Search code examples
cloud-foundryswisscomdev

https not working as expected on swisscom CloudFoundry


I have a very simple spring boot application which as one controller:

@RestController
public class HomeController {
    @GetMapping(path = "/")
    public String getHome() {
        return "Hello world";
    }
}

and the following security configuration to enforce https:

@Configuration
public class SslWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        // require https!
        http.requiresChannel().anyRequest().requiresSecure();
    }
}

the application.properties looks like this:

server.tomcat.remote-ip-header=x-forwarded-for
server.tomcat.protocol-header=x-forwarded-proto

the maven dependencies are:

<dependencies>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-web</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-security</artifactId>
    </dependency>
</dependencies>

The manifest.mf looks like this:

applications:
- name: jt-demo
  memory: 1G
  instances: 1
  path: ./target/demo.jar
  buildpacks: 
    - https://github.com/cloudfoundry/java-buildpack#v4.17.2
  env:
    JAVA_OPTS: -Djava.security.egd=file:///dev/urandom
    JBP_CONFIG_OPEN_JDK_JRE: '{jre: { version: 11.+ }}'

I install the app on two different cloudfoundry providers (pivotal and swisscom) via this command: cf push jt-demo -f manifest.yml

when I run this app on https://run.pivotal.io, and access it via https it works as expected and the browser shows me the expected "Hello world". But when I run it on the swisscom developer application cloud (https://developer.swisscom.com), then I get ERR_TOO_MANY_REDIRECTS (to many 302).

It seems the two cloudfoundry environments are not handling HTTPS the same way.

I know pivotal runs the cf api version 2.138.0 and swisscom has 2.136.0 - but I don't expect this to be the reason.

How can I fix the app/configuration for swisscom dev?


Solution

  • I finally found the answer to my problem here Spring Boot HTTPS redirect loop after Swisscom Application Cloud update

    https://docs.developer.swisscom.com/devguide-sc/buildpacks/java/caveats.html

    it's a bit unexpected to have to configure server.tomcat.internal-proxies for swisscom...