Search code examples
javagoogle-app-enginenginxgoogle-cloud-endpointsapp-engine-flexible

How to run ESP (Extensible Service Proxy) on localhost to simulate authentication locally?

When I deploy Endpoints on the flexible environment, an nginx-based proxy (which is called Extensible Service Proxy) is deployed automatically as a container within the instance which is used for logging and authentication for the most part.

How to run ESP locally on local dev server?

Solution

  • STEPS:

    1. I used docker for Windows https://docs.docker.com/docker-for-windows/

    2. I created a folder at root path of drive C (C:/esp), then I copied serviceaccount.json to it. serviceaccount.json holds the private key of a service account with the following roles:

      • Project -> Viewer
      • Cloud Trace -> Cloud Trace Agent
      • Service Management -> Service Controller

    ps: you would need to scroll down the menu to find the second and third roles :)

    3. Closed Kaspersky, otherwise --volume C:/esp:/esp won't work.

    1. If you have Kaspersky 2017, go to Settings -> Protection -> Firewall -> Networks, then right-click on Docker NIC and select "Edit", and finally change from "public Network" to "Trusted Network".
    2. Enabled C Drive sharing via Docker settings GUI.

    3. Executed the command:

      docker run --detach --name="esp" --publish 8082:8082 --volume C:/esp:/esp b.gcr.io/endpoints/endpoints-runtime:1 --service ****-backend-api.****-test.appspot.com --version 2016-12-06r1 --backend 10.0.75.1:8080 --service_account_key /esp/serviceaccount.json --http_port 8082

    where 10.0.75.1 is IP of docker NIC, and 8080 is which backend local server is listening to.