the JWT signing key to be used when signing
tokens."
example: "key-1"


Thanks,
Sree Tummidi
Staff Product Manager
Identity - Pivotal Cloud Foundry




Re: IMPORTANT: Upcoming breaking changes in UAA V23/3.9.2/cf-release 248

Michael Fraenkel <michael.fraenkel@...>
 

How are the following required when they aren't used in bosh-lite?

*uaa.jwt.policy.keys:
*
* uaa.jwt.policy.active_key_id:*

How does one migrate from what we have to these?

- Michael

On 11/28/16 1:56 PM, Sree Tummidi wrote:
*Please read carefully if you are using UAA as _standalone_ or as a
_bosh release_ or part of _cf-release_*


Starting with UAA bosh release V23
<http://bosh.io/releases/github.com/cloudfoundry/uaa-release?version=23> which
packages UAA 3.9.2
<https://github.com/cloudfoundry/uaa/releases/tag/3.9.2> and
*cf-release 248 (in works)* the following *_properties have been made
required._*
*_
_*
These are standard artifacts which can be generated using openssl.
Please refer the topic here
<https://github.com/cloudfoundry/uaa-release#generating-a-self-signed-certificate> on
how to generate a self signed cert.
*_
_*

*login.saml.serviceProviderCertificate:*
description: "UAA SAML Service provider certificate. This is used for
signing outgoing SAML Authentication Requests"
example: |
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE----
*login.saml.serviceProviderKey:*
description: "Private key for the service provider certificate."
example: |
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----

*uaa.jwt.policy.keys:*
description: "Map of key IDs and signing keys, each defined with a
property `signingKey`"
example:
key-1:
signingKey: |
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
* uaa.jwt.policy.active_key_id:*
description: "The ID of the JWT signing key to be used when signing
tokens."
example: "key-1"


Thanks,
Sree Tummidi
Staff Product Manager
Identity - Pivotal Cloud Foundry


IMPORTANT: Upcoming breaking changes in UAA V23/3.9.2/cf-release 248

Geoff Franks <geoff@...>
 

FYI for clients using UAA + BOSH, or other UAA customizations

Begin forwarded message:

From: Sree Tummidi <stummidi(a)pivotal.io>
Subject: [cf-dev] IMPORTANT: Upcoming breaking changes in UAA V23/3.9.2/cf-release 248
Date: November 28, 2016 at 1:56:00 PM EST
To: "stummidi(a)pivotal.io" <stummidi(a)pivotal.io>
Reply-To: "Discussions about Cloud Foundry projects and the system overall." <cf-dev(a)lists.cloudfoundry.org>

Please read carefully if you are using UAA as standalone or as a bosh release or part of cf-release


Starting with UAA bosh release V23 <http://bosh.io/releases/github.com/cloudfoundry/uaa-release?version=23> which packages UAA 3.9.2 <https://github.com/cloudfoundry/uaa/releases/tag/3.9.2> and cf-release 248 (in works) the following properties have been made required.

These are standard artifacts which can be generated using openssl. Please refer the topic here <https://github.com/cloudfoundry/uaa-release#generating-a-self-signed-certificate> on how to generate a self signed cert.


login.saml.serviceProviderCertificate:
description: "UAA SAML Service provider certificate. This is used for signing outgoing SAML Authentication Requests"
example: |
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE----

login.saml.serviceProviderKey:
description: "Private key for the service provider certificate."
example: |
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----


uaa.jwt.policy.keys:
description: "Map of key IDs and signing keys, each defined with a property `signingKey`"
example:
key-1:
signingKey: |
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----

uaa.jwt.policy.active_key_id:
description: "The ID of the JWT signing key to be used when signing tokens."
example: "key-1"


Thanks,
Sree Tummidi
Staff Product Manager
Identity - Pivotal Cloud Foundry


IMPORTANT: Upcoming breaking changes in UAA V23/3.9.2/cf-release 248

Sree Tummidi
 

*Please read carefully if you are using UAA as standalone or as a bosh
release or part of cf-release*


Starting with UAA bosh release V23
<http://bosh.io/releases/github.com/cloudfoundry/uaa-release?version=23> which
packages UAA 3.9.2 <https://github.com/cloudfoundry/uaa/releases/tag/3.9.2>
and *cf-release 248 (in works)* the following *properties have been made
required.*

These are standard artifacts which can be generated using openssl. Please
refer the topic here
<https://github.com/cloudfoundry/uaa-release#generating-a-self-signed-certificate>
on
how to generate a self signed cert.


