GCP app deploy in preview URL - node.js

I started using Google Cloud Platform and been testing some things on it. After deploying the web services (node.js), the GCP provides a URL which actually redirects to a preview URL. Ex- project.appspot.com to project.appspot-preview.com. Due to this, our client side throws 307 status code but not if I use the preview URL directly.
All I want to know is, is it safe to use the preview URL straight away or is there anyway to disable the forwarding?
Need help, thanks in advance.

This is the current behavior of the latest GAE flex environment. From Domain update:
Traffic is now served from the appspot-preview.com domain instead of
the appspot.com domain. All traffic from the App Engine flexible
environment will be automatically redirected to the new domain. All
App Engine Standard traffic will continue to be through appspot.com.
When the App Engine flexible environment is generally available (GA),
users will be able to use the appspot.com or appspot-preview.com
domains for routing traffic.
For users who want to use the latest App Engine Flexible release with
a custom domain, please fill out this form to contact us.

Related

Hide WVD url using Azure services. FrontDoor? AppGW?

we are doing POC for one client of Windows Virtual Desktop service(2020 spring version)
and client requested to hide url that is being used by default: https://rdweb.wvd.microsoft.com/arm/webclient/index.html, there is no customization of this in WVD service., client want to see like: https://customdomainmain.com/arm/webclient/index.html
So trying to do this with FrontDoor or AppGW (ready to hear other solutions as well)
In both cases I get: 'Message: AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application:' searching info for this: suggests to register app in AAD, not sure how but what I tried nothing works.
You can benefit of Azure Functions, which allows you to execute your code in a serverless compute platform and setting your own Custom URL using the corporate domain name. the same idea as myapps.3tallah.com or mail.3tallah.com, for sure it would be up to you to set your preferred subdomain name.
Please refer to this blogpost Configure Custom URL redirection for Windows Virtual Desktop – WVD

Azure Application Gateway, Azure App Service and Form Based Authentication

I'm migrating a complete infrastructure over to Azure; it's been slow going as there's so much to learn and for every two steps forward, there seems to be one step back.
After what seems like an eternity, I think I've got it all sorted with one exception.
The architecture is as follows:
Azure Traffic Manager ==> 2 Azure Application Gateways (geo separated) ==> Azure App Service
A custom domain is used for the traffic manager and the gateways are listening for the same domain and, when the route matches, passing on the requests down to the app service.
The actual app itself is a ASP.NET MVC application and it uses forms authentication; and this is where the challenge happens.
When navigating to the public address: client.domain.com and hitting the website, it determines that the user is not authenticated and sends the browser to the login page... so far so good but, rather than using client.domain.com/login it uses the web-server dns name, so client.azurewebsites.com/login
How do I go about changing the behaviour so that it uses the external DNS name rather than the website name?
I can't setup custom domains on the app service as the only route into the site is via the gateway as this is also the firewall.
Is there some Web Config setting I can make? I'm looking at the outbound rewrite rules but these seem to only work on tags rather than 302 redirects.
Any thoughts would be most welcome.
You need to setup custom dns names on your webapp (you can use TXT record to verify dns name, so i dont see a reason why you can add it to the webapp). or you can alter the code.
In order to solve this problem, I had to make a code change to the web app itself. Not ideal but it worked.
What I had to do was to extend the code that redirects an unauthenticated request to the login page by sniffing for the X-Original-Host HTTP Header that the App Gateway forwards on. This contains the public facing DNS name. If the header is present and it is on a pre-approved white-list (so as to prevent any hijacking), then redirect the user to the login page for this domain, rather than the one the server is listening on directly (so use client.domain.com rather than client.azurewebsites.com)

