I have a static web site hosted on blob storage in Azure. I create an Azure CDN profile using Verizon standard account. I need to forward http requests to https automatically. I see a bunch of articles showing how ot do this with the rules engine but I cant seem to access it on my endpoint.
Related
We have successfully built a Firebase application with Firestore, functions, hosting, auth. Now we are working on an Atlassian confluence integration and a global rollout. The confluence plugin rest endpoints are served by an express app.
What is the proper way to achieve a unique url in all countries around the globe, e.g. https://myapp.com/confluence/api with no or at least acceptable latency to serve health checks as well? Is a hosting rewrite to function serving the express app enough? Do we need to manage any replication to regions around the globe by ourselves?
Thanks a lot for any advice.
You can use the Firebase hosting to connect a custom domain:
use a custom domain (like example.com or app.example.com) instead
of a Firebase-generated domain for your Firebase-hosted site.
Firebase Hosting provisions an SSL certificate for each of your
domains and serves your content over a global CDN.
Note the following about connecting custom domains:
Each custom domain can only be connected to one Hosting site.
Each custom domain is limited to having 20 subdomains per apex domain, due to SSL certificate minting limits.
When Firebase verifies domain ownership, an SSL certificate is being provisioned for your domain and it's being deployed across Firebase global CDN (content delivery network). This delivery network cashes your content on Firebase edge servers' SSDs to ensure quick content delivery and low latency globally.
I cannot link an existing CDN that we use for the streaming endpoint. Should I be able to do this? I can only enable the default endpoint which creates a CDN profile called AzureMediaStreamingPlatformCdnProfile-StandardVerizon. Is it possible to link the streaming endpoint to an existing CDN?
From the Azure Media Services UI or API you can enable Azure CDN and use an existing Azure CDN profile or create a new CDN profile. A CDN profile represents a specific Azure CDN SKU and specific CDN provider (e.g. Verizon). Azure Media Services then handles the creation/deletion of the Azure CDN endpoint - which represents the CDN configuration. Azure Media Services API / UI does not allow one to select an existing CDN endpoint to be used with a streaming endpoint. The use of an existing CDN endpoint is only possible by using the Azure CDN API/UI to set the origin for the CDN endpoint to point to the streaming endpoint hostname. There are the following downsides to this approach - 1) You will need to use the CDN endpoint hostname (e.g. xxxxx.azureedge.net) to make use of the CDN 2) You will see data transfer charges for CDN cache fill traffic - i.e. traffic from the streaming endpoint to individual CDN POPs. This is typically a small % of your overall charges assuming you have a high cache-hit ratio (e.g. +90%) for content on the CDN.
We have following structure for my application. currently we have used Any for both source and destination (on port 3389) while defining NSG rule for our Service Fabric to allow calls from mobile app. But our security team has raised concerns on Any-Any rule. Is there any way to optimize this?
Note: our mobile app is public and anyone can download from app store.
Any to Any rule open SF for attach really so you should limit the IP from your traffic manager given your current model.
Azure API management already have build in support for Service Fabric so my suggestion is to remove the traffic manager between then API management and SF. Then you can do is to limit the traffic to SF only from the API management which is much easier.
https://learn.microsoft.com/en-us/azure/service-fabric/service-fabric-api-management-overview
Authentication requirement you can delegate that to the API management ie validate JWT token
According to this post from 2014, https is not available to static sites on google cloud engine: https://stackoverflow.com/a/22767544/46799
Is this still the case? If so, are there any plans add this functionality?
My site is hosted on GCS and I have a cname entry which maps my url to a bucket on GCS. I need to start providing access to the site through https now, am I out of luck?
This is still the case, sorry. You can access GCS via HTTPS, but not via CNAME redirects.
With AWS services we have the Web application running from the S3 bucket and accessing the data through the REST API from Load Balancer (which is set of Node.js applications running on EC2 instance).
Currently we have specified URL's as following:
API Load Balancer: api.somedomain.com
Static Web App on S3: somedomain.com
But having this setup brought us a set of problems since requests are CORS with this setup. We could workaround CORS with special headers, but that doesn't work with all browsers.
What we want to achieve is running API on the same domain but with different path:
API Load Balancer: somedomain.com/api
Static Web App on S3: somedomain.com
One of the ideas was to attach the API Load Balancer to the CDN and forward all request to Load Balancer if query is coming on the "/api/*" path. But that doesn't work since our API is using not only HEAD and GET requests, but also POST, PUT, DELETE.
Another idea is using second EC2 instance instead of S3 bucket to host website (using some web server like nginx or apache). But that gives too much overhead when everything is in place already (S3 static content hosting). Also if using this scenario we wouldn't get all the benefits of Amazon CloudFront performance.
So, could your recommend how to combine Load Balancer and S3, so they would run on same domain, but with different paths? (API on somedomain.com/api and Web App on somedomain.com)
Thank you!
You can't have an EC2 instance and an S3 bucket with the same host name. Consider what happens when a web browser makes a request to that host name. DNS resolves it to an IP address (or addresses) and the packets of the request are delivered to that address. The address either terminates at the EC2 instance or the S3 bucket, not both.
As I understand your situation, you have static web pages hosted on S3 that include JavaScript code that makes various HTTP requests to the EC2 instance. If the S3 web pages are on a different host than the EC2 instance then the same origin policy will prevent the browser from even attempting some of the requests.
The only solutions I can see are:
Make all requests to the EC2 instance, with it fetching the S3 contents and delivering it to the browser whenever a web page is asked for.
Have your JavaScript use iframes and change the document.domain in the the web pages to a common parent origin. For example, if your web pages are at www.example.com and your EC2 instance is at api.example.com, the JavaScript would change document.domain to just example.com and the browser would permit iframes from from www.example.com to communicate with api.example.com.
Bite the bullet and use CORS. It's really not hard, and it's supported in all remotely recent browsers (IE 8 and 9 do it, but not in a standard way).
The first method is no good, because you almost might as well not use S3 at all in that case.
The second case should be okay for you. It should work in any browser, because it's not really CORS. So no CORS headers are needed. But it's tricky.
The third, CORS, approach should be just fine. Your EC2 instance just has to return the proper headers telling web pages from the S3 bucket that it's safe for them to talk to the EC2 instance.
Just wanted to add an additional bit to the answer that, if we go with CORS approach and preflight requests adds an overhead to the server and network bandwidth, we may even consider adding header "Access-Control-Max-Age" to the CORS response
Access-Control-Max-Age