In addition, reverse proxies hide the actual web server IPs by exposing their own IP – same as a single IP Load balancer (e.g. F5 load balancers). Read this for all possible uses of reverse proxies

NGINX can be configured as a reverse proxy for apache and other web servers.

Also read Fiddler vs Wireshark 

The post NGINX as a reverse proxy (for apache or any web server) appeared first on Anuj Varma, Hands-On Technology Architect, Clean Air Activist.

Proxying requests providers more control.

The three most common proxies:

• • HTTP proxy (so you can close port 80 and 443)
  • Internal DNS servers (proxy requests to the outside world)
  • Internal Mail server (relays incoming and outgoing mail to the world)

Wireshark vs Fiddler

• • Fiddler is http only proxy –  Wireshark works for all TCP ports
  • What ports need to ALWAYS Open OUTBOUND? There are no ports that need to be opened for full access in your outbound firewall rules.

Summary

This is a quick recap of the benefits of using an http proxy (e.g. Fiddler and Wireshark)

The post HTTP Proxies – Fiddler versus Wireshark appeared first on Anuj Varma, Hands-On Technology Architect, Clean Air Activist.

ping 1.1.1.1 (cloudflare’s dns) –> Should return something like

Reply from 1.1.1.1: bytes=32 time=34ms TTL=55

ping 8.8.8.8 (google’s dns)

Telnet (over port 80 = equals internet connectivity) or CURL over http

telnet yahoo.ca 80  -->> Should return 'Connected'
curl http://www.google.com --> Should return the html content

telnet checkip.dyndns.org 80 –> Should return ‘connected’

Additionally, type

GET / HTTP/1.1HOST: checkip.dyndns.org --> Should return the html content shown below

HTTP/1.1 200 OK
Content-Type: text/html
Server: DynDNS-CheckIP/1.0
Connection: close
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 106

<html><head><title>Current IP Check</title></head><body>Current IP Address: X.X.X.X</body></html>

Port 443 Test

wget –no-check-certificate https://

curl -c https://  (-c to ignore expired ssl certificate warnings)

Install Ping (uses ICMP) and Traceroute (uses UDP or ICMP) on Ubuntu

sudo apt install iputils-ping

which ping

/usr/bin/ping
$ ping -c 1 linuxconfig.org

sudo apt-get install traceroute

$ traceroute linuxconfig.org

$ traceroute -I ICMP example.com

The post Quick ping and telnet tests appeared first on Anuj Varma, Hands-On Technology Architect, Clean Air Activist.

• 192.168.0 –> Network Part
• .0  –> Host Part

A subnet mask of 255.255.255.0 means that the first three octets of the address will be used for the network, and thus our network number is 192.168.1.
This means we can have 254 computers on this network, because the fourth octet is not being used by the network portion of the address

Reserved address ranges for private (non-routed) addresses

10.0.0.0 -> 10.255.255.255
172.16.0.0 -> 172.31.255.255
192.168.0.0 -> 192.168.255.255

Dividing the network into multiple subnetworks

There are two methods for dividing your network into multiple sub networks; One is to simply change your network numbers keeping the same subnet mask. The other is to subnet your network into smaller sub networks.

Option 1 – Keeping the same mask:

Your network could be divided into two or more networks by changing the network portion of the address such as 10.0.1 and 10.0.2 and keeping the same subnet mask.

Example:
192.168.1.0/255.255.255.0
192.168.2.0/255.255.255.0

Doing this would give you two separate networks with 254 hosts per network. This is a very common method of dealing with multiple networks. However, back in the good old days you had to pay for every IP address you used, and if you had 25 computers on your network you probably would not want to pay for 254 addresses! The answer to the problem is…subnetting.

Option 2 – Subnetting a network

Subnetting is when you use bits from the host portion of your address as part of your network number. This let’s you subdivide your network at the cost of host addresses, which is great if you’re paying for every host IP address. It will save you money because you pay for fewer TCP/IP addresses. Confused? Here is where understanding binary is important.

Lets look at a new subnet mask:

255.255.255.224

As you can see in the fourth octet, some of the host portion of this subnet mask is now being used for part of the network address. Which means we are now using some of the binary bits in the fourth octet for our network numbers, and that gives us fewer hosts than our old mask (which gave us 254), but gives us more networks (which is why we call it subnetting).

The post What each octet means – subdividing a network into multiple subnets appeared first on Anuj Varma, Hands-On Technology Architect, Clean Air Activist.

There are three important parts to a CSR:

1. Your public key.
2. The fully-qualified domain name(s) you want your certificate to be used with.
3. Other information about you and your organization/website (including the legally registered name and the city/state/country where its registered).

