I hope you have an idea.
I am working with an ActiveMQ Artemis Broker and installed a metrics plugin to use with prometheus and grafana (https://github.com/rh-messaging/artemis-prometheus-metrics-plugin/). Like the instruction says, I added <app url="metrics" war="metrics.war"/> to the bootstrap.xml
We're working with a vendor providing us with the Grafana dashboards as long as we are providing metrics they can work with. The problem is that the vendor wants to access the metrics page (https://activemq:port/metrics) via HTTP and not HTTPS, which is configured in the bootstrap.xml ( <web bind="https://0.0.0.0:port" path="web" keyStorePath=...) Their effort would be disproportionately high to change their system to work with HTTPS now.
Is it possible to configure the jetty-Webserver to serve the console etc. via HTTPS and the URL activemq:port/metrics via HTTP?
I tried to add another web-container in the bootstrap.xml, now binding bind="http://0.0.0.0:port/" and adding the metrics plugin in it but the webserver wasn't happy with two web-containers :/
Thanks for your help :)
This is not currently possible. However, the project could be enhanced to support multiple web instances in bootstrap.xml. Contributions are always welcome.
Related
I have a Flutter Web application that I have deployed on Firebase Hosting.
I have a Django backend that I have deployed on an EC2 instance and is running on http.
I have CORS enabled in the backend, tried accessing endpoints via browsers and it works just fine.
But, when I try to make the same call using FlutterWeb, it fails.
And error type of blocked:mixed content appears. (See image below)
I want to call those HTTP endpoints and I don't want an SSL certificate mess because this is just a college project. How do I fix this?
I am using Dio on Flutter Web to make requests. What would be causing this problem?
EDIT:
I am using Firebase's spark plan, obviously since it's a college project. Do I need to upgrade to the blaze plan to enable Egress traffic? If so, how do I make sure that I won't be heavily charged? Any suggestions? UPDATE: I tried the blaze plan and got the same issue.
The console says
Mixed Content: The page at
'https://xxx.web.app/' was loaded over HTTPS, but
requested an insecure XMLHttpRequest endpoint
'http://xxxx.compute-1.amazonaws.com:8000/menu'. This
request has been blocked; the content must be served over HTTPS.
Any way to bypass this?
Sorry for the basic question (I'm new with gRPC).
Is it possible to use http transcoding without google cloud platform & endpoints?
(Referring to this article: https://cloud.google.com/endpoints/docs/grpc/transcoding)
I'm currently trying to create a mock-application and we are trying to have some sort of frontend with a UI (or can go headless browser in the beg.) that can send HTTP requests to the Extensible Service Proxy, and then ESP will transcode the HTTP request to HTTP2 so that it can be sent as a request to our gRPC services. I think K8s is a bit overkill since we'll only have a few containers (and not too familiar with deployment in k8s).
I'm trying to just use grpc-node, and want to do http mapping in ESP.
Can we just import <import "google/api/annotations.proto";> into our protofile and get this functionality of HTTP mapping?
As mentioned by DazWilkin, your best option would be to use the Envoy Proxy.
If you are used to using Docker, there is a container of the application available here.
Regards,
Frederic
I have a Nuxt.js/NodeJs application hosted on the swisscom cloud (cloudfoundry). Unfortunately all my files are loaded over the http/1.1 protocol and not over http/2.
Previously I had my application hosted on the google cloud and the content was delivered correctly over http/2.
Now my question is, if http/2 is supported on cloudfoundry? And if so, what do I have to do, to get my contents over http/2.
Now my question is, if http/2 is supported on cloudfoundry? And if so, what do I have to do, to get my contents over http/2.
Not when using standard HTTP routes, which go through Gorouter. See this issue for some more background & future path to support this.
https://github.com/cloudfoundry/gorouter/issues/195
In the meantime, you can use TCP routes if you really need to use HTTP/2 on CF. This bypasses Gorouter and allows TCP traffic to go directly to your app. See these two links for more details on TCP routes.
https://docs.cloudfoundry.org/devguide/deploy-apps/routes-domains.html#http-vs-tcp-routes
https://docs.cloudfoundry.org/devguide/deploy-apps/routes-domains.html#create-route
For what it's worth, you need to check with your CF provider/operators to determine if TCP routes are enabled. They are an optional feature. In addition, your org/space quota will need to allow you to create routes.
Hope that helps!
I'm working on sort of prototype project. I have two micro services hosted on separate server with different tech stack. Here are some of the endpoints of it
1 User management
-- /users
-- /user/:id
-- /user/roles
2 Other operations (e.g. managing a book, book details)
-- /books
-- /book/:id
-- /book/:id/history
I'm using GCP for hosting my apps. I have one load balancer pointing to above backend services. I'm trying to use Host and path rules to use both services and it looks like below screenshot.
I would like to access my User management micro service as
dns/user-manager/users
dns/user-manager/user/:id
dns/user-manager/user/roles
and other micro service as
dns/book-manager/books
dns/book-manager/book/:id
dns/book-manager/book/:id/history
but it looks like, it just forwarding above url to particular service directly, so I'm getting 404. And I don't want to add all my routes to load balancer path settings as it will be difficult to maintain. Looking forward to hear some solutions. Thanks in advance.
I understand you want inbound requests to /user-manager/SUB/PATH to be forwarded to user-service and re-written to /SUB/PATH. It sounds like you have got the forwarding to work, but not the rewriting.
Google HTTP/S LB can't do the re-writing for you. You will have to add a reverse-proxy between GCLB and your microservice to rewrite the URLs. For example nginx can do this.
Google now offers URL rewriting which can achieve this.
Say we have hosted a few webservices over over https://mycompany.com/Service
e.g.
https://mycompany.com/Service/Service1
https://mycompany.com/Service/Service2
https://mycompany.com/Service/Service3
As you can see on mycompany.com we have hosted 3 webservices each having their distinct urls.
What we have is a Jboss instance with 3 different web wars deployed in it. When someone hits the service it gets past our firewall and then teh load balancer redirects to Jboss on port 8080 on the requried path and it gets serviced.
the 3 services are consumed by 3 different clients. My question if say Client1 using Service 1 is only given out the url corresponding to it can they use some kind of scanner that can also inform them that Service2 and Service3 are alaso available on mycompany.com/Service?
Irrespective of clients - can anyone simply use some scanner tool to identify what Service Endpoints are exposed on the host?
Kindly note they are a mix of SOAP (WSDL) and Rest based services deployed on same instance of Jboss.
Yes, someone can scan for those endpoints. Their scanner would generate a bunch of 404s in your logs, because it would have to guess the other URLs. If you have some kind of rate limiting firewall, it might take them quite a long time. You should be checking the logs regularly anyway.
If you expose your URL to the public internet, relying on people not finding it is just security via obscurity. You should secure each URL using application-level security, and assume that the bad guys already have the URL.
You may want to consider adding subdomains for the separate applications (e.g. service1.mycompany.com, service2.mycompany.com) - this will make firewalling easier.