Squid for Load-Balancing & Cache-Proxy ~ A techXpress Guide ~ Setting up a secured Chained-Proxy between different offices using Squid for a specific URL set.
Salt conf 2014-installing-openstack-using-saltstack-v02Yazz Atlas
OpenStack is an open source implementation of cloud computing, potentially at very large scale. However, it has many moving parts and is complex to operate. SaltStack appears to provide scalable and secure orchestration for OpenStack. But like all powerful solutions to complex problems, a great deal of the useful know-how has to be discovered by actual practice and hard-won experience. This session will share the inside knowledge gained through practical experience. This is not a howto install OpenStack.
Andrew Betts Web Developer, The Financial Times at Fastly Altitude 2016
Running custom code at the Edge using a standard language is one of the biggest advantages of working with Fastly’s CDN. Andrew gives you a tour of all the problems the Financial Times and Nikkei solve in VCL and how their solutions work.
Apache Traffic Server (ATS) is a fast, scalable HTTP caching proxy server. It allows plugins to be written using Lua, a lightweight scripting language. This provides advantages over writing plugins in C/C++, including easier development, testing, and ability to leverage Lua features. The presentation discusses using Lua with ATS, including exposing ATS APIs as Lua functions, implementing plugins, testing plugins, and security considerations like input validation and sandboxing. Future work may include exposing more ATS APIs and providing input validation libraries.
This document outlines an agenda for an Nginx essentials presentation. The presentation introduces concepts like HTTP protocols and web servers. It covers installing and configuring Nginx, including its HTTP module and features like load balancing and SSL. It also discusses debugging, customizing Nginx using modules like Tengine and OpenResty, and provides example use cases and references for further reading.
Nginx is a lightweight web server that was created in 2002 to address the C10K problem of scaling to 10,000 concurrent connections. It uses an asynchronous event-driven architecture that uses less memory and CPU than traditional multi-threaded models. Key features include acting as a reverse proxy, load balancer, HTTP cache, and web server. Nginx has grown in popularity due to its high performance, low memory usage, simple configuration, and rich feature set including modules for streaming, caching, and dynamic content.
Squid is a high-performance caching proxy server that stores frequently accessed web content to improve network efficiency. It reduces bandwidth usage on busy networks by caching content locally. Squid communicates with peer caches using the Inter-Cache Protocol and can operate as a traditional proxy or front-end accelerator. Configuring Squid involves setting up TCP/IP on the server, editing squid.conf to change ports and define access rules, restarting Squid, and configuring clients to use the Squid server address.
With the Varnish caching proxy you can make websites blazingly fast. The basics are quite simple once you understand how cache handling in HTTP works. For starters, we will look into HTTP and Varnish configuration. The main course is going to be test-driven cache invalidation and the cache tagging strategy. For desserts, there will be an introduction to Edge Side Includes (ESI). All of this will be liberally sprinkled with examples from the FOSHttpCache library and some ideas from the FOSHttpCacheBundle for Symfony2.
This document provides an overview and instructions for installing and configuring ProxySQL. It discusses:
1. What ProxySQL is and its functions like load balancing and query caching
2. How to install ProxySQL on CentOS and configure the /etc/proxysql.cnf file
3. How to set up the ProxySQL schema to define servers, users, variables and other settings needed for operation
4. How to test ProxySQL functions like server status changes and benchmark performance
Salt conf 2014-installing-openstack-using-saltstack-v02Yazz Atlas
OpenStack is an open source implementation of cloud computing, potentially at very large scale. However, it has many moving parts and is complex to operate. SaltStack appears to provide scalable and secure orchestration for OpenStack. But like all powerful solutions to complex problems, a great deal of the useful know-how has to be discovered by actual practice and hard-won experience. This session will share the inside knowledge gained through practical experience. This is not a howto install OpenStack.
Andrew Betts Web Developer, The Financial Times at Fastly Altitude 2016
Running custom code at the Edge using a standard language is one of the biggest advantages of working with Fastly’s CDN. Andrew gives you a tour of all the problems the Financial Times and Nikkei solve in VCL and how their solutions work.
Apache Traffic Server (ATS) is a fast, scalable HTTP caching proxy server. It allows plugins to be written using Lua, a lightweight scripting language. This provides advantages over writing plugins in C/C++, including easier development, testing, and ability to leverage Lua features. The presentation discusses using Lua with ATS, including exposing ATS APIs as Lua functions, implementing plugins, testing plugins, and security considerations like input validation and sandboxing. Future work may include exposing more ATS APIs and providing input validation libraries.
