I am working with CoAP protocol on IoT but also I need a web service. I implemented the web service on Apache with HTTP protocol and a Proxy that converts CoAP-HTTP request and responses. But I don't want to use the Proxy to convert CoAP-HTTP. I want to implement directly CoAP web service. Do you have any idea about that. On Apache or different things. Just any idea?
As you wrote On Apache or different things, I will here talk about the second option :). To implement the CoAP server itself, I would recommend either
NodeJS with the CoAP package
Java implementation Californium, from Eclipse.org
More complete list available at http://coap.technology/impls.html#server-side, see Server-side
And then handle the communication with your Apache HTTP server via WebSockets and REST APIs.
coap.me is also great to run tests during development.
Related
I'm having an issue with a project I'm working on. I have a Vue client which does API calls to my backend which is written in .NET Core 3.1. Both these applications are deployed on diffent servers.
Now the problem is that my backend server does not allow me to do API calls straight from the browser. So I have to do some kind of 'redirect' on the client server to reach my API.
So for example:
If I call backend_server/api/values I get an error (Firewall).
I think I should make like a second API or something, but I'm not sure how to handle this issue.
Does anybody have any experience on this? Any help is welcome!
Kind regards
You can have multiple options here
Remove the firewall rule -
This will allow your API to get hit from browser. If firewall is not managed by you you can't do this
Add IP or Port exception rule in firewall -
Instead of deactivating the entire inbound rule on server, you can allow specific ports or IP on firewall. Again if you have control on firewall
Create Proxy API -
Another way is you can create a middleware API that forwards your request and acts as a proxy. This will suffice performance, resource, time and compromise security. I recommend not to do this, But it's easily possible in .NET Core
Specify CORS policy -
If your Vue.js and API originates from same origin (IP), You can configure CORS in server which will restrict access to API only from same origin. That means only www.google.com can access GoogleAPI, Likewise. This will protect the API from other origins
Tunnel via VPN -
If security is a concern, Use a VPN service to tunnel your API requests. This can't be possible for every client using your web service.
The best way is to open a specific rule on server for your application if possible. Writing a proxy in between will have lot of disadvantages although can be accomplished.
We're wondering if reverse proxy is actually required for most use cases and would appreciate additional information.
The Kerstel/Nginx documentation claims:
"Kestrel is great for serving dynamic content from ASP.NET Core. However, the web serving capabilities aren't as feature rich as servers such as IIS, Apache, or Nginx. A reverse proxy server can offload work such as serving static content, caching requests, compressing requests, and HTTPS termination from the HTTP server. A reverse proxy server may reside on a dedicated machine or may be deployed alongside an HTTP server."
https://learn.microsoft.com/en-us/aspnet/core/host-and-deploy/linux-nginx?view=aspnetcore-2.2
Could anyone please share some insights if this is actually relevant nowadays?
On our use case, we use Docker instances with external load balancing (AWS ALB).
Each docker instance has both Nginx and our ASP.NET Core application running.
We couldn't figure out the exact benefits of using Nginx.
Serving static content
As we're using an external CRN (AWS CloudFront), I assume static caching doesn't really have any actual benefits, does it?
Caching requests
I believe this is the same as serving static content, as dynamic content isn't cached on most scenarios (on our use case - all scenarios).
Compressing requests
ASP.NET Core has a response compression middleware, however - it claims "The performance of the middleware probably won't match that of the server modules. HTTP.sys server server and Kestrel server don't currently offer built-in compression support.".
Perhaps some benchmarks could be created to validate this claim.
https://learn.microsoft.com/en-us/aspnet/core/performance/response-compression?view=aspnetcore-2.2
HTTPS termination from the HTTP server
I assume most clients having load balancers can skip this part, as HTTPS termination can be done on the load balancer if needed.
Thanks!
Effy
This documentation does not tell you that you „should“ run ASP.NET Core / Kestrel behind a reverse proxy, just that advanced scenarios can benefit from one since Kestrel does not have some features that other web servers may have.
If you don‘t have a use for an additional nginx reverse proxy then you don‘t have to use one.
E.g. Kestrel only recently adopted APIs to change certain connection parameters on the fly without requiring a restart - this is helpful for switching certificates acquired via ACME (e.g. Let‘s Encrypt service).
It highly depends on the system architecture if a reverse proxy is needed or not, but you don‘t have to deploy one if you don‘t require a specific feature.
It is advised that asp net core must use a strong web server such as web listener
or a proxy as an internet gateway. My question is: is the build in reverse proxy strong enough to be that role? If I use asp net core + kestrel in my internal service and all external communication goes through reverse proxy after load balancer, is it secure?
Short answer: no
It's just a proxy with some smart retry logic.
You want to put a WAF, or Azure API manager, in front of it if you want to publish all your internal services to the internet and use kestrel, or use web listener for all your services.
Yes.
"The reverse proxy is built on the same Windows HTTP Server API (http.sys) that WebListener uses which provides the DoS protection that is currently missing from Kestrel." - Vaclav Turecek (github)
We are trying to integrate Jboss application to make Web services calls, so was wondering is it a good practice to make the web services call go through a web server always instead of handling SSL stuff by Jboss ?
Have this curious idea because if we want to implement authentication and make web server handle all the certificates for SSL so that in future if Jboss is replaced with a different technology the basic SSL configuration stills remains same in web server.
I agree for incoming requests to Jboss it makes sense to go through apache, but was wondering what about outbound connections from Jboss to a different provider ?
Any thoughts is very much appreciated.
I followed the tutorial deploy and run Service Stack application on Ubuntu Linux and I got my API quickly up and running. So far it's all plain-text though. I'd like to secure the API with SSL, especially the service receiving username and password, but maybe everything.
I'm using the regular CredentialsAuthProvider together with JwtAuthProvider at the moment, if it's relevant. Using a 3rd party OAuth2/OpenID Connect would solve the login problem, but not securing the remaining contents.
Also wonder how to selectively choose which services require SSL.
The stack is: mono, nginx and HyperFastCGI (and C# ServiceStack)
You'll want to configure SSL on nginx, i.e. your external-facing Web Server. What ASP.NET Web framework you're using is irrelevant as SSL will be terminated at nginx and any downstream Web Applications will still be receiving plain-text requests.