Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding ssl to non-proxy loadbalancer #241

Merged
merged 4 commits into from
Dec 3, 2024
Merged

Adding ssl to non-proxy loadbalancer #241

merged 4 commits into from
Dec 3, 2024

Conversation

jpl-btlunsfo
Copy link
Collaborator

@jpl-btlunsfo jpl-btlunsfo commented Dec 2, 2024
edited
Loading

Purpose

  • Adds back in the SSL configuration, but only applies it to the non-proxy (jpl-internal-only) loadbalancer

Proposed Changes

  • ADD ssl certificate ssm reference
  • CHANGE current jpl-internal loadbalancer configuration to use HTTPS

Issues

Testing

@jpl-btlunsfo jpl-btlunsfo self-assigned this Dec 2, 2024
LucaCinquini
LucaCinquini requested changes Dec 2, 2024
View reviewed changes
Copy link
Collaborator

@LucaCinquini LucaCinquini left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was able to deploy SPS correctly using this branch, but there are a few issues:
o The terraform output still shows http://.... - this is easily fixable
o The script to deploy the DAGs fails because the SSL certificate is not valid (the certificate hostname does not match the ALB). The solution to this is either to use the top-level proxy to deploy the DAGs, or update the ogc-processin-client with an option to bypass certificate errors

@jpl-btlunsfo
Copy link
Collaborator Author

per your second bullet, I think it would be easier to adjust the OGC api to ignore certificate errors, but I'm not sure which option is best in the long run.

@LucaCinquini LucaCinquini merged commit 28a0696 into develop Dec 3, 2024
2 checks passed
@LucaCinquini LucaCinquini deleted the 237-non-internal-ingress-ssl branch December 3, 2024 17:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@LucaCinquini LucaCinquini LucaCinquini approved these changes

@nikki-t nikki-t Awaiting requested review from nikki-t

Assignees

@jpl-btlunsfo jpl-btlunsfo

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jpl-btlunsfo @LucaCinquini