Only allow an Openshift app to be connected with another one - ruby-on-rails

I am currently using the free version of Openshift. I have a scalable ruby on rails + postgres app using 2 of my gears and have a separate (potentially scalable) elasticsearch app using the 3rd gear.
The elasticsearch app was generated using https://github.com/rbrower3/openshift-elasticsearch-cartridge
Since the elasticsearch runs as an app on its own url then that leaves it open to attack from the outside world if someone found out the web address of it.
I have considered the elasticsearch-jetty plugin, although I've not managed to lock it down with a username and password successfully yet, but was wondering if there were any other options for limiting access to my elasticsearch Openshift app somehow, eg using apache somehow, so that only my other app can make connections to it (which would need to be read and write - updating the elasticsearch index as well as selecting data from it).
Thanks

The most basic answer is we support .htaccess for Apache where you can specify a username and password. The other option is to add some other Auth option in front of your elasticsearch by modifying the code in the repo to do that. I am not familiar enough with a default elasticsearch install to know what specific mechanism you can use.

Related

Elasticsearch Securing the connection

i am (desperately) new to elasticsearch (7.9.0) and i currently have a cluster with two nodes running.
After a lot of effort it is performing as i would like it to.
It is running on docker and also has an nginx in front of it to route the traffic to it since it is being accessed directly from my website (angular 10).
The elasticsearch is being used as well from my laravel backend directly through the docker container name so that is secure (i guess).
My problem now is that i cannot find or understand a way to secure the http access from outside docker (eg the normal website).
Going via Laravel is an option but this is too slow for my purpose.
Is there a way i can securely have http access to the elasticsearch from the web?
Also, is there a way i can restrict the actions to read only actions?
If you need more info to help out please let me know as i am not knowledgable on what is important here and what not.
Thanks
Angular is a front-end and is run in your user's web browser. If Angular can somehow reach your Elasticsearch instance, everyone can do so. No matter what. You can try to obscure it as many as you want, but if there is direct exposure to Elasticsearch, it will be reachable.
So you have to either assume this fact, or go the slow way and proxy the requests to Laravel, so it can verify that the information requested is actually available for the user performing the request.

MySQL server and iOS app

I am running a site right now with a quite big MySQL database.
Now, I want to create an app. I will need to use obviously a database de to the fact my data are already there.
Thus,
1) Should I keep using the MySQL server and my iOS app will connect to this MySQL serve for getting data?
2) is there any problem if I use the MySQL server ? Security issues maybe?
3) if I have to change the MySQL server, what database infrastructure I need to build and work with?
I am totally newbie on iOS apps. And now I planning to face any issues my iOS app will have.
Since you are running a site with MySQL I think a lot of your questions have been answered. You already have seen how your MySQL database performs in a production environment. Unless you believe that your iOS user base is going to be much larger or perform very different functions you currently have valid performance benchmarks.
In terms of how it relates to the iOS app, you can build an API, or make calls to https pages on your website that will return the information required for your app. For information on how to do this, check out this AFNetworking tutorial.
In the end, there might be some reasons that your current database isn't the right choice for your app. But since the app won't be interacting directly with the database, you can change it out later and you will only have to integrate the database with the interface and not change the iOS app at all.

How would I make a user database for an iPhone application?

I am relatively new to iOS development and part of the application I'm developing requires a database of users which holds information about each user. Is there a tutorial out there that can show me how to create a database and link it with my iOS app? If not any sort of explanation would work.
First, if you want a DB to connect to, you'd need 2 things: A DB server and a Webserver to open it through webservices. Since you are new, I'd suggest you set up a LAMP server (Linux, Apache, MySQL, PHP) or a WAMP server (Windows, Apache, MySQL, PHP).
For WAMP and LAMP, I suggest you install each module separately but there are packages with contains the all the modules.
http://tenfouragency.com/setting-up-a-wamp-local-server-on-windows-7/
First, you'd need to create the DB in MySQL: https://dev.mysql.com/doc/refman/5.1/en/database-use.html
Second, you'd need to open it through webservices in Php: https://web.stanford.edu/dept/its/communications/webservices/wiki/index.php/How_to_connect_to_a_MySQL_database_with_PHP
Third, you would need call your webservices through the app: http://blog.strikeiron.com/bid/63338/Integrate-a-REST-API-into-an-iPhone-App-in-less-than-15-minutes
This is a fairly big endeavour for someone that's just starting out so I'd advise you just do these things one step at a time. This is also a very basic overview so I suggest you use the terms and concepts I use (such as webservices) to further your own research into these topics.

