I enabled HTTPS for my APIs using local generated SSL key following the instructions in Enable HTTPS in Spring Boot. The ssl settings are included in application.properties:
server.port=9443
server.ssl.key-store=classpath:server-keystore.jks
server.ssl.key-store-password=123456
server.ssl.keyAlias=server-keypair
server.ssl.key-store-type=JKS
It works with https when tested locally. Then I packaged it as a Jar and deployed on Amazon Beanstalk environment. When I hit endpoint https://eb-env-url:9443/endpoint/, it timed out without any specific error. The Beanstalk log does not show any request was made through to the server at all.
I read it somewhere that personal key may not work when deployed to cloud, but it should at least give me some security error that points to that direction. I suspect this may have to do with the environment configuration. I used to do HTTP only for the environment and did not make any changes to the config after switching to HTTPS. One of the environment variable is SERVER_PORT which is set to 5000. I am not sure if some changes need to made in the Beanstalk environment in order to make HTTPS work.
Related
I acquired SSL certificate through some certificate authority and later installed on google cloud.
Still, my application is not accessible through https
www.eventic.in works but https://www.eventic.in don't work.
Can you please assist me in enabling https?
I want this site to be available only through https. Even if someone access without https, it should be redirected to https.
From the image I see you're configuring your certificates in Google App Engine Custom domains. Please note that Compute Engine (where is your VM) and App Engine are different products. Also it is possible that you're following this doc which is intended for App Engine and not for a VM.
Since you may want to set your certificates in a VM, those configuration remains on the Web server you're using (NGINX, Apache, etc). Also, checking your url https://www.eventic.in I'm sure the port 443 is not configured since this port is in general used for HTTPS.
You may want to look how to configure an SSL for the solution you have running in your VM
We have an Oracle application (Agile PLM) which is deployed in a clustered environment. We have one admin node and two managed nodes supporting our application, where admin and 1 managed nodes are on the same server. We also have Load balancer which manages the traffic between the cluster.
We want to configure SSL in our application so that the application URL will be accessible over https only. We have already configured SSL at Load Balancer level(by installing security certificates in weblogic server which is the admin server) but want to know if we have to configure SSL on the managed server as well or bringing Load Balancer on https is sufficient?
All the users access the application using the Load Balancer URL only but since I am from the development team, so is only aware of the fact that we can also connect to the application with Managed server URLs, which are still running on http. Is it must to bring Managed servers also on https or it is just a good practice but not necessary?
It's not necessary, though probably a good practice.
I believe I have read in Oracle's installation guide that the recommended way is HTTP on the managed servers and terminating SSL on the load balancer. This may have changed.
For what it's worth, I leave HTTP on the managed servers.
I have a client site set up on AWS with multiple servers running HTPPS behind an Elastic Load Balancer. At some point, someone from the client's team attempted to update the SSL Cert by installing a new one directly on one of the servers (instead of in the ELB).
I was able to upload a new cert to the ELB, but when traffic is directed towards the server with the improperly installed cert, it triggers a security warning.
No one can seem to answer who attempted this install, how they went about, or where they installed it.
What's the best way to go about finding and removing it?
Thanks,
ty
If it's installed on the server, it has very little to do with AWS. I see you tagged the question with apache so I assume the server is running Apache Web Server. You will have to connect into that server and remove the SSL settings from the Apache Web Server configuration, just like you would with an Apache Web Server install anywhere else.
I have a multi-master Origin setup in AWS. I have an ELB in front that uses SSL certificate configuration.
I'm having difficulty configuring the access to the Web console as it seems that the web sockets are being interrupted. I can tell this because of the image below and the inability to access the logs or terminal for a pod in the web console.
Server connection interrupted
What is the proper configuration in AWS to allow the web console to function correctly?
I resolved my issue. I figured out the ELB configuration by following the CloudFormation template in the reference architecture here:
https://github.com/openshift/openshift-ansible-contrib/reference-architecture/aws-ansible/playbooks/roles/cloudformation-infra/files/greenfield.json
I also had an issue with the version of Chrome (50) and had to upgrade to version 55. Basically I was getting 'ERR_DISALLOWED_URL_SCHEME'. This post pointed my towards upgrading Chrome:
https://productforums.google.com/forum/#!topic/chrome/leVmLPNVISI
Is it possible to deploy a node.js app on Cloud Foundry that listens for HTTPS requests on port 443?
I can find various references to SSL support in the Cloud Foundry forums, but no actual examples of HTTPS apps. The article "Setup SSL on cloudfoundry landscape" seems to indicate that I need to install nginx and use that, but there is not really enough information there to tell me what I need to do.
The SSL connection will terminate at the loadbalancer and then forward the unencrypted HTTP connection to your node app.
Just use https://your-app.cloudfoundry.com instead of http://...
You don't need nginx in particular, but you do need something capable of listening to a port (which Cloud Foundry will assign at the moment, indicated by the environment variable PORT or, for older versions of Cloud Foundry, VCAP_APP_PORT). So nginx will work for this purpose, but if you have made a node.js app, the core module http (optionally paired with express) would be a more natural choice of webserver.
Now if your app requires ssl, you'd think that you'd need to configure your webserver (nginx, express, etc.) for HTTPS, but you do not need to do so because Cloud Foundry handles the SSL and passes the decrypted HTTP to your webserver.
So if you are using node.js core modules, use the http, not https module.