You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@camel.apache.org by Mikael Koskinen <mi...@gmail.com> on 2022/12/01 06:14:19 UTC
YAML DSL/Karavan: HTTPS request to server which has self-signed certificate/invalid certificate
Hi,
I'm wondering if it possible to use just YAML DSL/Karavan to create a
route where HTTP/Netty-http/Undertow component makes a HTTPS request
to server where server has either:
a) Self-signed but otherwise valid certificate
b) Expired or otherwise invalid certificate
I was kind of hoping to find something like
disableRemoteCertificateValidation which could be checked through
Karavan. Couldn't find one and tried to find a solution using just the
YAML DSL and failed again.
In my case the self-signed certificates are the issue and they change
a lot and so just enabling some "I know this is wrong but just make
this work" property would be a life saver instead of having to mess
with keys etc.
Is there a "pure YAML DSL" way of making a https request to a server
presenting a self-signed certificate?
Thanks in advance for any guidance.
Re: YAML DSL/Karavan: HTTPS request to server which has self-signed certificate/invalid certificate
Posted by Mikael Koskinen <mi...@gmail.com>.
Hi,
Thanks, sounds good!
Regarding the kamelets and http. I tested/used them earlier today when
trying to remove some duplication and making a YAML route more
readable. I think creating a custom kamelet worked nicely in hiding
the nitty gritty details from the actual route.
I'm testing different ways of using Camel in reverse proxy scenarios
with an idea that maybe we could at some point replace our current
Ocelot Proxy based solution with a Camel based one. This way we could
use Camel's components to add customization options to the downstream
requests/responses.
I'm not sure if I could have hidden the repetitive code some other
way, but I used a custom kamelet sink to do the http calls. Here's how
its template ended up looking:
template:
from:
uri: kamelet:source
steps:
- to:
uri: "{{url}}"
parameters:
bridgeEndpoint: true
throwExceptionOnFailure: false
preserveHostHeader: true
copyHeaders: false
responsePayloadStreamingThreshold: -1
disableStreamCache: true
This allowed to keep the load balanced proxy route IMHO quite easy to
understand and to maintain:
- route:
from:
uri: netty-http:http://0.0.0.0:8181/api
steps:
- loadBalance:
failover:
roundRobin: true
steps:
- to:
uri: "kamelet:http-proxy-sink"
parameters:
url:
https://webhook.site/997c59f4-430b-451f-9b79-fe0f4a2464d3
- to:
uri: "kamelet:http-proxy-sink"
parameters:
url:
https://webhook.site/5f36b5e0-4f27-4439-b15b-5af4b06db66f
parameters:
matchOnUriPrefix: true
httpMethodRestrict: GET
Still not sure if this is the optimal way of doing things as there's
much to learn and to test.
to 1. jouluk. 2022 klo 15.53 Claus Ibsen (claus.ibsen@gmail.com) kirjoitti:
>
> Hi
>
> Yeah making using camel components easier for quickly trying out and
> testing stuff is excellent with karavan / jbang and kamelets.
>
> Have you looked the kamelets for http? We can liketry make a
> derivation that can do HTTPS - In the past there was some dummy http
> certificate trust manager (of some sorts),
> that could be = true.
>
> We can maybe find that old code, and put it into a new kamelet.
>
>
>
> On Thu, Dec 1, 2022 at 7:15 AM Mikael Koskinen <mi...@gmail.com> wrote:
>
> > Hi,
> >
> > I'm wondering if it possible to use just YAML DSL/Karavan to create a
> > route where HTTP/Netty-http/Undertow component makes a HTTPS request
> > to server where server has either:
> >
> > a) Self-signed but otherwise valid certificate
> > b) Expired or otherwise invalid certificate
> >
> > I was kind of hoping to find something like
> > disableRemoteCertificateValidation which could be checked through
> > Karavan. Couldn't find one and tried to find a solution using just the
> > YAML DSL and failed again.
> >
> > In my case the self-signed certificates are the issue and they change
> > a lot and so just enabling some "I know this is wrong but just make
> > this work" property would be a life saver instead of having to mess
> > with keys etc.
> >
> > Is there a "pure YAML DSL" way of making a https request to a server
> > presenting a self-signed certificate?
> >
> > Thanks in advance for any guidance.
> >
>
>
> --
> Claus Ibsen
> -----------------
> @davsclaus
> Camel in Action 2: https://www.manning.com/ibsen2
Re: YAML DSL/Karavan: HTTPS request to server which has self-signed certificate/invalid certificate
Posted by Claus Ibsen <cl...@gmail.com>.
Hi
Yeah making using camel components easier for quickly trying out and
testing stuff is excellent with karavan / jbang and kamelets.
Have you looked the kamelets for http? We can liketry make a
derivation that can do HTTPS - In the past there was some dummy http
certificate trust manager (of some sorts),
that could be = true.
We can maybe find that old code, and put it into a new kamelet.
On Thu, Dec 1, 2022 at 7:15 AM Mikael Koskinen <mi...@gmail.com> wrote:
> Hi,
>
> I'm wondering if it possible to use just YAML DSL/Karavan to create a
> route where HTTP/Netty-http/Undertow component makes a HTTPS request
> to server where server has either:
>
> a) Self-signed but otherwise valid certificate
> b) Expired or otherwise invalid certificate
>
> I was kind of hoping to find something like
> disableRemoteCertificateValidation which could be checked through
> Karavan. Couldn't find one and tried to find a solution using just the
> YAML DSL and failed again.
>
> In my case the self-signed certificates are the issue and they change
> a lot and so just enabling some "I know this is wrong but just make
> this work" property would be a life saver instead of having to mess
> with keys etc.
>
> Is there a "pure YAML DSL" way of making a https request to a server
> presenting a self-signed certificate?
>
> Thanks in advance for any guidance.
>
--
Claus Ibsen
-----------------
@davsclaus
Camel in Action 2: https://www.manning.com/ibsen2