When you deploy an app to a production environment, you should:
configure an http health check to allow Cloud Foundry to detect and attempt to replace unhealthy app instances.use a separate staging environment to test your app (refer to the case studies on managing orgs, users and spaces for more information).build your app in line with the 12-factor app principles.If you are using your own content distribution network (CDN), you must set up a domain by configuring your CDN. If you are a central government service using the GOV.UK domain, you must get a domain from GOV.UK for your service and set the DNS records required by your cdn-route service. To deploy an app to a production environment, your department, agency or team must have a paid account with the GOV.UK PaaS.īefore you deploy an app to a production environment, you must set up a domain. This prevents a site from repeatedly redirecting back to the HTTP protocol without the user noticing.
The original query path and query parameters will be removed. a service linking to the HTTP version of a page by mistakeĪny requests made to a public app route over the protocol will be automatically redirected to the base version of that URL.misconfiguration of an app that allows non-encrypted traffic through.Requests could be made to an app’s public route over the non-secure protocol due to: Refer to the GOV.UK page on government security classifications for more information on these classifications. Learn about How GOV.UK PaaS meets the NCSC Cloud Security Principles. Refer to the information assurance page for information on the assurance process. You cannot store data classified ‘secret‘ or ‘top secret‘ on the GOV.UK PaaS. You can store data classified up to ‘official’ on the GOV.UK PaaS. If you are using Cloud Foundry CLI version 6 and the blue-green deploy plugin, you must recreate the network policy after each deployment You must specify a private route in the private app’s manifest to tell Cloud Foundry that this app should not be accessible from the internet.Ĭreate the private app’s manifest.yml with the following code: Specify a private route in the private app’s manifestĬloud Foundry uses routes to send requests to apps. create a network policy to allow the apps to connect with each other.set the private app URL as an environment variable in the public app’s manifest.specify the private route in the private app’s manifest.a private app that the public app can securely connect to, but which is not accessible from the internet.a public app for your end users to interact with.
The following use case is that you have 2 apps to deploy: If you wish to use TLS, you are responsible for the keys, certificates, protocol versions, and ciphers involved. Private apps can communicate over any TCP-based protocol. A common use case for this is that you have multiple micro-services that make up an overall app, and those micro-services must only be accessible by other micro-services in the app. If you do not want your apps to be publicly accessible at all, you must deploy your apps on the apps.internal domain. If you need to restrict access to a public app, for example to implement basic authentication, you should refer to the documentation on route services. Your application should write all its log messages to STDOUT/ STDERR, rather than a log file.īy default, all apps you deploy on Cloud Foundry are publicly accessible to everyone through the internet.Instances will be restarted if they exceed memory limits.All configuration information should be stored in environment variables, not in the code. You may need to set environment variables for your app to work.Cloud Foundry local storage is ephemeral and can be deleted at any time. Your app should not write to local storage.You will not normally need to target the sandbox space if you are a new user, as this space is the default for new users.Ī possible exception to this is if your org is mature and has pre-existing spaces you should check to ensure that you target the appropriate space for testing.
#View excluded file appcode windows#
0 kommentar(er)
