185.228.168.168
185.228.169.168
1.1.1.3
1.0.0.3
Monday, 29 September 2025
Saturday, 26 July 2025
AWS
We need to understand the following concept .
1. VPC
2. Subnets
3. Internet Gateway
4. Route table
5. Security group
6. Ec2
7. Nat Gateway.
Steps to create and set up a VPC in AWS:
1. create a own vpc
2. create a public and private subnet for different Availability zone by assigning CIDR blocks.
3. Create Internet Gateway and attach it to the Vpc.
4. Create two Routing Table one as Public and one as private by associating the appropriate subnets to it.
5. Edit the Public route Table's Route alone and map the Internet Gateway, not the Private one and leave it as it is.
6. Create two security groups- one for public and one for private then edit the public security group's inbound rules with RDP, HTTP, HTTPS, SSH and map 0.0.0.0/0 in the source, And then for private security group edit the inbound rules and map the Security group of public in the source.
7. Create two Ec2's one in public and one in private subnets with proper security groups.
8. Login into the public Ec2 instance and check whether it is getting internet connection.
9. Create NAT gateway with new elastic IP for the internet connection in the privat subnet. then Map it to Private Routing table
10. Now login to the private ec2 and verify the connectivity and internet facility.
.png)
1. Security Engineering (IAM)
2. Storage Engineering (S3)
3. Network Engineering (VPC)
4. Database Engineering (RDS)
5. Server Engineering (EC2)
6. Application Engineering
Security Engineering: IAM
What is IAM?
Identity and Access Management (IAM) enables you to manage access to AWS services and resources securely. Using IAM you can create and manage AWS users and groups, and use permissions to allow and deny their acces to AWS resources.
Types of users:
Root user:
Root url:
IAM users:
IAM url:
Practical:
creating 4 components:
1. group
2. users
3. policies
4. roles
* 4 types of scenario:
1. user to service
2. service to service
3. user to service to service
4. creating MFA (Multi Factor Authentication)
ELB & ASG --> AWS Service
Types of load balancer:
1. Classic
2. Application
3. Network
4. Gateway
Classic load balancer & Auto Scaling:
1. Ec2 Instance (2)
2. Classic Load balancer
3. Launch Template
4. Auto scaling group
#!/bin/bash
yum install httpd -y
service httpd start
echo "IBIKZ-Webserver 1"> var/www/html/index.html
#!/bin/bash
yum install httpd -y
service httpd start
echo "IBIKZ-Webserver 2"> /var/www/html/index.html
ALB
ELB- Elastic Load Balancer
ASG- Auto Scaling Group
ASG- Auto Scaling Group
IRCTC website Tatkal
Types of load balancer:
1. Classic
2. Application
3. Network
4. Gateway
www.ibikz.com/product
www.ibikz.com/services
1. Ec2 Instance (2)
2. Target Group (2)
3. Application Load balancer
#!/bin/bash
yum install httpd -y
service httpd start
mkdir /var/www/html/prod
echo "prod home page"> /var/www/html/prod/index.html
#!/bin/bash
yum install httpd -y
service httpd start
mkdir /var/www/html/Dev
echo "dev home page"> /var/www/html/dev/index.html
-----------------------------------------------------------------------------------------------------------------------------
1. Elastic ip - static
public, private
2. Add Drive
3. Add Data
4. Modify drive
5. Snap shot
6. attach the snap shot to another server
Storage Engineering - S3 (simple storage service)
This act like one Drive - Storage and retrieval
What is S3?
* Simple Storage Service, it is unstructured manner of storing, process and retraival of data.
* It is a storage on the Internet.
* It can be accessed anywhere and anytime from anywhere on the web.
* It also act as a Version Control System by having the feature called versioning.(Git)
Benefits:
Availability - 99.9%
Durability 99.9999999%
-
upto 5TB data can be stored under 1 object
upto 100 object can create in 1 bucket
limitation we can't install any application or OS
volume is rural and s3 is global
Bucket --> max 100
object> It can be any format, max size of 5TB
It is a Global service.
