I just went through a two day training course on Cisco UCS Director APIs that covers both the REST APIs and Open Automation SDK. For people who don’t know UCS Director yet, it’s the orchestration engine Cisco acquired from a start-up company Cloupia more than one year ago. If you know VMware vCenter Orchestrator, UCS Director is something very similar but with more features on various hardware components for converged infrastructure. To fit into its unified data center strategy, Cisco re-branded it as UCS Director.
In a recent project using Nginx as reversed proxy server, I got into an interesting problem: how can the server behind the Nginx tell whether a HTTP request comes from remote host or local host? If I just look at the IP header of the request, they are all local because the reversed-proxied packets from remote seems to be sent from local as well. So I cannot really tell the source of a HTTP request.
While debugging a vSphere Web Client plugin project, I found it’s not easy to refresh the services with the Virgo server which acts as the back end for the plugin GUI but as client for the vCenter server. Packaged as OSGi bundle, it’s supposed to be easy to reload the service. Mixed together with various components in the plugins, however, it’s sometimes not quite straight forward for the re-deployment for updated code. Here is a brute force approach I found while playing with it.
In some use cases, you want to protect different parts of a Web application with different approaches. For example, the admin related resources normally require stronger mechanism than the user related ones. The following I will show how to use Nginx with client side certificate for the resources under /admin namespace for admins, and user/name for normal users.
Generating Certificates and Keys
Base64 is a straight forward encoding for binary data into readable characters (RFC 4648 and RFC 2045). Although you can do it by yourself, more often than not you would like use an existing library, for example, Apache common. If you just need the Base64 encoding but have to import the whole library, it’s not a good idea. There is actually a better way without introducing extra dependency, which is to hack Java standard library 1.6.