Client -ssh only--> Jumpbox00 -ssh only--> Jumpbox01 --http only-> Internal network Here is how to ssh to jumpbox01, and visit websites in internal networks from Client. 1) Ensure you have a private key that is trusted by both jumpbox00 and jumpbox01. For example, jb.pem under ~/.ssh/, then run the following command: ssh-add ~/.ssh/jb.pem 2) Add the following … Continue reading Double SSH Hops example
Category: Network
AWS API Gateway behind Nginx
If you happen to have a Nginx upstream using AWS API Gateway, and gets this error 'SSL_do_handshake() failed (SSL: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure) while SSL handshaking to upstream' Here is the fix - you need to add 'proxy_ssl_server_name on;' in your nginx.conf. The directive is only available since version 1.7.0. Reference: proxy_ssl_server_name Syntax: proxy_ssl_server_name … Continue reading AWS API Gateway behind Nginx
Send VPC flow logs to Sumologic
VPC flow is a AWS feature that allows you to capture the inbound and outbound traffics of all network interfaces in your VPC. To get the information, you have to go to the Cloudwatch to read the raw logs line by line which is not really efficient. If you happen to use Sumologic, you can … Continue reading Send VPC flow logs to Sumologic
Show public IP in Linux command
In Linux console, run the following command to show the public IP address of the machine. curl echoip.net ; echo
Hidden Master DNS
Simply speaking 'Hidden Master DNS' is done by removing the SOA DNS server from the NS records. The common practise is that the company controls their own DNS master or SOA, and uses ISP or other vendors' DNS as secondary or slave. The benifit is to hide the master DNS from public, as generally speaking … Continue reading Hidden Master DNS
Jackie Chen's IT Workshop 