The post What is a Certificate Singing Request – CSR ? appeared first on Anuj Varma, Hands-On Technology Architect, Clean Air Activist.

• a) which vpn implementation you are using
• b) which OS you are using.

TESTING your VPN Connection

Test by opening up a cli and typing in “nslookup localhost” and looking at the top entry (Windows). Do this BEFORE and AFTER you connect to the VPN Server to see if the dns servers changed.

The post DNS servers for your VPN connection appeared first on Anuj Varma, Hands-On Technology Architect, Clean Air Activist.

https://blogs.technet.microsoft.com/askds/2010/08/12/using-ad-recycle-bin-to-restore-deleted-dns-zones-and-their-contents-in-windows-server-2008-r2/

Running the Powershell commands, you may see some errors (‘could not add object, as it is in use..’) . Just Ignore these

(Quick) Restoring a Deleted AD Zone

Get-ADObject -Filter {displayName -eq “mylocal.site”} -IncludeDeletedObjects | Restore-ADObject

Restore a Deleted AD Object

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd379509(v=ws.10)?redirectedfrom=MSDN

Restoring an entire Deleted Site

https://blogs.technet.microsoft.com/askds/2010/08/12/using-ad-recycle-bin-to-restore-deleted-dns-zones-and-their-contents-in-windows-server-2008-r2/

Restoring a Deleted AD Zone

Get-ADObject -Filter {displayName -eq “mylocal.site”} -IncludeDeletedObjects | Restore-ADObject

Audit Trail on Domain Controller – DNS Events Audit

Event viewer>Applications and Services logs>Microsoft>windows>DNS-Server>Audit

If you do not see a DNS-server component, enable DNS record auditing manually.

Right-click DNS Server, point to View, and then click “Show Analytic and Debug Logs“. Right-click Analytical and then click on Properties. Confirm the “Enable logging” check box is selected.

The post Restoring Deleted AD Sites, Zones and Objects appeared first on Anuj Varma, Hands-On Technology Architect, Clean Air Activist.

Doing this on the local client

“gpresult /r” or “NLTEST /dsgetsite“

Doing this on any AD computer

Test whether it is part of the domain  –

1. nltest /DSADDRESSTOSITE:   (Hit Enter)
2. nltest /DSADDRESSTOSITE:10.10.1.104

Retrieve the site-subnet mapping for ‘10.10.1.104’ from ‘\\DC01.DOMAIN.COM’.

10.10.10.100 AVARMA 10.10.10.0/24

This will tell you whether it is assigned to the AD site AVARMA – and the appropriate subnet mapping

Audit Trail on Domain Controller – DNS Events Audit

Event viewer>Applications and Services logs>Microsoft>windows>DNS-Server>Audit

If you do not see a DNS-server component, enable DNS record auditing manually.

Right-click DNS Server, point to View, and then click “Show Analytic and Debug Logs“. Right-click Analytical and then click on Properties. Confirm the “Enable logging” check box is selected.

Restoring an entire Deleted Site

https://blogs.technet.microsoft.com/askds/2010/08/12/using-ad-recycle-bin-to-restore-deleted-dns-zones-and-their-contents-in-windows-server-2008-r2/

Restoring a Deleted AD Zone

Get-ADObject -Filter {displayName -eq “mylocal.site”} -IncludeDeletedObjects | Restore-ADObject

Restore a Deleted AD Object

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd379509(v=ws.10)?redirectedfrom=MSDN

The post Testing whether a client is part of an AD appeared first on Anuj Varma, Hands-On Technology Architect, Clean Air Activist.

Active Directory domains can be identified using a DNS name, which can be the same as an organization’s public domain name, a sub-domain or an alternate version (which may end in .local).  While Group Policy can be applied to an entire domain, it is typical to apply policies to sub-groups of objects known as organizational units (OUs). All object attributes, such as usernames, must be unique within a single domain and, by extension, an OU.

The post Active Directory Domain Basics appeared first on Anuj Varma, Hands-On Technology Architect, Clean Air Activist.

1. Kubeadm init
2. Pre Flight Checks – Pull container images  and check for available host resources
3. Creates a Certificate Authority
4. Generates Kubeconfig Files
5. Generate Static Pod Manifests – for Control Plane Pods
6. Starts up the Control Plane
7. Taints the Master (System Pods on master node)
8. Generates a Bootstrap Token
9. Starts Add On Pods:  DNS and Kube Proxy

The post Kubeadm – Bootstrap a kubernetes cluster appeared first on Anuj Varma, Hands-On Technology Architect, Clean Air Activist.