Google Git
Sign in
eclipse / www.eclipse.org / codewind / 70349caab6760d2616b8f6d2fe935c362f074782 / . / enabling-https-in-your-codewind-application.html
blob: f87174b8914e30918836886d22077605c6ef4ef5 [file] [log] [blame]
<!DOCTYPE html>
<html lang="en">
<!-- Global site tag (gtag.js) - Google Analytics -->
<script async src="https://www.googletagmanager.com/gtag/js?id=UA-112407000-2"></script>
<script>
window.dataLayer = window.dataLayer || [];
function gtag() {
dataLayer.push(arguments);
}
gtag('js', new Date());
gtag('config', 'UA-112407000-2');
</script>
<!-- Google Tag Manager -->
<script>
(function (w, d, s, l, i) {
w[l] = w[l] || [];
w[l].push({
'gtm.start': new Date().getTime(),
event: 'gtm.js'
});
var f = d.getElementsByTagName(s)[0],
j = d.createElement(s),
dl = l != 'dataLayer' ? '&l=' + l : '';
j.async = true;
j.src =
'https://www.googletagmanager.com/gtm.js?id=' + i + dl;
f.parentNode.insertBefore(j, f);
})(window, document, 'script', 'dataLayer', 'GTM-KS8HHSF');
</script>
<!-- End Google Tag Manager -->
<head>
<title>Enabling HTTPS in your Codewind Application | Codewind</title>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="description" content="HTTPS is becoming increasingly common as the internet shifts to an HTTPS-only environment. In an unencrypted HTTP session, data is transferred in clear text,...">
<meta name="keywords" content="Eclipse, docker, container, devops, applications, development, iteration, microservices, cloud, services, rapid, integrated"/>
<link rel="icon" type="image/png" sizes="16x16" href="images/favicon/favicon-16x16.png">
<link rel="icon" type="image/png" sizes="32x32" href="images/favicon/favicon-32x32.png">
<link href="https://fonts.googleapis.com/css?family=IBM+Plex+Sans:300,400,600&display=swap" rel="stylesheet">
<!-- Bootstrap CSS CDN -->
<link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css"
integrity="sha384-ggOyR0iXCbMQv3Xipma34MD+dH/1fQ784/j6cY/iJTQUOhcWr7x9JvoRxT2MZw1T" crossorigin="anonymous">
<link href="https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css" rel="stylesheet" />
<link rel="stylesheet" href="css/styles.css">
<link rel="stylesheet" href="css/docs.css">
<link rel="stylesheet" href="css/learn.css">
<link rel="stylesheet" href="css/blog.css">
<link rel="stylesheet" href="css/guides.css">
<link rel="stylesheet" href="css/search.css">
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/prism/1.17.1/themes/prism.min.css">
</head>
<body data-spy="scroll" data-target="#toc">
<!-- Google Tag Manager (noscript) -->
<noscript><iframe src="https://www.googletagmanager.com/ns.html?id=GTM-KS8HHSF"
height="0" width="0" style="display:none;visibility:hidden"></iframe></noscript>
<!-- End Google Tag Manager (noscript) -->
<div class="main">
<!-- Bootstrap NavBar -->
<nav class="navbar navbar-expand-xl navbar-light cw-banner fixed-top" aria-label="topnav">
<button class="navbar-toggler navbar-toggler-right" type="button" data-toggle="collapse"
data-target="#navbarNavDropdown" aria-controls="navbarNavDropdown" aria-expanded="false"
aria-label="Toggle navigation">
<span class="navbar-toggler-icon"></span>
</button>
<a class="navbar-brand" href="/codewind/">
<img alt="Codewind logo image" title="Codewind logo image" src="images/header/header-logo.svg" class="cw-header-logo" alt="">
</a>
<div class="collapse navbar-collapse justify-content-end cw-navbar-padding" id="navbarNavDropdown">
<ul class="navbar-nav cw-navbar-nav">
<li class="nav-item cw-navbar-item cw-header-link-docs">
<a class="nav-link cw-nav-link cw-header-link-text" href="learn.html">Learn</a>
</li>
<li class="nav-item cw-navbar-item cw-header-link-news">
<a class="nav-link cw-nav-link cw-header-link-text" href="news.html">News</a>
</li>
<li class="nav-item cw-navbar-item cw-header-link-blog">
<a class="nav-link cw-nav-link cw-header-link-text" href="blog.html">Blog</a>
</li>
<li class="nav-item cw-navbar-item cw-header-link-guides">
<a class="nav-link cw-nav-link cw-header-link-text" href="guides.html">Guides</a>
</li>
