Uploaded image for project: 'Trapperkeeper'
  1. Trapperkeeper
  2. TK-176

HTTP{S} proxy for the status service

    XMLWordPrintable

    Details

    • Type: New Feature
    • Status: Resolved
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:
    • Template:
    • Sub-team:
    • Story Points:
      5
    • Sprint:
      Server Jade 2015-06-24, Server Jade 2015-06-10

      Description

      In certain cases, the status service needs to be usable over plaintext HTTP because certain load balancers are going to be difficult/impossible to configure to use SSL certs/keys that from Puppet's CA. However, our services typically talk HTTPS, and we want the status service to be exposed on the same jetty instance that the rest of the services are running on. To that end, we need a proxy service that is configured with either a base URL or host+port, and a SSL cert, key, and CA cert, which can be exposed over plain HTTP and which will make HTTPS to the normal jetty instance to get the status information and return it to the client.

      This probably also needs to be limited in-scope to only proxying endpoints that are known to be safe to expose over plain HTTP (eg, the status endpoint(s)).

      It probably makes sense for this to be a separate TK service entirely, since I imagine many use-cases of the status service don't want this behavior, and in-fact it's got the potential to be pretty dangerous if things go wrong (i.e., exposing data over HTTP), so it seems desirable to be able to disable it completely.

      QA:

      Risk Assessment: N/A; New Feature. Testing handled in SERVER-583

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned
              Reporter:
              kevin.corcoran Kevin Corcoran
              QA Contact:
              Erik Dasher
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Zendesk Support