hope you are all good.
I'm facing an issue with my frontend instance.
Actually, we have a frontend hosted and secured by OpenVPN credentials. That means, no one can access it without a connection to our VPN. That configuration works well, but still one issue with axios proxies.
Quick notes:
we are not using server-side rendering
frontend hosted in AWS CloudFront
backend deployed to AWS EC2 instances
This is the current configuration in my nuxtjs frontend nuxt.config.js file:
{
...,
proxy: {
'/api/': {
target: !process.env.FLAVOR
? 'http://localhost:8009'
: (process.env.FLAVOR === 'production'
? 'https://api.domain.tld'
: 'https://' + process.env.FLAVOR + '-api.domain.tld'),
pathRewrite: { '^/api/': '/v1/' }
}
},
...
}
This solution helps me to avoid all environments easily, without setting each URL inside my environment variable in Dockerfile, and also the CORS policy.
In that way, if I check the console inspector and verify the network tab, I got access denied because not connected to the client. How do VPN and proxy really work? Are the requests called client-side or server-side?
Thanks by advance for helping me.
Related
I am trying to have users access Keycloak from a different hostname through a proxy. Instead of the actual AWS hostname aws.exampleurl.com:8080 I have a proxy which routes all traffic from example.hostname.com/auth to the AWS url. I am able to access the Keycloak welcome screen and kick off the administrator login (with failed CSS loads which I assume is due to the same issue but I'm not sure), but when I input a set of credentials I am told that there was no cookie found. I have the cookies set to allow all in my browser (Brave).
I have set the HOSTNAME_URL env var to example.hostname.com/auth, tried using a mixture of the HOSTNAME and HOSTNAME_PATH env vars. I have tried setting HOSTNAME_STRICT to false, but to no luck. I've tried restarting the service and restarting the database I have running with Keycloak but these changes have also not worked.
Any ideas on how to get this running correctly would be amazing. Let me know if more info is needed to reproduce.
Im running my nextjs (UI only) application on localhost http://localhost:3000/, this localhost has to connect to BE API (another hosted service) say https://test-api/api/graphql. This API is called from FE on path http://localhost:3000/api/graphql which connect to https://test-api/api/graphql with the help of nextjs rewrite function
async rewrites() {
const rewrites = [];
rewrites.push({
source: "/api/graphql",
destination: "https://test-api/api/graphql",
});
return rewrites;
},
Now looks like my BE api https://test-api/api/graphql is doing a force direct for path http://localhost:3000/api/graphql to https://localhost/api/graphql
And now since https://localhost/api/graphql is not existing, I'm unable to connect to the BE API. Any idea what can i do in nextjs config so that even if redirect is happening I'm still able to connect to my BE API
Facing this issue only on local environment, hosted nextjs application is not having this issue as it is already on https
I’m currently experimenting on Metaflow. I followed the documentation and was able to deploy an aws setup with the given cloud formation template.
My question is why is that I’m always getting a:
message: "Missing Authentication Token"
when I access METAFLOW_SERVICE_URL in the browser, even if I made sure that the APIBasicAuth was set to false during the creation of cloudformation?
Shouldn’t this setting make the metadata/metaflow service accessible without the authentication/api key?
How can I resolve this? Or is this expected? That is, I cannot really view the metadata/metaflow service url via browser?
Thanks in advance
This was resolved under this github issue.
You still need to set the x-api-key header if you are trying to access the service url via the browser. To get the api-key you can go to the aws console
Api Gateway -> Api Keys -> show api key
Alternatively you can use the metaflow client in the sagemaker notebook which should be automatically setup for you via the template.
Also worth mentioning that there are two sets of endpoints: The one provided by the api gateway (which you seem to be hitting) and the one provided by the service itself. The api gateway forwards the requests the the service endpoints but needs the x-api-key to be set in the header. You can probably try hitting the service endpoints directly since you disabled auth.
I have ACL on for Consul, and have tried many ways to specify the token to use for service discovery. The config ACL token works fine, and the discovery ACL token works for registration (I can see my services in the Consul UI). I see the code for AgentConsulClient.agentServiceRegister() supports the token with this:
UrlParameters tokenParam = token != null ? new SingleUrlParameters("token", token) : null;
Nothing similar is supported in CatalogConsulClient, as far as I can tell. When called from Spring Cloud's ConsulDiscoveryClient, no token is passed, regardless of how it is set. Logs show the call being made without the token, and getting back a valid response with none of the registered services listed. I don't see how to have ACL on for registration but off for discovery. What am I missing? Is nobody actually using ACL if using discovery? (It works fine in the development environment with no ACL). Do I need to edit the source to add the token support from the agent service to the catalog service? Has anybody had success doing that?
BTW, could not tag this with spring-cloud-consul. Add it if you can.
ACL support for Consul catalog services is in consul-api v1.1.11 and will be (I hope) part of spring-cloud-consul 1.0.3.RELEASE. The 1.0.2.RELEASE version still uses consul-api-1.1.10. Update: confirmed to be in Camden.SR3.
Gradle:
'com.ecwid.consul:consul-api:1.1.11',
'org.springframework.cloud:spring-cloud-consul-dependencies:1.0.3.RELEASE'
I've built a simple translate service with Node-Red and Watson. The service is ok when called directly from the browser but I have an error ( CORS ) when call the service via http from my Angular app.
Does Bluemix allow CORS ?
Thanks in advance.
Generally speaking Bluemix supports applications that are composed of many independent services deployed to different hostnames. For each application (which can be a service API) that you push to Bluemix, the name you provide will be prepended to .mybluemix.net. If your application follows the best practices of a microservices architecture you will probably have two or more subcomponents that live on different hostnames. Now if you have a front-end that needs to aggregate information from these other Bluemix apps (your AngularJS app) by default the access to other subdomains will be forbidden.
The solution is to take advantage of the standard HTTP headers that are available to control cross-origin resource sharing (CORS) on the Bluemix services that you wish to provide to JavaScript clients:
Access-Control-Allow-Origin
Access-Control-Allow-Methods
Access-Control-Allow-Headers
Take a look at the following blog post: Cross-origin resource sharing for Bluemix APIs.
add these code lines in your bluemix-settings.js and repush your app
// The following property can be used to configure cross-origin resource sharing
// in the HTTP nodes.
// See https://github.com/troygoode/node-cors#configuration-options for
// details on its contents. The following is a basic permissive set of options:
httpNodeCors: {
origin: "*",
methods: "GET,PUT,POST,DELETE"
},
Add this code after " functionGlobalContext: { }, "