DevOps Lesson

• Check-In
• NGINX
  • Configuration
    • Load Balancing
    • HTTP Headers
  • Check In
• Hacks
  • Bonus (0.05)
• CORS Hacks
• KASM Hacks

import socket

# Change the following host and see what IP it prints!
host = "google.com"
ip = socket.gethostbyname(host)

print(ip)

142.250.217.142

with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
    s.connect((ip, 80))
    print("Successfully connected!")

Successfully connected!

Check-In

1. What is an IP address?

• Internet protocol addresses, it is connected to computer network for communication.

1. What is a TCP port?

• Transmission Control Protocol, it decides how data is transmmited between devices.

with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
    s.connect((ip, 80))

    # Send a GET request to "/"
    s.sendall(b"GET / HTTP/1.1\r\n\r\n")

    # Recieve & print 2048 bytes of data
    data = s.recv(2048)
    print(data.decode())

HTTP/1.1 200 OK
Date: Wed, 26 Apr 2023 21:18:03 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=ISO-8859-1
Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-Vqd9W6Vkd772W-RQPt4sYw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
Server: gws
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Set-Cookie: 1P_JAR=2023-04-26-21; expires=Fri, 26-May-2023 21:18:03 GMT; path=/; domain=.google.com; Secure
Set-Cookie: AEC=AUEFqZcsClvZPkDSK1NPUYMexnbrvfglxohaGmLR7vptrokQ-p3FevGJYg; expires=Mon, 23-Oct-2023 21:18:03 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
Set-Cookie: NID=511=aUyWriF4_SaFehCRdZtqvZqPeQMwtisZpTcWnSIVapVKRDhlQoW1wzTDSuOc4nVy79mQHvNEMa4qhgZOZiHSCefoufpeRhNDeiUlTPkO-1B0bkDZwsJZmxv7Ix045M4VIuDt7Nc3yygfbU9x_XjGnmRvNKGAUDclm1jFpUOZK8E; expires=Thu, 26-Oct-2023 21:18:03 GMT; path=/; domain=.google.com; HttpOnly
Accept-Ranges: none
Vary: Accept-Encoding
Transfer-Encoding: chunked

5a49
<!doctype html><html itemscope="" itemtype="http://schema.org/WebPage" lang="en"><head><meta content="Search the world's information, including webpages, images, videos and more. Google has many special features to help you find exactly what you're looking for." name="description"><meta content="noodp" name="robots"><meta content="text/html; charset=UTF-8" http-equiv="Content-Type"><meta content="/images/branding/googleg/1x/googleg_standard_color_128dp.png" itemprop="image"><title>Google</title><script nonce="Vqd9W6Vkd772W-RQPt4sYw">(function(){window.google={kEI:'C5VJZOy_GY3akPIPmpmvsA4',kEXPI:'0,1359409,6059,206,4804,2316,383,246,5,1129120,1197714,687,380090,16114,19397,9287,22430,1362,12314,4751,12834,4998,13228,3847,38444,2872,2891,3926,7828,606,29843,20216,10631,6397,8927,432,3,346,1244,1,16916,2652,4,1528,2304,29062,13065,13658,2980,1457,16786,5827,2530,4094,7596,1,42154,

import requests

# Change the URL to whatever you'd like
response = requests.get("https://www.netflix.com/")

print("Status code:", response.status_code)
print("Headers:", response.headers)
print("Response text:", response.text[:100])

# Add a line to print the "Content-Type" header of the response
# Try an image URL!

Status code: 200
Headers: {'Server': 'nq_website_nonmember-prod-release f3a1d150-c793-4a6b-976d-a5203ca41de1', 'x-frame-options': 'DENY', 'content-type': 'text/html; charset=utf-8', 'cache-control': 'no-cache, no-store, must-revalidate', 'pragma': 'no-cache', 'expires': '0', 'x-robots-tag': 'index', 'date': 'Fri, 28 Apr 2023 05:41:10 GMT', 'x-envoy-upstream-service-time': '238', 'x-b3-traceid': 'fd4a6eb933a7d142', 'x-request-id': '062f4b5e-bf2c-4503-98d8-787bb3f95b61', 'x-envoy-decorator-operation': 'lo_svc', 'x-http2-stream-id': '3', 'Via': '1.1 i-0cd615408cc3bb80c (us-west-2)', 'X-Xss-Protection': '1; mode=block; report=https://www.netflix.com/ichnaea/log/freeform/xssreport', 'X-Content-Type-Options': 'nosniff', 'Strict-Transport-Security': 'max-age=31536000; includeSubDomains', 'X-Originating-URL': 'http://www.netflix.com/', 'Set-Cookie': 'flwssn=2130259a-4a92-4556-bcfc-833e3f4cf445; Max-Age=10800; Domain=.netflix.com; Path=/, nfvdid=BQFmAAEBEOuqX5XH3MuI1OEMx3fBznlAqyZx0aO1kU1-xqy7G1EB9H2GFIAtVSaVJIGxWV3MntdW8dZwnM0yPKJKHTX-tIZS8uDfCB85J6nsTk3-cWSDPg%3D%3D; Domain=.netflix.com; Path=/; Max-Age=31536000, SecureNetflixId=v%3D2%26mac%3DAQEAEQABABQnyQDHR-2y5jaxxPiEeHdYFN81lr2AekI.%26dt%3D1682660470720; Domain=.netflix.com; Expires=Sat, 27 Apr 2024 05:41:10 GMT; Path=/; HttpOnly; Secure; SameSite=Strict, NetflixId=v%3D2%26ct%3DBQAOAAEBEPX35tdrSn4h4TWrhXVzEk6BAMaxv5Et2St2hesB0g9lXvlsdkHFZivOpydRUHgVtI2OqFU7gDUfl7Ybs_JQiz06u-B-0i-8H9TxpHIU3m27e2C0R2GHCPe6hhj_PQRB6k_RQsSpADDsEOPgyZkKEJOGply0EdL5BUi00k8LqGteSn8yovAgYUNOMXtJRl2E7Wji6XWb-qtplO_fAcmTGPIBPD_tkj9A8n0ViJrHPE55q6ipXmXAMM6ukP_FilmLNaYLZnV5exYc9MmYaPhPrMt6liPxBVazsGBrI9cYtlxUSRvHgbwMZ5XIOGSHzd3j8WBzsw0JiES4fGh5TL2lbDePv-lIfqn6fDS5fcGPnT6ht54.%26bt%3Ddev%26mac%3DAQEAEAABABSJecyVDTL27zhZ0TUZwP1iVtNa3lFgZCc.; Domain=.netflix.com; Expires=Sat, 27 Apr 2024 05:41:10 GMT; Path=/; HttpOnly; Secure; SameSite=Lax', 'X-Netflix.nfstatus': '1_1', 'X-Netflix.proxy.execution-time': '302', 'X-Netflix.zuul.netty.content.compressor.target': 'gzip', 'content-encoding': 'gzip', 'transfer-encoding': 'chunked'}
Response text: <!doctype html><html lang="en" class=" "><head><meta http-equiv="Content-Type" content="text/html; c

