I am planning to host 2 webapps using Firebase Hosting: example.com and dev.example.com. For corresponding APIs, I have 2 projects on GCP (using managed instance groups and a load balancer) with custom domains: api.example.com and dev-api.example.com.
Is it possible to have a setup where subdomains of the custom domain example.com can be split/used across Firebase and GCP load balancer? I thought this is a popular setup but can't find any documentation/howto around this. I am using Google Domains as the domain provider for example.com and using Google Managed SSL certificates as well. All the projects belong to one account.
Assuming that you are using a Classic HTTPS Load Balancer with your GCP project, you may get your Firebase Hosting linked to your LB as an additional backend through Internet Network Endpoint Group so all of them can be reached through the same Load Balancer IP.
To do this,
Edit the current Load Balancer and go to Backend configuration
Create a Backend Service, under Backend type, select Internet Network Endpoint Group
Under Backends > New Backend, Create Internet Network Endpoint Group. This will take you to Network endpoint groups under Compute Engine
Under New network endpoint > Add through, you may select IP and port or Fully qualified domin name and port. Just supply the correct FQDN or IP of your Firebase hosting and the Port where the Firebase hostings are listening to, then Create.
Finish creating the backend service using the the Internet network endpoint group that you created as Backend Type
Under Host and Path rules. click +Add Host and Path Rule, please fill out the Host field with the domain of your Firebase hosting. For Path, just put /*. Then select the Internet network endpoint group that you created as Backend.
I am also under the assumption that your Google Managed Certificate is also deployed within the Load Balancer. If this is the case, then you may provision another Google Managed SSL certificate and include all 4 domains
example.com
dev.example.com
api.example.com
dev-api.example.com
Once done, you may create A records with the Load Balancer's IP address for each domain. This is to ensure that the requests will be forwarded to the correct backend, as oppose to just creating CNAME's which will always forward the request to the root domain (example.com) and not to their intended backends. The LB should be able to forward requests based on the domain being accessed.
Related
I am having a domain from firebase hosting that looks like this below
discourse-314707.web.app
I am also having an EC2 instance with the following ip address below
54.163.205.15
how can i make "discourse-314707.web.app" in firebase hosting to point to "54.163.205.15" in my EC# instance for example if i have installed an apache it displays the apache page
The discourse-314707.web.app is a subdomain on Firebase's web.app domain that it automatically sets up for any Firebase project.
Since the DNS for all web.app subdomains is managed by Firebase itself, there is no way for you to configure this to point to your own IP address.
The closest you can get it setting up your Firebase web site as a proxy for the one on EC2 with a micro-service. But you'll need to be on the paid plan for that, and it'll quite some hassle for the auto-generated subdomain.
If you register your own domain for the web app, you control the DNS settings for that domain and can point to whatever hosting service you want.
I am trying to use dynamic links for firebase using my custom domain link.
For the above purpose, I added the custom domain on firebase web hosting, and followed all the steps, but status is still showing as "Needs setup".
My main domain pointing to some other host, the sub domains pointing to some aws elastic ips, and now the newly created sub domain to firebase ips. The dns provider that i am using is cloudflare.
www.maindomain.com => webflow host
subdomain1.maindomain.com => aws elastic ip 1
subdomain2.maindomain.com => aws elastic ip 2
firebasesubdomain.maindomain.com => firebase ip records (A Records).
I cannot delete all the A records just to point to firebase, since the aws elastic ip's are my live servers serving my customers. So my question is keeping all of the above records intact is there a way to point my subdomain to firebase and transfer only the subdomain's ownership to firebase, where then i can easily create dynamic links for that domain as well?
When connecting a domain to Firebase Hosting, you must ensure your A records are pointing directly to the Firebase IP addresses. You can check this using e.g.:
dig firebasesubdomain.maindomain.com
If the Cloudflare proxy is turned on, Cloudflare will set the A records to their own IP addresses and Firebase Hosting will not be able to recognize the IPs. You should turn off the Cloudflare proxy, as Firebase Hosting is already serving content over a CDN and proxying will only introduce additional latency.
Google domain name pointing at external IP of GCP compute engine with nginx installed and app in /var/www/html. Have google site verification of property code. I need HTTPS setup. Do I need Lets Encrypt? Why is it so difficult to establish HTTPS?
None of the dozens of sites nothing here in tag search or on GCP. Nginx has how to setup in /etc/nginx/nginx.conf but my site is visible http using my external IP but not the HTTPS domain name.
I want to setup web app using three components that i already have:
Domain name registered on domains.google.com
Frontend web app hosted on Firebase Hosting and served from example.com
Backend on Kubernetes cluster behind Load Balancer with external static IP 1.2.3.4
I want to serve the backend from example.com/api or api.example.com
My best guess is to use Cloud DNS to connect IP adress and subdomain (or URL)
1.2.3.4 -> api.exmple.com
1.2.3.4 -> example.com/api
The problem is that Cloud DNS uses custom name servers, like this:
ns-cloud-d1.googledomains.com
So if I set Google default name servers I can reach Firebase hosting only, and if I use custom name servers I can reach only Kubernetes backend.
What is a proper way to be able to reach both api.example.com and example.com?
edit:
As a temporary workaround i'm combining two default name servers and two custom name servers from cloud DNS, like this:
ns-cloud-d1.googledomains.com (custom)
ns-cloud-d2.googledomains.com (custom)
ns-cloud-b1.googledomains.com (default)
ns-cloud-b2.googledomains.com (default)
But if someone knows the proper way to do it - please post the answer.
Approach 1:
example.com --> Firebase Hosting (A record)
api.example.com --> Kubernetes backend
Pro: Super-simple
Con: CORS request needed by browser before API calls can be made.
Approach 2:
example.com --> Firebase Hosting via k8s ExternalName service
example.com/api --> Kubernetes backend
Unfortunately from my own efforts to make this work with service type: ExternalName all I could manage is to get infinitely redirected, something which I am still unable to debug.
Approach 3:
example.com --> Google Cloud Storage via NGINX proxy to redirect paths to index.html
example.com/api --> Kubernetes backend
You will need to deploy the static files to Cloud Storage, with an NGINX proxy in front if you want SPA-like redirection to index.html for all routes. This approach does not use Firebase Hosting altogether.
The complication lies in the /api redirect which depends on which Ingress you are using.
Hope that helps.
I would suggest creating two host paths. The first would be going to "example.com" using NodePort type. You can then use the External Name service for "api.exmple.com".
I have a Django app deployed on AWS Elastic Beanstalk. Django is configured to only serve requests that comes for a specific hostname (ALLOWED_HOSTS). If the host information in the request doesn't match, it will raise return 500 response code, that is fine.
But, I have noticed that I get quite many of those, either sending requests vis IP address, or via other domain names. So, I would like to configure the setup so that the load balancer rejects the request if it doesn't have the proper hostname in the header information.
Is this possible to do? I have been trying to go over settings in the AWS Console, but cannot find any information how to do this. I could patch the EC2 instances to reject those request so it doesn't reach Django at all, but I would like to stop it as early as possible.
Flow now:
Client -> Load Balancer -> EC2 instance -> Nginx -> Django
<-500 error- Django
What I want:
Client -> Load Balancer
<-reject- Load Balancer
Elastic Load Balancer cannot be configured to filter out requests.
If your allowed connections are based on IP address, then you can use VPC ACLs to allow only connections from certain IP addresses. All others will receive failed connections at the ELB level.
If your allowed connections are not based on IP address you can take a look at CloudFront in combination with Amazon Web Application Firewall (WAF).
WAF can be configured to filter at the web request level by IP address, URL, query string, headers, etc.