This document outlines an agenda for an Nginx essentials presentation. The presentation introduces concepts like HTTP protocols and web servers. It covers installing and configuring Nginx, including its HTTP module and features like load balancing and SSL. It also discusses debugging, customizing Nginx using modules like Tengine and OpenResty, and provides example use cases and references for further reading.
Nginx is a lightweight web server that was created in 2002 to address the C10K problem of scaling to 10,000 concurrent connections. It uses an asynchronous event-driven architecture that uses less memory and CPU than traditional multi-threaded models. Key features include acting as a reverse proxy, load balancer, HTTP cache, and web server. Nginx has grown in popularity due to its high performance, low memory usage, simple configuration, and rich feature set including modules for streaming, caching, and dynamic content.
Squid is a high-performance caching proxy server that stores frequently accessed web content to improve network efficiency. It reduces bandwidth usage on busy networks by caching content locally. Squid communicates with peer caches using the Inter-Cache Protocol and can operate as a traditional proxy or front-end accelerator. Configuring Squid involves setting up TCP/IP on the server, editing squid.conf to change ports and define access rules, restarting Squid, and configuring clients to use the Squid server address.
With the Varnish caching proxy you can make websites blazingly fast. The basics are quite simple once you understand how cache handling in HTTP works. For starters, we will look into HTTP and Varnish configuration. The main course is going to be test-driven cache invalidation and the cache tagging strategy. For desserts, there will be an introduction to Edge Side Includes (ESI). All of this will be liberally sprinkled with examples from the FOSHttpCache library and some ideas from the FOSHttpCacheBundle for Symfony2.
This document provides an overview and instructions for installing and configuring ProxySQL. It discusses:
1. What ProxySQL is and its functions like load balancing and query caching
2. How to install ProxySQL on CentOS and configure the /etc/proxysql.cnf file
3. How to set up the ProxySQL schema to define servers, users, variables and other settings needed for operation
4. How to test ProxySQL functions like server status changes and benchmark performance
This document discusses caching strategies for Rails applications, including:
1. Using Rails caching for queries, pages, assets, and fragments to improve performance.
2. Configuring Cache-Control headers, compression, and CDNs like Fastly for efficient caching.
3. Techniques for caching dynamic content at the edge using surrogate keys and purging cached responses.
[Hello world 오픈세미나]varnish로 웹서버성능 향상시키기NAVER D2
The document introduces Varnish, an open-source web application accelerator. It was initially developed in 2005 by a Norwegian newspaper to improve website performance. Varnish acts as a reverse proxy cache in front of web servers to cache and serve repeated requests, improving performance. The document further explains Varnish concepts like VCL and Grace mode.
This document summarizes a talk given at ApacheCon 2015 about replacing Squid with Apache Traffic Server (ATS) as the proxy server at Yahoo. It discusses the history of using Squid at Yahoo, limitations with Squid that led to considering ATS, key differences in configuration between the two, how features like caching, logging, and peering are implemented in each, and lessons learned from the migration process.
Apache Camel: Jetty Component With ExampleAmit Aggarwal
After Watching this video, you will be answer the following.
1. What is Jetty?
2. What is apache camel jetty component?
3. Required maven dependency for jetty component
4. Hello World in Jetty Consumer.
5. Different URI Formats.
6. Http Session Example Using jetty options.
7. Http Servlet Request Example of Camel Jetty.
8. How to access request parameters.
9. Import link for reading about jetty.
This document provides instructions for implementing Apache HTTPD with BusinessObjects Enterprise V3.1 using a separated application and web services architecture. It describes installing Apache HTTP as the web server, installing the mod_jk connector, configuring the servers, performing a Wdeploy distribution, and testing the final installation. The setup divides static and dynamic content, using Apache HTTP for static pages and images and Tomcat for processed Java pages for improved performance, load balancing and security.
Arnold Bechtoldt, Inovex GmbH Linux systems engineer - Configuration Manageme...SaltStack
Arnold gave this presentation at the Secure Linux Admin Conference in Berlin Germany. He provides an overview of what configuration management systems do, explains the fundamentals of SaltStack and provides a look inside.
This document discusses metrics to monitor in a Kubernetes environment across 5 layers:
1. Application metrics like request rates, errors, and durations
2. Service metrics like database connections and service-specific metrics
3. Kubernetes deployment metrics like available replicas and rolling update status
4. Kubernetes internal metrics like node status and resource availability
5. Host/node metrics like CPU, memory, and disk usage
Monitoring all 5 layers provides visibility into the health of applications, services, Kubernetes clusters and underlying infrastructure.
