We have a blob storage in Azure and we also have an azure CDN that points to this blob storage.
How would we configure Imageresizer so that it can work with the CDN.
Currently we have configured Imageresizer in web.config with the connectionstring of the blob storage, but don't know how to change this to work with the CDN.
Many thanks
A CDN is a reverse proxy. It knows about ImageResizer, and proxies traffic to it, but ImageResizer doesn't need to know anything about the CDN. No changes are required to put a CDN in front of server.
Related
I am hosting my website with a hosting service provider. The website loads perfectly when the request is HTTP (i.e. http://example.com), but the web server (IIS) fails to load static files (css, js, images) over HTTPS (i.e. https://example.com), I get "Failed to load resource: the server responded with a status of 403".
I checked this link CSS, Images, JS not loading in IIS and it says maybe I need to set the identity of the anonymous user to the App Pool Identity. The problem is that I asked my hosting service provider to perform that task, but the provider told me that they do not do that on application pool identity because this increases security leaks with impersonating authentication.
I am using .NET 5.0 and I tried to modify the launchSettings.json file to allow anonymousAuthentication, but that didn't work, do you know what else can I do to solve this issue?
Summarize from the comments:
The problem was caused by hosting firewall. Migrated the website to another hosting provider, then the problem is gone.
We're wondering if reverse proxy is actually required for most use cases and would appreciate additional information.
The Kerstel/Nginx documentation claims:
"Kestrel is great for serving dynamic content from ASP.NET Core. However, the web serving capabilities aren't as feature rich as servers such as IIS, Apache, or Nginx. A reverse proxy server can offload work such as serving static content, caching requests, compressing requests, and HTTPS termination from the HTTP server. A reverse proxy server may reside on a dedicated machine or may be deployed alongside an HTTP server."
https://learn.microsoft.com/en-us/aspnet/core/host-and-deploy/linux-nginx?view=aspnetcore-2.2
Could anyone please share some insights if this is actually relevant nowadays?
On our use case, we use Docker instances with external load balancing (AWS ALB).
Each docker instance has both Nginx and our ASP.NET Core application running.
We couldn't figure out the exact benefits of using Nginx.
Serving static content
As we're using an external CRN (AWS CloudFront), I assume static caching doesn't really have any actual benefits, does it?
Caching requests
I believe this is the same as serving static content, as dynamic content isn't cached on most scenarios (on our use case - all scenarios).
Compressing requests
ASP.NET Core has a response compression middleware, however - it claims "The performance of the middleware probably won't match that of the server modules. HTTP.sys server server and Kestrel server don't currently offer built-in compression support.".
Perhaps some benchmarks could be created to validate this claim.
https://learn.microsoft.com/en-us/aspnet/core/performance/response-compression?view=aspnetcore-2.2
HTTPS termination from the HTTP server
I assume most clients having load balancers can skip this part, as HTTPS termination can be done on the load balancer if needed.
Thanks!
Effy
This documentation does not tell you that you „should“ run ASP.NET Core / Kestrel behind a reverse proxy, just that advanced scenarios can benefit from one since Kestrel does not have some features that other web servers may have.
If you don‘t have a use for an additional nginx reverse proxy then you don‘t have to use one.
E.g. Kestrel only recently adopted APIs to change certain connection parameters on the fly without requiring a restart - this is helpful for switching certificates acquired via ACME (e.g. Let‘s Encrypt service).
It highly depends on the system architecture if a reverse proxy is needed or not, but you don‘t have to deploy one if you don‘t require a specific feature.
I'm just starting to develop a SPA, with java(dropwizard) REST backend. I'm kinda new to 'web' development, but I did internal web apps before, so security was not a big concern before.
Right now I'm using nginx as my public facing web server, and I just discovered whole slew of complications that arise as we're splitting actual servers: static web server serving my SPA's files, and java microservices behind it.
I'm used to apache talking to tomcat with mod_jk, but now I had to implement CORS in dev because my SPA is deployed on a lite-server serving at different port than the REST Api served by dropwizard.
Now I got to my minimum viable product and wanted to deploy it on prod,
but I have no idea how do I do it.
Do I still need the CORS header? Dropwizard will be run separately on a different port only available to local processes, then I configure nginx to route incoming request from, e.g. /api/ to that port. Does that counts as cross-origin?
I'd like to serve full https. Dropwizard can serve to https, but I don't want to update SSL cert on multiple microservices. I read about nginx ssl termination, will this enable me to use plain http in local and https on nginx?
Any other caveats to watch out on deploying with this architecture?
Thank you!
Yes, you can certainly do it!
You can terminate https with nginx, and still have the backend operate on either plain http or even https still. The proxy_pass directive does support both access schemes for the upstream content. You can also use the newer TCP stream proxying, if necessary.
There are not that many caveats, really. It usually just works.
My web application sitting in tomcat reads the files in Amazon S3 buckets. Is there a way to capture the request? I am not sure what protocol it uses. (s3?) I would like to capture this request using fiddler.
Any idea?
As far as I know, S3 typically uses HTTP/HTTPS for communication (REST, SOAP). Are you using a library to make your S3 calls? The library may not use the default proxy.
As you know, Configuring Tomcat to communicate through proxy in Localhost - Fiddler has general details on how to configure Tomcat to use the Fiddler proxy.
I got to know that Rackspace Cloud Files is based on OpenStack Object Storage service (Swift).
As OpenStack allows configuring/manipulating object storage using S3 APIs through swift3
http://docs.openstack.org/trunk/openstack-object-storage/admin/content/configuring-openstack-object-storage-with-s3_api.html
I am thinking whether Rackspace Cloud Files provides S3 API support as well. I have a client written for Amazon Web Services using S3 RESTful APIs so was thinking to reuse it for Rackspace Cloud Files as well.
The S3 plugin for Swift is not deployed as part of Rackspace Cloud Files (most production deploys of openstack don't deploy it by default). However, if you want better flexibility in the app, you can use a cross cloud toolkit such as libcloud (python), fog (ruby), jclouds (java), pkgcloud (node/js). This means you can use a simpler abstraction and support multiple providers within your application.