We are doing some server set up.
We are using a Api gateway(Ocelot) installed on the server Y which will connect to Apis hosted on server X.
Server X also has a react application.
Server Y is accessible over Internet where as server X is accessible from server Y.
Now the Apis are working perfectly but the react application is not opening through the ocelot ( server Y).
So question is will ocelot open react application?
Are you deploying the ocelot api gateway in a DMZ and the react-app and web services, database behind the firewall and allow only specific access via browser, mobile.
is this a pwa site, then you should be careful about using ocelot for something that is not intended for. ocelot is an api gateway tool/technology and not unlike nginx that can perform this additional activity of routing the calls to web application and web services.
please check the documentation of ocelot api gateway, if it allows for web application routing as well.
Related
New to Container Apps.
I'm trying to understand basic connectivity between services in Container Apps.
Lets say I have a web front in .Net Core and an Web API backend (.Net Core).
Without containerization, I could put the base address of my web api in my app settings of the front end to connect to the api, lets say localhost:5000 etc. Using an httpClient to do the call.
If I containerize the front end and api and deploy it to ACA, what would that look like? I think its would be like:
Ingress external for front end
Ingress internal for api
Port 80 for both front end and web api????
Or do I need to setup a base address of some sort to call the web api? Or an environment variable?
I put both ports to 80 but they cannot seem to connect.
Thanks!
In your "Without containerization" example, if your web ui is running on localhost:8080 for example, and your API is running on localhost:5000 then you'll need to enable CORS on the api. In That example, both your web ui and your api are "external". Anything you need to call from a browser is 'external'.
Internal only are for server to server communication, or microservices communicating with each other.
In your example, you'd deploy both as external apps, this will give you 2 domains https://webui.env.region.azurecontainerapps.io and https://api.env.region.azurecontainerapps.io then you will configure a CORS policy on the api app.
see this for more details
I have an application server running apache on EC2 and I have lots of REST APIs already setup and running on that server.
This server is on the internal network, so, the only access to this server is via VPN client.
I now want to expose some of those APIs to be accessible from the WWW.
This server has only an internal IP address.
I've being reading the API Gateway REST proxy documentation, but still cannot understand how to point API calls to my server.
Any help would be appriciated.
We´re transforming a SAP Fiori launchpad into a PWA by loading a manifest and a service worker from a custom endpoint. The actual server (SAP Gateway) is composed of multiple clients (~tenants) and we use a web dispatcher (reverse proxy) that allows users to access client specific launchpads by mapping HTTPS ports to gateway clients. Applications vary between clients.
Goal: Provide separate PWA installations for each gateway client.
Issue: Chrome on Android ignores the port when checking whether a PWA for the current page is already installed (same origin-domain).
Example:
Instance
Client
Host
Page URL
DEV
100
dev.company.com:11443
/sap/bc/.../FioriLaunchpad.html
DEV
200
dev.company.com:21443
/sap/bc/.../FioriLaunchpad.html
Lets say we install the launchpad PWA for dev.company.com:11443 (client 100) and then access the dev.company.com:21443 (client 200) launchpad using Chrome on Android. Chrome considers that page to be installed as there is a PWA registered for dev.company.com:/sap/bc/.../FioriLaunchpad.html although the port and therefore the origin of the client 200 page differs. Thus, there is no way to install a separate PWA for client 200.
From my understanding PWAs should be (somehow) origin dependent. What am I missing? Is there any way to enforce some kind of same-origin behavior? This works fine using Chrome on Windows btw.
We have developed a web application using angularjs and html5 and Node.js. This web application is hosted on Bluemix using the Node.js runtime. This web application calls an external RESTfull service (we are invoking the REST service using angularjs) which was developed by a third party. This REST API requires an HTTPS connection to call the service. The SSL certificate and certificate password are provided by the API development team. Our problem is how to configure the SSL certificate on Bluemix to call the external REST service over SSL from the web application. Can anyone please help us? Thanks in advance for your help.
To do this properly I would advice to create an API Management Service, where you add your external service as an API together with the SSL settings. You then call this API (proxy) without SSL from your node.js bluemix app.
The proxy will care for SSL, forward the request to the actual service implementation, and provide you also with debugging and analytics capabilities. With having API Management in place, you also benefit from a central place that manages your SSL certificates.
I want to expose a REST-ful service as an API to the outside world on Bluemix Public. Therefore I have a liberty app, containing a REST service implemented in JAX-RS.
Additionally I leverage the "API Management Service" to secure that app, via Plans, Authentication etc. So thanks to the API Management Gateway I have a secure proxy to my service exposed.
Yet, the app that provides my service remains accessible to the outside via the Bluemix route. So, it can be called without any credentials or whatsoever.
Is there a way, to only have my API Management gateway access the service implementation app?
One approach would be to delete the route of the service implementing app, but how would you then bind the API Management to the service?
Happy to hear your thoughts or alternative solutions.
If your API is running on Bluemix Public as a Cloud Foundry application, there is currently not a way to create a route such that it is only accessible by the API management service, but not the the outside world. You should implement security within your jax-rs application (easy to with web.xml security-constraint) and add those credentials to APIm service if you still want to use APIm to get monitoring, throttling, discovery, etc.
Another option would be to deploy the application in a VM and then use Secure Gateway to connect to it:
https://github.com/IBM-Bluemix/onprem-integration-demo