DevOps Lesson

• Check-In
• NGINX
  • Configuration
    • Load Balancing
    • HTTP Headers
  • Check In
• Hacks
  • DNS Hacks ✔
  • HTTP hacks ✔
  • Bonus (0.05) ✔
• CORS Hacks ✔
• KASM Hacks ✔

import socket

# Change the following host and see what IP it prints!
host = "youtube.com"
ip = socket.gethostbyname(host)

print(ip)

142.250.217.142

with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
    s.connect((ip, 80))
    print("Successfully connected!")

Successfully connected!

Check-In

1. What is an IP address?
   • IP is internet protocol. It is a unique address assigned to each device as it goes on the internet.
2. What is a TCP port?
   • TCP is Transmission Control Protocol. It transmits data over the internet. It ensures that data packets are sent correctly between devices

with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
    s.connect((ip, 80))

    # Send a GET request to "/"
    s.sendall(b"GET / HTTP/1.1\r\n\r\n")

    # Recieve & print 2048 bytes of data
    data = s.recv(2048)
    print(data.decode())

HTTP/1.1 200 OK
Date: Fri, 28 Apr 2023 05:26:49 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=ISO-8859-1
Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-s636_RBh4s6y3lhciEqQwQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
Server: gws
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Set-Cookie: 1P_JAR=2023-04-28-05; expires=Sun, 28-May-2023 05:26:49 GMT; path=/; domain=.google.com; Secure
Set-Cookie: AEC=AUEFqZfDCelWrX-EjSJ00dPrCrQdQCNBGUkka6s2P2_4p8LSrBUCVc_WNA; expires=Wed, 25-Oct-2023 05:26:49 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
Set-Cookie: NID=511=rwbnO9dGDvkpDzsjod1LR84djnHDo5o0Ey3s0LbXr8wRAwTIhocPonOtb0M4NZOn-pE6aJKvKezCWZeeTLCo40JQhmwf8hrigCg4LEDp4USkvKZAF0uxQLVZREKYxahL951JEauAHJXKq8KQZtqW8kJ8ry8nid3uG-bTPRDOyr0; expires=Sat, 28-Oct-2023 05:26:49 GMT; path=/; domain=.google.com; HttpOnly
Accept-Ranges: none
Vary: Accept-Encoding
Transfer-Encoding: chunked

5975
<!doctype html><html itemscope="" itemtype="http://schema.org/WebPage" lang="en"><head><meta content="Search the world's information, including webpages, images, videos and more. Google has many special features to help you find exactly what you're looking for." name="description"><meta content="noodp" name="robots"><meta content="text/html; charset=UTF-8" http-equiv="Content-Type"><meta content="/images/branding/googleg/1x/googleg_standard_color_128dp.png" itemprop="image"><title>Google</title><script nonce="s636_RBh4s6y3lhciEqQwQ">(function(){window.google={kEI:'GVlLZIESx8OQ8g-hmqPQDg',kEXPI:'0,1303457,55952,6059,206,2414,2390,2316,383,246,5,1129120,1197754,380737,16111,28687,22430,1362,12313,2821,14765,4998,13228,3847,38444,2872,2891,3926,213,7615,606,60689,15325,432,3,346,1244,1,16916,2652,4,1528,2304,29062,13063,13660,2980,18243,5824,2533,4094,7596,1,11943,2320,27891,2,140

import requests

# Change the URL to whatever you'd like
response = requests.get("https://i.imgur.com/ow7kQl1.png")

print("Status code:", response.status_code)
print("Headers:", response.headers)
print("Response text:", response.text[:100])
print("Content-Type:", response.headers.get("Content-Type"))

# Add a line to print the "Content-Type" header of the response
# Try an image URL!

Status code: 200
Headers: {'Connection': 'keep-alive', 'Content-Length': '331749', 'Last-Modified': 'Fri, 28 Apr 2023 05:21:20 GMT', 'ETag': '"d2e801de1cea5aeadf46becc3738850a"', 'x-amz-server-side-encryption': 'AES256', 'Content-Type': 'image/png', 'cache-control': 'public, max-age=31536000', 'Accept-Ranges': 'bytes', 'Date': 'Fri, 28 Apr 2023 06:01:22 GMT', 'Age': '2402', 'X-Served-By': 'cache-iad-kjyo7100124-IAD, cache-lax10664-LGB', 'X-Cache': 'HIT, MISS', 'X-Cache-Hits': '1, 0', 'X-Timer': 'S1682661682.051713,VS0,VE65', 'Strict-Transport-Security': 'max-age=300', 'Access-Control-Allow-Methods': 'GET, OPTIONS', 'Access-Control-Allow-Origin': '*', 'Server': 'cat factory 1.0', 'X-Content-Type-Options': 'nosniff'}
Response text: �PNG

   sRGB ���   sBd�    IDATx��w�mWU������PBh;A/�QP/
Content-Type: image/png

NGINX

aws = "3.130.255.192"

response = requests.get("http://" + aws)
print(response.text)