This document provides steps to configure SSL for Tomcat 6.0.16 on Windows Vista. It involves generating an RSA key pair and self-signed certificate, importing the certificate to the Tomcat keystore, configuring the Tomcat server.xml and webapp web.xml files to enable SSL, and testing HTTPS access to the server on port 8443.
Basic concept of nginx , Apache Vs Nginx , Nginx as Loadbalancer , Nginx as Reverse proxy , Configuration of nginx as load balancer and reverse proxy .
SaltConf14 - Oz Akan, Rackspace - Deploying OpenStack Marconi with SaltStackSaltStack
This talk will demonstrate how to use Salt Mine leveraging Salt grains to create several environments (parallel universes) that decide how to run the same Salt formulas with different outcomes. "Roles” will be defined in an OpenStack Marconi (queuing as a service) deployment and a few formulas will be shared to demonstrate the concept.
This document outlines an agenda to learn Nginx in 90 minutes through a series of exercises. It introduces Nginx as an HTTP and reverse proxy server, discusses setting up the environment using Docker, and provides 5 exercises to learn basic Nginx configurations including setting up a first web page, proxying to an Apache server, load balancing across multiple servers with CDN, adding HTTP basic authentication, and enabling HTTPS with basic authentication.
This document provides information about configuring and using the Squid caching proxy server. It discusses Squid versions and improvements between versions, how to configure access control lists and ports in Squid's configuration file squid.conf, and provides a sample configuration file with ACL rules and cache directory settings. Advantages discussed include improved caching and access control capabilities.
EFK Stack이란 ElasticSearch, Fluentd, Kibana라는 오픈소스의 조합으로, 방대한 양의 데이터를 신속하고 실시간으로 수집/저장/분석/시각화 할 수 있는 솔루션입니다. 특히 컨테이너 환경에서 로그 수집을 위해 주로 사용되는 기술 스택입니다.
Elasitc Stack에 대한 소개와 EFK Stack 설치 방법에 대해 설명합니다.
SaltConf14 - Ben Cane - Using SaltStack in High Availability EnvironmentsSaltStack
An overview on the benefits and best practices of using SaltStack for consistency and automation in highly available enterprise environments such as financial services.
You have amazing content and you want to get it to your users as fast as possible. In today’s industry, milliseconds matter and slow websites will never keep up. You can use a CDN but they are expensive, make you dependent on a third party to deliver your content, and can be notoriously inflexible. Enter Varnish, a powerful, open-source caching reverse proxy that lives in your network and lets you take control of how your content is managed and delivered. We’ll discuss how to install and configure Varnish in front of a typical web application, how to handle sessions and security, and how you can customize Varnish to your unique needs. This session will teach you how Varnish can help you give your users a better experience while saving your company and clients money at the same time.
This document discusses automating network configuration and operations using DevOps principles and tools like Puppet. It describes using Zero Touch Provisioning (ZTP) to automatically install and configure Puppet on new network devices. Puppet is then used to configure and manage interfaces, routing protocols, users, and other network settings through an infrastructure-as-code approach.
The document provides recommendations for optimizing performance of high traffic web applications, including tuning Apache settings like MaxClients, enabling caching and compression, optimizing MySQL settings like query caching and indexing, improving PHP configurations for errors, sessions and uploads, and using tools to monitor and test performance. It also outlines best practices for page loading like reducing HTTP requests and moving scripts to the bottom.
A talk I gave at the recent Advanced AWS Meeup - this is a detailed guide to how I installed and set up Spinnaker to work with our infrastructure at Stitch Fix. I go over the various problems I ran into and how I solved them. I hope this can be useful for others setting up, or interested in setting up Spinnaker for their purposes.
**Big thanks to Armory for recording the talks! Video for this talk can be found here: https://youtu.be/ywzPblFpIE0 (I'm the second speaker)**
Apache can function as both a forward and reverse proxy server. To configure it as a proxy, enable the proxy module, turn on proxy requests, and specify which clients can access the proxy. The proxy caches frequently accessed pages to improve performance and reduce bandwidth. It also provides security, access control, and logging of internet traffic on the network.
