I am building msa using eureka, zuul and with google appengine standard.
The problem is that zuul routing works normally in the local environment, but not in the GAE environment.
If I look at the Eureka page, I can check the registered services.
but The href link in the status column is "192.168.1.1:8080/info"
I know 192.168.1.1 is private ip address... can't access..
The methods i tried
#Eureka Standalone Server
eureka:
client:
registerWithEureka: false
fetchRegistry: false
serviceUrl:
defaultZone: https://my-eureka-server.appspot.com/eureka/
#Eureka Client
eureka:
instance:
prefer-ip-address: true
client:
serviceUrl:
defaultZone: https://my-eureka-server.appspot.com/eureka/
this result -> http://192.168.1.1:8080/info
#Eureka Client
eureka:
instance:
hostname: my-eureka-client.appspot.com
client:
serviceUrl:
defaultZone: https://my-eureka-server.appspot.com/eureka/
this result -> http://my-eureka-client.appspot.com:8080/info, also can't access
I want to http://my-eureka-client.appspot.com/info
what is hostname???
In local environment, If the euraka hostname is localhost or not specified,
href link is http://localhost:8080/info or http://MY-DESTOP-ID:8080/info
It can access.
Related
I have a Google App Engine app (python 2.7 - it's an old project in the middle of upgrading!) that needs to make queries to an Elastisearch instance on Google Compute Engine. I'm able to make the requests using the GCE public ip address without an issue, but I'd prefer not to expose the GCE instance to the public internet.
The app engine app is in region us-central
The compute engine instance is in region us-central1, zone us-central1-f
The compute engine instance is in vpc network "default". (not a legacy network)
I've set up a Serverless VPC connector in us-central1, on default network.
I've set up the app engine app.yaml to use the connector.
But http requests to the compute engine private IP address (10.128.0.2) get connection failures, and DNS lookups on the internal DNS name for the compute engine fail edit: dns lookup does work using socket.gethostbyname.
error: An error occured while connecting to the server: Unable to connect to server at URL: http://10.128.0.2:9200/indexname
The same request succeeds when using the public IP address (when I open the VPC firewall on port 9200).
Snippet from the app engine app config:
runtime: python27
api_version: '1'
env: standard
threadsafe: false
instance_class: F4
network:
name: default
vpc_access_connector:
name: >-
projects/myproject/locations/us-central1/connectors/connector0301
gcloud beta --account="myaccount" --project="myproject" app describe:
authDomain: gmail.com
codeBucket: staging.myproject.appspot.com
databaseType: CLOUD_DATASTORE_COMPATIBILITY
defaultBucket: myproject.appspot.com
defaultHostname: myproject.appspot.com
featureSettings:
splitHealthChecks: true
useContainerOptimizedOs: true
gcrDomain: us.gcr.io
id: myproject
locationId: us-central
name: apps/myproject
servingStatus: SERVING
gcloud beta --account="myaccount" --project="myproject" compute instances describe (just the network snippet):
networkInterfaces:
- accessConfigs:
- kind: compute#accessConfig
name: External NAT
natIP: SNIPPED
networkTier: PREMIUM
type: ONE_TO_ONE_NAT
fingerprint: M087cXbOWII=
kind: compute#networkInterface
name: nic0
network: https://www.googleapis.com/compute/beta/projects/myproject/global/networks/default
networkIP: 10.128.0.2
subnetwork: https://www.googleapis.com/compute/beta/projects/myproject/regions/us-central1/subnetworks/default
gcloud beta --account="myaccount" --project="myproject" compute networks vpc-access
connectors list --region=us-central1
CONNECTOR_ID REGION NETWORK IP_CIDR_RANGE MIN_THROUGHPUT MAX_THROUGHPUT STATE
connector0301 us-central1 default 10.8.0.0/28 200 300 READY
gcloud beta --account="myaccount" --project="myproject" compute networks vpc-access connectors describe connector0301 --region=us-central1
ipCidrRange: 10.8.0.0/28
maxThroughput: 300
minThroughput: 200
name: projects/myproject/locations/us-central1/connectors/connector0301
network: default
state: READY
gcloud --account="myaccount" --project="myproject" compute firewall-rules describe default-allow-internal
allowed:
- IPProtocol: tcp
ports:
- 0-65535
- IPProtocol: udp
ports:
- 0-65535
- IPProtocol: icmp
creationTimestamp: '2020-02-11T11:18:09.906-08:00'
description: Allow internal traffic on the default network
direction: INGRESS
disabled: false
id: '1434668200291681054'
kind: compute#firewall
logConfig:
enable: true
name: default-allow-internal
network: https://www.googleapis.com/compute/v1/projects/myproject/global/networks/default
priority: 65534
selfLink: https://www.googleapis.com/compute/v1/projects/myproject/global/firewalls/default-allow-internal
sourceRanges:
- 10.128.0.0/9
- 10.8.0.0/28
Do serverless VPC connectors not work for internal IP http requests?
Do serverless VPC connectors not work for internal IP http requests?
