Most cloud providers support Function-as-a-service, or Faas, and it allows you to build a serverless backend in matters of minutes.

Here are some of the advantages and disadvantages of Faas.

Advantages of Serverless Backend

It is cheap, really

An AWS Lambda costs as little as $0.20 per million requests and $0.0000166667 for every GB-second. This means you can build a POC without incurring much.

Highly scalable

There is almost no limit to how much a Faas can scale horizontally, except maybe your budget. This is because every concurrent invocation will create a separate instance of the service.

Disadvantages of Serverless Backend

Cold starts

Every concurrent invocation initialises a new instance of the service. This will require time for it to initialise, also known as cold start. However, there are ways to avoid this. AWS has provisioned concurrency which helps to resolve cold starts. This will keep a specified number of instances warm.

Give Faas a try! You will fall in love with it as soon as you start using it.

The post Why Build A Serverless Backend With Faas appeared first on Daryl Ng.

What are AWS Lambda and API Gateway

AWS Lambda lets you run your code without provisioning or managing any servers. This gives you a completely serverless architecture with little to no effort on maintenance.

Amazon API Gateway is a fully managed service for managing your APIs. In order for your Lambda to run, it will need a trigger event. AWS allows you to attach multiple different event sources, like SQS, DynamoDB Streams, but in this article, I will focus on API Gateway.

By setting API Gateway as the event source, Lambda can receive your API input and send the output back to API Gateway.

What is AWS CloudFormation?

AWS CloudFormation allows you to create your infrastructure as code. And by deploying your CloudFormation script, AWS will automatically provision all resources specified. This script will serve as the single source of truth for your cloud environment. 

Let’s Get Started

LambdaFunction creates a Lambda function called SampleLambda with a memory size of 128 mb and a timeout of 10 seconds.

LambdaFunction:
   Type: AWS::Lambda::Function
   Properties:
     Code:
       S3Bucket: <BUCKET_NAME>
       S3Key: <BUCKET_KEY>
     Description: Sample Lambda
     FunctionName: SampleLambda
     Handler: main
     MemorySize: 128
     Role: !GetAtt LambdaFunctionRole.Arn
     Runtime: go1.x
     Timeout: 10

LambdaFunctionRole creates a Lambda IAM role called SampleLambdaRole. This gives your Lambda permissions to perform certain actions. The role below allows your Lambda to perform X-Ray PutTraceSegments and PutTelemetryRecords.

LambdaFunctionRole:
   Type: AWS::IAM::Role
   Properties:
     RoleName: SampleLambdaRole
     AssumeRolePolicyDocument:
       Version: '2012-10-17'
       Statement:
       - Effect: Allow
         Action: sts:AssumeRole
         Principal:
           Service:
           - lambda.amazonaws.com
           Path: '/'
           Policies:
           - PolicyName: XRayPolicy
             PolicyDocument:
               Version: '2012-10-17'
               Statement:
               - Effect: Allow
                 Action:
                 - xray:PutTraceSegments
                 - xray:PutTelemetryRecords
                 Resource: '*'

Api creates an API Gateway from a Swagger/OpenAPI file. By doing so, you can document your API at the same time. One limitation is that you will need to upload your Swagger file to S3 before deploying CloudFormation.

ApiAccount allows you to attach a CloudWatch role to your API Gateway.

ApiStage creates an API stage and ApiDeployment deploys your API stage.

Api:
   Type: AWS::ApiGateway::RestApi
   Properties:
     Name: SampleAPIGateway
     Description: Sample API Gateway
     EndpointConfiguration:
       Types:
       - REGIONAL
     Body:
       Fn::Transform:
         Name: AWS::Include
         Parameters:
           Location: !Sub s3://swagger.yaml

ApiAccount:
   Type: AWS::ApiGateway::Account
   Properties:
     CloudWatchRoleArn: !GetAtt CloudWatchRole.Arn

CloudWatchRole:
   Type: AWS::IAM::Role
   Properties:
     AssumeRolePolicyDocument:
       Version: '2012-10-17'
       Statement:
       - Effect: Allow
         Action: sts:AssumeRole
         Principal:
           Service:
           - apigateway.amazonaws.com
         Path: '/'
         ManagedPolicyArns:
         - 'arn:aws:iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs'

ApiStage:
   Type: 'AWS::ApiGateway::Stage'
   DependsOn:
   - ApiAccount 
   Properties: 
   DeploymentId: !Ref ApiDeployment 
   MethodSettings: 
   - DataTraceEnabled: true
   HttpMethod: '*' 
   LoggingLevel: INFO 
   ResourcePath: /*
   RestApiId: !Ref Api
   StageName: !Ref StageParameter 

ApiDeployment:
   Type: AWS::ApiGateway::Deployment
   Properties:
     RestApiId: !Ref Api

Congratulations! You now have a CloudFormation script ready to deploy.