This document discusses caching strategies for Rails applications, including:
1. Using Rails caching for queries, pages, assets, and fragments to improve performance.
2. Configuring Cache-Control headers, compression, and CDNs like Fastly for efficient caching.
3. Techniques for caching dynamic content at the edge using surrogate keys and purging cached responses.
[Hello world 오픈세미나]varnish로 웹서버성능 향상시키기NAVER D2
The document introduces Varnish, an open-source web application accelerator. It was initially developed in 2005 by a Norwegian newspaper to improve website performance. Varnish acts as a reverse proxy cache in front of web servers to cache and serve repeated requests, improving performance. The document further explains Varnish concepts like VCL and Grace mode.
This document summarizes a talk given at ApacheCon 2015 about replacing Squid with Apache Traffic Server (ATS) as the proxy server at Yahoo. It discusses the history of using Squid at Yahoo, limitations with Squid that led to considering ATS, key differences in configuration between the two, how features like caching, logging, and peering are implemented in each, and lessons learned from the migration process.
Apache Camel: Jetty Component With ExampleAmit Aggarwal
After Watching this video, you will be answer the following.
1. What is Jetty?
2. What is apache camel jetty component?
3. Required maven dependency for jetty component
4. Hello World in Jetty Consumer.
5. Different URI Formats.
6. Http Session Example Using jetty options.
7. Http Servlet Request Example of Camel Jetty.
8. How to access request parameters.
9. Import link for reading about jetty.
This document provides instructions for implementing Apache HTTPD with BusinessObjects Enterprise V3.1 using a separated application and web services architecture. It describes installing Apache HTTP as the web server, installing the mod_jk connector, configuring the servers, performing a Wdeploy distribution, and testing the final installation. The setup divides static and dynamic content, using Apache HTTP for static pages and images and Tomcat for processed Java pages for improved performance, load balancing and security.
Arnold Bechtoldt, Inovex GmbH Linux systems engineer - Configuration Manageme...SaltStack
Arnold gave this presentation at the Secure Linux Admin Conference in Berlin Germany. He provides an overview of what configuration management systems do, explains the fundamentals of SaltStack and provides a look inside.
This document discusses metrics to monitor in a Kubernetes environment across 5 layers:
1. Application metrics like request rates, errors, and durations
2. Service metrics like database connections and service-specific metrics
3. Kubernetes deployment metrics like available replicas and rolling update status
4. Kubernetes internal metrics like node status and resource availability
5. Host/node metrics like CPU, memory, and disk usage
Monitoring all 5 layers provides visibility into the health of applications, services, Kubernetes clusters and underlying infrastructure.
This document provides steps to configure SSL for Tomcat 6.0.16 on Windows Vista. It involves generating an RSA key pair and self-signed certificate, importing the certificate to the Tomcat keystore, configuring the Tomcat server.xml and webapp web.xml files to enable SSL, and testing HTTPS access to the server on port 8443.
Basic concept of nginx , Apache Vs Nginx , Nginx as Loadbalancer , Nginx as Reverse proxy , Configuration of nginx as load balancer and reverse proxy .
SaltConf14 - Oz Akan, Rackspace - Deploying OpenStack Marconi with SaltStackSaltStack
This talk will demonstrate how to use Salt Mine leveraging Salt grains to create several environments (parallel universes) that decide how to run the same Salt formulas with different outcomes. "Roles” will be defined in an OpenStack Marconi (queuing as a service) deployment and a few formulas will be shared to demonstrate the concept.
This document outlines an agenda to learn Nginx in 90 minutes through a series of exercises. It introduces Nginx as an HTTP and reverse proxy server, discusses setting up the environment using Docker, and provides 5 exercises to learn basic Nginx configurations including setting up a first web page, proxying to an Apache server, load balancing across multiple servers with CDN, adding HTTP basic authentication, and enabling HTTPS with basic authentication.
This document provides information about configuring and using the Squid caching proxy server. It discusses Squid versions and improvements between versions, how to configure access control lists and ports in Squid's configuration file squid.conf, and provides a sample configuration file with ACL rules and cache directory settings. Advantages discussed include improved caching and access control capabilities.
EFK Stack이란 ElasticSearch, Fluentd, Kibana라는 오픈소스의 조합으로, 방대한 양의 데이터를 신속하고 실시간으로 수집/저장/분석/시각화 할 수 있는 솔루션입니다. 특히 컨테이너 환경에서 로그 수집을 위해 주로 사용되는 기술 스택입니다.
Elasitc Stack에 대한 소개와 EFK Stack 설치 방법에 대해 설명합니다.
SaltConf14 - Ben Cane - Using SaltStack in High Availability EnvironmentsSaltStack
An overview on the benefits and best practices of using SaltStack for consistency and automation in highly available enterprise environments such as financial services.