Functions of S3:
It is a storage unit.
It is a storage unit.
Collections of object.
It is a single level container, can cointain multiple folders, or objects can be placed directly.
Upload and Download can be easier
Name of the bucket should be globally unique.
Allows max 100 bucket per user
Data kept secured from unauthorized access through authentication machanism.
Thursday, 13 October 2022
Docker and kubernetes
Docker Containerization
Containerization is a lightweight virtualization technology alternative to hypervisor virtualization.
any application can be bundled in a container that can run without any worries about dependencies, Libraries, and binaries.
containers are designed to run on any physical server, virtual machine, and cloud instance.
Virtualization Vs Containerization
Virtualization technology allows us to have multiple operating systems to share a single hardware processor.
Containerization is application-specific virtualization, because it provides applications with dedicated environments in the form of containers to run on, which can be deployed and run anywhere without a dedicated virtual machine with the operating system for each application.
also, the container was designed to solve modern problems and application management issues. so it is not a replacement for virtualization, but it is complementary to it.
Advantages of Containerization
Containers are isolated, don't require an operating system, and share a host kernel. so containers run on the same server and use the same resource. they do not interact with each other because its isolated, if one application crashes, other containers with the same application will keep running without any issues.It's a portable and lightweight operating system and it contains only the required binaries, dependencies, and libraries to run the application. so it can be moved anywhere easily and run without worrying about compatibility, or dependencies kind of issue.faster and resource efficient it's very fast to boot because containers are lightweight and start in less than a second since they do not require an operating system boot.improving scalability and lower costs by allowing more containers in the environment without the need for more servers, containerization increases scalability anywhere from 10 to 100 times that of traditional VM environments.
Introduction to Docker - What is Docker on Containers
Docker is an open-source platform tool designed to manage containers, which allows us to build the application in a container with required libraries, binaries, and dependencies to run the application, ship the contained, and run it anywhere.
Docker Architecture and Components
Docker Installation
A few quick notes about Docker:docker-installation-on-ubuntu-article
Multiple containers run on the same hardware
Maintains isolated applications
Enables high productivity
Quick and easy to configure
Before learning about this technology, the first step is to install it. In this article, you’ll learn how to install Docker on Ubuntu.
Ubuntu:
#sudo apt-get update
#sudo apt-get install docker.io
Verify the docker version
#docker -v
#lsb_release -a
CentOS/RHEL:
#sudo yum -y install docker
#sudo systemctl start docker;sudo systemctl enable docker
verify the docker version
#docker -v
Open the terminal on Ubuntu.
sudo apt-get install docker.io
docker -v
sudo systemctl status docker
1, Install all the dependency packages using the following command:
$ sudo snap install docker
2, Before testing Docker, check the version installed using the following command:
$ docker --version
3, Pull an image from the Docker hub using the following command:
$ sudo docker run httpd
Here, httpd is the docker image present on the Docker hub.
4, Check if the docker image has been pulled and is present in your system using the following cmd
$sudo docker images
5, To display all the containers pulled, use the following command:
$ sudo docker ps -a
6, To check for containers in a running state, use the following command:
$ sudo docker ps
You’ve just successfully installed Docker on Ubuntu!
Necessary comment to operate docker.
