My CouchDB configuration for CORS is failing for https calls, but the same is working for http.
My cors config on CouchDB is as follows,
Please check your certificates with another server.
I personally had a problem with CouchDB and self sign certificates, if possible try with real one :)
You can try the certificates on another server first, and if it fails there as well, try with other certificates. If not ... more debug :)
Also please have in mind CORS support in browsers - http://caniuse.com/#feat=cors
Since most of them do support it, but nothing is said about https support of cors.
You can share more info of course as well, to have the whole picture :)
Good luck
Related
Laravel application deployed on Kubernetes and making requests to https://maps.google.com/maps/api/geocode/json failing with:
SSL routines:tls_process_server_certificate:certificate verify failed
The same application works when running on Docker.
I have appended Google's Root CA certs from here https://developers.google.com/maps/root-ca-faq#what_is_happening to the server's trust store but no luck there either.
I can disable verification but that's not the correct approach.
Any ideas would be much appreciated.
Thanks.
According to the OP, the solution was:
The issue was that our security team scans external certificates and
re-package them with the company's own cert. Once I added the
company's cert to the trust store, everything worked fine. It seems
it's only an internal issue.
I've applied my PKCS12 certificate to my gateway.
My certificate is a wildcard certificate and i'm trying to apply it
to the gateway so I don't have do this for all my micro-services.
These are the settings in my properties file for development:
server.port:8443
server.ssl.enabled=true
server.ssl.key-store=integration.domain.net.p12
server.ssl.key-store-password=*********
server.ssl.key-store-type=PKCS12
server.ssl.key-alias=integration.domain.net
The dev server starts up and SSL is enabled. When I open the connection to https://localhost:8080/ I am redirected to :8443 as I expect. However, the browser is indicating the connection is 'Not Secure'.
I can see that my certificate is being used so I'm a bit confused as to why this is not working. I'd like to know how to resolve this so that our clients see that our gateway is properly secured.
Does anybody have any ideas or suggestions?
thanks,
Nevermind. I figured this out. My certificate is obviously looking for a valid domain or subdomain that corresponds to the information contained therein. So of course, localhost is not there. I just added a dev-integration.domain.net to my /etc/hosts file for development and everything is just fine.
Sorry if I wasted anyone's time.
I am pretty sure my issue is server related but I am just not 100% sure how to fix this.
Currently I am using Laravel Forge and Envoyer.
I have 3 servers:
- 1 Load Balancer
- 2 App Servers.
The Load Balancer is setup with the SSL certs.
Do all my app servers need to have the certs?
When i try to clone one of the domain certs to my App servers it crashes everything.
500 server errors, too many redirects. Also it is trying to load the parent domain cert when i really want to load another specific domain cert.
Let me know if I need to clarify this.
Update:
I have one code base with multiple potential domains: domain1.com, domain2.com, domain3.com etc. Some of them could have https, while some others could go without it.
Thanks in advance,
Citti
Cheers to Taylor himself for this answer via email.
What I ended up needing was the following package: fideloper/trustedproxy
I installed this and added my Front end LB as the proxie and I am good to go.
Thanks again to Taylor for helping me out with this. Laravel FTW.
Citti
I am a newbie at play, and I am trying at least to use HTTPS on a login and sign up pages in order to have more security on sensitive user data.
I have a range of questions regarding this:
I have configured my play application to use https on the application.conf file with the https.port property. However in my development environment I cant seem to start the server with https capability unless I use the command: play -Dhttps.port=<port>
Why does this happen? I would think that I could use a dev.conf (right now is the application.conf) file in order to do this. Can't I start the server in dev mode while using this kind of settings specified on the configuration file?
Although I start the server with https capabilities, what is the correct way to use https on play? I already created a java key store that I use, and tried to redirect (from a controller) requests to a https url using redirect(securedIndexCall.absoluteURL(request, secure)). But it does not seem to work at least on my dev enviroment (localhost). The logs specify exceptions like:
java.lang.IllegalArgumentException: empty text
java.lang.IllegalArgumentException: invalid version format: M¥å/=<junk characters continue>
Should I use https on the whole application, or just securing the login and sign up requests is sufficient?
I feel the official documentation provided is rather insufficient and I am at a loss here trying to figure out how I should do this.
Any help would be really appreciated!
I agree with Fernando, I think it's easier to set up a front end web server. In my case I used Lighttpd and it was fairly straightforward to set up. I'd recommend:
Configure Lighttpd as per these instructions (at this stage, don't worry about HTTPS just get HTTP working): http://www.playframework.com/documentation/2.3.x/HTTPServer
Then configure HTTPS in Lighttpd: http://redmine.lighttpd.net/projects/1/wiki/HowToSimpleSSL. If you intend on buying an SSL certificate then there will be a few more options to set (e.g. intermediate certificate). The following page has more information: http://redmine.lighttpd.net/projects/1/wiki/Docs_SSL
Answers to your main questions:
1) Enabling HTTPS in Play
Yes, you have to explicitly say you want to use HTTPS when starting up
http://www.playframework.com/documentation/2.3.x/ConfiguringHttps
2) The "java.lang.IllegalArgumentException" error message
There might be an issue with the keystore. This SO article seems to discuss in more detail: Play framework 2.2.1 HTTPs fails on connection attempt
3) SSL for login page or whole app
Personally, I would go for the whole app. If you're taking the time to set up HTTPS I think you might as well cover the whole site. I guess there are slight performance overheads in running HTTPS but realistically it's not something you'd notice.
You should use a front end server for HTTPS, and use HTTPS for the whole application.
Please see Setting up a front end HTTP server and see the commented out nginx settings.
We are running SiteMinder 6 - that's the reason why we cannot ask for SiteMinder support.
We have noticed a strange behavior making a user unnable using the application she had been authorised to.
We have checked the policied,the apache reverse proxy configuration, the web agebt configuration, and all sound ok.
But capturing data between the reverse proxy and the back end application, we noticed that the RP sends no header, although the logs says it does.
had anybody suffered from a similar issue?
We rebooted the RP, without success.
thank you for your help.