So I'm working on something in C# that uses the JSON API from CloudFlare to automate the process of adding DNS records. However the website shows a grey cloud that must be clicked to orange to enable their service. I was wondering if there was a way of doing this in C# since I can't see the functionality in their API.
Ah! Found a solution to my problem. CloudFlare don't mention in their API that you can specify the proxied mode to true in the JSON data you send in the POST request to create the DNS record.
Related
I am unable to connect to my Apollo (graphql) server through Apollo Studio (https://studio.apollographql.com/sandbox/explorer) OR Apollo Client library on frontend. But the server is working fine when a request is sent through Postman, graphql-request library OR a CURL request.
Details of Deployment:
The server is deployed on GCP instance groups which include 4 instances in two different regions. I have used Nginx as reverse proxy to redirect traffic to localhost:4000 of each instance (the app is running on port 4000 of each machine).
The instance groups are attached to the GCP HTTPS load balancer. The backends are in the healthy state in the load balancer.
Apollo studio - not working
Postman - working
If it's working in postman but not in studio, it's generally either an issue with CORS, some other header issue, or something similar to that.
Studio is running in a browser, so things will be a big more finicky. It will send headers that browsers always send, like the origin it's running on, and those that Apollo decides are best, like certain accept / content-type headers that your load balancer might not be allowing through.
Things like Postman and cURL generally come with less "baggage". They only send the headers and content you ask them to.
The best thing to check next is what your browser thinks is going wrong, since servers won't "lie" about the problem unless you specifically tell it to (e.g. for security reasons, some information is sometimes best left out). Open up your browser debugger on the Studio website when you try to make a request and check your Network panel. The HTTP call will fail in a certain way if it's one of these issues, and it should be pretty straight-forward with you that it was rejected because of X.
How can we make sure all requests are routed through cloudflare seevers only?
I currently setup dns in cloudflare in proxy mode. I set a custom domain mapping on cloud run and pointed dns records for my custom domain to ghs.googlehost.com.
Wondering how to make sure the traffic is received only from cloudflare to avoid abuses.
Update
There is another question about origin pulls but the answer mentions its only possible through OAuth which is not in detail.
You cannot achieve your goal without inserting a proxy that you must build. Google Cloud authorization is OAuth. Cloudflare's servers do not implement OAuth authorization headers.
You should implement OAuth at your clients. However, that will provide for authorization but not selectively from Cloudflare.
I am currently developing a web application to allow customers to place orders.
The way I have choosed to handle the application structure is to split the app in two sub-applications:
1 backend application (the API) that serves only json content
1 front end application (AngularJS in my case) that takes an API url as configuration and serves user content
Now on the server, what I have done for testing, is creating 2 virtual hosts:
app.com
api.app.com
and linked the API to the frontend app.
The problem is that everything will be served over https and, in the current setup, I will need to buy either 2 SSL certificates, or 1 wildcard certificate.
The second solution would be to create a subdirectory on the frontend app (let's say /api) and copy the backend app into it. The advantage would be to get only one single SSL certificate and have everything on the same directory; the /api would be an .htaccess redirect to the backend api.
I think that the "cleanest" solution would be to split the two apps completely and get a wildcard SSL certificate for both, but I'd like to hear if someone have some experience whether one solution is better than another.
The advantage of combining is that you will get to avoid CORS. CORS isn't that bad, but it's another complication. That being said, if you want to expose this to the outside world (allow other web pages to use it), you might want to go through that process anyway.
If you aren't looking to actually expose your API to third-parties, but just keep your layers separate, than I would either look at combining, or even proxying. I've used this architecture to put my services completely behind the firewall, and use mod_proxy or the like to serve my API through my web server. This is useful as it limits the exposure of your API, and solves CORS issues in one go.
If you really want to use SSL between your web server and your API server, you can do a self-generated client certificate between you web-server and your API server.
I have 2 web roles in a cloud service; my API and my Web Client. Im trying to setup SSL for both. My question is, do I need two SSL certificates? Do I need 2 domain names?
The endpoint for my api is my.ip.add.ress. The endpoint for my webclient is my.ip.add.ress:8080.
Im not sure how to add the dns entrees for this as there is nowhere for me to input the port number (which I have learned is because its out of the scope of the dns system).
What am I not understanding? This seems to be a pretty standard scenario with Azure Cloud Services (it is set up this way in the example project in this tutorial, for instance http://msdn.microsoft.com/en-us/library/dn735914.aspx) but I can't find anywhere that explains explicitly how to handle this scenario.
First, you are right about DNS not handling port number. For your case, you can simply use one SSL certificate for both endpoints and make the two endpoints have the same domain name. Based on which port is used by user request, the request will be routed to the correct endpoint (API vs. Web Client). Like you said this is a relative common scenario. There is no need to complicate things.
Let's assume you have one domain www.dm.com pointing to the ip address. To access your Web API, your users need to hit https://www.dm.com, without port number which defaults to 443. To access your web client, your users need to hit https://www.dm.com:8080. If you want users to use default port 443 for both web api and web client, you need to create two cloud services instead of one, then web api on one cloud service and web client on the other cloud service. Billing wise, you will be charged the same as one cloud service.
Are there any reasons you want to make 2 different domains and in turn 2 SSL certificates? If so, it is still possible. Based on your requirements, you may have to add extra logic to block requests from the other domain.
I apologize, I know this is a very short question but Google doesn't seem to help (I guess I'm not searching for the correct phrase or set of keywords).
If I have a site not protected by SSL and it makes an api call to an https site, is that information secure or do I need to have SSL as well?
I want to make sure I keep my users' data secure.
Only data in the API call (request) needs to be protected. Data returned by the API (response) to my (non-SSL) site isn't meaningful or sensitive.
Thanks in advance.
The call to the SSL site will be protected, but if it's multihop (client to non SSL to SSL site) and the data on first hop is plain text.
However as #VictorRonin says, security is a much bigger concern than just SSL.
The call is protected. Your website talking to another website (protected by SLL) will send and get information inside of protected channel.
However, it's hard to say whether your users data is secure. Security requires a lot more than just usage of SSL.
I also got the same problems.
I'm using 16 bits micro connect to net by Wifi's AT command .
after connected in transparent mode. normally I can send some simple text (HTTP ) to request content from every web page.(if those webpages not need SSL).
this makes programing fun and easy.
But these few years. life got stuck almost webpage use SSL. mean programming need more complex step to reach content.
but the most serious things is that the CA (cert auth) cannot use forever it has expired time !!!
This mean hardware device have to modified CA data frequently . so it's not practical for small iot firm .
However I found a way even it's not the best by using thingspeak.com (ThingHTTP)
with ThingHTTP you can request without SSL to any website which need SSL
I hope in the future there are more iot cloud or even some webpage turn to use old method (HTTP) in case of that data no need secure.
In my opinion user can encode/decode the data by themself instead of secure everything in webpage.
Thnks