Hosting a Website in S3 Bucket and Enabling Redirection in S3 BUcket

Hosting a Website in S3 Bucket:

It is possible to host your images and video for your websites on Amazon S3 for a long time. However, it was not that easy to host your entire website on S3. Why? If a user enters a site address (www.example.com) and the CNAME in the site’s DNS record resolves to the root of an S3 bucket (www.example.com.s3.amazonaws.com), Amazon S3 would list the contents of the bucket in XML form. In order to work around this, customers would host their home page on an Amazon EC2 instance. This is no longer necessary.

You can now host an entire website on Amazon S3. You can now configure and access any of your S3 buckets as a “website.” When a request is made to the root of your bucket configured as a website, Amazon S3 returns a root document. Not only that, if an error occurs your users receive an HTML error document instead of an XML error message. 

You can also provide your own error documents for use when a 4xx-class error occurs.
Here’s more detail on the new features…

 

Website Endpoints:

To access this website functionality, Amazon S3 exposes a new website endpoint for each region (US Standard, US West, EU, or Asia Pacific). For example, s3-website-ap-southeast-1.amazonaws.com is the endpoint for the Asia Pacific Region. Existing buckets and endpoints continue to work the same way they always have.

 

Root and Index Documents:

When you configure your bucket as a website, you can specify the index document you want returned for requests made to the root of your website or for any subdirectory.  For example, a GET request made to the following URI (either direct or via a CNAME):
mywebsitedomain.s3-website-us-east-1.amazonaws.com/images/subdirectory/
Will return the following S3 object
mywebsitedomain.s3.amazonaws.com/images/subdirectory/index.html

Error Document:

When you access a website-configured bucket through the new website endpoint, and an error occurs, Amazon S3 now returns a new HTML error page instead of the current XML error. Also, you can now specify your own custom error page when a 4XX error occurs.
You can use the S3 tab of the AWS Management Console to enable your bucket as a website.

Steps:

 1. Create your S3 bucket with proper naming.
 2.  Upload the static content to your s3 bucket.
 3. Now under properties, select Static Web Hosting.
 4. Select Enable website hosting option.
 5. Mention Index Document :  [index.htm] and Error Document: [error.html] and save the configuration.
 6. Under permission, add a bucket a policy which makes s3 bucket as public and save the configuration.




  policy:
{
  "Version": "2008-10-17",
  "Statement": [{
    "Sid": "AllowPublicRead",
    "Effect": "Allow",
    "Principal": { "AWS": "*" },
    "Action": ["s3:GetObject"],
    "Resource": ["arn:aws:s3:::your-bucket-name/*" ]
  }]
}

Note:
Once the static web hosting is enabled, your s3 bucket will have url in below format.
https://s3-ap-southeast-1.amazonaws.com/bucket-name/file.html
 It is not possible to point  whole url to any domain name. Thus, in order to overcome from this issue, point only https://s3-ap-southeast-1.amazonaws.com/ to domain name. 

Enabling Redirection in S3 Bucket:

In order to redirect any .html file to another .html file in same S3 bucket, use meta data concept.

Select the file. In properties section, select the meta-data option. 

Creating MYSQL User

We did all of the editing in MySQL as the root user, with full access to all of the databases. However, in the cases where more restrictions may be required, there are ways to create users with custom permissions.


1. Creating a new user:
CREATE USER '<password>'@'%' IDENTIFIED BY '<password>';

2.  After creating user, now it's the time to provide grants.
GRANT SELECT ON db_name.* to '<username>'@'%';
 #Above command will provide read only permission to the user for specified database

3. Reload all the changes made.
FLUSH PRIVILEGES;


Sample grant example:

1.  Providing full permission to a user on all databases.
GRANT ALL PRIVILEGES on *.* to  '<username>'@'%';

pg_dump issue while taking postgresql database dump

You might have face below issue or exception when you are taking dump of postgresql server.

pg_dump: server version: 9.4.4; pg_dump version: 9.2.13
pg_dump: aborting because of server version mismatch


In this case follow the below steps to resolve the issue.

