Linux IPTables - 2020

linux logo
Bookmark and Share




bogotobogo.com site search:








IP Tables

IPTables is a rule based firewall and it is pre-installed on most of Linux operating system. By default it runs without any rules as we can see from the following output:

Let's check the status of IPTables by listing (-L) the rules with additional verbose (-v) and numeric (-n) flags:

$ sudo iptables -L -v -n
Chain INPUT (policy ACCEPT 59 packets, 3940 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 35 packets, 4100 bytes)
 pkts bytes target     prot opt in     out     source               destination

As we can see, all three chains are set to default ACCEPT policy. There are currently no rules for any of the chains.

In the output, Chain is nothing but a set of rules. Each rule defines what to do with the packet if it matches with that packet. When the packet is matched, it is given a target.

Chains are:

  1. INPUT: default chain originating to system.
  2. OUTPUT: default chain generating from system.
  3. FORWARD: default chain packets are send through another interface.

A target can be another chain to match with or one of the following special values:

  1. ACCEPT: means the packet will be allowed to pass through.
  2. DROP: means that packet will not be allowed to pass through.
  3. RETURN: means to skip the current chain and go back to the next rule from the chain it was called in.

IPTables main files are:

  1. /etc/init.d/iptables: init script to start|stop|restart and save rulesets.
  2. /etc/sysconfig/iptables: where Rulesets are saved.
  3. /sbin/iptables: binary.






Define chain rules

We can define a rule simply appending it to the list (chain). Here's the IPTables command formatted with regular options. We don't have to specify all of them.

$ sudo iptables -A  -i <interface> -p <protocol(tcp/udp)> \
 -s <source> --dport <port no.>  -j <target>

Here -A stands for append. The chain refers to the chain we want to append our rules. The interface is the network interface on which we want to filter the traffic. The protocol refers to the networking protocol of packets we want to filter. We can also specify the port on which we want to filter the traffic.







Enabling traffic on localhost
$ sudo iptables -A INPUT -i lo -j ACCEPT

Here -A option is used to append the rule to the INPUT chain, ACCEPT (-j target) all connections lo (loopback) interface (-i input name).

Output:

$ sudo iptables -L -v -n
Chain INPUT (policy ACCEPT 183 packets, 11717 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    4   360 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 116 packets, 21607 bytes)
 pkts bytes target     prot opt in     out     source               destination

All out bound traffic from the lo:

$ sudo iptables -A OUTPUT -o lo -j ACCEPT






Enabling connections on HTTP, SSH, and SSL port

We want our HTTP (port 80), https (port 443), ssh (port 22) connections from outside continue to work. Enter the following commands to enable them. Note that we have specified protocol with -p option and the corresponding port for each protocol with –dport (destination port) option:

$ sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
$ sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
$ sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT

Output:

$ sudo iptables -L -v -n
Chain INPUT (policy ACCEPT 1 packets, 48 bytes)
 pkts bytes target     prot opt in     out     source               destination         
   24  2176 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
   87  6276 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:443

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 13 packets, 1588 bytes)
 pkts bytes target     prot opt in     out     source               destination






Filtering packets based on source

If we want to accept or reject packets based on the source IP address or the range of IP addresses we can specify it with -s (source) option.

For example to accept packets from address 3.89.183.225:

$ sudo iptables -A INPUT -s 3.89.183.225 -j ACCEPT

We can drop packets from an IP address with option DROP:

$ sudo iptables -A INPUT -s 4.100.183.123 -j DROP

If we want to drop packets from a range of IP addresses we have to use the iprange module with -m (match) option and specify the IP address range with –src-range:

$ sudo iptables -A INPUT -m iprange --src-range 192.168.1.100-192.168.1.101 -j DROP

Output:

$ sudo iptables -L -v -n
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
   44  3976 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
  152 11699 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:443
    0     0 ACCEPT     all  --  *      *       3.89.183.225         0.0.0.0/0           
    0     0 DROP       all  --  *      *       4.100.183.123        0.0.0.0/0           
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            source IP range 192.168.1.100-192.168.1.101

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 7 packets, 736 bytes)
 pkts bytes target     prot opt in     out     source               destination






Dropping all other traffic

It is important to DROP all other traffic after defining the rules as it prevents unauthorized access to a server from other open ports:





Output:


$ sudo iptables -L -v -n
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
   52  4696 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
  173 13019 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:443
    0     0 ACCEPT     all  --  *      *       3.89.183.225         0.0.0.0/0           
    0     0 DROP       all  --  *      *       4.100.183.123        0.0.0.0/0           
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            source IP range 192.168.1.100-192.168.1.101
    1    40 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 8 packets, 856 bytes)
 pkts bytes target     prot opt in     out     source               destination 





We can see the command drops all incoming traffic other than the ports mentioned in the above commands.











  


  



















Deleting rules


Before delete any rule, let's list all the rules with numbers with the help of argument --line-numbers:


$ sudo iptables -n -L -v --line-numbers
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1       60  5376 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
2      221 16095 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22
3        0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80
4        0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:443
5        0     0 ACCEPT     all  --  *      *       3.89.183.225         0.0.0.0/0           
6        0     0 DROP       all  --  *      *       4.100.183.123        0.0.0.0/0           
7        0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            source IP range 192.168.1.100-192.168.1.101
8       44  2490 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 58 packets, 8300 bytes)
num   pkts bytes target     prot opt in     out     source               destination    





Let's say if we want to delete rule no 5 and 6 from INPUT chain. Use the following command with -D:


$ sudo iptables -D INPUT 6
$ sudo iptables -D INPUT 5





Output:


$ sudo iptables -n -L -v --line-numbers
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1       84  7416 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
2      266 19031 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22
3        0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80
4        0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:443
5        0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            source IP range 192.168.1.100-192.168.1.101
6      145 12759 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 32 packets, 2908 bytes)
num   pkts bytes target     prot opt in     out     source               destination         





We've using the -A option to append the new rule to the end of a chain. If we want to put it somewhere else in the chain, we can use the -I option which allows us to specify the position of the new rule. 