You have amazing content and you want to get it to your users as fast as possible. In today’s industry, milliseconds matter and slow websites will never keep up. You can use a CDN but they are expensive, make you dependent on a third party to deliver your content, and can be notoriously inflexible. Enter Varnish, a powerful, open-source caching reverse proxy that lives in your network and lets you take control of how your content is managed and delivered. We’ll discuss how to install and configure Varnish in front of a typical web application, how to handle sessions and security, and how you can customize Varnish to your unique needs. This session will teach you how Varnish can help you give your users a better experience while saving your company and clients money at the same time.
This document discusses automating network configuration and operations using DevOps principles and tools like Puppet. It describes using Zero Touch Provisioning (ZTP) to automatically install and configure Puppet on new network devices. Puppet is then used to configure and manage interfaces, routing protocols, users, and other network settings through an infrastructure-as-code approach.
The document provides recommendations for optimizing performance of high traffic web applications, including tuning Apache settings like MaxClients, enabling caching and compression, optimizing MySQL settings like query caching and indexing, improving PHP configurations for errors, sessions and uploads, and using tools to monitor and test performance. It also outlines best practices for page loading like reducing HTTP requests and moving scripts to the bottom.
A talk I gave at the recent Advanced AWS Meeup - this is a detailed guide to how I installed and set up Spinnaker to work with our infrastructure at Stitch Fix. I go over the various problems I ran into and how I solved them. I hope this can be useful for others setting up, or interested in setting up Spinnaker for their purposes.
**Big thanks to Armory for recording the talks! Video for this talk can be found here: https://youtu.be/ywzPblFpIE0 (I'm the second speaker)**
Apache can function as both a forward and reverse proxy server. To configure it as a proxy, enable the proxy module, turn on proxy requests, and specify which clients can access the proxy. The proxy caches frequently accessed pages to improve performance and reduce bandwidth. It also provides security, access control, and logging of internet traffic on the network.
Aeon mike guide transparent ssl filteringConrad Cruz
This document provides instructions for configuring SQUID 3.3 to act as an SSL bumping proxy on a Debian system. It describes how to generate a self-signed SSL certificate, edit the squid.conf file to enable SSL bumping and specify the certificate files, configure iptables rules to redirect HTTP and HTTPS traffic to the proxy ports, and provides an example configuration for filtering access to specific banking sites over HTTPS.
Aeon mike guide transparent ssl filtering (1)Conrad Cruz
This document provides instructions for configuring Squid 3.3 to act as an SSL bumping proxy on a Debian system. It describes how to generate a self-signed SSL certificate, edit the Squid configuration file to enable SSL bumping and specify the certificate files, configure iptables rules to redirect HTTPS traffic to the proxy, and provides an example Squid configuration file for SSL filtering.
Taming the Cloud Database with Apache jclouds, ApacheCon Europe 2014zshoylev
This document discusses setting up and using Apache jclouds, an open source multi-cloud library, to create and manage cloud databases. It provides code snippets for initializing the jclouds API, creating a database instance on a cloud provider like Rackspace, and polling the instance status until it is ready. The document also outlines the jclouds architecture and abstractions for cloud database services like Trove, and explains how to add support for new providers.
Dispatcher is a load balancing and caching tool for Adobe Experience Manager (AEM). It improves performance by caching static content locally and distributing requests among multiple AEM instances. Beyond load balancing and caching, Dispatcher provides additional security and control over cached content. It can filter requests, rewrite URLs, and enforce access restrictions to protected paths and tools. Dispatcher configuration involves editing configuration files to specify caching, filtering, and rendering rules.
This document provides instructions for installing and configuring the Squid proxy server on Linux. It discusses system requirements for disk performance and memory. It also covers downloading and installing Squid, important configuration notes, starting and stopping Squid, log files, configuring cache disks and directories, access control lists, authentication, and examples of restricting web access by time and to specific websites.
The need to scale is in high demand in an age where everything is moving to the cloud. Though the standard Apache configuration could handle a website with moderate traffic, the minute it gets slash dotted or twitted multiple times could spell an embarrassing crash landing! If you are the administrator of such a website then good luck finding another job! On the other hand you value high availability in the midst of popularity then read on. On this one day workshop, we will show you how to scale your website and webapps to scale to handle thousands of simultaneous sessions the right way. The topics covered will include:
- Setting up Apache and NGiNXM
- Setting up a sample LAMP web app
- Benchmarking Apache performance
- Fine tuning Apache to improve performance
- Fine tuning NGiNX to improve performance
- Discussion about code level improvements when developing custom webapps using PHP
Docker Networking - Common Issues and Troubleshooting TechniquesSreenivas Makam
This document discusses Docker networking components and common issues. It covers Docker networking drivers like bridge, host, overlay, topics around Docker daemon access and configuration behind firewalls. It also discusses container networking best practices like using user-defined networks instead of links, connecting containers to multiple networks, and connecting managed services to unmanaged containers. The document is intended to help troubleshoot Docker networking issues.