<!doctype html>
<html>
<head>
<title>Cool site</title>
<meta name="description" content="cool site for apcsp">
</head>
<body>
Hello, this is my cool site. Check out my products:
<a href="/products">Products!!</a>
</body>
</html>

Configuration

server {
    // Listen on virtual "port 80"
    listen 80;
    listen [::]:80;
    server_name 3.130.255.192;

    location / {
        // Inform server about original client
        proxy_set_header        Host $host;
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-Proto $scheme;

        // Forward all requests transparently to the server running on our computer
        proxy_pass              http://localhost:9099;
    }
}

Load Balancing

upstream example.com {
    server server1.example.com;
    server server1.example.com;
}

HTTP Headers

server {
    add_header X-Cool-Header "I love APCSP!";

    location /pages {
        add_header X-Cooler-Header "This is my secret header!";
    }
}

Check In

1. Research 1 HTTP header and describe, in detail, its purpose.

• One HTTP header is the Content-Type header. Its purpose is to indicate the type of data that is being returned in the response. This ensures the client is able to properly interpret the data. For example, a response with a Content-Type header of "text/html; charset=UTF-8" says that the response body is in HTML format and is encoded using UTF-8.

1. Write a line in a sample NGINX configuration that will add that specific header to the /information location

   server {
    add_header Name-Header "Annika Liao";
   
    location /information {
        add_header Info-Header "Header with information";
    }
   }
   

2. Explain the purpose of the load balancing performed by NGINX

• The load balancing in NGINX helps distribute incoming network traffic to several servers or instances. This ensures that one server is not overwhelmed with too many requests. This improves the efficiency and reliability of all the servers

1. Modify the following code block to obtain the value of the secret header on /products of the AWS site

aws = "3.130.255.192"

response = requests.get("http://" + aws+ "/products")

secret_header = response.headers.get('X-Cooler-Header')

print("The secret header is:", secret_header)

The secret header is: This is my secret header!

Hacks

DNS Hacks ✔

1. What does DNS stand for?

• DNS means for domain name service

1. What is the purpose of DNS?

• DNS is used to translate domain names into IP addresses so that users can use the internet.

1. How does DNS work?

• When a user types a domain name into the web browser, the browser sends a query to a resolver which search for the IP addresses that is associated with that domain name. The IP address is returned to the browser, connecting it to the correct server.

1. What is a DNS resolver?

• Software that processes DNS queries and returns the correct address.

1. Process of DNS:

HTTP hacks ✔

• Complete the above check-in questions and change the hosts (0.1)
• Complete the above code-segment to retrieve the secret header (0.1)

Bonus (0.05) ✔

Create a diagram showing the layers of abstraction that allow us to use HTTP (IP, TCP, etc.)

CORS Hacks ✔

1. Explain what CORS is and what it stands for

• Cross-origin resource sharing is a set of techniques used to prevent web pages from accessing resources on other domains without permission. It adds HTTP headers to a web bpage in order to inform the browser whether access is allowed.

1. Describe how you would be able to implement CORS into your own websites

• You would need to add specific HTTP headers to your server that indicate which domains/origins are allowed to access the resources. I would need to determine which origins I want or need to restrict, then use Access-Control-Allow-Origin, which specifies the domains allowed.

1. Describe why you would want to implement CORS into your own websites

• By implementing CORS, I can control which domains are allowed to access my resources, and prevent unauthorized access. This may include attackers trying to steal data, or put malicious code on your site. CORS is a security measure that ensures the safety of you and all your website's users.

1. How could use CORS to benefit yourself in the future?

• It is important when developing websites that your site is safe to use for everyone. CORS is a security measure towards this. Developers can make sure their sites can access resources from other domains without security issues.

Total: 0.2 points

KASM Hacks ✔

1. What is the purpose of "sudo" when running commands in terminal?

• "sudo" stands for "superuser do" and is used in the terminal to run commands with elevated privileges. It allows a user to execute commands as the system's root user or another user with administrative right.

1. What are some commands which allow us to look at how the storage of a machine is set up as?

• cd stands for change directory and it allows you to change your current working directory. ls is list and it lists contents of your current directory. rm stands for remove and it can delete a file or directory. mkdir is make directory and creates a new directory.

1. What do you think are some alternatives to running "curl -O" to get the zip file for KASM?

• You can download a file manually from the site and save it locally.

1. What kind of commands do you think the "install.sh" command has and why is it necessary to call it?

• install.sh likely contains commands necessary to install KASM software on local machine. It is necessary because it contains commands necessary to install software or packages.

1. Explain in at least 3-4 sentences how deploying KASM is related to/requires other topics talked about in the lesson and/or potential ways to add things mentioned in the lesson to this guide.

• Deploying KASM, a container-based streaming service, requires several components such as headers, NGINX, load balancing, configuration, DNS, and CORS. These components are important for setting up the KASM service, configuring security settings, managing incoming web traffic, distributing traffic across multiple server instances, mapping the KASM domain name to its IP address, and enabling cross-origin resource sharing. Understanding these components is necessary to deploy KASM successfully.

Total: 0.2 points