What is Firebase Hosting for? Examples? I'm not clear on what it does with respect to hosting a website or server or both....
My understanding of hosting is that one would enlist something like Bluehost or GoDaddy to host a webpage, which they would then upload the website files via an FTP. I see it appears Firebase Hosting may serve a similar purpose and you can add your own domain name like this.
I also understand that websites sometimes require a separate server to do things like: processing requests while keeping secret keys hidden, or rendering a unique webpage server-side and sending a static page to the user. I've used Firebase Realtime Database for non-secure data storage, but I would like to be able to use the hosting as well for serving private user-specific content without exposing keys.
I just did a tutorial to create what seemed like a web app that one would query from another webpage, but I wasn't able to deploy and try it out because of the pay-wall.
Can Firebase Hosting be my secondary server that processes private requests to a database or is it only for hosting a user-facing webpage, or both?
I am new to programming and would appreciate hearing if it seems like I am misunderstanding something within my question. Recommended resources for further learning on this subject are greatly appreciated!
Thank you.
Hosting a static web site
Firebase Hosting on its own is a service for hosting static assets. So in your scenario HTML + CSS + Images + JavaScript files that are included in them. None of this content is executed, or in any other way interpreted, on the Firebase servers. You upload (in Firebase terms "deploy") the files to Firebase, which then distributes then to its global CDN edges, and when your site is visited, the content it served from that CDN.
In the Firebase documentation on what can you host this is referred to as:
Host your single-page web apps, marketing websites, and static and dynamic assets
Hosting a static web site with dynamic content
You can use Firebase with many of the other back-end services to add dynamic functionality to your static web site. For example, you can call Realtime Database from your client-side JavaScript code, and display dynamic data in your static web app that way. Firestore would be similar, which you could use in place of Realtime Database. Similarly you can use Firebase to connect to Cloud Storage, for storing of files, for example to allow your users to upload and view images.
And then you'll typically want to secure access to all this dynamic content. At that point, you use Firebase Authentication to allow your users to sign in, and when you'll use Firebase's server-side security rules, which are available for Realtime Database, Cloud Firestore and Cloud Storage. These rules determine what data or files the users can access.
The Firebase documentation covers this in the section on deep integrations with other Firebase products.
Firebase Hosting works out-of-the-box with Firebase services, including Cloud Functions, Authentication, Realtime Database, Cloud Firestore, and Cloud Messaging. You can build powerful microservices and web apps using these complementary Firebase services.
Adding dynamic server-side pieces to web site
You can integrate Firebase Hosting with Google Cloud Functions and Cloud Run to build dynamic web sites. In those scenarios, you host the server-side code on Cloud Run or Cloud Functions, and set Firebase Hosting up to redirect certain URLs to specific end points in your server-side code.
In the Firebase documentation on what can you host this is referred to as:
Pair Firebase Hosting with Cloud Functions to build microservices using the Express.js framework. This pairing allows you to host your microservices and APIs on Firebase.
Related
I have recently been trying to send user's invoices from our online shop that include images of the products bought. We are using firebase for our backend, and firebase storage for hosting the images.
For some reason, whenever I add a firebase storage hosted image to the email it goes straight to the spam folder. When I use a test image hosted at a different URL it seems there is no problem.
Is there a way to get around this problem while still using firebase storage for our image hosting? Or would it be best to simply store the images elsewhere?
You can't serve the images directly from Cloud Storage as the URL is often obfuscated with hashes or UUIDs and has been abused for spam in the past. As the spam filter can't determine if the resource is legitimate or not, it simply gets flagged as spam.
You can serve the images from a deployed Firebase Hosting site (not recommended), from behind Firebase Hosting using Cloud Functions and rewrites that pipe data from Cloud Storage (suitable for low-frequency requests), or make use of a reputable resource hosting platform (like Cloud Storage).
In all of the above situations, you should serve those images from a custom domain like https://cdn.example.com that matches your email address and ensure that it has a valid SSL certificate.
I'm currently working on a social media app for Android mobile, and I have a problem regarding the cost-efficiency of my app especially with Firebase Storage. Therefore I want to implement a CDN for Firebase, which would cache the videos and images, preferably using a CDN service that offers scalable pricing (Google CDN offers this price model). I have been searching everywhere on how I could implement the google CDN with Firebase Storage but found no clear instructions. How can I achieve this?
There are a few ways to implement a CDN with Firebase Cloud Storage.
Please have a look at the documentation Firebase Cloud Storage:
Cloud Storage stores your files in a Google Cloud Storage bucket, making them accessible through both Firebase and Google Cloud. This allows you the flexibility to upload and download files
from mobile clients via the Firebase SDKs, and do server-side
processing such as image filtering or video transcoding using Google
Cloud Platform.
As a result, you can follow the documentation Setting up Cloud CDN with a backend bucket, but keep in mind that Cloud CDN will only kick in if you're accessing your data via that External HTTP(S) Load Balancer. You can find an example in the updated article Create a Custom Domain CDN with Google mentioned by #Yanan C.
