Community

Inbound SSL in Bluemix

Share this post:


Did you know in Bluemix you get inbound SSL for free?  It is automatically turned on and enabled for every app.  All you have to do is just access your app over https instead of http.

Developers don’t need to implement SSL in their app, you just need to support HTTP and the Bluemix infrastructure will support HTTPS for you and do SSL offloading.

Additionally Bluemix supports the “x-forwarded-proto” header to allow developers to check with protocol requests are coming in over.  I have pasted some example Node.JS middleware that you can check if the request is coming in over https or not.


var middleware = module.exports,
    url = require("url");

var HTTP = "http:",
    HTTPS = "https:";

middleware.transportSecurity = function () {
    
    var applicationURL = config().appURL(),
        scheme = url.parse(applicationURL).protocol;
    
    function securityEnabled () {
        if (scheme !== HTTP && scheme !== HTTPS) {
            throw new Error(
                "The application URL scheme must be 'http' or 'https'."
            );
        }
        return scheme === HTTPS;
    }
    
    function redirectURL (request) {
        return url.resolve(applicationURL, request.originalUrl);
    }
    
    if (securityEnabled()) {
        console.log("Transport security is enabled.");
    }

    return function (request, response, next) {
        // handling non-standard proxy headers ibm cf uses
        if(request.headers.protocol) {
            request.headers["x-forwarded-proto"] = request.headers.protocol;
        } else
        if(request.headers.$wssc) {
            // The $wssc header is something that WebSphere inserts to pass the
            // proxied protocol to downstream applications
            request.headers["x-forwarded-proto"] = request.headers.$wssc;
        }

        if (securityEnabled() && !request.secure) {
            log.info("Redirecting insecure request for", request.originalUrl);
            response.redirect(301, redirectURL(request));
        }
        else {
            next();
        }
    };
    
};

 

 


...
var middleware = require("./middleware");
...
app.use(middleware.transportSecurity());

For more information check out https://www.ng.bluemix.net/docs/#overview/index-gentopic1.html#sec_plat

IBM Cloud Kubernetes Service - Core Dev Lead

More stories
May 7, 2019

We’ve Moved! The IBM Cloud Blog Has a New URL

In an effort better integrate the IBM Cloud Blog with the IBM Cloud web experience, we have migrated the blog to a new URL: www.ibm.com/cloud/blog.

Continue reading

May 1, 2019

Two Tutorials: Plan, Create, and Update Deployment Environments with Terraform

Multiple environments are pretty common in a project when building a solution. They support the different phases of the development cycle and the slight differences between the environments, like capacity, networking, credentials, and log verbosity. These two tutorials will show you how to manage the environments with Terraform.

Continue reading

April 29, 2019

Transforming Customer Experiences with AI Services (Part 1)

This is an experience from a recent customer engagement on transcribing customer conversations using IBM Watson AI services.

Continue reading