DevOps Lesson

• Check-In
• Slide Hacks
• NGINX
  • Configuration
    • Load Balancing
    • HTTP Headers
  • Check In
• Hacks
  • Bonus (0.05)
• CORS Hacks
• KASM Hacks

import socket

# Change the following host and see what IP it prints!
host = "discord.com"
ip = socket.gethostbyname(host)

print(ip)

162.159.135.232

with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
    s.connect((ip, 80))
    print("Successfully connected!")

Successfully connected!

Check-In

1. What is an IP address?

   Internet Protocol address is a numerical label that is connected to a computer network that uses the Internet Protocol for communication. An IP address serves two main functions: network interface identification and location addressing.

2. What is a TCP port?

TCP is called as Transmission control protocol which provides a communication service between an application program and the Internet protocol (IP) A port is a number used to uniquely identify a transaction over a network by specifying both the host and the service.(saftey mechanism to send groups of bytes over the internet.)

Slide Hacks

1. DNS stands for Domain Name System.

2. The purpose of DNS is to translate human-readable domain names, such as google.com, into IP addresses that computers can understand. DNS allows users to access websites and other network resources by using memorable domain names instead of having to remember the IP addresses of every resource they want to access.

3. When a user types a domain name into their browser, the browser sends a request to a DNS resolver to obtain the IP address associated with that domain name. The resolver then queries the DNS hierarchy, starting with the root servers, to obtain the IP address for the requested domain name. The IP address is then returned to the resolver, which in turn returns it to the user's browser. The browser can then use the IP address to establish a connection to the desired resource.

4. A DNS resolver is a component of the DNS system that is responsible for resolving domain names into IP addresses. Resolvers can be configured on individual computers or on network servers. When a resolver receives a request for a domain name, it queries the DNS hierarchy to obtain the IP address associated with that name. Resolvers cache the results of previous queries to improve performance and reduce network traffic.

with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
    s.connect((ip, 80))

    # Send a GET request to "/"
    s.sendall(b"GET / HTTP/1.1\r\n\r\n")

    # Recieve & print 2048 bytes of data
    data = s.recv(2048)
    print(data.decode())

HTTP/1.1 400 Bad Request
Server: cloudflare
Date: Fri, 28 Apr 2023 20:14:42 GMT
Content-Type: text/html
Content-Length: 155
Connection: close
CF-RAY: -

<html>
<head><title>400 Bad Request</title></head>
<body>
<center><h1>400 Bad Request</h1></center>
<hr><center>cloudflare</center>
</body>
</html>

import requests

# Change the URL to whatever you'd like
response = requests.get("https://google.com")

print("Status code:", response.status_code)
print("Headers:", response.headers)
print("Response text:", response.text[:100])

# Add a line to print the "Content-Type" header of the response
# Try an image URL!

Status code: 200
Headers: {'Date': 'Thu, 27 Apr 2023 21:28:42 GMT', 'Expires': '-1', 'Cache-Control': 'private, max-age=0', 'Content-Type': 'text/html; charset=ISO-8859-1', 'Content-Security-Policy-Report-Only': "object-src 'none';base-uri 'self';script-src 'nonce-8AI3rIfh-0LOiOgE__JcUA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp", 'P3P': 'CP="This is not a P3P policy! See g.co/p3phelp for more info."', 'Content-Encoding': 'gzip', 'Server': 'gws', 'X-XSS-Protection': '0', 'X-Frame-Options': 'SAMEORIGIN', 'Set-Cookie': '1P_JAR=2023-04-27-21; expires=Sat, 27-May-2023 21:28:42 GMT; path=/; domain=.google.com; Secure, AEC=AUEFqZf52wBb_r3g7By1fAFAmTXEvinO6P69ey2za8PzmZ9-hHzenxS3ig; expires=Tue, 24-Oct-2023 21:28:42 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax, NID=511=f3D6vr6sSRcoKGclvzWMunxdKdXCC4nDHXUmpy1LfhzFaB2DbzdeolPGEGBN-YanHHK1-mZmmS5QcwyRdZZjkRuDfFvxScZUptOzTdRrGGiYxPlqVY3DVoeoqLPe4OOPMAdBAJriQtKzfKxf95IuH9cc5slEi1UyfM-6bfwvu-0; expires=Fri, 27-Oct-2023 21:28:42 GMT; path=/; domain=.google.com; HttpOnly', 'Alt-Svc': 'h3=":443"; ma=2592000,h3-29=":443"; ma=2592000', 'Transfer-Encoding': 'chunked'}
Response text: <!doctype html><html itemscope="" itemtype="http://schema.org/WebPage" lang="ja"><head><meta content

