<div dir="ltr">Hey there, <div><br></div><div>I can help with this. What you're looking for is a Reverse Proxy (NGINX). However, before we dive into setting up a reverse proxy, it'd be wise to ask what the security policy is. Setting up a reverse proxy like you're asking is circumventing the internal only access you have set up with the VPN / Private IP stuff. </div><div><br></div><div>Does the content need to be 100% protected? If so you should not provide PDFCrowd access and rather just do the conversion yourself internally. Here's a python library that does exactly what you're asking for: <a href="https://pypi.python.org/pypi/pdfkit">https://pypi.python.org/pypi/pdfkit</a> <br><br>If it's not sensitive data you could provide access / limited access through a reverse proxy. With NGINX you can provide secured URL's that allow access to data as long as they have a generated hash that you provide. You then need to look into the VPC setup to ensure you have "Public" subnets, subnets associated with a route table that has a default route to an Internet Gateway. Set up a box in one of those subnets, install something like NGINX (preferably NGINX) and configure. </div><div><br></div><div>Happy to help further, could use a distraction from trying to relearn angularJS AWS Cognito stuff. </div><div><br></div><div>Derek DeJonghe</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Sun, Jan 14, 2018 at 1:44 PM, Mark J. Bobak <span dir="ltr"><<a href="mailto:mark@bobak.net" target="_blank">mark@bobak.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="gmail_quote"><div dir="ltr">Ok, probably not wizardry....but, as Arthur C. Clarke said, "Any sufficiently advanced technology is indistinguishable from magic." ;-)</div><div class="m_3361507526870037241gmail_forwarded"><div class="gmail_quote"><div class="m_3361507526870037241m_3071016304575142405gmail_forwarded"><div dir="ltr"><div><br></div><div>Seriously though, I'm *really* not a web guy...at all!</div><div><br></div><div>Here's what's going on:</div><div>We use an online service called PDFCrowd to convert HTML to PDF. We make a call to a webservice, pass a URL of the HTML to be converted, and it returns PDF.</div><div><br></div><div>The problem is, some of the servers that hold the HTML to be converted, are now behind a firewall. So, this is broken.</div><div><br></div></div></div></div><div class="gmail_quote"><div class="m_3361507526870037241m_3071016304575142405gmail_forwarded"><div dir="ltr"><div>Our environment is on AWS, so, for those of you familiar, we have a VPC (Virtual Private Cloud), that has private and public subnets. The problem hosts are in private subnet, so, have only private IP. Access is achieved by being in the office, where we have an always-on VPN tunnel, or via SSLVPN client and two-factor authentication.</div><div><br></div><div>So, I'm thinking I need some type of proxy (maybe the wrong term) running on host in public subnet, which can accept incoming connection from PDFCrowd, and connect back to private host on private subnet to retrieve the HTML and pass it back to PDFCrowd.</div></div></div></div><div class="gmail_quote"><div class="m_3361507526870037241m_3071016304575142405gmail_forwarded"><div dir="ltr"><div><br></div><div>So, I want host on public IP, call it pub, to act as intermediary, connect to host on private IP, call it priv, and pull the HTML and return it.</div><div><br></div><div>Not sure where to begin.....is this a proxy? Squid? Something else? Server-side script on pub?</div><div><br></div><div>Any thoughts or advice to point me in the right direction, would be appreciated.</div><div><br></div><div>AdvThanksance.</div></div></div></div><span class="HOEnZb"><font color="#888888"><div class="gmail_quote"><div class="m_3361507526870037241m_3071016304575142405gmail_forwarded"><div dir="ltr"><div><br></div><div>-Mark</div></div></div></div></font></span></div></div>
<br>______________________________<wbr>________________________<br>
washlug mailing list washlug web site<br>
<a href="mailto:washlug@washlug.org">washlug@washlug.org</a> <a href="http://www.washlug.org" rel="noreferrer" target="_blank">www.washlug.org</a><br>
<a href="http://linux.marcdatabase.com/mailman/listinfo/washlug" rel="noreferrer" target="_blank">http://linux.marcdatabase.com/<wbr>mailman/listinfo/washlug</a><br>
<br></blockquote></div><br></div>