Istio Ambient mode is a data plane model that eliminates the need for an envoy sidecar proxy on each of your workloads. This reduces resource overhead, timing issues between sidecar lifecycle and your containers, and the need to restart your workloads to upgrade proxy versions. In this article, I will show you how to install … Minikube: Istio Ambient mode on Minikube
Once you introduce an istio sidecar proxy into your deployment, it becomes another point at which you might need to troubleshoot network connectivity to the primary container. Assuming you have deployed a pod with an app label “helloworld” in the default namespace listening on port 5000, you can use a command like the following to … Kubernetes: testing pod communication directly from istio sidecar proxy
In a production environment where a proxy such as squid is necessary to reach the public internet, you may need use apt-add-repository to install a package from a ppa. Using the Ansible ppa as an example, the command from the documentation is: sudo apt-add-repository –yes –update ppa:ansible/ansible You might be tempted to believe that if … Ubuntu: Using add-apt-repository with a proxy
There are many Linux based ftp clients, but if you run into connectivity issues when using the HTTP CONNECT method through a proxy such as Squid, you may need to leverage more control by writing your interactions using a library such as ftp4j. In this article, I’ll provide a Java project with sample code that … Java: FTP with an HTTP proxy using the CONNECT method
In a production datacenter it would not be uncommon for internet access to be limited to domains whitelisted on a web proxy such as Squid. If this is the case, and you are using pip to install packages, then you will need to: Have your Squid administrators whitelist pypi.python.org Add the “–proxy” switch when invoking … Python: Using pip with a squid proxy
In previous articles I have described how to use a Squid proxy as a bridge to outside services such as http and ftp. Having hosts in your private networks use a single access point to services in the outside world institutes the type of control often required in production data centers. Having a single host … Ubuntu: Using iptables to forward tcp and udp requests
It is common in secure production datacenters for internal hosts to be forced to go through a reverse proxy for public internet access. The same concept can be applied to apt package management, where setting up a centralized package proxy enables caching as well as security controls. In a datacenter where you could have hundreds … Ubuntu: A centralized apt package cache using Apt-Cacher-NG
It is common in secure production datacenters for internal hosts to be forced to go through a reverse proxy (e.g. Squid) for public internet access. The same concept can be applied to apt package management, where setting up a centralized package proxy enables caching as well as security controls. In a datacenter where you could … Ubuntu: A centralized apt package cache using squid-deb-proxy
Having your production servers go through a proxy like Squid for internet access can be an architectural best practice that provides network security as well as caching efficiencies. In a previous article, I showed how you can enforce whitelists for specific domains when using HTTP/HTTPS. Now let’s do the same thing for FTP connections, proxying … Squid: Enabling whitelisted FTP proxying using Squid
The Tor project is free software that helps protect your privacy by making it difficult for a 3rd party to analyze your network requests or link your traffic back to your network access point. See the Tor overview page for reasons why this may be important to world citizens, corporations, or specific professions. Simplified, this … Ubuntu: Installing Tor on Ubuntu 14.04 and 16.04
Once you have a Squid proxy setup as described in my article here, the next challenge is configuring your Ubuntu servers so that they use this proxy by default instead of attempting direct internet connections. There are several entities we want using Squid by default: apt package manager, interactive consoles and wget/curl, and Java applications.
Having your production servers go through a proxy like Squid for internet access can be an architectural best practice that provides network security as well as caching efficiencies. For further security, denying access to all requests but an explicit whitelist of domains provides auditable control.
HAProxy is a high performance TCP/HTTP (Level 4 and Level 7) load balancer and reverse proxy. A common pattern is allowing HAProxy to be the fronting SSL-termination point, and then HAProxy determines which pooled backend server serves the request.
Nginx is a popular reverse proxy and load balancer that focuses on level 7 (application) traffic. A common pattern is allowing Nginx to be the fronting SSL-termination point, and then Nginx determines which pooled backend server is best available to serve the request.
Some web applications leave authentication as an orthogonal concern to the application – not including any kind of login functionality and instead leaving authentication as an operational concern. When this happens, a reverse proxy that has an LDAP integration can act as an architectural sentry in front of the web application and also fulfills the … Apache2: Enable LDAP authentication and SSL termination for Ubuntu