只允许应用引擎发言或连接到计算引擎 [英] Only allow app engine to speak or connect to compute engine

问题描述

我的应用程序引擎像任何普通的POST调用一样调用一个php脚本。

我有一个带有静态IP的Compute Engine，它安装了apache / php。我收到随机请求指向我的计算引擎，我想限制我的计算引擎只接受来自我的应用引擎的请求。

它在PHP脚本或制定某种防火墙规则？

我能想到的唯一方法是限制它的IP，但App引擎有许多不同的IP 。

你们认为最好的行动方式是什么？ 解决方案

执行此操作的方式（我已经实施并且工作正常）是在您的GCE服务器上设置HTTP身份验证 - 并在请求中使用这些凭据。

我已经用nginx和apache完成了这一切 - 取决于你在GCE上运行的是什么。

如果你需要使用基本认证或摘要/ HTTPS 。

我实际上使用它来利用App Engine中的Elasticsearch。

I have a Compute Engine with a static IP that has apache/php installed.

My app engine makes calls to a php script like any normal POST call. I'm getting random requests pointed at my compute engine and I'd like to restrict my Compute Engine to only accept requests from my app engine.

Either checking it in the PHP Script or making some sort of firewall rule?

The only way I can think of is restricting it's IP but App Engines have many different IPs.

What do you guys think is the best course of action?

解决方案

The way to do this (that I have implemented and works fine) is to set up HTTP authentication on your GCE server - and use those credentials in your requests.

I've done this with both nginx and apache - depending on what you are running on GCE.

You can either use basic authentication or digest/HTTPS if you need to.

I actually use this to take advantage of Elasticsearch from App Engine.

这篇关于只允许应用引擎发言或连接到计算引擎的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！