Google cloud compute - forward http to https - google-compute-engine

I'm on google cloud compute engine with a go webserver (no apache or nginx). I want to forward all http requests to https. My go code has ListenAndServe on port 8080 and the binary runs on port 3000 as https. This was accomplished using below.
gcloud compute forwarding-rules create pgurus --global --address
xxx.xxx.xxx.xxxx --ip-protocol TCP --ports=3000 --target-http-proxy
TARGET_HTTP_PROXY
Thanks in advance!

You can send back a 301 response when you receive an HTTP request. Google Cloud load balancer will set the X-Forwarded-Proto HTTP header with either the value HTTP or HTTPS. See this answer for details:
https://serverfault.com/a/735223
The HTTP response status code 301 Moved Permanently is used for
permanent URL redirection, meaning current links or records using the
URL that the response is received for should be updated. The new URL
should be provided in the Location field included with the response.

Related

How to get the complete request url with user-id in kuberenetes ingress for grpc backend?

If the request to ingress was made using url grpc://username#ingresshost.domain.com
With grpc, we cannot use external auth url etc? how can I get the complete request url in kubernetes ingress that contains the username as well?

OpenShift route to return a 308 Permanent Redirect

If I set an OpenShift route with insecureEdgeTerminationPolicy to Redirect.
Client will be able to redirect http to https.
They will receive a 302 Found (temporary redirection).
Does route offer the the possibility to tune this behavior and returns a 308 Permanent Redirect instead (or 301)?

how is the traffic to the openshift_cluster_hostname is redirected to the openshift web console

Question 1 :
1.1. who is sitting behind the "openshift_master_cluster_public_hostname" hostname ? is it the web console ( web console service ? or web service deployment ) or something else ?
1.2. when doing oc get service -n openshift-web-console i can see that the web console is runnung in 443 , isn't it supposed to work on port 8443 , same thing for api server , shouldn't be working on port 8443 ?
1.3. can you explain to me the flow of a request to https://openshift_master_cluster_public_hostname:8443 ?
1.4. in the documentation is
Question 2:
why i get different response for curl and wget ?
when i : curl https://openshift_master_cluster_public_hostname:8443 , i get :
{
"paths": [
"/api",
"/api/v1",
"/apis",
"/apis/",
"/apis/admissionregistration.k8s.io",
"/apis/admissionregistration.k8s.io/v1beta1",
"/apis/apiextensions.k8s.io",
"/apis/apiextensions.k8s.io/v1beta1",
...
"/swagger.json",
"/swaggerapi",
"/version",
"/version/openshift"
]
}
when i : wget https://openshift_master_cluster_public_hostname:8443 i get an index.html page.
Is the web console answering this request or the
Question 3 :
how can i do to expose the web console on port 443 rather then the 8443 , i found several solution :
using variables "openshift_master_console_port,openshift_master_api_port" but found out that these ports are ‘internal’ ports and not designed to be the public ports. So changing this ports could crash your OpenShift setup
using an external service ( described here )
I'm kind of trying to setup port forwarding on an external haporxy , is it doable ?
Answer to Q1:
1.1. Cite from the documentation Configuring Your Inventory File
This variable overrides the public host name for the cluster,
which defaults to the host name of the master. If you use an
external load balancer, specify the address of the external load balancer.
For example:
> openshift_master_cluster_public_hostname=openshift-ansible.public.example.com
This means that this Variable is the Public facing interface to the OpenShift Web-Console.
1.2 A Service is a virtual Object which connects the Service Name to the pods and is used to connect the Route Object with the Service Object. This is explained in the documentation Services. You can use almost every port for a Service because it's virtual and nothing will bind on this Port.
1.3. The answer depend on your setup. I explain it in a ha-setup with a TCP loadbalancer in front of the masters.
/> Master API 1
client -> loadbalancer -> Master API 2
\> Master API 3
The Client make a request to https://openshift_master_cluster_public_hostname:8443 the loadbalancer forwards the Client to the Master API 1 or 2 or 3 and the Client get the answer from the requested Master API Server.
api server redirect to console if request come from a browser ( https://github.com/openshift/origin/blob/release-3.11/pkg/cmd/openshift-kube-apiserver/openshiftkubeapiserver/patch_handlerchain.go#L60-L61 )
Answer to Q2:
curl and wget behaves different because they are different tools but the https request is the same.
curl behavior with wget
wget --output-document=- https://openshift_master_cluster_public_hostname:8443
wget behavior with curl
curl -o index.html https://openshift_master_cluster_public_hostname:8443
Why - is described in Usage of dash (-) in place of a filename
Answer to Q3:
You can use the OpenShift Router which you use for the apps to make the Web-Console available on 443. It's a little bit outdated but the concept is the same for the current 3.x versions Make OpenShift console available on port 443 (https) [UPDATE]

Google Drive Api: receive push notifications on local environment

I'm interested in receive changes notifications form google drive api.
In order to receive notifications you have to make an http request with the addess where notifications have to be received:
Example:
POST https://www.googleapis.com/drive/v3/changes/watch
Authorization: Bearer auth_token_for_current_user
Content-Type: application/json
{
"id": "4ba78bf0-6a47-11e2-bcfd-0800200c9a77", // Your channel ID.
"type": "web_hook",
"address": "https://somedomain.com/notifications", // Your receiving URL.
...
"token": "target=myApp-myChangesChannelDest", // (Optional) Your channel token.
"expiration": 1426325213000 // (Optional) Your requested channel expiration time.
}
As you can see, I'm setting that google sends push notifications at "https://somedomain.com/notifications".
Nevertheless, I'm on a local/development behavior environment and I would need to receive notifications on my local ip.
Is there any alternative.
You could use something like ngrok, or localtunnel. To install them just follow their links.
They allow you to expose your localhost to the world for testing.
Ngrok example: ngrok http <local-server-port>
Localtunnel example: lt --port <local-server-port>
You could use localtunnel and set up a subdomain that is stable to your development and use it to verify the domain in google verification.
There is a command that sets your subdomain statically
lt --port 8000 --subdomain {subdomain name here}
and then I verified the domain in Google through downloading a verification file (More on this during verification).
You should not get a domain and use it during development just to verify with google or any other service. It will only increase complexity

XMLHttpRequest cannot load http://localhost:9090/receive. No 'Access-Control-Allow-Origin' header is present on the requested resource

I am opening a html file through nginx server and then the html file passes the "POST" request from the dropzone to the nginx server which then proxy_pass to my go server.This go server then accepts the request.
But when i try to use my html file and drop something in the dropzone i get the error :
XMLHttpRequest cannot load http://localhost:9090/receive. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:9009' is therefore not allowed access.
PLease help me out.
In your error above you have the page loading from http://localhost:9009 requesting to http://localhost:9090/. These are different origins according to the Same Origin description here: https://www.rfc-editor.org/rfc/rfc6454#section-5
The origins must match:
scheme
host
port
For you the the scheme and host are the same, but the ports are different. Thus you will need to add the CORS headers to allow the caller to call your server on http://localhost:9090.