I'm using microservices technic with node js and express, i used API Gateway(node js service that support https) that transfer the api requests to the other services, also i'm using SocketIO as a node js service.
I would like to know what will be the best way to securely connect to the socket IO service from the client if i used API Gateway technic.
There is two approach that i'm considered:
Use the socketIO service as a independent service without go through from API Gateway.
some way to transfer from API Gateway to socketIO service
Any advise from someone that solved this case?
Related
How to connect these three microservices to api gateway. And this API gateway must be in nestjs with kafka server. So how can i connect apigateway and microservices.
I am not getting how to connect this services which are made in node and api gateway in nest.
The services are:
1-ms-authentication
2-ms-notification
3-ms-application
There is one API gateway which is nest-kafka-api-gateway.
Is it possible to connect api gateway in nest and this applications are in node??
I think you can use Nestjs "Hybrid application" as gateway. NestJS Hybrid application
I'm not entirely new to MS Azure, but I am new to its API Management Service. I am trying to get an understanding of how the routing works between the client, the APIMS, and the backend APIs, but somehow can't seem to find what I'm looking for within Microsoft's documentation.
So here's what we have and what I understand:
We have multiple APIs that we host on Azure as App Services. And those APIs are added to the APIMS, which we are using as a gateway. The APIMS's Inbound policies on each API specifies the backend service as that App. But that's all I know.
So when a client, say an application running on someone's computer, sends a request to one of those APIs, how does its request URL end up routing through the gateway? And how does that all relate?
the request URL is made up as follows:
[name of your APIM service].azure-api.net/[name of api]/[api method]/[querystring]
example:
https://myapimanager.azure-api.net/myapi/getstudent?id=1
https://myapimanager.azure-api.net/myotherapi/getsomethingelse?name=bubbles
Using the App Engine Flexible Environment, I'm preparing to deploy an Angular 4 client and am looking into Cloud Endpoints to handle my node.js/express microservices as it seems to simplify securing and authenticating endpoint requests, and I wanted to clarify a few things:
Do I use cloud-endpoints as an API Gateway which routes requests to the individual microservice backends or are the microservices supposed to be built as individual endpoints-apps themselves?
Do I host the Angular 4 app statically (server agnostic), and make endpoint requests directly to the Gateway/microservice from the ng client, or is the app hosted through a server framework (e.g. node.js/express) which then passes on the request along to the Gateway/microservice
Endpoints is an API gateway, but it currently only routes to a single backend. On Flex, it's whatever app you deploy. The Endpoints proxy sits in front of your backend, transparently to the client, and the client requests will pass through the gateway. See the docs for how to set up your Flexible environment.
In conjunction with a dispatch.yaml directive to handle routing, you can use GCE as a gateway to multiple microservices running as services in a given project.
You can call the services directly or proxy through a server.
I have some doubts about which is the most appropiate way to allow access to my company backend services from public Clouds like AWS or Azure, and viceversa. In our case, we need an AWS app to invoke some HTTP Rest Services exposed in our backend.
I came out with at least two options:
The first one is to setup an AWS Virtual Private Cloud between the app and our backend and route all traffic through it.
The second option is to expose the HTTP service through a reverse proxy and setup IP filtering in the proxy to allow only income connections from AWS. We donĀ“t want the HTTP Service to be public accesible from the Internet and I think this is satisfied whether we choose one option or another. Also we will likely need to integrate more services (TCP/UDP) between AWS and our backend, like FTP transfers, monitoring, etc.
My main goal is to setup a standard way to accomplish this integration, so we don't need to use different configurations depending on the kind of service or application.
I think this is a very common need in hybrid cloud scenarios so I would just like to embrace the best practices.
I would very much appreciate it any kind of advice from you.
Your option #2 seems good. Since you have a AWS VPC, you can get an IP to whitelist by your reverse proxy.
There is another approach. That is, expose your backends as APIs which are secured with Oauth tokens. You need some sort of an API Management solution for this. Then your Node.js app can invoke those APIs with the token.
WSO2 API Cloud allows your to create these APIs in the cloud and run the api gateway in your datacenter. Then the Node.js api calls will hit the on-prem gateway and it will validate the token and let the request go to the backend. You will not need to expose the backend service to the internet. See this blog post.
https://wso2.com/blogs/cloud/going-hybrid-on-premises-api-gateways/
I have a rest service that I need to use in a browser web application using a JS MVC client framework like Backbone or Angular. But I need to ensure that my rest services are not exposed or anyone else may not be able to use my rest service to build apps on any device/client. Earlier I thought of protecting my web service using authentication credentials and hiding it behind a proxy and let the proxy serve html instead of service.
But I would like to know how can I secure my web service if I have to use it directly from front-end using ajax calls.