I am writing a project with an Angular2 frontend and a REST WebAPI backend using php.
I have been running/debugging the frontend using npm's lite server (aka npm start). Until now, I have been using the in-memory-web-api to serve data, but I am ready to start consuming real data from the backend.
In production, both frontend and backend would be served from the same Apache server, but in development I have been using npm to run Angular2 and a separate Apache server to run the API.
My problem is that npm runs on localhost:3000 and Apache on localhost:80. This creates cross origin security issues and the only way I can have my Angular2 app get data is to enable CORS on my REST API. I don't want to enable CORS on the backend if I can avoid it because I am worried that it may somehow make it's way into production.
So far, npm's server has been really nice because it compiles my .ts files automatically and will refresh the browser whenever it detects a change to the files. I would really rather not have to move my Angular2 development into Apache unless there is a way to keep these nice features.
Is there any way to keep these two things separate without having to enable CORS?
If not, is there a way I can merge the two while keeping npm's nice features?
Configure your development application server to proxy requests to the development REST server. Then make same origin requests.
Alternatively, use .htaccess to turn CORS headers on but add it to .gitignore (or your version control system's equivalent) to ensure it stays out of production.
Alternatively, if your REST server has a configuration system. Use that to turn on CORS in development (and again, ensure that the config file is kept out of version control).
Related
We are using Spartacus Version 3.0.0 and have setup Cloud Deployment via SAP CCV2 Cloud.
We followed the steps to enable SSR described in https://sap.github.io/spartacus-docs/server-side-rendering-in-spartacus/#adding-ssr-support-using-schematics-recommended. Additionally we also followed the guide for the workaround needed regarding the file structure in CCV2 cloud: https://sap.github.io/spartacus-docs/ssr-ccv2-issue-spartacus-version-2/#page-title
So far, all works locally when starting the server both in dev and production mode. As soon as we deploy into the CCV2 Cloud, we don't have Server Side rendering at all anymore.
In the Kibana log, we sometimes see the error message "SSR Rendering exceeded timeout, fallbacking to CSR", but only for some requests occasionally, which means, that for most requests, there is no SSR, but also no error logs..
Any idea?
The problem was caused by the IP Restriction on the DEV environment of CCV2. This IP Restriction is currently also being applied for the request coming from the Storefront Service during an SSR Request, as the ip of the storefront service was not whitelisted, the call always returned a 403, what was returning as a SSR timeout.
The spartacus documentation has been update regarding that problem: https://sap.github.io/spartacus-docs/server-side-rendering-optimization/#troubleshooting-a-storefront-that-is-not-running-in-ssr-mode
We have created an SAP Bug ticket to fix that problem.
I think it's pretty common to use nginx to proxy connections to ExpressJS, so all is done through ExpressJS.
I was thinking, why not use nginx to server the application since it's more simple to setup things like rewrites and let ExpressJS as backend only and then the application communicate to ExpressJS directly on 3000 port.
Is it a bad idea? If not, how often people does this ?
It's very common. But having your front end code directly talk to the node server adds complexity.
You have to handle CORS issues on the node server, including preventing cross site form submissions. See here Properly Understanding CORS with Same Host / Different Port & Security.
SSL is also going to be a bit more complicated. You'll need a wild card certificate.
However, there are some big advantages to using something like ngnix to host your assets. In addition to the ones you enumerated, it sets you up to go serverless. You can host your app out of an S3 bucket our through another content delivery network.
I've been researching how to connect Tomcat and apache http server because I will have my web application written in angular deployed in apache http server 2.2 (currently succesfully tested on my own computer, local), and my REST service written in java deployed in Tomcat v6,
and what I want now is that when some component is clicked, to make a http request (like this http://localhost:8080/rest/getCars/20130505) that connects with the servlet and use the json provided to use the information provided in another component.
So I have created my own url/json to test the web application on itself, but as I said, it is possible to make the same thing but with a real http URI like it can be seen here: https://angular.io/docs/ts/latest/guide/server-communication.html#!#cors
They use:
let wikiUrl = 'http://en.wikipedia.org/w/api.php';
And I use, as of right now:
private datesUrl = 'src/example.json'; // URL to web API
#Injectable()
getDates(): Observable<Date[]> {
return this.http.get(this.datesUrl)
.map(this.extractData)
.catch(this.handleError);
}
So I believe my next step would be to change that datesUrl and write the http written above: http://localhost:8080/rest/getCars/20130505, so that it connects to Tomcat.
But my problem is that I don't know if this is going to work without any connection done between apache http server and tomcat. I've seen there are connectors, like mod_jk and mod_proxy http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxypass
and so on. I would like to know if, in my case, if I need to use this modules for apache http server or it's not necessary, since I have never seen any of this and install the modules is proving to be a challenge. The end game objective I have is to go from local to a real server, but as far as I know there is no need for anyone from the outside to use the webpage, it's only for the business itself, so with access to the server/machine I could still access localhost, same as I do when I test it locally.
You don't need any special connection between the PHP server and the Tomcat server: it's a plain-old HTTP request. Tomcat doesn't care if your PHP script made that request, or if it came from the open internet.
In the case of the PHP script making the request, it's making its standard HTTP call, and doesn't care that you are running a Tomcat server locally or whatever. Just go ahead and do it. If Tomcat is already responding to HTTP requests on that URL, then calling it from PHP requires no further configuration.
I want to write a small back-end REST server using Play! Framework 2.1.3. This server will only serve WS requests, and all communication to it must be made over SSL. For this reason, I don't want to have an HTTP port open for this server at all.
I've seen this question regarding SSL on various Play! branches, and according to the linked discussion, the only way to open SSL port (which worked for me) is to add JAVA_OPTS before running the server, like so:
JAVA_OPTS=-Dhttps.port=9443 play run
This setting opens both HTTP and HTTPS ports for communication.
My questions are:
Is it possible to open the server only for SSL communication? How?
Is there a configuration file where I put this setting?
Thanks!
This is super easy with Play 2.2, not sure it works on 2.1.3, I didn't see it in the 2.1.x docs...but was in the 2.2.x docs...so give it a shot, it might be implemented.
Throw this in your configuration file :
http.port=disabled
Or you could run it with the command line option :
-Dhttp.port=disabled
http://www.playframework.com/documentation/2.2.x/ConfiguringHttps
Can i use server side scripting language i.e expressjs on Apache web server for web site development ..??
Plz suggest tutorial for that any help about that is valuable to me...
Read about node.js and expressjs.
Node.js is server and Expressjs - web framework under Node.js.
Apache is also web server and you don't need to use them together.
You can place Node.js app behind Nginx or HAproxy if you want.
You can use a Node.js app (built with Express or whatever you like) standalone, you don't need to use something in front of it.
If you want to use something in front of it though, I suggest you use something like Nginx better than Apache, since Nginx is also asynchronous (like Node) and it's performs really well at serving static files.
All you have to do is set node.js as proxy pass inside your site config
here is text on it http://httpd.apache.org/docs/2.0/mod/mod_proxy.html
Just decided which port to use and which framework :) eg. http://www.expressjs.com