I have a load balancer setup with two clusters, each with a few balancer members. What I need to do is send traffic from a web browser (or GET requests) to one cluster and traffic from anything else (like api calls, so python, postman, etc, or POST requests) to another cluster. The urls used for both requests are the same.
I also may be making this more complicated than it needs to be. I have one load balancer that sends the traffic to another load balancer that strips ssl for tcpdumps, and the 2nd load balancer sends the request on to the app. The problem with this is when viewed in a browser all of the links on the page are converted to http links when I need them to stay as https links.
What I would like is to have some way to determine which type of traffic (via browser or method) at load balancer one and if it's a browser or a GET send it to the app cluster, otherwise send it to the cluster of the second load balancer for capture (and then on to the app) OR have all links from the 2nd load balancer returned as https.
Related
I'm adding a google load balancer and the ssl will take a while to provision and propagate. Is there a way that I can put up a server maintenance page while waiting for the propagation to complete?
I can put up a server maintenance page while waiting for the
propagation to complete?
No. Until the propagation completes, users cannot get past the load balancer to see your maintenance page.
Note: The HTTP and HTTPS listeners operate independently. This means that if you configure the HTTP listener before configuring the HTTPS listener, in most cases, HTTP traffic will continue to flow to the backends while the HTTPS listener is configured - unless your domain is using HSTS or permanent HTTPS redirects.
I have multiple one page apps (static sites) in buckets on google cloud storage.
Each app can access the information it needs from one API running on a google app engine.
I can serve the one page apps by pointing the CName of each domain to c.google.storage.com, but it doesn't serve it over HTTPS, just HTTP.
My question is:
1) why does google storage not serve contents of buckets via HTTPS if I use a custom domain?
2) How can I serve content on google cloud storage via HTTPS?
NOTE: From my basic understanding of google load balancers, I can serve the content of buckets via HTTPS if I point the domain to the load balancer, but then I would need a load balancer for each app. Those load balancers are too expensive. Is it possible to have one load balancer for all apps maybe?
You don't need a load balancer for each app. You can add multiple backends to a single load balancer and each backend can be connected to a separate storage bucket (that would be app specific). You can then add a hostname mapping on the load balancer per application, that will proxy requests to the correct backend bucket based on the Host-header in the request. You can also add path mapping to these rules if necessary.
You can achieve with only one HTTPS load balancer. create the LB and add each storage bucket as a backend bucket in the loadbalancer. Don't forget to create your bucket with the DNS name (e.g bucket1.mycompany.com, bucket2.mycompany.com etc). Add a wildcard A record in your DNS entry pointing to external IP of LB.
This maybe isn't the answer you are looking for, but I recommend Firebase Hosting (https://firebase.google.com/docs/hosting) to host single-page sites (React, Vue, etc) on GCP.
I read an awesome post on application server vs. webserver at What is the difference between application server and web server?. Moreover, Difference between proxy server and reverse proxy server nicely explains what a proxy server is.
I also learned that some web servers, such as Apache, have reverse proxy built-in. (Source). Also, Wikipedia (https://en.wikipedia.org/wiki/Reverse_proxy) has an image that shows webserver and reverse proxy as separate entities.
Source: https://en.wikipedia.org/wiki/Reverse_proxy (image originally via Privacy Canada, now CC0, license info)
So, I am not sure about the difference between webserver and reverse proxy. Can someone please shed the light?
A web server listens for HTTP requests and reacts to them by sending back an HTTP response.
A reverse proxy is a web server which determines what response to make by also implementing an HTTP client.
Client A makes an HTTP request to the reverse proxy. The reverse proxy makes an HTTP request to Server B. Server B sends an HTTP response to the reverse proxy. The reverse proxy sends that data as its HTTP response to client A.
A proxy server is a go‑between or intermediary server that forwards requests for content from multiple clients to different servers across the Internet. A reverse proxy server is a type of proxy server that typically sits behind the firewall in a private network and directs client requests to the appropriate backend server. A reverse proxy provides an additional level of abstraction and control to ensure the smooth flow of network traffic between clients and servers.
Common uses for a reverse proxy server include:
Load balancing – A reverse proxy server can act as a “traffic cop,” sitting in front of your backend servers and distributing client requests across a group of servers in a manner that maximizes speed and capacity utilization while ensuring no one server is overloaded, which can degrade performance. If a server goes down, the load balancer redirects traffic to the remaining online servers.
Web acceleration – Reverse proxies can compress inbound and outbound data, as well as cache commonly requested content, both of which speed up the flow of traffic between clients and servers. They can also perform additional tasks such as SSL encryption to take load off of your web servers, thereby boosting their performance.
Security and anonymity – By intercepting requests headed for your backend servers, a reverse proxy server protects their identities and acts as an additional defense against security attacks. It also ensures that multiple servers can be accessed from a single record locator or URL regardless of the structure of your local area network.
A web server stores and delivers the content for a website – such as text, images, video, and application data – to clients that request it. The most common type of client is a web browser program, which requests data from your website when a user clicks on a link or downloads a document on a page displayed in the browser.
A web server communicates with a web browser using the Hypertext Transfer Protocol (HTTP). The content of most web pages is encoded in Hypertext Markup Language (HTML). The content can be static (for example, text and images) or dynamic (for example, a computed price or the list of items a customer has marked for purchase). To deliver dynamic content, most web servers support server‑side scripting languages to encode business logic into the communication. Commonly supported languages include Active Server Pages (ASP), Javascript, PHP, Python, and Ruby.
A web server might also cache content to speed delivery of commonly requested content. This process is also known as web acceleration.
A web server can host a single website or multiple websites using the same software and hardware resources, which is known as virtual hosting. Web servers can also limit the speed of response to different clients so as to prevent a single client from dominating resources that are better used to satisfy requests from a large number of clients.
While web servers typically host websites that are accessible on the Internet, they can also be used to communicate between web clients and servers in local area networks such as a company’s intranet. A web server can even be embedded in a device such a digital camera so that the users can communicate with the device via any commonly available Web browser.
I know that modern web browsers cache https content by default. But when you use, say, CloudFlare on your https webpage can it ever cache the css/jpg files for the client? I'm expecting the answer is no as its encrypted, but maybe the datacentre is intelligent and can establish its own connection as a client, cache, then serve as a proxy or something using its own certificates. Thanks
Cloudflare is a content delivery network and not a simple load balancer. Because it is expected that they reduce the load on the original server they will cache also https traffic. This means that they will be a man in the middle and provide their own certificate for the site. For more information see their SSL-FAQ.
I not sure if this is possible (it wasn't last year according to the internet), but i'm hoping its available now.
Is there any way of using google load balancer to force https connection only, ie. get the load balancer to redirect http requests?
I can do it at the backend server, but i would rather have this handled by the load balancer.
Thanks in advance,
Max
I think not. As far as I know, forcing HTTPS is not a managed feature of Google Cloud Load Balancer. It will not redirect HTTP to HTTPS for you. You can either drop the support of HTTP, or do the redirection in the backend. But it's would be a nice feature if they have.
See https://cloud.google.com/compute/docs/load-balancing/http/