Google App Engine ManagedSSL Not Working

I'm using Google App Engine to host my web application Here's the app.yaml config I'm using, using a domain that I bought through GoDaddy to set the custom domain. I've successfully set the custom domain, and the console shows that the ManagedSSL is working, when I visit the site it's still not working The console showing the ssl for the custom domain is working. The appspot.projectid.com site does have the https working but the custom domain does not.
I've followed the tutorials provided by Google Cloud, and others on medium but this issue persists. Do I need to set something on the DNS to allow the ManagedSSL to work?
As you stated, acording to this post, secure: always still works in all standard environments, but the secure option has been deprecated in all flexible environments, see documentation here or here for Node.js.
If you need this feature in your current environment, the suggested solutions require changes to your application code. Either use the custom HTTP header X-Forwarded-Proto to redirect the HTTP traffic to HTTPS, or use the HTTP Strict Transport Security response header.

Multi-domain Routing and SSL on Node.js

I have a Node.js app that serves http requests. Users can signup, create an account and when they do, I generate a subdomain for them to use. eg username.example.com. This is fairly straight forward to do and can be served over ssl using a single certificate.
I would like to give the option for the user to use their own domain. From Node.js this isn't too difficult either. I can check the hostname and look up the account details from there.
I'm struggling to work out how to generate ssl's for these custom domains though.
Right now, my app runs on Heroku, but I also have a staging build on Google's App Engine, so I don't deal with the web server directly. In fact, I don't even know what it is, it could be Nginx or Apache.
To keep the conversation focused, let's stay I want to stick to app engine. When a user adds their own domain, I store it in the database. How would I auto generate an SSL for this?
I thought of general steps for this, but there is one showstopper which I'm not sure it is possible to workaround. The steps will be:
Map the user's domain to your application and configure the DNS records. You can do that with the gcloud commands: steps and general description outlined in this Mapping Custom Domains docs page (notice that you can switch between Console and GCloud in the boxes). There is also a possibility of doing that within the Cloud Console, however as you've mentioned you're interested in the programmatic approach. If you prefer to configure the custom domain from the API, the same functionality exists in App Engine Admin API with its REST resource for domain mappings.
Possible showstopper (source: Mapping Custom Domains) :
Verify that you are the owner of your domain through Webmaster Central
After that, App Engine provisions a managed certificate and then handles renewing/revoking it. Securing Custom Domains with SSL is still in beta, but it offers the functionality that you need.

Is Azure or Google Cloud natively support to serve content using custom domain over https

I'm trying to serve my cloud storage content using custom domain over https. Currently, I'm using Amazon S3 with CloudFront to deliver the content using custom domain over https. But S3 with CloudFront is costly, So I'm now searching for an alternative.
Is Azure or Google Cloud natively support to serve content using custom domain over https. Without using CDN?
At the moment, google cloud storage only support HTTP. As per documentation To serve your content through a custom domain over SSL, set up a load balancer, use a third-party Content Delivery Network with Cloud Storage, or serve your static website content from Firebase Hosting instead of Cloud Storage.
I was able to find this blog which might help you on the setup.
With that being said, if you are looking for functionality like this you may also try with App Engine, as by default, HTTPS connections on your custom domain will automatically be enabled using managed SSL certificates. You can visit this link for more details. Also, there is a there is a feature request submitted to support auto managed SSL with GCLB.
Is Azure or Google Cloud natively support to serve content using
custom domain over https. Without using CDN?
Azure allows you to map a custom domain to your blob storage endpoint. Using this, you can serve the content stored in blob storage using a custom domain. You can read more about it here: https://learn.microsoft.com/en-us/azure/storage/blobs/storage-custom-domain-name
However please note that this will not work over https. For https, you will need to use Azure CDN.
The OP's needs will be met by using Firebase as mentioned in passing by #KarthickN.
Firebase is a Google product which deploys your own domain name site automatically through SSL (https). You can first push your site onto one of the remote git repositories and use CI/CD for Firebase to deploy. You don't need to worry about CDN as firebase will use Google's global edge servers. Small usage is free then move onto paid plans as your needs grow plans
I answered a similar question here.

Resources