At the time of writing, there are 3 types of Elastic Load Balancer: CLB (Classic Load Balancer), ALB (Application Load Balancer) and NLB (Network Load Balancer). AWS releases CLB first, then ALB, thats why CLB sometimes is referred as ELB-V1, and ALB is referred as ELB-V2. Then NLB comes as the latest release. From my … Continue reading AWS ELB (CLB) vs ALB vs NLB


Find open ports from Linux kernel

Have you ever tried to find out the open ports in a Linux box without using the common tools like netstat, nmap, lsof, ss ... ? In some cases,  the tools are just not available. e.g In a cutdown version Linux server or container, and you don't have the permission to install any software. I … Continue reading Find open ports from Linux kernel


Just found out Google public DNS supports DNS-over-HTTPS. A single curl command can give you the result in json format. Very nice! Syntax: curl -s curl -s | jq -r . { "Status": 3, "TC": false, "RD": true, "RA": true, "AD": false, "CD": false, "Question": [ { "name": "", "type": 1 } ], "Authority": … Continue reading DNS-over-HTTPS

Fault Tolerant VPN Solution on AWS

I worked with a project team to help them to improve their current VPN infrastructure on AWS. They have 3 VPN EC2 instances, let's call them VPN01, VPN02 and VPN03. They are all OpenVPN Access Server, VPN01 and VPN02 both have 10 concurrent sessions license, and in availability a and b respectively. VPN03 only has … Continue reading Fault Tolerant VPN Solution on AWS

Double SSH Hops example

Client -ssh only--> Jumpbox00 -ssh only--> Jumpbox01 --http only-> Internal network Here is how to ssh to jumpbox01, and visit websites in internal networks from Client. 1) Ensure you have a private key that is trusted by both jumpbox00 and jumpbox01. For example, jb.pem under ~/.ssh/, then run the following command: ssh-add ~/.ssh/jb.pem  2) Add the following … Continue reading Double SSH Hops example

AWS API Gateway behind Nginx

If you happen to have a Nginx upstream using AWS API Gateway, and gets this error 'SSL_do_handshake() failed (SSL: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure) while SSL handshaking to upstream' Here is the fix - you need to add 'proxy_ssl_server_name on;' in your nginx.conf. The directive is only available since version 1.7.0. Reference: proxy_ssl_server_name Syntax: proxy_ssl_server_name … Continue reading AWS API Gateway behind Nginx