DevOps Lesson

• Check-In
• NGINX
  • Configuration
    • Load Balancing
    • HTTP Headers
  • Check In
• Hacks
  • Bonus (0.05)
• CORS Hacks
• KASM Hacks

import socket

# Change the following host and see what IP it prints!
host = "google.com"
ip = socket.gethostbyname(host)

print(ip)

142.250.72.174

with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
    s.connect((ip, 80))
    print("Successfully connected!")

Successfully connected!

Check-In

1. What is an IP address?
   • internet protocal is a unqine number that identifies the device
2. What is a TCP port?
   • Check to see how the packet is made, and if it needs more bytes if something is missing

with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
    s.connect((ip, 80))

    # Send a GET request to "/"
    s.sendall(b"GET / HTTP/1.1\r\n\r\n")

    # Recieve & print 2048 bytes of data
    data = s.recv(2048)
    print(data.decode())

HTTP/1.1 200 OK
Date: Fri, 28 Apr 2023 04:51:09 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=ISO-8859-1
Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-NZ8FzhGlXy_AuqR0i3IWQA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
Server: gws
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Set-Cookie: 1P_JAR=2023-04-28-04; expires=Sun, 28-May-2023 04:51:09 GMT; path=/; domain=.google.com; Secure
Set-Cookie: AEC=AUEFqZcXk6eMXO4dcaxEZN4TA-7yYzsVdf0Y4ddY85HaeHPjA-OWrGUkiuQ; expires=Wed, 25-Oct-2023 04:51:09 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
Set-Cookie: NID=511=abkxxe4sar0T3M1nqmvivwYSODsptrv5X4pvU9L8TSQTgU-U4Fqqgnyjq4qYuxxqlORp_fS8DW-Sr1soCY5wWyQpHOkb4EpvLQKO2_3ABi7JZU4qZ10cYrMKEPBr0wG3d3320eAlAUMuNBP-DOcuktJ4QNn3FBkrIiG5rbVnYJ0; expires=Sat, 28-Oct-2023 04:51:09 GMT; path=/; domain=.google.com; HttpOnly
Accept-Ranges: none
Vary: Accept-Encoding
Transfer-Encoding: chunked

5316
<!doctype html><html itemscope="" itemtype="http://schema.org/WebPage" lang="en"><head><meta content="Search the world's information, including webpages, images, videos and more. Google has many special features to help you find exactly what you're looking for." name="description"><meta content="noodp" name="robots"><meta content="text/html; charset=UTF-8" http-equiv="Content-Type"><meta content="/images/branding/googleg/1x/googleg_standard_color_128dp.png" itemprop="image"><title>Google</title><script nonce="NZ8FzhGlXy_AuqR0i3IWQA">(function(){window.google={kEI:'vVBLZNW2EbfBkPIPm9SbuAY',kEXPI:'0,1303459,55950,6059,206,2415,2389,2316,383,246,5,1129120,1197739,380752,16114,19398,9286,22430,1362,283,12034,17582,4998,13228,3847,38444,885,1987,2891,3926,213,7615,606,30668,27618,2404,15324,432,3,346,1244,1,16916,2652,4,1528,2304,29062,13063,11444,2216,2980,1457,16786,5809,2548,409

import requests

# Change the URL to whatever you'd like
response = requests.get("https://youtube.com")

print("Status code:", response.status_code)
print("Headers:", response.headers)
print("Response text:", response.text[:100])

# Add a line to print the "Content-Type" header of the response
# Try an image URL!

Status code: 200
Headers: {'Content-Type': 'text/html; charset=utf-8', 'X-Content-Type-Options': 'nosniff', 'Cache-Control': 'no-cache, no-store, max-age=0, must-revalidate', 'Pragma': 'no-cache', 'Expires': 'Mon, 01 Jan 1990 00:00:00 GMT', 'Date': 'Fri, 28 Apr 2023 04:51:22 GMT', 'Strict-Transport-Security': 'max-age=31536000', 'X-Frame-Options': 'SAMEORIGIN', 'Report-To': '{"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}', 'Permissions-Policy': 'ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*', 'Origin-Trial': 'AvC9UlR6RDk2crliDsFl66RWLnTbHrDbp+DiY6AYz/PNQ4G4tdUTjrHYr2sghbkhGQAVxb7jaPTHpEVBz0uzQwkAAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTcxOTUzMjc5OSwiaXNTdWJkb21haW4iOnRydWV9', 'Cross-Origin-Opener-Policy': 'same-origin-allow-popups; report-to="youtube_main"', 'P3P': 'CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."', 'Content-Encoding': 'gzip', 'Server': 'ESF', 'X-XSS-Protection': '0', 'Set-Cookie': 'GPS=1; Domain=.youtube.com; Expires=Fri, 28-Apr-2023 05:21:22 GMT; Path=/; Secure; HttpOnly, VISITOR_INFO1_LIVE=GAjobnYkMz4; Domain=.youtube.com; Expires=Wed, 25-Oct-2023 04:51:22 GMT; Path=/; Secure; HttpOnly; SameSite=none', 'Alt-Svc': 'h3=":443"; ma=2592000,h3-29=":443"; ma=2592000', 'Transfer-Encoding': 'chunked'}
Response text: <!DOCTYPE html><html style="font-size: 10px;font-family: Roboto, Arial, sans-serif;" lang="en" syste

NGINX

aws = "3.130.255.192"

response = requests.get("http://" + aws)
print(response.text)

