How to unsecure the healthcheck endpoint after enabling the SSL property in the HTTP server options?
ParthaShainoju opened this issue · 1 comments
ParthaShainoju commented
Greetings Everyone!
Use Case: We did the following SSL configuration as per the docs, however we need to disable this SSL check for a couple of routes (/healthcheck & /ping- make them non-secure) and have the SSL check only for 1 route (/seller). How do we accomplish this?
HTTP Server Options:
HttpServerOptions secureOptions = new HttpServerOptions();
secureOptions.setSsl(true)
.setPfxKeyCertOptions(new PfxOptions().setPath(sslKeystorePath)
.setPassword(sslKeystorePassword))
.setPfxTrustOptions(new PfxOptions().setPath(sslKeystorePath)
.setPassword(sslKeystorePassword))
.setClientAuth(ClientAuth.REQUIRED)
.addEnabledSecureTransportProtocol(APIConstants.TLS_VERSION_2);
Registering Healthcheck routers:
private void registerHealthChecks(Router router) {
HealthCheckHandler healthCheckHandler =
HealthCheckHandler
.createWithHealthChecks(HealthChecks.create(vertx));
healthCheckHandler
.register("STATUS", 2000, future -> future.complete(Status.OK()));
HealthCheckHandler pingHandler = HealthCheckHandler.create(vertx);
pingHandler.register("DB_STATUS", future -> {
final JDBCClient client = JDBCClient.createShared(vertx, new JsonObject()
.put("url", config().getValue("jdbc.url"))
.put("driver_class", config().getValue("jdbc.driver_class"))
.put("max_pool_size", config().getValue("jdbc.max_pool_size"))
.put("user", config().getValue("jdbc.user"))
.put("password", config().getValue("jdbc.password")));
client.getConnection(conn -> {
if (conn.failed()) {
LOGGER.error(conn.cause().getMessage());
future.complete(Status.KO());
} else if (conn.succeeded()) {
LOGGER.info("DB Connection successful!!!");
future.complete(Status.OK());
}
}).close();
});
// Healthcheck endpoint handler
router.get(APIConstants.SA_HEALCHECK_ENDPOINT).handler(healthCheckHandler);
LOGGER.info("Endpoint added to router " + APIConstants.SA_HEALCHECK_ENDPOINT);
// Ping endpoint handler for database health check
router.get(APIConstants.SA_PING_ENDPOINT).handler(pingHandler);
LOGGER.info("Endpoint added to router " + APIConstants.SA_PING_ENDPOINT);
}
Start Method Implementation:
@Override
public void start(Future<Void> startFuture) throws Exception {
Json.mapper.registerModule(new JavaTimeModule());
FileSystem vertxFileSystem = vertx.fileSystem();
// Read properties into config object and use it for further server configuration.
this.configRetriever.configStream().handler(config -> {
// read port from properties file.
this.serverPort = config.getInteger("api.endpoint.port");
// Reading swagger.json and and register router here
vertxFileSystem.readFile("swagger.json", readFile -> {
HttpServer server = null;
if (readFile.succeeded()) {
// Get Swagger file and create routes with api endpoints defined in the swagger.json
Swagger swagger = new SwaggerParser().parse(readFile.result().toString(Charset.forName("utf-8")));
Router swaggerRouter = SwaggerRouter.swaggerRouter(router, swagger, vertx.eventBus(), new OperationIdServiceIdResolver());
// Register /healthcheck and /ping endpoints here
registerHealthChecks(swaggerRouter);
// Configure SSL certifications for https://
HttpServerOptions secureOptions = getSSLConfig(config);
// Initialize HttpServer with above SSL config
server = vertx.createHttpServer(secureOptions);
// deploy theSellerAPIVerticle
deployVerticles(startFuture, config);
// Start the server with all above the routes
if(server != null) {
server.requestHandler(swaggerRouter)
.listen(serverPort, h -> {
if (h.succeeded()) {
startFuture.complete();
} else {
startFuture.fail(h.cause());
}
});
} else {
LOGGER.warn("Server is not initialized properly!!");
}
} else {
startFuture.fail(readFile.cause());
}
});
});
}
tsegismont commented
You need to create separate HTTP server for the healthchecks (on a different host/port).
I'm closing the issue because this is not the best place to get help for your matter. Please send further questions to the Vert.x users group (see https://vertx.io/community)