How to ensure all inbound requests made through aws api gateway are safe and using https/tls protocol ? I heard that aws api gateway enable https by default but when I test my request as a simple http request, that just executes normally.
Any suggestion ?
Related
I've seen that some app developed in Go run without tls enabled from the app, rather enabled in its proxy server(nginx). The requests coming to the app is encrypted at the nginx side only. So the Go http server is served using only http.ListenAndServe.
While using gRPC, I've seen the gRPC server served without tls enabled, and the client dial with insecure mode enabled.
I assumed all of this because you only need enable tls only if you serve requests coming from outside(external networks). If you use http and grpc for internal services communication within internal network in microservices architecture, you don't need enable tls at all since it only adds overhead. Is this true?
How is tls properly applied in Golang development for http and gRPC server?
Currently in the gateway configuration I have to set the protocol to https like:
<ServerURL>https://10.130.10.110:9443/services/</ServerURL>
10.130.10.110:9443 is the https end point of the keymanager. If I switch to the http end point, the token validation will fail.
I searched all the WSO2 AM document and all the config sample are pointing to keymanager using https. It looks like the key manager only supports https, is it possible to change it to http? Because all the servers are deployed inside one VPC, there is no need to use http. The https is too heavy and the overall API gateway performance doesn't look good.
Thanks!
I was considering shifting my back
end rest api microservices to grpc servers. I use tyk as the api gateway to route http requests. How does an api gateway handle grpc requests?
With gRPC-Gateway, you can generate a reverse proxy that would translate REST into gRPC call via marshaling of the JSON request body into respective Go structures followed by the RPC endpoint call.
The gRPC-Gateway is a plugin of the Google protocol buffers compiler protoc. It reads protobuf service definitions and generates a reverse-proxy server which translates a RESTful HTTP API into gRPC. This server is generated according to the google.api.http annotations in your service definitions.
I am facing a secure connection conflict as some of my videos are hosted on Kaltura (http) while the site is hosted on Heroku (HTTPS). Can you guys/girls advise on how to resolve this conflict?
You can make a proxy in your Heroku backend. The steps would be:
The video request is sent through HTTPS protocol to the proxy.
The proxy receive the request, parse it, and fetch corresponding video through HTTP from Kaltura.
The proxy return video data to browser.
Is it possible to invoke admin services in wso2 products via http protocol ?
How can we configure it ?
Found the answer.
Yes, Its possible.
Open [Product_Home]/repository/conf/carbon.xml file and uncomment below element.
<HttpAdminServices>*</HttpAdminServices>
Uncommenting above parameter would expose all AdminServices in HTTP transport. With HTTP transport your credentials and data routed in public channels are vulnerable for sniffing attacks.