Squid Caching for Web Content Accerlationrahul8590
Squid is an open source web proxy and cache server that provides content filtering, access control, and caching capabilities to improve network performance; it sits between clients and external servers to filter web traffic based on configured rules and restrictions set by the network administrator using regular expressions and access control lists. Squid can also integrate with authentication servers like ncsa_auth to require passwords for user access through the proxy.
Service Discovery using etcd, Consul and KubernetesSreenivas Makam
Overview of Service Discovery and Service Discovery using etcd, Consul, Kubernetes and Docker. Presented at Open source meetup, Bangalore(http://www.meetup.com/Bangalore-Open-Source-Meetup/events/229763724/)
JavaOne 2014: Taming the Cloud Database with jcloudszshoylev
This document provides information and instructions for setting up a project using Apache jclouds to create a database in the cloud. It discusses initializing the necessary APIs from jclouds to interact with cloud database services, and provides code samples for creating a database user, database instance, and connecting to the database to test it. The document also discusses next steps like contributing to jclouds examples projects and documentation.
This document provides an overview of setting up an environment to host and develop web services using Java, Apache Tomcat, and Axis. It discusses installing and configuring Apache as a proxy server, setting up Tomcat as the application container, deploying the Axis libraries for SOAP support, and bringing the components together to host a basic web service endpoint. The document aims to demonstrate how quickly one can get started providing their own web services once the required software is installed and configured.
The document discusses OpenShift security context constraints (SCCs) and how to configure them to allow running a WordPress container. It begins with an overview of SCCs and their purpose in OpenShift for controlling permissions for pods. It then describes issues running the WordPress container under the default "restricted" SCC due to permission errors. The document explores editing the "restricted" SCC and removing capabilities and user restrictions to address the errors. Alternatively, it notes the "anyuid" SCC can be used which is more permissive and standard for allowing the WordPress container to run successfully.
Как мы взломали распределенные системы конфигурационного управленияPositive Hack Days
В лекции речь пойдет о том, как команда исследователей обнаружила и эксплуатировала уязвимости различных систем конфигурационного управления в ходе пентестов. Авторы представят различные инструменты распределенного управления конфигурациями, например Apache ZooKeeper, HashiCorp Consul и Serf, CoreOS Etcd; расскажут о способах создания отпечатков этих систем, а также о том, как использовать в своих целях типичные ошибки в конфигурации для увеличения площади атак.
My talk in Bessemer VP R&D / CTO yearly event (Jan 2020).
The presentation discusses major concept in resilience testing and MyHeritage's path to Chaos Engineering.
NGINX Can Do That? Test Drive Your Config File!Jeff Anderson
I have had countless conversations with developers, projects managers, and even executives that end up being about nginx and what it can do. Usually, the phrase "nginx can do that?" comes up. More often than not, the answer is YES. What happens though, is the nginx config file can get unwieldy. How can we assert that it will behave how it needs to over time? How can we avoid introducing inadvertent regressions?
The document discusses how to deploy Rails applications using Capistrano. It covers setting up the Rails environment with Ruby, RubyGems, Rails, Mongrel, Subversion, and Capistrano. It then discusses configuring Capistrano, Apache virtual hosts, and Mongrel clusters. It provides details on the deploy.rb file configuration including database, mongrel cluster, and roles.
The document discusses Kubernetes networking. It describes how Kubernetes networking allows pods to have routable IPs and communicate without NAT, unlike Docker networking which uses NAT. It covers how services provide stable virtual IPs to access pods, and how kube-proxy implements services by configuring iptables on nodes. It also discusses the DNS integration using SkyDNS and Ingress for layer 7 routing of HTTP traffic. Finally, it briefly mentions network plugins and how Kubernetes is designed to be open and customizable.
