DevOps Lesson

• Check-In
• NGINX
  • Configuration
    • Load Balancing
    • HTTP Headers
  • Check In
• Hacks
  • Bonus (0.05)
• CORS Hacks
• KASM Hacks
• AWS/RDS Hacks

import socket

# Change the following host and see what IP it prints!
host = "crunchyroll.com"
ip = socket.gethostbyname(host)

print(ip)

104.18.40.133

with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
    s.connect((ip, 80))
    print("Successfully connected!")

Check-In

1. What is an IP address? A way to uniquely identify a device on the internet. IP is short for Internet Protocol.
2. What is a TCP port? TCP is used to send packets through computers.

with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
    s.connect((ip, 80))

    # Send a GET request to "/"
    s.sendall(b"GET / HTTP/1.1\r\n\r\n")

    # Recieve & print 2048 bytes of data
    data = s.recv(2048)
    print(data.decode())

HTTP/1.1 400 Bad Request
Server: cloudflare
Date: Wed, 26 Apr 2023 21:15:36 GMT
Content-Type: text/html
Content-Length: 155
Connection: close
CF-RAY: -

<html>
<head><title>400 Bad Request</title></head>
<body>
<center><h1>400 Bad Request</h1></center>
<hr><center>cloudflare</center>
</body>
</html>

import requests

# Change the URL to whatever you'd like
response = requests.get("https://google.com")

print("Status code:", response.status_code)
print("Headers:", response.headers)
print("Response text:", response.text[:100])

# Add a line to print the "Content-Type" header of the response
# Try an image URL!

Status code: 200
Headers: {'Date': 'Mon, 01 May 2023 06:28:56 GMT', 'Expires': '-1', 'Cache-Control': 'private, max-age=0', 'Content-Type': 'text/html; charset=ISO-8859-1', 'Content-Security-Policy-Report-Only': "object-src 'none';base-uri 'self';script-src 'nonce-Uu1v_59mUOloEhr3asNxHw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp", 'P3P': 'CP="This is not a P3P policy! See g.co/p3phelp for more info."', 'Content-Encoding': 'gzip', 'Server': 'gws', 'X-XSS-Protection': '0', 'X-Frame-Options': 'SAMEORIGIN', 'Set-Cookie': '1P_JAR=2023-05-01-06; expires=Wed, 31-May-2023 06:28:56 GMT; path=/; domain=.google.com; Secure, AEC=AUEFqZeQUwzmoQc2Zg0UvLBzbH8xlQl8Dj-TkOqdEOx-7PBVYx67bvwnw4c; expires=Sat, 28-Oct-2023 06:28:56 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax, NID=511=JtXMys-FyetlTDfdF9d_NP05b_huDxND3M1LPDgZLxflrsgdp9zUWMsLr8onR4LghC4hbLue15-xRuWZUTX_d7kpHaNOXq3rXDI2A0VUTwpABVIY4OzNY79xtcBzmC5eu-dC2Q9fOJ3gqh0lQU2qkb_mrf8qK4UB0hbUSbdn9N4; expires=Tue, 31-Oct-2023 06:28:56 GMT; path=/; domain=.google.com; HttpOnly', 'Alt-Svc': 'h3=":443"; ma=2592000,h3-29=":443"; ma=2592000', 'Transfer-Encoding': 'chunked'}
Response text: <!doctype html><html itemscope="" itemtype="http://schema.org/WebPage" lang="en"><head><meta content

NGINX

aws = "3.130.255.192"

response = requests.get("http://" + aws)
print(response.text)

<!doctype html>
<html>
<head>
<title>Cool site</title>
<meta name="description" content="cool site for apcsp">
</head>
<body>
Hello, this is my cool site. Check out my products:
<a href="/products">Products!!</a>
</body>
</html>

Configuration

server {
    // Listen on virtual "port 80"
    listen 80;
    listen [::]:80;
    server_name 3.130.255.192;

    location / {
        // Inform server about original client
        proxy_set_header        Host $host;
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-Proto $scheme;

        // Forward all requests transparently to the server running on our computer
        proxy_pass              http://localhost:9099;
    }
}

Load Balancing

upstream example.com {
    server server1.example.com;
    server server1.example.com;
}

HTTP Headers

server {
    add_header X-Cool-Header "I love APCSP!";

    location /pages {
        add_header X-Cooler-Header "This is my secret header!";
    }
}

Check In

1. Research 1 HTTP header and describe, in detail, its purpose. Content-Length specifies the length of the content being sent in the request or response.
2. Write a line in a sample NGINX configuration that will add that specific header to the /information location

   add_header Content-Length $content_length;
   

3. Explain the purpose of the load balancing performed by NGINX: NGINX functions as a reverse proxy, and therefore, it is crucial to have load balancing to effectively distribute the incoming traffic across multiple servers, ensuring optimal performance and seamless operation.
4. Modify the following code block to obtain the value of the secret header on /products of the AWS site See below:

aws = "3.130.255.192"

response = requests.get("http://" + aws+ "/products")

print("The secret header is:", response.headers['X-Cooler-Header'])

The secret header is: This is my secret header!

Hacks

• Complete the above check-in questions and change the hosts (0.1)
• Complete the above code-segment to retrieve the secret header (0.1)

Bonus (0.05)

Create a diagram showing the layers of abstraction that allow us to use HTTP (IP, TCP, etc.)

CORS Hacks

1. Explain what CORS is and what it stands for: CORS stands for Cross Origin Resource Sharing, and it's a security feature that prevents websites from stealing sensitive information.
2. Describe how you would be able to implement CORS into your own websites
3. Describe why you would want to implement CORS into your own websites: Without CORS, API requests are not possible, as API requests use Cross Origin requests.
4. How could use CORS to benefit yourself in the future?: I could use CORS to create a website that allows the user to access multiple domains without sacrificing security in any way. Total: 0.2 points

KASM Hacks

1. What is the purpose of "sudo" when running commands in terminal? sudo is used to provide admin access in order to run certain commands in bash.
2. What are some commands which allow us to look at how the storage of a machine is set up as? The df command provides information about the amount of free and used disk space on each file system that is mounted, while du displays the disk usage of files and directories. On the other hand, lsblk lists details about all the available or specific devices on the system.
3. What do you think are some alternatives to running "curl -O" to get the zip file for KASM? wget allows the user to download the zip file directly into the desired directory.
4. What kind of commands do you think the "install.sh" command has and why is it necessary to call it? It is possible that the "install.sh" command consists of instructions for the installation and setup of KASM on the server. These instructions could involve the downloading and extracting the KASM zip file, setting up any prerequisites required, and configuring the KASM service to automatically start up. To ensure the proper installation and configuration of KASM, executing the "install.sh" command is necessary.
5. Explain in at least 3-4 sentences how deploying KASM is related to/requires other topics talked about in the lesson and/or potential ways to add things mentioned in the lesson to this guide. In order to deploy KASM, it might be necessary to first configure firewall rules in order to permit communication to and from the KASM service. Next is setting up SSL/TLS certificates for secure communication, and managing user accounts and permissions. As a side note, the integration of KASM with other security tools such as IDS/IPS or SIEM systems can potentially boost its functionalities and offer a more complete security solution. To expand the guide to encompass these topics, one can add sections on firewall configuration, SSL/TLS certificates, user administration, and integration of KASM with other security tools.

Total: 0.2 points

AWS/RDS Hacks

deleted from hacks