To insert a rule to INPUT chain in between 5 and 6 ruleset, we can use -I (insert):


$ sudo iptables -I INPUT 6 -s 10.0.10.233 -j DROP





Output:


$ sudo iptables -n -L -v --line-numbers
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1      114  9878 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
2      412 28915 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22
3        0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80
4        0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:443
5        0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            source IP range 192.168.1.100-192.168.1.101
6        0     0 DROP       all  --  *      *       10.0.10.233          0.0.0.0/0           
7      312 28304 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 44 packets, 4062 bytes)
num   pkts bytes target     prot opt in     out     source               destination    





The following flush command will remove all the rules from tables. Take rulesets backup before executing above command:


$ sudo iptables -F





Output:


$ sudo iptables -n -L -v
Chain INPUT (policy ACCEPT 20 packets, 1909 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 18 packets, 1876 bytes)
num   pkts bytes target     prot opt in     out     source               destination 












  


  




















Let's start from this:


$ sudo iptables -L -v
Chain INPUT (policy ACCEPT 29 packets, 2558 bytes)
 pkts bytes target     prot opt in     out     source               destination         
   12  1080 ACCEPT     all  --  lo     any     anywhere             anywhere            

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 23 packets, 3261 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    4   360 ACCEPT     all  --  any    lo      anywhere             anywhere    





As network traffic generally needs to be two-way—incoming and outgoing—to work properly, it is typical to create a firewall rule that allows established and related incoming traffic, so that the server will allow return traffic to   outgoing connections initiated by the server itself. The following command will allow that:


$ sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT





What we really needed here is a way to tell IPTables to not touch packets that are part of an existing connection. Fortunately, IPTables is a stateful firewall, and it provides a connection tracking module named conntrack  for this purpose. Connections tracked by this module will be in one of the following states:


    
   
  1. NEW: This state represents the very first packet of a connection.
    2. 
   
  2. ESTABLISHED: This state is used for packets that are part of an existing connection. For a connection to be in this state, it should have received a reply from the other host.
    3. 
   
  3. RELATED: This state is used for connections that are related to another ESTABLISHED connection. An example of this is a FTP data connection — they're related to the already established control connection.
    4. 
   
  4. INVALID: Packets can be marked INVALID if they are not associated with an existing connection and aren't appropriate for opening a new connection, if they cannot be identified, or if they aren't routable among other reasons.
    5. 
   
  5. UNTRACKED: Packets can be marked as UNTRACKED if they've been targeted in a raw table chain to bypass tracking.
    6. 
   
  6. SNAT: A virtual state set when the source address has been altered by NAT operations. This is used by the connection tracking system so that it knows to change the source addresses back in reply packets.
    7. 
   
  7. DNAT: A virtual state set when the destination address has been altered by NAT operations. This is used by the connection tracking system so that it knows to change the destination address back when routing reply packets.
    8. 





Let's see what's been added to the table:


$ sudo iptables -L -v
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
   20  1800 ACCEPT     all  --  lo     any     anywhere             anywhere            
   11   784 ACCEPT     all  --  any    any     anywhere             anywhere             ctstate RELATED,ESTABLISHED

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 6 packets, 832 bytes)
 pkts bytes target     prot opt in     out     source               destination         
   12  1080 ACCEPT     all  --  any    lo      anywhere             anywhere  





The --ctstate switch sets the states. On some older kernels, this module is named state and the switch is named --state instead of --ctstate.


Note that we usually put the new rule at the very top. (If this isn't the first rule, we may want to use -I to place it at the top.)


Let's put it at the top as a practice what we've learned so far. We can insert the same rule using -I and DROP INPUT 3:


$ sudo iptables -I INPUT 1 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

$ sudo iptables -D INPUT 3

$ sudo iptables -L -v --line-numbers
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1      137 10414 ACCEPT     all  --  any    any     anywhere             anywhere             ctstate RELATED,ESTABLISHED
2       36  3240 ACCEPT     all  --  lo     any     anywhere             anywhere            

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 9 packets, 1140 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1       36  3256 ACCEPT     all  --  any    lo      anywhere             anywhere           












  


  



















Allow Established Outgoing Connections


We may want to allow outgoing traffic of all established connections, which are typically the response to legitimate incoming connections. This command will allow that:


$ sudo iptables -A OUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT

$ sudo iptables -L -v --line-numbers
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1      254 19883 ACCEPT     all  --  any    any     anywhere             anywhere             ctstate RELATED,ESTABLISHED
2       39  3498 ACCEPT     all  --  lo     any     anywhere             anywhere            

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1       44  3976 ACCEPT     all  --  any    lo      anywhere             anywhere            
2        4   664 ACCEPT     all  --  any    any     anywhere             anywhere             ctstate ESTABLISHED













  


  



















Drop Invalid Packets


Some network traffic packets get marked as INVALID. Sometimes it can be useful to log this type of packet but often it is fine to drop them:


$ sudo iptables -A INPUT -m conntrack --ctstate INVALID -j DROP

$ sudo iptables -L -v --line-numbers
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1      337 27057 ACCEPT     all  --  any    any     anywhere             anywhere             ctstate RELATED,ESTABLISHED
2       42  3756 ACCEPT     all  --  lo     any     anywhere             anywhere            
3        0     0 DROP       all  --  any    any     anywhere             anywhere             ctstate INVALID

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1       52  4696 ACCEPT     all  --  any    lo      anywhere             anywhere            
2       86 14284 ACCEPT     all  --  any    any     anywhere             anywhere             ctstate ESTABLISHED













  


  



















Reject an IP Address


If we want to reject the connection instead, which will respond to the connection request with a "connection refused" error:


$ sudo iptables -A INPUT -s 54.214.74.210 -j REJECT

$ sudo iptables -L -v --line-numbers
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1      337 27057 ACCEPT     all  --  any    any     anywhere             anywhere             ctstate RELATED,ESTABLISHED
2       42  3756 ACCEPT     all  --  lo     any     anywhere             anywhere            
3        0     0 DROP       all  --  any    any     anywhere             anywhere             ctstate INVALID
4        0     0 REJECT     all  --  any    any     ec2-54-214-74-210.us-west-2.compute.amazonaws.com  anywhere             reject-with icmp-port-unreachable


Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1       52  4696 ACCEPT     all  --  any    lo      anywhere             anywhere            
2       86 14284 ACCEPT     all  --  any    any     anywhere             anywhere             ctstate ESTABLISHED











  


  



















Diagrams







There are five predefined chains:


    
   
  1. PREROUTING: Packets will enter this chain before a routing decision is made.
    2. 
   
  2. INPUT: Packet is going to be locally delivered. It does not have anything to do with processes having an opened socket; local delivery is controlled by the "local-delivery" routing table: ip route show table local.
    3. 
   
  3. FORWARD: All packets that have been routed and were not for local delivery will traverse this chain.
    4. 
   
  4. OUTPUT: Packets sent from the machine itself will be visiting this chain.
    5. 
   
  5. POSTROUTING: Routing decision has been made. Packets enter this chain just before handing them off to the hardware
    6. 




Table_Processing_for_an_Inbound_Packet.png







Let's take a look at the different tables that iptables provides. These represent distinct sets of rules, organized by area of concern, for evaluating packets.