But before you can deploy, you will need to run the package command. This will transform your Swagger file and add it to packaged-template.yaml.

$ aws cloudformation package --template-file template.yaml --s3-prefix $BUCKET_KEY --s3-bucket $BUCKET_NAME --output-template-file packaged-template.yaml

Next, run the deploy command to deploy the Lambda and API Gateway to your AWS account.

$ aws cloudformation deploy --template-file packaged-template.yaml --stack-name sample-stack --capabilities CAPABILITY_NAMED_IAM

Hope this article helped build a microservice with AWS Lambda and API Gateway using CloudFormation.

If you liked this article, please do share this article with your friends and family.

The post Build a microservice with Lambda and API Gateway Using CloudFormation appeared first on Daryl Ng.

You might have heard of Google Public DNS, but it is not the fastest. Cloudflare teamed up with APNIC to create a DNS over HTTPS which encrypts your DNS queries and is able to resolve queries faster than all other DNS.

Most DNS, if not all, do not provide secure queries. So even if you have established secure connections, your DNS queries are not encrypted.

Speed up your Internet now

To do so, simply configure your network settings to use 1.1.1.1 and 1.0.0.1 as your DNS.

For Windows

1. Click on the Start menu, then click on Control Panel.
2. Click on Network and Internet.
3. Click on Change Adapter Settings.
4. Right click on the Wi-Fi network you are connected to, then click Properties.
5. Select Internet Protocol Version 4 (or Version 6 if desired).
6. Click Properties.
7. Write down any existing DNS server entries for future reference.
8. Click Use The Following DNS Server Addresses.
9. Replace those addresses with the 1.1.1.1 DNS addresses:
   • For IPv4: 1.1.1.1 and 1.0.0.1
   • For IPv6: 2606:4700:4700::1111 and 2606:4700:4700::1001
10. Click OK, then Close.
11. Restart your browser.

For MacOS

1. Open System Preferences.
2. Search for DNS Servers and select it from the dropdown.
3. Click the + button to add a DNS Server and enter 1.1.1.1
4. Click + again and enter 1.0.0.1 (This is for redundancy.)
5. Click Ok, then click Apply.

Not on Windows or MacOS? Check out their setup guide for other devices.

Hope this short article showed you how to speed up your Internet and protect your privacy.

If you own a web server and have not setup SSL, this article will show you how to get a free certificate with Let’s Encrypt and deploy it on your server.

If you liked this article, don’t forget to share this article with your friends and family.

The post Speed up your Internet with this DNS appeared first on Daryl Ng.

In this article, I will show you how to enable HTTP/2 in less than 5 minutes.

Before we begin, let’s verify that it is not enabled on our website with this tool provided by KeyCDN.

If you have yet to setup SSL on your server, check out this tutorial on how you can install free SSL certificates on your servers before continuing below.

Let’s Enable HTTP/2

Edit your Nginx configuration (eg. /etc/nginx/conf.d/default.conf) with any text editor.

server {
    listen 443 ssl http2;
    ...
}

In the server block, as shown above, simply add http2 and you are done!

Now let’s verify that HTTP/2 has been enabled.

Voila!

Hope this short article helped you learned how to enabled HTTP/2 on Nginx.

If you liked this article, don’t forget to share this article with your friends and family.

The post Enable HTTP/2 on Nginx appeared first on Daryl Ng.

Create SSH Keys and add to Google Cloud

In order to create SSH keys on Windows, you will need to download PuTTYgen.

After downloading, launch PuTTYgen and generate a RSA key with at least 2048 bits.

From the image above, you can see that you will need to update the comment to set the username to use to SSH into Google Cloud.

After setting your username, save the private key which you will be using to connect to Google Cloud.

Next, you will need go to your project’s metadata page to add the public key you had generated.

Click the edit button and then add new item. Copy the generated public key at the top of PuTTYgen and paste it inside the textbox, and save.

Use PuTTY to SSH into Google Cloud

Now, launch PuTTY and enter your server’s external IP under Host Name.

Next, go to Connection > SSH > Auth, and add your private key under Authentication Parameters. Also, set your username in Login details under Connection > Data.

You can save your session for future logins by entering a name for the session under Saved Sessions, and click save.

Click Open, and Voila! You are now logged in to your Google Cloud Instance.

Hope this article helped you learned how to SSH into Google Cloud on Windows with PuTTY.

If you liked this article, please do share this article with your friends and family.

The post SSH into Google Cloud on Windows with PuTTY appeared first on Daryl Ng.

In this article, I will show you how you can fix those errors when updating WordPress.

Eliminate Inconsistent Permission Errors

The fix to this problem is similar to a previous article, Update WordPress with SELinux enabled.

