I'm trying to create https endpoints for three apps in a cluster of Service Fabric. Because I have more than one app I use HttpSys. So far I worked only on http but requests from frontend are from a secure transmission(https) so I have to put my backend on https.
I tried to follow this 1 but it doesn't work with WebListener so I move the implementation to HttpSys.
I don't have any errors and my cluster is working well but when I try to access my https endpoint I get nothing.
Related
I have deployed a Python Flask based app in AWS. It is running fine on http://<ip>. I need to convert this to https. I have sent request for admin to enable port 443 for https.
Will that automatically make my app to https or do I need to install or setup something else to make it happen?
You have multiple choices for this;
Use ACM (Easiest?!):
if you're using AWS loadbalancers, you can create a certificate using ACM service and assign it to your loadbalancer and modify your Target Groups in EC2 panel.
If you are using cloudfront, you can also configure your SSL/TLS there. (Not changing the loadbalancer and target groups). It will work as an upper layer.
Use other certificate providers excluding AWS ACM:
You can setup something like Lets Encrypt or use Cloudflare services.
Note: it really depends on how your cloud stack currently is, you maybe be only deploying on EC2 Server and having Nginx configured and having everything else done outside of AWS with other services or you can have Lets Encrypt certificate on your ALB.
This post just gives you some keywords, you can search and see exact instruction/tutorial for every solutions.
I have Azure service fabric cluster created on local test environment & deployed microservice based web apis, it working well without any issues. But would like to enable HTTPS traffic on cluster level and want to stop HTTP requests
https://mytestsf.westus.cloudapp.azure.com:8800/ => expecting this one to work
http://mytestsf.westus.cloudapp.azure.com:8800/ => expecting this one NOT to work
Is Support only for HTTPS traffic can be done on Azure service fabric level? if yes, how?
P.S: This service fabric cluster not having any external network component like traffic manager or application gateway in front of it as it is local test environment.
Follow the documentation - add an HTTPS endpoint using Kestrel - Azure Service Fabric.
I have a Azure APIM setup that receives the website request and forwards it to the respective microservice node. The website supports only http requests and now I wish to change this to HTTPS/SSL.
The app server on the microservice node does not support SSL, so I have couple of options:
On microservice node - change to another app server that supports SSL
OR On microservice node - Add a web server (nginx) which does the SSL and forwards the request to the app server (both web server and app server will be on the same node)
OR Configure SSL at the Azure API management layer
I prefer to use option 3 so that the microservice node is responsible only to serve requests and the HTTPS/SSL bit is handled by the Azure API management layer. This documentation seems to suggest how this can be achieved for both SSL termination at the gateway and end to end SSL. However, there are 2 problems:
This article is about application gateway - and I am looking for similar solution with API management (API gateway).
If I wish to use the end to end SSL mode, and not the SSL termination mode (which terminates SSL at gateway), then my app server will need to have SSL feature?
How to add end to end SSL support to a microservice via Azure API management layer without app server having to support SSL?
API Management (APIM) is acting as a reverse proxy - much like nginx in your example. APIM supports SSL by default and can do SSL termination.
APIM will also talk to your backend service without without any issues - all you need to do is select "http" for the backend instead of "https".
I built a kubernetes cluster witch contain a ui app, worker, mongo, MySQL, elasticsearch and exposes 2 routs with ingress and there is also an ssl certificate on top of the cluster static ip. Utilizing pub/sub and storage.
All looks fine.
Now I’m looking for a secure way to expose
An endpoint to an external service
Use case:
A remote app wishes to access my cloud app with a video guid in the payload in a secure manner and get a url to a video in the bucket
I looked at google endpoints service but couldn’t get it to work with kubernetes.
There is more services that will need an access point to the app.
What is the best way for me to solve this problem.
Solve it by simply adding an endpoint to the ingress controlling the app, and protect it with SSL and JWT. Use this and this guides to add the ingress controller.
This tutorial shows how to integrate Kubernetes with Google Cloud Endpoint
I have two VMs with IIS that host my application with Azure Application Gateway distributing the traffic. The gateway is configured to offload SSL and everything is working fine.
However, I'd like to use client certificate authentication on one of the paths of the application - on NetScaler (or some other load balancer) I'd simply put serialized client certificate into HTTP Header (X-Client-Cert).
Can I do something similar with Application Gateway?
At the moment thats not possible, but is in the pipeline of product development of the azure product team.