*login.saml.serviceProviderCertificate:*
description: "UAA SAML Service provider certificate. This is used for
signing outgoing SAML Authentication Requests"
example: |
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE----

*login.saml.serviceProviderKey:*
description: "Private key for the service provider certificate."
example: |
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----


*uaa.jwt.policy.keys:*
description: "Map of key IDs and signing keys, each defined with a
property `signingKey`"
example:
key-1:
signingKey: |
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----

* uaa.jwt.policy.active_key_id:*
description: "The ID of the JWT signing key to be used when signing
tokens."
example: "key-1"


Thanks,
Sree Tummidi
Staff Product Manager
Identity - Pivotal Cloud Foundry


Re: escape $ in java_opts in cf manifest.yaml

Sridhar Vennela
 

Hi Amit,

Try this.. Let me know.

2 -Dkey=$value -Dkey=\\\\\$value

https://cf-docs.jp-east-1.paas.cloud.global.fujitsu.com/en/manual/faq/faq/topics/c-faq-33.html

Sridhar

On Fri, Nov 25, 2016 at 11:25 PM, Amit k <amitvickysss(a)gmail.com> wrote:

Hi,

I am unable to find a proper way to escape the $ sign in the cf manifest
yaml file.
I have tried \\$ and \$ but it doesnt work, when java application reads it.


What should be proper way to escape the $ sign so that my java application
gets it with $ in the value.


escape $ in java_opts in cf manifest.yaml

Amit k
 

Hi,

I am unable to find a proper way to escape the $ sign in the cf manifest yaml file.
I have tried \\$ and \$ but it doesnt work, when java application reads it.


What should be proper way to escape the $ sign so that my java application gets it with $ in the value.


Re: Memory/Disk usage information -MB vs MiB

Daniel Jones
 

+1 for proper units (KiB, MiB)

Regards,
Daniel Jones - CTO
+44 (0)79 8000 9153
@DanielJonesEB <https://twitter.com/DanielJonesEB>
*EngineerBetter* Ltd <http://www.engineerbetter.com> - UK Cloud Foundry
Specialists

On Thu, Nov 24, 2016 at 7:00 AM, Ponraj E <ponraj.e(a)gmail.com> wrote:

Hi Colleagues,

I see CF using base 2 (1024 * 1024) for all the memory/disk quota/usage
information, but base 10's unit at the end(MB). For ex, CF returns app
instance memory as 1024 MB [using base 2 defintion (1024) and base 10's
unit (MB)].

The problem arises when we have a client which does the
conversion/formatting rightly and the values tend to differ from CF and the
client. Though this confusion has been in varied existence still (for ex:
Disk size of HDD), does CF have any plans of using one particular defintion
throughout, like either 1024 MiB or 1000 MB?

P.S :
base 2 definition: 1 Kibibyte = 1024 Byte
base 10 defintion: 1 Kilobyte = 1000 Byte

------
Ponraj


Memory/Disk usage information -MB vs MiB

Ponraj E
 

Hi Colleagues,

I see CF using base 2 (1024 * 1024) for all the memory/disk quota/usage information, but base 10's unit at the end(MB). For ex, CF returns app instance memory as 1024 MB [using base 2 defintion (1024) and base 10's unit (MB)].

The problem arises when we have a client which does the conversion/formatting rightly and the values tend to differ from CF and the client. Though this confusion has been in varied existence still (for ex: Disk size of HDD), does CF have any plans of using one particular defintion throughout, like either 1024 MiB or 1000 MB?

P.S :
base 2 definition: 1 Kibibyte = 1024 Byte
base 10 defintion: 1 Kilobyte = 1000 Byte

------
Ponraj


cf uaa project not triggering emails

Ganesh Kaila
 

Hi,

I am trying to run `cf uaa` java application (https://github.com/cloudfoundry/uaa) on my local machine as shown here (https://github.com/cloudfoundry/uaa#quick-start) using `gradlew` tool. I am able to see the cloudfoundry login page at url http://localhost:8080/uaa/login. When I try to create new account for myself, It shows verification link successfully sent. But, I'm not seeing any email inbox or spam. I'm pretty sure that my mailgun email service is working fine, I cross checked by trying this cloudfoundry sample applicaiton (https://github.com/cloudfoundry-samples/spring-sendgrid). Please someone help me to resolve this.

Thanks,
Ganesh


When using CloudFoundryClient, is there any alternative way to authenticate the application with CloudFoundry

Savneet Kaur
 

CloudCredentials creds = new CloudCredentials("user","pass");
cloudFoundryClient = new CloudFoundryClient(creds ,cloudFoundryURI);

In this case we must provide username and password, is there any other way, where in it can work. like SSL or something.


unauthorized, bad credential

w.t.zhou74@...
 

