Accounts for a service are stored regionally. For example, US accounts on US servers, European accounts on European servers. All are behind one DNS name. When you first connect, a Global Server Load Balancer sends you to the nearest location. Since your account might be anywhere, a check is made as to where your account actually resides and that information is cached for every subsequent visit. Now, when you visit the site from within that region, you are redirected to connect to the location your account resides in regardless of where it is located without having to go through the process of rechecking. Is this possible? How to implement? What to use as a cache?
After your application has confirmed the correct location for the user then why not just send a full location redirect to https://usa.example.com/ ?
If you cant do it in the application then you could do it on the load balancer, and example with HAProxy would be:
http-request redirect location https://usa.example.com/
But how do you do the IF part? Well either insert a header from your app that the load balancer can read i.e. x-myappcountry=USA
Or even create your own GEO-IP Database - which is a faff?
https://icicimov.github.io/blog/devops/Haproxy-GeoIP/
Related
I have developed a MEAN stack application. Now I want to host it. I have bought a domain name from BigRock.in and server from Amazon. I am able to run the application on the server and access it like using below URL,
ec2-xx-xx-xx-xx.us-west-2.compute.amazonaws.com
But in order to link my domain name with my application I am confused.
After lot of googling I have the below points,
Create A Record which maps the domain name with the Elastic IP.
Hence I have created an elastic IP for my instace. Below is the image. But I have no idea where to create this record on BigRock site.
When I mailed to the support team at BigRock they told me that I have to contact Amazon to get the name server details to update in BigRock. But I don't have the priviledge to ask Amazon support since it's a free account.
Below is the Name server screen shot that is where I have to update the name serve details of my server. (Names in the below image are by default.)
Can some one who has hosted using BigRock + Amazon or someone who has idea about how to get the name server from Amazon and update it BigRock can share their knowledge.
P.S: I know it's not a programming question but I am not sure where to post this other than SO.
If the server you selected is free or not that's not a big deal for them. they should provide support to configure their server with the domain you purchased. to do that login to your Amazon account using given login details and open up a 'Support Ticket.' and ask from them about name-servers values and give those into your domain purchased place. they will be configure your domain with the given name servers.
I want to store mapping tiles in a private S3 bucket. Each tile has its own URL and each set of tiles could potentially have GBs of tiles.
I then want to visualise these tiles through a front end mapping client (e.g leaflet). This client pulls tiles as it needs them using the tile's individual URL.
Because the bucket is private I need to authenticate each tile request but performance is fairly critical for this application.
Given that I want to use heroku to host my site, is it better to proxy the url through heroku and get it signed before requesting the tile from S3 or proxy the tile itself through heroku?
Are there any other options?
If the content in S3 is private, you are going to have to authorize the download one way or another, unless the bucket policy allows the proxy to access the content without authentication based on its IP address. Even then, the proxy still needs to verify that the user is authorized via (presumably) a cookie, which might mean a session database lookup.
Generating a signed URL is not a particularly expensive process, computationally, and (contrary to the impression I occasionally encounter) the signing process is done entirely on your server -- there's no actual interaction with S3 that occurs when generating a signed URL.
There's not really a single correct answer. I use both approaches, and a combination of them -- signing URLs in the application, signing them in the database (I have written a MySQL stored function that signs URLs), providing a link to a different app server that reads the user's session cookie and, if authorized, generates a signed URL and returns a 302 redirect, providing a link to a proxy server that proxies pre-signed URL requests to S3 (for real-time logging and to allow me to use my own domain name and SSL cert)... there are valid use cases for all of these approaches, and others.
Ideally I think you want to proxy the requests through a server that is authorized to access the S3 bucket to minimize authentication transactions.
Whether it's on Heroku or not, as long as the proxy server is able to authenticate the end user's access and maintain that session according to the required security policies you should be fine.
Cesium does support Proxies for Imagery and Terrain so once that is in place you should just have to configure the CesiumProxy with your server and be good to go.
Here is what I'm sure is a dumb question but I cannot find an answer for.
I purchased a domain name from 1and1 WITHOUT any hosting. I was intending to set it up on my own server which fell through, so I decided that I was just gonna do traditional hosting.
I found a great deal and promotion at Dreamhost for a year of hosting, so I signed up for the hosting service.
Through the 1and1 control panel, I have redirected to the Dreamhost name servers, but I'm not really sure what to do next.
How do I now upload my website files to Dreamhost and load them when visiting the domain that I purchased from 1and1?
I understand this may be vague, and I apologize if so, just want some guidance. Let me know if there is any information I can give to help.
Purchasing your domain through 1and1 is no problem. I'm not extremely familiar with either company or their infrastructure but I can give you a general guideline with an attempt to tailor it to your needs. Hopefully you'll find this helpful.
First step I would personally take would be to update your nameservers at 1and1 to use Dreamhost's. If they are using cpanel, this may be a requirement. Regardless of their control panel, this will likely be the easiest way to manage any updates you need to make. After this you will only need to login to 1and1 to renew your domain or transfer it.
To change your name servers:
1) Log in to the 1&1 Control Panel using your Customer ID OR domain name and your password.
2) Click the Domains link from the Domains & Webspace panel.
3) Check the box next to the domain to select it and click Show DNS Settings from the DNS drop-down box above the list of domains.
