I have a Mautic deployment on GCP. I used Bitnami installation for the deployment. I'm having issues with integrating apps / receiving tag messages because the default Bitnami installation only supports http and other apps only work with https.
I am aware ssl is supported for App Engine - however, my deployment is of course on Computer Engine.
What is the best way to go with this?
Thank you in advance.
Have you fiddled with the VM firewall settings? You should just need to unblock inbound traffic to the VM on port 443 to receive HTTPS traffic. This is possible on multiple screens:
On the "Create Instance" screen (as you're creating the VM):
On the instance details view after you create it:
On the instance's networking details view if you click through the nic0 details on the previous screen:
If you've already enabled the firewall settings, you probably need to configure Bitnami / Mautic to use HTTPS instead of anything specific to GCE.
Related
SSIA.
I've tried set CNAME record refers to my '...-dot-devshell.appspot.com' (that seems unique) but I can see only 404 error on Google.
Is there any way?
This is neither possible nor practical.
It's not possible because when you are activating Web Preview you are connecting to an App Engine proxy (hence the appspot.com domain) that authenticates you as the owner of a Cloud Shell VM and proxies the connection to a port on that VM. The connection is secured by an SSL certificate tied to the appspot.com domain; you cannot substitute a different domain name in its place.
It's not practical because the Cloud Shell VM is only active while you are actively connected to it through the web terminal (or from the command line). Once the connection is terminated, the VM goes away as well. And if you are actively using the VM, the Web Preview button is just a short click away and having a well-known domain name seems... unnecessary.
Finally, if you are thinking of giving someone else access to your VM, that won't work either, because they would have to be logged in to their Google Account as you in order for the proxy to let them in.
The Web Preview feature is exactly what it sounds like - a way for you to connect to a web application that you might be developing in Cloud Shell.
A normal webserver in a ManagedVM can listen on 0.0.0.0:8080 and properly serve requests dispatched through the GAE URL: http://xx.appspot.com:80
Instead of a normal webserver, try serving websocket connections and things no longer work. No connection gets handled anymore when connecting on: ws://xx.appspot.com:80
This (http://stackoverflow.com/questions/27827752/websocket-support-in-managed-vm) SO topic suggests exposing port 8080 to the Internet from the GCE network settings and using the IP of the GCE instance directly. That works indeed, but is not helpful as the IP changes on every new deployment.
If this is indeed the way to go, then it's not documented anywhere.
The only clue I've seen is that a Google employee also uses IP discovery to connect to the right GCE instance that hosts a websocket server:
https://github.com/proppy/cacophon/blob/master/frontend/api/controllers/DiscoveryController.js
I'm hoping for a proper fix that doesn't require me to use introspection for gather IPs of the VM instances hosting websocket servers.
With reference to Google issue tracker,
Since this thread was opened more than two years ago, I would like to check with you that if you're still hoping for the fix/FR about WebSocket server on Flex not properly exposed through GAE ULR?
for more update you can check Google issue tracker
How to host my dynamic angular web app in AWS EC2 instance and access it through browser. Adding custom inbound rules didn't worked for me. May be I have done it wrong. Can someone explain the process to be followed.
Assuming that you have configured a webserver(Nginx/Apache etc..) correctly on your EC2 on a certain port(eg: Port 80), check your EC2 security group configurations.
In the above picture, You might set SSH to access only from your IP rather than from Anywhere.
I have many microservices in app engine only for internal use. But, by default, app engine opens service-project.appspot.com domain to public, and anyone can access them via http or https.
Is there a way to restrict access only for certain IP address?
The trivial way i can think of is checking source IP address in application code.
Or, I can create custom docker image with nginx configuration which checks source ip address. But, these are not quite clean solutions because access control is actually independent from application, and I don't want to hard code static IP address inside the container.
I assumed there is a way to setup firewall rule for app engine, but I could not find it. Identity-Aware Proxy seems like another option, but it is not available for app engine flex.
I know this is cold comfort, but we're working on re-enabling App Engine flex support for IAP. It's going to be more than just a few days, though.
https://cloud.google.com/appengine/docs/flexible/java/migrating#users has some options that might be more palatable than hardcoding IPs. You won't be able to use GCE firewall rules because the appspot.com traffic is coming through Cloud HTTP Load Balancer, so the GCE instance firewall only sees the IP of the load balancer. If you do want to verify IPs within your app, use X-Forwarded-For as described at https://cloud.google.com/compute/docs/load-balancing/http/#components .
Hope this helps! --Matthew, Cloud IAP engineer
Do you need to embed your site SSL Certificate inside your app if your
using HTTPS to connect to your Server.
My SSL Certificate is configure to accept *.Domain.name from GoDaddy.
Currently I have Ignore SSL enabled in order to test my application.
Anyone know how this can be done?
You can import your SSL cert onto the Android device - just look under your Settings -> Security tab. (But that's only if you need to) Your device may make you enable a form of access security afterwards (like forcing a PIN or pattern).
If you are only accessing your webserver with that cert installed, then it shouldn't need to be installed on your local hardware.