DevOps Lesson

• Check-In
• NGINX
  • Configuration
    • Load Balancing
    • HTTP Headers
  • Check In
• Hacks
  • Bonus (0.05)
• CORS Hacks
• KASM Hacks

import socket

# Change the following host and see what IP it prints!
host = "google.com"
ip = socket.gethostbyname(host)

print(ip)

142.250.189.14

with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
    s.connect((ip, 80))
    print("Successfully connected!")

Successfully connected!

Check-In

1. What is an IP address?
2. What is a TCP port?

with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
    s.connect((ip, 80))

    # Send a GET request to "/"
    s.sendall(b"GET / HTTP/1.1\r\n\r\n")

    # Recieve & print 2048 bytes of data
    data = s.recv(2048)
    print(data.decode())

HTTP/1.1 200 OK
Date: Thu, 27 Apr 2023 22:04:54 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=ISO-8859-1
Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-qjH_lvwALNenvk_qckl6Qw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
Server: gws
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Set-Cookie: 1P_JAR=2023-04-27-22; expires=Sat, 27-May-2023 22:04:54 GMT; path=/; domain=.google.com; Secure
Set-Cookie: AEC=AUEFqZfmPVg1tZ_4OYbo-krQf7JIQd4wo0i5YR-8sAR-wzOo1eZ9_l4oGSE; expires=Tue, 24-Oct-2023 22:04:54 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
Set-Cookie: NID=511=oULOS7XWtPQsz9ydIb8q_9VIA0bAziMagTz007aumwhfdvotBsFf2lwKyvmi5OpqI91JroSVFI9argGPWne0h2ZZdnN6KTavyHoN_nc2GWbVVXjTYBWuqa6S84JC2zKTorsyJZZngW05s29KCwNRQ_SH8GWKb-W4BRwGarb9zME; expires=Fri, 27-Oct-2023 22:04:54 GMT; path=/; domain=.google.com; HttpOnly
Accept-Ranges: none
Vary: Accept-Encoding
Transfer-Encoding: chunked

57ba
<!doctype html><html itemscope="" itemtype="http://schema.org/WebPage" lang="en"><head><meta content="Search the world's information, including webpages, images, videos and more. Google has many special features to help you find exactly what you're looking for." name="description"><meta content="noodp" name="robots"><meta content="text/html; charset=UTF-8" http-equiv="Content-Type"><meta content="/images/branding/googleg/1x/googleg_standard_color_128dp.png" itemprop="image"><title>Google</title><script nonce="qjH_lvwALNenvk_qckl6Qw">(function(){window.google={kEI:'hvFKZLrIF-XAkPIP98uAiAw',kEXPI:'0,18167,184443,1156799,6058,207,4804,2316,383,246,5,1129120,1197762,632,302568,77528,16115,28684,22430,1362,12311,2824,1930,12834,4998,13228,3847,6884,31560,887,1985,2891,3926,213,4209,3406,606,29842,30848,15324,432,3,1590,1,16916,2652,4,1528,2304,923,28139,13065,13658,2980,1457,16786,

import requests

# Change the URL to whatever you'd like
response = requests.get("https://google.com")

print("Status code:", response.status_code)
print("Headers:", response.headers)
print("Response text:", response.text[:100])

# Add a line to print the "Content-Type" header of the response
# Try an image URL!

Status code: 200
Headers: {'Date': 'Thu, 27 Apr 2023 22:04:57 GMT', 'Expires': '-1', 'Cache-Control': 'private, max-age=0', 'Content-Type': 'text/html; charset=ISO-8859-1', 'Content-Security-Policy-Report-Only': "object-src 'none';base-uri 'self';script-src 'nonce-JC5SqUuWOlDNHbYo1IZZMQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp", 'P3P': 'CP="This is not a P3P policy! See g.co/p3phelp for more info."', 'Content-Encoding': 'gzip', 'Server': 'gws', 'X-XSS-Protection': '0', 'X-Frame-Options': 'SAMEORIGIN', 'Set-Cookie': '1P_JAR=2023-04-27-22; expires=Sat, 27-May-2023 22:04:57 GMT; path=/; domain=.google.com; Secure, AEC=AUEFqZfOburHYoih5mZwrgHUbEnv7tmdooB1zdz0nHvIdxYpF-bgOlqOGA; expires=Tue, 24-Oct-2023 22:04:57 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax, NID=511=FVhXkqK485TFIuqI1diBXz-vKIyvGqwLs6AlylN9H81rURYms43TWKlIH0vCiPhm6Sbfm9B182sk_b6vzhvGuoYkFg9w50MdMSr9E08PBTcz97Fhws8nQ_7EDhXYH1GyD5kJGBwftB3nbMIJcC-V00-6eLvuSKCkIyQ7V5lu0M0; expires=Fri, 27-Oct-2023 22:04:57 GMT; path=/; domain=.google.com; HttpOnly', 'Alt-Svc': 'h3=":443"; ma=2592000,h3-29=":443"; ma=2592000', 'Transfer-Encoding': 'chunked'}
Response text: <!doctype html><html itemscope="" itemtype="http://schema.org/WebPage" lang="en"><head><meta content

