Jump to: navigation, search

Hypertext_Transfer_Protocol_over_Secure_Socket_Layer

Also known as https. A secure version of the Hypertext Transfer Protocol, it is the combination of a normal HTTP interaction over an encrypted Secure Sockets Layer (SSL) or Transport Layer Security (TLS) connection.



Glossary

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Load balancing

Web Services supports any third-party load balancer that supports sticky sessions. You should configure session affinity (sticky sessions) based on JSESSIONID. After your load balancer is set up, you can use the following URL for health checks:
http://<Web_Services_Host>:<Web_Services_Monitoring_Port>/actuator/health/readiness.

where,

  • Web_Services_Host - is the host name where GWS application is hosted. In case you want to set a specific hostname, specify it in the address option in the management section of the Application.yaml file.
    For example:
    management:
  server:
    address: <address>
  • Web_Services_Monitoring_port - is the value configured in the port option in the management section of the Application.yaml file. 
    management:
  server:
    port: <port>

HTTPS Configuration for monitoring endpoint

If you want to enable TLS for the monitoring endpoint, the following additional configurations are needed.

For example: 

management:
  server:
    port: <port>
    ssl:
      enabled: true
      key-store: <keystore path>
      key-store-password: <password>
      key-alias: <alias>
      key-password: <password>
  endpoints:
    web:
      exposure:
        include: 'health,prometheus,reindexdetails'

Important TLS Considerations

  • Do not use IP address literals (for example, 192.168.1.215 or fe80::3831:400c:dc07:7c40) in your monitoring endpoint URL when TLS is enabled.
  • SNI (Server Name Indication) requires that all hostnames used contain at least one dot (.). Avoid short or local hostnames (like localhost or myhost); use a fully qualified domain name (FQDN) such as monitoring.mycompany.com.
  • Ensure that your SSL certificate's Common Name (CN) or Subject Alternative Names (SANs) match the hostname used to access the service.
  • The certificate specified in the key store must be properly configured, trusted, and should not be expired.

If you are configuring your solution to use Hypertext Transfer Protocol over Secure Socket Layer, you do not need to set up HTTPS between your load balancer and Web Services.

Important
Web Services and Applications does not currently support web sockets.
This page was last edited on April 11, 2025, at 16:27.
Comments or questions about this documentation? Contact us for support!