I have the following (python3.7) Cloud Function written that return "Hello":
https://us-central1-first-outlet-750.cloudfunctions.net/test
I would like to route a domain to this IP. So that someone can use our company URL instead of having to remember the long Google URL to enter in. For example, the a user to be able to enter in:
https://mycompany.com/test
And it to route to the Google URL. What would be the cleanest way to achieve this? For example, some options are:
Set up some flask server and redirect to the GCF url (though sort of defeats the purpose of "auto-scale" as all the IP requests have to route through our own apache server.
Set up some kind of API Gateway so that it routes traffic to that. Is it possible to do this in GCP? If so, how can I do that?
Here's a similar question, but is more in line with function egress rather than what I'm looking to do: Possible to get static IP address for Google Cloud Functions?
You can do this with Firebase Hosting integration with Cloud Functions. You will have to connect your domain to Firebase Hosting, then set up a rewrite rule to proxy a URL pattern to your function.
Related
I have a cloud run service behind an HTTPS external load balancer. I'm seeing a number of path scanning style requests (e.g. "/owa", "/admin") that are trying to find vulnerabilities. None of these are supplying a host header.
To reduce unnecessary startups of my cloud run container, and to minimise exposing information to random IP address scanners, I'm trying to find a way to reject requests to my load balancer that are missing a host header.
What I had hoped to do was to respond with a static 403 forbidden style response. However, from the documentation this isn't possible. The best I have come up with is specifying a "Default URL Redirect" in my url map to send all traffic to google.com that doesn't match any host rule in my url map. This works, but seems clunky and perhaps not appropriate.
Is it possible to send a static response - or is it only possible to redirect? Is there a better way to solve this?
The correct answer from a GCP product perspective:
Use a Cloud Armor rule to effect the desired behaviour
This allows you to control a range of aspects of the response.
Alternate options you could consider:
Create an empty bucket and have that as the default backend.
A barebones nginx service on cloud run as the default backend that returns your desired status code.
I'm running a backend app with several endpoints on Cloud Run(fully-managed). My endpoints are publicly available by its nature so I don't want to authenticate users through my client app hosted on Netlify.
What I do need is to restrict access to my endpoints so that other applications or malicious users can't abuse it. It is not about scaling, I just don't want to exceed the Free Tier limits since it is a demo of an opensource application.
I've already set the concurrency and max instance limits to minimum but this alone is not enough. There is also a product named Google Cloud Armor but it seems an expensive one, not free.
I was expecting to have a simple built-in solution for this but couldn't find it.
What other solutions do I have? How can I block the traffic coming out of my website on Netlify?
You don't have a lot of solution:
You don't want to authenticate your users -> so you need to rely on the technical layers
Netlify is a serverless hosting platform, you don't manage servers/IPs -> So you need to rely on the host name
To filter on the host name, you can use 2 products
External HTTPS only (about $15 per month) with url path matching.
Default URL land on a dummy service
Only request where the host matches your netlify host name are redirected to your backend
Use Cloud Armor on top of External HTTPS load balancer ($15 + Cloud Armor policy x traffic volume). The time, the load balancer redirect the default URL to the correct backend and Cloud Armor check the request origin.
The problem is that this weak solution is easy to overpass. Perform a simple curl with the host as header, and HTTPS Load Balancer and Cloud Armor think that is the correct origin
curl -H 'Host: myNetlifyHost.com' ....
The highest protection is the authentication. Google Cloud itself say: "Don't trust the network".
I am trying to set up a custom domain name for a Google Cloud Project and am very confused by the whole process. I just need an A record, but the only way I know how to find those is by going through the steps here: https://cloud.google.com/appengine/docs/standard/php7/mapping-custom-domains#mapping_a_custom_domain_to_your_app
Why do I need to go through all these steps to simply get the A record for my site? Like why do I need to verify a specific domain? I have my own DNS and just need to point it at a specific A record.
Most Google Cloud services have a proxy load balancer in front of them call the GFE (Google Front End). In order to know which service to route a request to, the GFE uses the HTTP Host header. You need to go through that process so that Google has an internal table mapping an IP address to a custom domain (via the Host header), which then maps to a Google Cloud service.
You are required to verify ownership of a domain to prevent domain hijacking. Imagine that I decide to use microsoft.com. Google requires that I prove I control the domain microsoft.com before allowing me to create a custom domain.
I'm trying to set up a wildcard domain on Google Cloud Functions. I've seen here that it's doable for Google App Engine. But how to do it for Google Cloud Functions?
Let's say the wildcard is *.singlelisting.co. I would like to reach a function named bigben from any of these subdomains 6.singlelisting.co or ns324.singlelisting.co.
So a user would reach bigben by visiting https://6.singlelisting.co/bigben or https://ns324.singlelisting.co/bigben
As far as I know the only way to get a custom domain for Cloud Functions is through Firebase Hosting.
Firebase Hosting does not support wildcard domain mappings, due to its reliance on letsencrypt.org for SSL certificates.
I recently hosted a site in google cloud. For that, I've created a bucket named www.mydomain.com And I've followed all the steps and the website is working fine if I put URL like www.mydomain.com but not when I put mydomain.com without www. What is the best way to achieve this? How can I make the URL mydomain.com work?
Thanks in advance
This setting has to be made on your domain registration service, not on Google Storage side.
In your DNS settings, you will have to redirect domain.com to www.domain.com. Note that being able to do this will depend on your provider.
If that is not an option you could use a Compute Engine instance free tier or App Engine to redirect the requests from yourdomain.com to www.yourdomain.com
Also, CDN is used for caching content so I don't think you have your CNAME there, maybe you are referring to Cloud DNS?
If that is the case, you will not be able to do the redirect just using Cloud DNS so you will have to use one of the other options