Bluemix CF应用程序和容器之间的安全网关

Question

Can I use Secure-Gateway between my Cloud Foundry apps on Bluemix and my Bluemix docker container database (mongo)? It does not work for me. Here the steps I have followed:

upload secure gw client docker image on bluemix

docker push registry.ng.bluemix.net/NAMESPACE/secure-gateway-client:latest

run the image with token as a parameter

cf ic run registry.ng.bluemix.net/edevregille/secure-gateway-client:latest GW-ID

when i look at the logs of the container secure-gateway, I get the following:

[INFO] (Client PID 1) Setting log level to INFO
[INFO] (Client PID 1) There are no Access Control List entries, the ACL Deny All flag is set to: true [INFO] (Client PID 1) The Secure Gateway tunnel is connected

and the secure-gateway dashboard interface shows that it is connected too.

But then, when I try to add the MongoDB database (running also on my Bluemix at 134.168.18.50:27017->27017/tcp) as a destination from the service secure-gateway dashboard, nothing happened: the destination is not created (does not appear).

I am doing something wrong? Or is it just that this not a supported use case?

Answer 1

1) The Secure Gateway is a service used to integrate resources from a remote (company) data center into Bluemix. Why do you want to use the SG to access your docker container on Bluemix?

2) From a technical point of view the scenario described in the question should work. However, you need to add rule to the access control list (ACL) to allow access to the docker container with your MongoDB. When you are running the SG it has a console to type in commands. You could use something like allow 134.168.18.50:27017 as command to add the rule.

BTW: There is a demo using the Secure Gateway to connect to a MySQL running in a VM on Bluemix. It shows how to install the SG and add a ACL rule.

Added: If you are looking into how to secure traffic to your Bluemix app, then just use https instead of http. It is turned on automatically.