Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Effecient Ways of Implementation Secure HTTP in...

Selçuk Usta
November 02, 2019

Effecient Ways of Implementation Secure HTTP in Microservices

Presented at .NET Konf 2019 (Devnot Organization). It's about how to use SSL Passthrough and SSL Termination on dockerized .NET Core applications are running on Kubernetes.

Selçuk Usta

November 02, 2019
Tweet

More Decks by Selçuk Usta

Other Decks in Programming

Transcript

  1. I’ve to learn; OS-level dependencies Computer networking Application topologies New

    development trends Monitoring and tracing Network & application security As a developer
  2. I’ve to learn; OS-level dependencies Computer networking Application topologies New

    development trends Monitoring and tracing Network & application security As a developer
  3. SSL 1.0 (1994) SSL 2.0 (1995) SSL 3.0 (1996) TLS

    1.0 (1999) TLS 1.1 (2006) TLS 1.2 (2008)
  4. SSL 1.0 (1994) SSL 2.0 (1995) SSL 3.0 (1996) TLS

    1.0 (1999) TLS 1.1 (2006) TLS 1.2 (2008) TLS 1.3 (2018) SSL deprecated (2015) Browser supports TLS 1.2 (2013)
  5. -> create certificate request on web server -> get certificate

    from provider -> complete certificate request on web server -> set bindings
  6. When an incoming secure HTTP request is not decrypted at

    the load balancer, the data is passed along to the backend server for decryption.
  7. When an incoming secure HTTP request is not decrypted at

    the load balancer, the data is passed along to the backend server for decryption. Web application security is top concern. (Banking, payment systems, data protection regulations, etc…)
  8. When an incoming secure HTTP request is not decrypted at

    the load balancer, the data is passed along to the backend server for decryption. Web application security is top concern. (Banking, payment systems, data protection regulations, etc…) Not sure about the department/provider of network device management.
  9. When an incoming secure HTTP request is not decrypted at

    the load balancer, the data is passed along to the backend server for decryption. Web application security is top concern. (Banking, payment systems, data protection regulations, etc…) Not sure about the department/provider of network device management. The security of data transfers within LAN is so important.
  10. When an incoming secure HTTP request is not decrypted at

    the load balancer, the data is passed along to the backend server for decryption. Web application security is top concern. (Banking, payment systems, data protection regulations, etc…) Not sure about the department/provider of network device management. The security of data transfers within LAN is so important. Have more, much more, unlimited CPU. J
  11. When an incoming secure HTTP request is decrypted at the

    load balancer, the data is passed along to the backend server as plain HTTP.
  12. When an incoming secure HTTP request is decrypted at the

    load balancer, the data is passed along to the backend server as plain HTTP. OS-agnostic certificate management. (Web applications can be executed behind a variety of web servers, running on different operating systems)
  13. When an incoming secure HTTP request is decrypted at the

    load balancer, the data is passed along to the backend server as plain HTTP. OS-agnostic certificate management. (Web applications can be executed behind a variety of web servers, running on different operating systems) Using load-balancing and proxy features limitless. (Inspect, manipulate and log the request objects before passing them)
  14. When an incoming secure HTTP request is decrypted at the

    load balancer, the data is passed along to the backend server as plain HTTP. OS-agnostic certificate management. (Web applications can be executed behind a variety of web servers, running on different operating systems) Using load-balancing and proxy features limitless. (Inspect, manipulate and log the request objects before passing them) "x-forwarded-proto" header is so important, and"x-forwarded-host"! (If the backend application needs to say: "I’m coming from this hostname and with this protocol!")
  15. ON AIR: “How to pass secure data to the .NET

    Core web application is running on Kubernetes?” /in/selcukusta selcukusta.com selcukusta ustasoglu selcukusta (at)gmail.com