I have a problem with configuration with was elb to IIS 7.5.
The SSL protocol is shared on elb and we can't take the SSL for configuring into IIS , when I configure the port https of elb that point to HTTP port of IIS.
The problem is that when i logIn the j_spring_security_check.action redirect all in HTTP.
There is a method for force response of j_spring_security_check.action in HTTPS?
I tried with Url Rewrite module but not working for me .
It seems that there might be something wrong with settings on the application level.
I am not familiar with Spring Security framework. See this link.
Offloading https to load balancers with Spring Security
Besides, please refer to the official guideline for configuring SSL offloading to build connection between the web server and the ELB.
https://docs.aws.amazon.com/cloudhsm/latest/userguide/ssl-offload-windows.html
Here is a discussion about how to set up SSL offloading with the ARR load balance.
https://forums.iis.net/t/1182259.aspx
Related
So I have a load balancer connected to an ec2 instance. The ec2 has a php website running on port 8000 hosted in iis 8.5. Now http health check is passing after adding binding in iis for port 8000, but https health check is failing. But since in iis, I have used URL rewrite to redirect all http into https, thus even if load balancer's https health check is failing I can still access website on https connection.
But I really want to make my health check for https pass.
So for that I figured out, I either run https application inside ec2 on a different port than 8000 and add a binding for it (dropped the idea cause client didnot want) OR,
Redirect https target group to http target group.
Is this possible? If yes, how?
I have a spring boot application that i want to deploy on google compute engine or kubernetes and i want to expose it through https instead of http.
I want to do this because i have an angular frontend that is deployed on google app engine and it needs to access the api through https instead of http.
The api is accessible through port 8080 and it works if i use http. How can i exspose the api through https, can i use a load balancer with https to redirect all incoming traffic to http?
Well, I think the SSL certificate is the key for both (GCE and KE). You must to set a certificate for each option.
On Kubernetes Engine you could deploy the application with a Load Balancer and install a SSL certificate on it. Then you have to modify your ingress configuration to use the SSl certificate. Of course this process is too large to explain here, but you can find the details here [1], to find details about Load Balancer ingress configuration here [2]
For GCE you will require to set a SSL certificate on instance or using a Load balancer. Take a look to this GCP documentation that explain it [3]
[1] https://estl.tech/configuring-https-to-a-web-service-on-google-kubernetes-engine-2d71849520d
[2] https://cloud.google.com/kubernetes-engine/docs/tutorials/http-balancer#remarks
[3] https://cloud.google.com/solutions/connecting-securely#https-and-ssl
I have implemented SSL on my EC2 Windows instance. As AWS doesn't directly allow to configure SSL on EC2 instance, so I created a Load Balancer with HTTPS and configure my SSL certificate with it. I have selected my EC2 instance for Load Balancer.
Following are the listeners of my Load Balancer:
After this configuration, my domain starts working on http and also on https like http://example.com and https://example.com
Now, I want to redirect http request to https. My domain is on Godaddy. I have successfully change DNS and they are working. But when I place URL rewrite code in web.config file then both of my URLs stop working. It gives HTTP error 503
This link outlines some great options - https://blogs.msdn.microsoft.com/kaushal/2013/05/22/http-to-https-redirects-on-iis-7-x-and-higher/
Recently I installed SonarQube 6.1 version and I used Apache to enable HTTPs, now i am able to connect to SonarQube using both the URL's below.
Any idea how to disable the HTTP and make only HTTPs work ?
HTTPs URL = https://<SonarServer>/sessions/new
HTTP URL = http://<SonarServer>:9000/
According to your URL, the web front server and Apache are installing on the same host. So you just need to configure SonarQube to listen on localhost (in sonar.properties sonar.web.host=127.0.0.1) and configure Apache to do the reverse proxy for 127.0.0.1.
Well there are two approaches which you can try:
Approach, make sonar https (http://docs.sonarqube.org/display/SONARQUBE52/Running+SonarQube+Over+HTTPS)
based on the link above you could easily set sonar to https, instead of http - just be sure to provide a certificate etc.
you could as https://stackoverflow.com/users/2435199/eric-hartmann described, just simply bind it only to localhost
block 9000 from outside ips via firewall!
Imho i would stick with 1 or 2 depending on the time you would like to spend on that issue!
I followed the example in the following SO question to successfully set up an Apache forwarding proxy: Setting up an Apache Proxy with Authentication
It works well, except that when accessing sites via https, it says it cannot find the site. For example, Chrome gives
Error 111 (net::ERR_TUNNEL_CONNECTION_FAILED): Unknown error.
And on the server, I do not even see something in the access logs. For my proxy settings, I have configured the same for http and https (i.e. port 80 on my proxy server).
Do you perhaps have an example of how to set up a forward proxy with Apache for https?
It seems the only thing I was missing is that I had not enabled mod_proxy_connect which was achieved with
sudo a2enmod proxy_connect
To quote the mod_proxy_connect documentation page:
This module requires the service of mod_proxy. It provides support for
the CONNECT HTTP method. This method is mainly used to tunnel SSL
requests through proxy servers.
Are you attempting to terminate the SSL or just trying to create a forward proxy without handling any SSL certs? The issue that you are having is because during HTTPS proxying, the browser attempts to create an HTTP tunnel and it seems that your server is not correctly configured to handle tunneling. You can see another example here: Implementing a Simple HTTPS Proxy Application.
Here is another helpful thread on proxying HTTPS traffic with HTTP tunneling: Tunnel over HTTPS.
If you can choose something else other than Apache, I would suggest you use a robust forward proxy such as Squid or TrafficServer that are built to handle this type of setup.