From 275a15e464e073d725d29f1ae09fa466caa25562 Mon Sep 17 00:00:00 2001 From: justngrok Date: Thu, 14 Nov 2024 18:04:50 -0700 Subject: [PATCH 1/9] Adding full forwardInternal example --- docs/http/traffic-policy/gallery.mdx | 16 ++++++++ traffic-policy/gallery.mdx | 61 ++++++++++++++++++++++++++++ 2 files changed, 77 insertions(+) diff --git a/docs/http/traffic-policy/gallery.mdx b/docs/http/traffic-policy/gallery.mdx index e2914db922..122f49a837 100644 --- a/docs/http/traffic-policy/gallery.mdx +++ b/docs/http/traffic-policy/gallery.mdx @@ -21,6 +21,7 @@ import { RateLimitAuthentication, RateLimitPricing, UserAgentFilter, + ForwardInternalFull, } from "/traffic-policy/gallery.mdx"; # Rule Gallery @@ -156,3 +157,18 @@ Prevent obsolete and potentially vulnerable browsers, SDKs, or CLI tools like `c Connect your API to ngrok's [event logging system](/docs/obs/index.mdx) for smarter troubleshooting of your API gateway and upstream services. + +### Using forwardInternal and URL Rewrite Actions to route requests to different ports based on the request path + +This example provides a full Agent [configuration file](/docs/agent/config/) that uses [Internal Endpoints](/docs/network-edge/internal-endpoints/) plus the [forwardInternal](/docs/http/traffic-policy/actions/forward-internal/) and +[URL Rewrite](/docs/http/traffic-policy/actions/url-rewrite/) Traffic Policy Actions to route requests to differnt upstream ports based on the URL path of the request. +This allows us to use one domain to route to multiple services (ports) based on the request path sent in each request. + +https://mypublic.ngrok.app/... --> http://localhost:80/... +https://mypublic.ngrok.app/service1/... --> http://localhost:81/... + +In this example, we are creating a "public" endpoint using an ngrok reserved domain "mypublic.ngrok.app", an "internal" endpoint (only accessible inside your acccount) "service1.internal", +then using the forwardInternal action to forward requests that have "/service1" in the path to a different port. +Finally, we remove the added path from the request before sending it to the upstream service using the URL Rewrite action. This path then does not have to exist on the upstream service, creating a "virtual" "service1" path on the public ngrok endpoint. + + diff --git a/traffic-policy/gallery.mdx b/traffic-policy/gallery.mdx index 11e5b7c1d7..45cd3f8bfb 100644 --- a/traffic-policy/gallery.mdx +++ b/traffic-policy/gallery.mdx @@ -513,4 +513,65 @@ export const LimitSize = () => ( /> ); +export const ForwardInternalFull = () => ( + , + }, + endpoints: [ + { + name: httpexample, + url: https://mypublic.ngrok.app, + upstream: { + url: localhost:80 + }, + traffic_policy: { + on_http_request: [ + { + expressions: [ + "req.url.path.startsWith('/service1')", + ], + actions: [ + { + type: forward-internal, + config: { + url: https://service1.internal:443, + }, + }, + ], + }, + ], + }, + { + name: example-internal-1, + url: service1.internal, + upstream: { + url: localhost:81, + } + traffic_policy: { + on_http_request: [ + { + expressions: [ + "req.url.path.startsWith('/service1')", + ], + actions: [ + { + type: "url-rewrite", + config: { + from: "/service1/?([.*]+)?", + to: "/$1", + }, + }, + ], + }, + ], + }, + }, + ], + }} + /> +); + ; From 8fc79d87a67b1656e06d389264203519a8860529 Mon Sep 17 00:00:00 2001 From: "autofix-ci[bot]" <114827586+autofix-ci[bot]@users.noreply.github.com> Date: Fri, 15 Nov 2024 01:08:13 +0000 Subject: [PATCH 2/9] ci: apply automated fixes --- docs/http/traffic-policy/gallery.mdx | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/http/traffic-policy/gallery.mdx b/docs/http/traffic-policy/gallery.mdx index 122f49a837..752d8c6ebf 100644 --- a/docs/http/traffic-policy/gallery.mdx +++ b/docs/http/traffic-policy/gallery.mdx @@ -13,6 +13,7 @@ import { Deny, DeprecateVersion, EnforceTLS, + ForwardInternalFull, JWTsRateLimiting, LimitSize, LogUnsuccessful, @@ -21,7 +22,6 @@ import { RateLimitAuthentication, RateLimitPricing, UserAgentFilter, - ForwardInternalFull, } from "/traffic-policy/gallery.mdx"; # Rule Gallery @@ -160,15 +160,15 @@ Connect your API to ngrok's [event logging system](/docs/obs/index.mdx) for smar ### Using forwardInternal and URL Rewrite Actions to route requests to different ports based on the request path -This example provides a full Agent [configuration file](/docs/agent/config/) that uses [Internal Endpoints](/docs/network-edge/internal-endpoints/) plus the [forwardInternal](/docs/http/traffic-policy/actions/forward-internal/) and +This example provides a full Agent [configuration file](/docs/agent/config/) that uses [Internal