Hiding IdentityServer4 behind Ocelot gateway - docker

I'm trying to resolve a bigger issue by splitting it into smaller bits. The first problem is that i don't know how to hide properly. for the purpose of this post, i've created a simple demo app that gets deployed to docker (available on github). It has two microservices inside: OcelotGateway (OcelotIdentity project) deployed to localhost:7060 and IdentityServer microservice (Identity project) deployable to localhost:7050. Here's my ocelot configuration file:
{
"ReRoutes": [
{
"DownstreamPathTemplate": "/{route}",
"UpstreamPathTemplate": "/identity/{route}",
"UpstreamHttpMethod": [ "Get", "Options", "Post" ],
"DownstreamScheme": "http",
"ServiceName": "identity"
}
],
"GlobalConfiguration": {
"RequestIdKey": "OcRequestId",
"AdministrationPath": "/administration"
}
}
So i expect to see IdentityServer's quickstart page at localhost:7060/identity, but i get 404 instead. This page works fine when i'm reaching it directly at Identity server's url (localhost:7050).

You probably already figured out the answer, but just for future generations; I suppose the problem is your catch-all, that expects something like /identity/something to be passed to /something.
To display the quick-start page, you should define another re-route, that only catches /identity and forwards to /. Then, no something is required and the re-route should work just fine.
Also, the scheme should better be https.

Related

Is it possible to pass AWS EventBridge rule event variables to the target Invocation HTTP Parameters?

I am pretty sure I miss something simple but I don't seem to fins any resource on my issue and I am a novice on AWS.
The problem is as follows: I have a scenario where I would like to trigger a REST POST API when files are uploaded to an S3 bucket. This POST API uses OAuth 2.0 and requires the file name in the body.
I created a rule that successfully triggers on upload and the API works well if I put a static filename as Invocation Http Parameter. But I would like this value to be dynamic, based on the file that triggers the event.
I have tried using the jQuery snippet $.detail.object.key but, as much as it works for adding a Query Parameter from the rule, it doesn't seem to work if used in the Invocation Http Parameters settings in the API connection.
The event pattern is as follows:
{
"source": ["aws.s3"],
"detail-type": ["Object Created"],
"detail": {
"bucket": {
"name": ["jna-test-bucket"]
},
"object": {
"key": [{
"prefix": "testFileForAPI"
}]
}
}
}

Azure container instance is not accessible using URL via browser

I have created a new Container instance in Azure. Below are the steps.
Step:1- I created a new Cognitive Services (A Language Service) and used its "Key" and "Endpoint" value inside Container Instance
Step:2- I created a new Container Instance, and provide it all the required information as mentioned in the below article.
https://learn.microsoft.com/en-us/azure/container-instances/container-instances-quickstart-portal
but I changed the PORT 80 to "5001" and Image "mcr.microsoft.com/azure-cognitive-services/textanalytics/healthcare:latest".
Below are env variable I used
{
"name": "Eula",
"value": "accept"
},
{
"name": "RAI_TERMS",
"value": "accept"
},
{
"name": "Billing",
"value": "XXXXXXXXXXXXXXXXXXXXXXXXXXX"
},
{
"name": "ApiKey",
"value": "4a46537f51f64765864cabc20318bdcc"
},
{
"name": "enablelro",
"value": "true"
}
Finally it was created and deployed successfully. Now I tried to access it via below url
http://FQDN:5001/Demo/
FQDN--> qualified domain name is used in the url
its not accessible though instance is up and running properly.
It doesn't matter from which port you are trying to access. instead of using this url http://FQDN:5001/Demo/ would suggest you please use FDQN or IP address of container instance.
Using the complete FQDN when identifying something is the way it is supposed to be.
You can refer this thread same i have reprod related to your question. In which i have used FDQN to access the Conatainer Instance.