As an alternative, you can use Cloudflare or other CDN. To do it you can follow instructions provided in the article How to Put a CDN in Front of Firebase Cloud Storage:
In Cloudflare create a new CNAME pointing your subdomain to c.storage.googleapis.com. For example: CNAME images.firerun.io c.storage.googleapis.com.
In the Firebase console -> Storage, create a new bucket named the subdomain. In the example above, the bucket name would be
"images.firerun.io". This is restriction where only the bucket named
the same as the subdomain will work.
Add a test file, for example: keep-calm.jpg
Next, give public access to the bucket the Google Console. Note, this is different from Firebase security rules where you should set
the security rules to allow externally allow read:
Go to Storage Management in the Google Console. Select your Firebase project.
Click on your new bucket (e.g. images.firerun.io) and click on the tab "permissions."
Click the "Add Members" button.
Enter New Member as "allUsers" and Role as Cloud Storage -> Storage Object Viewer".
Click "Save" and accept the warning that this is publicly accessible.
Now go to your subdomain with the file appended. For example: https://images.firerun.io/keep-calm.jpg
In addition, please have a look on the article Why You Should Put a CDN Like Cloudflare in Front of Firebase.
For Firebase Storage, I suppose the contents to cache, such as videos and images, are objects stored in buckets, please let me know otherwise. If it is the case, the post provides an answer from Firebase Support regarding how to use CDN with Firebase Storage, with an excerpt as below:
Now, there are ways to add a CDN to Cloud
Storage content; I found this small guide using Google CDN:
https://medium.com/#marco_37432/create-a-custom-domain-cdn-with-google-beta-7ad9531dfbae
Another use that I have seen is creating a static website with Cloud
Storage and adding on top another CDN provider, like CloudFlare. You
can see more details in this links:
https://cloudplatform.googleblog.com/2015/09/push-google-cloud-origin-content-out-to-users.html
https://cloud.google.com/interconnect/docs/how-to/cdn-interconnect
Hope it helps.
I have a simple web site hosted in Firebase and it is making AJAX calls to REST API endpoints in GCP Cloud Run.
I would like to limit these endpoints only to the calls coming from this site hosted in Firebase. Any call coming from any other origin should not be able to use the endpoints. What is the best way to do this?
When I was not using GCP Cloud Run, I was doing a host check on the API side to make sure that request is coming from my client but now with Cloud Run this is not possible. What else could be done?
Please note that the web-site hosted in Firebase is very simple and do not do any user authentication.
Challenge: Restrict access to a Cloud Run service to a single web application, without relying on:
Restricting access to the web application
Imposing authentication on users
This difficulty is not specific to Cloud Run. It's a general challenge for static sites backed by APIs, and a reason why many sites have authentication. As mentioned in the question comments, a server-side "host" check is not a meaningful security layer, as everything in the HTTP request can be faked. I strongly recommend you not worry about keeping your API private or add user authentication to keep the system simple and access accountable.
If that's not possible, you can still take the authentication approach by creating a single user, embedding the credentials in the site, and rotating them regularly (by redeploy to Firebase Hosting) to prevent credential theft from having indefinite access to your API. Having Firebase Auth in the middle is better than a simple API key because it prevents replay attacks from accessing your API.
Having one of application hosted on Firebase with some additional services there (Cloud Firestore, Cloud Storage for Firebase, Cloud Functions for Firebase) decided to make some security scanning. One of the tools https://sitecheck.sucuri.net/ shows me that there's no firewall for it, is it possible? It has reverse proxy & Fastly's CDN, but would be a firewall missing for apps hosted on Firebase Hosting?
Firebase hosting resources access is unfortunately not restricted by any means, check out the question below?
Can Firebase restrict access to resources?
However, There are things you can do in the regard of security:
Use Cloud functions to render dynamic resources and microservices
https://firebase.google.com/docs/hosting/functions
Use Firestore rules to secure the data access
Use Firebase authentication to make sure that only authenticated users can do certain actions
Even though, we all hope for that firewall option to be added.
Best Regards
Firebase Hosting does not have a firewall feature. If you publish content to it, that will be accessible from anywhere there is an internet connection.
I have been working on a web app and I am now looking into hosting said app. This app is a client-side app for right now meaning that all of the work is being done on the clients device and it has no backend other than the web server giving the site to the user for the first time.
I was looking into Heroku but that seems expensive for my app. Then I looked into Firebase Hosting and it looks good but requires the site to have static content. For now I'm pretty sure my app fits that criteria but in the future I would like to have users sign up for accounts and then store the info they give for the app data in a database. Would do database calls to a firebase database make the app non-static/dynamic anymore?
I know I could use Digital Ocean or another server provider but I want to be able to have scaling done for me so I can just focus on the app and not the containers themselves.
It sounds like you might want to build your app with Firebase Authentication for user logins, store data in Firebase Realtime Database, and host all the content on Firebase Hosting. You could probably write the code entirely in JavaScript to run in the browser, but if you did need to write some code on the backend, you could use Cloud Functions for Firebase.