Step 2: Endpoints Security

a) Add ENABLE_SSL flag

Note: ENABLE_SSL flag is specific to the "Distributed Timer" app that we use for demo purposes. You may use a different way to determine when to create a secure server or even skip that check in your application if you want to always create a secure server.

Navigate to the Dashboard service and click Edit Cluster button

Add a new Environment Variable and click Save cluster

Key

Value

ENABLE_SSL

true

Note: The endpoint certificate and the endpoint certificate key are passed as environment variables automatically by ClusterWare

b) Restart applications to use secure (HTTPS) server

Navigate to the Applications service

Click Deploy all apps

c) Update the Load Balancer config

Navigate to the Load Balancing service. Notice the endpoints are not secured yet.

Open Endpoint Security tab. Click Upload endpoint certificates to this Load Balancer. Uploading certificates to the load balancer requires root privileges. Provide Root password and click OK.

This action uploads the ClusterWare provided endpoint certificate to the server that is hosting the load balancer. It is the same certificate that ClusterWare provides to the applications in the Environment Variables.

Toggle SSL for Endpoints option.

Toggling the option results in showing Not in config tag until the load balancer is restarted.

Go back to load balancer Status tab. Click Restart Load Balancer. Provide Root password and click OK

The endpoints should be marked as secured now.

Open the load balancer URL to check if the changes were applied.

The endpoint certificates are not customer-facing. Hence you can't inspect them directly in the browser. Once the Endpoints secured icon shows up, the load balancer is instructed to allow the traffic ONLY to the applications that present this endpoint certificate.

Congratulations! 👏 You have secured all the traffic in your application with SSL!

PreviousStep 1: Gateway Security NextEliminate a single point of failure in 10 minutes

Last updated 1 year ago