Endpoints](/docs/network-edge/internal-endpoints/) plus the [forwardInternal](/docs/http/traffic-policy/actions/forward-internal/) and [URL Rewrite](/docs/http/traffic-policy/actions/url-rewrite/) Traffic Policy Actions to route requests to differnt upstream ports based on the URL path of the request. This allows us to use one domain to route to multiple services (ports) based on the request path sent in each request. https://mypublic.ngrok.app/... --> http://localhost:80/... https://mypublic.ngrok.app/service1/... --> http://localhost:81/... -In this example, we are creating a "public" endpoint using an ngrok reserved domain "mypublic.ngrok.app", an "internal" endpoint (only accessible inside your acccount) "service1.internal", -then using the forwardInternal action to forward requests that have "/service1" in the path to a different port. +In this example, we are creating a "public" endpoint using an ngrok reserved domain "mypublic.ngrok.app", an "internal" endpoint (only accessible inside your acccount) "service1.internal", +then using the forwardInternal action to forward requests that have "/service1" in the path to a different port. Finally, we remove the added path from the request before sending it to the upstream service using the URL Rewrite action. This path then does not have to exist on the upstream service, creating a "virtual" "service1" path on the public ngrok endpoint. From 9ea266581a265d06ac286af0243022c4fa2287da Mon Sep 17 00:00:00 2001 From: justngrok Date: Wed, 20 Nov 2024 11:02:20 -0700 Subject: [PATCH 3/9] Fixing example with authtoken --- traffic-policy/gallery.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/traffic-policy/gallery.mdx b/traffic-policy/gallery.mdx index 45cd3f8bfb..2e3128684d 100644 --- a/traffic-policy/gallery.mdx +++ b/traffic-policy/gallery.mdx @@ -518,7 +518,7 @@ export const ForwardInternalFull = () => ( config={{ version: "3", agent: { - authtoken: , + authtoken: 4nq9771bPxe8ctg7LKr_2ClH7Y15Zqe4bWLWF9p, }, endpoints: [ { From 25a236337d24b78b42514b4808779ed9d973ece4 Mon Sep 17 00:00:00 2001 From: Shaquil Hansford Date: Mon, 13 Jan 2025 13:24:19 -0500 Subject: [PATCH 4/9] Update docs/http/traffic-policy/gallery.mdx --- docs/http/traffic-policy/gallery.mdx | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/docs/http/traffic-policy/gallery.mdx b/docs/http/traffic-policy/gallery.mdx index 752d8c6ebf..d91e737dec 100644 --- a/docs/http/traffic-policy/gallery.mdx +++ b/docs/http/traffic-policy/gallery.mdx @@ -158,17 +158,18 @@ Connect your API to ngrok's [event logging system](/docs/obs/index.mdx) for smar -### Using forwardInternal and URL Rewrite Actions to route requests to different ports based on the request path +### Routing requests based on request path -This example provides a full Agent [configuration file](/docs/agent/config/) that uses [Internal Endpoints](/docs/network-edge/internal-endpoints/) plus the [forwardInternal](/docs/http/traffic-policy/actions/forward-internal/) and -[URL Rewrite](/docs/http/traffic-policy/actions/url-rewrite/) Traffic Policy Actions to route requests to differnt upstream ports based on the URL path of the request. -This allows us to use one domain to route to multiple services (ports) based on the request path sent in each request. +You can route traffic from one domain to multiple services (ports) based on the path sent in each request. -https://mypublic.ngrok.app/... --> http://localhost:80/... -https://mypublic.ngrok.app/service1/... --> http://localhost:81/... +In your Agent [configuration file](/docs/agent/config/), you can modify both the [forwardInternal](/docs/http/traffic-policy/actions/forward-internal/) and +[URL Rewrite](/docs/http/traffic-policy/actions/url-rewrite/) Traffic Policy Actions to route requests to different upstream ports based on the URL path. For example you may want to route public traffic to a URL such as `https://mypublic.ngrok.app/...` to `http://localhost:80/...`. -In this example, we are creating a "public" endpoint using an ngrok reserved domain "mypublic.ngrok.app", an "internal" endpoint (only accessible inside your acccount) "service1.internal", -then using the forwardInternal action to forward requests that have "/service1" in the path to a different port. -Finally, we remove the added path from the request before sending it to the upstream service using the URL Rewrite action. This path then does not have to exist on the upstream service, creating a "virtual" "service1" path on the public ngrok endpoint. +The following example: +- Creates a public endpoint using an ngrok reserved domain – "mypublic.ngrok.app" +- Create an internal endpoint – "service1.internal" +- Uses