Make Your Openshift Application Secure(HTTPS)

Hello once again,in the recent post we have see how to create application on openshift cloud and how to make use of very important git system in order to manage our code in both the local and remote repositories respectively.
we have also seen how to use ssh to access the remote shell for doing some server side work.

Today, we will see a very interesting stuff on openshift we will make use of SSL for our newly created application,it simply means that your
application which you access from suppose this domain http://myapp-mydomain.rhcloud.com/ will become https://myapp-mydomain.rhcloud.com/
yes, you are right it’s HTTPS not HTTP that you use commonly.

Now before doing this we need to understand the difference between HTTP and HTTPS.
when you say a secure site like all the banking web sites which make their transactions through the SSL tunnel,SSL is fascinated as a TLS(Transport Layer Security) in kernel network stack at the transport layer.
Now,what is SSL(secure socket layer):
I will not go into much details of SSL but explain some very important features of it.

The purpose of the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols is to provide a mechanism for secure communications between two parties over a network which neither party has end-to-end control over and thus has the potential for third parties to intercept communication. The Internet is a good example of such a network.
But technically speaking, When we say SSL it means all the applications layer data is transmitted through tunnel,means all the data is encrypted using some standard encryption algorithms like MD5,SHA1,RSA,etc.
Fundamentally there are two aspects that need to be addressed,
Data Integrity and End-Point Verification.

Data Integrity:
When communication is made between two parties in a secure manner it is important that the data is received in its entirety, unmodified and without other parties being able to inspect or modify the communication. To provide data integrity SSL/TLS employs a variety of cryptographic techniques. Asymmetric and symmetric encryption is used to provide privacy by preventing third-parties from being able to access the contents of a message even if it is intercepted. This also provides protection against messages being removed and inserted. Message digests are used to protect against messages being modified.

End-Point Verification:
It is also important that when communication is made between two endpoints the endpoints are indeed who they claim that they are. In SSL and TLS this is achieved using certificates. During the course of establishing an SSL/TLS connection a message signed with the end-point’s certificate is sent along with the certificate. The certificate itself is signed by a certificate authority, and it is in the certificate authority that the web of trust lies.

Now, in order to make your own domain secure i.e HTTPS from insecure HTTP we have to simply change some configuration of tomcat server listening on openshift.

Note:This tutorial only explain you how to implement SSL for tomcat(JBOSS EWS) based applications for other applications like python,PHP,Ruby,or perl,and also the method for implementing SSL for DIY(Do It Yourself) cartridge is different.
visit this site for above cases: https://www.openshift.com/kb/kb-e1044-how-to-redirect-traffic-to-https.

Now,simply follow these steps:

STEP1:
First enter into your project directory where your code for local repository is kept.
like mine is at ~/openshift/Myapp/ now in this directory there remains some hidden files and folders first you need to unhide them,if you are using ubuntu then simply press CTRL+H this will show you all the hidden files and folder, now from here browse to this path, ./.openshift/config in this folder you will see two files “context.xml” and “server.xml” we need to edit both of these
files but first we will edit server.xml file.

modify the “Connector” tag in this file to this:

swap1

what we did here is simply redirected all the requests to the port 443 which is default port for SSL.

Now,edit the Context.xml file:
add this line in “context” tag of this file:

swap2

Now,edit the web.xml file located at ~/openshift/your-app-name-here/src/main/webapp/WEB-INF/
add following line in between “web-app” tag of this file:

swap3

Now,that’s all modification we need to do,but we need to push this code onto openshift server just the way we did last time.
now,open terminal and cd to your project directory:
cd ~/openshift/your-app-name-here/

now commit the changes using command:
git commit -a -m “some message here”

now push the code using command:
git push

Now that’s all now you are free to test your newly secured site,when you type your domain name in browser, oh my god what you will see over there is,
https://myapp-mydomain.rhcloud.com.
yes guys it is https not http you can click on to the icon appearing in address bar of browser, to see the details of this you can also
check the certificate provided by SSL/TLS for your site by openshift.
Hope you enjoyed.
Thank You.

