I want to host my pictures in a secure server(https).
My app is using https in all webpages so I don't want to run into problems of
browsers saying that my webpage isn't safe.
And I was wondering if I can do this in Google Cloud Storage.
Google Cloud Storage works just fine over HTTPS. Just retrieve pages from 'https://storage.googleapis.com' instead of from 'http://storage.googleapis.com'.
Note that there's one exception: you cannot use HTTPS for custom domain name buckets. So if you create the bucket 'example.com', you can access it at 'https://storage.googleapis.com/example.com' or at 'http://example.com' but not at 'https://example.com'
I found out that you only need to type manually the https as protocol that it is going to work just fine.
Related
We have a production website running on a host e.g. domain.com
We gonna use haproxy to proxy requests from domain.com to static.domain.com - which is a domain-named bucket in Cloud Storage. Also we have a development version which is also served on Cloud Storage at static.dev.domain.com.
So it turns out that the same page will be available on 3 different domains, which is very bad from the SEO perspective.
My initial idea was to restrict access to domain-named buckets by IP but I see no way to do it. No way for basic http authorization either. Any ideas how to protect static web sites from being indexed?
Actually, it is not possible to restrict the access to one IP from the Cloud Storage console, nevertheless, I found this Public Issue Tracker that requests the restriction of a bucket access by an IP Address. As a recommendation, I suggest you to do a comment and start the issue so you can get notifications about this.
On the other hand, I think that this StackOverflow post could helps you since this one mentions a possible workaround using VPC Service Controls :)
Since my main concern was SEO, to solve duplicate content issue I added canonical url:
<link rel="canonical" href="https://example.com">
We recently changed the IP-address on a server hosting one of our services based on .NET Web API 2.
The service is using OAuth2, providing external logins via Facebook/Google.
We're still using the same server and the same host name for our services, only the IP-address has changed. Now I'm getting back my login URL with "&error=access_denied" whenever I try to login using Facebook/Google.
I have checked every setting in both Facebook's and Google's developer consoles but nothing seems to apply. If I remove the OAuth redirect URI, I get an error that the URL is blocked, so the settings seems to take effect.
What have I missed?
Funny how asking a question makes you think even more outside of the box. The culprit was that wrong DNS-server was set on the web host.
I'll see myself out...
Good evening, just saw that Facebook released his messenger bot toolkit and i immediately jumped right into it to learn more about it and maybe try to do my own.
My problem is that i don't have a https website running and it requires a https valid url. I tried to use my local web-server that has a certificate but it doesn't work.
My question is if this is possible to be done using a localhost url at all.
Thank you in advance
Actually this is possible with localhost. Use ngrok. It allows you to open localhost to the public web, over http or https. This should only be used for testing however.
If you want to test webhooks on your local environment, I would try ultrahook.com, you can get an API Key for free and the tool creates a tunnel from a public URL to your computer. This is from their FAQs page:
You download and run the UltraHook client on your computer. It
connects to UltraHook servers in the cloud and creates a tunnel from a
public endpoint on our servers to your computer. Any HTTP POST
requests sent to the public end point will be sent through the tunnel
an delivered to a private endpoint accessible from your computer.
I have used it to test webhooks from different providers (like payment gateways). In your computer, you can run something like:
ultrahook <subdomain> http://localhost:8000/webhook/
and then configure the webhook URL in your external service to something like <subdomain>.ultrahook.com
My question is if this is possible to be done using a localhost url at all.
No, of course it isn’t – because what such a “callback” actually means, is that Facebook makes a request to your server – and that is hardly possible with localhost.
A valid SSL certificate for your website is easy to get for free these days, via LetsEncrypt. And even if that is not available on your server, there’s still StartSSL, that provide basic certificates for free. All you need is a server you can install them on, or upload them to, or whatever mechanism your hoster provides for it. (And if they don’t provide any, then it might be time to switch.)
With AWS services we have the Web application running from the S3 bucket and accessing the data through the REST API from Load Balancer (which is set of Node.js applications running on EC2 instance).
Currently we have specified URL's as following:
API Load Balancer: api.somedomain.com
Static Web App on S3: somedomain.com
But having this setup brought us a set of problems since requests are CORS with this setup. We could workaround CORS with special headers, but that doesn't work with all browsers.
What we want to achieve is running API on the same domain but with different path:
API Load Balancer: somedomain.com/api
Static Web App on S3: somedomain.com
One of the ideas was to attach the API Load Balancer to the CDN and forward all request to Load Balancer if query is coming on the "/api/*" path. But that doesn't work since our API is using not only HEAD and GET requests, but also POST, PUT, DELETE.
