Details
-
Feature Request
-
Resolution: Unresolved
-
L3 - Default
-
None
-
None
-
None
Description
Based on https://github.com/camunda/spike-rest-distro/pull/1#issuecomment-582860784
In a cloud-based scenario where Camunda BPM Run is deployed behind a gateway (nginx, apache, ...) HTTPS should be terminated by the gateway and communication after the gateway should be HTTP based. The gateway usually set a HTTP header to indicate the original request was HTTPS. A corresponding header must be set for the response.
In this scenario Camunda Run does not need to be able to support HTTPS but only interprete the header that indicates HTTPS requests and finally setting the corresponding header to the response. The keystore file would not be required for Camunda Run as HTTPS/SSL encryption/decryption is done at the gateway.
For HTTPS support on setups running locally (or not behind such a gateway) the keystore file must still be provided for Camunda Run and a redirect from HTTP to HTTPS should be applied.
Things we should clarify:
- Do we want to support this scenario?
- How does a cloud gateway work? Which headers are set? What headers do we need to set? How is the keystore handled?
- Can we implement this with Spring-Boot?