Does anyone know how to easily setup https for a rest api in google compute engine ? I have currently a static ip and the api works over http but in the browser when I call it I get mixed content error because the client is server over https (firebase hosting)
Is it possible to setup https with only a static ip (and not a domain name) ?
-Jani
Is it possible to setup https with only a static ip (and not a domain
name) ?
Yes, it is possible, but since 2016 you cannot purchase an SSL certificate with a public IP address. You can use a self-signed certificate but you will have even more browser issues. Not recommended.
Possible Options:
Use your domain name (or purchase one) and use Let's Encrypt for SSL which is free and is one of your better options.
Use a different service such as Cloud Run, Cloud Functions, Firebase or App Engine which offers SSL and does not require a domain name that you own as you can use Google's endpoint.
Attach a Google Load Balancer in front of your Compute Engine instance and configure a front end with a Google Managed SSL certificate. However, this will require a domain name.
If you do not want to use your own domain name, then option #2 is your only choice.
To setup https for a rest api in google compute engine:
1- You have to buy a domain
2- You have to buy an SSL certificate
3- create a load balance resource in Google Cloud to which I assign the domain and the certificate
4- You can install the certificate to the server directly
If you want to use https over IP instead of domain, please follow click here
Related
I want to set up an AWS Application Load Balancer with an HTTPs listener so I can integrate with OIDC.
I don't need a custom domain.
To set up HTTPs, I need a certificate. How do get a certificate for the default domain name (something like my-alb-000000000.us-west-2.elb.amazonaws.com)?
I don't think I can use ACM for that but I'm not sure.
I don't think this is possible, you need to use TLS certificate of some kind with ALB to use HTTPS.
I have a .dev domain that requires the website to be hosted using HTTPS.
I am hosting a static website on GCP. For the HTTPS Certificate, I've created one using Letsencrypt and also tried using GCP generated Cert.
I am using a Load-Balancer setup to use the HTTPS cert and serve the static website out of Storage bucket.
However when I go to my site I am told it is not secure. I am currently using GCP generated Cert, waited 12 hours and I get the following error.
How can I fix this so that I don't see it, nor need to add an exception. In this case I am even unable to add an exception with a .dev domain.
Also I have a follow up question. How can I force all HTTP traffic to use HTTPS using the Load-Balancer?
I got this working by doing the following:
Change Load-balancer IP from ephemeral to static.
Add A record of Load-balancer IP to DNS record.
Side note: if you got a Static website working with HTTP, you will also need to change the CNAME entry pointing to c.storage.googleapis.com. to an A record with the IP record of the Load-balancer.
I have an Azure web app up and running, using a custom domain purchased outside of Azure... and that all runs fine. So I have https://myappname.azurewebsites.net/ loading fine with my domain name URL https://www.myappname.com
I'm trying to upgrade the web app, though using Azure Traffic Manager. I've cloned the app a few times, each on its own app service plan, and I have the traffic manager all up and running fine. I can successfully hit different versions of my cloned website based on the traffic manager configuration profile... so no issues there.
The only issue is that I can only access the "traffic managed" version of my website via the standard azure URL -> myappname.trafficmanager.net.
All examples I've seen say all I really need to do now, is go into my DNS Management screen, and add domain forwarding, however, my online DNS management tool does not offer this option.
I can't really change my A record in the DNS management screen, because I don't know the IP address of myappname.trafficmanager.net
Every place I've tried to change the name of the current/working Azure URL (like in awverify text files, www cnames, etc.) does nothing. The DNS still points to the single instance which remains in the IP address od the DNS managers A record.
Also, since my live/single instance is linked to the domain name (along with the SSL binding), I can't add those properties to the clones, which makes sense....only one version can be live. However I could unbind that when I make the switch from the single instance web app to the traffic managed set of clones, but I fear I can only bind that to one of the clones. I can't seem to bind it to the myappname.trafficmanager.net version, which might cascade down to all of its endpoints. Is there a way to bind my domain name and SSL cert to more than one version of my web app?
Thanks!
Is there a way to bind my domain name and SSL cert to more than one
version of my web app?
I don't think you can do that unless you have two different domains or subdomains with each own SSL cert. Each web app hostname is unique globally and each SSL binding is attached with the web app domain name.
If you have a purchased domain and just keep the default xxx.azurewebsites.net as each hostname. Then you could configure the two Azure app serves as the endpoint of TM.
By default, Azure provided a wildcard cert for this domain *azurewebsites.net, so you can automatically access this hostname with HTTPS without any extra cert. Then use a CNAME record www in the domain domain.com in your DNS provider to point to the traffic manager hostname myappname.trafficmanager.net. Since Traffic Manager works as DNS level, it does not validate the server and client SSL, you could safely ignore the SSL warning when accessing with traffic manager hostname.
Feel free to let me know if you have any question.
My app is a Laravel app, running on Nginx, provisioned by Forge, and SSL certificates are provided by CloudFlare.
It is hosted at a URL like https://www.myapp.com
My app’s customers are businesses, and already own their domains:
https://www.customer1.com
https://www.customer2.com
https://www.customer3.com
etc.
I want my customers to run MyApp from the sub-domains of their choice:
https://some-name.customer1.com
https://some-other-name.customer2.com
https://any-name-they-want.customer3.com
etc.
My customers should not install anything — MyApp still runs on myapp.com, not on their servers
My customers should only (if possible) modify their DNS, probably add a CNAME like "some-name” that points to “myapp.com”
I followed this amazing article: Dynamic custom domain routing in Laravel.
but I can't get it to work in an https (with SSL) environment -- the browser returns:
This site can’t provide a secure connection
some-name.customer1.com uses an unsupported protocol.
ERR_SSL_VERSION_OR_CIPHER_MISMATCH
The client and server don't support a common SSL protocol version or cipher suite.
How should Nginx and/or SSL certificates be configured?
This is still a question which is not very simple.
However, Caddy does generate SSLs automatically (if replacing Nginx with Caddy is an option for you).
You can check the documentation for more.
I am using URL Shortener API to shorten our mobile app download link. (https://www.googleapis.com/)
We have some restrictions on our server such that we don't allow unrecognized IP access.
So I would like to know what would be the IP range that googles use when the URL is shortened using this API (https://www.googleapis.com/).
This will help us to configure our security settings to allow access to these IP's
google-apis-explorer
When you say "using the URL Shortener API", are you referring to making calls to this API from your server (as in outbound traffic is IP restricted) or using the short URL to reach your server (as in inbound traffic is IP restricted)? I'll go ahead and answer both possibilities, but please clarify if these weren't what you meant.
If you're trying to allow calls to this API from your server with outbound traffic IP restricted
The URL shortener API can be called through any of Google's IP addresses. There's no way to get a list of these because they will vary by location, load balancing, etc. Plus, you wouldn't want to attempt to restrict by IP this way because whitelisting even one of Google's IP addresses would allow calls from your server to all of Google's services. This likely includes any service hosted on Google Cloud, which could be a proxy, meaning literally anything in the world could be called this way; you'd be entirely eliminating IP restrictions on your server.
If you're trying to shorten your server's URLs using this API and your server has inbound traffic IP restricted
You shouldn't need to do anything. These URLs are just domain redirects. In the end, the user ends up visiting your website (server) using its actual long URL (there's no proxying), so just whitelist the allows users' IPs and it should work.