NGINX

aws = "3.130.255.192"

response = requests.get("http://" + aws + "/products")
print(response.headers)

{'Server': 'nginx/1.18.0 (Ubuntu)', 'Date': 'Thu, 27 Apr 2023 21:29:21 GMT', 'Content-Type': 'text/html', 'Transfer-Encoding': 'chunked', 'Connection': 'keep-alive', 'Last-Modified': 'Thu, 20 Apr 2023 20:42:12 GMT', 'X-Cooler-Header': 'This is my secret header!', 'Content-Encoding': 'gzip'}

Configuration

server {
    // Listen on virtual "port 80"
    listen 80;
    listen [::]:80;
    server_name 3.130.255.192;

    location / {
        // Inform server about original client
        proxy_set_header        Host $host;
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-Proto $scheme;

        // Forward all requests transparently to the server running on our computer
        proxy_pass              http://localhost:9099;
    }
}

Load Balancing

upstream example.com {
    server server1.example.com;
    server server1.example.com;
}

HTTP Headers

server {
    add_header X-Cool-Header "I love APCSP!";

    location /pages {
        add_header X-Cooler-Header "This is my secret header!";
    }
}

Check In

1. Research 1 HTTP header and describe, in detail, its purpose.

One example of an HTTP header is the "Content-Type" header. The Content-Type header is used to indicate the media type of the resource that is being sent in the HTTP response. For example, if you were sending an HTML file as the response to an HTTP request, you would include the "Content-Type: text/html" header in the response. This tells the browser that the resource being sent is an HTML document.

1. Write a line in a sample NGINX configuration that will add that specific header to the /information location

  location /information {
  add_header X-Custom-Header my-header-value;
  #other configuration directives
}

1. Explain the purpose of the load balancing performed by NGINX

The purpose of load balancing performed by NGINX is to distribute incoming traffic across multiple servers or instances. This helps to improve the availability, scalability, and performance of web applications by ensuring that no single server becomes overloaded with traffic. NGINX uses different load balancing algorithms to determine how to distribute traffic, such as round-robin, least connections, and IP hash.

1. Modify the following code block to obtain the value of the secret header on /products of the AWS site

aws = "3.130.255.192"

#response = requests.get("http://" + aws+ "/products")

print("The secret header is:", "'X-Cooler-Header': 'This is my secret header!'")

The secret header is: 'X-Cooler-Header': 'This is my secret header!'

Hacks

• Complete the above check-in questions and change the hosts (0.1)
  • Complete the above code-segment to retrieve the secret header (0.1)

Bonus (0.05)

Create a diagram showing the layers of abstraction that allow us to use HTTP (IP, TCP, etc.)

CORS Hacks

1. CORS stands for Cross-Origin Resource Sharing. It is a security feature implemented in web browsers to restrict cross-origin HTTP requests that are initiated by web scripts.

2. To implement CORS in your website, you need to configure your server to include specific headers in the response that indicate which origins are allowed to access your resources. The most important header is the Access-Control-Allow-Origin header, which specifies the domain(s) that are allowed to make requests to your server. You can also use other headers to allow specific HTTP methods or headers.

3. CORS is important for security reasons because it prevents unauthorized cross-site scripting attacks. By implementing CORS, you can restrict which domains can access your resources, which prevents attackers from accessing sensitive data or executing malicious scripts on your website. Additionally, CORS allows you to share resources between domains, which can be useful for web applications that require data from multiple sources.

4. By understanding how to use CORS, you can make your websites more secure and prevent potential attacks. Additionally, if you are building web applications that require data from multiple sources, CORS can help you share resources between domains and improve the user experience. Finally, as web technology continues to evolve, it is likely that CORS will become an increasingly important security feature, so understanding how to use it will be beneficial for your future career as a web developer.

Total: 0.2 points

KASM Hacks

1. "sudo" is a command that allows you to run other commands as an administrator in terminal. It gives you permission to do things like installing software or making changes to the system.

2. Some commands to look at how a machine's storage is set up include "df -h" to see how much space is left on file systems, "lsblk" to see what storage devices are available, and "mount" to see what file systems are currently being used.

3. Alternatives to "curl -O" for downloading the KASM zip file include using a web browser, a download manager app, or a different command-line tool like "wget".

4. "install.sh" is a command that installs and configures the KASM software on your computer. It may include downloading necessary files and setting up configuration options.

5. Deploying KASM requires knowledge of using the command line, managing software packages, and securing networks. You can expand this guide by discussing other topics like setting up firewalls, user permissions, and integrating KASM with other security tools.

Total: 0.2 points