Service fabric reverse proxy with certificates on endpoint
Question
在Service Fabric中,使用反向代理时,是否可能要求用户/客户端访问http端点的证书?
2 answers
solution1
0 2017-09-26 07:09:42
If I understand your question correctly, it is possible -
SSL termination happens at the reverse proxy and all the client certificate data is lost. For the services to perform client certificate authentication, set the ForwardClientCertificate setting in the parameters section of ApplicationGateway/Http element.
When ForwardClientCertificate is set to true , reverse proxy requests for the client's certificate during its SSL handshake with the client. It will then forward the client certificate data in a custom HTTP header named X-Client-Certificate .
Check out Setting up client certificate authentication through the reverse proxy .
solution2
0 2017-09-26 23:21:58
For service fabric azure, you can put Azure Application Gateway in front of service fabric and its reverse proxy and do SSL off loading so HTTPS come to Application Gateway get validated and convert to HTTP before before reaching the service.
It give benefit of less maintenance effort, if you have a request which then trigger 5 services to call each other in a chain using reverse proxy with Forward Certificate option on then each services will have to be config to deal with https. If there is a change to certificate ie expire then you have to update all services configuration With application gateway you only do at one place.
It is also better for resilient because if you prefix a particular reverse proxy in a node then if that node is down you lost connection. Having Application Gateway will allow you to remove that node and use reverse proxy on other node
For on premise solution you can do the same depend on your own load balancer
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.