Skip to content

Commit 30e1cb8

Browse files
mjgutermuthMelinda Gutermuth
mjgutermuth
authored and
Melinda Gutermuth
committed
[#180124770] Merge pull request #212 from cloudfoundry/cf-neworking-tls-update
Cf neworking tls update
1 parent da1a74f commit 30e1cb8

File tree

4 files changed

+5
-1
lines changed

4 files changed

+5
-1
lines changed

images/lb-and-router.png

4.98 KB
Loading

images/lb.png

5.01 KB
Loading

images/pass-through.png

4.3 KB
Loading

securing-traffic.html.md.erb

+5-1
Original file line numberDiff line numberDiff line change
@@ -213,6 +213,8 @@ The following diagram illustrates communication between the client, load balance
213213
Traffic passes from the encrypted client, to the load balancer, to the router, and traffic terminates at the app.
214214
Traffic between the load balancer and the Gorouter is encrypted only if the client request is encrypted.
215215

216+
<p class="note"><strong>Note:</strong> Traffic between the Gorouter and app is encrypted with TLS, unless a Windows stemcell is being used.</p>
217+
216218
### <a id="http_header_gorouter"></a> About HTTP Header Forwarding
217219

218220
If you terminate TLS at the Gorouter only, your load balancer does not send HTTP headers.
@@ -251,6 +253,8 @@ The following diagram illustrates communication between the client, load balance
251253

252254
Traffic starts at the encrypted client, passes through the load balancer to the router, and terminates at the app. Traffic is not encrypted past the load balancer.
253255

256+
<p class="note"><strong>Note:</strong> Traffic between the Gorouter and app is encrypted with TLS, unless a Windows stemcell is being used.</p>
257+
254258
### <a id="http_header_lb"></a> About HTTP Header Forwarding
255259

256260
If you terminate TLS at your load balancer, you must also configure the load balancer to append the `X-Forwarded-For` and `X-Forwarded-Proto` HTTP headers to the HTTP traffic it passes to the Gorouter.
@@ -273,7 +277,7 @@ Traffic starts at the encrypted client, moves through the load balancer to the r
273277

274278
This option is less performant, but allows for termination at a load balancer, as well as secure traffic between the load balancer and the Gorouter.
275279

276-
<p class="note"><strong>Note:</strong> Traffic between the Gorouter and Windows stemcells is not encrypted with TLS.</p>
280+
<p class="note"><strong>Note:</strong> Traffic between the Gorouter and app is encrypted with TLS, unless a Windows stemcell is being used.</p>
277281

278282
### <a id="cert_guidelines_lb_gorouter"></a> Certificate Guidelines
279283

0 commit comments

Comments
 (0)