Language Configuration
Some language-specific environment configuration may be necessary but you should not need to modify your application code to use proxymock.
Decrypting TLS
proxymock attempts to automatically configure TLS on the desktop so manual configuration is only necessary in special environments like CI/CD or when TLS decryption does not work out of the box.
Commands and flags should be run in the environment where your application is running.
- Go
- Node.js
- Ruby
- .NET
- Java
export SSL_CERT_FILE="${HOME}/.speedscale/certs/tls.crt"
export NODE_EXTRA_CA_CERTS="${HOME}/.speedscale/certs/tls.crt"
For Node.js applications newer than v7.3.0.
export SSL_CERT_FILE="${HOME}/.speedscale/certs/tls.crt"
export SSL_CERT_FILE="${HOME}/.speedscale/certs/tls.crt"
.NET Core uses OpenSSL on Linux and Mac which respects default settings. The default Microsoft .NET Docker base images are Linux based which means these settings apply, however running Windows based workloads may require additional configuration.
Java applications utilize a truststore to specify certificates to be trusted.
On desktop:
Create the keystore with Speedscale certs.
proxymock certs --jks
Then apply these flags when running your app:
java \
-Djavax.net.ssl.trustStore=/etc/ssl/speedscale/jks/cacerts.jks \
-Djavax.net.ssl.trustStorePassword=changeit \
-jar app.jar
In cluster:
During Operator installation a secret called speedscale-jks will be created that contains the speedscale-certs root CA
along with a standard set of CA certs used by openjdk. This secret is automatically mounted when the
tls-out setting is configured as shown below. The Java app itself needs to be configured to use this secret
as well which requires configuring your JVM to use the truststore with these settings:
These can be automatically applied by adding to your JVM by setting JAVA_TOOL_OPTIONS. This can be set
on your workload by adding the sidecar.speedscale.com/tls-java-tool-options: "true" annotation. Read more
about this setting here.
When running in-cluster, these flags are also surfaced as an environment variable SPEEDSCALE_JAVA_OPTS if you need to merge with your own existing sets of Java flags.
apiVersion: apps/v1
kind: Deployment
metadata:
name: spring-boot-app
annotations:
sidecar.speedscale.com/inject: "true"
sidecar.speedscale.com/tls-out: "true"
sidecar.speedscale.com/tls-java-tool-options: "true"