Filter Table


The filter table is one of the most widely used tables in iptables. The filter table is used to make decisions about whether to let a packet continue to its intended destination or to deny its request. In firewall parlance, this is known as "filtering" packets. This table provides the bulk of functionality that people think of when discussing firewalls.




NAT Table


The nat table is used to implement network address translation rules. As packets enter the network stack, rules in this table will determine whether and how to modify the packet's source or destination addresses in order to impact the way that the packet and any response traffic are routed. This is often used to route packets to networks when direct access is not possible.




Mangle Table



The mangle table is used to alter the IP headers of the packet in various ways. For instance, you can adjust the TTL (Time to Live) value of a packet, either lengthening or shortening the number of valid network hops the packet can sustain. Other IP headers can be altered in similar ways.



This table can also place an internal kernel "mark" on the packet for further processing in other tables and by other networking tools. This mark does not touch the actual packet, but adds the mark to the kernel's representation of the packet.




Raw Table


The iptables firewall is stateful, meaning that packets are evaluated in regards to their relation to previous packets. The connection tracking features built on top of the netfilter framework allow iptables to view packets as part of an ongoing connection or session instead of as a stream of discrete, unrelated packets. The connection tracking logic is usually applied very soon after the packet hits the network interface.



The raw table has a very narrowly defined function. Its only purpose is to provide a mechanism for marking packets in order to opt-out of connection tracking.




Security Table


The security table is used to set internal SELinux security context marks on packets, which will affect how SELinux or other systems that can interpret SELinux security contexts handle the packets. These marks can be applied on a per-packet or per-connection basis.














Table_Processing_for_a_Routed_Packet.png










Outbound_Firewall.png










IP_In_and_Out_Diagram.png



Picture source: iptables: Packet Processing


















  


  






















 

Linux - system, cmds & shell



    
   
  1. Linux Tips - links, vmstats, rsync 
    2. 
   
  2. Linux Tips 2 - ctrl a, curl r, tail -f, umask  
    3. 
   
  3. Linux - bash I 
    4. 
   
  4. Linux - bash II 
    5. 
   
  5. Linux - Uncompressing 7z file 
    6. 
   
  6. Linux - sed I (substitution: sed 's///', sed -i) 
    7. 
   
  7. Linux - sed II (file spacing, numbering, text conversion and substitution) 
    8. 
   
  8. Linux - sed III (selective printing of certain lines, selective definition of certain lines) 
    9. 
   
  9. Linux - 7 File types : Regular, Directory, Block file, Character device file, Pipe file, Symbolic link file, and Socket file 
    10. 
    
  10. Linux shell programming - introduction
    
    11. 
   
  11.    Linux shell programming - variables and functions (readonly, unset, and functions)
    
    12. 
   
  12. Linux shell programming - special shell variables
    
    13.    
   
  13. Linux shell programming : arrays - three different ways of declaring arrays & looping with $*/$@
    
    14. 
   
  14. Linux shell programming : operations on array
    
    15. 
   
  15. Linux shell programming : variables & commands substitution
    
    16. 
   
  16. Linux shell programming : metacharacters & quotes
    
    17. 
   
  17. Linux shell programming : input/output redirection & here document
    
    18. 
   
  18. Linux shell programming : loop control - for, while, break, and break n
    
    19. 
    
  19. Linux shell programming : string
    20. 
    
  20. Linux shell programming : for-loop
    21. 
    
  21. Linux shell programming : if/elif/else/fi
    22. 
    
  22. Linux shell programming : Test
    23. 
   
  23. Managing User Account - useradd, usermod, and userdel 
    24. 
   
  24. Linux Secure Shell (SSH) I : key generation, private key and public key 
    25. 
   
  25. Linux Secure Shell (SSH) II : ssh-agent & scp 
    26. 
   
  26. Linux Secure Shell (SSH) III : SSH Tunnel as Proxy - Dynamic Port Forwarding (SOCKS Proxy) 
    27. 
   
  27. Linux Secure Shell (SSH) IV : Local port forwarding (outgoing ssh tunnel) 
    28. 
   
  28. Linux Secure Shell (SSH) V : Reverse SSH Tunnel (remote port forwarding / incoming ssh tunnel) /) 
    29. 
   
  29. Linux Processes and Signals 
    30. 
   
  30. Linux Drivers 1 
    31. 
   
  31. tcpdump 
    32. 
   
  32. Linux Debugging using gdb 
    33. 
   
  33. Embedded Systems Programming I - Introduction
    34. 
   
  34. Embedded Systems Programming II - gcc ARM Toolchain and Simple Code on Ubuntu/Fedora
    
    35. 
   
  35. LXC (Linux Container) Install and Run
    
    36. 
   
  36. Linux IPTables 
    37. 
   
  37. Hadoop - 1. Setting up on Ubuntu for Single-Node Cluster
    
    38. 
   
  38. Hadoop - 2. Runing on Ubuntu for Single-Node Cluster
    
    39. 
   
  39. ownCloud 7 install
    
    40. 
  
  40. Ubuntu 14.04 guest on Mac OSX host using VirtualBox I 
    41. 
  
  41. Ubuntu 14.04 guest on Mac OSX host using VirtualBox II 
    42. 
  
  42. Windows 8 guest on Mac OSX host using VirtualBox I 
    43. 
  
  43. Ubuntu Package Management System (apt-get vs dpkg) 
    44. 
  
  44. RPM Packaging 
    45. 
  
  45. How to Make a Self-Signed SSL Certificate 
    46. 
  
  46. Linux Q & A 
    47. 
  
  47. DevOps / Sys Admin questions 
    48. 














          

          

  	    

  	    

            

              
Ph.D. / Golden Gate Ave, San Francisco / Seoul National Univ / Carnegie Mellon / UC Berkeley / DevOps / Deep Learning / Visualization

            

  	    

                


  
                YouTubeMy YouTube channel
  
  






  

    
    
Sponsor Open Source development activities and free contents for everyone.


    

    
    
    
    
    

    
Thank you.

