Consolidate Elastic Beanstalk ELB

Our nonprod environments have quite a lot Elastic Beanstalk environments. Most of them serves low traffics .Each ELB roughly costs $20 per month (no matter you use it or not) + data cost. From the cost perspective, I don't see there is a value that each of them needs a dedicated ELB (which was created by Elastic … Continue reading Consolidate Elastic Beanstalk ELB


Fault Tolerant VPN Solution on AWS

I worked with a project team to help them to improve their current VPN infrastructure on AWS. They have 3 VPN EC2 instances, let's call them VPN01, VPN02 and VPN03. They are all OpenVPN Access Server, VPN01 and VPN02 both have 10 concurrent sessions license, and in availability a and b respectively. VPN03 only has … Continue reading Fault Tolerant VPN Solution on AWS

Double SSH Hops example

Client -ssh only--> Jumpbox00 -ssh only--> Jumpbox01 --http only-> Internal network Here is how to ssh to jumpbox01, and visit websites in internal networks from Client. 1) Ensure you have a private key that is trusted by both jumpbox00 and jumpbox01. For example, jb.pem under ~/.ssh/, then run the following command: ssh-add ~/.ssh/jb.pem  2) Add the following … Continue reading Double SSH Hops example

AWS API Gateway behind Nginx

If you happen to have a Nginx upstream using AWS API Gateway, and gets this error 'SSL_do_handshake() failed (SSL: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure) while SSL handshaking to upstream' Here is the fix - you need to add 'proxy_ssl_server_name on;' in your nginx.conf. The directive is only available since version 1.7.0. Reference: proxy_ssl_server_name Syntax: proxy_ssl_server_name … Continue reading AWS API Gateway behind Nginx