My objective is to run some services on Pivotal Web Services (PWS; hosted instance of Pivotal Cloud Foundry), and have them respond to requests to `https://survey.atomist.com` at various paths. Currently these services run on AWS, along with services that respond at other subdomains of atomist.com.
TL;DR: this is easy enough for HTTP requests and prohibitively difficult for real HTTPS, for only one subdomain.
This posts describes some tricky bits in this process, and the bits that leave me stuck.
Prerequisites: I have PWS set up and a few apps deployed. Meanwhile all our existing infrastructure runs on AWS.
First: multiple apps responding at satellite-of-love.cfapps.io
The instructions tell me how to point my own domain at a single app in PWS, but I want multiple apps to serve paths from my domain. The caller should not know or care which service is responding to its request for a resource.
To do this, I set up a route in cloud foundry, with a hostname (which seems to be PCF’s name for the third-from-the-right segment of the domain name, anyone know why?) that doesn’t correspond to any one app.
`cf create-route jessitron cfapps.io –hostname satellite-of-love`
Here, jessitron is my space in PWS. cfapps.io is PWS’s domain, this gets requests into Cloud Foundry for routing. satellite-of-love is a domain name that I like, it matches my github org.
That path is going to 404, but I have called dibs on satellite-of-love.cfapps.io. It’ll route to my jessitron space and no one else’s.
Now I can make routes for each endpoint and tell it which app serves it. For the /vote endpoint on Kitty Survey, I have an app running called london, so I hook that up:
`cf map-route london satellite-of-love.cfapps.io –path /vote`
Now I can hit https://satellite-of-love.cfapps.io/vote and my london app receives a request at path /vote. This is good for testing.
This part totally works with HTTPS. If you don’t mind changing your clients to point to this URL, stop here.
Second: HTTP: pointing survey.atomist.com to satellite-of-love.cfapps.io
This is DNS setup. We happen to use AWS Route53 for this. I go into the AWS console to set up a CNAME record for survey.atomist.com -> satellite-of-love.cfapps.io. There was one tricky bit to this in Route53: I clicked on the existing survey.atomist.com record (if it didn’t exist I would click Create Record Set), and tried to enter my target BUT NO
It was all “The record set could not be saved because:
– Alias Target contains an invalid value.“
Here’s the trick: choose Alias: No.
With a regular CNAME (the Alias ones are an internal-to-AWS thing), I can route to an external domain from Route53.
Next, over in Cloud Foundry land, I can tell it about this domain.
`cf create-domain atomist survey.atomist.com`
Here, atomist is my PWS org. Then I tell it to send requests to my space please:
`cf create-route jessitron survey.atomist.com`
And then I create routes for each of the endpoints, but with this new domain. (I’m pretty sure this is necessary.)
`cf map-route london survey.atomist.com –path /vote`
I’ll need to make these two routes (or at least the last one) for every endpoint I add to my service. Soon I’ll add this to my “add REST endpoint” automation in Rug.
I work at Pivotal and tried this for the first time. To use Pivotal SSL:1) You don't need to create the service in a separate space. A separate space is useful if there are multiple devs with PWS accounts and you don't want all of them to be able to update or delete the Pivotal SSL service.2) You'll need to change the CNAME survey.atomist.com in Route53 from satellite-of-love.cfapps.io to the hostname generated by the Pivotal SSL service. It'll be something like 'service-name-id.ssl.run.pivotal.io.I did the above and had SSL routing to two different apps: https://ssl.dubkat.xyz/app1/ and https://ssl.dubkat.xyz/app2/.
Thank you! I'll try this. Then I won't need CloudFlare?
No CloudFlare needed!