Using Let’s Encrypt to create an SSL certificate for my Bluemix hosted web site

In this article I will demonstrate how to secure your custom domain IBM Bluemix web application by creating your own free SSL certificate using the https://letsencrypt.org/ certification authority.

Introduction

Let’s Encrypt is a new Certificate Authority: It’s free, automated, and open. In Public Beta” (Feb 2016). Under the covers uses openssl to create SSL certificates and as such there is no “Windows” interface for doing so. I used this opportunity to learn about VirtualBox, Unbuntu and other linux related technologies. I set up a Virtualbox VM for Unbuntu by following the instructions posted here. I then went through a torrid two days of learning how to make Unbuntu work in VirtualBox, changing the resolution of the VM, learning new Linux commands and other weird and wonderful things.

This brought me to the point of being able to create an SSL cert for my Bluemix site.

If you create a website in Bluemix you get a blah.mybluemix.net hosted site as default. http://xominosocket.mybluemix.net is my socket.io chat example I keep running. You can also create your own “route” by  clicking on the icon next to the domain at the top of your application dashboard.

I set an A record in my domain provider so that copper.xomino.com pointed at the bluemix IP address and the site appeared miraculously quickly within a few minutes. The site will work under SSL but the browser whines and complains about it.

l12

The instructions on how to upload your own SSL certificate are posted here – https://developer.ibm.com/bluemix/2014/09/28/ssl-certificates-bluemix-custom-domains/. I followed a similar path and won’t repeat too much as this post is really about Let’s Encrypt

Let’s Encrypt

As I was going through the documentation on how to use Let’s Encrypt the first problem I had was around the auto creation of a certificate. The code reaches out to the internet to check and see if you actually own the domain. When I did this the first time I got the following message telling me that it actually found my site has a certificate already for *.mybluemix.net. That is not surprising at this stage because I haven’t uploaded the correct certificate yet.

l1

So I went the manual route and performed the following:

letsencrypt certonly --manual --email myemailaddress -d copper.xomino.com

This presented me with the following information.

l2

For the manual process to work (to verify that I do in fact own the domain I am claiming to own) I have to make the very specific URL respond with a very specific answer.

To do this is set up a simple route manager in my node code

app.get('/.well-known/acme-challenge/kEEHfqWh8ur-rxYzIF0Ct8cnP_oGvqCXWZweMNDwbX4', function(req, res){
  res.send("kEEHfqWh8ur-rxYzIF0Ct8cnP_oGvqCXWZweMNDwbX4.PQf6X-2A2s213el2HHSOIMzTm2BLIBAtrEdXkFDPGIU");
});

Once checked into the repo and pushed to Bluemix, this then responded appropriately on the web site

l4

I hit Enter on the Unbuntu terminal prompt – et voila !!

l5

As you can see from the above picture I was able to navigate to the folder and find the files. (BTW I had to chmod 777 -R live the folder because permissions were not created correctly when the files were generated by Let’s Encrypt)

Back in Bluemix I am now able to upload the cert.pem and privkey.pem through the manage domains option. As you can see from the image below – there is an insecure icon next to copper.xomino.com

l6

Manage Domains

l7

Once the upload is complete I was able to view the certificate

l9l8

The route for the application now has a secure icon next to it


l10

Within a few minutes I was then able to access the application using my SSL certificate successfully

l11

Conclusion

Overall this was a relatively painless way of getting a free SSL certificate – and by painless I mean if you know what you are doing with an Unbuntu machine painless. If you don’t, expect a lot of googling. I think it is worth it to learn more about a new (to me) technology and I also have a nefarious docker based reason for learning Unbuntu for the future. This was just the start.

Certificates are only available for 3 months at a time right now – you can read more about the why here (https://community.letsencrypt.org/t/pros-and-cons-of-90-day-certificate-lifetimes/4621).

Advertisements

XPages runtime in Bluemix goes Beta

On January 21st IBM announced that the XPages Runtime as entering the beta release phase. The announcement was posted on developerworks By Brian Gleeson – https://developer.ibm.com/bluemix/2016/01/21/announcing-beta-release-ibm-xpages-runtime/ This signifies a very important milestone in the process of becoming a fully fledged member of the Bluemix family of capabilities.

What does Beta mean?

Well first of all the runtime now appears on the main catalog and no longer hidden in the experimental section. You can find it in the main catalog under Runtimes and when you create a new application is part of the list of runtimes available.

b1

b2

Beta also means that there is an expectation of reliability within the cloud. Going through the Beta phase means that although IBM are not fully committed to their SLAs for delivery quite yet, they are basically expecting the runtime to perform as if it was. This means a more reliable availability, and more importantly, IBM cannot just “make changes and take stuff down” as they feel like it. Being experimental means that there is no guarantee of it even being there tomorrow.

Beta means that we can start to talk to customers about it as a real possibility. Once again, Beta means that IBM is expecting people to actually start to create prototype applications which can be used in real discussions for Application Modernization and migration scenarios.

