0

Is it possible to deploy a node.js app on Cloud Foundry that listens for HTTPS requests on port 443?

ADITYA PODUVAL
  • 3
  • 1
  • 2

1 Answers1

0

Well, the good news is that you don't have to do that. The Cloud Foundry platform takes care of it for you.

All you need to do is push your app and assign a route to the app. Your platform operations team will already have everything set up so that traffic for both HTTP and HTTPS routes through to your application.

The only thing you probably want to do in your application is to look at the x-forwarded-proto (should be http or https) or x-forwarded-port (80 or 443) header. You can use this to determine if the client's connection was over HTTP or HTTPS, and if it's HTTP then issue a redirect to ask the client to connect over HTTPS (this force clients to use HTTPS).

You can read more about this in the docs at the following link:

https://docs.cloudfoundry.org/adminguide/securing-traffic.html

Having said all that, if you really want to control the certs for some reason you can do that. You would need to map a TCP route to your application. This will enable TCP traffic to flow directly to your application. Then you can configure your application as an HTTPS endpoint on the mapped TCP route and port.

Some notes about this:

  • You will almost certainly end up with some high numbered port, not 443. The platform will have a pool of available ports, which is configured by your operations team, and you are limited to using only those ports.
  • The platform and buildpacks will not help set up TLS, you will need to handle that all on your own. The good news is that it should work exactly the same as if your app were running on a VM or your local laptop.
  • You will need to create your own TLS certs and push them with the application. You can probably use Let's Encrypt, but you may need to obtain these through your employer, if you work for a large company.
Daniel Mikusa
  • 13,716
  • 1
  • 22
  • 28
  • The observation provided by you is right but my question mainly focused on using 8080 port for http requests at app/container level and 443 port for https requests at app/container level. – ADITYA PODUVAL Mar 26 '20 at 04:38
  • You cannot use 443 in the app container if you want external traffic to make it to your app. You could use 443 on the internal container-to-container network, but that's probably not what you want. – Daniel Mikusa Mar 26 '20 at 11:58
  • To be precise, what I want is that if `x-forwarded-proto` is **"HTTPS"** then the call must go to my HTTPS Server but if it is **"HTTP"** then the call must go to my HTTP Server. – ADITYA PODUVAL Mar 26 '20 at 17:35