Can any one suggest with example how to selfhost core web API without IIS. I have hosted in the IIS but i want to perfome self hosting and also i want to enable HTTPS for the selfhost web API
To Self host web api you should refer to official documentation
To enable https
On an elevated console (“Run as administrator”), execute
netsh http add urlacl url=https://+:4443/ user=<your user name>
to allow the running user to listen on port 4443 using HTTPS (note the use of https instead of http in the above command).
Also on an elevated console, register the server certificate by running
netsh http add sslcert ipport=0.0.0.0:port certhash=thumbprint appid={
app-guid
}
where,
port is the listening port (e.g. 4443); the special IP address 0.0.0.0 matches any IP address for the local machine;
thumbprint is the certificate’s SHA-1 hash, represented in hexadecimal;
app-guid is any GUID (e.g. {00000000-0000-0000-0000-000000000000}) , used to identity the owning application.
Write self host configuration like
class MyHttpsSelfHostConfiguration : HttpSelfHostConfiguration
{
public MyHttpsSelfHostConfiguration(string baseAddress): base(baseAddress){}
public MyHttpsSelfHostConfiguration(Uri baseAddress) : base(baseAddress){}
protected override BindingParameterCollection OnConfigureBinding(HttpBinding httpBinding)
{
httpBinding.Security.Mode = HttpBindingSecurityMode.Transport;
return base.OnConfigureBinding(httpBinding);
}
}
then Change the base address passed to the MyHttpsSelfHostConfiguration constructor: var config = new MyHttpsSelfHostConfiguration(“https://localhost:4443”);
Related
In my ASP.NET Core server, I've have forwarding to support my OpenId Connect authentication workflow:
public void ConfigureServices(IServiceCollection services)
{
services.Configure<ForwardedHeadersOptions>(options =>
{
options.ForwardedHeaders = ForwardedHeaders.XForwardedProto | ForwardedHeaders.XForwardedFor;
// Only loopback proxies are allowed by default.
// Clear that restriction because forwarders are enabled by explicit
// configuration.
options.KnownNetworks.Clear();
options.KnownProxies.Clear();
}
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
app.UseForwardedHeaders();
}
However, I'd like to configure KnownProxies (and KnownNetworks). Is there a way to find out the ip address of the proxy server (within the context of a container)? Is the configuration static? If not, can it be automated?
Also, is this address going to be the same thing as the Host address. I.e. would resolving the ip address to host.docker.internal help? Which doesn't seem to be an easy thing to do within a Linux environment anyway...
Also, the above code comes from this documentation. Re-reading that section, is it okay to leave the above code alone? I'm assuming that locking down to a particular proxy server would be better?
The container IP is ephemeral, and may change across app rebuilds or redeploys. By default, Dokku will run your app on the internal docker0 network, and the only things that can access the container are services running on the server itself, so allowing access from all network interfaces is safe.
I have a .NET Core 2.2 service running in OpenShift. My service uses SSH.NET to connect to my remote SFTP Server running outside the OpenShift cloud. The SFTP server is configured to provide only SFTP on port 22.
According to SSH.NET, the code to connect to an SFTP server is:
var connectionInfo = new ConnectionInfo("10.1.2.3",
"guest",
new PasswordAuthenticationMethod("guest", "pwd"),
new PrivateKeyAuthenticationMethod("rsa.key"));
using (var client = new SftpClient(connectionInfo))
{
client.Connect();
}
This code works fine when used inside my intranet.
To access a remote resource in OpenShift I have created an egress router that provides a fix IP. All firewalls have been configured to allow accees from OpenShift to my SFTP Server.
My question:
What value shall I use for first parameter in the ConnectionInfo class above? The IP address "10.1.2.3" of my remote server will not work from inside OpenShift because outbound traffic must strictly go through the egress router service.
Note:
I can already access the remote server via HTTPS using an http client access from my POD using URL like this: https://x-myservice-egress.y-myproject-infra-test:4433.
In the ConenctionInfo class I must provide the egress router name and a mapping port, e.g. projectName-egress-xyz:2201. The 2201 is a mapping ID not a physical port, it maps to my real SFTP server host machine IP and port 22.
The code below worked!
var connectionInfo = new ConnectionInfo("projectName-egress-xyz:2201",
"guest",
new PasswordAuthenticationMethod("guest", "pwd"),
new PrivateKeyAuthenticationMethod("rsa.key"));
using (var client = new SftpClient(connectionInfo))
{
client.Connect();
}
Replace it with egress router name and source port mapped to destination port that you defined in your egress configuration.
Ex egress-xyz:source-port
I am trying to add DataPower 7.7 into API Management 2018.1.
I need to configure API Connect Gateway Service in DataPower (new APIC 2018.1 doesn't work with XML Management Service).
