Category Archives: HOWTO’s

AWS: VPC Flow Logs – an overview and example with CloudWatch Logs Insights
0 (0)

19 July 2022

AWS VPC Flow Logs allow you to log traffic information between network interfaces in a VPC. Further, these logs can be stored in AWS S3 or sent to AWS CloudWatch Logs, while enabling traffic logging does not affect the performance of the network interface in any way. Let’s briefly review the basic concepts, and available… Read More: AWS: VPC Flow Logs – an overview and example with… »

Loading

NGINX: IP Geolocation by Cloudflare and “nested” if conditions
0 (0)

2 April 2022

Among other features provided by Cloudflare, it can add a special header with a country value, from where a visitor came. As a Ukrainian, I’d like to ban all visitors from russia, but: redirect all visitors from russian IPs to another web domain – russki-voenny-korabl-idi-nahuy.com during this, I’d like to filter requests and leave requests… Read More: NGINX: IP Geolocation by Cloudflare and “nested” if conditions0 (0) »

Loading

Cloudflare: speed up WordPress with Automatic Platform Optimization plugin
0 (0)

30 March 2022

The rtfm.co.ua blog is quite slow for users. For example, you can test your website using the https://gtmetrix.com: 4.3 seconds till full load! That’s awful. At the bottom of the results, you can check top of issues on a site: At first, the page size is 1.16 MB, which is big enough. The second thing… Read More: Cloudflare: speed up WordPress with Automatic Platform Optimization plugin0 (0) »

Loading

Elastic Stack: an overview and ELK installation on Ubuntu 20.04
0 (0)

22 February 2022

The last time I’ve worked with the ELK stack about 7 years ago, see the ELK: установка Elasticsearch+Logstash+Kibana на CentOS. Currently, we are using Logz.io, but its costs going higher and higher, so we started looking at the self-hosted ELK solution to be running on our AWS Elastic Kubernetes Service clusters. So, the task, for… Read More: Elastic Stack: an overview and ELK installation on Ubuntu 20.040… »

Loading

AWS: Trusted Advisor, part 2 – CloudWatch Alarms and Slack notifications
0 (0)

29 November 2021

Continuing with the theme of the AWS Trusted Advisor service, let’s see how can we configure notifications about new findings. The first part: AWS: Trusted Advisor, part 1 – its features overview. To have notifications, we can use Trusted Advisor metrics from the CloudWatch, see their list on the Trusted Advisor metrics and dimensions page.… Read More: AWS: Trusted Advisor, part 2 – CloudWatch Alarms and Slack… »

Loading

AWS: Trusted Advisor, part 1 – its features overview
0 (0)

29 November 2021

AWS Trusted Advisor is another service that allows monitoring your accountant its resources in use for their cost-effectiveness, performance, security, and more. Keep in mind, that Trusted Advisor’s checks that are available for you depend on the AWS Support Plan of your account. вашего аккаунта. Fortunately, we have Premium so I’m able to how all… Read More: AWS: Trusted Advisor, part 1 – its features overview0 (0) »

Loading

AWS: Lambda – copy EC2 tags to its EBS, part 2 – create a Lambda function
0 (0)

13 October 2021

let’s proceed in our journey of the AWS Lambda function, which will copy an EC2’s AWS Tags to all EBS volumes, attached to it. In the first part, AWS: Lambda — copy EC2 tags to its EBS, part 1 – Python and boto3, we wrote a Python script that can get all EC2 instances in… Read More: AWS: Lambda – copy EC2 tags to its EBS, part… »

Loading

AWS: Lambda – copy EC2 tags to its EBS, part 1 – Python and boto3
0 (0)

13 October 2021

We have an AWS Elastic Kubernetes Service cluster, which has a few WorkerNode Groups that were created as AWS AutoScaling Groups by using the eksctl, see the AWS Elastic Kubernetes Service: a cluster creation automation, part 2 – Ansible, eksctl for more details. The WorkerNode Group configuration for the eksctl keeps a set of Tags,… Read More: AWS: Lambda – copy EC2 tags to its EBS, part… »

Loading

Kubernetes: Helm – “x509: certificate signed by unknown authority”, and ServiceAccount for Pod
0 (0)

29 September 2021

We have Github runners in our AWS Elastic Kubernetes service cluster, that are used to build Docker images and deploy them with Helm or ArgoCD. On the first helm install run in a Github runner’s Pod, we are getting the “x509: certificate signed by unknown authority” error: [simterm] # helm –kube-apiserver=https://kubernetes.default.svc.cluster.local list Error: Kubernetes cluster unreachable:… Read More: Kubernetes: Helm – “x509: certificate signed by unknown authority”, and… »

Loading

AWS: disable TLS 1.0 and TLS 1.1 for Application LoadBalancer
0 (0)

27 September 2021

If check any of a freshly created AWS Application LoadBalancer with a certificate from the AWS Certificate Manager, and with an HTTPS Listener’s default settings you’ll see the B grade: The main point of the SSL Labs is the support of the deprecated encryption versions – TLS 1.0 and 1.1. AWS LoadBalancer SecurityPolicy and TLS… Read More: AWS: disable TLS 1.0 and TLS 1.1 for Application LoadBalancer0… »

Loading