Beta means that the end goal initial release is now much clearer. Going through the experimental phase we have seen a large number of improvements and changes to both the runtime and the OpenNTF Extension Library releases support the programmatic interaction with it. IBM’s intention is to support a hybrid model with the release of XPage in Bluemix. Currently, we do not know the future of the XPagesNoSQL service but that is still experimental.

IBM is pressing forward with the release of the runtime and the Hybrid model. For more information on this, check out another post by Brian on YoutTube (https://youtu.be/WsjQ4hjJ10E). The Hybrid model means the ability to run a trusted server in the Bluemix container and having it securely interact with your Domino server(s) back within the corporate environment. This means the data and authentication model does not leave the company, while the runtime can be used to take advantage of all the cloud foundry capabilities like fail-over, multi-instance deployments and much more.

Beta means that this is real people – most of the investment by the XPages development team, under the guidance of Pete Janzen has been in preparing XPages for Bluemix. This is a significant step in the product evolution. I fully expect that more information will be released in the App.Next presentation to be given at Connect 2016. Hopefully the expected deadline for the full release date will be shared.

More announcements coming soon

For those of you going to Connect make sure you check out the sessions on the XPages runtime and Bluemix

1529: IBM Domino App.Next – Broadening Your Horizons with Bluemix

1075: The XPages of Things: Integrate Bluemix with Your XPages Applications for a World of Possibilities

XPages in Bluemix: Creating a searchable REST service

In this article I will demonstrate how we can set up a new searchable REST service in an Bluemix XPages environment.

Introduction

This article was driven by a question on Twitter from Paul Ramos (@parf82) who asked how to search a database in Bluemix. The answer is of course, in the same way that you search it not in Bluemix, using an FTSearch. The more pertinent questions is really how to make the XPages runtime find the application to search in the first place.

Creating the base application

If you follow this video by Brian Gleeson you will be able to create your first application in Bluemix. Once you have that you can manipulate the environment to your hearts content. There are multiple, documented, methods for updating your XPages environment in Bluemix, I prefer to create a Git repository. As Toby and I demonstrated in the socialbizug webcast you can download the application design, manipulate it and send it back to Bluemix as one.

Manipulating the boilerplate

I have the initial boilerplate code cloned to my local hard drive.

bl1

First step it to edit the Manifest and get rid of the Boilerplate application. Why, you ask? Well this way you have the manifest and everything else configured for you nicely. You can do this from scratch but I generally find this mentally easier to work through.

bl2

I renames the application from todo_design to xpages_design.

I took a design copy of my extjs database and saved it in the git repo folder. The database can be seen at (http://demo.xomino.com/xomino/extjs.nsf) which is at it’s heart just a modified fakenames.nsf database (http://www.xpagescheatsheet.com) from David Leedy.

The reason I chose this database is that it contains a lot of REST services already in a normal XPages environment.

bl6

I then had to create a copy of the database itself in the Bluemix NoSQL environment.

bl4

bl5

Quick review

We now have the database split into two separate pieces

  1. The data on slaney/bluemix
    1. https://xpages-domino.ng.bluemix.net//bluemix/PSC_Playground/Hybrid/extjs.nsf/ByName-First
  2. The design xpages_design.nsf – currently in my local git repo

Putting the data directly on slaney – very possible and works in a view as expected

bl7

But if we try and access an XPage – it doesn’t work – which is what we would expect.

Accessing the data from the XPages runtime

Back in our xpages_design database we are going to create a normal REST service – but we have to use the new BluemixContext object to find out the path for the service (https://www.ng.bluemix.net/docs/services/XPagesNoSQLDatabase/index.html#xpservice_portexisting).

 

				<xe:restService id="restService3" pathInfo="byFirstNameBlue">
					<xe:this.service>
						<xe:viewJsonService viewName="ByName-First" start="0" count="100" defaultColumns="true" databaseName="#{javascript:bluemixContext.isRunningOnBluemix()? bluemixContext.getDataService().getHost()+'!!' + bluemixContext.getDataService().getRootDir() + 'extjs.nsf' : 'extjs.nsf'}">
						</xe:viewJsonService>
					</xe:this.service>
				</xe:restService>

The bluemixContext values are derived from the VCAP_Services variables made available to the XPages in Bluemix service through Cloud Foundry. An example is shown here – it is available from the Bluemix dashboard for your XPages by clicking on the ^ arrow on your NoSQL database service.

t1

Viewing the result

Once we have pushed the REST service design changes back up to Bluemix we should be able to see them. Once we correctly create the URL to the rest service. In this case “xpages_design.nsf/xRestService.xsp/byFirstNameBlue”

http://xpages.mybluemix.net/xpages_design.nsf/xRestService.xsp/byFirstNameBlue

 

We are able to demonstrate the new searchable REST service by manually modifying the URL and adding search parameters:

http://xpages.mybluemix.net/xpages_design.nsf/xRestService.xsp/byFirstNameBlue?open&search=smith

 

 

Conclusion

In this article we have seen that we are still able to use the XPages out of the box rest service to communicate between the design database and the “data” database. All the out of the box functionality is available as if it were an on premises application. We also saw the usage of the new bluemixContext to find out where the data database resides within Bluemix.