If you are still having issues after following the steps in the article, continue reading, as this might also be due to SELinux.

In the image above, you can see that there is a permission error for update-core.php.

To resolve the permission error for update-core.php, run the following command.

$ sudo chcon -t httpd_sys_rw_content_t /path/to/wordpress/wp-admin/includes/update-core.php

Set those files or folders to be writable that are still having permission errors.

Hope this article helped you learned fix inconsistent permission errors when updating WordPress. And congratulations! You have updated to the latest version of WordPress.

If you liked this article, please do share this article with your friends and family.

The post Inconsistent Permission Errors on WordPress Update appeared first on Daryl Ng.

Low memory servers often crash when there is a sudden spike in workload. However, upgrading your server is not an option (yet) due to budget. Restarting your services or applications is cumbersome and it is not possible to check every second if anything has crashed.

In this article, I will show you how you can create swap file on Linux servers to improve your server’s performance and prevent it from crashing.

What is a swap file?

A swap file is a space on the hard disk used as memory. When your RAM is full, the least recently used files are swapped out to make space. Generally, swap files are twice the size of your RAM. This allows you to swap your entire RAM when needed.

Swap files are important when you are running applications that require a lot memory. Without a swap file, your application will crash when out of memory.

Create swap file

Before we begin, you can check if there is a swap file by running free.

$ free -m

You can create swap file with the following commands. To determine the size of your swap file, multiply the size in megabytes by 1024. For example, 64 MB has a block size of 65536.

$ sudo dd if=/dev/zero of=/swapfile bs=1024 count=65536

Next, change the permission and setup the swap file.

$ sudo chmod 600 /swapfile

$ sudo mkswap /swapfile

Finally, enable the swap file you had just created but will not enable it on boot.

$ sudo swapon /swapfile

If you want to enable it on boot, you will need to modify /etc/fstab and include the line below.

/swapfile swap swap defaults 0 0

You can verify if you have correctly enabled the swap file by running free again.

If you are using PHP, see how you can optimize PHP-FPM on low memory Nginx servers to use lower its memory footprint.

Hope this article helped you learned how to create swap file on Linux servers for better performance.

If you liked this article, please do share this article with your friends and family.

The post Create Swap File on Linux Servers for Better Performance appeared first on Daryl Ng.

The simplest way to resolve this problem is to upgrade your server, but not when you have a tight budget.

Databases usually take up a large portion of your memory but limiting memory usage may cause problems. However, if your website has low traffic, you will be able to limit your server’s memory usage without affecting performance.

In this article, I will show you how you can optimize PHP-FPM to reduce its memory usage without affecting performance.

What is PHP-FPM?

PHP-FPM is a PHP FastCGI Process Manager. It is feature-rich alternative to run PHP scripts.

To install PHP-FPM, run the following line.

$ sudo yum install php-fpm

The default settings uses more memory than required. Thus, it is necessary to configure to optimize and improve performance.

Let’s Begin

Open PHP-FPM configuration file with your preferred editor.

$ sudo vi /etc/php-fpm.d/www.conf

Look for the line to set how many child processes the process manager will spawn, at around line 61, and set it to ondemand.

...
; Note: This value is mandatory
pm = ondemand

Save and restart PHP-FPM.

$ sudo systemctl restart php-fpm

Now, your server should not run out of memory.

Performance is important for SEO as it will affect your website’s loading speed. Although you have low traffic to your website, you should not forgo SEO over performance, or vice versa.

When you optimize PHP-FPM, you will be able to improve both performance and SEO.

Also, you can install free SSL certificates on your Nginx server to increase your SEO score and for better security.

Hope this article helped you learned how to optimize PHP-FPM on low memory Nginx servers.

If you liked this article, please do share this article with your friends and family.

The post Optimize PHP-FPM on Low Memory Nginx Servers appeared first on Daryl Ng.

Are you getting permission errors when you update WordPress with SELinux enabled? And facing similar errors you when you install plugins like W3 Total Cache?

You are not alone!

I had just experienced this problem and it took me several hours to realize that it is due to SELinux. But don’t be tempted to disable SELinux completely.

In this article, I will show you how you can update WordPress with SELinux enabled.

What is SELinux?

SELinux, also known as Security-Enhanced Linux, is the bane of developers running web applications like WordPress on CentOS. But SELinux is there for a reason. It is a security module to support access control security policies. This limits privileges to the minimum.

So, when you disable SELinux, you are opening your server to security vulnerabilities.

Start Hacking SELinux

Update the ownership of your WordPress folder. This depends on the server you are using, Apache or Nginx.

$ sudo chown nginx:nginx -R /path/to/wordpress

Next, you will need to update the permission of your files and directories respectively.