Hi,

My account need an authentication from uaa server, but I always get the below error.

org.springframework.security.authentication.event.AuthenticationFailureBadCredentialsEvent[source=org.springframework.security.authentication.UsernamePasswordAuthenticationToken(a)48d8d90a: Principal: admin-portal-ui; Credentials: [PROTECTED]; Authenticated: false; Details: remoteAddress=127.0.0.1, clientId=admin-portal-ui; Not granted any authorities]

I am not sure what is the root cause that arises this problem, could you help me to figure it out? Any more details you need, please let me know.

Thanks,
Wentao


AuthenticationFailureBadCredentialsEvent Occurs

w.t.zhou74@...
 

Hi,

I need an authentication from UAA, but the below error always occur.
org.springframework.security.authentication.event.AuthenticationFailureBadCredentialsEvent[source=org.springframework.security.authentication.UsernamePasswordAuthenticationToken(a)48d8d90a: Principal: admin-portal-ui; Credentials: [PROTECTED]; Authenticated: false; Details: remoteAddress=127.0.0.1, clientId=admin-portal-ui; Not granted any authorities]
I am not sure what is root cause that arise the problem, could you help to figure it out ? Any details about it you need, please let me know.

Thanks,
Wentao


Re: Autoscaling tool

Marco Voelz
 

The autoscaler has been added as an official Incubation project in the meanwhile: https://github.com/cloudfoundry-incubator/app-autoscaler

Warm regards
Marco

From: Edward Mikuszewski <emikuszewski(a)pivotal.io>
Reply-To: "Discussions about Cloud Foundry projects and the system overall." <cf-dev(a)lists.cloudfoundry.org>
Date: Monday, 21 November 2016 at 22:07
To: "Discussions about Cloud Foundry projects and the system overall." <cf-dev(a)lists.cloudfoundry.org>
Subject: [cf-dev] Re: Autoscaling tool

Hey Prateek,

Check out this repo here: https://github.com/cfibmers/open-Autoscaler. It sounds like it's what you're looking for.

Thanks,

-Ed

On Mon, Nov 21, 2016 at 5:08 AM, prateek khushalani <prateek.khushalani(a)gmail.com<mailto:prateek.khushalani(a)gmail.com>> wrote:
Hi All,

I am an active user of Cloud-foundry and have been using it over to provide a PaaS layer over the IaaS layer powered by Openstack.
I have been using CF version 170 for 6 months and then I finally upgraded the version to 237.

The on-boarding of applications on CF is very smooth and even the applications perform very well even when I try to do some stress testing, I must admit that the results are very impressive.
However I found one particular feature missing in the Cloud-Foundry which is auto-scaling of application based on the load that the container is getting at a particular point of time.

There was not much available on the internet so I developed a tool which does the up-scaling and down-scaling of application container based on load average.
Internally the tool performs well and now I would like to contribute it to the community.

The tool is made in Python language and runs on a Ubuntu/Centos machine.
I wanted to know how can I create a repo in the community and contribute it to the cloud-foundry community.

Regards,
Prateek



--
Ed Mikuszewski | [https://docs.google.com/uc?export=download&id=0B9yzfKg3RFseYzFGUV9FZWdPVHc&revid=0B9yzfKg3RFsedWQ4ZndBa2hnNWZKcWhMYWt6OS9zcFB4WUlJPQ] <https://youtu.be/Ue_ArLRs00E> | Mobile: 646-628-2872<tel:646-628-2872> | Email: emikuszewski(a)pivotal.io<mailto:emikuszewski(a)pivotal.io>


Re: How to create a custom service

Savneet Kaur
 

Thanks for the clarity, Takeshi .


Request for Comment: Routing for Isolation Segments

Shannon Coen
 

Some workloads require isolation of networking, in addition to isolation of
compute resources.

The following proposal describes how we plan to support dedicated routing
tiers for one or many isolation segments.

https://docs.google.com/document/d/1FFW8YwKeBK1DuSXFHH_wxGpSZpOpkPN5yOUB-03whsI/edit?usp=sharing

The document is open for public comment and I look forward to your feedback
there.

Thank you,

Shannon Coen
Product Manager, Cloud Foundry
Pivotal, Inc.


Re: Autoscaling tool

Edward Mikuszewski <emikuszewski@...>
 

Hey Prateek,

Check out this repo here: https://github.com/cfibmers/open-Autoscaler. It
sounds like it's what you're looking for.

Thanks,

-Ed

On Mon, Nov 21, 2016 at 5:08 AM, prateek khushalani <
prateek.khushalani(a)gmail.com> wrote:

Hi All,

I am an active user of Cloud-foundry and have been using it over to
provide a PaaS layer over the IaaS layer powered by Openstack.
I have been using CF version 170 for 6 months and then I finally upgraded
the version to 237.

