Blog

Setting up SSL on Amazon Linux Instance under EC2

Hopefully if you do it right, you too will see a positive Qualys report after you follow these steps.

Previously, the easiest way to add an SSL certificate to an EC2 instance (and still the Amazon recommended way it appears) has been to create a certificate (free) from Amazon through the certificate manager and then adding that cert to a CloudFront or ELB instance (both of which cost money).

I’ve been successful in using LetsEncrypt to provide SSL for websites running under Windows Server in EC2 using the fantastic Windows ACME Simple (WACS) (previously known as letsencrypt-win-simple (LEWS)). If this is your need, you can always grab the lastest instance on GitHub.

I never seemed to find the correct set of steps to do this on the Amazon Linux instances. However, due to the work of Lawrence McDaniel, I discovered this blog post. He walks you through step by step on how to install mod24_ssl, CertBot (from EFF) and then how to run CertBot to create and install a LetsEncrypt SSL cert on one or more sites on your Apache-served Amazon Linux instance. He also shows you how to use crontab to set up a recurring job to renew the certificates on a regular basis (a necessity since LetsEncrypt certificates expire after 90 days.

Well done Lawrence!

BTW – crontab defaults to vi as the editor. If you aren’t used to using this beast (I know, some people love it) what you really need to know is that you press the letter i on your keyboard to enter INSERT mode so you can edit the file, hit ESC to exit the INSERT mode and then enter “:wq” (without the quotes of course) to write and quite (save and exit) or just “:q” to quit without saving your changes.

Method Chaining of Objects in C#

I’m sure that many of you c# programmers know this already but I’m posting this here more as a way to reinforce this in my own brain as I seem to forget this…
When you have an object that you want to apply a number of methods to, the order of processing will always be from the inside out.
For example:
String.Format("[{0}]", name.Trim().Replace("\"", string.Empty)); will return [Deborah ] while
String.Format("[{0}]", name.Replace("\"", string.Empty).Trim()); will return is [Deborah].

So there you have it!

Native SQL Backup/Restore in AWS RDS

Native SQL Backup And Restores on AWS RDS

Amazon recently announced the availability of native backups to and from RDS for MS SQL. This is fantastic news for those of us used to working in the SQL world. More importantly, it provides a MUCH easier way to move your SQL data into and out of your RDS instance(s).

While getting things set up to do this may take a bit of time, once you do, I think you’ll find you’ll be much happier. You only need the following things:

  1. An RDS instance of MS Sql server to backup (skip if you are just importing a .bak file into an empty instance)
  2. An RDS instance of MS Sql server to restore to (skip if you are just taking a .bak you want to store off of AWS)
  3. An S3 storage bucket to contain your .bak files
  4. An option group defined (and applied to your RDS instances) that includes the SQLSERVER_BACKUP_RESTORE option added to it (which includes configuring it for a IAM role and the S3 storage bucket)

Please note, these instructions are for accomplishing these steps using the AWS Console web site rather than the CLI or APIs. Perhaps we’ll modify this for these in the future. We also won’t cover things like creating RDS instances as we assume that if you are interested in this, you’ll already know how to do it.

First thing we want to do is to create our Options group and apply it to the db(s) in question. The easiest way is to go into the RDS Dashboard and in the left pane, click on Option Groups. You will most likely have one (or more) called default:sqlserver-xxxxx-xx-xx and it will be described as “Default option group for sqlserver-type version“. Take note that the license type (like web in my case) and the version 12.00 match the  Engine listed on your RDS instance.

Click on Create button, give it a Name, Description, and select the appropriate Engine and Major Engine Version.  Once created, select your group and click Add Option. The only Option available to you should be SQLSERVER_BACKUP_RESTORE and it will ask you to select an IAM role (or create a new one). Select one you have or create a new one. Mark Apply Immediately and then hit Add Option button to add it.

Now go to your RDS instances, select the instance you want and under Instance Actions, select Modify. Note that many of the operations we are going to do cannot be accomplished while a db is being backed up just so you know.

After you’ve got everything in place, you can now jump into MS SQL Server Management Studio (or other Query tool) and do the following:

Backup Jobs:
Note that you must be logged into the db you wish to backup:

USE dbName;
exec msdb.dbo.rds_backup_database 
@source_db_name='dbName', 
@s3_arn_to_backup_to='arn:aws:s3:::bucketname/backupname.bak',
@overwrite_S3_backup_file=1

Restore Jobs:

EXEC msdb.dbo.rds_restore_database
	@restore_db_name='dbName',
	@s3_arn_to_restore_from='arn:aws:s3:::bucketname/backupname.bak';

 

View Your Jobs:
The following will show all the tasks run on the named db, most recent first.

exec msdb.dbo.rds_task_status
	@db_name = 'dbname'
exec msdb.dbo.rds_task_status
	@task_id = X

where X is the task ID given by SQL when you started the job

Cancel a Job:

exec msdb.dbo.rds_cancel_task @task_id=X;

where X is the task ID you want to cancel. Note that this can take upwards of 5 minutes or more to complete so use wisely.