Serverless VPC connectors work for internal IP http requests using urllib.request in the python37 runtime, but not using urllib2 or urlfetch from google.appengine.api in the python27 runtime. (Reminder that urllib2 uses urlfetch under the hood on app engine python27)
Since this is part of an older project that is slowly moving from python27 to python37, for now I put the internal ip http requests into a separate service so they could use the new runtime.
I am trying to deploy an asp.net core webapi to google appengine flex. If you don't mention network name in app.yaml then it takes default.
In my case there is no default network. I have to explicitly specify the network name and subnetwork_name in my app.yaml. This project where I am trying to deploy my api in appengine flex is in a shared VPC.This is why I am specifying the complete path, "projects/myorg-npe-232f/global/networks/myorg-shared-network". Please refer the app.yaml below -
runtime: aspnetcore
env: flex
service: default
api_version: 1.1
network:
name: projects/myorg-npe-232f/global/networks/myorg-shared-network
subnetwork_name: myorg-exxc-bbdf-subnet-central
I am getting the below error -
Unable to assign value 'projects/myorg-npe-232f/global/networks/myorg-shared-network' to attribute 'name':
value 'projects/myorg-npe-232f/global/networks/myorg-shared-network' for name does not match expression '^(?:^[a-z]([a-z\d-]{0,61}[a-z\d])?$)$' in app.yaml
As explained in the documentation here:
In a service project, App Engine Flexible resources cannot participate
in Shared VPC.
You may want to consider VPC Peering instead if it fits your use case.
Once the firewall rule and proper permissions are set up, can be deployed either a new or an existing of App Engine flexible ENV service into Shared VPC network, check the parameters in the manifest file:
network:
name: projects/HOST_PROJECT_ID/global/networks/NETWORK_NAME
subnetwork_name: SUBNETWORK_NAME
If you are using AppEngine flex, you can use the same settings.
However, make sure the vpc subnet exists, permissions and the firewall rule setup, I was getting the exact same error when I did not provide subnetwork_name.
Re: https://cloud.google.com/appengine/docs/flexible/dotnet/using-shared-vpc
network:
name: projects/project-id/global/networks/myorg-shared-vpc
session_affinity: true
subnetwork_name: mycompany-develop-us-central1
Another update:
Found this same issue with a co-worker, fixed it by updating the cloud commandline client.
I am having a bit of trouble setting up my create-react-app application to proxy requests to my test hosting on Microsoft azure. I have set up the proxy in my app's package.json as follows:
"proxy":{
"/api/*":{
"target":"https://mytestbackend.azurewebsites.net",
"secure":false
}
}
I have set up an axios request to be sent to the backend server on azure. It is in a stand-alone .js which I call from one of my react application's events. It looks like this:
import axios from 'axios';
const login = async (username, password) => {
console.log("Username to send is:"+username);
console.log("password to send is:"+password);
let response = await axios.post('/api/user/login', {username:username,password:password});
console.log(response);
};
export {login};
The problem can't be in my react components, because those two console.log() call show that the values entered are being recieved. If I remove the "secure":false setting from package.json, request fails with Http Error: 500. But if I use the secure setting, it fails with a 404 page. Can someone please shed a little light on what am I doing wrong? Can I only use the proxy on "localhost"? The documentation suggests otherwise. Any help is greatly appreciated.
I have verified that CORS is enabled for the domain on which the dev server is running on the Azure Management Portal. And if I do the request by using the backend's URL directly (that is, not using the create-react-app proxy), it works. The problem must be something in the way the proxy is configured.
The response text for the HTTP Errpr 500 which happens when not using secure is :
Proxy error: Could not proxy request /api/user/login from localhost:3000 to https://mytestbackend.azurewebsites.net (undefined).
Additional info: I have also tested by running my Backend locally on my development machine. The error message occurs but the "undefined" in the parenthesis says "UNABLE_TO_VERIFY_LEAF_SIGNATURE". If using "secure: false, I can call the login endpoint successfully, but calls to other endpoints which require authentication fail because the cookie is not sent by axios.
Doing:
curl -v https://mytestbackend.azurewebsites.net/api/user/login
Has this output:
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS alert, Server hello (2):
* SSL certificate problem: unable to get local issuer certificate
* Closing connection #0
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
create-react-app use WebPackDevServer which uses https://github.com/chimurai/http-proxy-middleware#options
So you can use all the options from the same
Now one key header that is import in such cases of externally hosted server is host. This at times can issues if not correct, see below example
Websocket works on EC2 url but not on ElasticBeanstalk URL
Next is the cookies might be associated with localhost, i checked and they should go without any modification. But you might want to use the cookieDomainRewrite: "" option as well
So the final config I would use is below
"proxy":{
"/api/*":{
"target":"https://mytestbackend.azurewebsites.net",
"secure":false,
"headers": {
"host": "mytestbackend.azurewebsites.net"
},
"cookieDomainRewrite": ""
}
}
Also on your client you want to use the withCredentials:true
let userinfo =await axios.get('/api/secured/userinfo',{withCredentials:true});
Create react app http-proxy-middleware, and should support the full set of options.