sudo docker search httpd
sudo docker pull httpd
sudo docker pull docker.io/exasol/nagios-monitoring
sudo docker images
sudo docker rmi "image id" ( to remove images)
sudo docker system df
sudo docker ps
sudo docker run -d -it --name web httpd
sudo docker exec -it web /bin/bash
sudo docker run -d -it --name web -p 80:80 httpd
sudo docker stop web
sudo docker stats web
sudo docker events
sudo docker rm web
sudo docker rm -f web
sudo docker top web
sudo docker save imange id > https-backup.tar (to take image as backup)
scp https-backup.tar ranjith@192.168.2.133:/home/ranjith/ (for SCP)
sudo docker load -i https-backup.tar ( it will load the image from local not in internet)
sudo docker commit "container Id" ( it will commit the image)
sudo docker commit d16a51d08814 customimage:2.1 (to add tag for commited images)
sudo docker run -d -it --name test1 customimage:2.1 /bin/sh ( to login custome image)
sudo docker exec -it 0b4a4fca58d6 /bin/bash ( to exec the custome image and verify)
sudo docker network inspect ff8866d57f1d
sudo docker network ls
ip a
sudo docker port web5
Docker run -i -t centos (to mount os)
docker cp aaca4f3bedb6:/opt/nagios/etc/ /root/Desktop
docker cp /root/Desktop/etc/nagios.cfg aaca4f3bedb6:/opt/nagios/etc/
Saturday, 26 March 2022
Apache Guacamole 1.1.0 Install Guide
This guide is written assuming that you are logged in as root. You can do this from a non root account with sudo privileges, but sudo will need to be placed before each command.
1. Once we have a installed CentOS 7, we are going to set the hostname, update the OS and other packages, and enable the Enterprise Linux Repositories (EPEL):
hostnamectl set-hostname guacyum install -y epel-releaseyum update -y2. Guacamole requires ffmpeg-devel, and that package is not included with the base CentOS or EPEL repositories so we will need to enable/install a repository that includes ffmpeg-devel and its dependencies. For this tutorial we will be using RPM Fusion but other 3rd party repositories that have the necessary packages will work as well. Use this command to install RPM Fusion:
yum -y localinstall --nogpgcheck https://download1.rpmfusion.org/free/el/rpmfusion-free-release-7.noarch.rpm https://download1.rpmfusion.org/nonfree/el/rpmfusion-nonfree-release-7.noarch.rpm3. Next we need to download and install several dependencies:
yum install -y cairo-devel libjpeg-turbo-devel libwebsockets-devel libpng-devel uuid-devel ffmpeg-devel freerdp-devel pango-devel libssh2-devel libvncserver-devel pulseaudio-libs-devel openssl-devel libvorbis-devel libwebp-devel libtool libtelnet-devel freerdp mariadb-server wget tomcat4. Now download and extract the Guacamole server source code (.tar.gz) and download the Guacamole Web Application (.war)
wget https://downloads.apache.org/guacamole/1.1.0/source/guacamole-server-1.1.0.tar.gztar -xzf guacamole-server-1.1.0.tar.gzwget https://downloads.apache.org/guacamole/1.1.0/binary/guacamole-1.1.0.war5. Once the source code is downloaded and extracted, we need to prep it for compiling and installation.
cd guacamole-server-1.1.0./configure --with-init-dir=/etc/init.d
If the required dependencies from the previous steps were installed correctly, all of the libraries, protocols, and services/tools should say yes except for wsock32. If you see any “no” items, go back to step 3 and verify all of the packages installed correctly.
6. We can now run make/install.
make installldconfig && cd ~7. We need to enable tomcat, mariadb, and guacd to start each time our system starts or reboots.
systemctl enable tomcat && systemctl enable mariadb && systemctl enable guacd8. The guacamole web application that we downloaded in step 4 needs to be copied to the correct directory
cp ~/guacamole-1.1.0.war /var/lib/tomcat/webapps/guacamole.war9. The firewall needs to be opened to allow tomcat/guacamole to connect via port 8080.
firewall-cmd --permanent --add-port=8080/tcpfirewall-cmd --reload10. To configure Guacamole to support multiple users and connections, we need to download and configure MySQL.