connecting custom domain to firebase dynamic links project

I had already connected the free custom page.link subdomain and this works great and as expected. It opens my app and redirects users to the specific pages. However, I recently got a custom domain from google domains and wanted to connect it. the domain is https://gifte.app
I connected it to my projects associated domains : applinks:gifte.app and another link : applinks:gifte.app/applinks
In the firebase console I also added https://gifte.app and added https://gifte.app/applinks
when adding the first one, it told me to add some lines to the DNS settings which I did. And when adding this one https://gifte.app/applinks firebase told me to add
"appAssociation": "AUTO",
"rewrites": [ { "source": "/applink/**", "dynamicLinks": true } ]
to firebase.json which I added and is in my project directory.
when creating a dynamic link. I used
DynamicLinkComponents.init(link: linkParameter, domainURIPrefix: "https://gifte.app/applinks")
and created the link the way shown in the firebase tutorial videos. Running the project and trying to create the dynamic link. I get this error
Error Domain=com.firebase.durabledeeplink Code=0 "Your project does not own Dynamic Links domain: https://gifte.app
however when using https://gifte.page.link I do not get the error and it works fine.
When using https://gifte.app instead as the domainURIPrefix, the dynamic link is generated. however when it is clicked in the notes app. It doesnt redirect to the app. It instead redirects me to a 404 ERROR
This file does not exist and there was no index.html found in the
current directory or 404.html in the root directory.
Why am I seeing this? You may have deployed the wrong directory for
your application. Check your firebase.json and make sure the public
directory is pointing to a directory that contains an index.html file.
You can also add a 404.html in the root of your site to replace this
page with a custom error page
In summary of creating the links
https://gifte.page.link as domainURIPrefix works
https://gifte.app as domainURIPrefix creates url but doesn't redirect to app when clicked in notes. Instead to firebase error screen
https://gifte.app/applinks as domainURIPrefix does not work and gives error in app
So my question is, how can I get the custom dynamic links working the same as the free page.link subdomain? I don't get why adding the custom domain has caused so many problems and why using https://gifte.app/applinks gives an error saying that I do not own the domain.
my firebase.json file
{
"functions": {
"predeploy": [
"npm --prefix \"$RESOURCE_DIR\" run lint"
],
"source": "functions"
},
"hosting": {
"public": "public",
"ignore": [
"firebase.json",
"**/.*",
"**/node_modules/**"
],
"appAssociation": "AUTO",
"rewrites": [ { "source": "/applink/**", "dynamicLinks": true } ]
}
}
Does anyone have a solution? Thank you.

How to use authentication with Nexus hosted Bower without plain text credentials

We have Bower hosted in a Nexus 3 repository. Our .bowerrc file looks like:
{
"directory": "bower_components",
"registry": {
"search": [
"https://<host>/nexus/repository/bower/"
]
},
"resolvers": [ "bower-nexus3-resolver" ]
}
So far it has had anonymous access so this worked fine. However, Nexus has now had authentication enabled so we need some way of authenticating.
I've read some documentation and it suggests we need to add
{
"nexus" : {
"username" : "myusername",
"password" : "mypassword"
}
}
But this uses plain text credentials. Is there a way to use authentication without plain text credentials?
Professional (licensed) customers can use user tokens as documented here.
To OSS users, I know that might sound a bit like NXRM doesn't care, but what is shown there comes from Bower not from NXRM, so to have that guarded, is really (in this example) a Bower change.

How to send a device management request using NodeRed or any REST client

I am trying to sent a DM firmware update command from a NodeRed Flow.
Function node:
msg.payload = {"MgmtInitiationRequest": {
"action":"firmware/update",
"devices": [{
"typeId": "myType",
"deviceId": "myDevice"
}]
}}
msg.headers={"Content-Type":"application/json"}
return msg;
I send it to a http request node with a POST to
https://orgid.internetofthings.ibmcloud.com/api/v0002/mgmt/requests
Basic Authentication with api keys. I based it of Initiate a device management request
I get back a 403 which the docs have as:
One or more of the devices does not support the requested action
Anyone see what I'm missing? It works fine from the IoT Platform UI to the same devicetype/deviceid.
EDIT: Same 403 if I use a Rest client like Postman.
The swagger API documentation is a little bit misleading in that the 'body' parameter is given a name.
But, like the other POST APIs, that name isn't actually included anywhere as part of the payload.
The payload should just look like this:
{
"action": "firmware/update",
"devices": [
{
"typeId": "string",
"deviceId": "string"
}
]
}
This page in the documentation provides more detail:
https://console.ng.bluemix.net/docs/services/IoT/devices/device_mgmt/requests.html#firmware-actions-update
Has your appliance published the set of supported commands it supports when it announced itself as a managed device?
A device connects to the Watson IoT Platform and uses the managed devices operation to become a managed device.
Which looks something like this
Topic: iotdevice-1/mgmt/manage
{
...
"supports": {
"deviceActions": true,
"firmwareActions": boolean
},
...
},
...
}
https://console.ng.bluemix.net/docs/services/IoT/devices/device_mgmt/index.html

Resources