    
- K Hong

    
  

  
  
  
  
  
  
  
  


  


  















  	    

  	    

                






Linux - system, cmds & shell programming

   


   Linux Tips - links, vmstats, rsync 
   


   Linux Tips 2 - ctrl a, curl r, tail -f, umask  
   


   Linux - bash I 
   


   Linux - bash II 
   


   Linux - Uncompressing 7z file 
   


   Linux - sed I (substitution: sed 's///', sed -i) 
   


   Linux - sed II (file spacing, numbering, text conversion and substitution) 
   


   Linux - sed III (selective printing of certain lines, selective definition of certain lines) 
   


   Linux - 7 File types : Regular, Directory, Block file, Character device file, Pipe file, Symbolic link file, and Socket file 
   


    Linux shell programming - introduction
   


   Linux shell programming - variables and functions (readonly, unset, and functions)
   


   Linux shell programming - special shell variables
   


   Linux shell programming : arrays - three different ways of declaring arrays & looping with $*/$@
   


   Linux shell programming : operations on array
   


   Linux shell programming : variables & commands substitution
   


   Linux shell programming : metacharacters & quotes
   


   Linux shell programming : input/output redirection & here document
   


   Linux shell programming : loop control - for, while, break, and break n
   


   Linux shell programming : string
   


   Linux shell programming : for-loop
   


   Linux shell programming : if/elif/else/fi
   


   Linux shell programming : Test
   


   Managing User Account - useradd, usermod, and userdel 
   


   Linux Secure Shell (SSH) I : key generation, private key and public key 
   


   Linux Secure Shell (SSH) II : ssh-agent & scp 
   


   Linux Secure Shell (SSH) III : SSH Tunnel as Proxy - Dynamic Port Forwarding (SOCKS Proxy) 
   


   Linux Secure Shell (SSH) IV : Local port forwarding (outgoing ssh tunnel) 
   


   Linux Secure Shell (SSH) V : Reverse SSH Tunnel (remote port forwarding / incoming ssh tunnel) /) 
   


   Linux Processes and Signals 
   


   Linux Drivers 1 
   


   tcpdump 
   


   Linux Debugging using gdb 
   


   Embedded Systems Programming I - Introduction
   


   Embedded Systems Programming II - gcc ARM Toolchain and Simple Code on Ubuntu/Fedora
   


   LXC (Linux Container) Install and Run
   


   Linux IPTables
   


   Hadoop - 1. Setting up on Ubuntu for Single-Node Cluster
   


   Hadoop - 2. Runing on Ubuntu for Single-Node Cluster
   


   ownCloud 7 install
   


   Ubuntu 14.04 guest on Mac OSX host using VirtualBox I 
   


   Ubuntu 14.04 guest on Mac OSX host using VirtualBox II 
   


   Windows 8 guest on Mac OSX host using VirtualBox I 
   


   Ubuntu Package Management System (apt-get vs dpkg) 
   


   RPM Packaging 
   


   How to Make a Self-Signed SSL Certificate 
   


   Linux Q & A
   


   DevOps / Sys Admin questions 
   










  






  

    
    
Sponsor Open Source development activities and free contents for everyone.


    

    
    
    
    
    

    
Thank you.

    
- K Hong

    
  

  
  
  
  
  
  
  
  


  


  




















DevOps

   


   Phases of Continuous Integration 
   


   Software development methodology 
   


   Introduction to DevOps 
   


   Samples of Continuous Integration (CI) / Continuous Delivery (CD) - Use cases 
   


   Artifact repository and repository management 
   


   Linux - General, shell programming, processes & signals ... 
   


   RabbitMQ... 
   


   MariaDB 
   


   New Relic APM with NodeJS : simple agent setup on AWS instance 
   


   Nagios on CentOS 7 with Nagios Remote Plugin Executor (NRPE) 
   


   Nagios - The industry standard in IT infrastructure monitoring on Ubuntu 
   


   Zabbix 3 install on Ubuntu 14.04 & adding hosts / items / graphs 
   


   Datadog - Monitoring with PagerDuty/HipChat and APM 
   


   Install and Configure Mesos Cluster 
   


   Cassandra on a Single-Node Cluster 
   


   Container Orchestration : Docker Swarm vs Kubernetes vs Apache Mesos 
   


   OpenStack install on Ubuntu 16.04 server - DevStack 
   


   AWS EC2 Container Service (ECS) & EC2 Container Registry (ECR) | Docker Registry 
   


   CI/CD with CircleCI - Heroku deploy 
   


   Introduction to Terraform with AWS elb & nginx 
   


   Docker & Kubernetes 
   


   Kubernetes I - Running Kubernetes Locally via Minikube 
   


   Kubernetes II - kops on AWS 
   


   Kubernetes III - kubeadm on AWS 
   


   AWS : EKS (Elastic Container Service for Kubernetes)  
   


   CI/CD Github actions 
   


   CI/CD Gitlab 
   


   



   
DevOps / Sys Admin Q & A

   


   (1A) - Linux Commands 
   


   (1B) - Linux Commands 
   


   (2) - Networks 
   


   (2B) - Networks 
   


   (3) - Linux Systems 
   


   (4) - Scripting (Ruby/Shell) 
   


   (5) - Configuration Management 
   


   (6) - AWS VPC setup (public/private subnets with NAT) 
   


   (6B) - AWS VPC Peering 
   


   (7) - Web server 
   


   (8) - Database 
   


   (9) - Linux System / Application Monitoring, Performance Tuning, Profiling Methods & Tools 
   


   (10) - Trouble Shooting: Load, Throughput, Response time and Leaks 
   


   (11) - SSH key pairs,  SSL Certificate, and SSL Handshake 
   


   (12) - Why is the database slow? 
   


   (13) - Is my web site down? 
   


   (14) - Is my server down? 
   


   (15) - Why is the server sluggish? 
   


   (16A) - Serving multiple domains using Virtual Hosts - Apache 
   


   (16B) - Serving multiple domains using server block - Nginx 
   


   (16C) - Reverse proxy servers and load balancers - Nginx 
   


   (17) - Linux startup process 
   


   (18) - phpMyAdmin with Nginx virtual host as a subdomain 
   


   (19) - How to SSH login without password? 
   


