From def2f37090983bec3c9405fbd3f44420c7dede28 Mon Sep 17 00:00:00 2001 From: fjcloud Date: Mon, 12 Jun 2023 15:19:35 +0200 Subject: [PATCH 1/4] Convert HTTP route to HTTPS --- rosa-content/300-app/deploy.md | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/rosa-content/300-app/deploy.md b/rosa-content/300-app/deploy.md index 6e927d4..a564d77 100644 --- a/rosa-content/300-app/deploy.md +++ b/rosa-content/300-app/deploy.md @@ -218,6 +218,14 @@ You can also get the the URL for your application using the command line: ```bash oc -n microsweeper-ex get route microsweeper-appservice -o jsonpath='{.spec.host}' ``` +### Use HTTPS + +As you can see application is accesible only by HTTP, to change configuration of route to use only HTTPS, run: + +```bash +oc patch route microsweeper-appservice --patch '{"spec":{"tls":{"termination":"edge"}}}' +oc patch route microsweeper-appservice --patch '{"spec":{"tls":{"insecureEdgeTerminationPolicy":"Redirect"}}}' +``` ### Application IP Let's take a quick look at what IP the application resolves to. Back in your Cloud Shell environment, run the following command: @@ -239,4 +247,4 @@ Address: 40.117.143.193 Notice the IP address; can you guess where it comes from? -It comes from the ROSA Load Balancer. In this workshop, we are using a public cluster which means the load balancer is exposed to the Internet. If this was a private cluster, you would have to have connectivity to the VPC ROSA is running on. This could be via a VPN connection, AWS DirectConnect, or something else. \ No newline at end of file +It comes from the ROSA Load Balancer. In this workshop, we are using a public cluster which means the load balancer is exposed to the Internet. If this was a private cluster, you would have to have connectivity to the VPC ROSA is running on. This could be via a VPN connection, AWS DirectConnect, or something else. From e362f33ad79e965a48727a9401ba5c5cd73b10f1 Mon Sep 17 00:00:00 2001 From: fjcloud Date: Tue, 13 Jun 2023 11:29:15 +0200 Subject: [PATCH 2/4] More explanation for route config --- rosa-content/300-app/deploy.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/rosa-content/300-app/deploy.md b/rosa-content/300-app/deploy.md index a564d77..25a0841 100644 --- a/rosa-content/300-app/deploy.md +++ b/rosa-content/300-app/deploy.md @@ -220,12 +220,15 @@ oc -n microsweeper-ex get route microsweeper-appservice -o jsonpath='{.spec.host ``` ### Use HTTPS -As you can see application is accesible only by HTTP, to change configuration of route to use only HTTPS, run: - +As you can see application is accesible only by HTTP, to change configuration of route to use HTTPS, run: ```bash oc patch route microsweeper-appservice --patch '{"spec":{"tls":{"termination":"edge"}}}' +``` +To make sure that every HTTP request are redirected to HTTPS run: +``` oc patch route microsweeper-appservice --patch '{"spec":{"tls":{"insecureEdgeTerminationPolicy":"Redirect"}}}' ``` +You can find more information of route behaviour/configuration [here](https://docs.openshift.com/rosa/networking/routes/secured-routes.html) ### Application IP Let's take a quick look at what IP the application resolves to. Back in your Cloud Shell environment, run the following command: From 3b9701c4c865d70997869d0c9187ddfd6704c665 Mon Sep 17 00:00:00 2001 From: fjcloud Date: Tue, 13 Jun 2023 11:30:14 +0200 Subject: [PATCH 3/4] Fix typo --- rosa-content/300-app/deploy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rosa-content/300-app/deploy.md b/rosa-content/300-app/deploy.md index 25a0841..e227448 100644 --- a/rosa-content/300-app/deploy.md +++ b/rosa-content/300-app/deploy.md @@ -220,7 +220,7 @@ oc -n microsweeper-ex get route microsweeper-appservice -o jsonpath='{.spec.host ``` ### Use HTTPS -As you can see application is accesible only by HTTP, to change configuration of route to use HTTPS, run: +As you can see application is accesible only by HTTP, to change configuration to use HTTPS, run: ```bash oc patch route microsweeper-appservice --patch '{"spec":{"tls":{"termination":"edge"}}}' ``` From 33b9438f3b69c5a8fa603ef92557e04b75759f42 Mon Sep 17 00:00:00 2001 From: fjcloud Date: Tue, 13 Jun 2023 11:32:13 +0200 Subject: [PATCH 4/4] add bash flag --- rosa-content/300-app/deploy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rosa-content/300-app/deploy.md b/rosa-content/300-app/deploy.md index e227448..537c69b 100644 --- a/rosa-content/300-app/deploy.md +++ b/rosa-content/300-app/deploy.md @@ -225,7 +225,7 @@ As you can see application is accesible only by HTTP, to change configuration to oc patch route microsweeper-appservice --patch '{"spec":{"tls":{"termination":"edge"}}}' ``` To make sure that every HTTP request are redirected to HTTPS run: -``` +```bash oc patch route microsweeper-appservice --patch '{"spec":{"tls":{"insecureEdgeTerminationPolicy":"Redirect"}}}' ``` You can find more information of route behaviour/configuration [here](https://docs.openshift.com/rosa/networking/routes/secured-routes.html)