使用Google Compute Engine作为Google App Engine网络应用的代理
[英]Using Google Compute Engine as a proxy for a Google App Engine web app
问题描述
I have a Java web app on Google App Engine which makes requests to an external API. 
我在Google App Engine上有一个Java Web应用程序,它向外部API发出请求。 The API recently requires the whitelisting of IP addresses in order to access its services. API最近要求将IP地址列入白名单以访问其服务。 Because GAE does not offer static IPs, I understand that one solution is to set up GCE instance (with a static IP) and use it as a proxy for external requests made by the GAE app. 由于GAE不提供静态IP,我理解一种解决方案是设置GCE实例(使用静态IP)并将其用作GAE应用程序发出的外部请求的代理。
I have set up a f1-micro instance with Debian GNU/Linux 9, and have created a static external IP address as per the documentation . 我已经使用Debian GNU / Linux 9设置了一个f1-micro实例,并根据文档创建了一个静态外部IP地址。
How do I install nginx and set up GAE to route requests to the GCE proxy? 如何安装nginx并设置GAE以将请求路由到GCE代理?
2 个解决方案
解决方案1
10 已采纳 2017-12-11 13:13:11
We faced a similar issue with a client who needed our IP address to be whitelisted. 我们遇到了类似的问题,客户需要将我们的IP地址列入白名单。 We solved the issue by: 我们解决了这个问题:
- Spinning up a Compute Engine with a static IP address. 使用静态IP地址启动计算引擎。 This is the IP address we gave to our client 这是我们给客户的IP地址
- Installed Squid on the compute engine ( https://help.ubuntu.com/lts/serverguide/squid.html ) 在计算引擎上安装Squid( https://help.ubuntu.com/lts/serverguide/squid.html )
We then redirected all calls from the App Engine through the proxy server.
然后,我们通过代理服务器重定向来自App Engine的所有呼叫。 You didn't list what language you are using but for PHP, that meant adding the following two lines to our CURL operations: 你没有列出你正在使用的语言,但对于PHP,这意味着在CURL操作中添加以下两行: curl_setopt($ch, CURLOPT_PROXY, "http://" . $_SERVER['SQUID_PROXY_HOST'] . ":" . $_SERVER['SQUID_PROXY_PORT'] );
curl_setopt($ ch,CURLOPT_PROXY,“http://”。$ _SERVER ['SQUID_PROXY_HOST']。“:”。$ _SERVER ['SQUID_PROXY_PORT']); curl_setopt($ch, CURLOPT_PROXYUSERPWD, $_SERVER['SQUID_PROXY_USER'] . ":" . $_SERVER['SQUID_PROXY_PWD']);
curl_setopt($ ch,CURLOPT_PROXYUSERPWD,$ _SERVER ['SQUID_PROXY_USER']。“:”。$ _SERVER ['SQUID_PROXY_PWD']);
One thing to note is that depending on the number of calls you are making, a micro instance might not work for you. 需要注意的一点是,根据您正在进行的呼叫次数,微型实例可能不适合您。 We initially setup our proxy server on a micro box but were having to restart it every few days. 我们最初在微型盒子上设置我们的代理服务器,但每隔几天就要重新启动它。 We ended up switching to a standard box and have not run into any problems since. 我们最终切换到一个标准盒子,从那时起就没有遇到任何问题。
解决方案2
1 2018-02-17 16:29:26
You can solve the issue by configuring your app engine instances and custom NAT instance in same VPC custom network with routing rules. 您可以通过使用路由规则在相同的VPC自定义网络中配置应用引擎实例和自定义NAT实例来解决此问题。
Related google documents are below; 相关的google文档如下;
Configure a Compute Engine VM instance as Nat Gateway ( https://cloud.google.com/vpc/docs/special-configurations#natgateway )
将计算引擎VM实例配置为Nat Gateway( https://cloud.google.com/vpc/docs/special-configurations#natgateway ) Create routing rule for this instance ( https://cloud.google.com/vpc/docs/using-routes#addingroute ) and ( https://cloud.google.com/vpc/docs/using-routes#canipforward )
为此实例创建路由规则( https://cloud.google.com/vpc/docs/using-routes#addingroute )和( https://cloud.google.com/vpc/docs/using-routes#canipforward ) Configure your app.yaml network properties ( https://cloud.google.com/appengine/docs/flexible/java/configuring-your-app-with-app-yaml#network_settings )
配置app.yaml网络属性( https://cloud.google.com/appengine/docs/flexible/java/configuring-your-app-with-app-yaml#network_settings )
If you have complex system, I highly recommend you to create subnetwork and a certain tag to flog which GAE instances to be forwarded to NAT gateway. 如果你有复杂的系统,我强烈建议你创建子网和某个标签来鞭打哪些GAE实例转发到NAT网关。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.