   (20) - Log Rotation 
   


   (21) - Monitoring Metrics 
   


   (22) - lsof 
   


   (23) - Wireshark introduction 
   


   (24) - User account management 
   


   (25) - Domain Name System (DNS) 
   


   (26) - NGINX SSL/TLS, Caching, and Session 
   


   (27) - Troubleshooting 5xx server errors 
   


   (28) - Linux Systemd: journalctl 
   


   (29) - Linux Systemd: FirewallD
   


   (30) - Linux: SELinux
   


   (31) - Linux: Samba
   


   (0) - Linux Sys Admin's Day to Day tasks 
   


   

   









AWS (Amazon Web Services)

   


   AWS : EKS (Elastic Container Service for Kubernetes) 
   


   AWS : Creating a snapshot (cloning an image) 
   


   AWS : Attaching Amazon EBS volume to an instance 
   


   AWS : Adding swap space to an attached volume via mkswap and swapon 
   


   AWS : Creating an EC2 instance and attaching Amazon EBS volume to the instance using Python boto module with User data 
   


   AWS : Creating an instance to a new region by copying an AMI 
   


   AWS : S3 (Simple Storage Service) 1 
   


   AWS : S3 (Simple Storage Service) 2 - Creating and Deleting a Bucket 
   


   AWS : S3 (Simple Storage Service) 3 - Bucket Versioning 
   


   AWS : S3 (Simple Storage Service) 4 - Uploading a large file 
   


   AWS : S3 (Simple Storage Service) 5 - Uploading folders/files recursively 
   


   AWS : S3 (Simple Storage Service) 6 - Bucket Policy for File/Folder View/Download 
   


   AWS : S3 (Simple Storage Service) 7 - How to Copy or Move Objects from one region to another 
   


   AWS : S3 (Simple Storage Service) 8 - Archiving S3 Data to Glacier 
   


   AWS : Creating a CloudFront distribution with an Amazon S3 origin 
   


   
   AWS : Creating VPC with CloudFormation 
   


   WAF (Web Application Firewall) with preconfigured CloudFormation template and Web ACL for CloudFront distribution 
   


   AWS : CloudWatch & Logs with Lambda Function / S3 
   


   AWS : Lambda Serverless Computing with EC2, CloudWatch Alarm, SNS 
   


   AWS : Lambda and  SNS - cross account
   


   AWS : CLI (Command Line Interface) 
   


   AWS : CLI (ECS with ALB & autoscaling) 
   


   AWS : ECS with cloudformation and json task definition 
   


   AWS : AWS Application Load Balancer (ALB) and ECS with Flask app 
   


   AWS : Load Balancing with HAProxy (High Availability Proxy) 
   


   AWS : VirtualBox on EC2 
   


   AWS : NTP setup on EC2 
   


   AWS: jq with AWS
   


   AWS : AWS & OpenSSL : Creating / Installing a Server SSL Certificate 
   


   AWS : OpenVPN Access Server 2 Install 
   


   AWS : VPC (Virtual Private Cloud) 1 - netmask, subnets, default gateway, and CIDR 
   


   AWS : VPC (Virtual Private Cloud) 2 - VPC Wizard 
   


   AWS : VPC (Virtual Private Cloud) 3 - VPC Wizard with NAT 
   


   AWS : DevOps / Sys Admin Q & A (VI) - AWS VPC setup (public/private subnets with NAT) 
   


   AWS : OpenVPN Protocols : PPTP, L2TP/IPsec, and OpenVPN 
   


   AWS : Autoscaling group (ASG) 
   


   AWS : Setting up Autoscaling Alarms and Notifications via CLI and Cloudformation 
   


   AWS : Adding a SSH User Account on Linux Instance 
   


   AWS : Windows Servers - Remote Desktop Connections using RDP 
   


   AWS : Scheduled stopping and starting an instance - python & cron 
   


   AWS : Detecting stopped instance and sending an alert email using Mandrill smtp 
   


   AWS : Elastic Beanstalk with NodeJS 
   


   AWS : Elastic Beanstalk Inplace/Rolling Blue/Green Deploy 
   


   AWS : Identity and Access Management (IAM) Roles for Amazon EC2 
   


   AWS : Identity and Access Management (IAM) Policies, sts AssumeRole, and delegate access across AWS accounts 
   


   AWS : Identity and Access Management (IAM) sts assume role via aws cli2
   


   AWS : Creating IAM Roles and associating them with EC2 Instances in CloudFormation 
   


   AWS Identity and Access Management (IAM) Roles, SSO(Single Sign On), SAML(Security Assertion Markup Language), IdP(identity provider), STS(Security Token Service), and ADFS(Active Directory Federation Services) 
   


   AWS : Amazon Route 53 
   


   AWS : Amazon Route 53 - DNS (Domain Name Server) setup 
   


   AWS : Amazon Route 53 - subdomain setup and virtual host on Nginx 
   


   AWS Amazon Route 53 : Private Hosted Zone 
   


   AWS : SNS (Simple Notification Service) example with ELB and CloudWatch 
   


   AWS : Lambda with AWS CloudTrail 
   


   AWS : SQS (Simple Queue Service) with NodeJS and AWS SDK 
   


   AWS : Redshift data warehouse 
   


   AWS : CloudFormation - templates, change sets, and CLI 
   


   AWS : CloudFormation Bootstrap UserData/Metadata 
   


   AWS : CloudFormation - Creating an ASG with rolling update 
   


   AWS : Cloudformation Cross-stack reference 
   


   AWS : OpsWorks 
   


   AWS : Network Load Balancer (NLB) with Autoscaling group (ASG) 
   


   AWS CodeDeploy : Deploy an Application from GitHub 
   


   AWS EC2 Container Service (ECS) 
   


   AWS EC2 Container Service (ECS) II 
   


   AWS Hello World Lambda Function 
   


   AWS Lambda Function Q & A 
   


   AWS Node.js Lambda Function & API Gateway 
   


   AWS API Gateway endpoint invoking Lambda function 
   


   AWS API Gateway invoking Lambda function with Terraform 
   


   AWS API Gateway invoking Lambda function with Terraform - Lambda Container  
   


   
   Amazon Kinesis Streams 
   


   Kinesis Data Firehose with Lambda and ElasticSearch 
   


   Amazon DynamoDB 
   


   Amazon DynamoDB with Lambda and CloudWatch
   


   Loading DynamoDB stream to AWS Elasticsearch service with Lambda 
   


   Amazon ML (Machine Learning) 
   


   Simple Systems Manager (SSM) 
   


   AWS : RDS Connecting to a DB Instance Running the SQL Server Database Engine 
   


   AWS : RDS Importing and Exporting SQL Server Data 
   


   AWS : RDS PostgreSQL & pgAdmin III 
   


   AWS : RDS PostgreSQL 2 - Creating/Deleting a Table 
   


   AWS : MySQL Replication : Master-slave 
   


   AWS : MySQL backup & restore 
   


   AWS RDS : Cross-Region Read Replicas for MySQL and Snapshots for PostgreSQL 
   


   AWS : Restoring Postgres on EC2 instance from S3 backup 
   


   AWS : Q & A
   


   AWS : Security
   


   AWS : Security groups vs. network ACLs 
   


   AWS : Scaling-Up 
   


   AWS : Networking 
   


   AWS : Single Sign-on (SSO) with Okta 
   


   AWS : JIT (Just-in-Time) with Okta
   
   
   
   








Docker & K8s

   


   Docker install on Amazon Linux AMI 
   


   Docker install on EC2 Ubuntu 14.04 
   


   Docker container vs Virtual Machine 
   


   Docker install on Ubuntu 14.04 
   


   Docker Hello World Application 
   


   Nginx image - share/copy files, Dockerfile 
   


   Working with Docker images : brief introduction 
   


   Docker image and container via docker commands (search, pull, run, ps, restart, attach, and rm)
   


   More on docker run command (docker run -it, docker run --rm, etc.) 
   


