Skip to content

On-Premise Infra with HTTPS

To enable HTTPS encryption on OctoPerf On-Premise Infra, the HTTPS version requires some extra configuration to work compared to the regular HTTP plain version.

This tutorial explains how to configure OctoPerf EE to serve the content through HTTPS, also known as SSL encryption.

Pre-requisites

To setup OctoPerf EE with SSL encryption:

The zip is preconfigured with SSL encryption both on Load-Balancer and Backend side. However, some custom configuration is still required.

You will also need:

  • A hostname: the hostname must be resolvable from your network by DNS (example: api.octoperf.com, which is publicly available),
  • server.crt and server.crt.key: you need an SSL certificate generated by a valid certification authority for the previous hostname.

We're almost done, let's configure both the backend and the load balancer using SSL encryption.

Backend Configuration

First, let's configure the backend by editing config/application.yml file:

server:
  scheme: https
  public:
    port: 443
  hostname: YOUR_HOSTNAME
  # it tells the backend to take `X-Forwarded-*` HTTP headers to get information about the client 
  # performing the requests (like his IP and the scheme used between the client and the load-balancer)
  forward-headers-strategy: native
  # regular expression to match the IPs of the load balancer, thus ignoring them when trying to resolve client IP
  # Configured by default internal docker IPs
  tomcat:
    remoteip:
      internal-proxies: "172\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}"

Replace YOUR_HOSTNAME by the hostname for which your SSL certificate has been generated.

Load Balancer Configuration

Now, let's configure HA-Proxy with your own SSL certificate:

  • Copy your server.crt and server.crt.key to ha-proxy/ folder. In the case your files have a different name, please rename them to match the expected names.

Start OctoPerf EE

Run the command make from the command-line to start the server. The server should start pretty quickly (usually within 30-45sec), but it depends on the hardware used.

Browser to https://YOUR_HOSTNAME (YOUR_HOSTNAME must be replaced by the hostname you configured before).