On its own, this service is an unintelligent proxy layer that forwards any request to the encoded request uri path.
This has utility in achieving container-specific resolution mainly for external integration environments, but should not be used in production runtimes without additional security considerations/restrictions.
The primary reason for this service within the application is to support external Unreal Engine control through the use of VaRest or similar plugins.
The following snippet illustrates the use case:
docker build -t proxy-service .
docker run -d --rm -p 8080:8080 --name proxy proxy-service
curl -X GET http://localhost:8080/<another-container-address>:<port>/<uri>
docker rm -f proxyIn the interest of securing this ingress proxy, a few considerations for
restricting this service are provided here, which depend on the traefik
router exposing this service and may be used in tandem:
- Specify IP Whitelist rules
- Create a Forward Auth service
- Define Basic Auth or Digest Auth credentials for integrated apps
Of the above options, the Basic Auth strategy is implemented in the associative traefik ../router layer, but others should be considered as needed.