0
votes

I have 2 cloud foundry applications using the nodejs_buildpack.

One is a webserver and one is an api.

I want to limit access to the api application to only the webserver.

Is this possible OOTB in cloudfoundry?

Can I bind the api to the webserver?

1

1 Answers

1
votes

There are a couple of ways to do this. You can't "bind" the API to the web server, but you can utilize Container to Container Networking to have the web server talk directly to it (assuming the API and web servers are deployed as separate apps). You could then push the API server with the --no-route flag to not expose it to the GoRouters.

Alternatively, if you're on a new enough version of CF, you could deploy both in the same package and use a Procfile to mark the API as a worker process (or however your NodeJS buildpack tags non-web processes. It could still listen on a port, as far as i know, but it wouldn't be bound to the $PORT environment variable which would expose it to the GoRouter.

In both cases, because your webserver would be talking to the API over private IPs, you'd need to fully proxy them so any calls to the API wouldn't happen browser-side, because they would fail.

EDIT:

Since comments won't seem to let me add multi-line code blocks, a sample Procfile would look something like this (NB: I am not a node expert and have no idea if that command would actually work):

web: npm start web-server
worker: npm start api-server

The long and short of it is for each line you'd give a process type (you must have one web process, and something equivalent to the -c flag you'd pass on cf push.