   Docker Networks - Bridge Driver Network 
   


   Docker Persistent Storage 
   


   File sharing between host and container (docker run -d -p -v) 
   


   Linking containers and volume for datastore 
   


   Dockerfile - Build Docker images automatically I - FROM, MAINTAINER, and build context 
   


   Dockerfile - Build Docker images automatically II - revisiting FROM, MAINTAINER, build context, and caching 
   


   Dockerfile - Build Docker images automatically III - RUN 
   


   Dockerfile - Build Docker images automatically IV - CMD 
   


   Dockerfile - Build Docker images automatically V - WORKDIR, ENV, ADD, and ENTRYPOINT 
   


   Docker - Apache Tomcat
   


   Docker - NodeJS
   


   Docker - NodeJS with hostname
   


   Docker Compose - NodeJS with MongoDB
   

   
   Docker - Prometheus and Grafana with Docker-compose
   


   Docker - StatsD/Graphite/Grafana
   


   Docker - Deploying a Java EE JBoss/WildFly Application on AWS Elastic Beanstalk Using Docker Containers
   


   Docker : NodeJS with GCP Kubernetes Engine
   


   Docker : Jenkins Multibranch Pipeline with Jenkinsfile and Github
   


   Docker : Jenkins Master and Slave
   


   Docker - ELK : ElasticSearch, Logstash, and Kibana
   


   Docker - ELK 7.6 : Elasticsearch on Centos 7
   Docker - ELK 7.6 : Filebeat on Centos 7
   


   Docker - ELK 7.6 : Logstash on Centos 7
   


   Docker - ELK 7.6 : Kibana on Centos 7 Part 1 
   


   Docker - ELK 7.6 : Kibana on Centos 7 Part 2
   


   Docker - ELK 7.6 : Elastic Stack with Docker Compose
   


   Docker - Deploy Elastic Cloud on Kubernetes (ECK) via Elasticsearch operator on minikube
   


   Docker - Deploy Elastic Stack via Helm on minikube
   


   Docker Compose - A gentle introduction with WordPress 
   


   Docker Compose - MySQL
   


   MEAN Stack app on Docker containers : micro services
   


   Docker Compose - Hashicorp's Vault and Consul Part A (install vault, unsealing, static secrets, and policies) 
   


   Docker Compose - Hashicorp's Vault and Consul Part B (EaaS, dynamic secrets, leases, and revocation) 
   


   Docker Compose - Hashicorp's Vault and Consul Part C (Consul) 
   


   Docker Compose with two containers - Flask REST API service  container and an Apache server container
   


   Docker compose : Nginx reverse proxy with multiple containers
   


   Docker compose : Nginx reverse proxy with multiple containers
   


   Docker & Kubernetes : Envoy - Getting started
   


   Docker & Kubernetes : Envoy - Front Proxy
   


   Docker & Kubernetes :  Ambassador - Envoy API Gateway on Kubernetes
   



   Docker Packer 
   


   Docker Cheat Sheet 
   


   Docker Q & A 
   


   Kubernetes Q & A - Part I
   


   Kubernetes Q & A - Part II
   


   Docker - Run a React app in a docker
   


   Docker - Run a React app in a docker II (snapshot app with nginx)
   


   Docker - NodeJS and MySQL app with React in a docker
   


   Docker - Step by Step NodeJS and MySQL app with React - I
   


   Installing LAMP via puppet on Docker 

   


   Docker install via Puppet 
   


   Nginx Docker install via Ansible 
   


   Apache Hadoop CDH 5.8 Install with QuickStarts Docker 
   


   Docker - Deploying Flask app to ECS 
   


   Docker Compose - Deploying WordPress to AWS
   


   Docker - WordPress Deploy to ECS with Docker-Compose (ECS-CLI EC2 type) 
   

      
   Docker - ECS Fargate 
   


   Docker - AWS ECS service discovery with Flask and Redis 
   


   Docker & Kubernetes: minikube version: v1.31.2, 2023 
   


   Docker & Kubernetes 1 : minikube 
   


   Docker & Kubernetes 2 : minikube Django with Postgres - persistent volume 
   


   Docker & Kubernetes 3 : minikube Django with Redis and Celery 
   


   Docker & Kubernetes 4 : Django with RDS via AWS Kops 
   


   Docker & Kubernetes : Kops on AWS 
   


   Docker & Kubernetes : Ingress controller on AWS with Kops
   


   Docker & Kubernetes : HashiCorp's Vault and Consul on minikube 
   


   Docker & Kubernetes : HashiCorp's Vault and Consul - Auto-unseal using Transit Secrets Engine 
   


   Docker & Kubernetes : Persistent Volumes & Persistent Volumes Claims - hostPath and annotations 
   


   Docker & Kubernetes : Persistent Volumes - Dynamic volume provisioning 
   


   Docker & Kubernetes : DaemonSet 
   


   Docker & Kubernetes : Secrets 
   


   Docker & Kubernetes : kubectl command
   


   Docker & Kubernetes : Assign a Kubernetes Pod to a particular node in a Kubernetes cluster 
   


   Docker & Kubernetes : Configure a Pod to Use a ConfigMap 
   


   AWS : EKS (Elastic Container Service for Kubernetes) 
   


   Docker & Kubernetes : Run a React app in a minikube
   


   Docker & Kubernetes : Minikube install on AWS EC2
   


   Docker & Kubernetes : Cassandra with a StatefulSet
   


   Docker & Kubernetes : Terraform and AWS EKS 
   


   Docker & Kubernetes : Pods and Service definitions
   


   Docker & Kubernetes : Headless service and discovering pods
   


   Docker & Kubernetes : Service IP and the Service Type
   


   Docker & Kubernetes : Kubernetes DNS with Pods and Services 
   


   Docker & Kubernetes - Scaling and Updating application
   


   Docker & Kubernetes : Horizontal pod autoscaler on minikubes
   


   Docker & Kubernetes : NodePort vs LoadBalancer vs Ingress 
   


   Docker & Kubernetes : Load Testing with Locust on GCP Kubernetes 
   


   Docker & Kubernetes : From a monolithic app to micro services on GCP Kubernetes 
   


   Docker & Kubernetes : Rolling updates
   


   Docker & Kubernetes : Deployments to GKE (Rolling update, Canary and Blue-green deployments) 
   


