search

Step 2: Endpoints Security

hashtag
a) Add ENABLE_SSL flag

circle-info

Note: ENABLE_SSLarrow-up-right flag is specific to the "Distributed Timer" app that we use for demo purposes. You may use a different way to determine when to create a secure server or even skip that check in your application if you want to always create a secure server.

  1. Navigate to the Dashboard service and click Edit Cluster button

  1. Add a new Environment Variable and click Save cluster

Key
Value

ENABLE_SSL

true

circle-info

Note: The endpoint certificate and the endpoint certificate key are passed as environment variables automatically by ClusterWare

hashtag
b) Restart applications to use secure (HTTPS) server

  1. Navigate to the Applications service

  1. Click Deploy all apps

hashtag
c) Update the Load Balancer config

  1. Navigate to the Load Balancing service. Notice the endpoints are not secured yet.

  1. Open Endpoint Security tab. Click Upload endpoint certificates to this Load Balancer. Uploading certificates to the load balancer requires root privileges. Provide Root password and click OK.

circle-info

This action uploads the ClusterWare provided endpoint certificate to the server that is hosting the load balancer. It is the same certificate that ClusterWare provides to the applications in the Environment Variables.

  1. Toggle SSL for Endpoints option.

circle-info

Toggling the option results in showing Not in config tag until the load balancer is restarted.

  1. Go back to load balancer Status tab. Click Restart Load Balancer. Provide Root password and click OK

  1. The endpoints should be marked as secured now.

  1. Open the load balancer URL to check if the changes were applied.

circle-info

The endpoint certificates are not customer-facing. Hence you can't inspect them directly in the browser. Once the Endpoints secured icon shows up, the load balancer is instructed to allow the traffic ONLY to the applications that present this endpoint certificate.

hashtag
Congratulations! 👏 You have secured all the traffic in your application with SSL!

PreviousStep 1: Gateway SecurityNextEliminate a single point of failure in 10 minutes

Last updated