reverse-proxy | developing high-performance HTTP reverse proxy applications | Proxy library

I'm new to AWS and I am trying to gauge what migrating our existing applications into AWS would look like. I'm trying to host multiple apps as Services under a single ECS cluster, and use one Application Load Balancer with hostname rules to route requests to the correct container.

I was originally thinking I could give each service its own Target Group, but I ran into the RESOURCE:ENI error, which from what I can tell means that I can't just attach as many Target Groups as I want to the same cluster.

I don't want to create a separate cluster for each app, or use separate load balancers for them because these apps are very small and receive little to no traffic so it just wouldn't make sense. Even the minimum of 0.25 vCPU/0.5 GB that Fargate has is overkill for these apps.

What's the best way to host many apps under one ECS cluster and one Load Balancer? Is it best to create my own reverse-proxy server to do the routing to different apps?

I am trying to run of containers on my UBUNTU server, these containers are:

1. DNS servers with bind9.
2. NTP server with cturra/ntp.
3. NGINX for reverse proxy => reverse proxy for DNS and NTP

I have these containers in the same yaml file:

I have a node application that is being served by IIS. I followed this guide and it its all working perfectly:

https://dev.to/petereysermans/hosting-a-node-js-application-on-windows-with-iis-as-reverse-proxy-397b

Im having an issue I understand why its happening with the IP address (because of reverse routing, NODE its tracking 127.0.0.1 instead of the client's IP).

At Node, Im getting the IP as follows:

I'm trying to create a reverse proxy to a CONNECT-based HTTP proxy. The user who wants to use the proxy just treats machine A as an HTTP proxy. It works the following way:

1. machine B opens a TCP socket to machine A.
2. On machine A, a TCP socket is exposed on a port and all the incoming data is tunneled to machine B (io.Copy).
3. On machine B, all the data is tunneled to the local HTTP server and the socket to machine A.

Essentially this is a reverse-proxy behind an HTTP proxy. The reason it's this complex is because the HTTP proxy is behind NAT (on machine B) and therefore not accessible directly. The use case is being able to host an HTTP proxy behind a NAT.

Machine A tunnel (Go):

So I have this NGINX config file:

I'm new to AWS and just exploring possible architectures using the tools like AWS cognito, AWS Cloudfront, and/or AWS API Gateway.

Currently, my app is deployed in an EC2 instance and here is the outline:

Frontend: React app running on port 80. When a user goes to https://myapp.com, the request is be directed to my-ec2-instance:80.

Backend: Nodejs + Express running on port 3000. After the user loads the frontend in the browser, when he interacts with the website, http requests are sent to https://myapp.com/api/*, which are routed to my-ec2-instance:3000;

I use nginx/openresty as a single entry point to my webapp, and it does authorization with AWS Cognito, and then reverse-proxy the requests based on path:

Now, instead of managing an EC2 instance with the nginx/openresty service in it, I want to go serverless.

I plan to point my domain myapp.com to AWS CloudFront, and then Cloudfront acts as the single entry point to replace the functionalities of Nginx/Openresty. It should do the following:

1. Authorization with AWS Cognito:
   When a user first visits myapp.com, he is directed to AWS Cognito from AWS Cloudfront to complete the sign-in step.

2. path-based reverse proxy: I know this can be done. I can configure this from the CloudFront configuration page.

But for 1, Can Cloudfront do authorization with AWS Cognito? Is this the right way of using AWS Cloudfront?

After reading the AWS doc and trying with Cloudfront configurations, I started to think that Cloudfront is not build for such a use case at all.

Any suggestions?

I am trying to automate deployment of our .NET 5 GenericHost services. As they have both a WebAPI and long-running processes, IMHO it makes sense to deploy them as Windows Services and then create a IIS site that acts as reverse proxy. In short:

I'm trying my best to get Traefik dashboard available through http://gateway.localhost/dashboard/, but I'm always getting a 404 response* from Traefik. Can s.o. please review my stack file and tell me, why it's not working?

I tried it on my server with a valid domain, but it's either working there or on localhost with Docker Desktop in Swarm mode. The WhoAmI service can be reached through http://localhost which is correct.

docker stack deploy -c traefik.yml traefik

*404 is returned for these routes too: http://gateway.localhost, http://gateway.localhost/dashboard

traefik.yml:

I'm following a tutorial to deploy Wordpress using Docker on a Ubuntu server. The tutorial is in this website.

It's important to mention that I already have two subdomains at this point, one for the Wordpress site and another for the phpMyAdmin site.

However the letsencrypt certificates seem to not be generated properly. I can access the website via http, but not https, and when I look at the certificate it doesn't look correct. In fact it doesn't seem to have one for my website.

To make everything easier I created a script to run all the steps fast: