Frequently Asked Questions
How to get client addresses
The client address for the HTTP request can be obtained from the X-Forwarded-For field of the HTTP request header.
Depending on the IP address of the client, the application can support certain special requirements, such as only allowing certain IPs to access services.
Address for applications when accessing to the extranet
Applications deployed in the AppEngine(K8s) use a fixed IP address when accessing the extranet; see the following table
| Region | Extranet IP |
|---|---|
| KSYun-Beijing6 | 120.92.12.22, 120.92.12.82, 120.92.12.188, 120.92.12.218, 120.92.12.207, 120.92.12.172, 120.92.12.212, 120.92.12.76, 120.92.12.132, 120.92.12.225 |
| AWS-Beijing | 54.223.28.4 |
| AWS-Singapore | 13.228.237.235 |
| AWS-Oregon | 52.24.237.134, 52.25.238.91 |
| AWS-Frankfurt | 18.194.22.96 |
Format of Certificate and Private Key
Certificate: Full certificate chain in PEM format
-----BEGIN CERTIFICATE-----
(your domain certificate)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(root certificate)
-----END CERTIFICATE-----
Private key: Private key in PEM format
-----BEGIN PRIVATE KEY-----
(your private key)
-----END PRIVATE KEY-----
Convert private key format
If the private key isBEGIN RSA PRIVATE KEYFirst, you can use the following command to convert the private keyBEGIN PRIVATE KEYFormat:
openssl pkey -in begin-rsa-private.key
Access to services such as Database and Redis/Memcached
Deployed in AppEngine(K8s) applications, including backend services and requirements such as access to own KSYun/aws account Database or Redis/Memcached
- Establishing VPC docking with Eco Cloud
- Modify security groups for cloud services to allow specific segments to access the Eco Cloud
- Modify the network policy for the application space to allow access to backend services
Establishing VPC docking with Eco Cloud
If you are using an older version of the AppEngine and have not yet established VPC docking with the Eco Cloud (Peering Connection), please initiate a docking request in the KSYun/aws console using the Eco Cloud VPC information in the following table, then contact the Eco Cloud administrator for approval.
After AWS completes docking, the two sides also need to add their own route. Please provide your VPC network section to the Eco Cloud administrator.
KSYun does not require its own routing operation.
| Region | Eco Cloud Account | VPC ID | Eco Cloud Routing Network segment |
|---|---|---|---|
| KSYun-Beijing6 | 73399430 | 76403753-3fa0-4978-9096-4f68e06ea2f0 | N/A |
| AWS-Beijing | 403169663644 | vpc-d2f921b6 | 10.7.0.0/16 |
| AWS-Oregon | 654082142051 | vpc-6c9d3d09 | 10.10.0.0/16 |
| AWS-Frankfurt | 654082142051 | vpc-7cf1d114 | 10.131.0.0/21 |
| AWS-Singapore | 654082142051 | vpc-47575023 | 10.141.0.0/21 |
Modify security groups for cloud services to allow specific segments to access the Eco Cloud
According to the application's region, add the security group to the backend service based on the network segment provided in the following table.
| Region | Eco Cloud Network Segment |
|---|---|
| KSYun-Beijing6 | 10.1.9.0/24, 10.1.10.0/24 |
| AWS-Beijing | 10.7.3.0/24, 10.7.4.0/24 |
| AWS-Oregon | 10.10.16.0/20, 10.10.80.0/20 |
| AWS-Frankfurt | 10.131.2.0/24, 10.131.3.0/24 |
| AWS-Singapore | 10.141.0.0/24, 10.141.2.0/24 |
Modify the network policy for the application space to allow access to backend services
In order to ensure isolation and security, by default applications on the AppEngine are not allowed to access private addresses. Please contact the Eco Cloud management cloud to provide backend network segments in order to configure network policies to allow access to these network services.
AWS backend services, users can ping the service domain name to get the network segment. Generally speaking, VPC network segments can be provided.
The network segments for the KSYun backend service are the network segments for the endpoint subnet, and can also provide all of the VPC network segments.