has anyone looked at accepting HTTPS / SSL connections with meteor?
Apologies.
Specifically: how can I set up meteor to accept and work with HTTPS connections?
Yes *
HTTPS/SSL support was added in v0.3.8
source: Github
*Update: Caveats could apply depending on one's use case. See Brett's comment below.
I do not believe you can use ssl certificates with Meteor yet. What you could do is put a node.js based proxy in front of Meteor and handle ssl connections that way.
Related
Can anyone tell me how to set up SSL / HTTPS on Oracle Apex?
I'm using Oracle Apex 5.0 and I want to be able to access my application via HTTPS.
Information on this is fairly widespread, but varies depending on your middle tier.
http://dgielis.blogspot.com/2016/05/please-use-https-for-your-apex-apps.html
https://www.skillbuilders.com/free-oracle-apex-tutorials/how-to-get-oracle-apex-ssl-web-services-working/
https://apex.oracle.com/pls/apex/germancommunities/apexcommunity/tipp/6121/index-en.html
http://davidghedini.blogspot.com/2009/02/https-for-oracle-application-express-on.html
http://krisrice.io/2018-05-09-ORDS-and-lets_encrypt/
If you are using a Glassfish Server as the Middleware you will have a HTTP Listener enabled. You can enable HTTPS for that with a simple checkmark. Just go to the webinterface and have a look at the Network Settings.
Then you'll only need to get a valid SSL Certificate, for example a Free one from Let's Encrypt.
If you are using Apache Tomcat as the middleware it's similar. You gotta change the Listener to a HTTPS one and include your certificate.
I have two projects running on Wildfly-8 and I have two SSL certificates for each of them and one IP.
I figured out that I should have one IP for one SSL certificate.
But I needed to use these two SSL for one IP. I couldn't find a way to do it with Wildfly but there was a way to do it with Apache Server. So,I installed Apache Server up to Wildfly.
I listen https port(443) on Apache and redirect it to Wildfly's http port(I used 8080). It works without any problem.
What I wonder is;
1. Is Apache decrypt request and redirect it to Wildfly?
2. Is it correct way to do it or I have done it by chance?
3. Does this method create a security hole?
I googled some, but I could not find satisfied answers.
Thanks for replies.
For this answer, I'm supposing that by "redirecting" you mean "proxying": Apache receives the request, proxies it to Wildfly, receives an answer from Wildfly, sends the answer to the client.
If you mean something else, then the simple answer is: it is wrong[1].
Is Apache decrypt request and redirect it to Wildfly?
Yes. Apache will receive and send secure data to/from the client. Its communication with Wildfly will be plaintext.
Is it correct way to do it or I have done it by chance?
That's how it's usually done, yes. In other words: a load balancer and/or a proxy in front of Wildfly (Apache in your case). Wildfly itself is not reached directly by the public internet.
Does this method create a security hole?
It does, just like everything else is a security "compromise". In this case, you are trusting your internal network, in the name of a more practical/manageable architecture. If you do not trust your internal network, you should look for another solution. In the general case, the price to pay seems fair to me, as you'll "only" be open to a man-in-the-middle between your Apache and your Wildfly. So, if you trust your internal network, you should trust that there won't be any MITM there.
Edit
[1] - As everything else in life, there's no absolute truth. Basically, there are 3 techniques that can be used in a scenario like this: pass through, edge and re-encryption.
Pass through is a "dumb" pipe, where nothing about TLS is known by the proxy. Wildfly would then handle the secure communication with the client. I'm not sure Apache would do this, but this can be done with haproxy in TCP mode;
Edge (or offloading) is the situation I described above: Client talks TLS with Apache, Apache talks plaintext with Wildfly;
Re-encryption, which is like Edge, but the communication between Apache and Wildfly is also TLS, using a different certificate.
I'm trying to set up a proxy server that can handle both http and https traffic without prompting the browser about certificates (just like tunlr.net).
So far I've tried to use Squid and Nginx.
While handling regular http traffic is a walk in the park, https is proving very difficult.
Can anybody point me in the right direction?
I think you should use a socks proxy not an http proxy, just like doing ssh tunnels, I used one on my vps, a package called dante the set up is kinda tricky but it really does the trick.
The package is available by default in ubuntu's repositories, and I assume probably other distros too.
Search on google on how to configure dante, and make sure you don't use a standard port, and even better use authentication to use the proxy, you don't want random people using your server as their proxy.
I just figured it out, turns out you don't need to set the https_port directive, only the http_port.
I'm evaluating an approporiate load balancer for a web project. The majority of the traffic to the site will be over ssl. I've read that HAProxy doesn't support ssl for various reasons. Are there ways to configure HAProxy so that it can handle and proxy traffic over https?
cheers,
Cathal.
No, you will need to use an ssl offloaderin front of HaProxy, such as Pound or Stunnel.
You can use 1.5.x development version which supports SSL.
My client ask me to do reverse ssl on his website. But i'm new on this term. Can anyone help me about this.
Please describe or refer how to do it.
Check out this wiki article.
In the case of secure websites, the SSL encryption is sometimes not
performed by the web server itself, but is instead offloaded to a
reverse proxy that may be equipped with SSL acceleration hardware.
"Doing" reverse SSL means choosing a system/server and configuring it. You should start by asking your client whether they already have a reverse proxy in place or if one needs to be set up.
So setting up reverse SSL (like standard SSL) should not impact your web site's design, the backing code and data store etc. It is Transport Level Security (TLS) and might actually be outside the bounds of the contract with your client.
One use case would be running Apache Tomcat behind an Apache Web Server which handles SSL and acts as reverse proxy. Your client should specify more specifically.