I have started using Heroku's addon for ElasticSearch, Bonsai. I want to create a backend search for several categories on my website. Since this is a backend only service, and may contain sensitive information, how do I limit the IP addresses connecting to the Bonsai server that Heroku has provided me to only the IP address/range of my web servers.
Note that my web servers are running on private hardware and are not hosted on a cloud service. I am also not using any other web service on Heroku, so I prefer not to use a Ruby answer to this.
I ended up working with the Bonsai team to set up a custom solution on their end that required a username and password combination to access any data on my hosted search.
Related
I currently have a Google cloud redis instance running which allows all connections ( ip range 0.0.0.0/0 ) which I would like to secure.
I have an api that is hosted on Heroku that is being forwarded to via a google domain. What I want to know is which ip do I add to the Source Ip ranges field in the google cloud firewall config tab to only allow connections from my API.
There are a few things I am confused about:
I need to specify an IP range, but I'm only going to be connecting to it from one IP ( The domain pointing to my API )
Which IP do I provide? The IP of my domain that is pointing to my API or the IP of the api instance itsself as it is on heroku?
Any help would be great!
Thanks
Heroku itself is hosted on AWS, so it uses a subset of their EC2 range.
Looking at this answer, you could use
heroku regions --json
to find the currently used IP ranges.
Problem with that: they can change!
If you need a static source IP coming from a Heroku app, you might want to use one of the SOCKS5 proxy addons.
But:
There is a performance impact for this cross-datacenter usage between your application and the Redis instance, so actually I would recommend you switching to a Redis instance by Heroku, or at least by a provider that lives inside the same AWS region.
I am making requests to the Google Geocoding API within my node project. In production the project is running on Containers (AWS Elastic Container Service) which means the IP address for the service can change automatically - this means that I constantly have to update the IP whitelist in my Google API Key.
IP whitelisting is the only means by which I can secure the API Key. Furthermore, if I don't secure it then the key shortly becomes useless because of unauthorized use from another source.
Is there a practical solution to securing the connection with the Geocoding API from an application running on containers?
Thanks in advance for your help!
When you create your key for the Geocoding API you can simply add no website restrictions. The security implication is that your key is now usable from anywhere so the import of keeping it safe is a bit higher.
I'm building a small web application for a personal project. It will be an Angular web application which will talk to a Spring-Boot service layer which in turn will read/write stuff to MongoDb.
I hope to host all this on a single EC2 instance in AWS. My question is how to configure a web server (like Apache but doesn't have to be) to 'beautify' the URLs a bit. Example, without touching anything angular will run at something like host:4200 and the service layer at host:8080. I will then have to map a proper domain to host in AWS, but the hiding of ports etc is where it gets murky for me.
I want to be able to hit my web app at domain.com (no ports etc) and I also want my service layer to ideally have a similar setup e.g. domain.com/service (no ports etc).
How do I configure a webservice to do this for me? Examples or pointers to specific examples would be ideal, but even a pointer to the right documentation will be helpful.
This thread is kind of similar to what I want but not too helpful: How to deploy Spring framework backend and Angular 2 frontend application in any online server?
You can use a setup with AWS CloudFront as reverse proxy and CDN cache. You can map the Domain Name and SSL Certificates(You can use AWS issued free SSL Certificates through AWS Certificate Manager) to CloudFront while the EC2 instance is plugged as an origin behind CloudFront as shown in the following diagram.
In the diagram I have optionally added, which is a common practice in designing applications in AWS.
Hosting the Angular App in S3
Using Autoscaling & Loadbalancing for EC2 instances.
You need to use Apache or other web server as a reverse proxy. Start here -
https://devops.profitbricks.com/tutorials/configure-apache-as-a-reverse-proxy-using-mod_proxy-on-ubuntu/
You then will need to setup a custom domain name. The easiest option is to just use an ELB (now called Classic Load Balancer). More details are here -
http://docs.aws.amazon.com/elasticloadbalancing/latest/classic/using-domain-names-with-elb.html
I have recently installed PHP, MySQL Server, and Apache web server. I played around with some PHP scripts locally on the PC to insert some entries to MySQL Database.
Noob question so please be patient with me:
How do I get my web service out to the internet, by self hosting? Say I already have a domain for example mydomain.com How do I make it so that when someone not within my network can access mydomain.com/something and can send some data so my server gets it and do anything with that data?
Webhosting
You have to have some form of webhosting. You pay for hosting and you can upload your PHP files to their servers. They will usually also have database servers you can use.
Your domain name has to point to those servers via DNS so the internet can reach your application. I'd suggest you search the internet for popular hosts that provide the tools your need for this.
Self hosting
Another possibility is to open your network up to the world, but this is not recommended unless you have network administration experience due the security trouble that comes with it.
In short: forward a port through your router to the machine running your application. The website portforward.com has instructions on how to do this but keep in mind that misconfiguration could lead to vulnerabilities in your network.
In order to make you site public
1. you need host
2. you need domain
there are bunch of hosting sites you should get one first.
This link explains very well about self hosting
https://www.boutell.com/newfaq/creating/hostmyown.html
I currently have a SQL Database and REST API residing on an in house development server. When on the premises my Mac uses a Reverse Proxy (in Apache) to connect and use the REST API on the in house development server. This is to avoid CORS issues. The reverse proxy looks like the following:
ProxyPass /api/ http://192.168.1.250:80/
I wish to move the in house SQL Database and REST API to a Windows Azure Virtual Machine.
Is it possible to do this/is this a viable solution to accessing the REST API remotely? When publishing a website in IIS on a Windows Azure VM access is allowed via a cloudapp.net domain. Is it possible to access the site via an IP address?
I have looked into setting up a VM with a static IP but I am unsure if this would actually solve the above problem - so before spending any more time on this it would be great if someone better versed in this area could chime in!
Any help and guidance is greatly appreciated.
Thanks,
Rich