Step 1: Install the postgresql new version.
yum install postgresql94

#This will add missing packages.


Step 2: Execute the pg_dump command with new version.
/usr/bin/pg_dump94 -h <hostname> -U <username> -W<db-name>   > file.sql
prompt for password

Creating New users in postgresql and providing grants to the users

Steps to create read only user in postgre DB

1. Command to create the user

create user USER_NAME password 'PASWWORD';

2. Set read only to the user

alter user USER_NAME set default_transaction_read_only = on;

3. Provide DB previlages to user

GRANT select on DB_NAME to USER; // if only db name doesn't work. give list of tables in command, so that the user can have permission to all the tables

4. login to DB

 psaql -h HOSTNAME -UUSERNAME -d DBNAME

5. Once you logged into the DB. execute below commands

GRANT CONNECT ON DATABASE db_name to user_name;
GRANT USAGE ON SCHEMA public to user_name;
GRANT SELECT ON ALL SEQUENCES IN SCHEMA public TO user_name;
GRANT SELECT ON ALL TABLES IN SCHEMA public TO user_name;

Creating SSL Certificate in Ubuntu

What is SSL certificates,How HTTPS works,How to generate CSR and eventually installing an SSL certificate . The Secure Socket Layer was created by netscape to ensure secure transactions between web servers and browsers,mail servers and mail client 

HTTPS or Hypertext Transfer Protocol Secure indicates that the website has been authenticated by a third party Certification Authority (CA).HTTPS is a visual indication that information is being exchanged for the session in a more secure way.HTTPS appears in the URL when a website is secured by an SSL certificate.The details of the certificate, including the issuing authority and the corporate name of the website owner, can be viewed by clicking on either the lock symbol on the browser bar.

How SSL Works

1. A browser attempts to connect to a website secured with SSL.
2. The browser requests that the web server identify itself.
3. The server sends the browser a copy of its SSL Certificate.
4. The browser checks whether it trusts the SSL Certificate. If so, it sends a message to the server.
5. The server sends back a digitally signed acknowledgement to start an SSL encrypted session.
6. Encrypted data is shared between the browser.

Why do we need SSL

If you are transmitting sensitive information on a web site, such as credit card numbers or personal information, you need to secure it with SSL encryption.With booming Internet trends and fraud, most will not submit their private details on the web unless they know that the information they provide is securely transmitted and not accessible for anyone to view.

Self Signed and Signed SSL Certificates

Whether you get your certificate signed by a certificate authority or sign it yourself, there is one thing that is exactly the same on both.The data sent over an https connection will be encrypted regardless of whether the certificate is signed or self-signed.In other words, both types of certificates will encrypt the data to create a secure website.A certificate authority tells your customers that this server information has been verified by a trusted source.he problem with using a self-signed certificate is that nearly every Web browser checks that an https connection is signed by a recognized CA. If the connection is self-signed, this will be flagged as potentially risky and error messages will pop up encouraging your customers to not trust the site.Since they provide the same protection, you can use a self-signed cerificate anywhere you would use a signed certificate.Self-signed certificates are great for testing servers.If you're creating a website that you need to test over an https connection, you don't have to pay for a signed certificate for that testing site.If You're Doing Ecommerce You Need a Signed Certificate.

What is Certificate Authority 

A certificate authority is an entity which issues digital certificates to organizations or people after validating them.Certification authorities have to keep detailed records of what has been issued and the information used to issue it, and are audited regularly to make sure that they are following defined procedures.For example Versign,GoDaddy,GlobalSign.

Process involved in buying SSL certificate

1. Generate a Certificate Signing Request (CSR) for the web server you plan to secure 
2. Contact any of CA(Versign,GoDaddy,GlobalSign,Thawte)
3. Choose your Type of SSL Certificate and Buy
4. Apply the certificates on your web server. 

Generate a CSR with OpenSSL

To install a digital certificate, you must first generate and submit a Certificate Signing Request (CSR) to the Certification Authority (CA).The CSR contains your certificate-application information.

