Is it possible to deploy a node.js app on Cloud Foundry that listens for HTTPS requests on port 443?
I can find various references to SSL support in the Cloud Foundry forums, but no actual examples of HTTPS apps. The article "Setup SSL on cloudfoundry landscape" seems to indicate that I need to install nginx and use that, but there is not really enough information there to tell me what I need to do.
The SSL connection will terminate at the loadbalancer and then forward the unencrypted HTTP connection to your node app.
Just use https://your-app.cloudfoundry.com instead of http://...
You don't need nginx in particular, but you do need something capable of listening to a port (which Cloud Foundry will assign at the moment, indicated by the environment variable PORT or, for older versions of Cloud Foundry, VCAP_APP_PORT). So nginx will work for this purpose, but if you have made a node.js app, the core module http (optionally paired with express) would be a more natural choice of webserver.
Now if your app requires ssl, you'd think that you'd need to configure your webserver (nginx, express, etc.) for HTTPS, but you do not need to do so because Cloud Foundry handles the SSL and passes the decrypted HTTP to your webserver.
So if you are using node.js core modules, use the http, not https module.
Related
I acquired SSL certificate through some certificate authority and later installed on google cloud.
Still, my application is not accessible through https
www.eventic.in works but https://www.eventic.in don't work.
Can you please assist me in enabling https?
I want this site to be available only through https. Even if someone access without https, it should be redirected to https.
From the image I see you're configuring your certificates in Google App Engine Custom domains. Please note that Compute Engine (where is your VM) and App Engine are different products. Also it is possible that you're following this doc which is intended for App Engine and not for a VM.
Since you may want to set your certificates in a VM, those configuration remains on the Web server you're using (NGINX, Apache, etc). Also, checking your url https://www.eventic.in I'm sure the port 443 is not configured since this port is in general used for HTTPS.
You may want to look how to configure an SSL for the solution you have running in your VM
We have an Oracle application (Agile PLM) which is deployed in a clustered environment. We have one admin node and two managed nodes supporting our application, where admin and 1 managed nodes are on the same server. We also have Load balancer which manages the traffic between the cluster.
We want to configure SSL in our application so that the application URL will be accessible over https only. We have already configured SSL at Load Balancer level(by installing security certificates in weblogic server which is the admin server) but want to know if we have to configure SSL on the managed server as well or bringing Load Balancer on https is sufficient?
All the users access the application using the Load Balancer URL only but since I am from the development team, so is only aware of the fact that we can also connect to the application with Managed server URLs, which are still running on http. Is it must to bring Managed servers also on https or it is just a good practice but not necessary?
It's not necessary, though probably a good practice.
I believe I have read in Oracle's installation guide that the recommended way is HTTP on the managed servers and terminating SSL on the load balancer. This may have changed.
For what it's worth, I leave HTTP on the managed servers.
I enabled HTTPS for my APIs using local generated SSL key following the instructions in Enable HTTPS in Spring Boot. The ssl settings are included in application.properties:
server.port=9443
server.ssl.key-store=classpath:server-keystore.jks
server.ssl.key-store-password=123456
server.ssl.keyAlias=server-keypair
server.ssl.key-store-type=JKS
It works with https when tested locally. Then I packaged it as a Jar and deployed on Amazon Beanstalk environment. When I hit endpoint https://eb-env-url:9443/endpoint/, it timed out without any specific error. The Beanstalk log does not show any request was made through to the server at all.
I read it somewhere that personal key may not work when deployed to cloud, but it should at least give me some security error that points to that direction. I suspect this may have to do with the environment configuration. I used to do HTTP only for the environment and did not make any changes to the config after switching to HTTPS. One of the environment variable is SERVER_PORT which is set to 5000. I am not sure if some changes need to made in the Beanstalk environment in order to make HTTPS work.
I have a windows 8.1 machine running ubuntu 14.x on a virtualbox. I'm running meteor inside that virtualbox. I've bridged the connection and turned off the firewall on both machines. I'm able to connect to the internet from the virtual box, and I can telnet from the windows host into the ubuntu machine.
I can also connect to meteor apps that are not using the force-ssl package; however, I CANNOT connect to meteor apps that are using force-ssl!
If I run "meteor remove force-ssl" I can connect to the app. Any thoughts? Thanks.
EDIT - by connect to the app, I mean "http://[ip_address_of_guest]:3000/" in a browser on the host machine. I've tried both http and https.
I'm new to Meteor but, from this documentation, it looks to me like you are seeing the intended behaviour ...
"This package, part of Webapp, causes Meteor to redirect insecure
connections (HTTP) to a secure URL (HTTPS). Use this package to ensure
that communication to the server is always encrypted to protect users
from active spoofing attacks.
To simplify development, unencrypted connections from localhost are
always accepted over HTTP.
Application bundles (meteor bundle) do not include an HTTPS server or
certificate. A proxy server that terminates SSL in front of a Meteor
bundle must set the standard x-forwarded-proto header for the
force-ssl package to work.
Applications deployed to meteor.com subdomains with meteor deploy are
automatically served via HTTPS using Meteor's certificate."
This answer clarifies.
I am about to try the Digital Ocean guide, "How To Deploy a Meteor.js Application on Ubuntu 14.04 with Nginx", myself to see if it correctly documents the required set up steps. I'll update with my results.
I want to establish a UDP Connection from a terminal device to My App On Cloud Foundry.
all output from applications on Cloud Foundry is delivered by proxy via a web server (nginx) and as far as I know only http and https are open.
Perhaps you should look at alternative ways of communicating with your console application, what kind of communication are you trying to achieve?
Using the CF_HOST:UDP_PORT from your terminal device should be OK. I suppose that an application (Java, Perl, etc) is deployed on your terminal device and on the CF server an application with a UDP channel is deployed.
This is an old post but i've had a similar problem when porting my app to pivotal's cloud foundry platform.
Turns out you can continue to use tcp or udp for any outgoing traffic without doing any special configuration (e.g. service binding, etc) but only http or https for incoming traffic. However, there is an interesting workaround proposed here