We are evaluating reverse proxies which support API Gateway feature. We tested the API Gateway feature in NGINX with a custom authentication Application. The request flow in NGINX is that when a request reaches NGINX, it forwards the request for authentication to a custom authentication application. If the auth application returns HTTP 200, NGINX forwards the request to downstream servers.
HaProxy:
For HAP proxy I am unable to figure out how to integrate the custom authentication application in HAProxy configurations.
Kindly guide me to the correct configuration/resource for me to proceed.
Related
I create an API where I configure the endpoint: https://ssl.croinform.ru:450/api.test
And there is a problem with https, I am not getting a response to the request. It seems the WSO2 API Manager API gateway is not proxying requests to the endpoint.
When I make requests directly, I pre-configure the infrastructure: install the openssl counterpart, install the cacer.p7b and ssl.croinform.cer certificates. After that, I successfully receive responses from the ssl.croinform.ru:450/api.test service.
Can you tell me what I need to do to make this work in WSO2 API Manager?
Authenticating Requests Through Traefik
I am looking at using traefik as a proxy for a set a microservices.
However I realised that traefik does not support a authentication mechanism such as the one provided by Kong.
I would like to register consumers with traefik and allow access based on authentication.
Is there a recommend approach to doing this?
Ideally I would like to forward all incoming requests to a service that authenticates the incoming request. However I can not find any way to do this with traefik by using a custom middleware.
In short, is there a way to add such a middleware to traefik and have it execute a remote check before allowing a request to pass though?
(The basic auth built in to traefik is very limited.)
I don't believe Traefik supports this currently. Are you using a service discovery layer behind Traefik like Consul/Kubernetes Ingress? If so, these services may support ACL access to services.
I seem to be forced in to using HTTPS with AWS API Gateway. I am only hosting non-sensitive GET requests that do not need to be https.
How do I setup HTTP GET Method?
I am using a custom domain name and pointing to DynamoDB.
According to the FAQ, this is not possible:
[A]ll of the APIs created with Amazon API Gateway expose HTTPS endpoints only. Amazon API Gateway does not support unencrypted (HTTP) endpoints.
https://aws.amazon.com/api-gateway/faqs/#general
I wish to setup an HTTPS proxy and have HTTP clients send requests securely to the proxy. For example, a browser can initiate a HTTP GET request which should be an encrypted request to the proxy and the proxy then removes the encryption and then passes the request to the end-site. Squid proxy can be set up to work like this (info here).
I have set up such a HTTPS enabled proxy. But I am unable to write my own HTTP clients to work with it. The same link above mentions that chrome is the only browser that supports such a proxy. I tested Chrome and it was able to work with such an HTTPS proxy.
I wish to gain an understanding of how such a proxy works so that I can write my own HTTP clients.
As I understand it, it's a connection to regular HTTP proxy BUT this connection is made over TLS. The client indeed needs to support this scheme explicitly and existing clients as-is can't be tuned up (without extra coding).
I have an api (running in a jetty instance) where I use two-legged oauth protocol to give access to the clients. I wrote a simple java client (using oauth-signpost) to connect to the api and the connection is successful.
I would like to put the api behind an apache http server. The apache http server is configured to forward request to api.
The following works:
(without oauth) Client ---> Apache HTTP Server --> Jetty
(with oauth) Client ---> Jetty
The following doesn't work:
(with oauth) Client ---> Apache HTTP Server ---> Jetty
I receive the following error message
"Invalid signature for signature method HMAC-SHA1"
Has any of you faced this issue? Is it possible to sign the request but without the hostname and port?
Thank you.
I had a similar problem. The problem I found was that the OAuth signature and the OAuth header block need to have the Jetty URL, not the Apache URL.
I had to modify my code to pass along two URLs. The URL I was sending the request to (Apache) and the URL of the resource on the final system (Jetty URL).