Red Hat SummitEste conteúdo não está disponível no idioma selecionado.
2.6. Controlling Direct SSL Connections to Gears
In some environments, regulations may require encrypted connections between the client and the server, therefore the need for SSL connections. SSL connections to gears are either allowed, denied, or forced. By default, direct SSL connections to gears are allowed if a cartridge supports the feature and is currently only available for customized cartridges.
Enabling SSL connection allows request to the HTTP front-end to be routed as https to applications. Non-HTTP front-end ports, for example database ports, can have
SSL_TO_GEAR enabled to be exposed for direct connections using the PROXY_PORTS parameter. However, this requires setting up an external router.
Note
As an alternative, you can use a custom cartridge that supports SNI proxy to allow SSL connections over non-HTTP ports. SNI proxy uses a local proxy running on the node host and does not require an external router. Specific ports must be configured to route SSL to gears. See the OpenShift Enterprise Deployment Guide at https://access.redhat.com/site/documentation for more information. Websocket does not handle SSL connections.
Configure the
SSL_ENDPOINT setting in the /etc/openshift/broker.conf file to one of the following options to control access to cartridges that specify direct connections to gears:
allow- If the cartridge being added to a new application specifies direct SSL connections to gears, configure the appropriate SSL routing. This is the default option.
deny- If the cartridge being added to a new application specifies direct SSL connections to gears, do not allow the application to be created.
force- If the cartridge being added to a new application specifies direct SSL connections to gears, set up the appropriate SSL routing. If the cartridge being added to a new application does not specify direct SSL connections to gears, do not allow the application to be created.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}