Showing posts from March, 2018

Manage secrets with Hashicorp Vault

Manage secrets with Hashicorp VaultDuring development it is common to save local connection string in the code via setting files. But when it comes the time to deploy, hosted environments should not have their secrets persisted as plain text in the code.
Since those can’t be saved in the git repository, they have to be stored in a secure place where they can be managed easily, a vault. Hashicorp Vault is one of this software which allows us to store and retrieve secrets while providing a granular level of control over the secret accesses.
Today we will see the basic configuration of Hashicorp Vault to store and retrieve secrets using the Vault CLI. This post will be composed by four parts:Start VaultSave secretsCreate a role with a policyRetrieve secrets1. Start Vault1.1 Configure VaultHead to and download the latest binaries of Vault then place it in a folder and add the folder to PATH.Before starting Vault we need to create a configuration,…

Let’s Encrypt for ASP.NET Core application on IIS

Let’s Encrypt for ASP.NET Core application on IISFew weeks ago we saw how we could generate a SSL cert for free using a browser based ACME implementation. While doing that, we had some manual process for the verification to happen, either by changing the DNS settings or making a key available on an endpoint and at the end we were handling the key to upload it to our server. Today we will see how we can achieve that with an automated verification process and without manual handling of the secrets using IIS and win-acme.Register application on IISSetup SSL with win-acme1. Register application on IISASP.NET Core runs on top of Kestrel. Kestrel was designed to be fast and lightweight therefore does not have all the functionalities that other application servers provide like IIS, Apache or nginx. Therefore for Windows Server, it is recommended to place Kestrel behind IIS.
For example, one of the reason why is that only one application can listen to the HTTP port at a time on a machine. IIS…

Estimating cloud infrastructure cost

Estimating cloud infrastructure costFew weeks ago I was tasked to estimate a cloud architecture with limited requirements.
Today we will see the rules which can be followed in order to come up with a price tag. This post is composed by three parts:Defining the requirementsSolution needsPrice1. Defining RequirementsBefore starting any estimation, it is important to get at least one requirement. In this example we will invent a scenario, really close to what I had irl, whereby we would be setting up a Christmas tree website with the following requirements.The trees are put to sale accross the whole year in advanceWe have about 50k purchases where 80% happens from November to DecemberThe most important aspect to remember is that estimates are estimates. It will never be exact, even if it happens to be exact, we probably got lucky. The goal of the estimates are to evaluate the magnitude of the price of an infrastructure whether the infrastructure would cost $100, $1000, $10K or $1M monthl…

Remote PowerShell to Windows VM with WinRM

Remote PowerShell to Windows VM with WinRMThe Remote Desktop Protocol is great to access remotely a Windows Server machine. It is great for actions requiring visual but for actions which can be taken from a PowerShell prompt within the server, it would be best to directly access to a remote PowerShell session from our local computer. Today we will see how we use the Windows Remote Management included in Windows Server to gain access to a remote PowerShell session and therefore manage our server from our local computer through PowerShell. This post is composed by four parts:Open ports on Network Security Group and open ports on VM firewallSetup the certificate for HTTPS communication with SSLConfigure WinRMConnect on remote session1. Open ports on Network Security Group and open ports on VM firewallFor Azure or AWS, on the security group, the port 5986 needs to be open. It is the port used by WinRM for a PowerShell remote connection over HTTPS.Next RDP to your VM and open the same port…

Install dotnet on Ubuntu with the Linux subsystem on Windows 10

Install dotnet on Ubuntu with the Linux subsystem on Windows 10Dotnet and ASP NET Core are rapidly moving toward cross platform development. As of today, we are already able to write dotnet application running on Windows, Linux or docker. But when our development environment differs from our production environment, for example using Windows for development while deploying on Ubuntu, it can be hard to catch problems early. What we can do is spin off a virtual machine which we can use to test our application for development pruposes. Recently a new approach came to life thanks to Windows subsystems which allows us to run a Linux binaries executables natively on Windows 10. Today we will explore how we can run a Hello World ASP NET Core application locally on Ubuntu on Windows 10. This post will be composed by three parts:Install Linux subsystem on Windows 10Install dotnet on UbuntuRun an ASP NET Core behind nginx1. Install Linux subsystem on Windows 10Start by enabling WSL via PowerShel…