APIs in Cloud Run and Nginx reverse proxy in VM

Question

I have deployed 6 different Flask based applications to Google Cloud Run. They work perfectly fine when I access them through the autogenerated URL. Now, I want to unify all 6 services under one domain name with different routes.

For example,
mydomain.com/user -> https://custom-user-asdtgthyju-de.a.run.app
mydomain.com/product -> https://custom-product-asdtgthyju-de.a.run.app

Things I have tried
1. Nginx deployed in a separate VM with reverse proxy to the cloud run URLs
Not working, same configuration-same code deployed in regular VMs work but for cloud run deployments shows route "/user" not found

2. Cloud Endpoints using ESPv2
https://cloud.google.com/endpoints/docs/openapi/get-started-cloud-run
Got this working as per my requirement, but not able to pass the custom headers, like I use X-API-KEY for authentication, it doesn't even get to the Cloud Run. It is being stripped off by ESPv2 itself.

Please help, how I can configure a reverse proxy/ API gateway in front of cloud run services. Has anyone tried External Nginx to Cloud Run mapping?

Thanks

Can you include your Cloud Endpoints configuration file to see how we can help to get it working? — Juancki, Jun 16 '20 at 08:37
@lewislbr I followed petomalina's answer and I guess that is the only way to do it — vman, Dec 23 '20 at 16:39

score 3 · Answer 1 · edited Jun 15 '20 at 17:17

3

The easiest way to get a single domain with URL routing would be to use Firebase Hosting and its's redirection to Cloud Run. You can add your domain to the Firebase hosting and redirect to a particular Cloud Run services based on their source (URL).

edited Jun 15 '20 at 17:17

ahmet alp balkan

42,679
38
138
214

answered Jun 15 '20 at 11:56

petomalina

2,020
2
19
25

1

Does this actually do anything beyond what standard Cloud Run already does? You can use custom domains directly on Cloud Run, but the current version does not support path mapping, so you need a subdomain per service. – Ville Rinne Jun 16 '20 at 08:14
1

NVM, I found it: https://firebase.google.com/docs/hosting/full-config#direct_requests_to_a_cloud_run_container This probably does do what you are looking for. – Ville Rinne Jun 16 '20 at 08:15

score 1 · Accepted Answer · answered Dec 29 '21 at 05:16

@petomalina's answer is the easiest if your Cloud Run service is public. If it's not, it won't work as per this answer

If your service is internal, I tried OP's #1 option of putting an nginx reverse proxy in front and was getting the same error: 404.

The issue is caused by the Host header having the host of the proxy, not of the Cloud Run service. The fix is to configure nginx to override the Host header:

upstream my-foo {
    server  foo.run.app:443;
}
location /foo/ {
    proxy_pass  https://my-foo;
    proxy_set_header Host foo.run.app;
    include /etc/nginx/proxy_params;
    proxy_ssl_session_reuse on;
}

APIs in Cloud Run and Nginx reverse proxy in VM

2 Answers2