Getting started with AWS backend for iOS

I've been coding on iOS for awhile. I'm getting started to use AWS as a cloud backend to store my user's data for my iOS app as well as a server that can handle real time event in multiplayer mode. I understand that there are many services like Amazon Cognito that allows user login via public providers, Dynamo DB that provides noSQL storage, EC2 that help me create server instances. However, I'm really confuse on how I can actually get started.
Here's some stuff that I really need help on:
I don't really want to use public providers like facebook for my users to sign in/sign up. I'd really prefer it if there could be relational database that is similar to how I cache data on local sqlite files using core data.
And I also need some help on getting my ID tokens for those services if I choose not to use cognito, or must I?
I would really appreciate it if you guys can give me some clues on how I can get started on these. Thank you so much! :D
Depending on how you expect your app to evolve there are several approaches you can take.
Option 1: Minimal scalability / low cost
All you really need is a single free EC2 micro instance. On the instance you can build a full LAMP stack in seconds. Once you have built it you can start writing an application to handle your app in your preferred language. Ruby is a la mode but any language will work. Your database will be stored on the actual instance. If you go with this route, one thing you should do is use an elastic IP address so that if your server ever goes down you can point the elastic IP to another instance. You should also periodically backup your server.
Option 2: Maximum scalability / variable cost
Use RDS to store your database. This will mean that any EC2 instance will be able to reach your data so you can have an unlimited number of servers. Then build an EC2 instance just like in option 1 but point your application to the RDS instance. Use a load balancer in front of your EC2 instance to scale up in response to changes in utilisation. And the elastic IP address should point to the load balancer.
Building a LAMP stack on EC2
Open the EC2 console
Select launch instance
Pick the Linux AMI offered by Amazon and a micro instance
Create a .pem key (keep is safe on your system or you will not be able to access your instance)
Select the default security group
Open your terminal window and type: ssh -i path_to_pem ec2-user#your_instance_public_address
In the EC2 instance type sudo yum update
Then type sudo yum install httpd24 php55 php55-mysqlnd mysql55
sudo apachectl start
You now can navigate to the public address of your instance in safari and assuming I did not forget any steps you should see the apache welcome page.

How to provide saas customer with server snapshot for business continuity concerns

I'm proposing a SaaS solution to a prospective client to avoid the need for local installation and upgrades. The client uploads their input data as needed and downloads the outputs, so data backup and maintenance is not an issue, but continuity of the online software service is a concern for them.
Code escrow would appear to be overkill here and probably of little value. I was wondering is there an option along the lines of providing a snapshot image of a cloud server that includes a working version of the app, and for that to be in the client's possession for use in an emergency where they can no longer access the software.
This would need to be as close to a point and click solution as possible - say a one page document with a few steps that a non web savvy IT person can follow - for starting up the backup server image and being able to use the app. If I were to create a private AWS EBS snapshot / AMI that includes a working version of the application, and they created an AWS account for themselves, might they be able to kick that off easily enough?
Update:the app is on heroku at the moment so hopefully it'd be pretty straightforward to get it running in amazon EC2.
Host their app at any major PAAS providers, such as EngineYard or Heroku. Check their code into a private Github repository that you can assign them as the owner. That way they have access to the source code and can create a new instance quickly using the repository as the source.
I don't see the need to create an entire service mirror for a Rails app, unless there are specific configuration needs that can't be contained in the project or handled through capistrano.

Resources