We have a setup of API Manager on a windows machine which is inside a enterprise private network. We want to map the API Gateway url to a domain name.
Gateway URL inside the private network - https://10.1.x.y:8243
At load balancer we have done the mapping to redirect requests for https://xyz.abc.com to gateway url. But gateway is not able to listen to the incoming request.
Please let me know what more information can I provide here, if required, or please let me know the ways I can resolve the issue.
Thanks
Related
I am planning to host 2 webapps using Firebase Hosting: example.com and dev.example.com. For corresponding APIs, I have 2 projects on GCP (using managed instance groups and a load balancer) with custom domains: api.example.com and dev-api.example.com.
Is it possible to have a setup where subdomains of the custom domain example.com can be split/used across Firebase and GCP load balancer? I thought this is a popular setup but can't find any documentation/howto around this. I am using Google Domains as the domain provider for example.com and using Google Managed SSL certificates as well. All the projects belong to one account.
Assuming that you are using a Classic HTTPS Load Balancer with your GCP project, you may get your Firebase Hosting linked to your LB as an additional backend through Internet Network Endpoint Group so all of them can be reached through the same Load Balancer IP.
To do this,
Edit the current Load Balancer and go to Backend configuration
Create a Backend Service, under Backend type, select Internet Network Endpoint Group
Under Backends > New Backend, Create Internet Network Endpoint Group. This will take you to Network endpoint groups under Compute Engine
Under New network endpoint > Add through, you may select IP and port or Fully qualified domin name and port. Just supply the correct FQDN or IP of your Firebase hosting and the Port where the Firebase hostings are listening to, then Create.
Finish creating the backend service using the the Internet network endpoint group that you created as Backend Type
Under Host and Path rules. click +Add Host and Path Rule, please fill out the Host field with the domain of your Firebase hosting. For Path, just put /*. Then select the Internet network endpoint group that you created as Backend.
I am also under the assumption that your Google Managed Certificate is also deployed within the Load Balancer. If this is the case, then you may provision another Google Managed SSL certificate and include all 4 domains
example.com
dev.example.com
api.example.com
dev-api.example.com
Once done, you may create A records with the Load Balancer's IP address for each domain. This is to ensure that the requests will be forwarded to the correct backend, as oppose to just creating CNAME's which will always forward the request to the root domain (example.com) and not to their intended backends. The LB should be able to forward requests based on the domain being accessed.
I'm currently working on a project where we are using Google Cloud. Within the Cloud we are using CloudRun to provide our services. One of these services is rather complex and has many different configuration options. To validate how these configurations affect the quality of the results and also to evaluate the quality of changes to the service, I would like to proceed as follows:
in addition to the existing service I deploy another instance of the service which contains the changes
I mirror all incoming requests and let both services process them, only the responses from the initial service are returned, but the responses from both services are stored
This allows me to create a detailed evaluation of the differences between the two services without having to provide the user with potentially worse responses.
For the implementation I have setup a NGINX which mirrors the requests. This is also deployed as a CloudRun service. This now accepts all requests and takes care of the authentication. The original service and the mirrored version have been configured in such a way that they can only be accessed internally and should therefore be accessed via a VPC network.
I have tried all possible combinations for the configuration of these parts but I always get 403 or 502 errors.
I have tried setting the NGINX service to the HTTP and HTTPS routes from the service, and I have tried all the VPC Connector settings. When I set the ingress from the service to ALL it works perfectly if I configure the service with HTTPS and port 443 in NGINX. As soon as I set the ingress to Internal I get errors with HTTPS -> 403 and with HTTP -> 502.
Does anyone have experience in this regard and can give me tips on how to solve this problem? Would be very grateful for any help.
If your Cloud Run service are internally accessible (ingress control set to internal only), you need to perform your request from your VPC.
Therefore, as you perfectly did, you plugged a serverless VPC connector on your NGINX service.
The set up is correct. Now, why it works when you route ALL the egress traffic and not only the private traffic to your VPC connector?
