I have a Heroku app that uses nodejs to serve a static web page https://foda-app.herokuapp.com
Heroku does not provide a fixed IP and I really need one for a personal project, so I'm trying to use Google Cloud's VPC reserved static external IP addresses.
I was able to reserve the IP but I'm not sure how should I link it with my Heroku app, since the Google Cloud offers so many options and services. I just wanna redirect all traffic from this IP to the Heroku app and I can't find a simple way to do it.
I need to create a global forwarding rule but I can't find a way to achieve this without using a lot of other services. Do I need a VM instance? Do I need a load balancer? Should I use VPC routes or Cloud DNS? I'm overwhelmed with all those services.
Please can someone tell me if it's possible, and what is the simplest way to achieve this?
You can achieve this using below two ways. -
Use a third party addon on heroku. eg. https://devcenter.heroku.com/articles/quotaguardstatic
Setup a proxy server on the static IP, and redirect all traffic to the desired Heroku url.
Details for step 2 -
Assigning a static external IP address to a new VM instance https://cloud.google.com/compute/docs/ip-addresses/reserve-static-external-ip-address
Install Nginx/HAProxy on the newly procured VM.
setup config. like below -
upstream heroku-1{
server foda-app.herokuapp.com fail_timeout=15s;
}
server{
listen 80;
server_name yourdomain.example or ip address
location / {
proxy_pass http://heroku-1;
proxy_read_timeout 300;
}
}
Change DNS mapping for your domain(if any) to point to the static IP.
Related
I currently have a Google cloud redis instance running which allows all connections ( ip range 0.0.0.0/0 ) which I would like to secure.
I have an api that is hosted on Heroku that is being forwarded to via a google domain. What I want to know is which ip do I add to the Source Ip ranges field in the google cloud firewall config tab to only allow connections from my API.
There are a few things I am confused about:
I need to specify an IP range, but I'm only going to be connecting to it from one IP ( The domain pointing to my API )
Which IP do I provide? The IP of my domain that is pointing to my API or the IP of the api instance itsself as it is on heroku?
Any help would be great!
Thanks
Heroku itself is hosted on AWS, so it uses a subset of their EC2 range.
Looking at this answer, you could use
heroku regions --json
to find the currently used IP ranges.
Problem with that: they can change!
If you need a static source IP coming from a Heroku app, you might want to use one of the SOCKS5 proxy addons.
But:
There is a performance impact for this cross-datacenter usage between your application and the Redis instance, so actually I would recommend you switching to a Redis instance by Heroku, or at least by a provider that lives inside the same AWS region.
How do I run two Laravel Docker apps on the same server using one container per app and point to two domains?
Both apps are on the same AWS ec2 server
eg:
container one points to -> one.mydomain.com
container two points to -> two.mydomain.com
I'm new to this.
Is it even possible?
an apache solution would be preferable.
Yes, it is a possible and also different way to that and will suggest to use AWS services.
Using AWS load balancer and Host-based routing and different port publish for each app
Nginx
With AWS approach you need to run your container using ECS.
Create Load balancer
Create cluster
Create service
Attached service to Load balancer and update load balancer routing to Host-based routing app1.example.com, will route to app1
Repeat the above step for app2.
The above is the standard way to deal with the container using AWS.
You can read more about this gentle-introduction-to-how-aws-ecs-works-with-example-tutorial and Run containerized applications in production
With Nginx, you need to manage everything for your self.
Run both containers on EC2
Install Nginx
Update Nginx configuration to route traffic based on DNS
Update DNS Entry and will point to EC2 instance public IP, both DNS, for example, app1.example.com and app2.example.com will point to same EC2 instance but the Nginx will decide which app will serve the request.
server {
server_name app1.example.com;
location / {
proxy_pass http://127.0.0.1:HOSTPORT;
}
}
server {
server_name app2.example.com;
location / {
proxy_pass http://127.0.0.1:HOSTPORT;
}
}
I will recommend these two approaches, Nginx over apache but if you are interested you can check this apache-vhosts
I have a .dev domain that requires the website to be hosted using HTTPS.
I am hosting a static website on GCP. For the HTTPS Certificate, I've created one using Letsencrypt and also tried using GCP generated Cert.
I am using a Load-Balancer setup to use the HTTPS cert and serve the static website out of Storage bucket.
However when I go to my site I am told it is not secure. I am currently using GCP generated Cert, waited 12 hours and I get the following error.
How can I fix this so that I don't see it, nor need to add an exception. In this case I am even unable to add an exception with a .dev domain.
Also I have a follow up question. How can I force all HTTP traffic to use HTTPS using the Load-Balancer?
I got this working by doing the following:
Change Load-balancer IP from ephemeral to static.
Add A record of Load-balancer IP to DNS record.
Side note: if you got a Static website working with HTTP, you will also need to change the CNAME entry pointing to c.storage.googleapis.com. to an A record with the IP record of the Load-balancer.
I have created VM instance on google cloud platform in which I have installed NiFi. There are two types of Ip addresses:
1) Internal IP
2) External IP
Now, when I start NiFi services it is hosting its services on Internal IP but when I try to access external IP via local browser I am unable to access it since its a private IP. I tried creating a firewall rule with Ingress option and which will listen to all IP's and port number 8080 but of no use.
So where am I going wrong?? I tried searching for relevant solutions but no luck.
Attaching screenshot of the firewall config:
Please help me with some links / solutions.
Your issue is a misunderstanding of how ip works in google cloud.
You have two types of ip as you stated, internal ip is for communication between the computes instances and services inside the google cloud vpc. The important part is that it works only in google cloud on your project and that is the internal ip of your instance.
External ip is an optional ip that is attributed to the instance to allow external communication, so not from google cloud, as from your browser for example. But this external IP is not really known to your instance, that's what confused you, but don't worry, if you try to access your 8080 port on the external ip you won't have any errors and should see your app.
I solved my problem in below ways:
1) I edited my VM and unchecked allow https traffic option.
2) I changed my NiFi listener port from 8080 to 80 since 8080 is blocked in my organization.
No firewalls added. Atleast it worked for me
I'm trying to connect to ObjectRocket with my Heroku app, I'm running into a little problem where I can't seem to set a static IP (tried Proximo for that).
ObjectRocket requires me to define all IP's connecting to the database, so I need a non-dynamic IP for my heroku app.
How could I create this, or is this not possible with Heroku?
Hello you can use this answer to see how to use NGINX as a reverse proxy.
https://stackoverflow.com/a/27874505/1345865
http://blog.talenox.com/post/107675614745/how-to-setup-static-ip-on-heroku
If in your case where you require a outbound reverse proxy, setup an AWS instance and use NGINX to point it to ObjectRocket as your backend