如何通过特定IP路由API请求? [英] How to route API Requests through a specific IP?
问题描述
我正在制作一个iOS和Android应用程序.我们要求应用程序具有充电功能.我们正计划使用公司提供的Recharge API.
I am making an iOS and Android App. We require Recharge Functionality in the app. We are planning on using a Recharge API provided by a company.
由于安全原因,API仅允许通过指定的IP白名单IP地址进行请求.
Due to security reasons the API allows request only through specific IP whitelisted IP addresses.
理想情况下,此IP地址应该是我们服务器的IP.
This IP address should ideally be the IP of our server.
但是我们将Firebase用作数据库以及应用程序中的存储和身份验证.
But we are using Firebase as the database and storage and authentication in our app.
那么我们如何使用户通过应用程序发出的API请求能够通过而不会导致错误,因为不会将用户的IP地址列入白名单?
So how can we make such that the API requests made through the App by our users will go through and not cause an error as the user's IP address won't be whitelisted ?
推荐答案
您将需要代理来自用户的API请求,这样,对于您的API提供者,所有请求似乎都来自将被列入白名单的同一静态IP地址
You will need to proxy API requests from your users, such that, to your API provider all requests appear to originate from the same static IP address which will be whitelisted.
代理是一种被动软件组件,实际上从一端接收请求,然后将请求转发到另一端的API服务器.换句话说,它代表您的用户进行API调用.
A proxy is a passive software component that essentially receives requests on one end, and forwards them to the API server on the other end. In other words, it makes API calls on behalf of your users.
您可以使用NGINX,HAProxy或仅使用任何可用的反向代理,也可以使用您选择的语言编写自定义代理-因为这并非难事.
You can use NGINX, HAProxy or just any available reverse proxy, or write a custom one using a language of your choice - since it is not a difficult assignment.
这是在Linux机器上使用HAProxy设置反向代理的方法.
Here, is how to set up a reverse proxy using HAProxy on a linux box.
首先,从linux终端安装haproxy
First, install haproxy
from a linux terminal
apt update && apt install haproxy
然后导航到文件夹/etc/haproxy
cd /etc/haproxy
将默认配置文件重命名为haproxy.cfg.backup
Rename the default configuration file to haproxy.cfg.backup
mv haproxy.cfg{,.backup}
现在,创建一个新的配置文件,haproxy.cfg
Now, create a new configuration file, haproxy.cfg
nano haproxy.cfg
使用以下内容,然后保存更改.
With the following content, and then save changes.
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
stats timeout 30s
user haproxy
group haproxy
daemon
defaults
log global
mode http
timeout connect 5000
timeout client 50000
timeout server 50000
frontend api_proxy
bind *:8080
mode http
default_backend remote_api_server
backend remote_api_server
#replace 10.10.10.10 with the actual Ip address
server server1 10.10.10.10:443 ssl
用API提供程序IP地址替换10.10.10.10
,并用实际端口替换443.
Replace 10.10.10.10
with API provider IP address and 443 with the actual port.
如果API未使用HTTPS,请删除ssl
选项
If the API is not using HTTPS, remove the ssl
option
8080
是您的用户将连接到的端口.更改为您想要的任何内容.
8080
is the port your users will be connecting to. Change to whatever you want.
现在,使用以下命令启动haproxy:
Now, start haproxy using the command below:
haproxy -D -f haproxy.cfg
您可以验证haproxy是否正在监听端口8080
You can verify that haproxy is listening on port 8080
telnet localhost 8080
配置您的应用以通过代理URL调用充值API,该代理URL将为:
Configure your app to call the recharge API through the proxy URL, which will be:
尽管如此,您仍需要在生产环境中配置HTTPS.
Your will need to configure HTTPS in production environment though.
查看下面的链接,了解如何使用haproxy配置SSL
Check the link below on how to config SSL with haproxy
Let me know if this helps.
这篇关于如何通过特定IP路由API请求?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!