Resolved: Fix SSL renewal issue on Gitlab Server

on
PROBLEM : I had hosted a gitlab server on Azure and it was not getting autorenewed. SOLUTION :  1. Check the current SSL cert path: sudo grep -n "ssl_certificate" /var/opt/gitlab/nginx/conf/gitlab-http.conf OR sudo grep -n "ssl_certificate" /etc/gitlab/gitlab.rb  You are likely to see something like this: nginx['ssl_certificate'] = "/etc/gitlab/ssl/gitlab.example.com.crt" nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/gitlab.example.com.key"  2. In my case, I was using gitlab let'sencrypt. So, I installed certbot. sudo apt update && sudo apt install certbot -y  3. Obtain Fresh Certificate sudo gitlab-ctl stop nginx sudo certbot certonly --standalone -d gitlab.yourdomain.com sudo gitlab-ctl start nginx 4. Configure Gitlab to use new cert external_url "https://gitlab.yourdomain.com" letsencrypt['enable'] = false nginx['s...

Azure API Management - Using Client IP Address as the Counter Key for Rate Limiting Policies

on

Hey friends, How are you all?

Today, I am going to share how we can implement Rate Limit Policies and Counter by Client IP Address.

So, let's understand the problem first:

PROBLEM: 

  • We need to implement Rate Limit Policy by Client IP Address on Azure API Management. I followed this article first of all and found that I can use the following piece of code.


  • There was a second problem for me as the requests were coming through cloudflare and hence the client IP address was not available in context.Request.IpAddress

SOLUTION:
  • I was getting IPAddress as 0.0.0.0 in the app insights which is right as per GDPR, I used this link to confirm the client IP address in the pre-prod environments in App Insights.
  • I found that CloudFlare exposes the Client IP Address in the X-Forwarded-For or True-Client-IP Header to expose the client IP Address. Check out the details here.
  • I followed this link to strengethen my understanding on how to use Policy Expressions
  • The final piece: Ultimately, I used the following piece to counter by Client IP Address


Notice, the code in the counter-key, it is prettymuch C# in the razor block. For a single line statement, you can use @() and for multi-line statements, you can use Happy Coding!!!