$ sudo find /path/to/wordpress -type f -exec chmod 0644 {} \;

$ sudo find /path/to/wordpress -type d -exec chmod 0755 {} \;

Now, you will need to configure SELinux permissions. You can check your current settings with -Z.

$ ls -Z
drwxr-xr-x. nginx nginx system_u:object_r:httpd_sys_content_t:s0 wordpress

The following line sets all the documents under the WordPress folder to read-only. This ensures that only the minimum permission required to perform read or write be granted to the document.

$ sudo chcon -t httpd_sys_content_t /path/to/wordpress -R

Here comes the important steps that will allow WordPress to perform updates and install plugins. This will allow WordPress to read and write to the wp-config file and wp-content directory.

$ sudo chcon -t httpd_sys_rw_content_t /path/to/wordpress/wp-config.php

$ sudo chcon -t httpd_sys_rw_content_t /path/to/wordpress/wp-content -R

If you have just installed W3 Total Cache, you will get an error that nginx.conf cannot be written, as shown in the image below. The fix for this is simple.

You will need to allow WordPress to do so with the line below.

$ sudo chcon -t httpd_sys_rw_content_t /path/to/wordpress/nginx.conf

So, if you are getting similar errors that a file or directory cannot be written, simply follow the step above and replace nginx.conf with the file or directory. For directories, remember to add -R to apply the same settings to all files and directories within

Troubleshooting

If WordPress prompts you to enter the credentials of your FTP, add the following line to the end of wp-config.

define('FS_METHOD', 'direct');

Are you getting inconsistent permission errors when you upgrade WordPress? Check out this article on inconsistent permission errors to fix this problem.

Hope this article helped you learned how to update WordPress with SELinux enabled. Stay secure, stay safe.

If you liked this article, please do share this article with your friends and family.

The post Update WordPress with SELinux Enabled appeared first on Daryl Ng.

You can get free SSL certificates with Let’s Encrypt and deploy it with Certbot in less than 10 minutes!

In this article, I will show you how you can install and deploy SSL certificates for Nginx servers running on CentOS 7.

What is Let’s Encrypt

Let’s Encrypt is a CA (Certificate Authority) that provides free SSL DV (Domain Validation) certificates. These free SSL certificates allow websites to provide secure connections through HTTPS (SSL/TLS).

Certificates issued expires in 90 days while other CAs usually issue certificates that lasts about a year.

According to Let’s Encrypt, the advantage of having 90 days validity, limits damage from key compromise and mis-issuance. Let’s Encrypt allows automated renewal and recommends renewing every 60 days.

Certificates issued are compatible with most up-to-date browsers, so you do not need to worry about incompatibility.

Get Your Free SSL

We will use Certbot to simplify the deployment of Let’s Encrypt free SSL certificates.

Requirements

• Shell access (SSH) to server (obviously!)

Installation

Install Certbot for Nginx.

$ sudo yum install certbot-nginx

This command will generate a certificate and automatically edit Nginx configuration to serve the certificate.

$ sudo certbot --nginx

If you prefer to modify your configuration manually, add certonly to the command above to generate the certificate only.

$ sudo certbot --nginx certonly

You can check out Certbot for other configurations if you are not on CentOS 7 and Nginx.

Automating Renewal

Run the following command to test the renewal process.

$ sudo certbot renew --dry-run

If the above is successful, you can use cron to run certbot renew at regular intervals.

The following cron job runs certbot renew at 1am daily without any output and reloads Nginx configuration.

0 1 * * * /usr/bin/certbot renew --quiet --post-hook "systemctl reload nginx"

Certbot recommends running it often to prevent downtime if the certificate expires or revoked. The command will do nothing if the certificate is not due for renewal or revoked.

Yes, it is that easy.

Rate Your Server

You can test your server’s rating with SSL Labs Server Test and you should get B due to weak Diffie-Hellman parameters. In order to get A, you will need to run the command below to update the parameters.

nbsp;sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048

When the test is done, edit your Nginx configuration (eg. /etc/nginx/conf.d/default.conf). Add the following line in Nginx server block to use the newly created parameters.
server {
    listen 443 ssl;
    ...
    ssl_dhparam /etc/ssl/certs/dhparam.pem;
}

Now, run the test again and you should get an A. But don’t stop here! Find out how to enable HTTP/2 in less than 5 minutes to take advantage of its performance benefits.
Hope this article helped you learned how to install and deploy Let’s Encrypt SSL certificates.
If you liked this article, please do share this article with your friends and family.
The post Free SSL Certificates with Let’s Encrypt for Nginx on CentOS 7 appeared first on Daryl Ng.
]]>
					
					https://darylng.me/how-to/free-ssl-lets-encrypt-nginx-centos7/feed/
			0
		
		
		15