We need a service behind a static public IP to communicate telemetry events to Application Insights
Telemetry collection endpoint: https://github.com/microsoft/ApplicationInsights-Home/blob/master/EndpointSpecs/ENDPOINT-PROTOCOL.md
https://dc.services.visualstudio.com/v2/track
https://phoenixnap.com/kb/setup-install-squid-proxy-server-ubuntu
https://cloudinfrastructureservices.co.uk/how-to-setup-squid-proxy-cache-in-azure/
- Using a proxy changes client SDK implementation
- To open a tunnel, a proxy expects a HTTP CONNECT request:
CONNECT dc.services.visualstudio.com:443 HTTP/1.1 Host: dc.services.visualstudio.com:443 User-Agent: curl/7.64.0 Proxy-Connection: Keep-Alive
- To open a tunnel, a proxy expects a HTTP CONNECT request:
- IP whitelisting is a policy constraint. Should we engineer around a policy constraint?
- Easy to set up
- Minimal maintenance overhead
- Client SDK must support proxy (HTTP CONNECT)
- Security policy concern
- Requires whitelisting an additional IP
- Pay for VM
Forward requests using a minimal express server
- Can run on the same machine as signalling
- Allowed under existing security policy
- No need to whitelist another IP
- Development & maintenance overhead
- Sharing a machine with signalling doesn't scale
- Running on its own machine requires whitelisting an additional IP
- Pay to run on its own machine