AWS Copilot multiple Load Balanced Web Service - aws-application-load-balancer

I have deployed a Load Balanced Web Service in a copilot application. After deploying it, I added a new HTTPS / 443 listener that forwards requests to the Target Group where the ECS container is deployed:
name: api1
type: Load Balanced Web Service
http:
path: 'api1'
When I go to https://my-domain.com/api1, the requests go to my ECS container, all good.
Now I want to add a second Load Balanced Web Service:
name: api2
type: Load Balanced Web Service
http:
path: 'api2'
When I deploy it, it gets created into another Target Group and when I do https://my-domain.com/api2 the requests go to the first container (api1). I tried adding the 2nd target group to the "Forward To" rule of the Https listener, but then the requests get redirected randomly between both and I get 503 errors most of the time.
What is the correct way to deploy 2 load balanced web service within the same app? I just want to have
https://my-domain.com/api1 => api1 container
https://my-domain.com/api2 => api2 container

So I finally found the solution, I had to do on the Load Balancer:
add the HTTPS listener that forwards to one of the Target Groups
click on "View/edits rules" on the new HTTPS listener
click on the + button in the navbar
click on "+ Insert Rule" in the middle
click on "+ Add condition"
select "Path" and enter the path to the other service /api2
click on "+ Add action"
select "Forward to" and select the second Target Group
It would be nice to be able to do this from the copilot config but it works now

Related

React Front-end connecting to Java Backend on Gitpod HTTPS

I have a project which I have dockerised here: https://github.com/redis-projects/redis-movies/tree/gitpod
I am in the process of trying to get it to work correctly on GitPod, however I am having issues with the frontend react app hitting the backend java service. The react app is running in my local browser so I am confused by which network settings I should use and how to correctly configure.
The docker-compose file when used locally can simply use localhost:8080 to interact with the backend services, but GitPod generates a unique domain over HTTPS. Currently this causes the issues:
Mixed Content: The page at '<URL>' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint '<URL>'. This request has been blocked; the content must be served over HTTPS.
This is self-explanatory, I cant make HTTP requests when the site is loaded via HTTPS. & even if I could, its pointing # localhost so the service wont resolve.
How can I setup my docker-compose + gitpod configuration to correctly configure the React URL
Currently use env vars:
REACT_APP_MOVIE_SERVICE_HOST=localhost
REACT_APP_MOVIE_SERVICE_PORT=8080
and this simply builds a url like so (apiConfig.js): http://${process.env.REACT_APP_MOVIE_SERVICE_HOST}:${process.env.REACT_APP_MOVIE_SERVICE_PORT}
Assuming that the backend services are exposed via a public endpoint, I will need to handle any CORs issues since these services are no longer 'local'?

Keycloak - Proxy / Front End Url / Javascript client redirect issue

I'm attempting to use Keycloak for some future projects and it's still very new to me so I'm plugging away reading through the docs and searching for issues online but I'm currently stumped on one thing - I have a vuejs app I’ve added as a client (127.0.0.1:3001), I have a reverse proxy setup in IIS (idp.mc.local) and then a docker container on Windows with keycloak running (127.0.0.1:8080), when I attempt to login, instead of being redirected back to the vuejs client I am just getting redirected to the root of the reverse proxy with the state value in the url, as in the network logs in the screenshot below:
Network logs showing incorrected 'Location' redirect
If I don’t set a front end url for the realm and bypass the proxy / hook my vuejs client to login via Keycloak directly on 127.0.0.1:8080, it redirects to 127.0.0.1:3001/#state… correctly, as below:
Network logs showing correct 'Location' redirect
I can't spot any way to sort this issue, I thought the front end url for the realm should state the proxy address? I can't see why Keycloak would redirect to it at the end of the login process rather than to my client app url, the redirect_uri is being ignored by keycloak and for some reason taking me back to the root of my proxy domain. If I actually manually visit 127.0.0.1:3001/#state… with the state value copied in from the incorrect redirect, I log in successfully.
It's baffling me and any help would be appreciated!
The answer did turn out to be an IIS related issue with the setup of Application Request Routing / ARR being the problem. What was needed was to edit the settings for IIS Application Request Routing and uncheck the option:
Reverse rewrite host in response headers as can be seen in the image below:
IIS ARR Checkbox to untick
Hopefully this will be helpful for someone else who might have the same issue at some point!

Sitefnity Mailing List Export Generates Wrong URL

Configuration of web servers:
My Sitfinity CMS website is deployed on three servers in which two are on load balancer and serve only frontend website, 3rd server in only serve CMS backend and only accessible within organization domain and not part of the loadbalancer.
Backend URL is cms.example.com
Frontend URL is web.example.com
When I go to Marketing --> Mailing lists then click on Action --> Export, select file format and click on "Export", it does not export any file.
When I look at browser console it shows me wrong (web URL) URL for export file.
http:///web.example.com/Telerik.Sitefinity.ExportSubscribersHttpHandler.ashx?provName=&isCSV=true&ids=c46d5106-e7fa-490b-93f5-0c7106ad8a61&exportExSub=true&allSub=false
In order to download file, I need to generate the below URL
http:///cms.example.com/Telerik.Sitefinity.ExportSubscribersHttpHandler.ashx?provName=&isCSV=true&ids=c46d5106-e7fa-490b-93f5-0c7106ad8a61&exportExSub=true&allSub=false
How can I fix this issue for Mailing List Export file?

Express Gateway: 'warn: unable to verify the first certificate' Express.js

I'm brand new to Express Gateway and I'm trying to set up a basic API Gateway to link up some micro services. When I try and proxy to a specific end point https://my-service.net/status (not the real URL), I get this error
[EG:policy] warn: unable to verify the first certificate
I can access the URL 'https://my-service.net/status' in the browser just fine.
When I switch out the serviceEndPoint URL it works fine (e.g. to https://httpbin.org), so it seems like there's something different with my URL in terms of the SSL/authentication config.
Any ideas? Many thanks.
My gateway.config.yml -->
So the SSL setup allows me to access the page from a browser (Chrome), but at the command line (e.g. through my Express Gateway which is served by NPM and running locally on port 8080) it fails.

Polymer app not loading when using Apache reverse proxy

I have a Polymer app running on port 5901 of my VM, and am using Apache reverse proxy to serve the app from the following URL:
http://www.example.com/polymer
The problem is when I go to the URL in a browser, I can see the page title but the page is blank. I also get this error in the console:
Failed to load resource: the server responded with a status of 404 (Not Found) src/home-page.html
I'm assuming that I have to somehow add the /polymer subdomain to the default URL for the app, but I'm not sure how to do this.
EDIT: In response to comment:
The relevant link for Polymer 2.0 routing is https://www.polymer-project.org/2.0/toolbox/routing .
Updating the route. The route object is read-write, so you can use two-way data binding or this.set to update the route. Both the route and routeData objects can be manipulated this way. For example:
this.set('route.path', '/search/');
Or:
this.set('routeData.user', 'mary');