0

We have integrated API Management with Service Fabric in Azure as outlined in this document. Everything is up and running, but we would like to ensure that the traffic between API Management and Service Fabric Stateless Service (ASP.NET Core) is encrypted using HTTPS. Currently the API Management logs show that the traffic is HTTP.

enter image description here

Is there a way to enable HTTPS (or at least encrypted) traffic between API Management and Service Fabric?

bartbje
  • 331
  • 1
  • 7

1 Answers1

0

APIM gets those http endpoint from SF itself by calling IServiceResolutionClient.ResolveServicePartitionAsync. Are you sure your stateless service is configured with HTTPS scheme at Service Fabric end?

Vitaliy Kurokhtin
  • 7,205
  • 1
  • 19
  • 18
  • No currently there is no https endpoint configured, which is off course part of the problem, but how and where would that certificate need to be registered. Also what should the subject be, as the traffic is using the IP address of the node e.g. 10.0.0.4:20055? – bartbje Dec 10 '19 at 14:37
  • That would mostly be a question to service fabric. You could use self signed certificate and disable certificate validation in APIM. This way you will not ensure that backend is who it claims to be, but at least traffic will be encrypted. Or you could use real certificate and set-header policy in APIM to set Host header to desired hostname. This way APIM will send request to IP address but SSL handshake request with backend will contain SNI information to properly select and validate certificate. – Vitaliy Kurokhtin Dec 10 '19 at 18:50