[WLUG] Web wizardry....
Derek DeJonghe
mittendevelopment at gmail.com
Sun Jan 14 14:08:49 EST 2018
Hey there,
I can help with this. What you're looking for is a Reverse Proxy (NGINX).
However, before we dive into setting up a reverse proxy, it'd be wise to
ask what the security policy is. Setting up a reverse proxy like you're
asking is circumventing the internal only access you have set up with the
VPN / Private IP stuff.
Does the content need to be 100% protected? If so you should not provide
PDFCrowd access and rather just do the conversion yourself internally.
Here's a python library that does exactly what you're asking for:
https://pypi.python.org/pypi/pdfkit
If it's not sensitive data you could provide access / limited access
through a reverse proxy. With NGINX you can provide secured URL's that
allow access to data as long as they have a generated hash that you
provide. You then need to look into the VPC setup to ensure you have
"Public" subnets, subnets associated with a route table that has a default
route to an Internet Gateway. Set up a box in one of those subnets, install
something like NGINX (preferably NGINX) and configure.
Happy to help further, could use a distraction from trying to relearn
angularJS AWS Cognito stuff.
Derek DeJonghe
On Sun, Jan 14, 2018 at 1:44 PM, Mark J. Bobak <mark at bobak.net> wrote:
> Ok, probably not wizardry....but, as Arthur C. Clarke said, "Any
> sufficiently advanced technology is indistinguishable from magic." ;-)
>
> Seriously though, I'm *really* not a web guy...at all!
>
> Here's what's going on:
> We use an online service called PDFCrowd to convert HTML to PDF. We make
> a call to a webservice, pass a URL of the HTML to be converted, and it
> returns PDF.
>
> The problem is, some of the servers that hold the HTML to be converted,
> are now behind a firewall. So, this is broken.
>
> Our environment is on AWS, so, for those of you familiar, we have a VPC
> (Virtual Private Cloud), that has private and public subnets. The problem
> hosts are in private subnet, so, have only private IP. Access is achieved
> by being in the office, where we have an always-on VPN tunnel, or via
> SSLVPN client and two-factor authentication.
>
> So, I'm thinking I need some type of proxy (maybe the wrong term) running
> on host in public subnet, which can accept incoming connection from
> PDFCrowd, and connect back to private host on private subnet to retrieve
> the HTML and pass it back to PDFCrowd.
>
> So, I want host on public IP, call it pub, to act as intermediary, connect
> to host on private IP, call it priv, and pull the HTML and return it.
>
> Not sure where to begin.....is this a proxy? Squid? Something else?
> Server-side script on pub?
>
> Any thoughts or advice to point me in the right direction, would be
> appreciated.
>
> AdvThanksance.
>
> -Mark
>
> ______________________________________________________
> washlug mailing list washlug web site
> washlug at washlug.org www.washlug.org
> http://linux.marcdatabase.com/mailman/listinfo/washlug
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://linux.marcdatabase.com/pipermail/washlug/attachments/20180114/c73ceea2/attachment.html>
More information about the washlug
mailing list