Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Effecient Ways of Implementation Secure HTTP in...

Selçuk Usta
November 02, 2019
Programming
0
160

Effecient Ways of Implementation Secure HTTP in Microservices

Presented at .NET Konf 2019 (Devnot Organization). It's about how to use SSL Passthrough and SSL Termination on dockerized .NET Core applications are running on Kubernetes.

Selçuk Usta

November 02, 2019
Tweet

More Decks by Selçuk Usta

See All by Selçuk Usta
Are Your .NET 8 Applications Resilient for the Chaos-proof?
selcukusta
1
280
MongoDB: Best Practices, Performance Tricks, .NET Tips & Tricks
selcukusta
0
120
Test Automation and Deployment Strategies on Kubernetes
selcukusta
2
210
Docker, Kubernetes, .NET Core
selcukusta
0
370
Running Stateful Applications on Azure Container Instances
selcukusta
0
100
Building Clean Infrastructure with AWS CodePipeline
selcukusta
0
140
Yüksek Erişilebilir Sistemler Tasarlamak
selcukusta
0
290
.NET Core Mikroservis Uygulamalarında Konfigürasyon Yönetimi
selcukusta
0
560
ASP.NET Core SignalR 2.1 Yenilikleri
selcukusta
0
150

Other Decks in Programming

See All in Programming
ふかぼれ!CSSセレクターモジュール / Fukabore! CSS Selectors Module
petamoriken
0
150
C++でシェーダを書く
fadis
6
4.1k
CSC509 Lecture 13
javiergs
PRO
0
110
とにかくAWS GameDay!AWSは世界の共通言語! / Anyway, AWS GameDay! AWS is the world's lingua franca!
seike460
PRO
1
880
watsonx.ai Dojo #4 生成AIを使ったアプリ開発、応用編
oniak3ibm
PRO
1
130
Kaigi on Rails 2024 〜運営の裏側〜
krpk1900
1
220
色々なIaCツールを実際に触って比較してみる
iriikeita
0
330
CSC509 Lecture 12
javiergs
PRO
0
160
Hotwire or React? ~アフタートーク・本編に含めなかった話~ / Hotwire or React? after talk
harunatsujita
1
120
카카오페이는 어떻게 수천만 결제를 처리할까? 우아한 결제 분산락 노하우
kakao
PRO
0
110
AI時代におけるSRE、
あるいはエンジニアの生存戦略
pyama86
6
1.1k
GitHub Actionsのキャッシュと手を挙げることの大切さとそれに必要なこと
satoshi256kbyte
5
430

Featured

See All Featured
Teambox: Starting and Learning
jrom
133
8.8k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
47
5k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
42
9.2k
Learning to Love Humans: Emotional Interface Design
aarron
273
40k
The Language of Interfaces
destraynor
154
24k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
44
2.2k
What's in a price? How to price your products and services
michaelherold
243
12k
Thoughts on Productivity
jonyablonski
67
4.3k
jQuery: Nuts, Bolts and Bling
dougneiner
61
7.5k
Visualization
eitanlees
145
15k
For a Future-Friendly Web
brad_frost
175
9.4k
KATA
mclloyd
29
14k

Transcript

  1. Effecient Ways of Implementation Secure HTTP in Microservices

  2. SELÇUK USTA Software Development Manager @ /in/selcukusta selcukusta.com selcukusta ustasoglu

    selcukusta (at)gmail.com

  3. I’M DEVELOPER AND … NOT MY JOB! I’M SYSADMIN AND

    … NOT MY JOB!

