Sander Knape - Sander Knape

Use Infrastructure as Code for automated security in the deployment pipeline

May 1, 2017

Infrastructure as Code (IaC) is a very powerful concept. The idea is that you put all infrastructure resources - networks, subnets, load balancers, firewalls and so on - in code. You then deploy your infrastructure the same way application developers deploy their code: through a continuous integration / continuous deployment (CI/CD) pipeline. Other benefits already reaped by application developers that become available are code linting, automated testing and an audit trail of your changes if combined with a version control system.

Tags: automation , aws , cloudformation , cloudsploit , lambda , security

Building a serverless website in AWS

May 1, 2017

Maintaining a web server for your website is not ideal. It’s tedious, takes a lot of time if done properly and distracts from what you really want to do: sell a product, share information, e.t.c. The more time and money you spend on the platform, the less is available to spend on the website and your core business. Unless you’re a hosting company of course, but then this blog post isn’t really for you.

Tags: api gateway , lambda , aws , s3 , serverless

Dynamic image generation with AWS API Gateway and Lambda

February 21, 2017

The combination of API Gateway and Lambda is very powerful. It allows you to build some complex functionalities without maintaining any virtual machines yourself. Lambda can be hooked up to many other (AWS) Services including DynamoDB, Kinesis and S3. This paradigm, better known as serverless, is truly upcoming for years now and its certainly time to jump on the bandwagon if you haven’t done so already. One of the better-known use cases of AWS Lambda is the generation of thumbnail images as images are inserted into S3.

Tags: api gateway , lambda , aws , serverless

Getting started with AWS Cognito

February 4, 2017

Did you ever write your own authentication service? In essence it’s quite trivial: allow a user to enter a username and a password. Next, look in a database for a row/document that matches the received data. If found, login. If not, be gone. It becomes harder when you start thinking more about proper security. And what about features such as password resets, login throttling or logins with Google/Facebook? Surely a managed service must exist that can make all this much easier for us.

Tags: aws , cognito , php

Securing your server's SSH configuration

November 6, 2016

Are your SSH log files flooding with failing login attempts? I’ve seen many questions on websites such as Stackoverflow and Stackexchange from worried people that someone is actively targeting their servers with brute-force password logins attempts. Let me get one thing straight first: you are not special! It’s part of internet life: many botnets constantly attempt to login to servers. These can be random IP addresses or known ranges such as Amazon AWS EC2 instances or DigitalOcean droplets.

Tags: linux , security , ssh

Get insight into your server with Datadog

October 9, 2016

I have been running my blog for a few months now on a DigitalOcean droplet. Apart from the few metrics DigitalOcean provides, I never really had any insight into how my server is performing. This includes metrics like CPU and Memory, but also metrics from the applications I run to host my blog, in particular Nginx, php-fpm and MySQL. To get more insight into these metrics, I decided to install the Datadog agent on my server.

Tags: datadog , linux , metrics , php , mysql

Integration tests with Travis CI

September 20, 2016

Do you write integration tests? What about unit tests? I believe that more people say “Yes” to the second question than to the first. Which is kinda weird - for many applications, it really isn’t that hard to write integration tests. It might not even be necessary to setup your own infrastructure to run these tests. Many CI tools these days allow you to install databases, queues and such on their build agents.

Tags: automation , integration testing , php , travis ci

Using Let's Encrypt for free automated SSL certificates

September 1, 2016

If you maintain your own server or servers with SSL certicates, you might know how annoying it can be to keep those certificates up to date. Especially when you have a multitude of servers, some possibly even serving the same certificates, this is a hassle to manage. Luckily, there is a solution, and its called Let’s Encrypt. Introducing Let’s Encrypt Let’s Encrypt is a Certificate Authority (CA) that provides an automated method for requesting and renewing free Domain Validated (DV) SSL certificates.

Tags: automation , let's encrypt , linux , security , tls

Multi-datacenter container orchestration with Nomad and Consul

August 26, 2016

Nomad is a distributed, multi-datacenter scheduler for containers, virtual machines and more. It’s a tool from Hashicorp, the company that also brings us Consul, a service-discovery tool that allows you to register and discover services. With the latest big release of Nomad (version 0.4), integration with Consul is improved which promises to significantly simplify the creation of a (multi-datacenter) Nomad cluster. You can read more about this release on Hashicorp’s blog.

Tags: automation , consul , nomad , hashicorp

Getting a Qualys SSL Labs A+ rating with Nginx

June 19, 2016

Setting up SSL for your server may seem like a daunting task. In addition, why would you do it? What are the benefits? There are multiple, actually, with some of the most important ones being: It’s better for SEO. Back in 2014, Google announced they would start with giving HTTPS websites a little boost in the search results. It’s not slower than HTTP. In fact - it will even be faster with HTTP2 enabled.

Tags: nginx , ssl , tls , security