<form class="form-inline my-2 my-lg-0 cw-navbar-item" action="/codewind/search.html" method="get">
<svg class="bi bi-search" width="1em" height="1em" viewBox="0 0 16 16" fill="black" xmlns="http://www.w3.org/2000/svg">
<path fill-rule="evenodd" d="M10.442 10.442a1 1 0 011.415 0l3.85 3.85a1 1 0 01-1.414 1.415l-3.85-3.85a1 1 0 010-1.415z" clip-rule="evenodd"/>
<path fill-rule="evenodd" d="M6.5 12a5.5 5.5 0 100-11 5.5 5.5 0 000 11zM13 6.5a6.5 6.5 0 11-13 0 6.5 6.5 0 0113 0z" clip-rule="evenodd"/>
</svg>
<input id="nav-search" class="form-control mr-sm-2" type="text" id="search-box" name="query" placeholder="Search">
</form>
<li class="nav-item cw-navbar-item cw-header-link">
<a class="nav-link cw-nav-link" href="https://github.com/eclipse/codewind"><img alt="Codewind Github" class="banner-image" title="Codewind Github" data-toggle="tooltip" data-placement="top" id="cw_github_stars" title="..." src="images/header/github.svg"/></a>
</li>
<li class="nav-item cw-navbar-item cw-header-link">
<a class="nav-link cw-nav-link" href="https://twitter.com/EclipseCodewind"><img alt="Codewind Twitter" class="banner-image" title="Codewind Twitter" src="images/header/twitter.png"/></a>
</li>
<li class="nav-item cw-navbar-item cw-header-link">
<a class="nav-link cw-nav-link" href="https://mattermost.eclipse.org/eclipse/channels/eclipse-codewind"><img alt="Codewind Mattermost" class="banner-image" title="Codewind Mattermost" src="images/header/mattermost.png"/></a>
</li>
<li class="nav-item cw-navbar-item cw-header-link">
<a class="nav-link cw-nav-link" href="https://www.youtube.com/channel/UCnKCVK6RFDyHFqUmXlAhCHQ"><img alt="Codewind YouTube" class="banner-image" title="Codewind YouTube" src="images/header/youtube.png"/></a>
</li>
<!-- li class="nav-item cw-navbar-item" id="download-li">
<button onClick="window.location.href='https://microclimate.dev/download/codewind';" type="button" class="btn cw-download-button">Download</button>
<a href="https://microclimate.dev/download/codewind" class="nav-link cw-nav-link cw-download-link" href="#">Download</a>
</li> -->
<!-- Smaller devices menu END -->
</ul>
</div>
</nav>
<!-- End Bootstrap NavBar -->
<div class="row" id="post-row">
<div class="col-xs-12 col-lg-1"></div>
<div class="py-5 px-5 col-xs-12 col-lg-10">
<div class="cw-blog-spacer"></div>
<div id="post-content">
<h1>Enabling HTTPS in your Codewind Application</h1>
<p>09 Dec 2019 - Becca Bau</p>
<div role="main"><h3 id="why-https">Why HTTPS?</h3>
<p>HTTPS is becoming increasingly common as the internet shifts to an HTTPS-only environment. In an unencrypted HTTP session, data is transferred in clear text, meaning anyone can eavesdrop on your actions over the web. Also, you don’t have any additional verification to ensure you’ve connected to the correct website. You might be on a compromised network that could mine your information by directing you to imposter services. HTTPS, on the other hand, verifies that you have established a secure connection to your intended service by encrypting your sessions and checking certificates.</p>
<p>If you have ever used Codewind (if not, check out codewind.dev!), then you’ll know that our templates generate web services that use HTTP. We want to help you protect the integrity of the applications and services you create with Codewind. To help you keep your applications and services secure, check out these examples to see how you can convert your Codewind applications from HTTP to HTTPS.</p>
<h3 id="converting-an-application-from-http-to-https">Converting an application from HTTP to HTTPS</h3>
<p>You can convert Codewind applications from HTTP to HTTPS. These examples feature a Python and a MicroProfile application.</p>
<p><strong>Caution:</strong> Use these examples for development but not for production applications. The self-signed certificate and steps in these examples might not comply with the security policy and usage policy of your project.</p>
<h4 id="converting-a-python-application-from-http-to-https">Converting a Python application from HTTP to HTTPS</h4>
<ul>
<li>Generate a private key.
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code>openssl genrsa <span class="nt">-des3</span> <span class="nt">-out</span> server.key 1024
</code></pre></div> </div>
</li>
<li>Generate a certificate signing request.
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code>openssl req <span class="nt">-new</span> <span class="nt">-key</span> server.key <span class="nt">-out</span> server.csr<span class="sb">`</span>
</code></pre></div> </div>
</li>
<li>Remove the passphrase from the key
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nb">cp </span>server.key server.key.org
openssl rsa <span class="nt">-in</span> server.key.org <span class="nt">-out</span> server.key
</code></pre></div> </div>
</li>
<li>Generate a self-signed certificate.
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code>openssl x509 <span class="nt">-req</span> <span class="nt">-days</span> 365 <span class="nt">-in</span> server.csr <span class="nt">-signkey</span> server.key <span class="nt">-out</span> server.crt
</code></pre></div> </div>
</li>
<li>In your Python application app.py file, use the certificate and the key.
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code>app.run<span class="o">(</span><span class="nv">host</span><span class="o">=</span><span class="s2">"0.0.0.0"</span>, <span class="nv">port</span><span class="o">=</span>5000, <span class="nv">ssl_context</span><span class="o">=(</span><span class="s1">'/tmp/server.crt'</span>, <span class="s1">'/tmp/server.key'</span><span class="o">))</span>
</code></pre></div> </div>
</li>
<li>Update your Python application Dockerfile to include the certificate and the key.
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c"># Copy the Certificate and the Key</span>
ADD server.crt /tmp/server.crt
ADD server.key /tmp/server.key<span class="sb">`</span>
</code></pre></div> </div>
</li>
</ul>
<h3 id="converting-a-microprofile-application-from-http-to-https">Converting a MicroProfile application from HTTP to HTTPS</h3>
<ul>
<li>Generate a keystore with the Java <code class="highlighter-rouge">keytool</code> command.
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code>keytool <span class="nt">-genkey</span> <span class="nt">-alias</span> &lt;<span class="nb">alias</span><span class="o">&gt;</span>
<span class="nt">-keystore</span> &lt;path to save keystore.pfx&gt;
<span class="nt">-storetype</span> PKCS12
<span class="nt">-keyalg</span> RSA
<span class="nt">-storepass</span> &lt;password&gt;
<span class="nt">-validity</span> 730
<span class="nt">-keysize</span> 2048
</code></pre></div> </div>
</li>
<li>Install the Liberty SSL feature in the application <code class="highlighter-rouge">server.xml</code> file.</li>
</ul>
<div class="language-xml highlighter-rouge post-indent"><div class="highlight"><pre class="highlight language-xml"><code class=" language-xml"><span class="token tag"><span class="token tag"><span class="token punctuation">&lt;</span>featureManager</span><span class="token punctuation">&gt;</span></span>
<span class="token tag"><span class="token tag"><span class="token punctuation">&lt;</span>feature</span><span class="token punctuation">&gt;</span></span>ssl-1.0<span class="token tag"><span class="token tag"><span class="token punctuation">&lt;/</span>feature</span><span class="token punctuation">&gt;</span></span>
<span class="token tag"><span class="token tag"><span class="token punctuation">&lt;/</span>featureManager</span><span class="token punctuation">&gt;</span></span>
</code></pre></div></div>
<ul>
<li>Use the keystore in the Liberty server.xml file by entering the same path and password from when you generated a keystore with the Java <code class="highlighter-rouge">keytool</code> command.</li>
</ul>
<div class="language-xml highlighter-rouge post-indent"><div class="highlight"><pre class="highlight language-xml"><code class=" language-xml"><span class="token tag"><span class="token tag"><span class="token punctuation">&lt;</span>keyStore</span> <span class="token attr-name">id</span><span class="token attr-value"><span class="token punctuation">=</span><span class="token punctuation">"</span>defaultKeyStore<span class="token punctuation">"</span></span> <span class="token attr-name">location</span><span class="token attr-value"><span class="token punctuation">=</span><span class="token punctuation">"</span>/home/default/keystore.pfx<span class="token punctuation">"</span></span> <span class="token attr-name">password</span><span class="token attr-value"><span class="token punctuation">=</span><span class="token punctuation">"</span>&lt;password&gt;<span class="token punctuation">"</span></span> <span class="token attr-name">type</span><span class="token attr-value"><span class="token punctuation">=</span><span class="token punctuation">"</span>PKCS12<span class="token punctuation">"</span></span><span class="token punctuation">/&gt;</span></span>
</code></pre></div> </div>
<ul>
<li>Update your MicroProfile application Dockerfile to include the keystore.
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c"># Copy the Keystore</span>
COPY keystore.pfx /home/default/keystore.pfx
</code></pre></div> </div>
<p>For more information, see <a href="https://www.ibm.com/support/knowledgecenter/SSHSCD_6.3.0/com.ibm.worklight.installconfig.doc/appcenter/t_ac_ssl_lib.html" target="_blank">Configuring SSL for Liberty profile</a>.</p>
</li>
</ul>
<p>Note: To run the Python and MicroProfile HTTPS application on Kubernetes, update the chart <code class="highlighter-rouge">deployment.yaml</code> file to include the <code class="highlighter-rouge">scheme: HTTPS</code> value for the <code class="highlighter-rouge">livenessProbe</code> and <code class="highlighter-rouge">readinessProbe</code> probes.</p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code>
livenessProbe:
httpGet:
path: /
port: <span class="o">{{</span> .Values.service.servicePort <span class="o">}}</span>
scheme: HTTPS
readinessProbe:
httpGet:
path: /
port: <span class="o">{{</span> .Values.service.servicePort <span class="o">}}</span>
scheme: HTTPS
</code></pre></div></div>
</div>
</div>
</div>
<div class="col-xs-12 col-lg-1"></div>
</div>
<!-- footer row -->
<footer>
<div id="footer-div-mobile">
<div class="row">
<div class="col-sm-12 text-center">
<span>Useful Links:</span>
<br/><br/>
<a class="cw-footer-links" href="http://www.eclipse.org">Eclipse Foundation</a><br/>
<a class="cw-footer-links" href="http://www.eclipse.org/legal/privacy.php">Privacy Policy</a><br/>
<a class="cw-footer-links" href="http://www.eclipse.org/legal/termsofuse.php">Website Terms of Use</a><br/>
<a class="cw-footer-links" href="http://www.eclipse.org/legal/copyright.php">Copyright Agent</a><br/>
<a class="cw-footer-links" href="http://www.eclipse.org/legal">Legal</a><br/>
</div>
</div>
<div class="cw_footer_display_flex cw-footer-same-height cw-footer-center">
<div class="cw_footer_display_icons row">
<div class="cw-footer-col text-center col-md-3 col-sm-6 col-xs-12">
<div>
<div>
<a href="mailto:codewind-dev@eclipse.org"><img alt="Send us an email" title="Send us an email" src="images/footer/email-icon.svg" class="cw-logo" /></a>
</div>
</div>
</div>
<div class="cw-footer-col text-center col-md-3 col-sm-6 col-xs-12">
<div>
<div>
<a href="https://twitter.com/EclipseCodewind"><img alt="Codewind Twitter" title="Codewind Twitter" src="images/footer/twitter-logo.svg" class="cw-logo" /></a>
</div>
</div>
</div>
<div class="cw-footer-col text-center col-md-3 col-sm-6 col-xs-12">
<div>
<div>
<a href="https://github.com/eclipse/codewind"><img alt="Codewind Github" title="Codewind Github" src="images/footer/github-logo.svg"
class="cw-logo" /></a>
</div>
</div>
</div>
<div class=" cw-footer-col text-center col-md-3 col-sm-6 col-xs-12">
<div>
<div>
<a href="https://mattermost.eclipse.org/eclipse/channels/eclipse-codewind"><img alt="Codewind Mattermost" title="Codewind Mattermost" src="images/footer/mattermost-logo.png" class="cw-logo-mm" /></a>
</div>
</div>
</div>
<div class="cw-footer-col text-center col-md-3 col-sm-6 col-xs-12">
<div>
<div>
<a href="https://www.youtube.com/channel/UCnKCVK6RFDyHFqUmXlAhCHQ"><img alt="Codewind YouTube" title="Codewind YouTube" src="images/footer/youtube-logo-dark.svg"
class="cw-logo" /></a>
</div>
</div>
</div>
<div class="cw-footer-col text-center col-md-3 col-sm-6 col-xs-12">
<div>
<div>
<a href="http://www.eclipse.org"><img class="cw-logo-eclipse-mobile" alt="Eclipse" title="Eclipse" src="images/footer/eclipse.svg"/></a>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="row cw-footer-desktop" id="footer-div">
<div class="cw-footer-left">
<div class="px-5 cw-font-12>
