Adding HTTPS listener to an AWS ELB after creation
Posted by Benny Chew in Coding/Development, Tips & Tweaks on March 20th, 2012
Was searching for a way to get it done via the AWS web console, but that didn’t end up fruitful so had to resort to their CLI tools. In addition the ELB was already in production use which meant discarding and recreating it wasn’t really an option..
Prerequisites for the subsequent steps are the ELB API Tools and IAM Command Line Toolkit (which has to be configured with your AWS keys).
- Run ‘iam-servercertlistbypath’ in the bin dir for IAMCLI (e.g. IAMCli-1.2.0\bin). This should give you a list of your SSL certs which are already in your AWS account.
- Run ‘elb-create-lb-listeners <lb-name> –headers –listener “lb-port=443,instance-port=<port>,protocol=https,cert-id=<cert-name>” –region=<aws-region>’. in the bin dir for ELB API Tools (e.g. ElasticLoadBalancing-1.0.15.1\bin). Replace:
- <lb-name> – your ELB name
- <port> – your EC2 instance port
- <cert-name> – your SSL cert in your AWS account
- <aws-region> – the region your ELB resides in (this seems to be missing from a lot of docs and was a major pain – I was retrieving empty result lists without this specified)
Something related to ELB which I had to look at sometime back which used these CLI tools was updating of expiring SSL certs. It’s been documented here now so I won’t be repeating it again! :)
Ubuntu fsck/MOTD bug/issue
Posted by Benny Chew in Coding/Development, Linux, Open Source, Tips & Tweaks on October 7th, 2011
Recently this message popped up on the MOTD of the Ubuntu servers on EC2:
*** /dev/xvda1 will be checked for errors at next reboot ***
After proceeding to do a fsck and restarting, the message still kept appearing. After some debugging with wk, it apparently was due to a stale fsck-at-reboot file left around causing the message to keep popping up.
Here are the steps I used to make sure they stopped popping up again:
sudo touch /forcefsck
sudo shutdown -r now
sudo rm /var/lib/update-notifier/fsck-at-reboot
cd /usr/lib/update-notifier/
sudo ./update-motd-fsck-at-reboot
sudo rm /forcefsck
Thanks wk!
Installing MySQL 5.5 on Ubuntu 11.04 (Natty)
Posted by Benny Chew in Coding/Development, Linux, Open Source on August 30th, 2011
Steps I used to get MySQL 5.5 working on Ubuntu 11.04 AMD64 (behind Aptitude’s back sadly since it’s still not packaged up due to copyright statuses..):
- Download the following from here.
mysql-common_5.5.13-2_all.deb
libmysqlclient18_5.5.13-2_amd64.deb
libmysqlclient-dev_5.5.13-2_amd64.deb
mysql-client-5.5_5.5.13-2_amd64.deb
libmysqld-dev_5.5.13-2_amd64.deb
libmysqld-pic_5.5.13-2_amd64.deb
mysql-server-core-5.5_5.5.13-2_amd64.deb
mysql-server-5.5_5.5.13-2_amd64.deb
- Run the following to remove older versions of MySQL client/server:
sudo aptitude remove mysql-client mysql-client-5.1 mysql-client-core-5.1 mysql-common mysql-server mysql-server-5.1 mysql-server-core-5.1
- From the directory you downloaded the files above to:
sudo aptitude install libmysqld-dev sudo dpkg -i mysql-common_5.5.13-2_all.deb sudo dpkg -i libmysqlclient18_5.5.13-2_amd64.deb sudo aptitude install zlib1g-dev sudo dpkg -i libmysqlclient-dev_5.5.13-2_amd64.deb sudo aptitude install libdbi-perl libdbd-mysql-perl sudo dpkg -i mysql-client-5.5_5.5.13-2_amd64.deb sudo dpkg -i libmysqld-dev_5.5.13-2_amd64.deb sudo dpkg -i libmysqld-pic_5.5.13-2_amd64.deb sudo dpkg -i mysql-server-core-5.5_5.5.13-2_amd64.deb sudo dpkg -i mysql-server-5.5_5.5.13-2_amd64.deb
Took me awhile of messing around to get the sequence right, hope this helps!
Reference/links from blog post/comments here.
Redirect HTTP to HTTPS on IIS behind an AWS ELB
Posted by Benny Chew in Coding/Development, Tips & Tweaks on August 28th, 2011
In recent times I’ve had to handle the Microsoft stack (.NET) among other things. One of the things I’ve faced recently was redirecting traffic hitting the application running on IIS behind an AWS Elastic Load Balancer (ELB) from HTTP to HTTPS. Fairly easy on the Linux stacks which had nginx in front as a reverse proxy (just add a rewrite rule on your HTTP host to HTTPS), but after tinkering around a bit, finally got the correct rewrite rule working (with the help of IIS7′s .htaccess conversion utility).
The transform code you would want to stick into your Web.<transform>.config (was for a ASP.NET MVC project):
<rewrite xdt:Transform="Insert">
<rules>
<rule name="HTTPS rewrite behind ELB rule" stopProcessing="true">
<match url="^(.*)$" ignoreCase="false" />
<conditions>
<add input="{HTTP_X_FORWARDED_PROTO}" pattern="^http$" ignoreCase="false" />
</conditions>
<action type="Redirect" redirectType="Found" url="https://{SERVER_NAME}{URL}" />
</rule>
</rules>
</rewrite>
This assumes you have the IIS URL Rewrite module installed on your IIS server.
References:
http://www.iis-aid.com/articles/how_to_guides/redirect_http_to_https_iis_7?page=1
http://serverfault.com/questions/304621/endless-redirect-loop-with-aws-elb-and-wordpress-site-using-wordpress-https-plugi
http://docs.amazonwebservices.com/ElasticLoadBalancing/latest/DeveloperGuide/index.html?SvcIntro.html
SSD tweak utility for Windows
Posted by Benny Chew in Tips & Tweaks, Windows on August 28th, 2011
All machines I regularly use are now using SSDs (60GB/120GB OCZ Vertex 2E), and this handy utility has done all the tweaks for me: SSD Tweaker
EOL?
Posted by Benny Chew in Site Updates on December 13th, 2010
Doesn’t look like there has been updates for awhile, and don’t think that’s on the verge of changing as I’ve been using Google Reader mostly for sharing posts. Links as below:
- Google Reader shared items
- Twitter (updates piped from Google Reader via Reader2Twitter)
- Flickr | 500px
4GB of RAM on a 32bit Windows OS
Posted by Benny Chew in General Tech on July 27th, 2009
Most machines now configured with 4GB of RAM but continue to be bundled with the 32-bit version of Windows. You might’ve noticed that in this situation it does not fully utilise all of it, but here’s a simple fix to work around this issue instead of putting a 64-bit OS instead:
To enable PAE mode, you have to add PAE to the boot entry in the BCD file. Open an elevated command prompt. Type BCDEDIT /SET PAE ForceEnable.
Booko
Posted by Benny Chew in Miscellaneous on July 26th, 2009
Came across this site when I was looking to buy a book, it does a search across multiple online sites and points you to the place where you can get it for the best price. Got my book from the Book Depository which surprisingly does not charge for shipping even though it’s based in UK (and shipping time was incredibly quick!).
ipfilter (blocklist) update
Posted by Benny Chew in BitTorrent, General Tech, Tips & Tweaks on July 26th, 2009
There has been update to the ipfilter.dat source which I posted up before (have just updated that post). The previous source was from BISS but the people who maintain the blocklists now publish it at this site.
Whether or not the blocklists are of any use is up for debate, and definitely not something I’m going to go into in this post..
via here
