Background
Before dotCloud decides to shut down its free sandbox service, I used it as sort of a reverse proxy to reroute all requests to a particular domain, to a local server of mine in which I'm hosting a Mono based application (.NET 3.5 web app running on a Cent-OS Linux). Essentially, the domain forwarded the requests to my dotCloud app and the app, through SSH, to my local server.
Question
I wonder if similar setup is possible with Google App Engine. Any help is appreciated.
More Information
I got the idea from here. My dotCloud app is nothing but a Nginx configuration file that forwards all http(s) requests to a SSH port that was bound to a local port (which I configured for my web server to use).
As for my motive, well, I bought a host service with PHP stack and later on decided not to use PHP. So in order to avoid another purchase I used dotCloud.
Related
I have a static website (React SPA) hosted as an Azure Static Web Application, I also have a flask backend that is hosted online, is there a way for me to add the URL of the backend so that all requests will go there? (Similar to adding a proxy to package.json in React)
According to your problem description, my understanding is that your backend program has been hosted online.
Now you want to allow Azure Static Web App to access this service. Suppose this service has an interface /MyTestController/TestConnection. You want the webapp program to pass, similar to http(s)://yourdomain.com/MyTestController/TestConnection or 167.2**.255.*2:8080/ MyTestController/TestConnection to access this interface, right?
Please use the following methods to troubleshoot and test.
Step 1.
Check the public network address on your backend server, because you are not sure where you are deployed, whether it is a LAN host or a third-party network service provider. You can check whether the host address where your service is located is on the public network or on the internal network.
If you are deploying on your own PC or LAN host, and get the intranet address, then this service cannot be accessed.
If you are deploying on a third-party cloud server or web service, you can open the specified port or service by setting relevant settings in the third-party server.
The specific details need to tell me how you deploy your backend program to better help you.
Step 2.
The simplest way to deal with it is to create a python webapp program in the Azure service and deploy your back-end service.
Of course, it is recommended that you troubleshoot the problem first. At present, your backend service public network should not be accessible, so you want to use proxy to handle it. Specific problems are analyzed in detail.
If you have not deployed the service to a third party, just deploy it on your own PC and other LAN hosts. As a test, you can use tools such as oray to try.
I am running my app on Google App engine and I have linked my domain which I bought from GoDaddy to the app engine along with the SSL which I have also bought from GoDaddy.
I read it on many sites that running server on port 80 without Reverse Proxy can cause you major security issues. But I can't see which of these issues are they talking about. Also as I am running my app on port 5555 I even tried to ping my domain and the IP was 216.239.XX.21 where X possible values can be (32, 34, 36 and 38) which is same for all other App Engine server. So I think that as if any hacker/malicious user tries to do something malicious to my app then in order to do that he/she have to know my IP which App Engine is hiding by default.
So, I want to know as App Engine is already hiding my IP so do I have to use any Reverse Proxy Server like Nginx on my App Engine or not ??
Also if I need to use Reverse Proxy then I saw these two posts nginx-as-reverse-proxy-for-google-app-engine-application
and using-nginx-as-a-reverse-proxy-for-speedy-app-engine-development/.
Where in First Post it is not recommended to use Reverse Proxy whereas in Second Post it is recommended to use Reverse Proxy. That's why I am confused which would be a better approach.
Please Help Me Guys.
After posting this question on Google groups they told me that There is no need for setting up reverse-proxy for both Flexible and As well as Standard Environment.
App Engine instances in the Standard environment 1 do not have public static IP addresses, and are completely protected by the main
Google Front-end server. Requests to your application first hit the
Google Front-end, then the front-end performs the SSL security checks
according to your uploaded certificate [2], and then forwards the
request to your App Engine instances using their internal IPs.
Therefore no reverse-proxy is required.
If you are using the App Engine Flexible environment [3], you are able to have static IPs for your instances as they use Compute Engine
VMs [4]. But, App Engine automatically loads Nginx proxy in front of
every App Engine Flexible instance pre-configured, so you do not have
to set this up at all. All you have to do is follow the guide to
uploading your SSL cert [5], and requests will be vetted by the Google
Front-end just like the Standard environment above. Therefore no added
reverse-proxy is required.
Full answer can be found here issue
Google Compute Engine instances can be secured behind a firewall that allows you to open the instance by ports and/or IP addresses.
Google App Engine doesn't use a single IP address.
I have a Compute Engine server running Nginx that I would like to completely lock down so the only way to access it is through an application on Google App Engine, is this possible?
