I have deployed my angular on Firebase. I have connected my custom domain as well. Firebase has issued me a certificate for my custom domain. Now I want to deploy spring boot on Google cloud. I am totally fine with compute engine or App engine. But I want to use the SSL certificate provided by Firebase for my front-end angular app in the backend spring boot application. I don't want to bring up a load-balancer.
What are my available options?
Should I go with nginx configurations ?
How will I access the certificate firebase has issues for my frontend app ?
Google Cloud does not provide private keys for Managed SSL Certificates. Without the private key, you cannot deploy the SSL certificate on your own services (Nginx, Apache, Spring Boot, etc).
You must use a Google Cloud service with a managed SSL certificate.
Your other options are:
Purchase an SSL certificate from a CA
Configure Let's Encrypt to issue SSL certificates
Related
I'm having hard time in understanding how the SSL part of this firebase works
as there is no option to change
and its causing many issues if we use other SSL apart from firebase
is there any way where we can disable firebase ssl
and use custom one
or can some one tell me how to reset this ssl issued by firebase (which is different domain and its just partial not full/strict https)
The SSL certificates Firebase Hosting uses come from letsentrypt.org. They are full SSL certificates, but they are shared between many domains. From the Firebase documentation on its SSL certificate provisioning:
Your domain will be listed as one of the Subject Alternative Names (SAN) in the FirebaseApp SSL certificate. You can view this certificate using the browser's security tools. While the domain is provisioning, you might see an invalid certificate that does not include your domain name. This is a normal part of the process and will resolve after your domain's certificate is available.
If your project is on the paid Blaze plan, you can reach out to Firebase support to set up a SSL certificate you provide on Firebase Hosting for it.
So here's situation,
The firebase auth is very good.
But in some area for some reason the host of https://www.googleapis.com are not accessible from app side.
So I was think about a way to proxy the request to https://www.googleapis.com in may iOS app to My Server, and My Server will transfer the auth request to https://www.googleapis.com on server sider.
Question
Is there a way to config the host in firebase API ? Or is this a good way to do it?
We created static one page WEB application that uses external API for authentication and data.
We set dedicated URL space prefixed with /api to solve cross domain restrictions with reverse proxy. Proxying works fine with Ngnix, Apache on local setup but I can't find proxying support in Firebase Hosting: https://firebase.google.com/docs/hosting/url-redirects-rewrites
There is Function offer that can run node runtime up to 1 minute per call. Can't it be used to implements reverse proxy?
UPDATE We ended with Heroku offering. It hosts our static JS/CSS assets via WEB server (internal detail of a particular cloud provider) and same WEB server is user for proxing API calls via defined extension point, mapped to URL root like /api.
This way JS application is written to issue API calls to URL without schema / host / port, it doesn't matter if you run it on localhost (development) or in cloud env (prod)!
I built an OAuth 2.0 server, and I had verify the implementation of the custom OAuth 2.0 server by postman in chrome, and an nodejs oauth client. It works.
My question is, when I launch Amazon Alexa app in android, and enable the skill. The login UI disappears. It shows nothing. So, I cannot login to get back oauth accessToken.
I use Facebook OAuth service instead now, it works fine. But I still need the custom OAuth 2.0 server to be workable. I doubt it's self-signed SSL certification now, and I will check it in these days.
Any help will be appreciated.
For Self-signed SSL certification, it doesn't work. With a trusted SSL certification, the login UI shows.
Conclusion
After many tests, the custom OAuth 2.0 server for alexa service, must meet following conditions.
The ssl certificate MUST be signed with trusted organization.
The https port MUST be 443, not a custom port. (Ex: 12345)
In some android mobiles, a self-signed certificate or a custom port, the login UI will display. But they all failed at another step for accessToken. The step for authorize is not a problem, but step for token seems to be blocked by alexa app. I suppose alexa app will check the port number, and it doesn't trust self-signed certificate.
We want to switch our ASP.NET MVC application from Azure Cloud Service to Azure App Service (web app). The application is currently using WIF as its identity framework, and as it is running in a farm configuration, we configured a custom SessionSecurityTokenHandler which encrypts the session cookie using a certificate (thus the cookie can be decrypted by all instances of the web farm).
We could provision this certificate in the Cloud Service scenario using the csdef/cscfg files and the built-in Azure certificate store associated with the Cloud Service, but there is no such thing with Azure App Services (unless I missed something).
Is there any way to configure a certificate in the App Service? Should we fall back to another mechanism to encrypt the session cookie, such as a shared machine key? The machine key is not an ideal solution as it forces us to leave some configuration out of source control to avoid leaking the key.
Using the Azure portal (https://portal.azure.com), open the web app blade for your web app and click on the Settings button in the toolbar.
In the Settings blade, click on Custom domains and SSL. In the Custom domains and SSL blade click on the Upload Certificate button in the toolbar. This will open a blade where you can upload the certificate.
In the web app settings blade, you will need to add an app settings using the key WEBSITE_LOAD_CERTIFICATES. You can set the value to * to load all certificates or if you want to specify a specific certificate you could do that.
From there, you can use the certificate like you would in your cloud service version of the application. Some additional information on this and how to use the certificate in code is available here if you need it.
Finally, to Michael B's point in the comments, using Azure Key Vault would be another approach you could take and would provide some additional security.