Make Your Openshift Application Secure(HTTPS)

Hello once again,in the recent post we have see how to create application on openshift cloud and how to make use of very important git system in order to manage our code in both the local and remote repositories respectively.
we have also seen how to use ssh to access the remote shell for doing some server side work.

Today, we will see a very interesting stuff on openshift we will make use of SSL for our newly created application,it simply means that your
application which you access from suppose this domain http://myapp-mydomain.rhcloud.com/ will become https://myapp-mydomain.rhcloud.com/
yes, you are right it’s HTTPS not HTTP that you use commonly.

Now before doing this we need to understand the difference between HTTP and HTTPS.
when you say a secure site like all the banking web sites which make their transactions through the SSL tunnel,SSL is fascinated as a TLS(Transport Layer Security) in kernel network stack at the transport layer.
Now,what is SSL(secure socket layer):
I will not go into much details of SSL but explain some very important features of it.

The purpose of the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols is to provide a mechanism for secure communications between two parties over a network which neither party has end-to-end control over and thus has the potential for third parties to intercept communication. The Internet is a good example of such a network.
But technically speaking, When we say SSL it means all the applications layer data is transmitted through tunnel,means all the data is encrypted using some standard encryption algorithms like MD5,SHA1,RSA,etc.
Fundamentally there are two aspects that need to be addressed,
Data Integrity and End-Point Verification.

Data Integrity:
When communication is made between two parties in a secure manner it is important that the data is received in its entirety, unmodified and without other parties being able to inspect or modify the communication. To provide data integrity SSL/TLS employs a variety of cryptographic techniques. Asymmetric and symmetric encryption is used to provide privacy by preventing third-parties from being able to access the contents of a message even if it is intercepted. This also provides protection against messages being removed and inserted. Message digests are used to protect against messages being modified.

End-Point Verification:
It is also important that when communication is made between two endpoints the endpoints are indeed who they claim that they are. In SSL and TLS this is achieved using certificates. During the course of establishing an SSL/TLS connection a message signed with the end-point’s certificate is sent along with the certificate. The certificate itself is signed by a certificate authority, and it is in the certificate authority that the web of trust lies.

Now, in order to make your own domain secure i.e HTTPS from insecure HTTP we have to simply change some configuration of tomcat server listening on openshift.

Note:This tutorial only explain you how to implement SSL for tomcat(JBOSS EWS) based applications for other applications like python,PHP,Ruby,or perl,and also the method for implementing SSL for DIY(Do It Yourself) cartridge is different.
visit this site for above cases: https://www.openshift.com/kb/kb-e1044-how-to-redirect-traffic-to-https.

Now,simply follow these steps:

STEP1:
First enter into your project directory where your code for local repository is kept.
like mine is at ~/openshift/Myapp/ now in this directory there remains some hidden files and folders first you need to unhide them,if you are using ubuntu then simply press CTRL+H this will show you all the hidden files and folder, now from here browse to this path, ./.openshift/config in this folder you will see two files “context.xml” and “server.xml” we need to edit both of these
files but first we will edit server.xml file.

modify the “Connector” tag in this file to this:

swap1

what we did here is simply redirected all the requests to the port 443 which is default port for SSL.

Now,edit the Context.xml file:
add this line in “context” tag of this file:

swap2

Now,edit the web.xml file located at ~/openshift/your-app-name-here/src/main/webapp/WEB-INF/
add following line in between “web-app” tag of this file:

swap3

Now,that’s all modification we need to do,but we need to push this code onto openshift server just the way we did last time.
now,open terminal and cd to your project directory:
cd ~/openshift/your-app-name-here/

now commit the changes using command:
git commit -a -m “some message here”

now push the code using command:
git push

Now that’s all now you are free to test your newly secured site,when you type your domain name in browser, oh my god what you will see over there is,
https://myapp-mydomain.rhcloud.com.
yes guys it is https not http you can click on to the icon appearing in address bar of browser, to see the details of this you can also
check the certificate provided by SSL/TLS for your site by openshift.
Hope you enjoyed.
Thank You.