NGINX

aws = "3.130.255.192"

response = requests.get("http://" + aws)
print(response.text)

<html><head><title>ContentKeeper</title></heQad>
<body bgcolor="#A02E5F" text="White" link="Lime" vlink="Aqua">
<center><br><h1>ContentKeeper<br>Non-Managed Site</h1>
No access is available to NON-Managed Sites.<br><br>
<table border="1" cellspacing="0">
<tr><td>URL</td><td><b>3.130.255.192</b></td></tr>
<tr><td>Username</td><td><b>1900706/pusd</b></td></tr></table>
</body></html>

Configuration

server {
    // Listen on virtual "port 80"
    listen 80;
    listen [::]:80;
    server_name 3.130.255.192;

    location / {
        // Inform server about original client
        proxy_set_header        Host $host;
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-Proto $scheme;

        // Forward all requests transparently to the server running on our computer
        proxy_pass              http://localhost:8080;

        add_header Date $date_gmt;

    }
}

Load Balancing

upstream example.com {
    server server1.example.com;
    server server1.example.com;
}

HTTP Headers

server {
    add_header X-Cool-Header "I love APCSP!";

    location /pages {
        add_header X-Cooler-Header "This is my secret header!";
    }
}

Check In

1. Research 1 HTTP header and describe, in detail, its purpose.

   Like shown above, date is a header, it's purpose is to show the date

2. Write a line in a sample NGINX configuration that will add that specific header to the /information location

   "add_header Date $date_gmt;"

3. Explain the purpose of the load balancing performed by NGINX

   As NGINX works as a reverse proxy, load balancing is vital to distribute traffic across and make everything run smoother

4. Modify the following code block to obtain the value of the secret header on /products of the AWS site

   done

aws = "3.130.255.192"

response = requests.get("http://" + aws+ "/products")

print("The secret header is:", response.headers['X-Cooler-Header'])

The secret header is: This is my secret header!

Hacks

• Complete the above check-in questions and change the hosts (0.1)

  I dont know if I did it right but I tried

• Complete the above code-segment to retrieve the secret header (0.1)

  got the secret header

Bonus (0.05)

Create a diagram showing the layers of abstraction that allow us to use HTTP (IP, TCP, etc.) Too much work ima be honest

CORS Hacks

1. Explain what CORS is and what it stands for

   Cross-Origin Resource Sharing, its a request to access from a site. It is a security feature to block malicious data.

2. Describe how you would be able to implement CORS into your own websites

   You have to include CORS in you header and make sure everything matches to what you desire

3. Describe why you would want to implement CORS into your own websites

   To protect your users from sending or receiving harmful data

4. How could use CORS to benefit yourself in the future?

   I could use it in one of my future projects to add a layer of security to protect my users.

Total: 0.2 points

KASM Hacks

1. What is the purpose of "sudo" when running commands in terminal?

   adding sudo makes it have admin access

2. What are some commands which allow us to look at how the storage of a machine is set up as?

   The most common one that is used is "df". Some others one are "du", "fdisk", and "parted"

3. What do you think are some alternatives to running "curl -O" to get the zip file for KASM?

   Using wget is probably the easiest and fast. You can always download the file or run another type of command.

4. What kind of commands do you think the "install.sh" command has and why is it necessary to call it?

   It has all types of configs and necessary files that you have to install in order for KASM and other apps to work

5. Explain in at least 3-4 sentences how deploying KASM is related to/requires other topics talked about in the lesson and/or potential ways to add things mentioned in the lesson to this guide.

   Deploying KASM requires a good understanding of some of the things we learned about. Knowing how to configure KASM is important cause you want to keep malware out. You also need to know some things about kernals because each function differently and relate to usage of KASM. You need to also know how to implement KASM into pre-existing programs as its gonna be a different situation for every project

Total: 0.2 points