the `forwardInternal` action to forward requests that have `/service1` in the path to a different port. +- Removes the added path from the request before sending it to the upstream service using the URL Rewrite action. + - This path does not have to exist on the upstream service, as a virtual `service1` path will exist on the public ngrok endpoint. From be1cf02af7fc6e7c2f47b1efaf6c7d76066de309 Mon Sep 17 00:00:00 2001 From: Shaquil Hansford Date: Mon, 13 Jan 2025 13:28:29 -0500 Subject: [PATCH 5/9] Fix merge conflict with traffic-policy/gallery --- traffic-policy/gallery.mdx | 90 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 90 insertions(+) diff --git a/traffic-policy/gallery.mdx b/traffic-policy/gallery.mdx index 2e3128684d..d9d5aa69c3 100644 --- a/traffic-policy/gallery.mdx +++ b/traffic-policy/gallery.mdx @@ -513,6 +513,96 @@ export const LimitSize = () => ( /> ); + + +export const OAuthConditionalAccess = () => ( + +); + +export const OIDCIdentityToken = () => ( + ", + client_secret: "", + scopes: ["openid", "profile", "email"], + }, + }, + ], + }, + { + name: "Headers", + actions: [ + { + type: "add-headers", + config: { + headers: { + "id-token": "${actions.ngrok.oidc.identity_token}", + }, + }, + }, + ], + }, + ], + }} + /> +); + export const ForwardInternalFull = () => ( Date: Mon, 13 Jan 2025 13:29:45 -0500 Subject: [PATCH 6/9] Add version from main --- traffic-policy/gallery.mdx | 63 -------------------------------------- 1 file changed, 63 deletions(-) diff --git a/traffic-policy/gallery.mdx b/traffic-policy/gallery.mdx index d9d5aa69c3..b38abe20cd 100644 --- a/traffic-policy/gallery.mdx +++ b/traffic-policy/gallery.mdx @@ -513,8 +513,6 @@ export const LimitSize = () => ( /> ); - - export const OAuthConditionalAccess = () => ( ( /> ); -export const ForwardInternalFull = () => ( - -); - ; From 5b7ea7c28f646123af21321fce7b75dc583b439a Mon Sep 17 00:00:00 2001 From: "autofix-ci[bot]" <114827586+autofix-ci[bot]@users.noreply.github.com> Date: Mon, 13 Jan 2025 18:30:57 +0000 Subject: [PATCH 7/9] ci: apply automated fixes --- docs/http/traffic-policy/gallery.mdx | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/http/traffic-policy/gallery.mdx b/docs/http/traffic-policy/gallery.mdx index d91e737dec..02054c32f0 100644 --- a/docs/http/traffic-policy/gallery.mdx +++ b/docs/http/traffic-policy/gallery.mdx @@ -166,10 +166,11 @@ In your Agent [configuration file](/docs/agent/config/), you can modify both the [URL Rewrite](/docs/http/traffic-policy/actions/url-rewrite/) Traffic Policy Actions to route requests to different upstream ports based on the URL path. For example you may want to route public traffic to a URL such as `https://mypublic.ngrok.app/...` to `http://localhost:80/...`. The following example: + - Creates a public endpoint using an ngrok reserved domain – "mypublic.ngrok.app" - Create an internal endpoint – "service1.internal" - Uses the `forwardInternal` action to forward requests that have `/service1` in the path to a different port. - Removes the added path from the request before sending it to the upstream service using the URL Rewrite action. - - This path does not have to exist on the upstream service, as a virtual `service1` path will exist on the public ngrok endpoint. + - This path does not have to exist on the upstream service, as a virtual `service1` path will exist on the public ngrok endpoint. From ff2fbe49cae967bdab2bca02a8ff920f8885e952 Mon Sep 17 00:00:00 2001 From: Shaquil Hansford Date: Mon, 13 Jan 2025 15:26:53 -0500 Subject: [PATCH 8/9] I think this fixes the broken example --- traffic-policy/gallery.mdx | 62 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 62 insertions(+) diff --git a/traffic-policy/gallery.mdx b/traffic-policy/gallery.mdx index b38abe20cd..5b12cda00b 100644 --- a/traffic-policy/gallery.mdx +++ b/traffic-policy/gallery.mdx @@ -601,4 +601,66 @@ export const OIDCIdentityToken = () => ( /> ); +export const ForwardInternalFull = () => ( + +); + ; From 06ead06c81cc467de21b7553242e3dd780c4e004 Mon Sep 17 00:00:00 2001 From: "autofix-ci[bot]" <114827586+autofix-ci[bot]@users.noreply.github.com> Date: Mon, 13 Jan 2025 20:30:17 +0000 Subject: [PATCH 9/9] ci: apply automated fixes --- traffic-policy/gallery.mdx | 68 ++++++++++++++++++-------------------- 1 file changed, 32 insertions(+), 36 deletions(-) diff --git a/traffic-policy/gallery.mdx b/traffic-policy/gallery.mdx index 5b12cda00b..6f9e7e4221 100644 --- a/traffic-policy/gallery.mdx +++ b/traffic-policy/gallery.mdx @@ -604,53 +604,49 @@ export const OIDCIdentityToken = () => ( export const ForwardInternalFull = () => ( ( ], }, }, - ], + ], }} /> );