sebastiandaschner blog
Configuring Quarkus URLs Behind A SSL/TLS Reverse Proxy
saturday, august 27, 2022Quarkus and JAX-RS allows us to create Hypermedia URLs to our application resources in an easy way. However, when our application is routed behind a reverse proxy that handles SSL/TLS connections for us, which happens very often in cloud-native environments, we might need to take a few things into consideration to return the correct URLs.
In the following video, I’m showing how to configure Quarkus to create and return the correct URLs that match what the user provides in their requests. We’ll also see how to use a local Minikube Kubernetes cluster with Istio gateways to configure HTTP and HTTPS access, and how to test whether our application URLs are configured correctly.
More Information
- Example Quarkus Project
- Quarkus HTTP Reference
- Secure Gateways — Istio Docs
- Effective Development With Quarkus
I’ve created my self-signed wildcard certificate with the following command:
openssl req -x509 -out localhost.crt -keyout localhost.key \ -newkey rsa:2048 -nodes -sha256 \ -subj '/CN=example.local' -extensions EXT -config <( \ printf "[dn]\nCN=example.local\n[req]\ndistinguished_name = dn\n[EXT]\nsubjectAltName=DNS:*.example.local\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth")
As shown in the video, you can configure curl to use custom domain resolutions for testing purposes:
curl --resolve coffee.example.com:443:127.0.0.1 https://coffee.example.com
Found the post useful? Then you might want to have a look at my Quarkus video courses or full-day online workshops in December.