I am using angular 4 angularfire 2 and firebase in an web app. I am conditionate to use firebase as a backend service and because the app has to only be used inside the office i am wondering if there is any way i can configure some firebase rules or anything to make the app not work or be shown from another ip than the office ip. Please leave any kind of way i can do it. Thanks in advance!
There is currently no way to restrict access to a site deployed to Firebase Hosting. It will always be accessible from anywhere in the world that is not blocked by some other firewall.
Related
I have an app hosted on firebase that is deployed to my Cloud Domains.
let's say https://example.com
Now, for every custom domain or subdomain I want to add to firebase, I require to manually setup the DNS on of my Cloud Domain with the required records.
But, I would like to create workspace for organization in my app (like for example Jira does doing myOrg.atlassian.com).
So the result would be
organization.example.com
organization2.example.com
Is it possible to allow this without having to manually set DNS for each organization joining our app ?
Would it be possible to dynamically create and setup on firebase and link those subdomain to my cloud domain ?
Thank you
Currently, there is no way to add custom domains automatically. Firebase Hosting doesn’t have such an API through which it can be done. Also I couldn’t find a workaround to dynamically achieve this feature. So the only way to do this is to go to the Firebase Console and set it up as described here. You can go through this similar StackOverFlow thread to know more about it.
Having one of application hosted on Firebase with some additional services there (Cloud Firestore, Cloud Storage for Firebase, Cloud Functions for Firebase) decided to make some security scanning. One of the tools https://sitecheck.sucuri.net/ shows me that there's no firewall for it, is it possible? It has reverse proxy & Fastly's CDN, but would be a firewall missing for apps hosted on Firebase Hosting?
Firebase hosting resources access is unfortunately not restricted by any means, check out the question below?
Can Firebase restrict access to resources?
However, There are things you can do in the regard of security:
Use Cloud functions to render dynamic resources and microservices
https://firebase.google.com/docs/hosting/functions
Use Firestore rules to secure the data access
Use Firebase authentication to make sure that only authenticated users can do certain actions
Even though, we all hope for that firewall option to be added.
Best Regards
Firebase Hosting does not have a firewall feature. If you publish content to it, that will be accessible from anywhere there is an internet connection.
I am working on a platform (www.dashboard.example.com) that has an admin site (www.admin.example.com). Each site is hosted on a different Google Firebase Hosting Project.
I want only certain people to be able to access the admin site. After some consideration, I found an IPSec VPN to be the best solution for me.
I also found that GCP offers a VPN service, but from what I can tell, it seems to only work with google compute engines.
Is there a way to attach a Google VPN to a Firebase Hosted site?
There is no way to attach a Cloud VPN to a Firebase Hosting Project.
In GCP the correct way to restrict the access to your web server/application is by using firewall rules/App Engine's firewall and Cloud VPC/VPN service.
Your approach should be to put a proxy by configuring a Google Compute Engine1 in between your gateway service and your Firebase Hosting Project.
Another approach would be to use Cloud Storage2, as a static website3. You can then create an HTTPS Load Balancer based on Backend Bucket4. With this you can benefit from the advantages of using Load Balancer and also using Cloud VPN.
If you are interested in authentication with Firebase and App Engine I suggest to check the following link 2.
I have a custom domain (travelbox.id) that connected to Firebase Hosting already. I also have an App Engine application to serve as my API. I want to host the App Engine application on api-dev.travelbox.id. I mapped the custom domain to App Engine following this docs but domain connection to Firebase Hosting stop working. If you access api-dev.travelbox.id it is connected to App Engine. But if you access travelbox.id it doesn't connected to Firebase Hosting.
Is that impossible to achieve what I want?
I had the same issue and contacted Google Cloud support, here's their answer:
App Engine doesn't need to have the A records on the root domain if
you are only serving from a subdomain. App Engine should work
properly for you with just the one CNAME on subdomain.example.com.
I found the solution myself, here you go!
On the fourth step in this docs, i didn't add A records, just add AAAA records. Suprisingly, it works! :D
Using Firebase stack for chrome extensions :) However, have one BIG problem.
Users located in China cant use the app since Google is blocked there thus Firebase authentication fails ... well, one option is to use VPN but in terms of user experience, it's a big No No ... is there any better way to resolve/workaround this issue
Using mainly firebase auth (Google provider) and Firestore
Can use somehow custom tokens to resolve this?
https://firebase.google.com/docs/auth/admin/create-custom-tokens
Or external authentication service combined with firebase, in this case, need to have authenticated access to firestore as well
Create an API on HEROKU. Make all your Oauth and every call made for firebase go through the API. This API will only bridge all information between CHINA and GoogleServices (Firebase) since the great firewall blocks them.
The simplest solution may be to set up a proxy server to forward your apps requests to Firebase.