Base solution for your next web application
Open Closed

HTTP-Only Internal Communication in RHOS Cluster with ASPZERO #12232

User avatar
0
pliaspzero created

Hello ASPZERO Team,

We are implementing your solution with Angular as the frontend and ASP.NET Core as the backend, running within a Red Hat OpenShift (RHOS) cluster. We aim to simplify our setup by using HTTP (ASPNETCORE_URLS=http://+:8080) only for internal communications within the RHOS namespace, while retaining HTTPS for external access. Questions:

HTTP-Only Configuration for Internal Traffic:
Is it possible to configure the ASP.NET Core backend to use HTTP only for internal (namespace-level) traffic in the RHOS cluster? If so, could you provide guidance or recommendations on setting this up without affecting the security of external HTTPS access?

CORS Configuration with Internal HTTP:
Given that HTTP will be used internally, do you have recommended settings for Cross-Origin Resource Sharing (CORS) to allow secure communication between the Angular frontend and the ASP.NET Core backend? We want to ensure CORS is correctly configured to support internal HTTP requests while keeping external traffic secure via HTTPS.

Any example configurations or best practices would be highly appreciated to help us configure internal HTTP communication effectively.

Go to accepted answer
3 Answer(s)
  • User Avatar
    0
    m.aliozkaya created
    Support Team

    Hi @pliaspzero,

    Could you check this blog post?

    https://aspnetzero.com/blog/http-only-cookies-in-asp.net-zero-angular-ui

  • User Avatar
    0
    pliaspzero created

    thanks - locks quite a big change is coding... Could it be a solution to deploy Angular App and aspnet code in one image container? or some other hints?

  • User Avatar
    0
    pliaspzero created

    could it be like this?

    To use HTTP within the cluster while keeping external access over HTTPS, you can make the following changes without applying extensive code modifications (as suggested in the ASPZERO blog post):

    1. Changes in appsettings.json:

      ServerRootAddress: Change the backend URL for internal communication to http://localhost:8080 (instead of https://myExternalDomain-api.com ClientRootAddress: Keep this URL as https://myExternalDomain.com to ensure external access over HTTPS. CorsOrigins: Update CORS to allow the Angular app to access the backend over http://localhost:8080 for internal communication.

    Example for appsettings.json:

    { "ServerRootAddress": "http://localhost:8080", // Internal HTTP communication "ClientRootAddress": "https://myExternalDomain.com", // External HTTPS communication "CorsOrigins": "http://localhost:8080", // CORS for internal communication "SwaggerEndPoint": "/swagger/v1/swagger.json" }

    1. Docker Configuration:

    Ensure that the ASPNETCORE_URLS=http://+:8080 environment variable is set in the Docker container (either in the Dockerfile or docker-compose.yml) so the backend listens on HTTP inside the container. 3. CORS Configuration:

    Configure CORS in the backend to allow requests from the Angular app, even though it communicates over HTTP.

    In Summary:

    Internally within the cluster: HTTP (e.g., http://localhost:8080)
Externally: HTTPS (e.g., https://myExternalDomain.com)
Assignee
No one
Labels
None yet