Enable SSL and non SSL operation at the same time

[williamdenton]

Expose both https and http ports for localstack services.

Use Case:

I have a dotnet application that consumes a kinesis stream using the KCL/multilang daemon and writes to dynamoDb.

• The java multilang-daemon requires kinesis be on https (java has option to bypass cert validation)
• the dotnet sdk doesn't support bypassing cert verification

Work Arounds:

• Generate stable certificate for local stack to use, then import that certificate into the alpine base image trust store, now the cert is trusted and all is well. But, on windows (its fine on mac) the localstack kinesis reliably fails to start with an external data directory. So to get round this i need to add an extra layer to the localstack docker image to docker add in the certificate rather than using a volume. This works but it's getting a bit gross/rube goldberg.

• An alternative we tried was using nginx as a proxy so it would terminate https and pass traffic through to the localstack ports. This works well, but is another container to run and maintain.

Suggestion

Allow localstack to be configured to run with dual ports, possibly offset by 1000 from each other, one that uses http and one that doesn't. This will allow apps that require https to exist alongside apps that make it very hard to support self signed certs thus would prefer http.

[gmaf]

@williamdenton Hello. You say you've managed to run multilang daemon against localstack.
Could you please describe how you did it?
How to specify localhost as an endpoint for daemon?

[williamdenton]

Add to the bottom of your kcl.properties file:

# Override the dynamoDB and kinesis endpoints to talk to localstack
kinesisEndpoint = https://localstack-https:5568
dynamoDBEndpoint = https://localstack-https:5569

# We won't have access to Cloudwatch, disable metrics reporting
metricsLevel = NONE

Your ports might be different as this is copy pasted from a setup with nginx proxying traffic to localstack rather than running local stack on ssl mode.

[gmaf]

@williamdenton Big thanks for pointing this out!
Now we have the same problem as you described.
But I think the information you provided should be included in KCL/multilang daemon readme.

[whummer]

Thanks for reporting @williamdenton @gmaf . This should be fixed in #1823 - when run with USE_SSL=1, the service endpoints should now transparently support both HTTPS and HTTP over the same port.

Can you please give it a try with the latest version, and report here if there are any other issues. Thanks!