Find open ports from Linux kernel


Have you ever tried to find out the open ports in a Linux box without using the common tools like netstat, nmap, lsof, ss ... ? In some cases,  the tools are just not available. e.g In a cutdown version Linux server or container, and you don't have the permission to install any software. I … Continue reading Find open ports from Linux kernel

Advertisements

DNS-over-HTTPS


Just found out Google public DNS supports DNS-over-HTTPS. A single curl command can give you the result in json format. Very nice! Syntax: curl -s https://dns.google.com/resolve?name=xxxx curl -s https://dns.google.com/resolve?name=ap-southeast-2.aws.amazon.com | jq -r . { "Status": 3, "TC": false, "RD": true, "RA": true, "AD": false, "CD": false, "Question": [ { "name": "ap-southeast-2.aws.amazon.com.", "type": 1 } ], "Authority": … Continue reading DNS-over-HTTPS

Fault Tolerant VPN Solution on AWS


I worked with a project team to help them to improve their current VPN infrastructure on AWS. They have 3 VPN EC2 instances, let's call them VPN01, VPN02 and VPN03. They are all OpenVPN Access Server, VPN01 and VPN02 both have 10 concurrent sessions license, and in availability a and b respectively. VPN03 only has … Continue reading Fault Tolerant VPN Solution on AWS

Double SSH Hops example


Client -ssh only--> Jumpbox00 -ssh only--> Jumpbox01 --http only-> Internal network Here is how to ssh to jumpbox01, and visit websites in internal networks from Client. 1) Ensure you have a private key that is trusted by both jumpbox00 and jumpbox01. For example, jb.pem under ~/.ssh/, then run the following command: ssh-add ~/.ssh/jb.pem  2) Add the following … Continue reading Double SSH Hops example

AWS API Gateway behind Nginx


If you happen to have a Nginx upstream using AWS API Gateway, and gets this error 'SSL_do_handshake() failed (SSL: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure) while SSL handshaking to upstream' Here is the fix - you need to add 'proxy_ssl_server_name on;' in your nginx.conf. The directive is only available since version 1.7.0. Reference: proxy_ssl_server_name Syntax: proxy_ssl_server_name … Continue reading AWS API Gateway behind Nginx