Some things I would try:
The path to match may be /api/** instead of /api/* if you want to nest multiple levels deep (eg. for /api/user/login)
You may need to add changeOrigin: true if you're proxying to something remotely (not on localhost)
You will likely want to keep secure: false as you aren't running localhost with https.
So in total, I would try
"proxy":{
"/api/**": {
"target": "https://mytestbackend.azurewebsites.net",
"secure": false,
"changeOrigin": true
}
}
After days of trying unsuccessfully to do this, I finally found a setup that works. Proxy is configured like this:
"proxy": {
"/api/user/login": {
"target": "https://localhost:44396",
"logLevel": "debug",
"secure": false
},
"/api/secured/userinfo": {
"target": "https://localhost:44396",
"secure": false,
"logLevel":"debug",
"secure":false
}
Request to both endpoints on the client have withCredientials:true
try {
await axios({
method:'post',
url:'/api/user/login',
withCredentials:true,
data:
{username:username,password:password}}
);
let userinfo =await axios.get('/api/secured/userinfo',{withCredentials:true});
return userinfo;
As you can see, I've moved to testing on my local dev machine. For whatever reason, this setup refuses to work on the azure-hosted backend. I would have preferred that it work as I originally intended, but at least now I can continue with my project.
I'm running GAE dev server within a Vagrant guest precise64 box with the following network setup (in my Vagrantfile):
Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
config.vm.network :forwarded_port, guest: 8080, host: 9090
end
Which does its thing:
[default] Forwarding ports...
[default] -- 8080 => 9090 (adapter 1)
I start my App Engine server with:
goapp serve
or
dev_appserver.py myappfolder
This starts app engine dev server as expected:
INFO 2013-11-22 dispatcher.py] Starting module running at: http://localhost:8080
In all cases, I'm able to ssh in to the Vagrant guest and curl localhost:8080 successfully.
Unfortunately, from the host I'm unable to get a response from localhost:9090 when running GAE dev web server. Additionally, I've made sure that I don't have anything interfering with the port 9090 on the host machine. Also, I'm almost positive this isn't related to Vagrant as I spun up a quick node.js web server on 8080 and was able to reach it from the host. What am I missing?!!!
You must run the Google App Engine Go dev web server on 0.0.0.0 when leveraging Vagrant port forwarding. Like so:
goapp serve -host=0.0.0.0
See the answers here for more info on ensuring the guest web server is not bound to 127.0.0.1 which is loopback. Web servers that bind to 127.0.0.1 (like App Engine Go dev web server does) by default should be overridden to use 0.0.0.0.
I want to access my Cloud Endpoints API hosted on my local dev machine from an Android app running on a mobile device I use for testing.
My device can access my dev machine by IP address. I passed --host=192.1.168.101 to the App Engine launcher so that my local App Engine instance binds to the IP address. Although I can access the App Engine instance from 192.168.1.101, I get a 404 when my app makes an API call.
I noticed that going to http://192.168.1.101:9080/_ah/api/explorer/ does not show my API; it redirects to https://developers.google.com/apis-explorer/#p/. If I use http://localhost:9080/_ah/api/explorer/ I'm able to see my API as intended. It seems that using an IP address as the host is not working with Cloud Endpoints.
I'd rather not root my device to change its /etc/hosts file. Changing that might not be a solution anyway, since I'm unable to bind my App Engine instance to a hostname other than localhost.
This is my app.yaml config:
application: my-server
version: 1
runtime: python27
threadsafe: true
api_version: 1
handlers:
# Endpoints handler
- url: /_ah/spi/.*
script: services.application
- url: /favicon\.ico
static_files: favicon.ico
upload: favicon\.ico
- url: .*
script: main.app
You bound to your specific IP, but as a reminder, you can also bind to 0.0.0.0 (all available IPs). This is handy if you're using the maven appengine plugin and don't want to update the pom.xml file whenever your IP changes.
Next, make sure you're on the same network and can connect between the machines. I typically use ConnectBot to test by opening a telnet session to the IP address and port you defined for running locally. This will ensure your firewall isn't causing an issue.
Finally, update your code by adjusting the root url for your API. That would look something like this if your IP address were 192.168.1.100 and port were 8080:
Helloworld.Builder helloWorld = new Helloworld.Builder(AppConstants.HTTP_TRANSPORT,
AppConstants.JSON_FACTORY, credential);
helloWorld.setRootUrl("http://192.168.1.100:8080/_ah/api/");
In your generated source code (usually the file named after your API name, such as Tictactoe.java), DEFAULT_ROOT_URL should be set to http://192.168.1.101:9080/_ah/api/. This URL isn't expected to provide anything useful if you load it in a browser. Rather, it's the base of the path to your API requests, e.g. http://192.168.1.101:9080/_ah/api/tictactoe/v1/board.
If you want to confirm your device is properly connecting to your local server (via your local network), load
http://192.168.1.101:9080/_ah/api/explorer/ from the device browser.
The problem had nothing to do with the IP address. I needed to include a path in my API method decorator:
#endpoints.method(HelloRequest, HelloResponse, name='helloworld', path='test', http_method='GET')
def helloworld(self, request):