The on-boarding of applications on CF is very smooth and even the
applications perform very well even when I try to do some stress testing, I
must admit that the results are very impressive.
However I found one particular feature missing in the Cloud-Foundry which
is auto-scaling of application based on the load that the container is
getting at a particular point of time.

There was not much available on the internet so I developed a tool which
does the up-scaling and down-scaling of application container based on load
average.
Internally the tool performs well and now I would like to contribute it to
the community.

The tool is made in Python language and runs on a Ubuntu/Centos machine.
I wanted to know how can I create a repo in the community and contribute
it to the cloud-foundry community.

Regards,
Prateek


--
Ed Mikuszewski *| * <https://youtu.be/Ue_ArLRs00E> *|* Mobile: 646-628-2872
*| *Email: emikuszewski(a)pivotal.io


Re: Proposing moving MySQL project into the Runtime PMC

Michael Maximilien
 

+1

On Fri, Nov 18, 2016 at 4:35 PM, Dieu Cao <dcao(a)pivotal.io> wrote:

Hi All,

As part of the PMC restructuring with the introduction of the Extensions
PMC, we would like to propose moving the MySQL Project into the Runtime PMC
with continued project leadership from Marco Nicosia.

We plan to discuss and ask for approval of this at the next Runtime PMC
meeting on Tuesday November 29th, 2016.
If you have any objections or questions about this change, please let me
know.

Thanks,
Dieu Cao
Runtime PMC Lead


Re: CloudFoundry websocket failed: Establishing a tunnel via proxy server failed

Nicholas Calugar
 

Hi Behroz,

There are a couple items to consider when doing web sockets on Cloud
Foundry.

1. Port 4443 is recommended for load balancers that don’t support passing
the WebSocket handshake requests to the CF router on the same port as
HTTPS. [1] Read more about this here. You’ll have to confirm this setup
with your operator, the person that manages your Cloud Foundry deployment.
2. If your app server does not support upgrading to WebSocket, you’ll have
to open an additional port using the Cloud Foundry API, you can use any
port in the range 1024-65535. [2] The application update endpoint takes a
list of ports, remember you’ll still want 8080 open for your REST API.
Please note, this is an experimental feature and it is not related to the
port mentioned above on the load balancer.
3. If you are using an additional port for WebSockets, you’ll need an
additional route and route mapping to use that port. [3] See the mapping an
app and a route documentation.


Hope this helps, I’ve actually never tried it but it is supported.

[1]
https://docs.cloudfoundry.org/adminguide/supporting-websockets.html#config
[2] http://apidocs.cloudfoundry.org/247/apps/updating_an_app.html
[3]
http://apidocs.cloudfoundry.org/247/routes_mapping/mapping_an_app_and_a_route.html


-Nick

--
Nicholas Calugar
Product Manager - Cloud Foundry API
Pivotal Software, Inc.

On November 19, 2016 at 4:21:22 AM, Behroz Sikander (bsikander(a)apache.org)
wrote:

Note: I am not using Pivotal CF.

I have a java application deployed on CloudFoundry. I am using embedded
Jetty to host my Jersey REST API. This API is by default exposed on port
8080 by cloud foundry.

My application also needs some websockets to stream data to the browser. I
am using Java-WebSocket (https://github.com/TooTallNate/Java-WebSocket) for
this. On my local machine, I was using port 8887 for my websocket
connection. Everything worked fine.

After deploying on CloudFoundry, I can access my REST API but not my
websocket. After searching a bit online, I found that websocket connections
are only allowed on port 4443 (http://docs.run.pivotal.io/release-notes/)

I changed my server side to reflect this

import org.java_websocket.server.WebSocketServer;
public class MyWebSocket extends WebSocketServer {
public MyWebSocket() throws UnknownHostException {
super(new InetSocketAddress(4443));
}

@Override
public void onOpen(org.java_websocket.WebSocket websocket, ClientHandshake
handshake) {
// Handle this
}
}

On my client side, I am connecting the websocket using the following

wss://my_cf_app.com:4443/

But I am getting the following exception.

"WebSocket connection to 'wss://my_cf_app.com:4443/' failed: Establishing a
tunnel via proxy server failed"

I also tried to connect the websocket on server side using "PORT"
environment variable of CF but I get "Address already in use" error in
Java-WebSocket because 8080 is already taken by Jersey REST API.

I have tried many different things but I am unable to figure this out. Any
help would be awesome.

3321 - 3340 of 9426