On the OpenShift website here: https://help.openshift.com/hc/en-us/articles/202535440-How-do-I-get-SSL-for-my-domains-, it states
You can always take advantage of our *.rhcloud.com wildcard certificate in order
to securely connect to any application via it's original, OpenShift-provided
hostname URL.
However, Node's HTTPS server requires a file path to a certificate and private key in order to use HTTPS:
var privateKey = fs.readFileSync('sslcert/server.key', 'utf8');
var certificate = fs.readFileSync('sslcert/server.crt', 'utf8');
var credentials = {key: privateKey, cert: certificate};
var express = require('express');
var app = express();
var httpsServer = https.createServer(credentials, app);
httpsServer.listen(443);
None of the OpenShift environment variables (https://www.openshift.com/developers/openshift-environment-variables) appear to be related to SSL certificates, and the documentation does not mention it other than at the above link, which provides no technical information in actually using it.
How do I access the privateKey and certificate file on an OpenShift Node.js gear/cartridge?
If these certificate files are new to your OpenShift Container Platform cluster, change to the playbook directory and run the Ansible deploy_router. yml playbook to add these files to the OpenShift Container Platform configuration files.
To view certificates for the current userSelect Run from the Start menu, and then enter certmgr. msc. The Certificate Manager tool for the current user appears.
When creating secrets: Create a secret object with secret data. Update the pod's service account to allow the reference to the secret. Create a pod, which consumes the secret as an environment variable or as a file (using a secret volume).
It turns out that all SSL certificates are handled by OpenShift routers before they reach the gear/cartridge. There is no need to setup an HttpsServer at all, the normal HttpServer listening on port 8080 will receive both HTTP and HTTPS traffic transparently.
This is true whether you are using a custom certificate or the wildcard certificate, which is pretty nifty.
Nodejs Express application scenario is detailed at OpenShift https answer. To sum up, use the X-Forwarded-Proto header's value from the request headers given to your nodejs web server by openshift's proxy to determine if reply should redirect client to https or is client already requesting on https.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With