This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

APIGEE Proxy for a Webapp/UI/GUI - Is it a really bad idea?

Posted a month ago
mlan02
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hello,

One of my partner teams have a web application being served trough another API GW (Not APIGEE) today and are looking to migrate to APIGEE. On their current API GW (one of the big vendors in the Gartner Quadrant) the reverse proxy behaves like a general proxy (NGINX, APACHE etc..). It can handle redirects and cookies.

My research so far indicates that APIGEE is not capable of matching this functionality. Here is one such post from @dchiesa1  and @chrismca73  (https://www.googlecloudcommunity.com/gc/Apigee/Can-Apigee-act-as-a-reverse-proxy-for-a-web-app/m-p/7...).

I am trying to truly understand if this is NOT possible or just a bad idea. Here are some reasons why it might be a good idea to contrast the other post.

  • No need to manage a fleet of NGINX etc for to serve their WEB APP (their back-end is not on a K8S cluster at this time)
  • Firewall and routing rules for their clients point towards the API GW simplifying network management/security
  • They need someone else to handle the signed TLS termination
  • They have different paths to leverage on these applications ex: /app and /api

I am trying to size the effort and cost to build accommodating functionality in APIGEE VS saying this is not possible and the team need to find another solution. This of course makes APIGEE look bad given they will undoubtedly say the old API GW use to it.

How would I write a ProxyPassReverse directive in APIGEE to accomplish this?

I appreciate any opinions on the matter. (I am using APIGEE-X)

Thank you

 

 

0 1 134
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

If you are using Apigee X, you already have access to a frontend that can act like a general proxy.

  • For webapps that should be accessible externally, you have  the Google External Application Load Balancer, and Cloud Armor. This can do URL mapping and routing, cert management, just like a farm of nginx, but ... with global presence and reliability and DDos protection built in. 
  • For WebApps that should be accessible only internally, you can use the Internal Load Balancer.

Your webapp should run in a logic serving platform. For this kind of case I love to recommend Cloud Run - it runs in the region you need, it can support IAP for internal auth, it supports other auth (like Firebase auth) for Signin.

Running everything through Apigee X... is still probably  a bad idea, for the reasons I mentioned in the post you cited. But the good news is, you don't need to use your API Gateway as a web front end!  You have much better options in Google Cloud! 

0 Likes