 

 

The coolest XPages demo ever – revealed

 

During the AD105 presentation at MWLUG this afternoon, Ryan Baxter and I demonstrated how you can use an XPages application to control a Drone.

We were able to make it take off, take a picture and then land, all from an XPage application interface.

 

 

For more on how this works check out Ryan’s Video 🙂

MWLUG 2015 – IBM Bluemix: Expand Your Horizons – Coolest demo ever !

In two weeks time Ryan Baxter and I will be taking the stage to talk about IBM Bluemix and how Domino/XPages developers have a whole new vista of opportunities open to this in IBM Bluemix.

I look forward to seeing many old friends and new faces there – please stick around to the end for what will hopefully be,

The coolest demonstration in the history of MWLUG

When?

Thursday August 20th – 4:00pm AD105: IBM Bluemix: Expand Your Horizons

Abstract

As a developer, you always need to add new tools to your developer tool belt.  Bluemix gives you many options to take what you already know and build upon it, allowing you to continuously reinvent yourself and your apps. Whether you are an XPages developer looking to leverage new technologies like Watson or Docker, or you want to start exploring new languages and frameworks like the MEAN stack, Bluemix has something to offer you.  Using the powerful deployment models and integration services in Bluemix, it is also easy to build solutions that combine the new with the old making it easy to build upon the work you have already done.  Expand your horizons, improve yourself and join us for a whirlwind tour of what Bluemix has to offer you!

 

Be there – or hear about it from your friends……….

An introduction to creating applications in the Bluemix environment – now available

socbizug


An introduction to creating applications in the Bluemix environment


If you missed our recent webcast, “An introduction to creating Domino applications in the Bluemix environment”, don’t worry – it’s now available on-demand. You can view both the video replay and presentation easily right from your desk.

Watch this webcast and learn how to:

  • Easily get Bluemix up and running and how to create you own XPages applications quickly
  • Integrate with the other services available within the Bluemix ecosystem
  • Maximize the new and exciting possibilities this integration opens up to the Domino community            
   
unnamed

 

XPages in Bluemix (experimental) is live

XPages is now available as an experimental release in Bluemix. As of July 2015, anyone can sign up for a free Bluemix account and try out the new XPages in the cloud capability.

What does Experimental mean?

Within Bluemix there are three levels of capability “completeness”. Experimental, Beta and Production ready. Experimental has no Service Level Agreement, no promise of availability and the code base can change at any time without notice. The reason IBM uses this level of completeness is to test drive an application’s capabilities and to elicit feedback from users. They understand that XPages in Bluemix is different than what we are used to on premesis. There is some getting used to the difference in coding patterns when we want to to “@DbName()” for example is now – bluemixContext.getDataService().findDBName().

So experimental means is that it is not production ready and IBM is honest and open about it. For me, it is better to have something than nothing and exciting to thing that in some small way I might be able to help drive the direction of the platform in this manner. Don’t forget – so can you !

Capabilities

The current version of XPages release on day 1 does not have all the same features as an on premises installation. For one, as a developer you do not have direct access to the server, you do not have programmatic access to the server. Your code will run as a designer, but never as an administrator. You cannot have multiple databases on the same application route. This means that many on premises application cannot just be ported straight to Bluemix. Notes client applications will not run in Bluemix (oh well eh……..)

And at the same time there are features and capabilities within Bluemix that are not available  on premises. Some examples are:

  • Scaling you application and running it on multiple instances
  • Automatic failure and restart if the application crashes (which is does, this is experimental after all)
  • Integration with a multitude of services that do not exist on premises
  • Git source control integration at the click of a button
  • Devops capabilities like:
    • Automatic Build and deploy
    • Monitoring and Diagnostics
    • API Monitoring tools
  • Hybrid capabilities
    • The ability to run an XPage application securely, in the cloud, while accessing data securely through an encrypted tunnel back inside the enterprise.
  • and the list goes on……
  • Watson
  • Twitter
  • and on…..

Feedback for IBM

If you have any questions and or would like to get more information on XPages in Bluemix there are a number of ways you can do that:

So how can I get started?

  • Go to http://www.bluemix,net
  • Sign up for a 30 day free trial
  • Follow the instructions and guides shown below
  • Watch videos, read blogs and learn

I started using Bluemix so that I could prepare for XPages arrival, but also so that I could learn new technologies like nodejs and cloudant. As I mentioned before, I strongly recommend you take this as an opportunity to broaden your horizons and learn something new.

Resources

To get you going here are some resources to check out for more information

Enjoy