This repository contains source code for AWS Inverting Proxy blog on using inverting proxy pattern for multi-point cloud connectivity.
The proxy is based on the original Inverting Proxy project by Omar Jarjur and others modified to run on AWS and integrate with AWS specific security and observability services.
Deploying and running the solution.
The solution includes a simple Node.js server application for demonstration purposes. The walkthrough below will use it as an example server-side application to simulate on-premises connectivity with inverting proxy. We will rely on a restrictive Security Group to simulate behind-the-firewall on-premises configuration.
Steps:
Create a “backend” Amazon EC2 server using Linux 2, free-tier AMI. Ensure that Port 443 (inbound port for sample server application) is blocked from external access via appropriate security group.
Clone the inverting proxy GitHub repository to the “backend” EC2 instance
From inverting-proxy folder, build the application by running:
mkdir home/ec2-user/inverting-proxy/bin
export GOPATH=/home/ec2-user/inverting-proxy/bin
make
From /simple-server folder, run the sample appTLS application in the background (see instructions below). Note: to enable SSL you will need to generate encryption key and certificate files (server.crt and server.key) and place them in simple-server folder.
npm install
node appTLS &
Confirm that the application is running:
ps -ef | grep node
For backend Amazon EC2 server, navigate to Amazon EC2 security settings and create an IAM role for the instance. Keep default permissions and add “AllowedBackends” tag with the backend ID as a tag value (the backend ID can be any string that matches the backend ID parameter in Step 13).
Create a proxy Amazon EC2 server using Linux AMI in a public subnet and connect by using SSH in an Amazon EC2 once online. Copy the contents of the bin folder from the agent EC2 or clone the repository and follow build instructions above (steps 2-8).
Note: the agent will be establishing outbound connectivity to the proxy; open the appropriate port (443) in the proxy Amazon EC2 security group. The proxy server needs to be accessible by the backend Amazon EC2 and your client workstation, as you will use your local browser to test the application.
To enable TLS encryption on incoming connections to proxy, you will need to generate and upload the certificate and private key (server.crt and server.key) to the bin folder of the proxy deployment.
Navigate to /bin folder of the inverting proxy and start the proxy by running:
sudo ./server –port 443 -tls &
Use the SSH to connect into the backend Amazon EC2 server and configure the inverting proxy agent. Navigate to /bin folder in the cloned repository and run the command below, replacing uppercase strings with the appropriate values. Note: the required trailing slash after the proxy DNS URL.
Use your local browser to navigate to proxy server public DNS name (https://YOUR_PROXYSERVER_PUBLIC_DNS). You should see the following response from your sample backend application: