I am working in an environment where there are multiple services hosted. A service(consider web services) exposes some APIs and also acts as client to call other services too.
Now what I want to achieve is that if Service A (acting as client) wants to talk to Service B(acting as server here) using http , then I want to intercept outgoing HTTP request and redirect it to localhost proxy.
There are multiple services running on a host and a service also talks to multiple other services, so I don't want to change the configuration of every outgoing endpoint configuration to point to proxy.
Sample configurations:
Following are the services endpoint which service A connects while doing some processing like:
a1.example.com:2430
a2.example.com:8280
a3.example.com:4380
a4.example.com:4280
a5.example.com:3158
a6.example.com:8238
I have looked into configuring squid proxy as transparent proxy. But how should I enforce every outgoing connection (with different destination ports ) to redirect to localhost proxy.
Related
I cannot for the life of me get the AWS API Gateway HTTP Proxy to work, i.e. redirect http://<my-domain>.com to https://<my-domain>.com. Here is how I set it up:
Using the Test functionality on the ANY method inside the resource works. But if I simply do curl http://<my-domain>.com or run http://<my-domain>.com in Chrome, it fails to connect; https://<my-website>.com works just fine. I'm driving myself crazy trying to figure out what I'm missing here; it seems like it should just redirect http://<my-domain>.com to https://<my-domain>.com, but it doesn't (even on different devices).
So, it turns out that API Gateway's HTTP Proxy allows HTTPS traffic to go to an HTTP endpoint, but not the reverse. In fact, API Gateway won't even establish a connection on port 80; from the FAQ:
Q: Can I create HTTPS endpoints?
Yes, all of the APIs created with Amazon API Gateway expose HTTPS
endpoints only. Amazon API Gateway does not support unencrypted (HTTP)
endpoints.
API Gateway doesn't support unencrypted HTTP traffic. Here are the possible options you can do to secure your website:
If you have access to the server that hosts the website, install an SSL certificate to the webserver.
If the website is hosted on EC2, you can set up a load balancer and let it do the SSL termination.
We are planning to build a reverse proxy server for our enterprise to make some external API calls.
Currently, our microservice applications are hosted on the PCF environment. For any external (on the internet) calls, we make use of the PCF proxy server to communicate.
Now my use-case is to build a reverse proxy server(Spring Zuul) to route to external APIs through the PCF proxy. However, the microservice applications wouldn't pass any proxy information on the request to the zuul server. So, this needs to be added by Spring Zuul reverse proxy server.
Problem:
How to add HTTP proxy details to the coming request from zuul server?
Any documentation also would be really helpful.
We are using Oracle Service Bus 12c. On our developer server, the default domain configured in jDeveloper runs. The OSB exposes the defined SOAP services locally on port 7101. We wanted these services to be accessible also externally, so we forwarded a port from a firewall server.
Now the SOAP service can be called from the outside, but the generated WSDL (at [serviceurl]?wsdl) states localhost in the address tag at the binding as the location of the server instead of the firewall's IP.
I have tried to set the frontend host and the remote address overwrite properties under protocols -> http for the server, but neither changed the value in the generated WSDL.
Where can I configure the server location for the generated WSDLs?
I'm using a package that connects to a database and presents the database schema as APIs. The package provides the service as a webserver. I can choose to use any port, but it's still HTTP. Even if I run it with port 443, requests must be in the form of http://mydomain:443/
I may be forced to provide the service through SSL. Is it possible to run a webserver which would redirect HTTPS requests to redirect to the package running HTTP on port 80, with the outgoing traffic going back through the webserver to clients as SSL? Essentially, I need some kind of wrapper around the existing app to provide SSL.
If such a thing is possible, which webserver would be the best choice and easiest to administer on Linux?
I am going to use Secure Gateway service in Bluemix and I have some questions about how I should make it work.
Systems in my data center's intranet access the Internet through a proxy (with no authentication). Can Secure Gateway connect to Bluemix via a proxy?
Does it connect to Bluemix via HTTPS protocol?
The network admins asked me: What are the IPs (or the IP range) of Bluemix, any idea?
Thank you very much.
A Secure Gateway instance runs in two parts, as shown in "Reaching enterprise backend with Bluemix Secure Gateway via console": the gateway and the gateway client. The gateway runs in Bluemix, the gateway client runs in the data center containing one or more systems of record to connect to. The gateway client needs network access to the Bluemix data center (typically via the Internet) and to the systems of record (via the data center's internal network). The gateway client initiates the connection, so it needs to know Bluemix's address, but Bluemix doesn't need to know the gateway client's address.
To answer your questions specifically:
A proxy isn't supported. The gateway and its client need direct access to each other.
The connection uses HTTPS for SSL encryption. The transport level security (TLS) options can be used to add authentication.
Bluemix's IP addresses aren't published.
For point 3:
The client connects outbound to the cloud services. Once the SecGW is connected, all additional Destination connects flow through that connection, no additional firewall or iptables rules are needed. If they have a rule in-place so that the on-premises machine where the SecureGateway client is installed can use the outbound port 443 (HTTPS) to make connections, that is all they need.