Currently, the package and droplet download/upload endpoints redirect to the public port of the singleton-blobstore (if used) which does not support TLS. This adds a TLS server to the singleton-blobstore's nginx conf.
This change was designed to be consumed without any changes from a bosh manifest/cf-deployment. That is, not supplying a SSL certificate in the manifest will simply cause the TLS server to not be render to the blobstore's nginx conf, and the download/upload endpoints will continue to redirect to the non-TLS port. There will be a corresponding PR to cf-deployment soon, and some time after that is merged, we can remove the non-TLS ports entirely.
[x] I have viewed signed and have submitted the Contributor License Agreement
[x] I have made this pull request to the develop branch
Currently, the package and droplet download/upload endpoints redirect to the public port of the singleton-blobstore (if used) which does not support TLS. This adds a TLS server to the singleton-blobstore's nginx conf.
This change was designed to be consumed without any changes from a bosh manifest/cf-deployment. That is, not supplying a SSL certificate in the manifest will simply cause the TLS server to not be render to the blobstore's nginx conf, and the download/upload endpoints will continue to redirect to the non-TLS port. There will be a corresponding PR to cf-deployment soon, and some time after that is merged, we can remove the non-TLS ports entirely.
[x] I have viewed signed and have submitted the Contributor License Agreement
[x] I have made this pull request to the
developbranch[x] I have run CF Acceptance Tests on bosh lite