  4. I’M WITH YOU ’TİL THE END OF THE DEPLOYMENT!

  5. None

  6. WE’RE THE TEAM AND SOFTWARE DELIVERY IS OUR JOB!

  7. ..but…

  8. I’ve to learn; OS-level dependencies Computer networking Application topologies New

    development trends Monitoring and tracing Network & application security As a developer

  9. I’ve to learn; OS-level dependencies Computer networking Application topologies New

    development trends Monitoring and tracing Network & application security As a developer

  10. SSL TLS

  11. SSL 1.0 (1994)

  12. SSL 1.0 (1994) SSL 2.0 (1995)

  13. SSL 1.0 (1994) SSL 2.0 (1995) SSL 3.0 (1996)

  14. SSL 1.0 (1994) SSL 2.0 (1995) SSL 3.0 (1996) TLS

    1.0 (1999)

  15. SSL 1.0 (1994) SSL 2.0 (1995) SSL 3.0 (1996) TLS

    1.0 (1999) TLS 1.1 (2006)

  16. SSL 1.0 (1994) SSL 2.0 (1995) SSL 3.0 (1996) TLS

    1.0 (1999) TLS 1.1 (2006) TLS 1.2 (2008)

  17. SSL 1.0 (1994) SSL 2.0 (1995) SSL 3.0 (1996) TLS

    1.0 (1999) TLS 1.1 (2006) TLS 1.2 (2008) TLS 1.3 (2018) SSL deprecated (2015) Browser supports TLS 1.2 (2013)

  18. ..so…

  19. SSL is the history of TLS and now it’s deprecated

  20. ..and…

  21. SSL and TLS use the same standard digital certificates

  22. SSLOffloading Passthrough

  23. -> create certificate request on web server -> get certificate

    from provider -> complete certificate request on web server -> set bindings
  24. None
  25. None

  26. When an incoming secure HTTP request is not decrypted at

    the load balancer, the data is passed along to the backend server for decryption.

  27. When an incoming secure HTTP request is not decrypted at

    the load balancer, the data is passed along to the backend server for decryption. Web application security is top concern. (Banking, payment systems, data protection regulations, etc…)

  28. When an incoming secure HTTP request is not decrypted at

    the load balancer, the data is passed along to the backend server for decryption. Web application security is top concern. (Banking, payment systems, data protection regulations, etc…) Not sure about the department/provider of network device management.

  29. When an incoming secure HTTP request is not decrypted at

    the load balancer, the data is passed along to the backend server for decryption. Web application security is top concern. (Banking, payment systems, data protection regulations, etc…) Not sure about the department/provider of network device management. The security of data transfers within LAN is so important.

  30. When an incoming secure HTTP request is not decrypted at

    the load balancer, the data is passed along to the backend server for decryption. Web application security is top concern. (Banking, payment systems, data protection regulations, etc…) Not sure about the department/provider of network device management. The security of data transfers within LAN is so important. Have more, much more, unlimited CPU. J

  31. When an incoming secure HTTP request is decrypted at the

    load balancer, the data is passed along to the backend server as plain HTTP.

  32. When an incoming secure HTTP request is decrypted at the

    load balancer, the data is passed along to the backend server as plain HTTP. OS-agnostic certificate management. (Web applications can be executed behind a variety of web servers, running on different operating systems)

  33. When an incoming secure HTTP request is decrypted at the

    load balancer, the data is passed along to the backend server as plain HTTP. OS-agnostic certificate management. (Web applications can be executed behind a variety of web servers, running on different operating systems) Using load-balancing and proxy features limitless. (Inspect, manipulate and log the request objects before passing them)

  34. When an incoming secure HTTP request is decrypted at the

    load balancer, the data is passed along to the backend server as plain HTTP. OS-agnostic certificate management. (Web applications can be executed behind a variety of web servers, running on different operating systems) Using load-balancing and proxy features limitless. (Inspect, manipulate and log the request objects before passing them) "x-forwarded-proto" header is so important, and"x-forwarded-host"! (If the backend application needs to say: "I’m coming from this hostname and with this protocol!")

  35. ON AIR: “How to pass secure data to the .NET

    Core web application is running on Kubernetes?” /in/selcukusta selcukusta.com selcukusta ustasoglu selcukusta (at)gmail.com