Date
1 - 4 of 4
HTTPS for Java App
|
Christopher Piraino <cpiraino@...>
Hi Maaz,
toggle quoted message
Show quoted text
We recently added the ability for the GoRouter to terminate SSL/TLS with a manifest change <https://github.com/cloudfoundry/cf-release/blob/14d119a69428bdc4b56ee44023606a2c77bf9459/jobs/gorouter/spec#L43>. We still recommend that a load balancer sit in front of the deployment in order to be able to scale horizontally. Let me know if you have any questions! Best, Chris On Tue, Jul 14, 2015 at 12:19 PM, Khan, Maaz <Maaz.Khan(a)emc.com> wrote:
Hi Dan, |
|
|
|
Maaz
Hi Dan,
Thanks for the comments. I understand how HTTPS flow works for CF with Load balancer like F5 (i.e HTTPS -> LB -> HTTP -> GoRouter -> HTTP -> Your App) I read here (https://johnpfield.wordpress.com/2014/09/10/configuring-ssltls-for-cloud-foundry/) that we can use HAProxy to enable HTTPS across the deployment. Now since in our deployment we are using CF without HAProxy, I was wondering if something can be done from the Gorouter point of view to forward Https requests. Thanks Maaz From: cf-dev-bounces(a)lists.cloudfoundry.org [mailto:cf-dev-bounces(a)lists.cloudfoundry.org] On Behalf Of Daniel Mikusa Sent: Tuesday, July 14, 2015 4:29 AM To: Discussions about Cloud Foundry projects and the system overall. Subject: Re: [cf-dev] HTTPS for Java App On Mon, Jul 13, 2015 at 7:01 PM, Khan, Maaz <Maaz.Khan(a)emc.com<mailto:Maaz.Khan(a)emc.com>> wrote: Hello, We have CF 197 deployed in our environment (without HA Proxy). Do you have a different load balancer then? I am trying to push a standalone Spring boot JAR (with embedded tomcat). The app starts properly but I can’t access it via https. I have these settings for my spring boot app server: tomcat: remote_ip_header: x-forwarded-for protocol_header: x-forwarded-proto Also Within the app I have configured the tomcat to accept SSL connection using this sample https://github.com/spring-projects/spring-boot/blob/master/spring-boot-samples/spring-boot-sample-tomcat-multi-connectors/src/main/java/sample/tomcat/multiconnector/SampleTomcatTwoConnectorsApplication.java Can someone please point out what I am missing in order to get Https working for my app. Usually this is not necessary. Your app would just need to listen on the port assigned to it (i.e. via PORT env variable) and it would listen for incoming HTTP traffic. Do I need to enable something within the CF deployment ? Usually what happens is that HTTPS traffic is terminated at your load balancer (that's why I asked if you had one above). The load balancer will then send a request to the go router which in turn directs the HTTP traffic to your app. Ex: Browser -> HTTPS -> LB -> HTTP -> GoRouter -> HTTP -> Your App You can tell if the traffic came from the user's browser via HTTPS by looking at the x-forwarded-proto header. Dan Thanks Maaz _______________________________________________ cf-dev mailing list cf-dev(a)lists.cloudfoundry.org<mailto:cf-dev(a)lists.cloudfoundry.org> https://lists.cloudfoundry.org/mailman/listinfo/cf-dev |
|
|
|
Daniel Mikusa
On Mon, Jul 13, 2015 at 7:01 PM, Khan, Maaz <Maaz.Khan(a)emc.com> wrote:
Hello,Do you have a different load balancer then? I am trying to push a standalone Spring boot JAR (with embedded tomcat).Usually this is not necessary. Your app would just need to listen on the port assigned to it (i.e. via PORT env variable) and it would listen for incoming HTTP traffic. Do I need to enable something within the CF deployment ?Usually what happens is that HTTPS traffic is terminated at your load balancer (that's why I asked if you had one above). The load balancer will then send a request to the go router which in turn directs the HTTP traffic to your app. Ex: Browser -> HTTPS -> LB -> HTTP -> GoRouter -> HTTP -> Your App You can tell if the traffic came from the user's browser via HTTPS by looking at the x-forwarded-proto header. Dan
|
|
|
|
Maaz
Hello,
We have CF 197 deployed in our environment (without HA Proxy). I am trying to push a standalone Spring boot JAR (with embedded tomcat). The app starts properly but I can't access it via https. I have these settings for my spring boot app server: tomcat: remote_ip_header: x-forwarded-for protocol_header: x-forwarded-proto Also Within the app I have configured the tomcat to accept SSL connection using this sample https://github.com/spring-projects/spring-boot/blob/master/spring-boot-samples/spring-boot-sample-tomcat-multi-connectors/src/main/java/sample/tomcat/multiconnector/SampleTomcatTwoConnectorsApplication.java Can someone please point out what I am missing in order to get Https working for my app. Do I need to enable something within the CF deployment ? Thanks Maaz |
|
|