Below is the typical ingress solution for many organizations' AWS workloads. The data flow is: Users -> CDN (e.g Akamai,Cloudflare) -> Ingress internet-facing ALB -> Ingress ASG (e.g Nginx, HAProxy) -> TGW -> Workload internal ALB -> Workload applications (ASG or K8S services). As you can see, the improvements are the adoptions of some Cloud … Continue reading Serverless Ingress Solution on AWS
Category: WWW
HTTP Code 499
Http status code 499 is a non-standard status code introduced by nginx for the case when a client closes the connection while nginx is processing the request. I just encountered the 499 code in the nginx log a couple days ago. The reason of that is I wrote a Ajax to make a API call to the … Continue reading HTTP Code 499
ERR_CERT_COMMON_NAME_INVALID because of Subject Alternative Name missing
If you are seeing similar errors in Chrome as below, your private cert probably missed the SAN. Starting from Chrome 58, it validates the DNS against the SAN that is in the certificate. Here is the quote that I found "Certificates have two ways to express the domain/IP they're bound to - one which is … Continue reading ERR_CERT_COMMON_NAME_INVALID because of Subject Alternative Name missing
CertStuff
Do you know how many Amazon issued certificates (ACM) or user uploaded certificates (IAM) in your AWS accounts? How many certificates have been deployed to production in your Akamai contracts? Not sure about you, but I don't know the answer. So I wrote a tool called CertStuff to get all those information (common name, SAN, … Continue reading CertStuff
Enable HSTS in Akamai
What is HSTS? It stands for HTTP Strict Transport Security. Simply speaking, HSTS is a method that allows the browser to do http to https redirect. Why use HSTS? Security! As explained above, the http traffics only stay inside the machine, so it reduces the risk of exposing sensitive information in plain text to the Internet. … Continue reading Enable HSTS in Akamai