   Docker & Kubernetes : Slack Chat Bot with NodeJS on GCP Kubernetes 
   


   Docker & Kubernetes : Continuous Delivery with Jenkins Multibranch Pipeline for Dev, Canary, and Production Environments on GCP Kubernetes 
   


   Docker & Kubernetes - MongoDB with StatefulSets on GCP Kubernetes Engine 
   


   Docker & Kubernetes : Nginx Ingress Controller on minikube 
   


   Docker & Kubernetes : Setting up Ingress with NGINX Controller on Minikube (Mac) 
   


   Docker & Kubernetes : Nginx Ingress Controller for Dashboard service on Minikube
   


   Docker & Kubernetes : Nginx Ingress Controller on GCP Kubernetes 
   


   Docker & Kubernetes : Kubernetes Ingress with AWS ALB Ingress Controller in EKS 
   


   Docker & Kubernetes : MongoDB / MongoExpress on Minikube
   


   Docker & Kubernetes : Setting up a private cluster on GCP Kubernetes 
   


   Docker & Kubernetes : Kubernetes Namespaces (default, kube-public, kube-system) and switching namespaces (kubens) 
   


   Docker & Kubernetes : StatefulSets on minikube 
   


   Docker & Kubernetes : StatefulSets on minikube 
   


   Docker & Kubernetes : RBAC
   


   Docker & Kubernetes Service Account, RBAC, and IAM
   


   Docker & Kubernetes - Kubernetes Service Account, RBAC, IAM with EKS ALB, Part 1
   


   Docker & Kubernetes : Helm Chart
   


   Docker & Kubernetes : My first Helm deploy
   


   Docker & Kubernetes : Readiness and Liveness Probes
   


   Docker & Kubernetes : Helm chart repository with Github pages
   


   Docker & Kubernetes : Deploying WordPress and MariaDB with Ingress to Minikube using Helm Chart
   


   Docker & Kubernetes : Deploying WordPress and MariaDB to AWS using Helm 2 Chart
   


   Docker & Kubernetes : Deploying WordPress and MariaDB to AWS using Helm 3 Chart
   


   Docker & Kubernetes : Helm Chart for Node/Express and MySQL with Ingress
   


   Docker & Kubernetes : Docker_Helm_Chart_Node_Expess_MySQL_Ingress.php
   


   Docker & Kubernetes: Deploy Prometheus and Grafana using Helm and Prometheus Operator - Monitoring Kubernetes node resources out of the box
   


   Docker & Kubernetes : Deploy Prometheus and Grafana using kube-prometheus-stack Helm Chart
   


   Docker & Kubernetes : Istio (service mesh) sidecar proxy on GCP Kubernetes 
   


   Docker & Kubernetes : Istio on EKS 
   


   Docker & Kubernetes : Istio on Minikube with AWS EC2 for Bookinfo Application 
   


   Docker & Kubernetes : Deploying .NET Core app to Kubernetes Engine and configuring its traffic managed by Istio (Part I) 
   


   Docker & Kubernetes : Deploying .NET Core app to Kubernetes Engine and configuring its traffic managed by Istio (Part II - Prometheus, Grafana, pin a service, split traffic, and inject faults) 
   


   Docker & Kubernetes : Helm Package Manager with MySQL on GCP Kubernetes Engine 
   


   Docker & Kubernetes : Deploying Memcached on Kubernetes Engine 
   


   Docker & Kubernetes : EKS Control Plane (API server) Metrics with Prometheus 
   


   Docker & Kubernetes : Spinnaker on EKS with Halyard 
   


   Docker & Kubernetes : Continuous Delivery Pipelines with Spinnaker and Kubernetes Engine 
   


   Docker & Kubernetes: Multi-node Local Kubernetes cluster - Kubeadm-dind(docker-in-docker) 
   


   Docker & Kubernetes: Multi-node Local Kubernetes cluster - Kubeadm-kind(k8s-in-docker) 
   


   Docker & Kubernetes : nodeSelector, nodeAffinity, taints/tolerations, pod affinity and anti-affinity - Assigning Pods to Nodes
   


   Docker & Kubernetes : Jenkins-X on EKS 
   


   Docker & Kubernetes : ArgoCD App of Apps with Heml on Kubernetes
   


   Docker & Kubernetes : ArgoCD on Kubernetes cluster
   


   Docker & Kubernetes : GitOps with ArgoCD for Continuous Delivery to Kubernetes clusters (minikube) - guestbook
   











Terraform

   


   Introduction to Terraform with AWS elb & nginx
   


   Terraform Tutorial - terraform format(tf) and interpolation(variables)
   


   Terraform Tutorial - user_data
   


   Terraform Tutorial - variables
   


   Terraform 12 Tutorial - Loops with count, for_each, and for
   


   Terraform Tutorial - creating multiple instances (count, list type and element() function)
   


   Terraform Tutorial - State (terraform.tfstate) & terraform import
   


   Terraform Tutorial - Output variables
   


   Terraform Tutorial - Destroy
   


   Terraform Tutorial - Modules
   


   Terraform Tutorial - Creating AWS S3 bucket / SQS queue resources and notifying bucket event to queue
   


   Terraform Tutorial - AWS ASG and Modules
   


   Terraform Tutorial - VPC, Subnets, RouteTable, ELB, Security Group, and Apache server I
   


   Terraform Tutorial - VPC, Subnets, RouteTable, ELB, Security Group, and Apache server II
   


   Terraform Tutorial - Docker nginx container with ALB and dynamic autoscaling
   


   Terraform Tutorial - AWS ECS using Fargate : Part I
   


   Hashicorp Vault
   


   HashiCorp Vault Agent
   


   HashiCorp Vault and Consul on AWS with Terraform
   


   Ansible with Terraform 
   


   AWS IAM user, group, role, and policies - part 1
   


   AWS IAM user, group, role, and policies - part 2
   


   Delegate Access Across AWS Accounts Using IAM Roles
   


   AWS KMS
   


   terraform import & terraformer import
   


   Terraform commands cheat sheet 
   


   Terraform Cloud 
   


   Terraform 14 
   


   Creating Private TLS Certs 
   





 








Ansible 2.0

   


   What is Ansible? 
   