mkdir -p /usr/share/tomcat/.guacamole/{extensions,lib}wget https://cdn.mysql.com//Downloads/Connector-J/mysql-connector-java-8.0.26.tar.gztar -xzf mysql-connector-java-8.0.26.tar.gzcp mysql-connector-java-8.0.26/mysql-connector-java-8.0.26.jar /usr/share/tomcat/.guacamole/lib/wget https://downloads.apache.org/guacamole/1.1.0/binary/guacamole-auth-jdbc-1.1.0.tar.gztar -xzf guacamole-auth-jdbc-1.1.0.tar.gzcp guacamole-auth-jdbc-1.1.0/mysql/guacamole-auth-jdbc-mysql-1.1.0.jar /usr/share/tomcat/.guacamole/extensions/11. Let’s now start mariadb and tomcat.
systemctl start mariadb && systemctl start tomcat12. Next we need to better secure our mysql/mariadb installation
mysql_secure_installation13. Press enter when asked “Enter current password for root (enter for none):”
14. Enter “Y” to set your own root password. This should be different from your normal root user password. Make sure you save this password for future use. For this demo, we are going to use GuacDemo as our password.
15. Enter “Y” to remove anonymous users, and then “Y” again to disallow remote root login.
16. Enter “Y” to remove the test database, and finally “Y” again to reload the privilege tables.
17. Now we need to configure the tables and database scheme so that Guacamole can store connection and user information in the database. Log into mysql, you will be promoted to enter the password you created in step 14.
mysql -u root -p18. Enter the following lines of SQL once you’ve been greeted with the MariaDB prompt.
CREATE DATABASE IF NOT EXISTS guacdb DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;GRANT SELECT,INSERT,UPDATE,DELETE ON guacdb.* TO 'guacuser'@'localhost' IDENTIFIED BY 'guacpass' WITH GRANT OPTION;flush privileges;quit19. We now need to download and extract the guacamole client, and cat the .sql files to mysql from inside the jbdc folder.
wget https://downloads.apache.org/guacamole/1.1.0/source/guacamole-client-1.1.0.tar.gztar -xzf guacamole-client-1.1.0.tar.gzcat guacamole-client-1.1.0/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/schema/*.sql | mysql -u root -p guacdbNote: You will be prompted for a password after this step. Use the MySQL password you created back in step 14.
20. Now we need to create the Guacamole configuration file.
mkdir -p /etc/guacamole/ && vi /etc/guacamole/guacamole.propertiesNow paste the following into the file:
#----------------------------------Inset Into VI---------------------------------------
# MySQL properties
mysql-hostname: localhost
mysql-port: 3306
mysql-database: guacdb
mysql-username: guacuser
mysql-password: guacpass
#Additional settings
mysql-default-max-connections-per-user: 0
mysql-default-max-group-connections-per-user: 0
#----------------------------------End Inset Into VI---------------
--------------------Note: To exit vi and save the file, press ESC, then the colon symbol ":", type wq, and press enter.
21. Now we fix some file permissions and create a symbolic link.
chmod 0400 /etc/guacamole/guacamole.propertieschown tomcat:tomcat /etc/guacamole/guacamole.propertiesln -s /etc/guacamole/guacamole.properties /usr/share/tomcat/.guacamole/chown tomcat:tomcat /var/lib/tomcat/webapps/guacamole.war22. In order for MySQL/MariaDB to communicate correctly with Guacamole, we have to specify our timezone in /etc/my.cnf Add the following to the [mysqld] block of the configuration file. I use -4:00 for EDT. You will need to look up the correct timezone value based on your location.
default-time-zone='-4:00'
23. Finally, we need to fix a permission issue with SELinux that will prevent Guacamole from working correctly.
setsebool -P tomcat_can_network_connect_db onrestorecon -R -v /usr/share/tomcat/.guacamole/lib/mysql-connector-java-8.0.26.jar24. That should be it! Just reboot your machine, and with any luck you will be greeted with the guacamole login screen when you navigate to:
[yourip]:8080/guacamoleThe default username is: guacadmin and the default password: guacadmin.
If you get a blank white screen, try step 23 again and reboot your computer. If you are still met with a blank white screen, try disabling SELinux.
Subscribe to:
Posts (Atom)