Published December 30, 2017 by

Working with Elastic IP Address in AWS

What is Elastic IP:

When you launch an EC2 instance, you receive a Public IP address by which that instance is reachable. Once you stop that instance and restart you get a new Public IP for the same instances.

So, Public IP get's changed every time for an instance after stop/start.

To overcome this problem, we attach an Elastic IP to an Instance which doesn't change after you stop/start the instance as many times.

Give Elastic IP to Instance:

Login to AWS Account and go to EC2 Dashboard and click Elastic IPs



Click on Allocate new address



Click on Allocate



Click on Close


Now AWS provide you one Elastic IP, go to Elastic IP section in EC2. Here you shaw Elastic IP which AWS provide you.


Now I go for attached this Elastic IP to my instance.

Select Elastic IP and click on Actions button, and go to Associate address 


Here you choose which instances, you want to give this Elastic IP. and click Associate Button. and Close Button.



Please note If you associate an Elastic IP address with your instance, your current public IP address is released.

Now you can verify your server have Elastic IP.



Now in future, you stop/start your instance but your IP never changes.

Please note AWS never charge for Elastic IP on running instance but charged on $0.005 per Elastic IP address not attached to a running instance per hour.



Remove Elastic IP to Instance:

Go to Elastic IP and click on Actions button, and go to Diassociate address.





Go to Elastic IP and click on Actions button, and go to Release addresses, and click on Release Button.



Read More
Published December 29, 2017 by

Automatic take MySQL Database Backup Using CRONTAB

This article describes how to set up a cron job that automatically backs up a MySQL database to a file at specific time periods.

Suppose I want to take db backup every hours of everyday. So create a .sh file according to below script.


Step 1:


I created file in /root/backup.sh



#!/bin/bash
YEAR=`date +%Y`
MONTH=`date +%m`
DAY=`date +%d`
HOUR=`date +%H`
mkdir -p $YEAR/$MONTH/$DAY/$HOUR
mysqldump -u root -p12345 db_name > $YEAR/$MONTH/$DAY/$HOUR/backup_db.sql

Give execute permission to backup.sh 


# chmod +x /root/backup.sh

Step 2:

Create a cron job for executing this script to run every first minute of every hour.

# crontab -e

Type 


1 * * * * root /root/backup.sh

Save and Exit.

Now our system takes automatic take backup of database db_name and save to /root directory.
Read More
Published December 27, 2017 by

Configure SSL on Tomcat and Setup Auto Redirect from HTTP to HTTPS

SSL (Secure Sockets Layer) is a standard security protocol for establishing encrypted links between a web server and a browser in an online communication. The usage of SSL technology ensures that all data transmitted between the web server and browser remains encrypted.

Now I want to show how to configure SSL on tomcat.


Tomcat HTTPS


To enable SSL open directory /Tomcat/conf/server.xml file and uncomment following line:


<Connector port="443" maxThreads="150" scheme="https" secure="true" SSLEnabled="true" keystoreFile="/opt/tomcat/bin/serverkaka.jks" keystorePass="abcd" clientAuth="false" keyAlias="serverkaka" sslProtocol="TLS"/>

Now restart tomcat and try to access your web application with your domain https://www.xyz.com

Tomcat Redirect HTTP to HTTPS

Now we can access web application on both HTTP and HTTPS ports. We can set up tomcat to redirect all HTTP request to HTTPS port with some configurations.

Step 1:

In /Tomcat/conf/server.xml


For HTTP Connector, set the redirect port to the HTTPS connector port. It will look like following:


<!-- Define a non-SSL HTTP/1.1 Connector on port 8080 -->
    <Connector port="8080" maxHttpHeaderSize="8192"
               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
               enableLookups="false" redirectPort="443" acceptCount="100"
               connectionTimeout="20000" disableUploadTimeout="true" />


Step 2:
In /Tomcat/conf/web.xml

Add below configuration in <web-app> tag


<!-- added by Subhash for automatic redirect from HTTP to HTTPS -->
<security-constraint>
<web-resource-collection>
<web-resource-name>Entire Application</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>


Now restart tomcat and try to access your web application with your domain www.xyz.com. 
It will automatically redirect to https://www.xyz.com
Read More
Published December 26, 2017 by

Create a VM (instance) in AWS

Log in to your AWS account and select which region, where you want to create your instance.



Select EC2 service under Services menu.



Click Launch Instance.



