We need to identify all network traffic that a specific Android/iOS app induces. The app is using Firestore in the backend. By default, connections to Firestore always use the domain firestore.googleapis.com instead of a project-specific subdomain (like Cloud Functions do, for example). This way those connections can't be related to a specific app by only examining the outgoing or incoming network traffic of the device.
Is it possible to route the traffic through a proxy or similar to be able to identify connections uniquely?
+-----+ +---------------+ +----------------------------+
| App | ----> | Reverse Proxy | ----> | Firestore |
| | <---- | (mydomain.com)| <---- | (firestore.googleapis.com) |
+-----+ ^ +---------------+ +----------------------------+
|
|
Connections that must be
uniquely identifiable
for a specific app
Is this possible with Firestore (at least, there's a function setHost() in the client SDK) and if so, what drawbacks would it have?
You can try to create a reverse proxy server and install on it the Firebase Emulator. You can then connect to this server from your app. The emulator will receive your requests and redirect them to Firestore. This will give you some flexibility and achieve your use case to some extent. read more about the Firebase Emulator here
Related
We have several servers in our infra for which we are unable to trace the Openstack Project Details.
Is there any way to fetch the associated project ID/ Name details from the VM?
On my cloud:
$ openstack server show ab852bda-978e-4fd0-ba60-f4eebab327d3 -c project_id
+------------+----------------------------------+
| Field | Value |
+------------+----------------------------------+
| project_id | dfe697576058427d96d59bf45433636d |
+------------+----------------------------------+
In VM,
ip a
So, learn ip of VM
(actually, you should be knowing IP, if you are able to connect it..)
Then, in openstack cli, filter according to ip addresses.. This way, you can learn which project it belongs to...
In our project, we want to use HAproxy as a Load balancer which is done on a VM, and Nginx is used as a server. Is it possible to do? or is it necessary that we use one Nginx for the load balancer and another one as a server?
Yes, HAProxy only need an address:port
So you can forward to an NGinx that will expose your app
Or forward directly to applications port
Both will work.
HAProxy
| |
| |
NGinx NGinx
| |
| |
App App
HAProxy
| |
| |
App App
This page from Redislabs, titled: Redis Enterprise: A Secure Database states the following:
Encryption | Data in transit | - Client<>Redis – SSL/TLS
| | - Inter cluster (between cluster’s nodes) – IPSec
| | - Across-cluster – SSL/TLS
It's unclear what Redislabs means when they state IPSec for the encryption of traffic among its own sub-components.
Question
Do they do anything internal to facilitate this or do they expect that customers would set up a secure tunnel using some other product to secure this communications?
Going through this presentation from the VP of Redislabs, titled: Secure Redis deployments for Simplified Compliance - HIPPA, PCI, GDPR | Redis Labs it would seem to be the case that Redis Enterprise does nothing to help secure the in-communications among its own nodes in a cluster.
The product fully expects that customers utilize IPSec technologies such as:
stunnel
spiped
strongswan
iptables
etc.
to encrypt/secure traffic however you deem necessary per your applications usage of Redis.
Redis Enterprise comes with a deployment tool that allows securing inter-node communication using IPSec. As a result, the secured inter-node communication has practically no effect on cluster performance.
Oren
I want to have a the client of a Meteor app establish a permanent connection to the server of a distinct meteor app. socket.io seems to be the way to go for this type of connection.
Thanks to this I can use socket.io with meteor and initiate the connection from the client of the first app, apparently like this:
var socket = io('http://app2.com');
socket.emit('ping', 'dummy');
How can I create a route to respond to this request from app2 server?
To make things a bit clearer:
----------------
| client of app1 |
----------------
\
want socket.io to run here
\
---------------- ----------------
| server of app1 | | server of app2 |
---------------- ----------------
Happy to answer any question you may have!
I am planning to ship a "home server" type device to customers, that communicates with their (Android or iPhone) smart phone. The problem is that, depending on their internet service provider, the customer has no outside-reachable IPv4 address (DS-lite tunneling), so the smart phone can't just use an IPv4 DNS record to find the server.
Alternatives I can think of:
Make the server use an IPv6 DynDNS service, and make IPv6 take preference over IPv4 on the smart phone. Since the solution should work without the customer having to sign up for a DynDNS service, I have not found any service that allows me to do that.
Set up my own "directory server", such that the home server registers it's serial number in intervals - so similar like DynDNS, but on the application layer via HTTPS. A client could then simply enter the serial number into the app to find the server. Due to authentication/encryption requirements, this solution is harder to implement than I like.
Any other ideas on how to make a home server reachable? I would really like to avoid running my own "cloud service". Some type of peer to peer network discovery, perhaps?
[UPDATE:] This is what I am essentially looking for:
Home server Relay DynDNS Client
| | | |
|-------- open tunnel to port 80 ----->| | |
|<-success, listening on 192.0.2.1:80 -| | |
| | | |
|----- Register "my.ddns.net" ---------------------->| |
|<------------ "my.ddns.net" is now 192.0.2.1 -------| |
| | | |
| |<- GET http://my.ddns.net -|
|<------- GET http://my.ddns.net ----| | |
|--- HTTP response ------------------->| | |
| |----- HTTP response ------>|
Making connection from the internet to a server in a home is difficult. IPv6 is not available everywhere yet and with IPv4 you don't always have a public address available (with multiple NAT layers or DS-Lite).
The only reliable solution today is to have a publicly reachable server as rendezvous point and let the home box maintain a permanent collection to that server. Mobile devices (which might be behind NAT as well) can then reach the home box through the server or set up STUN/TURN style connectivity.
Thanks to the other responses, I had the starting points to find some existing solutions: ngrok and localtunnel solve the problem by mapping a dedicated subdomain to each Home Server, and dispatching requests based on HTTP(S) GET requests.
The latter is an open source project, and the server, as well as a javascript client are on Github.