Sunday, June 20, 2021

Record Set, Hosted Zone, DNS , Route 53, AWS

 DNS has Record Set Types:

A record   --> Domain URL points to IP address at TCP Level [ dummy.com   -> StaticIP_LoadBalancer]

CNAME record --> dummy.com   -> Alternate.com

NS record -> its not actually a website, but at Nameserver Level [Not very usual[

at No comments:
Labels: , , , ,

SSL can be embedded in DNS - DNS is Network level , Not Http Level

DNS is LEVEL4 - N/W Layer

HTTPS/SSL is Layer 7(6)  - Above 4


So, DNS is merely Server resolving , it does not know anything at SSL TLS HTTPS level

So, We direct DNS to Load Balancer 

Load Balancer has a listener which redirects traffic internally 

Load Balancer is at TCP Port 80

TCP Port 80 redirects to Port 443 at Load balancer Level

here at LB SSL offloading Happens


PFX File, CER File is issued to "DNS Name " and "Subject Alternative Names" to FQDN of Host Backends


DNS has Record Set Types:

A record

CNAME record

NS record



at No comments:
Labels: , , , , , , ,

Saturday, June 19, 2021

FQDN is not same as Domain Name : IP Address vs FQDN vs DNS Name

  •  FQDN is Hostname - It always stays Unique - It can part of Local Intranet Domain. eg corp, domain2
  • IP Address is 4 number set , it may be static or dynamic -MAY Change if we say restart or invoke another VM
  • DNS name is like Global  Name

at No comments:
Labels: , ,

How to Route AWS to AZURE :::: Route53 to HTTPS SSL Based Application Load Balancer Routing

https://stackoverflow.com/questions/12176969/how-to-forward-http-request-to-https-in-amazon-route53/57481397#57481397


Amazon S3 -> Http Listener on ALB(Level 7) Redirect to HTTPS

HTTPS Listener redirect to HTTP BackendNodes/Destination [SSL Offloading]


ALB(HTTPS Redirect)   -> Node

AWS Route 53 -> Hosted Zone -> Domain URL -> Azure  Application Gateway [Public IP]


Azure  Application Gateway [Public IP] -> FrontEnd  -> 2 Listener (HttpListener80, HttpsListener443)

 APB HttpListener(80) Redirects to HTTPSListener(443)

ALB HTTPSListener  does SSL Offloading and backend Rule then distributes load among the nodes at HTTP Level


SSL Offloading - eases load on Destination Nodes/Actual Server VMs so that they don't have to encrypt and decrypt

Another option is End to End SSL in which even Backend Nodes must have SSL Implanted in them at Server Level but tradeoff is that it introduces extra work at node level - encrypting/deciphering.

at No comments:
Labels: ,

Install Powershell for AZURE - Azure CLI

How to install Powershell for Azure

https://www.parallels.com/blogs/ras/azure-powershell/

Set-ExecutionPolicy RemoteSigned

Install-Module -Name Az -AllowClobber

Connect-AzAccount -DeviceCode                        [Enter Device Code on Browser after opening it]

at No comments:
Labels: , ,

Friday, June 18, 2021

Add Rules Iptables

https://www.e2enetworks.com/help/knowledge-base/how-to-open-ports-on-iptables-in-a-linux-server/#step-1-list-the-current-iptables-rules

https://kerneltalks.com/virtualization/how-to-reset-iptables-to-default-settings

https://upcloud.com/community/tutorials/configure-iptables-centos/

https://forums.centos.org/viewtopic.php?t=68917

 
 So, the structure is: 
 iptables -> Tables -> Chains -> Rules.

IPTABLES 

  • Tables
  • Chains
  • Rules




at No comments:
Labels: , ,

Refresh IPTables to factory Settings - Reset Iptables

https://kerneltalks.com/virtualization/how-to-reset-iptables-to-default-settings

https://upcloud.com/community/tutorials/configure-iptables-centos/

https://forums.centos.org/viewtopic.php?t=68917

 
 So, the structure is: 
 iptables -> Tables -> Chains -> Rules.

IPTABLES 

  • Tables
  • Chains
  • Rules


In our last post, we saw iptables basics, where we learned about how iptables works, what are the policies, and how to configure iptables policies.

While working on iptables, if you get confused about policies and you need to start afresh then you need to reset iptables to default settings. By default, I mean to set accept all policy and flush any existing configured rules from settings.

In this article, we will walk through a set of commands to reset iptables to default settings. This can also be treated as how to reset firewall in Linux like ubuntu, centos, Redhat, Debian, etc. It’s a pretty simple 2 steps process.

Step 1 : Set accept all policy to all connections

Using the below set of commands you will set accept rule for all types of connections.

root@kerneltalks # iptables -P INPUT ACCEPT
root@kerneltalks # iptables -P OUTPUT ACCEPT
root@kerneltalks # iptables -P FORWARD ACCEPT

This will confirm, iptables gonna accept all requests for all types of connections.

Step 2 : Delete all existing rules.

Using below set of commands, delete your currently configured rules from iptables.

root@kerneltalks # iptables -F INPUT
root@kerneltalks # iptables -F OUTPUT
root@kerneltalks # iptables -F FORWARD

Or you can do it in single command –

root@kerneltalks # iptables -F

That’s it! Your iptables are reset to default settings i.e. accept all! Now, neatly and carefully design your policies and configure them.

at No comments:
Labels: , , ,
Subscribe to: Posts (Atom)

Azure - Pipeline - Add Approver for Stage

https://learn.microsoft.com/en-us/azure/devops/pipelines/process/approvals?view=azure-devops&tabs=check-pass