Similar to Squid for Load-Balancing & Cache-Proxy ~ A techXpress Guide (20)
xml-motor
what, why & how about the new technique xml-parser rubygem
http://justfewtuts.blogspot.com/2012/03/xml-motor-what-it-is-how-why-should-you.html
A new compact XML algorithm without any dependencies. Its implemented as a rubygem to provide Non-native XML parser for particular usages. RubyGem at http://rubygems.org/gems/xml-motor and https://github.com/abhishekkr/rubygem_xml_motor
Syslog Centralization Logging with Windows ~ A techXpress GuideAbhishek Kumar
Syslog Centralization Logging with Windows ~ A techXpress Guide ~ Setting up a centralized Syslog Server to get EventLogs from all Windows Hosts for analysis
Ethernet Bonding for Multiple NICs on Linux ~ A techXpress GuideAbhishek Kumar
Ethernet Bonding for Multiple NICs on Linux ~ A techXpress Guide ~ for Load Balancing the Network Traffic on Multiple Etheret Cards attached on a Linux Box
Solaris Zones (native & lxbranded) ~ A techXpress GuideAbhishek Kumar
Solaris Zones (native & lxbranded) ~ A techXpress Guide ~ Creating & Managing Solaris Zones; Mirroring an existing Linux Setup to a Zone; Setting up SVN, CIFS over a Zone
An Express Guide ~ "dummynet" for tweaking network latencies & bandwidthAbhishek Kumar
It's an Express Guide to "dummynet" for testing Web/Network Applications in real-use-case scenario ~~~~~ it can allow you to tweak Network Latencies and bandwidth to any value and test the application in those circumstances
An Express Guide ~ Zabbix for IT Monitoring Abhishek Kumar
Zabbix is an open source infrastructure monitoring solution. It has two main parts - the Zabbix server and client.
The document provides step-by-step instructions to install and configure Zabbix on a Linux server. This includes installing prerequisites like NTP, PHP, MySQL, compiling and installing the Zabbix server and client, configuring the database, web interface, and more. Finally, it discusses initial configuration steps after installation like securing login credentials.
An Express Guide ~ Cacti for IT Infrastructure Monitoring & GraphingAbhishek Kumar
It's an Express Guide to "Setup of Cacti Server with purpose of IT Infrastructure Monitoring & Service Graphs" ~~~~~ its aimed at monitoring of various IT services and brilliant graphing of statistics
An Express Guide ~ SNMP for Secure Rremote Resource MonitoringAbhishek Kumar
It's an Express Guide to "Basic & Secure Setup of SNMP with purpose of Remote Resource Monitoring" ~~~~~ described here with a use-case of setting it up for monitoring availability of Network Connection on a remote machine and Trap notification in case the link goes down ~~~~~ for both Linux & Windows platforms
Presentation on "XSS Defeating Concept in (secure)SiteHoster" : 'nullcon-2011'Abhishek Kumar
Nullcon is an annual hacker conference held in India. The document discusses defeating web application attacks through offensive security techniques like bug hunting and disarming malicious script tags. It also covers techniques for preventing cross-site scripting attacks, such as parsing user input and only allowing safe HTML tags.
An Approach Eradicating Effect of JavaScript Events in
User Input Being A Part of Web2.0 Facilities... in short the final nail to coffin of XSS Attacks
This document proposes a technique to prevent XSS attacks by modifying how browsers render <script> tags inserted into the <body> of an HTML document. The technique involves the web server transforming the page generated by the application server by wrapping the <body> contents in a <script> tag. This causes any <script> tags in the original <body> to not execute while preserving those in the <head>. The goal is to enable security without requiring input validation by web developers. A proof-of-concept implementation demonstrates how this modification disables injected malicious scripts.
This document provides instructions to install FreeSWITCH on CentOS/RedHat/Fedora in 13 steps: 1) Install dependencies with YUM; 2) Download and extract FreeSWITCH source; 3) Add OpenZAP support to configuration; 4) Compile and install FreeSWITCH; 5) Create symlinks for main binaries; 6) Launch FreeSWITCH as a service or from the command line; 7) Use fs_cli to access the command line.
Squid for Load-Balancing & Cache-Proxy ~ A techXpress Guide
1. Express-Guide
~to~
Basic Setup of
Squid-cache
Proxy Chaining
by, ABK ~ http://www.twitter.com/aBionic
::Task Detail::
Setting up a secured Chained-Proxy between different offices using Squid
for a specific URL set.
