https in Openshift diy

Question

I'm using Openshift DIY cartridge. I want to be able to use https on my application. In fact my security configuration requires secure connection. I can't get it to work as explained in this page. Is there a way to get https working on DIY cartridge?

Thanks

Note: My application is a spring boot application and I'm using embedded tomcat container. Let me know if you want to know any specifics, I can post it here.

Answer 1

Refer to this diagram showing how requests are routed to your application. Basically OpenShift Online uses a reverse proxy in front of your application, and SSL connections are terminated there, never reaching your actual application. You can write your application as if it did not need SSL and then check the connection type in the request headers to see if it is indeed an SSL connection or not.

Answer 2

You have to force client to come through a secure connection, https. As explained here, you can;

• Bind to port 443 so requests coming to this port will be forwarded to your application.

• Use x-forwarded-proto header to determine if your client is connecting through http or https.

There are various ways to do this based on your cartridge and solution. I my case I was using DIY cartridge and Spring Boot, all I had to do is to add;

tomcat.protocol_header: x-forwarded-proto

in my application.yaml file. At the same time I modified the embedded Tomcat to connect to port 443. Other than that my application runs on $OPENSHIFT_DIY_IP and $OPENSHIFT_DIY_PORT.

Additional (Spring Boot) links that helped;

• Enable HTTPS when running behind a proxy server
• How to embedded servlet containers behind proxy