4) Click the Edit button next to Name Server Settings.
5) If you are currently using a CNAME with the domain, you will not be able to set which name servers should be used with the domain unless you select DNS from General settings.
Select My name server from the Name server drop-down box.
6) Enter the first name server address into the Primary name server text box.
Select My secondary name server from the Secondary name server drop-down box to add a second address.
Enter the second name server address into the 1st secondary name server text box.
You may add a third and fourth name server address if necessary, but only two are required.
Click the OK button to save your settings.
For step 6, you should be entering the following name servers (unless Dreamhost has provided different servers when you opened your account): ns1.dreamhost.com, ns2.dreamhost.com, ns3.dreamhost.com
Note: you may only be able to enter two of the three listed.
Next you need to login to your Dreamhost control panel for hosting. Ensure you have your domain added. If not, go to Manage Domains and add your domain. It should provide instructions for adding your domain. If you plan to have everything hosted at Dreamhost (as it sounds to me like you do) but sure to selected "Fully Hosted." You can manager your DNS through their domain manager once you are using their nameservers. You can add A records if needed to point to your IP but generally in shared hosting environments, the control panel will perform the basic configuration of the A records for your site.
As always with DNS, it may take some time for your changes to propagate. You may want to flush your dns as well (on your local machine).
edit: Sorry I just re-read your question and realized you accomplished what I answered. Here's some additional steps to get your website up and running:
Are you using a static HTML website? If you are using Wordpress or another CMS/Application, please let me know as the instructions will vary for those types of installs.
If it is a static website, download an FTP Client, if you do not have one already. My personal recommendation is FileZilla, simply because it is free and easy to use but any FTP Client will work. Log back into your DreamHost control panel and look for your server information under "Account Status." It will say "Your Web Server:" followed by the name of the server your account is on. Enter that server name into FileZilla for the IP/Host. Try using your controlpanel login and password and the port would be 21 for standard FTP. If your login does not work, go back to your control panel and look for an option called "FTP Accounts." Go into this section and create a new FTP account. Now use that account for your user and password in FileZilla. This should normally drop you into your website's home folder. If not, look for anything such as "html", "public_html", "www" and upload your files there. Ensure you have an index.html or index.php file.
If you have any additional questions, please let me know and I can update my response to address them.
In order for your site to show up from the Dreamhost hosting, you will need to set the A-record in your DNS at 1and1 to resolve to the IP address that is provided by Dreamhost. Making changes to your 1and1 DNS is not part of my expertise (I work at Dyn), but if you have any trouble, their support team should be able to assist.
Good luck!
CL
I was wondering if it is possible to log into a site with the normal login form (take facebook for example) through a proxy server. Once logged in, can a person disconnect from the proxy and use their normal ISP connection to access the members area on the site without logging in again?
Thanks!
It depends on how the site manages state. If sessions are tied to a particular remote host, then no. Otherwise, there's nothing preventing it. Typically a session is managed via cookies or something similar that the browser sends with every request. Thus whether or not the proxy is there is irrelevant to the maintenance of the session state.
I have a site i am working on that i would like to display only to a few others for now. Is there anything wrong with setting up windows user names and using windows auth to prompt the user before getting into the development site?
There are several ways, with varying degrees of security:
Don't put it on the internet - put it on a private network, and use a VPN to access it
Restrict access with HTTP authentication (as you suggest). The downside to this is it can interfere with the actual site, if you are using HTTP auth, or some other type of authentication as part of the application.
Restrict access based on remote IP. Just allow the IPs of users you want to be able to access it.
Use a custom hostname. Have it on a public IP, but don't publish the hostname. This means make an entry in your HOSTS file (or configure your own DNS server, if possible) so that "blah.mysite.com" goes to the site, but that is not available on the internet. Obviously you'd only make the site accessible when using that hostname (and not the IP).
That depends on what you mean by "best": for example, do you mean "easiest" or "most secure"?
The best way might be to have it on a private network, which you attach to via VPN.
I do this frequently. I use Hamachi to allow them to access my dev box so they can see whats going on. they have access to it when they want , and/or when I allow. When they are done I evict them from my Hamachi network and change the password.
Hamachi is a software VPN. Heres a link to Hamachi - AKA LogMeIn
Hamachi
They have a free version which works quite well.
Of course, there's nothing wrong with Windows auth. There are couple of (not too big) drawbacks, though:
your website auth scheme is different from the final product.
you are giving them more access to the box they really need.
you automatically reimaging the machine and redeploying the website is more complex, as you have to automate the windows account creation.
I would suggest two alternatives:
to do whatever auth you plan on doing in the final website and make sure all pager require auth
do a token cookie based auth - send them a link that sets a particular token in a cookie and in your website code add quick check for that token before you even go to the regular user auth
If you aren't married to IIS, and you need developers to be able to change the content, I would consider Apache + SSL + WebDav (aka Web Folders). This will allow you to offer a secure sandbox where developers can change and view the content without having user accounts on the server.
This setup requires some knowledge of Apache so it only makes sense if you are already using Apache or if you frequently need to provide outsiders access to your web server.
First useful link I found on the topic: http://pascal.thivent.name/2007/08/howto-setup-apache-224-webdav-under.html
Why don't you just set up an NTFS user and assign it to the website (and remove anonymous access)