::Background::
Links: http://www.squid-cache.org/
Some background information about Squid Cache Proxy Server:
◦ its a high performance proxy caching server for web clients, supporting
FTP, Gopher and HTTP data objects i.e. normally text-based protocols
◦ keeps metadata and hot-objects cached in RAM, supports non-block DNS
and SSL
◦ it can be implemented as a Normal Proxy which needs to be configured
at User's end or even as a Interception Proxy
::Execution Method::
Installing Squid was really easy, its available at YUM Repositories so use
#yum -y install squid
Open 'squid.conf' file in an editor to edit squid's configuration {might find it
at '/etc/squid/squid.conf' or '/usr/local/etc/squid/squid.conf'}
◦ NOTE: Remember, the settings here are interpreted as per their
occurrence in file as a filter above another. So, if you block "A,B,C" first
and then allows "C,D,E"; then C will remain blocked. So, to be on safer
side Squid.Conf has a section defined for each configuration along-with
its detail. For every line of configuration go in its section and then add it.
2. ◦ Now the most basic setting required to edit is enabling access from
clients for that just add settings as per following 2 lines
▪ following lines
acl myClientNetwork src 192.168.0.0/16
http_access allow myClientNetwork
◦ Suppose you wanna set rules for URLs of "A.com" and "Z.com" domain
▪ make its ACL as
acl egurls url_regex .A.com .Z.com
▪ Denying proxy of this URL set
always_direct allow egurls
never_direct deny egurls
▪ Allowing proxy of this URL set
always_direct deny egurls
▪ Denying direct access of URLs if proxy not possible
never_direct allow egurls
◦ Check if line with 'http_port' is
▪ http_port 3128
◦ To stop caching queries
▪ acl Query urlpath_regex cgi-bin ?
▪ cache deny Query
◦ Setting a hostname for Proxy, just don't reveal any info
▪ visible_hostname ANYHOSTNAME
◦ To setup a Parent Squid Server to set Proxy Chaining
▪ cache_peer parent1IPorName parent 3128 0 no-query default
▪ cache_peer parent2IPorName parent 3128 0 no-query
◦ To provide sibling Squid Server for cache checks
▪ cache_peer parent2IPorName sibling 3128 3130
◦ To setup Squid Proxy only for Fail-over, preferring direct connection
otherwise
▪ prefer_direct on
◦ To deny caching, just keep it to proxy
▪ cache deny all
◦ To open support for more ports (say 1234)
▪ acl safe_ports port 1234
Check correctness of squid.conf and apply changes
#squid k parse
Creating Swap directories for Squid Cache
#squid -z
Starting service
#squid -Ncd1
or
#service squid restart
3. ::Tools/Technology Used::
Squid Cache-Proxy Server:
BurpSuite Proxy Tool:
::Inference::
Squid can be used for multiple uses like Standard Proxy, Interception Proxy,
Reverse Proxy, Cache Service, and even as a Load Balancer for Web Service
running on that server.
Its a great utility being developed from great time and still has great scope
to be developed.
Its just that its configuration styling is a bit buggy, sometimes shows weird
results due to some self-unhanded issues.
::Troubleshooting/Updates::
Problem: The web-service we were supposed to proxy was generating
HTTP Request to several other domain names registered to same
organization and sometimes it's IP addresses. This re-occurred several
times.
Solution:
So, I tried to figure out all the URLs involved in correct functioning of Web-
Service by analyzing it's request using BurpSuite Proxy tool.
But this results into just the URLs requested at that time. So, to be on more
safer side I analyzed the source code of parts of service giving error and
en-listed the remaining URLs.
Problem: Configurations of Squid Box were copied onto a newer box for
similar results, but it resulted in blocking of sites supposed to go via Proxy.
Solution:
Initially, it was really absurd as the same settings worked over other box.
But, Squid is somewhat popular for such results so it wasn't a worry. We
were just trying different tweaks not changing the meaning of it but stating
same things in different manner.
It resulted into a revelation that the behavior was specific to certain Query
URLs, other were working fine. Now, it should have worked because even
these URLs matched RegEx.
Some more tweaking of settings made it worked when we explicitly added
4. the 'always_direct' line to it; now normally that shouldn't have mattered...
but for Query based URLs it explicitly required that setting
{no documentation found though}
acl egurls url_regex .A.com .Z.com
always_direct allow egurls
never_direct deny egurls
Requirement:
Squid Proxy was connected to two ISPs via two Ethernet Cards, and we
required to find a way of load-balancing between both service providers.
Solution:
Reading about it showed that load-balancing configuration provided by
Squid is only for Parent Cache Proxies which is not based on Ethernet-Based
load-balancing. We found Ethernet-Bonding with load-balancing module to
implement the same. It has been discussed under one of the articles on this
portal itself.