Advertisements

Create Your First Application on Openshift

Hello guys,in the recent post we have been seen some very basic stuff in order to start working with openshift cloud service.
If you have not read the last post on cloud, then you need to read it before reading this one.
Click Here.
Now we will see how to create an application on cloud in order to access it from any where by reffering your own domain name like,
xxx-yyy.rhcloud.com/
now,log in to your account we hasn’t created any application on openshift so it will ask you to create your first application click onto that link and it will take you to page where you have to specify application name and domain name for your application,

here in the first text field you have to give name for your application like i will give “myfirstapp” after that in next text field we have to give domain name like i gave here “mydomain” you can give any thing here.

like my own personal domain on openshift looks something like this,”http://geeks-javy.rhcloud.com“.

ok,now below it will ask you to wheather you want to scale your application,if you select scale then the openshift will automatically manages all the traffic that comes to your site.In this case it automatically applies the load balancer to your application whenever required.
now click onto the add application button below, and that’s how you have created your very first application on cloud.

On next page it will allow you to select in what language/environment you want to create your application for convinience we will create our first app in java so select tomacat 6 or you can choose the latest version of tomact as well.
here we will create a simple web site using JSP.after that click onto create app button below and it will take you to your main setting page of your account.

here you can see the application that you have created just before some time ago click onto it.
you will enter into main section of your account.
Now, we have to do some important things as follows:
first in order to access the remote shell and remote repository of your application you have to create pair of public/private keys.
now open your terminal and do as follows:

Generating DSA/RSA Keys

The first step involves creating a set of DSA/RSA keys for use in authentication.

This should be done on the client.

To create your public and private SSH keys on the command-line:

first create a directory in your home directory and name it as “.ssh” this will be an hidden directory in home directory we will keep our public key which is required every time when we access ssh or remote repo of our application.And one more important thing the key should
be stored in the .ssh folder,and this is important.
mkdir ~/.ssh

after that give some essential permissions to the directory as follows:
chmod 700 ~/.ssh

Now cd into .ssh directory,
cd ~/.ssh

and now type the following command in order to create pair of public/private keys:
ssh-keygen -t dsa
in above command we choose dsa type for public key, you can also choose rsa type for your public key as well.

after that it will ask a name of the file for your public key like we will give redhat here.
Generating public/private rsa key pair.
Enter file in which to save the key (/home/b/.ssh/id_rsa):redhat

now it will ask for the passphrase this will be like a password for your public key every time you access ssh of openshift it will ask you for the
authentication then you have to specify your passphrase at that time.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:

now it will show you following message:
Your identification has been saved in redhat.
Your public key has been saved in redhat.pub.

Your public key is now available as ~/.ssh/redhat.pub in your home folder.
Congratulations! You now have a set of keys. Now it’s time to make your systems allow you to login with them.

Now,Here we need to tell the openshift about our newly created public key this is required because when we access the openshift using ssh then the openshift must know about your public key.Now all you have to do is see into the right hand side of your account,and click onto it there it will ask you for entering the contents of your public key, in that case simply edit your newly created public key file like we just created is redhat.pub in ~/.ssh directory.

And copy entire contents of this file and paste it into the text field given in your openshift account in this way we tell the openshift about our newly created public key.this is required for doing ssh handshaking when establishing connection with remote ssh on openshift server.

now we have created public key, now it’s show time,
create a directory in your home directory and let’s name it as openshift simply.
now cd into this directory.
cd ~/openshift

now we have to clone the directory structure of our source code from remote repository into our local system this can be done using git utility for more information on git please visit this site http://www.siteground.com/tutorials/git/commands.htm.

now, in simple i will tell you what this git does the git simply copies the source code for your application onto your local system, and also it allows you to push the code from your local system onto the remote server(openshift in our case).It means that git is simply a stupid source code management system.

now the following command will clone the source code from openshift server into your current working directory like:

git clone “path to your remote repository”.

this will ask you to enter the private key code, that is the passprhse that you had entered during the creation of public key.
now onto your openshift account see into top right corner where the path to your git repository is given simply copy it and,

git clone “paste it here”.