Install Open-SSL on your server,this is a common package and will be available on all of the major distros through their package installer.

Step 1: Generate Private key : 

openssl genrsa -des3 -out server.key 2048

Generating RSA private key, 2048 bit long modulus
.+++
........................+++
e is 65537 (0x10001)
Enter pass phrase for server.key:abcde
Verifying - Enter pass phrase for server.key:abcde

Step 2: Generate a CSR : openssl req -new -key server.key -out server.csr

Enter pass phrase for server.key:xyz
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:abc
State or Province Name (full name) []:abc
Locality Name (eg, city) [Default City]:abc
Organization Name (eg, company) [Default Company Ltd]:abc
Organizational Unit Name (eg, section) []:abc
Common Name (eg, your name or your server's hostname) []:*.abc.com or abc.com [actual domain name for that you need to buy ssl]
Email Address []:abc@xyz.com

Please enter the following 'extra' attributes
to be sent with your certificate request

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:password
An optional company name []:abc org


After the verification of SSL from Service Provider, download the certificate and intermediate certificate.


Now you can upload this ssl and server.key file to ELB to enable SSL.

While uploading if you face any error like  "Invalid Private Key", than convert the private key file to equivalent .pem file 


openssl rsa -in server.key -outform PEM -out server.key.pem

Than try again.

Installing GIT on your local ubuntu machine and some basic commands

Step 1: sudo apt-get install git-core //Installs git tool in your local ubuntu machine.

Step 2: //Checking GIT version

git --version
---> git version 1.9.1


Step 3: Setting User Name and EMail Id:

  git config --global user.name "Aditya Hegde"
  git config --global user.email "abc@gmail.com"


List of other git commands:
1.  AVOID MERGE COMMITS FOR PULLING
// You pull latest changes from a remote repository and if these changes are divergent then, by default Git creates merge commits. We can avoid this via following settings.

* git config --global branch.autosetuprebase always


2. COLOR HIGHLIGHTING
  // The following commands enable color highlighting for Git in the console.
  * git config --global color.ui true
  * git config --global color.status auto
  * git config --global color.branch auto

3. SETTING DEFAULT EDITOR
// By default Git uses the system default editor which is taken from the VISUAL or EDITOR environment variable. We can configure a different one by using git config.
  * git config --global core.editor vim

4. SETTING DEFAULT MERGE TOOL
// Git does not provide a default merge tool for integrating conflicting changes into your working tree. We can set default merge tool by enabling following settings.
  * git config --global merge.tool vimdiff

5. LISTING GIT SETTINGS
// To verify your Git settings of the local repository use git config –list command as given below.
  * git config --list


Creating Operation:

A. Creating New Group and User
1. Creating a Group:
   * groupaddgroup-name

2. Adding new user to group
   * useradd -G group-name -d /home/gituser -m -s /bin/bash username

3. Changing the password for user:
   * passwd user-name
  // This will prompt for new password

B. Creating Bare Repository:
1.  Create a directory with .git extension
    * mkdir directory_name.git

2. Switch to newly created directory.
   * cd directory_name.git

3. // Initializing new empty repository with --bare option
  *  git --bare init
-----> Initialized empty Git repository in /home/gituser/project.git/

Installing S3CMD tool in your local ubuntu or Amazon Linux Machine

S3CMD tool is used to operate with AWS S3 Bucket. Below are the steps to install s3cmd tool in your local machine.


Step 1: Download the s3cmd tool package.

wget http://sourceforge.net/projects/s3tools/files/s3cmd/1.5.0-alpha3/s3cmd-1.5.0-alpha3.tar.gz

Step 2: unzip the downloaded package.
tar xzf s3cmd-1.5.0-alpha3.tar.gz

Step 3: Switch to setup folder.
cd  s3cmd-1.5.0-alpha3/setup

Step 4: Execute the setup.py file.
python setup.py install  // This will install s3cmd tool on your machine.


Step 5: Configuring with one of the s3 bucket.

s3cmd --configure
// This will prompt for Access Key and Secret Key of the bucket.