If not, is there a simple way to send a POST request with a string of characters to Nginx, that if not present, the Nginx server would send people to a 404?
Use HTTP authentication as per the question Dan has linked to. There is no viable network/IP/firewall mechanism to restrict access.
The HTTP authentication works just fine!
I have a web application running on Google App Engine and need to provide near real time updates to connected web clients. One way would be to use the Google App Engine Channels API, but I'm a bit uneasy about using a proprietary solution.
Are there any reliable hosted services allowing for clients to connect using Socket.IO (with all its supported fallback protocols), and a web server solution running on Google App Engine to publish notifications to it? Any other alternatives that offers the same functionality?
You looking for something like beaconpush.com?
I have the same problem as you.
I've thought about using the Channel API as well however the free quota is quite low (100 channels created per day, each client is one channel).
Here's the solution I'm building:
All of the server logic runs in app engine python runtime
app engine serves all the html and client code
I run a node.js socket.io server on dotcloud (using their free tier)
the node.js server sets up an http server that listens to get requests on a few special url endpoints (ie: myapp-on.dotcloud.com/room/[room_id]) and when it gets called it triggers the socket.io broadcast to the appropriate clients
html clients generated on app engine connect to my myapp-on.dotcloud.com
All user input in the client is sent to app engine via a normal ajax post/get
when the app engine server code needs to push something to the client it makes a url fetch on the appropriate url (myapp-on.dotcloud.com/room/[room_id]) that triggers a message push via socket.io to the connected clients
I'm yet to implement this, but sounds like a workable plan
the idea is to keep all the logic in app engine and only use the socket.io server as a message pusher
From this question I learned that Google App Engine does not currently support SSL on "custom domains" (at least not as of June 2010, when that question was asked).
Does this mean if I want to host my GAE app on www.mydomain.com, I cannot use SSL?
A few days ago it comes into tests.
Priority:
It is at the top of the Features on Deck list.
http://code.google.com/appengine/docs/roadmap.html
Simultaneous serving:
A custom domain hosted app such as http://www.mydomain.com can still be accessed on its ssl appspot subdomain such as https://yourapp.appspot.com
Issue:
http://groups.google.com/group/google-appengine/browse_thread/thread/844dc97fbfc57bab/0c8651f00072f9ea?lnk=gst&q=ssl#0c8651f00072f9ea
(As the others on here have said) SSL is not currently supported for your own domain. It is aparently on it's way but has been for some time, I believe it is currently only available to a select few Google App Engine for Business customers.
The temporary solution which many (myself included) are using is to setup a reverse proxy from another hosting service (Amazon EC2 in my case) to route SSL traffic.
If your app suits the situation where your URLs are not of importance, you could setup an SSL site somewhere and access your https://xxx.appspot.com version from within an iframe
Either way until GAE offically supports SSL via your Google Apps domains, you will need an external service to workaround it.
Custom SSL is available for App Engine since 27 Jun 2012.
You can setup it from your domain's control panel:
https://developers.google.com/appengine/docs/ssl
All secure traffic with Google App Engine must be served from your appspot.com domain (https://your-app-id.appspot.com). If you are serving your app off of a Google Apps domain, you must direct all secure traffic through your app's appspot domain.
This is what is written in google app engine documentation. That means. SSL is supported on appspot.com domain
You can get SSL to work on your custom domain hosted on AppEngine, however you need to run a reverse proxy that can modify the host header to do so. If you want to setup a reverse proxy yourself, you can do so following these instructions:
http://radomirml.com/2011/01/30/reverse-proxy-for-gae-application-using-nginx-and-ssl
Alternatively, you can use a reverse proxy service like CloudFlare. The process of getting SSL to work with an appspot.com domain is documented on the CloudFlare Blog:
http://blog.cloudflare.com/ssl-on-custom-domains-for-appengine-and-other
You can use wwwizer.com - it is a reverse proxy service with SSL.
You get an individual IP and it is showing your app both on http and https ports. It is cheaper and easier than hosting the whole server yourself.
This is my service, so, yes, this is blatant advertising :-)
Here's a HOWTO I wrote up explaining how to do SSL on your custom domain using CloudFlare:
http://blorn.com/post/20185054195/ssl-for-your-domain-on-google-app-engine
Since Sdk 1.7.0, released at Google I/O, developers can serve their applications via HTTPS on custom domains using both SNI (Server Name Indication) and VIP (Virtual Ip) based SSL.