<span class="cw-font-14">Useful Links:</span>
<br/><br/>
<a class="cw-footer-links" href="http://www.eclipse.org">Eclipse Foundation</a><br/>
<a class="cw-footer-links" href="http://www.eclipse.org/legal/privacy.php">Privacy Policy</a><br/>
<a class="cw-footer-links" href="http://www.eclipse.org/legal/termsofuse.php">Website Terms of Use</a><br/>
<a class="cw-footer-links" href="http://www.eclipse.org/legal/copyright.php">Copyright Agent</a><br/>
<a class="cw-footer-links" href="http://www.eclipse.org/legal">Legal</a><br/>
</div>
</div>
<div class="cw-footer-border-right"></div>
<div class="cw_footer_display_flex cw-footer-same-height cw-footer-center">
<div class="cw_footer_display_icons">
<div class="cw-footer-col text-center">
<div>
<div>
<a href="mailto:codewind-dev@eclipse.org"><img alt="Send us an email" title="Send us an email" src="images/footer/email-icon.svg" class="cw-logo" /></a>
</div>
</div>
</div>
<div class="cw-footer-col text-center">
<div>
<div>
<a href="https://twitter.com/EclipseCodewind"><img alt="Codewind Twitter" title="Codewind Twitter" src="images/footer/twitter-logo.svg" class="cw-logo" /></a>
</div>
</div>
</div>
<div class="cw-footer-col text-center">
<div>
<div>
<a href="https://github.com/eclipse/codewind"><img alt="Codewind Github" title="Codewind Github" src="images/footer/github-logo.svg"
class="cw-logo" /></a>
</div>
</div>
</div>
<div class=" cw-footer-col text-center">
<div class="cw-logo-mm" >
<div class="cw-logo-mm" >
<a href="https://mattermost.eclipse.org/eclipse/channels/eclipse-codewind"><img alt="Codewind Mattermost" title="Codewind Mattermost" src="images/footer/mattermost-logo.png" class="cw-logo-mm" /></a>
</div>
</div>
</div>
<div class="cw-footer-col text-center">
<div>
<div>
<a href="https://www.youtube.com/channel/UCnKCVK6RFDyHFqUmXlAhCHQ"><img alt="Codewind YouTube" title="Codewind YouTube" src="images/footer/youtube-logo-dark.svg"
class="cw-logo" /></a>
</div>
</div>
</div>
</div>
</div>
<div class="cw-footer-border-right"></div>
<div class="cw-footer-right cw-footer-same-height cw-footer-vcenter">
<div class="cw-footer-eclipse-img cw-footer-same-height px-5 ">
<a href="http://www.eclipse.org">
<img alt="Eclipse" title="Eclipse" src="images/footer/eclipse.svg"/>
</a>
</div>
</div>
</div>
</footer>
<!-- footer row END -->
<!-- Jquery -->
<script
src="https://code.jquery.com/jquery-3.4.1.min.js"
integrity="sha256-CSXorXvZcTkaix6Yvo6HppcZGetbYMGWSFlBw8HfCJo="
crossorigin="anonymous"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js"
integrity="sha384-UO2eT0CpHqdSJQ6hJty5KVphtPhzWj9WO1clHTMGa3JDZwrnQq4sF86dIHNDz0W1" crossorigin="anonymous">
</script>
<script src="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js"
integrity="sha384-JjSmVgyd0p3pXB1rRibZUAYoIIy6OrQ6VrjIEaFf/nJGzIxFDsf4x0xIM+B07jRM" crossorigin="anonymous">
</script>
<!-- Font Awesome JS -->
<script defer src="https://use.fontawesome.com/releases/v5.0.13/js/solid.js"
integrity="sha384-tzzSw1/Vo+0N5UhStP3bvwWPq+uvzCMfrN1fEFe+xBmv1C/AtVX5K0uZtmcHitFZ" crossorigin="anonymous">
</script>
<script defer src="https://use.fontawesome.com/releases/v5.0.13/js/fontawesome.js"
integrity="sha384-6OIrr52G08NpOFSZdxxz1xdNSndlD4vdcf/q2myIUVO0VsqaGHJsB0RaBE01VTOY" crossorigin="anonymous">
</script>
<script src="js/jquery.matchHeight-min.js"></script>
<script src="js/index.js"></script>
<script src="js/docs.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/prism/1.17.1/prism.min.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/prism/1.17.1/components/prism-docker.min.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/prism/1.17.1/components/prism-json.min.js"></script>
</div>
</body>
</html>