We are deploying our app to the EKS, and have a hybrid situation where some services aren't deployed yet within the EKS cluster.
We want the traffic between services deployed on EC2 instances would be encrypted during communication with services deployed in the EKS.
Both apps deployed on EC2 and pods, are java based app deployed on application server.
What is the best practice to do that.. ? In terms of deploying tls certification on the app server, etc...
Related
I have deployed microservice based applications in EC2 instances kubernetes set-up.
my web application is accessible if I add port no of external IP of ingress-nginx with url. but I want it to be accessible with out port no.
same deployment is working without port no in on-prem setup.
all ports are open in aws security settings.
We have an asp.net app that gets deployed to both On-Prem and on Azure VMs. We are trying to figure out how to configure the app so that when deployed on an Azure VM it will use Azure App Configuration Service, but when deployed On-Prem it will continue to use the settings in the config files?
How can we know on app start up whether or not we are deployed on an Azure VM?
If you can, I would recommend you add a special environment variable when you provision your Azure VM or deploy your application. If not, you may use Azure Instance Metadata Service to tell the code is running in Azure VMs.
We are deploying kind of micros services developed in .Net core and will be deployed in Azure WebApp
There will be numerous communications between these WebApps.
Now as WebApp is internet facing, all calls between them will go through internet which will have impact on performance.
Apart from ASE (App Service Enviornment), is there any way we can achieve this?
Yes you can do that with Access Restriction:
az webapp config access-restriction add --resource-group ResourceGroup --name AppName \
--rule-name 'IP example rule' --action Allow --ip-address 122.133.144.0/24 --priority 100
https://learn.microsoft.com/en-us/azure/app-service/app-service-ip-restrictions#adding-and-editing-access-restriction-rules-in-the-portal
ps. AKS would probably be a better option for microservices ;)
There are two ways to have communication over private IP between two web app.
Configure regional VNET integration on either or both web app.
Think of having Azure Application gateway before web app one and configure access restriction to allow access to only application gateway subnet.
https://learn.microsoft.com/en-us/azure/app-service/app-service-ip-restrictions#set-a-service-endpoint-based-rule
Some other use cases
Use Service fabric if you don't want to expose web application to internet.
You can also think of putting both application as backend to API management.
https://learn.microsoft.com/en-us/azure/api-management/api-management-using-with-internal-vnet?tabs=stv2#routing
whenever you have application gateway enabled that time app gateway act as interceptor and forwards the traffic hence both of your web app can communicate over a private IP.
I'm building a small web application for a personal project. It will be an Angular web application which will talk to a Spring-Boot service layer which in turn will read/write stuff to MongoDb.
I hope to host all this on a single EC2 instance in AWS. My question is how to configure a web server (like Apache but doesn't have to be) to 'beautify' the URLs a bit. Example, without touching anything angular will run at something like host:4200 and the service layer at host:8080. I will then have to map a proper domain to host in AWS, but the hiding of ports etc is where it gets murky for me.
I want to be able to hit my web app at domain.com (no ports etc) and I also want my service layer to ideally have a similar setup e.g. domain.com/service (no ports etc).
How do I configure a webservice to do this for me? Examples or pointers to specific examples would be ideal, but even a pointer to the right documentation will be helpful.
This thread is kind of similar to what I want but not too helpful: How to deploy Spring framework backend and Angular 2 frontend application in any online server?
You can use a setup with AWS CloudFront as reverse proxy and CDN cache. You can map the Domain Name and SSL Certificates(You can use AWS issued free SSL Certificates through AWS Certificate Manager) to CloudFront while the EC2 instance is plugged as an origin behind CloudFront as shown in the following diagram.
In the diagram I have optionally added, which is a common practice in designing applications in AWS.
Hosting the Angular App in S3
Using Autoscaling & Loadbalancing for EC2 instances.
You need to use Apache or other web server as a reverse proxy. Start here -
https://devops.profitbricks.com/tutorials/configure-apache-as-a-reverse-proxy-using-mod_proxy-on-ubuntu/
You then will need to setup a custom domain name. The easiest option is to just use an ELB (now called Classic Load Balancer). More details are here -
http://docs.aws.amazon.com/elasticloadbalancing/latest/classic/using-domain-names-with-elb.html
I read that heroku uses what they call cedar containers in their infrastructure which allows developers to use containerisation in their apps hosted on heroku. If I'm not mistaken that is, I'm new to all this.
Is is possible to run docker containers on web servers and integrate them as part of your website? Or at least, come up with a method of converting docker containers into Cedar containers or something similar which are compatible with the web server?
On your own private server I see no reason why you couldn't do this, but when it comes to commercial web hosting services, where does this stand?
You are not running "docker on web server", but running "docker with web server".
I mean, you supposed to package your app into the docker with some kind of web server.
After it, you can call your app in this container as regular web site. Also, you can host this container in some docker host (for example, docker cloud, sloppy.io,...)
As for heroku, may be you'll find this helpful