I have successfully deployed my spring boot app to Compute Engine on ubuntu 18.04, it is behind Nginx proxy but currently Nginx is listening to 80 port, which is http. I need to set up secure connection. I have question about few details, im new to this, all i've done so far is write spring boot/react js apps on windows, in IDE.
You can give some advice if you have any, i'm just trying to make a secure connection to my back end spring boot app which is behind Nginx on google compute engine, which currently works only with HTTP but not HTTPs.
1 . Technically you're able to have SSL certificate for public IP, but it's rarely used. More details you can find in RFC 5280 and in this question .
Keep in mind that if your IP address changes your SSL certificate become useless .
I've checked a few SSL providers and found that you should be the owner of the IP to obtain such SSL certificate :
accordingly to the article Using an IP Address in an SSL Certificate posted by geocerts :
If you decide that you really need an IP in your cert there are specific stipulations, conditions, and limitations to consider. The biggest hurdle for most folks is that the IP address must be specifically assigned to your company or organization (not your ISP or hosting provider) as verified by an IP WHOIS lookup.
accordingly to the article Issuing SSL certificate for an IP address by LeaderSSL :
Quite frequent question: is it possible to issue an SSL certificate for an IP address (and not for a domain name)? Yes, it is possible. However, there are several requirements:
- Only OV SSL certificates can be issued;
- The company must own IP address (validation based on WHOIS information of IP-addresses).
same in the article WHAT IS AN IP ADDRESS SSL CERTIFICATE? :
An IP address SSL certificate secures connections directly with the IP address submitted. Whereas typically an SSL certificate is issued to a Fully Qualified Domain Name (FQDN), some organisations may need to secure an IP address.
Only public IP addresses may be used and you must be the owner of the IP address according to the records at RIPE .
As result, practically, it's almost not possible in case of GCE VM instance and it's easier to proceed with domain certificate.
2 . In GCE all the connections to the external IP of VM instance passed through directly to the VM instance. GCE isn't able to secure connections on it's own. You should configure SSL certificate on VM instance. More details you can find in the documentation VPC network overview and IP Addresses .
In addition, you're able to use Google-managed SSL certificates or own SSL certificates on external HTTP(S) load balancers .
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.