We are using App Engine with a Custom Domain and SSL with Virtual IP. The GAE documentation says that we must use CNAME because the IP may change.
One of our customer wants to set up a firewall rule so our service is available without proxy. Therefore we need an IP or IP range that will be allowed.
Which are the possible IPs when using Virtual IP? How often such an IP will change?
Related
i made a react js website and everything is working fine but i can't figure out how to host it on my rasp pi4 and make it publicly visitable by other people. I also bought a domain. So my question is: How can i make my reactjs site public and running on my rasp. Thanks!
You have to configure a web server like Apache and build the React app with npm or yarn. Then copy the build files to the /var/www/html/ directory. You will also have to look into port forwarding your router to your local web server and open it to the public. Just be careful with security.
You need to configure a web server to host the site. Either Apache2 or Nginx (I have a personal preference to Nginx, but either works fine for this). Under Debian/Raspberry Pi OS, /var/www/html should be served on port 80 on all of the pi's IP addresses. Place the site files there and make sure you can access the site from the pi's IP address.
For making the site available outside of your network, you will either need to look at port forwarding, hosting a VPS with a public IP, or using a tunnel. Port forwarding is likely going to be the hardest option and may not always work, but doesn't require any external services outside of your DNS provider. Tunneling is probably the second easiest, and using a VPS is almost certainly the easiest.
For port forwarding, yu will need to verify that your ISP does not use CGNAT, otherwise this will not work. Assuming they don't, you will need to access your routers configuration and set up port 80 on TCP to forward to your pi's IP address. I would assign your pi a static IP address, either on the pi itself, or using DHCP reservations. Next, you need to see if your DNS provider offers Dynamic DNS. If not, you will need to manually update your DNS settings in the case your networks public IP changes (unless you purchased a static IP from your provider). In this setup, you point your domain at your networks public IP. Traffic goes directly between the client's browser and your pi.
Tunneling is a fair bit easier. I personally use Cloudflare for my DNS (I set my domain with my registrar to point to Cloudflare, then used their tunneling tool (Cloudflared) to tunnel traffic from their servers to my pi. There are other tunneling services, but I think Cloudflare's is the best out of all of the ones I used. In this setup, you point your domain at Cloudflare, which forwards the traffic to you via the tunnel. Traffic goes from the browser to Cloudflare to your pi.
Using a VPS is probably the easiest, and your knowledge of working with the pi applies to working with a VPS, assuming you run Debian linux or similar on your VPS. You would install the web server on your VPS, put the app on the VPS, and point your domain at your VPS's public IP. In this setup, traffic goes from the client browser to your VPS. This is the only non-free option (excluding the price of the domain itself), and keeps your local private network safer by not putting public services on it. You can also run a tunnel between your pi and your VPS if you want (see https://www.jeffgeerling.com/blog/2022/ssh-and-http-raspberry-pi-behind-cg-nat for an example), but I don't personally see the point unless you really want the app to be served from your pi.
I am new to Google Cloud Platform and trying to understand it. I have launched a compute engine and have installed a web application. I can access that application using External IP address of the engine or with private IP address from within the VPC.
How can I refer to them with any kind of name?
Just like AWS has this concept of having a name for each instance as ec2-54-54-54-54.eu-west-1.compute.amazonaws.com. So, I can use this name in my browser and with some DNS, this name will be resolved to actual IP address.
Possible duplicate of Where can i find the name servers of Google Compute Engine.
But the answer is that Google Cloud Platform does not provide default public DNS for external IP addresses.
You will need to use Cloud DNS or another service or leverage an external service like xip-io which will map any IP to a DNS name.
I am running my server on google app engine and i have all of my services (e.g MongoDB, Redis, Elasticsearch) are deployed on compute engine. Now i wanted to connect my compute engine instances from App engine only that's why i deleted all of my firewall rules of my compute engines which were connecting them from external ip's, now only the instances that are within the internal network of my google cloud project can connect to themselves, now i am just wondering about IP spoofing that as nobody from outside my internal network can connect to my instances now can they fake their ip by telling my firewall that their ip is the ip which any of my instance is having because if that can happen then my whole security will be breached.
Now one question does google cloud project's firewall implement any measures to secure our instances from IP Spoofing or we have to setup something in order to avoid that.
If any of you have any idea about this please enlighten me.
Thanks
It's not quite clear which spoofing scenario you are concerned about. These two come to mind:
External party spoofing packets for your internal network, ie. the 10.0.0.0/8 range. This is not possible as packets inside your network can only come from VMs and VPNs in that private network.
Spoofing packets from other Google / GCE IP ranges; eg. the ones used for external addresses: This should be caught by Google's network ACLs.
I would however not recommend to authenticate based on IP address. For example, if you are communicating over external IP addresses between GCE/GAE entities, it's easy to be too broad, also allowing other GCE/GAE customers. Even if you only whitelist single IP addresses there is a risk that over time, your setup becomes more complex. Imagine for example, if an employee deletes a GCE instance without also removing the IP from the whitelist. In that case, the IP would be released and available to other GCE customers who could then access your service.
Therefore, it's usually safer to use an application level authentication mechanism such as SSL client certificates.
So I've deployed a web server as a VM instance on a google app engine. It's running and I can get to it through the ephemeral ip address. Now I want to point a domain name I have to that VM instance and I am hitting the wall here.
I added a custom domain, but the DNS entry it's injecting is with externally visible IP, which is different from the ephemeral IP of the VM.
My question is, how can I forward all the requests to my web-server running in a VM instance?
In order to send all requests to your custom domain to your web server running in any Google Compute Engine VM instance (including Managed VMs), you need to add some records to the name servers (NS, or DNS) where your domain is being served out of.
You require a DNS A-record, which has two parts: a prefix (sub-domain), and an IP address.
In case you wish to forward your whole domain (including all sub domains, i.e. *.bar.com) to your VM, you need to specify the domain itself (depending on your DNS provider, usually referred to as #, or blank field) as the prefix / sub-domain, followed by your VM's external IP address (ephemeral or static).
In case you wish to only direct a sub-domain of yours (i.e. foo.bar.com) to the web-hosting instance, the prefix / sub-domain part of the A record has to contain said sub-domain.
Can I get the external IP of compute engine instance point to a custom domain name that I own ?
I've found a number of links of accomplishing it with App Engine and therefore, presently I'm thinking of calling the Compute Engine from App Engine. Kindly share your thoughts about this solution as well
You have to create an extenal static IP adress and use it in your own domain DNS setup.
Docs: https://developers.google.com/compute/docs/instances-and-network#externaladdresses
Docs: You can assign an optional externally visible IP address to specific instances. Outside callers can address a specific instance by external IP if the network firewalls allow it. Only instances with an external address can send and receive traffic from outside the network.