Tag: Azure

Categories
Software development

Architecture with Auth0, an Angular SPA, and OpenFaaS on Kubernetes

I’ve had spare time lately due to the pandemic and opted to learn how to build a cloud native system. It’s been a lot of fun and I thought I’d share the architecture. Hopefully it helps you – let me know what you think?

I’ll probably end up moving the Azure and Digital Ocean components to AWS. I don’t want to give Amazon my money…but my workplace uses AWS. In other words, if I use AWS for this personal project, then I can leverage that experience in the workplace.

Also, go give this guy a follow and check out his new ebook. His software and variety of content have helped me a ton!

Categories
Software development

Content (Delivery Network) is King

It’s all about the user experience. As a user, when I browse to either of the following domains, I should see the same content:

  1. www.mydomain.com (www, in this case, is a sub-domain)
  2. mydomain.com (when you refer to a domain w/o a sub-domain, it is generally called the apex or root)

For example, end-users may omit the “www”! Skipping characters saves precious characters and time…

In addition to expecting the same content, it (arguably must) be served using HTTPS. For example, if a request comes in using HTTP, transform it somehow to HTTPS.

This weekend I purchased a domain from GoDaddy for a side project. Initially I setup the domain using GoDaddy DNS to serve a SPA from a Standard Akamai CDN using Microsoft Azure. References:

  1. Setup a static website (front-end assets get pushed here)
  2. Link the site to a CDN (moving the assets closer to users)
  3. Use my custom domains for the CDN (including HTTPS)

Here is an example of the GoDaddy DNS configuration used to serve content from an Azure CDN:

TypeKeyValue
CNAMEwwwdomain.azureedge.net
CNAMEcdnverifycdnverify.domain.azuredge.net
GoDaddy doesn’t let you create a CNAME with a key of @…

But I ran into a couple problems!

  1. Azure CDN does not assign SSL certs to apex/root domains. I could have manually assigned a certificate, but I’m trying to avoid having to do manual things these days.
  2. Requests to http://mydomain.com would not serve content! The name would not resolve. GoDaddy (my DNS provider at the time), does not allow us to create a CNAME pointing at an apex/root domain.

I could have purchased a public static IPv4 address from Azure, linked it to my CDN, and setup an ANAME in GoDaddy to point at the public IP. But, considering both problems (above), I decided to take the following action:

  1. Delegate my domain’s DNS to point at an Azure DNS Zone
  2. Setup my local network (OpenWRT) to use Cloudflare for DNS resolution (my ISP was taking too long to resolve when testing these changes).
    1. This is a nice alternative to Google’s 8.8.8.8/8.8.4.4…why give one company all your data?!
  3. Delete the Standard Akamai CDN, and setup a Standard Microsoft CDN, which has a comprehensive rules engine, and other goodies.
  4. Use the Rules Engine to enforce a consistent experience…
    1. Redirect HTTP requests for my apex/root via a 301 response to https://www.mydomain.com
    2. Redirect HTTPS requests for my apex/root via a 301 response to https://www.mydomain.com
    3. Redirect all other HTTP requests via a 301 to HTTPS

Now…all your base are belong to us! I mean, requests for http://mydomain.com (insecure root), https://mydomain.com (secure root), and http://www.mydomain.com (insecure www sub-domain) will redirect to https://www.mydomain.com.

So, I’m using the cloud for DNS, everything has a cost.For example, two million queries with one zone will cost $1.30. Sounds like a good problem to have!