We have a redis instance setup with ObjectRocket which provides us with a host, port, and auth key. I can connect fine with the redis-cli to the instance but I can not figure out how to configure apiaxle-proxy to use the auth key. I have the config json file setup with the host and port but have tried an auth key and a password key in the config file and have not been able to get it to work.
Does apiaxle support connecting to a redis instance that requires auth?
After investigation, apiaxle actually did not have this support. I forked and submitted a pull request for this and now it does support authenticated redis stores.
Related
Can we provide login authentication to vault UI?
What are the most popular and methods available to achieve login authentication?
Cosul does not provide authentication, I have a nginx siting in front of consul, basic auth happens at nignx and then it proxy pass the traffic to consul.
8500 is the default port for Consul, not Vault.
Are you sure it's not Consul?
For reference, here are the default UIs for Consul and Vault, respectively:
Consul (Port 8500)
Vault (Port 8200)
Please add more details, because it looks like you're asking about Consul ACLs, not Vault UI access stuff.
Most articles or answers I find deal with proxying a localhost url to a localhost backend server on a different port, or to a non-authenticated remote server (no log in required). However, what I am unable to find is how to generically proxy requests to a remote server that requires authentication.
A common practice in web development is to create multiple instances of the app (beta/dev, integration/test, production, etc.) so you can test and deploy gradually before the code hits production. Each instances has it's own backend server and data that is typically accessible through public urls (e.g. beta.app.com/api).
The difficulty comes when the api requires user authentication to access. Setting up a typical proxy won't work as the credentials from localhost will be different from those of the remote server.
What I want to be able to do is be able to proxy all localhost api calls to one of the remote servers so I don't have to run a backend server locally, or be able to test local code against remote data (great for debugging prod only bugs). What I don't want to have to do is hardcode credentials to the remote server into the proxy, as that won't work for anyone else who runs the app locally (so no hardcoding proxy headers that add auth cookies, etc.).
I image the solution will require more than just a proxy to work, and that's fine. Assume I have full control of both the frontend and backend and can make any changes needed to make this work.
I'm new on the world of load balancing...
I heard about HAProxy and I wonder if I can achieve this objective (not found yet over searches already done):
HAProxy receive a MQTT/HTTP connection with basic authentication
(login-password) or token based
HAProxy checks credentials from a Database (or
LDAP)
HAProxy manage the access depending on the authenticated User.
--> all of user/credential and ACL should be stored in Database.
Is this possible? Is there in HAProxy a system of custom plugin/add-on to enhance its behavior ?
I found things about settings list of ACL directly in the configuration with already existing list of login/password (but not dynamically even if cached after)
Thanks a lot for your ideas.
I think this is only supported in Enterprise Haproxy:
The HAProxy Single Sign-On solution [...] is also compatible with Microsoft Active Directory or OpenLDAP servers.
https://www.haproxy.com/documentation/hapee/1-8r1/security/using-sso/
The only plugin I found is a http request check to see if user is authenticated on an arbitrary endpoint:
https://github.com/TimWolla/haproxy-auth-request
But it requires a specialized web app responding the requests for that.
Is there built-in support for enabling SSL on Azure Container Instances? If not, can we hook up to SSL providers like Lets Encrypt?
There is nothing built-in today. You need to load the certs into the container and terminate SSL there. Soon, we will enable support for ACI containers to join an Azure virtual network, at which point you could front your containers with Azure Application Gateway and terminate SSL there.
As said above, no support today for built-in SSL when using ACI. I'm using Azure Application Gateway to publish my container endpoint using the HTTP-to-HTTPS bridge. This way, App Gateway needs a regular HTTPS cert (and you can use whichever model works best for you as long as you can introduce a .PFX file during provisioning or later during configuratiorn) and it will then use HTTP to talk to your (internally facing) ACI-based container. This approach becomes more secure if you bind your ACI-based container to a VNET and restrict traffic from elsewhere.
To use SSL within the ACI-container you'd need to introduce your certification while provisioning the container, and then somehow automate certificate expiration and renewal. As this is not supported in a reasonable way, I chose to use the App Gateway to resolve this. You could also use API Management but that is obviously slightly more expensive and introduces a lot more moving parts.
I blogged about this configuration here and the repo with provisioning scripts is here.
You can add SSL support at the API Gateway and simply configure the underlying API over HTTP.
You will need the secrete key to execute above api method!
You can access the underlying API hosted at the Azure Container Instance. This method does not require jwt token as this is a demo api.
I need to use certain software that connects with a server, that allows connections only from whitelisted IPS. To solve this, I have a droplet with fixed IP on DigitalOcean where I use Squid3 as proxy. I configure my system to work through the proxy, and I tell the central server to whitelist that proxy server IP.
Up to here all is great, but as I should have guessed, some people are using my proxy to send malicious packages, and now the server provider is telling me to get it sorted out, or they will cancel my account.
I added authentication to the proxy, and the attacks have stopped, since the attackers do not know the user/pass combination.
But now the problem I have is that I don't see any way to configure Windows to use authentication when connecting to the proxy! I am not talking just about HTTP requests, since the browsers allow for authentication. I am talking about some custom software that needs to communicate as well with this central server.
Is there any way to configure Windows so that it connects to the proxy passing the necessary username and password?