<html><head><title>ContentKeeper</title></heQad>
<body bgcolor="#A02E5F" text="White" link="Lime" vlink="Aqua">
<center><br><h1>ContentKeeper<br>Non-Managed Site</h1>
No access is available to NON-Managed Sites.<br><br>
<table border="1" cellspacing="0">
<tr><td>URL</td><td><b>3.130.255.192</b></td></tr>
<tr><td>Username</td><td><b>1851448/pusd</b></td></tr></table>
</body></html>

Configuration

server {
    // Listen on virtual "port 80"
    listen 80;
    listen [::]:80;
    server_name 3.130.255.192;

    location / {
        // Inform server about original client
        proxy_set_header        Host $host;
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-Proto $scheme;

        // Forward all requests transparently to the server running on our computer
        proxy_pass              http://localhost:9099;
    }
}

Load Balancing

upstream example.com {
    server server1.example.com;
    server server1.example.com;
}

HTTP Headers

server {
    add_header X-Cool-Header "I love APCSP!";

    location /pages {
        add_header X-Cooler-Header "This is my secret header!";
    }
}

Check In

1. Research 1 HTTP header and describe, in detail, its purpose.
   • One HTTP header is the "User-Agent" header, which provides information about the client (typically a web browser) making the request to the server.
2. Write a line in a sample NGINX configuration that will add that specific header to the /information location ``` location /information { add_header User-Agent "Custom User Agent"; }
3. Explain the purpose of the load balancing performed by NGINX
   • The purpose of load balancing performed by NGINX is to distribute incoming network traffic across multiple servers to improve reliability, scalability, and performance.
4. Modify the following code block to obtain the value of the secret header on /products of the AWS site
   • Imported request and changed it so the varible was in the print stament

import requests

aws = "3.130.255.192"

response = requests.get("http://" + aws+ "/products")

print("The secret header is:", response)

The secret header is: <Response [200]>

Hacks

• Complete the above check-in questions and change the hosts (0.1)
  • [x]
• Complete the above code-segment to retrieve the secret header (0.1)
  • The secret header is: <Response [200]>
  • The page: Hello, we sell: - iPhones - iPads - Mortensen keychains

Bonus (0.05)

Create a diagram showing the layers of abstraction that allow us to use HTTP (IP, TCP, etc.)

CORS Hacks

1. Explain what CORS is and what it stands for
   • CORS (Cross-Origin Resource Sharing) is a web security mechanism that allows web browsers to make requests to a different origin/domain than the one the website is hosted on.
2. Describe how you would be able to implement CORS into your own websites
   • To implement CORS in your website, you need to include appropriate CORS headers in the server's response, such as Access-Control-Allow-Origin, Access-Control-Allow-Methods, and Access-Control-Allow-Headers, which specify the allowed origins, methods, and headers for cross-origin requests.
3. Describe why you would want to implement CORS into your own websites
   • Implementing CORS in your websites is important to control which external domains can access your resources, enhancing security by preventing unauthorized cross-origin requests.
4. How could use CORS to benefit yourself in the future?
   • Using CORS in the future can benefit you by enabling you to build and integrate web applications that need to communicate with different domains, allowing you to create more dynamic and interactive websites with secure cross-origin data sharing.

Total: 0.2 points

KASM Hacks

1. What is the purpose of "sudo" when running commands in terminal?
   • The purpose of "sudo" (short for "superuser do") when running commands in the terminal is to execute the command with administrative privileges, typically as the root user. It allows users to perform actions that require elevated permissions, such as modifying system files or installing software.
2. What are some commands which allow us to look at how the storage of a machine is set up as?
   • Some commands that allow us to examine the storage setup of a machine include:
   • "df" command: It displays information about disk space usage, including the available space, used space, and file system types.
   • "du" command: It estimates file and directory space usage, providing a summary of the sizes of individual files or directories.
   • "lsblk" command: It lists information about block devices, including disks and their partitions.
3. What do you think are some alternatives to running "curl -O" to get the zip file for KASM?
   • Alternatives to using "curl -O" to retrieve the zip file for KASM could include:
   • Using a web browser to download the zip file manually from the KASM website.
   • Using a download manager or wget command to retrieve the file.
   • Using a version control system like Git to clone the KASM repository directly.
4. What kind of commands do you think the "install.sh" command has and why is it necessary to call it?
   • The "install.sh" command likely contains a series of instructions and commands that automate the installation process for KASM. It may include steps such as checking dependencies, configuring settings, copying files to the appropriate locations, and starting necessary services. Calling the "install.sh" script is necessary to streamline the installation process and ensure that all required components are properly set up.
5. Explain in at least 3-4 sentences how deploying KASM is related to/requires other topics talked about in the lesson and/or potential ways to add things mentioned in the lesson to this guide.
   • Deploying KASM involves various related topics and potential additions from the lesson, including:
   • Networking: Configuring network settings for KASM to ensure proper communication between the deployed application and other systems.
   • Security: Implementing appropriate security measures, such as setting up firewalls or using encryption protocols, to protect the deployed KASM instance.
   • System administration: Managing and monitoring the KASM deployment, performing updates, and troubleshooting issues.
   • Integration: Integrating KASM with other tools, frameworks, or services mentioned in the lesson, such as Docker containers, load balancers, or monitoring solutions, to enhance functionality and performance. Total: 0.2 points

See the setup post