[FOLIO-1849] Proxy Okapi through standard HTTP/HTTPS ports for hosted folio-snapshot and folio-testing Created: 06/Mar/19 Updated: 03/Jun/20 Resolved: 24/Apr/19 |
|
| Status: | Closed |
| Project: | FOLIO |
| Components: | None |
| Affects versions: | None |
| Fix versions: | None |
| Type: | Task | Priority: | P3 |
| Reporter: | John Malconian | Assignee: | John Malconian |
| Resolution: | Done | Votes: | 0 |
| Labels: | ci, platform-backlog | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original estimate: | Not Specified | ||
| Issue links: |
|
||||||||||||||||||||||||
| Sprint: | Core: Platform - Sprint 59, CP: sprint 62, Core: Platform - Sprint 61 | ||||||||||||||||||||||||
| Story Points: | 5 | ||||||||||||||||||||||||
| Development Team: | Core: Platform | ||||||||||||||||||||||||
| Description |
|
Accessing a hosted FOLIO instance is problematic for users on networks that block outbound connections to Okapi port 9130. The solution is to proxy Okapi through standard TCP ports like 80 and 443. All hosted folio-snapshot and folio-testing builds should be modified to include this change utilizing either an NGINX proxy or an AWS ELB. |
| Comments |
| Comment by Julian Ladisch [ 12/Mar/19 ] |
|
Recipe: https://github.com/folio-org/folio-ansible/blob/master/doc/index.md#replace-port-9130 |
| Comment by John Malconian [ 12/Mar/19 ] |
|
Thanks, Julian Ladisch |
| Comment by John Malconian [ 12/Mar/19 ] |
|
Limiting the scope of this to folio-snapshot* and folio-testing for now. |
| Comment by John Malconian [ 18/Apr/19 ] |
|
A new hosted ansible role has been created in folio-infrastructure to utilizes AWS ELB to proxy frontend and backend (okapi) requests via port 443 (HTTPS). It's called 'folio-elb'. It is actively utilized for Q1 2019 release builds, folio-release(-core) and folio-testing(-core) hosted builds. Examples to get to the UI. Examples to get to Okapi directly: The only outstanding items are folio-snapshot-latest and folio-snapshot-stable. These systems are a little more tricky based on the way they are created and tagged. Updating folio-snapshot-* to use HTTPS, therefore, may need to be carried over into the next sprint. |
| Comment by Ian Hardy [ 18/Apr/19 ] |
|
I think we'll also need rules on the ELB to direct traffic to port 8000 which is where nginx is proxying the edge modules. |
| Comment by John Malconian [ 18/Apr/19 ] |
|
oh heck, Ian Hardy totally forgot about that. Yes. |
| Comment by John Malconian [ 19/Apr/19 ] |
|
We'll need to carry this over into the next sprint. |
| Comment by John Malconian [ 22/Apr/19 ] |
|
I've modified the folio-elb role to include support for the edge modules on port 8000. |
| Comment by John Malconian [ 23/Apr/19 ] |
|
folio-snapshot-core-latest/stable has been converted to HTTPS. folio-snapshot-latest/stable is next. |