Undocumented JAVA: Web Application: Deploy to the Cloud – Part 4
IntroductionWell, well, well. Part 1, Part 2 and Part 3 are out. Now we are hosting our freshly written Java Spring Boot application on Heroku Cloud. Then Move it our our Domain and now if you have noticed when we moved the application to our domain HTTPS fell apart and we are now only running the application on HTTP only. Where did the security that heroku provided go? How can we get it back? This is all that we will be seeing in this part.
Recap of what we did so far
In Part 1 we deployed a newly written web application to Heroku. Here is what you see in the response.
Observations on the Httpie output:
1. The common name on the hostname and Server value Cowboy in the HTTP response header tells us that we are hitting Heroku cloud directly.
2. Heroku provides HTTPS service to secure our application. Very thankful to Heroku.
Next in Part 2 we moved it to our domain.
Observations on the curl output:
1. We lost the HTTPS service provided by Heroku and service is only HTTP.
2. Host got changed to the host name that we choose and not what Heroku provided.
3. The service that is running on the server is still provided by Heroku.
In Part 3, we changed our name server to Cloudflare and made Cloudflare be our shield to our service running on Heroku.
To make sure the service is proxied via Cloudflare here is our test.
the HTTP response header has the server name as cloudflare. Thus, we are certain that the response is proxied via cloudflare.
Lets EncryptCloudflare provides HTTPS service by default and we can tweak it to enforce stricter HTTPS with some simple steps.
To enable this feature, we will have to wait till the site is active via cloudflare on the Overview Page.
Wait till you see the Status: Active.
Then we will have to see SSL Status as Active Certificate.
You have regained your HTTPS. Congratulations!
Other Crypto Settings to Guard the siteHere is what is recommended to keep your site secured.
Doing so will make sure you get the Green back on your browser.
All through the journey of this 4 Part Series we have successfully deployed a simple program to Cloud and transfered the application to our domain and then secured them using Cloudflare.
Heroku provides free developer trial Dynos for 600+ hours and that means you may virtually keep one application running for almost a month for free.
If you wish to do this the only place you will have to spend is buying a domain. If you are not particular about the name of the domain, you can get a cheap domain for less than $2 and experiment.
Cloudfalre, provides one domain management for free. Which means from basic to moderate features that is sufficient for small companies and startups can benefit from these features that only large Enterprise were only able to do.
There was days I used to have a craving to host my Java based web application somewhere for learning and experiment Dev projects. Every time, I looked for hosting I got into Linux hosting that were very expensive for me to spend on development and learning stuff. With the advancement in the cloud has enabled enterprise style web application can be provided to developers for absolute no cost and this is a very positive vibe for the development community to be able to freely experiment and exercise their skills.