Another idea is using second EC2 instance instead of S3 bucket to host website (using some web server like nginx or apache). But that gives too much overhead when everything is in place already (S3 static content hosting). Also if using this scenario we wouldn't get all the benefits of Amazon CloudFront performance.
So, could your recommend how to combine Load Balancer and S3, so they would run on same domain, but with different paths? (API on somedomain.com/api and Web App on somedomain.com)
Thank you!
You can't have an EC2 instance and an S3 bucket with the same host name. Consider what happens when a web browser makes a request to that host name. DNS resolves it to an IP address (or addresses) and the packets of the request are delivered to that address. The address either terminates at the EC2 instance or the S3 bucket, not both.
As I understand your situation, you have static web pages hosted on S3 that include JavaScript code that makes various HTTP requests to the EC2 instance. If the S3 web pages are on a different host than the EC2 instance then the same origin policy will prevent the browser from even attempting some of the requests.
The only solutions I can see are:
Make all requests to the EC2 instance, with it fetching the S3 contents and delivering it to the browser whenever a web page is asked for.
Have your JavaScript use iframes and change the document.domain in the the web pages to a common parent origin. For example, if your web pages are at www.example.com and your EC2 instance is at api.example.com, the JavaScript would change document.domain to just example.com and the browser would permit iframes from from www.example.com to communicate with api.example.com.
Bite the bullet and use CORS. It's really not hard, and it's supported in all remotely recent browsers (IE 8 and 9 do it, but not in a standard way).
The first method is no good, because you almost might as well not use S3 at all in that case.
The second case should be okay for you. It should work in any browser, because it's not really CORS. So no CORS headers are needed. But it's tricky.
The third, CORS, approach should be just fine. Your EC2 instance just has to return the proper headers telling web pages from the S3 bucket that it's safe for them to talk to the EC2 instance.
Just wanted to add an additional bit to the answer that, if we go with CORS approach and preflight requests adds an overhead to the server and network bandwidth, we may even consider adding header "Access-Control-Max-Age" to the CORS response
Access-Control-Max-Age
I am working on my first app for Facebook and facing (probably) with the SSL problem. If I am testing the app, so it's working well. But then I wanted to test the app by my friend - so I assigned him the role "Tester", he accepted it and I sent him the link to the app.
If he opened the app, he got the error The website is not available - Error 501 (net::ERR_INSECURE_RESPONSE): Unknown error
I started google it and it looks that the cause is the missing SSL certificate on my hosting, where the app is stored.
BUT - how is possible, that the app is working me well without the SSL and to my friend doesn't? If the SSL is required for Facebook apps, why I didn't get the same error?
(I set Secure Canvas URL: to https://example.com/fb-app-directory/, however I don't have at this domain and hosting any SSL certificate).
I never used before SSL. I bought the domain name on Namecheap and hosting on Hostgator. So now, I should buy a SSL certificate from the offer (http://www.namecheap.com/ssl-certificates.aspx) of Namecheap, right?
Would be suitable for the Facebook app the cheapest one?
Look, this SSL problem can only be solved by purchasing a valid SSL certificate or looking for a server which can host your app and is SSL certified such as:
phpfog.com - Provides you with some limited space and database service.
heroku.com - Does not provide any storage space for saving dynamically generated data. To have that service, you have to buy the Amazon buckets service which, again, is a costly affair.
If you don't want to invest any money, I would recommend that you go with phpfog - it is easy and its documentation is pretty good.
You should buy an SSL cert in order for everyone to be able to access your app. Your friend probably has his settings set so that he browses Facebook securely, in this case he is hitting https://example.com/fb-app-directory/, not your actual URL.
The cheapest one isn't the best one, but it should work as long as it's valid. I would suggest using Heroku though, as that way you get everything you need - for free :)
Use a proxy in heroku.com and bring your page in secure domain as https://yourapplication.herokuapp.com/
"Starting October 1, 2011 Facebook will require a valid SSL Certificate for all pages and applications hosted outside of Facebook."
http://www.wpcode.net/fb-ssl.html/
Maybe you are visiting your application with http://apps.facebook.com/... and your friend is visiting with https://apps.facebook.com/....
Another possibility is that your friend has checked "Browse Facebook on a secure connection (https) whenever possible" under "Account Security".
Try ngrok. It exposes a local web server with just one command:
ngrok 80
After this you can access your localhost like this: xxxxxxxx.ngrok.com