Posts

Showing posts from March, 2018

Manage secrets with Hashicorp Vault

Manage secrets with Hashicorp Vault During development it is common to save local connection string in the code via setting files. But when it comes the time to deploy, hosted environments should not have their secrets persisted as plain text in the code. Since those can’t be saved in the git repository, they have to be stored in a secure place where they can be managed easily, a vault . Hashicorp Vault is one of this software which allows us to store and retrieve secrets while providing a granular level of control over the secret accesses. Today we will see the basic configuration of Hashicorp Vault to store and retrieve secrets using the Vault CLI. This post will be composed by four parts: Start Vault Save secrets Create a role with a policy Retrieve secrets 1. Start Vault 1.1 Configure Vault Head to https://www.vaultproject.io/downloads.html and download the latest binaries of Vault then place it in a folder and add the folder to PATH. Before starting Vault we need to

Let’s Encrypt for ASP.NET Core application on IIS

Image
Let’s Encrypt for ASP.NET Core application on IIS Few weeks ago we saw how we could generate a SSL cert for free using a browser based ACME implementation . While doing that, we had some manual process for the verification to happen, either by changing the DNS settings or making a key available on an endpoint and at the end we were handling the key to upload it to our server. Today we will see how we can achieve that with an automated verification process and without manual handling of the secrets using IIS and win-acme . Register application on IIS Setup SSL with win-acme 1. Register application on IIS ASP.NET Core runs on top of Kestrel. Kestrel was designed to be fast and lightweight therefore does not have all the functionalities that other application servers provide like IIS, Apache or nginx. Therefore for Windows Server, it is recommended to place Kestrel behind IIS. For example, one of the reason why is that only one application can listen to the HTTP port at a time on

Estimating cloud infrastructure cost

Estimating cloud infrastructure cost Few weeks ago I was tasked to estimate a cloud architecture with limited requirements. Today we will see the rules which can be followed in order to come up with a price tag. This post is composed by three parts: Defining the requirements Solution needs Price 1. Defining Requirements Before starting any estimation, it is important to get at least one requirement. In this example we will invent a scenario, really close to what I had irl, whereby we would be setting up a Christmas tree website with the following requirements. The trees are put to sale accross the whole year in advance We have about 50k purchases where 80% happens from November to December The most important aspect to remember is that estimates are estimates . It will never be exact, even if it happens to be exact, we probably got lucky. The goal of the estimates are to evaluate the magnitude of the price of an infrastructure whether the infrastructure would cost $100, $

Remote PowerShell to Windows VM with WinRM

Image
Remote PowerShell to Windows VM with WinRM The Remote Desktop Protocol is great to access remotely a Windows Server machine. It is great for actions requiring visual but for actions which can be taken from a PowerShell prompt within the server, it would be best to directly access to a remote PowerShell session from our local computer. Today we will see how we use the Windows Remote Management included in Windows Server to gain access to a remote PowerShell session and therefore manage our server from our local computer through PowerShell. This post is composed by four parts: Open ports on Network Security Group and open ports on VM firewall Setup the certificate for HTTPS communication with SSL Configure WinRM Connect on remote session 1. Open ports on Network Security Group and open ports on VM firewall For Azure or AWS, on the security group, the port 5986 needs to be open. It is the port used by WinRM for a PowerShell remote connection over HTTPS. Next RDP to your VM and

Install dotnet on Ubuntu with the Linux subsystem on Windows 10

Image
Install dotnet on Ubuntu with the Linux subsystem on Windows 10 Dotnet and ASP NET Core are rapidly moving toward cross platform development. As of today, we are already able to write dotnet application running on Windows, Linux or docker. But when our development environment differs from our production environment, for example using Windows for development while deploying on Ubuntu, it can be hard to catch problems early. What we can do is spin off a virtual machine which we can use to test our application for development pruposes. Recently a new approach came to life thanks to Windows subsystems which allows us to run a Linux binaries executables natively on Windows 10. Today we will explore how we can run a Hello World ASP NET Core application locally on Ubuntu on Windows 10. This post will be composed by three parts: Install Linux subsystem on Windows 10 Install dotnet on Ubuntu Run an ASP NET Core behind nginx 1. Install Linux subsystem on Windows 10 Start by enabling WSL