play.server.http.port = "disabled"
play.server.https.port = "9443"
play.server.https.keyStore.type = "JKS"
play.server.https.keyStore.path = ${KS_PATH}
play.server.https.keyStore.password = ${KS_PASS}
play.server.https.trustStore.type = "JKS"
play.server.https.trustStore.path = ${TS_PATH}
play.server.https.trustStore.password = ${TS_PASS}
play.http.sslengineprovider = "utils.MySSLEngineProvider"
with ConfigurationServiceLocatorComponents
--
You received this message because you are subscribed to the Google Groups "Lagom Framework Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to lagom-framework+unsubscribe@googlegroups.com.
To post to this group, send email to lagom-framework@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/lagom-framework/b0024f0c-483a-4ad4-aa46-23b106cb5a8e%40googlegroups.com.
Hi David,Thanks for your investigation, and I apologize for not responding sooner.It sounds like you found most of your answers, but I'll add some clarifications:Internal, mutual TLS is something we are very interested in supporting and documenting fully in the future and have begun investigating and planning. I can't promise you a timeline at this point, but it is definitely on the road map.
- Lagom does have some support for TLS connections, mostly by virtue of being built on top of other technologies that support it, but support is currently incomplete and undocumented
- One known limitation, as you discovered, is that the development mode does not support HTTPS
- Another is that the WebSocket client used for making streaming service calls does not support outgoing TLS ("wss" URLs) but the WebSocket server does support it, so if you are only using non-Lagom clients such as web browsers, that might be useful.
- As far as I know, most Lagom users are indeed securing things at the network perimeter and terminating TLS in HAProxy or some other load balancer
- I believe it is possible to get ConductR to use https endpoints for services, but it might require overriding some of the bundle configuration that is automatically generated by sbt-conductr. I don't believe there's straightforward, step-by-step documentation at this time. You can find an overview of the sbt-conductr options available in the readme at https://github.com/typesafehub/sbt-conductr
In the meantime, if you're willing to keep digging around under the hood, I think it should be possible to accomplish what you need, and I would be very interested to hear how it goes. Please keep asking questions and I'll try to be more responsive in the futureCheers,Tim Moore
On Thu, Jul 20, 2017 at 5:15 AM, David Patrick <patr...@gmail.com> wrote:
Looking at the ConductR documentation, I'm guessing that most people just let HAProxy do all the SSL/TLS heavy-lifting for them?
That's going to make the 2-way SSL (mutual authentication) harder on me in development.... Then figuring how to do thing differently in staging/prod....
I think I can make do though....
I don't suppose enhancements to SSL/TLS support is on the Roadmap?
--
You received this message because you are subscribed to the Google Groups "Lagom Framework Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to lagom-framewo...@googlegroups.com.
To post to this group, send email to lagom-f...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/lagom-framework/b0024f0c-483a-4ad4-aa46-23b106cb5a8e%40googlegroups.com.