Configuring Quarkus URLs Behind A SSL/TLS Reverse Proxysaturday, august 27, 2022
Quarkus and JAX-RS allows us to create Hypermedia URLs to our application resources in an easy way. However, when our application is routed behind a reverse proxy that handles SSL/TLS connections for us, which happens very often in cloud-native environments, we might need to take a few things into consideration to return the correct URLs.
In the following video, I’m showing how to configure Quarkus to create and return the correct URLs that match what the user provides in their requests. We’ll also see how to use a local Minikube Kubernetes cluster with Istio gateways to configure HTTP and HTTPS access, and how to test whether our application URLs are configured correctly.
- Example Quarkus Project
- Quarkus HTTP Reference
- Secure Gateways — Istio Docs
- Effective Development With Quarkus
I’ve created my self-signed wildcard certificate with the following command:
openssl req -x509 -out localhost.crt -keyout localhost.key \ -newkey rsa:2048 -nodes -sha256 \ -subj '/CN=example.local' -extensions EXT -config <( \ printf "[dn]\nCN=example.local\n[req]\ndistinguished_name = dn\n[EXT]\nsubjectAltName=DNS:*.example.local\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth")
As shown in the video, you can configure
curl to use custom domain resolutions for testing purposes:
curl --resolve coffee.example.com:443:127.0.0.1 https://coffee.example.com