General Notes:

  • You cannot restore a backup to an RDS instance that contains the db to be restored.
  • You can’t rename the db in the target that you want to restore to either.
  • You CAN, however, delete the db and then you can restore to the same instance.
  • These aren’t super fast (backup of a 100gb db took about an hour and 15 minutes and the restore took about 40 minutes. However in most instances, I’ve found it quicker than doing a snapshot and restoring the snapshot to a new instance.

Thoughts

This particular technique saved my bacon when an RDS instance was running out of space and I couldn’t shrink it enough to make a difference. Since you can’t change the storage allocation on a MS SQL instance in RDS, you need to create a whole new instance. I used this technique to copy the db over to the new instance with the larger storage allocation much quicker than I could have otherwise.

 

 

How to Get Your Business On Google

Your first step, before you spend any money on SEO or Local SEO should be to learn the basics of Google My Business and get your listing into Google’s index.

Next, once you are listed, you should ensure that your website is properly SEO’d for a local business (topic for a future post)

Lastly, you might want to consider signing up for Google Apps for Work to provide you will all the tools you need to properly represent your business online. If you think this is for you, let us know and not only can we get you coupons that can save you up to 20% during your first year, but we can also assist you in getting set up or designing your Google Apps for Work deployment for your small to medium business.

IIS, AWS ELB and SSL – Why can’t we all just get along?

Recently found myself in the position of having to set up an AWS Elastic Load Balancer (ELB) in front of our EC2 instance that is running Windows Server 2012R2. This means the server is running IIS v8.5. Normally this would not be a problem except that we wanted to run SSL on the load balanced site and continue to force non-SSL traffic to use the SSL version.

Normally this is a no-brainer and there are plenty of example URL Rewrites out there on the Interwebs that will handle this but the challenge is if you want Health Checks in ELB to work properly against a REAL LIVE web page. ELB will send a HTTP GET request to any page I wanted on the site. I found numerous example that purported to resolve the problem but none of them seemed to do the job, or they redirected the ELB health check or they just flat out 5xx errored out.

So, in order to resolve this problem I crafted the following workaround:

  1. Create a site in IIS that does nothing but redirect traffic (permanent or 301) around to the target url. The web.config (only file in the site) is as follows:<?xml version=”1.0″ encoding=”UTF-8″?>
    <configuration>
    <system.webServer>
    <httpRedirect enabled=”true” destination=”https://TARGETSITE.com” exactDestination=”false” />
    </system.webServer>
    <system.web>
    <customErrors mode=”RemoteOnly” redirectMode=”ResponseRewrite”> </customErrors>
    </system.web>
    </configuration>
  2. Set the bindings for this site to accept only traffic for the following:
    1. http traffic with a Host Name of www.TARGETSITE.com with a port of 80 and the IP address (the inside/private address) for this server
    2. http traffic with no Host Name and a port of 88 and the IP address of this server (the inside/private address)
  3. Ensure that Windows Firewall (if you are using it) will accept TCP traffic on port 88
  4. Add an exception for port 88 to your Security Group that this server uses, allowing traffic from anywhere
  5. Configure your ELB instance with the following listeners:
    1. HTTPS for LB protocol, 443 for LB port, HTTP for instance protocol, 80 for instance port and the SSL certificate for TARGETSITE.com
    2. HTTP for LB protocol, 80 for LB port, HTTP for instance protocol, 88 for instance port and N/A for Ciper and SSL
      elb-listeners
  6. Configure your ELB instance so that the Health Check uses an HTTP request to port 80 to the page ( /default.aspx ) of your choice.
  7. Configure bindings on your TARGETSITE.com site in IIS so that it accepts HTTP traffic on port 80.

That should about do it. I’ll assume that you’ve already gotten your SSL certificate installed on your ELB instance

Caveats – Test this out first on a non-live environment as your results may vary. Also, the redirect site is NOT being load balanced at this point so you won’t have any fail over capability unless you set up an ELB just for this purpose. Not a bad idea really…

First OS Contribution Goes Live

My first contribution to someone else’s open source project has been accepted and gone live! To be fair, it was my first attempt at contributing and I can assure you it won’t be my last.

The project is the WordPress plugin List Category Post. We found ourselves using this a lot on client sites but for a number of reasons, many of the articles we are generating for clients don’t use the Featured Image functionality (which is what drives the thumbnails in this tool). So, I submitted a pull request that modified the thumbnail so that if Featured Image is not found, the thumbnail would be generated from the first image found in the body of the post.

The project maintainer picandocodigo extended this even further by triggering the use of the found image only when a user adds parameter of force_thumbnail=true (or yes) is added to the shortcode or function call.

You can see the commit notes here: https://github.com/picandocodigo/List-Category-Posts/commit/464079ce456141e51a361c270f9063dcf6e498d0

lcp Commit Notes

Of course our open source project InfusionSoftDotNet is still alive…