   Quick Preview - Setting up web servers with Nginx, configure environments, and deploy an App
   


   SSH connection & running commands 
   


   Ansible: Playbook for Tomcat 9 on Ubuntu 18.04 systemd with AWS 
   


   Modules 
   


   Playbooks 
   


   Handlers 
   


   Roles 
   


   Playbook for LAMP HAProxy 
   


   Installing Nginx on a Docker container 
   


   AWS : Creating an ec2 instance & adding keys to authorized_keys
   


   AWS : Auto Scaling via AMI
   


   AWS : creating an ELB & registers an EC2 instance from the ELB
   


   Deploying Wordpress micro-services with Docker containers on Vagrant box via Ansible 
   


   Setting up Apache web server 
   


   Deploying a Go app to Minikube 
   


   Ansible with Terraform 
   





 








Jenkins

   


   Install 
   


   Configuration - Manage Jenkins - security setup 
   


   Adding job and build 
   


   Scheduling jobs 
   


   Managing_plugins 
   


   Git/GitHub plugins, SSH keys configuration, and Fork/Clone 
   


   JDK & Maven setup 
   


   Build configuration for GitHub Java application with Maven 
   


   Build Action for GitHub Java application with Maven - Console Output, Updating Maven 
   


   Commit to changes to GitHub & new test results - Build Failure 
   


   Commit to changes to GitHub & new test results - Successful Build 
   


   Adding code coverage and metrics 
   


   Jenkins on EC2 - creating an EC2 account, ssh to EC2, and install Apache server 
   


   Jenkins on EC2 - setting up Jenkins account, plugins, and Configure System (JAVA_HOME, MAVEN_HOME, notification email) 
   


   Jenkins on EC2 - Creating a Maven project 
   


   Jenkins on EC2 - Configuring GitHub Hook and Notification service to Jenkins server for any changes to the repository 
   


   Jenkins on EC2 - Line Coverage with JaCoCo plugin 
   


   Setting up Master and Slave nodes 
   


   Jenkins Build Pipeline & Dependency Graph Plugins 
   


   Jenkins Build Flow Plugin 
   


   Pipeline Jenkinsfile with Classic / Blue Ocean
   


   Jenkins Setting up Slave nodes on AWS 
   


   Jenkins Q & A 
   


 








Puppet

   


   Puppet with Amazon AWS I - Puppet accounts 
   


   Puppet with Amazon AWS II (ssh & puppetmaster/puppet install) 
   


   Puppet with Amazon AWS III - Puppet running Hello World 
   


   Puppet Code Basics - Terminology 
   


   Puppet with Amazon AWS on CentOS 7 (I) - Master setup on EC2 
   


   Puppet with Amazon AWS on CentOS 7 (II) - Configuring a Puppet Master Server with Passenger and Apache 
   


   Puppet master /agent ubuntu 14.04 install on EC2 nodes  
   


   Puppet master post install tasks - master's names and certificates setup,  
   


   Puppet agent post install tasks - configure agent, hostnames, and sign request 
   


   EC2 Puppet master/agent basic tasks - main manifest with a file resource/module and immediate execution on an agent node 
   


   Setting up puppet master and agent with simple scripts on EC2 / remote install from desktop 
   


   EC2 Puppet - Install lamp with a manifest ('puppet apply') 
   


   EC2 Puppet - Install lamp with a module  
   


   Puppet variable scope 
   


   Puppet packages, services, and files 
   


   Puppet packages, services, and files II with nginx 
   Puppet templates 
   


   Puppet creating and managing user accounts with SSH access 
   


   Puppet Locking user accounts & deploying sudoers file 
   


   Puppet exec resource 
   


   Puppet classes and modules 
   


   Puppet Forge modules 
   


   Puppet Express 
   


   Puppet Express 2 
   


   Puppet 4 : Changes 
   


   Puppet --configprint 
   


   Puppet with Docker 
   


   Puppet 6.0.2 install on Ubuntu 18.04 
   










Chef

   


   What is Chef? 
   


   Chef install on Ubuntu 14.04 - Local Workstation via omnibus installer 
   


   Setting up Hosted Chef server 
   


   VirtualBox via Vagrant with Chef client provision 
   


   Creating and using cookbooks on a VirtualBox node 
   


   Chef server install on Ubuntu 14.04 
   


   Chef workstation setup on EC2 Ubuntu 14.04 
   


   Chef Client Node - Knife Bootstrapping a node on EC2 ubuntu 14.04 
   



 










Vagrant

   


   VirtualBox & Vagrant install on Ubuntu 14.04 
   


   Creating a VirtualBox using Vagrant 
   


   Provisioning 
   


   Networking - Port Forwarding 
   


   Vagrant Share 
   


   Vagrant Rebuild & Teardown 
   


   Vagrant & Ansible 
   












Redis In-Memory Database

   


   Redis vs Memcached
   


   Redis 3.0.1 Install 
   


   Setting up multiple server instances on a Linux host 
   


   Redis with Python 
   


   ELK : Elasticsearch with Redis broker and Logstash Shipper and Indexer










Git/GitHub Tutorial

   


   One page express tutorial for GIT and GitHub
   


   Installation
   


   add/status/log
   


   commit and diff
   


   git commit --amend
   


   Deleting and Renaming files
   


   Undoing Things : File Checkout & Unstaging
   


   Reverting commit
   


   Soft Reset - (git reset --soft <SHA key>) 
   


   Mixed Reset - Default
   


   Hard Reset - (git reset --hard <SHA key>)
   


   Creating & switching Branches
   


   Fast-forward merge
   


   Rebase & Three-way merge
   


   Merge conflicts with a simple example
   


   GitHub Account and SSH
   


   Uploading to GitHub
   


   GUI
   


   Branching & Merging
   


   Merging conflicts
   


   GIT on Ubuntu and OS X - Focused on Branching
   


   Setting up a remote repository / pushing local project and cloning the remote repo
   


   Fork vs Clone, Origin vs Upstream
   


   Git/GitHub Terminologies
   


   Git/GitHub via SourceTree I : Commit & Push
   


   Git/GitHub via SourceTree II : Branching & Merging
   


   Git/GitHub via SourceTree III : Git Work Flow
   


   Git/GitHub via SourceTree IV : Git Reset
   


   Git Cheat sheet - quick command reference
   











Subversion

   Subversion Install On Ubuntu  14.04
   


   Subversion creating and accessing I
   


   Subversion creating and accessing II








Powershell 4 Tutorial

   


   Powersehll : Introduction
   


   Powersehll : Help System
   


   Powersehll : Running commands
   


   Powersehll : Providers
   


   Powersehll : Pipeline
   


   Powersehll : Objects
   


   Powershell : Remote Control
   


   Windows Management Instrumentation (WMI)
   


   How to Enable Multiple RDP Sessions in Windows 2012 Server
   


   How to install and configure FTP server on IIS 8 in Windows 2012 Server
   


   How to Run Exe as a Service on Windows 2012 Server
   


   SQL Inner, Left, Right, and Outer Joins