[WLUG] Web wizardry....

Derek DeJonghe mittendevelopment at gmail.com
Sun Jan 14 14:08:49 EST 2018 

Hey there,

I can help with this. What you're looking for is a Reverse Proxy (NGINX).
However, before we dive into setting up a reverse proxy, it'd be wise to
ask what the security policy is. Setting up a reverse proxy like you're
asking is circumventing the internal only access you have set up with the
VPN / Private IP stuff.

Does the content need to be 100% protected? If so you should not provide
PDFCrowd access and rather just do the conversion yourself internally.
Here's a python library that does exactly what you're asking for:
https://pypi.python.org/pypi/pdfkit

If it's not sensitive data you could provide access / limited access
through a reverse proxy. With NGINX you can provide secured URL's that
allow access to data as long as they have a generated hash that you
provide. You then need to look into the VPC setup to ensure you have
"Public" subnets, subnets associated with a route table that has a default
route to an Internet Gateway. Set up a box in one of those subnets, install
something like NGINX (preferably NGINX) and configure.

Happy to help further, could use a distraction from trying to relearn
angularJS AWS Cognito stuff.

Derek DeJonghe

On Sun, Jan 14, 2018 at 1:44 PM, Mark J. Bobak <mark at bobak.net> wrote:

> Ok, probably not wizardry....but, as Arthur C. Clarke said, "Any
> sufficiently advanced technology is indistinguishable from magic."  ;-)
>
> Seriously though, I'm *really* not a web guy...at all!
>
> Here's what's going on:
> We use an online service called PDFCrowd to convert HTML to PDF.  We make
> a call to a webservice, pass a URL of the HTML to be converted, and it
> returns PDF.
>
> The problem is, some of the servers that hold the HTML to be converted,
> are now behind a firewall.  So, this is broken.
>
> Our environment is on AWS, so, for those of you familiar, we have a VPC
> (Virtual Private Cloud), that has private and public subnets.  The problem
> hosts are in private subnet, so, have only private IP.  Access is achieved
> by being in the office, where we have an always-on VPN tunnel, or via
> SSLVPN client and two-factor authentication.
>
> So, I'm thinking I need some type of proxy (maybe the wrong term) running
> on host in public subnet, which can accept incoming connection from
> PDFCrowd, and connect back to private host on private subnet to retrieve
> the HTML and pass it back to PDFCrowd.
>
> So, I want host on public IP, call it pub, to act as intermediary, connect
> to host on private IP, call it priv, and pull the HTML and return it.
>
> Not sure where to begin.....is this a proxy?  Squid?  Something else?
> Server-side script on pub?
>
> Any thoughts or advice to point me in the right direction, would be
> appreciated.
>
> AdvThanksance.
>
> -Mark
>
> ______________________________________________________
> washlug mailing list    washlug web site
> washlug at washlug.org     www.washlug.org
> http://linux.marcdatabase.com/mailman/listinfo/washlug
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://linux.marcdatabase.com/pipermail/washlug/attachments/20180114/c73ceea2/attachment.html>

More information about the washlug mailing list