In fact, Cloud Run is a public resource, with a public URL, and even if you set the ingress to internal. This param say "the traffic must come to the VPC" and not say "I'm plugged to the VPC with a private IP".
So, to go to your VPC and access a public ressource (Your cloud run services), you need to route ALL the traffic to your VPC, even the public one.
Im' looking to build a similar application to https://www.proxysite.com/ but am not sure on the best architecture.
Looking to have a data flow like this.
User Web Browser -> myproxysite.com -> Ngninx Proxy Server (somehow rotating IP for each client session) -> Targetsite.com
Then the user would need to maintain a full session on Targetsite.com as a logged in user.
In this example, targetsite.com is always the same site and is pre-determined. The challenge we are facing is that targetsite.com is blocking our users based on IP, many of whom are accessing it from the same office network.
So my questions are:
Does this seem correct?
Is there anyway for me to configure nginx with a rotating proxy service like luminati? Or do I need to add an API software layer to handle the actual IP changes?
Any guidance on this one would be greatly appreciated!
While I can't help you with your application, I do want to suggest an alternative. You mentioned an office so it sounds like the users who will use the proxy are workers.
Luminati (now BrightData) has a proxy manager which you can host on any server. The proxy manager allows you to create ports (ie port 24000) and configure it with whatever proxy you want (doesn't have to be BrightData's proxy). It has a ton of different parameters that you can include for each proxy (including IP rotation) and each port can be configured to have a unique setup.
Then you simply go to your user PC, open the browser proxy settings, type the IP address of the server that the proxy manager is running on and the specific port you configured and voila. You have central control of the managing the proxies and your user's browser is proxied.
A big benefit of this is the logs in the proxy manager show all activity on each port you setup, so you can monitor traffic and the success rates right there.
Proxy manager: https://prnt.sc/13uyjgj
I have created a very simple RESTful service and deployed it on my local tomcat server. I would like to create and configure an API proxy and test it out using Apigee. While trying to creating a new API proxy it does not allow me to point me to url endpoint containing containing localhost and port information.
http://localhost:8080/PageNameService/ /**** DOES NOT WORK ***/
http://weather.yahooapis.com /***** WORKS ************/
Does this mean that you cannot configure Target Endpoint URL's that contain localhost and ports in apigee ? Please guide.
Apigee Edge is hosted on a 4G cloud infrastructure and would accept a backend url for which it can act as a facade and pass on the traffic processed by it. It would not be able to connect to your tomcat server with localhost:8080. You can give any globally accessible complete URL's(it can have domain names or even ip addresses with correct ports is fine.)
I solved this need by using ngrok. I am able to route calls from Edge to my local machine. Absolutely love ngork! :-)
I have developed a web service and host it on my server and I would like to know who is using this web service (site Url). I tryed to use "Request.UrlReferrer" but it is not returning any thing! any suggestions/Advices?
You can't get the URL of the caller of a web service as not all callers have canonical URL's. You can however get the IP Addresses assuming that they are not behind a proxy / nat. In which case you'd get the IP of the nat / proxy.
Assuming your using an ASMX web service you can this from:
HttpContext.Current.Request.UserHostAddress
Once you have the IP Address you can try and do a reverse lookup to get the host name. I would recommend storing the IP address then writting an offline process which goes and tries to determine who owns the IP. I'm sure there are some webservices out there to help with this.
You can use Request.Url property to get all the information about the requests to your web service.
The referrer is set by the client, and the client can not set it. That is why you see nothing. If the client's are servers, then the best you can do is to get the IP of the client connection and go to that IP. If a simple setup, with no virtual hosts, then that is the "web site" that is hitting your web service.
As Josh states, the HttpRequest object is the way to go, there are a few properties on there that might help:
UserHostName - Gets the DNS name of the remote client.
UserAgent - Gets the raw user agent string of the client browser.
UserHostAddress - Gets the IP host address of the remote client.
Which might give you a bit more information to play with.