NGINX

aws = "3.130.255.192"

response = requests.get("http://" + aws)
print(response.text)

<html><head><title>ContentKeeper</title></heQad>
<body bgcolor="#A02E5F" text="White" link="Lime" vlink="Aqua">
<center><br><h1>ContentKeeper<br>Non-Managed Site</h1>
No access is available to NON-Managed Sites.<br><br>
<table border="1" cellspacing="0">
<tr><td>URL</td><td><b>3.130.255.192</b></td></tr>
<tr><td>Username</td><td><b>1966620/pusd</b></td></tr></table>
</body></html>

Configuration

server {
    // Listen on virtual "port 80"
    listen 80;
    listen [::]:80;
    server_name 3.130.255.192;

    location / {
        // Inform server about original client
        proxy_set_header        Host $host;
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-Proto $scheme;

        // Forward all requests transparently to the server running on our computer
        proxy_pass              http://localhost:9099;
    }
}

Load Balancing

upstream example.com {
    server server1.example.com;
    server server1.example.com;
}

HTTP Headers

server {
    add_header X-Cool-Header "I love APCSP!";

    location /pages {
        add_header X-Cooler-Header "This is my secret header!";
    }
}

Check In

1. Research 1 HTTP header and describe, in detail, its purpose.

• Request headers contain details of the client requesting the resource.

1. Write a line in a sample NGINX configuration that will add that specific header to the /information location

• Sorry, I don't know how to do this..

1. Explain the purpose of the load balancing performed by NGINX Distribute incoming network traffic among multiple servers to increase application availability
2. Modify the following code block to obtain the value of the secret header on /products of the AWS site

import requests
aws = "3.130.255.192"
# send the GET requests to URL
# use get() to retrieve the value.
response = requests.get("http://" + aws+ "/products")
secret_header = response.headers.get('X-Secret-Header')
# If the header is present in the response, its value will be printed to the console. 
# If the header is not present in the response, a message indicating so will be printed.
if secret_header:
    print("The secret header is:", secret_header)
else:
    print("The secret header is not present in the response headers")

The secret header is not present in the response headers

Hacks

• Complete the above check-in questions and change the hosts (0.1)
• Complete the above code-segment to retrieve the secret header (0.1)
• sorry I can't find the secret header.

Bonus (0.05)

Create a diagram showing the layers of abstraction that allow us to use HTTP (IP, TCP, etc.)

CORS Hacks

1. Explain what CORS is and what it stands for

• It stands for Cross-origin Resource Sharing. It allows the server to indicate any origin (domain, scheme or port) other than itself, from which the browser should allow resources to be loaded.

1. Describe how you would be able to implement CORS into your own websites

• I can use this to determine if the browser is blocking responses from front-end JavaScript code from accessing cross-origin requests.

1. Describe why you would want to implement CORS into your own websites

• JavaScript can only call URLs on the same origin as where the script is running, and if CORS is used, it will be able to call APIs on different domains

1. How could use CORS to benefit yourself in the future?

• I will be able to access different schemes, different domains, different ports, although the URL being accessed is not the same as where JavaScript is running

KASM Hacks

1. What is the purpose of "sudo" when running commands in terminal?

• Run with administrator privileges

1. What are some commands which allow us to look at how the storage of a machine is set up as?

• We can use df, du commands in linux to check it.

1. What do you think are some alternatives to running "curl -O" to get the zip file for KASM?

• We can use "wget" command.

1. What kind of commands do you think the "install.sh" command has and why is it necessary to call it?

• It's a script command. It can be used for installing and save some time.

1. Explain in at least 3-4 sentences how deploying KASM is related to/requires other topics talked about in the lesson and/or potential ways to add things mentioned in the lesson to this guide.

• I think it is very similar to GitHub. It is a workspace. Through docker containers, it can reduce platform resource requirements and provide a secure environment.