如何安全地配置带有Google Compute Engine的AppEngine套接字 [英] How can I safely configure AppEngine sockets w/ Google Compute Engine

问题描述

我想在Google Compute Engine上放置Redis服务器，并通过AppEngine的套接字支持与之对话。唯一的问题是，似乎没有一个特定的防火墙规则，指出此AppEngine应用程序可以访问此主机/端口，而不是其他人。

I'd like to put a Redis server on Google Compute Engine and speak to it via AppEngine's socket support. The only problem is that there doesn't seem to be a specific firewall rule that says "this AppEngine application can access this host/port and no other".

在实例设置时有一些规则描述实例是否可以访问任务队列等，但不是相反的。

There are some rules at instance setup time that describe whether the instance has access to task queues, etc, but not the inverse.

所以我的问题是：如何限制对Redis服务的端口访问仅限于一个AppEngine应用程序？

So my question is: how can I restrict port access to a Redis service only to a single AppEngine application?

推荐答案

总之你不能。 AppEngine是与所有其他应用程序共享的IP空间，就像共享主机一样。您需要使用应用程序级别身份验证（如OAuth）来获取适当的限制。

In short you can not. AppEngine is a shared IP space with all the other apps, just like shared hosting. You need to use application level authentication such as OAuth to get the proper restrictions in place.

这篇关于如何安全地配置带有Google Compute Engine的AppEngine套接字的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！