Closed yuanzhou closed 2 years ago
More resources:
After further review and discussion with Juan we've decided to not put this behind the AWS Gateway.
From Juan:
Domain split between HTTP/WS/“Passthrough” Passthrough here refers to the traffic that has to go through to JupyterLab (and any other interactive software) HTTP/WS would live under AWS API Gateway Passthrough traffic would have to be done outside of the context of the AWS API Gateway Traffic would have to be opened up to the public for that particular “passthrough” domain. Development effort would have to be spent on modifying the passthrough URLs. Regardless of the option that we choose here, we wouldn’t be able to leverage the AWS API Gateway Globus authentication for the “passthrough” functionality anyway, as I don’t have any control over the headers/cookies that JupyterLab sets.
we can proceed with setting up AWS API REST/Websockets for everything except the /passthrough routes. They can have different domain names.
We'll have the following domains:
ws-workspaces-api.dev.hubmapconsortium.org
and workspaces-api.dev.hubmapconsortium.org
on DEVws-workspaces.api.hubmapconsortium.org
and workspaces.api.hubmapconsortium.org
on PRODThis is complete for the RESTful endpoints, will track the work for web sockets here: https://github.com/hubmapconsortium/devops/issues/21
Update: AWS API Gateway doesn't support websocket proxy to another backend websocket. We'll be using nginx on-prem to handle the call on PSC. PSC will get new domain and ssl cert for this.
Working version on DEV: https://github.com/hubmapconsortium/devops/issues/21#issuecomment-1126189744
Endpoints from Juan:
Two items need further attention:
I'm not sure how AWS API Gateway would handle the endpoints with query string. Things like
will need to be defined as the same resource. Maybe I won't need to worry about
GET /jobs/?query_params
...And in terms of security/access control, I'm not sure how AWS API Gateway would integrate with the PSC.