After configuration I got an error:
8:07:19 mgmt notice 959 0x00350015 apic-gw-service (default):
Operational state down
8:07:19 apic-gw-service error 959 0x88e00001 apic-gw-service
(default): Unexpected queue error: Domain check failed! Please ensure that
the 'default' domain exists and is enabled. Also, please verify that the API
Gateway Service is configured with the correct domain and SOMA credentials.
8:07:19 apic-gw-service error 959 0x88e000a0 apic-gw-service
(default): Failed to initialize gateway environment: datapower
DP version is 7.7.
Please suggest, if you have any information or manuals.
Note: Domain exists, main services are enabled
It's hard to tell what exactly the problem is based on the log messages shown above.
Update to original answer:
See also the documentation that is now available in the IBM API Connect Knowledge Center: https://www.ibm.com/support/knowledgecenter/SSMNED_2018/com.ibm.apic.install.doc/tapic_install_datapower_gateway.html
However, here are the basic steps for configuring a DataPower gateway to work with API Connect 2018.x.
You will need to ensure:
DataPower is running DP 7.7.0.0 or higher.
You have the AppOpt license installed. (Use the “show license” command in the DataPower CLI to confirm.)
You have a shared certificate and a private key for securing the
communication between the API Connect management server and the
gateway.
On DataPower, you need to:
Create an application domain. All of the subsequent configuration should be done in the application domain.
Enable statistics
Upload your private key and shared certificate to the cert:// directory in the application domain.
Create a crypto key object, a crypto certificate and a crypto identification credentials object using your key and certificate.
Create an SSL client profile and an SSL server profile that reference the crypto identification credential object.
Configure a gateway-peering object.
Configure and enable the API Connect Gateway Service in the application domain.
At that point, you should be able to configure the gateway in the API Connect cloud manager.
Here are the DataPower CLI commands to create a basic configuration. In the configuration below, IP address 1.1.1.1 represents a local IP address on your DataPower appliance. Traffic from the API Connect management server to the gateway will be sent to port 3000. API requests will go to port 9443 (but you can change it to the more standard port, 443, if you prefer.)
For a production environment, you will want to build on this configuration to ensure you are running with at least 3 gateways in the peer group, but this will get you started.
Create the application domain called apiconnect
top; configure terminal;
domain apiconnect; visible default; exit;
write mem
Use the Web GUI to upload your private key and shared certificate to the cert:// folder in the apiconnect domain
Then run these commands to create the configuration in the apiconnect domain
switch apiconnect
statistics
crypto
key gw_to_apic cert:///your-privkey.cer
certificate gw_to_apic cert:///your-sscert.cer
idcred gw_to_apic gw_to_apic gw_to_apic
ssl-client gwd_to_mgmt
idcred gw_to_apic
no validate-server-cert
exit
ssl-server gwd_to_mgmt
idcred gw_to_apic
no request-client-auth
validate-client-cert off
exit
exit
gateway-peering apic
admin-state enabled
local-address 1.1.1.1
local-port 15379
monitor-port 25379
priority 100
enable-ssl off
enable-peer-group off
persistence local
exit
apic-gw-service
admin-state enabled
local-address 0.0.0.0
local-port 3000
api-gw-address 0.0.0.0
api-gw-port 9443
v5-compatibility-mode on
gateway-peering apic
ssl-server gwd_to_mgmt
ssl-client gwd_to_mgmt
exit
write mem
The problem you are seeing is an issue with creating your api connect service in the default domain. To work around just put your Api Gateway Service in a domain other than default.
I have configured combination of API Manager and pre configured Identity server in AWS EC2 .
The problem is that API Manager internally refers to the private IP and its invoking the API using the private IP and the private IP is not accessible from internet.
suppose if i have /users/add API , when i use the swagger console , its trying to invoke the privateIp/users/add which is not working...
How to solve this?
I tried to hit using publicip/users/add ;but its neither giving any results.
Thank You
You can set your public IP or Hostname in carbon.xml for HostName and MgtHostName.
<!--
Host name or IP address of the machine hosting this server
e.g. www.wso2.org, 192.168.1.10
This is will become part of the End Point Reference of the
services deployed on this server instance.
-->
<!--HostName>www.wso2.org</HostName-->
<!--
Host name to be used for the Carbon management console
-->
<!--MgtHostName>mgt.wso2.org</MgtHostName-->
Also, you have to replace ${carbon.local.ip} in all configuration files by required IP/Hostname too.
How can I specify detailed proxy settings in TweetSharp? By this I mean in addition to the server name, details like Port, Username, Password etc? As of now the only parameter, is
Dim X as New TwitterService(Key,Secret)
X.Proxy = "abcd"
Which accepts only a string, which I assume is the server name / IP Address.
My app is behind a corporate firewall and the proxy requires authentication and uses a custom port. Any ideas?
As I was completely unable to specify the authentication details for the proxy server, I was forced to come up with my own workaround. I installed ccproxy on the server, and had it cascade the authentication to the other proxy server.
This is working well as of now.