Mobil Mewah

Salah satu sumber Inspirasi.

Mobil Sport terbaik

Anda pasti bisa memilikinya.

Bermain dengan pesawat

Salah satu ide yang gila, Balapan di udara.

Bermain di angkasa

Apakah ini salah satu Goals dalam hidup anda? anda pasti bisa mencapainya

Thursday 28 May 2020

Securing your Web services using Nginx

07:39  Mulianto Phang  No comments


If we have an API service and want to publish to public, better use a reverse proxy like nginx to handle all the dirty traffic trying to taken down your services.

With Nginx you will make your API server live prosper and not minding the dirty request which should not coming on your server if not using Nginx in front of it.

So lets do the Nginx configuration for securing your backend API server.



    add_header Cache-Control public;
    add_header X-frame-Options "DENY";
    add_header X-Xss-Protection "1; mode=block" always;
    add_header Content-Security-Policy-Report-Only "script-src https://skyway.shineapi.net";
    add_header X-Content-Type-Options "nosniff" always;
    add_header Strict-Transport-Security 'max-age=31536000;includeSubDomains;preload;' always;
    add_header Referrer-Policy no-referrer-when-downgrade;
 
   if ($http_referer = "") {  return 403; }


With above configuration, any request incoming your API will be handled by Nginx and protected by the header config which is web security standards for securing any web app in the wild.

For the explanation i will put on another blog post for details.


Read More

Thursday 7 May 2020

Monitoring tools in the new age with Grafana

20:11  Mulianto Phang  No comments

We know for old school monitoring tools are using Nagios, Cacti, CollectD. Well, that's what i use on my job to monitoring infrastructure.

No fancy graphic and display, no filter , only plain time range value with the monitored data.

Now, we see Grafana. I try grafana and its looks a like elastic kibana. Well, apparantly Grafana was a fork of Kibana 3.0 . Grafana is Free to use, but also have enterprise version which have support.

With grafana we can connect to multiple datastore. What i try was using prometheus, as it can be generate data also the TSDB it used. no need more DB for the storage.

Also we can also put our application metrics to prometheus to scrap and display it.

Now version 6.x , grafana have many plugin and chart template to be use.

It can also used for your monitoring dashboard to show alerts.

Alerts can be set using prometheus alert manager. all is there to be exploited.

Lets continue the journey with Grafana + prometheus + prometheus alert manager

Read More

Wednesday 6 May 2020

Create a Services in linux box

22:48  Mulianto Phang  No comments

In linux box, everything runs at startup is a service.

Service located on  /etc/systemd/system/servicename.service

Step to create a service are :
1. Create a service user account
2. Change ownership of config file to the service account
3. Create a service file to load when startup

Create service user account the secure way :


  • $ sudo useradd --no-create-home --shell /bin/false blackbox_exporter

Here are template for create a service and use the created user above.

[Unit]
Description=Blackbox Exporter
Wants=network-online.target
After=network-online.target

[Service]
User=blackbox_exporter
Group=blackbox_exporter
Type=simple
ExecStart=/usr/local/bin/blackbox_exporter --config.file /etc/blackbox_exporter/blackbox.yml

[Install]
WantedBy=multi-user.target
This will be inside the .service file.

Then we need to reload the daemon.

#systemctl daemon-reload

And service can run using below command :

#systemctl start service_name

To enable it do :

#systemctl enable service_name

Hope this helps

Read More
Twitter Delicious Facebook Digg Stumbleupon Favorites More