now after this you will see a new directory in ~/openshift directory which will be same as your application name.
now as we are creating a simple JSP page, so browse to following path.
/home/username/openshift/your-app-name/src/main/webapp
here you will see index.html file this will be your default file for your web site so now simply test wheather your web site is working or not.
by going to this URL:
myfirstapp-mydomain.rhcloud.com/

after typing the appropriate URL you will see the content of your index.html page.
you can modify the content of this page simply by modifying the file from your system.
now if you are a good java programmer then you can put all your .jsp files in this webapp directory on your system.
now suppose you have just modified the index.html file in this directory.
now in order to see the output of this file by typing the URL, you have to push this modified code onto the cloud,yes you are right by using git, this can be done as follows:

cd ~/openshift/your-app-directory

then type following commands,
git commit -a -m “type any thing here”.

in above command we are going to commit the changes that we have done so far onto remote repository.
after this type the following command as:

git push

this command will push the code that you have cloned from openshift repository again back to it.
now this will take some time because it restarts all the cartridges that you are using for your application.
so if everything wents good then it will show you “success”.

now it is time to test it, again go to the URL of your site and see the changes has taken place.
that’s how you can create any type of application using openshift. as you remember we have been taken tomecat 6 web server so you can
simply host your JSP and servlet programmes on openshift by simply following the above steps.

now here is one more thing that is worth important to be mentioned over here, if you wanted to access the remote shell for your account on openshift for doing some tasks like configuring the environmental variables for your server instance or suppose you are using mysql
as a database for your application then in that case how will you create the database on remore server this is where the concept of ssh comes you can access the remote shell of openshift by simply typing the following command:

but first copy the URL of ssh that is given to you by openshift, for this see into the right side of you account where you can see “access your account remotely” click on “see” button and copy that path and enter it in your terminal, like mine is:

ssh 52e671c65973ca4*******@geeks-javy.rhcloud.com

so by using above command you will be able to access the shell of your openshift account.

ha ha ha ha,that’s it guys you are all done now you are free to create any kind of application on this mind freaking cloud service
that’s why i just love’in it.
redhat openshift Rocks.
Hope you enjoyed this post, thank you.

Host Your Own Web Site using Free Cloud Service

Hi guys today i am glad to post this tutorial on hosting your own web site using free cloud service like Redhat Openshift.
But before going into the details of this, first we will see in short what is openshift and how it helps in creating and hosting our own custom web applications.
OpenShift is Red Hat’s Platform-as-a-Service (PaaS) that allows developers to quickly develop, host, and scale applications in a cloud environment. With OpenShift you have choice of offerings, including online, on premise, and open source project options.
openshift allows us to create web based applications in many different languages,platform and frameworks.

Some of the Supported language environments:
javascript,ruby,PHP,Python Perl,Java.

Supported databases:

  • MySQL
  • PostgreSQL
  • MongoDB

also following are some frameworks that are supported on openshift are:

  • Rack for Ruby
  • WSGI for Python
  • PSGI for Perl
  • Node.js for JavaScript

Now openshift allows us to create and host various kinds of web applications for free.
openshift offers 1GB of disk space,512 MB RAM and maximum 3 Cartridges for free account,
if we want more complex configuration for our custom server then we have to upgrade the account,which is not free.

Requirements for this Post:

  • Any of available Linux distro am using Ubuntu 12.10.
  • GIT (Version Control System) for managing your code remotely.
  • SSH Access for accessing remote shell of openshift server instance.
  • And yes, some of your time.

OK now we are all set,
First thing that we need to do here is create your brand new account on openshift you can do it by reffering to this link.
www.openshift.com/.

Now, after creating new account,you have to log in to your account.
After successfull log in it will ask you to choose a platform or language in which you want to build the application but we will see this in the next post.

Now, we will do some very basic stuff in order to ready ‘working’ with our own newly created cloud service application.

now, we required to install the git system,git is version control system we required git to maintain our code in both local and remote repositories,
we will see git in more detail when we actually required it.But for now we will just simply install git using following command simply type following
command in you terminal.
“sudo apt-get install git”

This is all for getting started with the openshift cloud service,in next post we will see how to create application on openshift cloud.

Create your first application on openshift