Using the App Engine Flexible Environment, I'm preparing to deploy an Angular 4 client and am looking into Cloud Endpoints to handle my node.js/express microservices as it seems to simplify securing and authenticating endpoint requests, and I wanted to clarify a few things:
Do I use cloud-endpoints as an API Gateway which routes requests to the individual microservice backends or are the microservices supposed to be built as individual endpoints-apps themselves?
Do I host the Angular 4 app statically (server agnostic), and make endpoint requests directly to the Gateway/microservice from the ng client, or is the app hosted through a server framework (e.g. node.js/express) which then passes on the request along to the Gateway/microservice
Endpoints is an API gateway, but it currently only routes to a single backend. On Flex, it's whatever app you deploy. The Endpoints proxy sits in front of your backend, transparently to the client, and the client requests will pass through the gateway. See the docs for how to set up your Flexible environment.
In conjunction with a dispatch.yaml directive to handle routing, you can use GCE as a gateway to multiple microservices running as services in a given project.
You can call the services directly or proxy through a server.
Related
I'm fairly new to developing with multiple tech stacks so I was wondering if it was possible to combine the two together?
For example, with an express backend that already maps requests like /about and /contact I want to have a spring application that maps a request for /service in its MainController and use other classes like MainService.java.
I currently have a social-media type of application built on Node and an AWS image upload app built with Spring so I was curious if it was possible to connect these two apps so that users can upload images using the Spring app.
If this is possible, what other benefits can it provide? or is it bad practice?
If the two applications are restful u can turn in micro-services Architecture to use a service discovery which can recognize the two applications and another application to be the Api gateway that can play the role of proxy to redirect requests.
multiple languages micro-services
service discovery
api gateway.
Otherwise if u are apps are not restful u can simply make a http requests to link them.
I'm using microservices technic with node js and express, i used API Gateway(node js service that support https) that transfer the api requests to the other services, also i'm using SocketIO as a node js service.
I would like to know what will be the best way to securely connect to the socket IO service from the client if i used API Gateway technic.
There is two approach that i'm considered:
Use the socketIO service as a independent service without go through from API Gateway.
some way to transfer from API Gateway to socketIO service
Any advise from someone that solved this case?
I have a GraphQL server using graphql-yoga based on an Node JS express server running on Google App Engine.
Basically, the server exposes an HTTP endpoint with a single route accepting POST requests returning a JSON result, which is consumed by a mobile application.
It doesn't handle user authentication.
From what I understand, it is possible to use Google Cloud Endpoints to deploy an ESP (Extensible Service Proxy) in front of my server in App Engine.
It exposes an API with a secure endpoint that handles user authentication via Firebase Auth, Auth0 or Google Sign In.
Are my assumptions correct? I've deployed both with an open API specification that contains the right secure parameters but, without any bearer token, all requests are accepted.
Reference documentation: https://cloud.google.com/endpoints/docs/openapi/authenticating-users
ESP cannot run in front of your application on App Engine Standard the same way it can on App Engine Flex. That mostly has to do with the difference in architectures of those runtimes --- App Engine Flex is based on deploying containers (including multiple at a time), whereas App Engine Standard does not currently support multi-container deployments.
Because of this, we have the Endpoints Frameworks that add similar functionality as a library for applications based on App Engine Standard --- but this is only supported for the Python and Java runtimes.
Unfortunately, this means that if you're sticking with the combination of Node + App Engine Standard, there isn't currently a way to use Cloud Endpoints.
I am using Spring Cloud ZUUL as gateway to all downstream services.
I now have a NodeJS based service which I also route using Spring Cloud ZUUL and Spring Cloud SideCar.
The NodeJS based service references some static content, images,css and also javascript.
When ZUUL is routing the request to NodeJS via the SideCar, I see the static content and javasript files are not been downloaded.
The url for them points to the host and port of ZUUL instance, instead of the host and port of the actual downstream service. So, it seems like I need to add some configuration to route to the static resources within the downstream app, in this case, NodeJS app or something similar.
Can someone help me with the right way to approach this issue.
active blocking sensitive headers
routes:
node-service:
sensitiveHeaders: Cookie,Set-Cookie
I have some doubts about which is the most appropiate way to allow access to my company backend services from public Clouds like AWS or Azure, and viceversa. In our case, we need an AWS app to invoke some HTTP Rest Services exposed in our backend.
I came out with at least two options:
The first one is to setup an AWS Virtual Private Cloud between the app and our backend and route all traffic through it.
The second option is to expose the HTTP service through a reverse proxy and setup IP filtering in the proxy to allow only income connections from AWS. We donĀ“t want the HTTP Service to be public accesible from the Internet and I think this is satisfied whether we choose one option or another. Also we will likely need to integrate more services (TCP/UDP) between AWS and our backend, like FTP transfers, monitoring, etc.
My main goal is to setup a standard way to accomplish this integration, so we don't need to use different configurations depending on the kind of service or application.
I think this is a very common need in hybrid cloud scenarios so I would just like to embrace the best practices.
I would very much appreciate it any kind of advice from you.
Your option #2 seems good. Since you have a AWS VPC, you can get an IP to whitelist by your reverse proxy.
There is another approach. That is, expose your backends as APIs which are secured with Oauth tokens. You need some sort of an API Management solution for this. Then your Node.js app can invoke those APIs with the token.
WSO2 API Cloud allows your to create these APIs in the cloud and run the api gateway in your datacenter. Then the Node.js api calls will hit the on-prem gateway and it will validate the token and let the request go to the backend. You will not need to expose the backend service to the internet. See this blog post.
https://wso2.com/blogs/cloud/going-hybrid-on-premises-api-gateways/