Choose OS image, which you want to use. (I select Ubuntu)



Select Instance type according to your requirement.


Configure Instance details like a number of instances, subnet, etc...


Choose HDD size and Type


Add tag... example: machine name, owner...


Configure Security Group, Security group working like Firewall in your VM. You can enable or disable Port or IP here using create inbound and outbound rules.


Review instance and Launch...


Create key pair and Download Key Pair and Launch instance...
Please keep safe place your Key.


View status of VM launching.


View Your Instance in EC2


Read More
Published December 22, 2017 by

Default ssh Usernames For AWS EC2 Instances

Each AMI publisher on EC2 decides what user should have ssh access enabled by default and what ssh credentials should allow you to gain access as that user.

For the second part, most AMIs allow you to ssh in to the system with the ssh keypair you specified at launch time. This is so common, users often assume that it is built in to EC2 even though it must be enabled by each AMI provider.


Unfortunately, there is no standard ssh username that is used to access EC2 instances across operating systems, distros, and AMI providers.


Here are some of the ssh usernames that I am aware of at this time:



OS
Username
Amazon Linux
ec2-user
Ubuntu
ubuntu
Debian
admin
RHEL 6.4 and later
ec2-user
RHEL 6.3 and earlier
root
Fedora
fedora
Centos
centos
SUSE
root
Bitnami
bitnami
Turnkey
root
NanoStack
ubuntu
FreeBSD
ec2-user
OmniOS
root


Even though the above list will get you in to most official AMIs, there may still be situations where you aren’t quite sure how the AMI was built or what user should be used for ssh.
Read More
Published December 22, 2017 by

Reset MySQL root password

Step 1: Stop mysql service

# service mysqld stop                             (Centos or Fedora)

#service mysql stop                               (Ubuntu or Debian)

Step 2:


Restart the MySQL server with the —skip-grant-tables option. Using the following command:


# mysqld_safe --skip-grant-tables &

Step 3:

Log into MySQL using the following command:

mysql

Step 4:

At the mysql> prompt, reset the password. Using following command, replacing NEW-PASSWORD with the new root password:

UPDATE mysql.user SET Password=PASSWORD('NEW-PASSWORD') WHERE User='root';

Step 5:

Type following command:

FLUSH PRIVILEGES;

exit;

Step 6: Stop mysql server

# mysqladmin -u root -p shutdown

Step 7: Start mysql service


# service mysqld start                             (Centos or Fedora)

# service mysql start                               (Ubuntu or Debian)
Read More
Published December 22, 2017 by

Configure SSL in Apache Linux and Auto Redirect HTTP to HTTPS

Configure Apache

In order to configure SSL, you will need to ensure that the Apache mod_ssl module is installed on your system. You can do so by running the following command:

# yum install mod_ssl

Edit the virtual host entries in the /etc/httpd/conf.d/ssl.conf file to include the certificate files and virtual host information that should be used by each domain. For each virtual host, replicate the configuration shown below. Replace each mention of www.serverkaka.com with your own domain.
File excerpt: /etc/httpd/conf.d/ssl.conf

<VirtualHost *:443>
ServerName www.serverkaka.com
DocumentRoot /var/www/html/

ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn

SSLEngine On
SSLCertificateFile /etc/httpd/certs/serverkaka.com.crt
SSLCertificateKeyFile /etc/httpd/certs/serverkaka.com.key
SSLCACertificateFile /etc/httpd/certs/serverkaka.com-int.crt

SSLProtocol all -SSLv2
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA

<Files ~ "\.(cgi|shtml|phtml|php3?)$">
    SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
    SSLOptions +StdEnvVars
</Directory>

BrowserMatch "MSIE [2-5]" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

CustomLog logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</VirtualHost>

Restart Apache


# service httpd restart

Test Your Configuration

Test your SSL configuration chain using this link.


Auto Redirect HTTP to HTTPS

Edit the virtual host entries in the /etc/httpd/conf/httpd.conf. Replace each mention of www.serverkaka.com with your own domain.
File excerpt: /etc/httpd/conf/httpd.conf

<VirtualHost *:80>

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{SERVER_NAME}/$1 [R,L]

</VirtualHost>

OR

You can simply set Redirect Permanent Rule

<VirtualHost *:80>

<Location />
Redirect permanent / https://www.serverkaka.com/
</Location>

</VirtualHost>

Step 3: Restart Apache


# service httpd restart
Read More