Dec 25

AWS CloudWatch Apache HTTP monitoring

AWS CloudWatch provides custom metric monitoring. It is very useful when require to monitor performance of the custom application or server. Here we are going to guide how monitor Apache HTTP server performance using AWS CloudWatch custom metrics. All the installation and configuration performed on CentOS, most of the commands work on any LINUX / UNIX like system. If you need more details, you may can visit official documentation. I always try to attach official docs where it is possible.

1) Install aws cli

 

You can find details guidelines from official documents

Once the installation is completed, you can verify installed version using following command.

2) Create IAM user with “Programmatic access” and assign following policy to the user.

 

please note down “access key ID and secret access key” which is needed on next step.

3) Configure AWS client

 

execute following command as root user. you must enter Key ID and secret key. you should enter region name where your EC2 instance is running.
please refer this link to obtain your region name code
you can keep output format as none.

4) Create simple shell script to push data into AWS Cloudwatch

 

you may can replace localhost with your EC2 instance private IP. Here we are interested to push Busy Workers,Idle worker and Connection Total data to CloudWatch, but there are few other metrics are available on server status page . you can get full list of metrics by visiting http://<your server IP>/server-status?auto

 

5) Set cron job to push data

setup cronjob to execute above shell script to run every 5 minutes

6) How to view AWS CloudWatch custom metrics

i) Go to AWS CloudWatch

ii) Then select Metrics menu from left hand side bottom.

iii) Select “All metrics” tab , and you can see “EC2:HTTP-Apache” under Custom Namespaces

iv) Example output of the graph is as follows.(you should send data frequently to CloudWatch to generate useful graph)

 

AWS CloudWatch custom metrics raph

Dec 01

Solved – AWS RDS MySQL ERROR 1227 (42000) at line : Access denied

When your are trying to import your data into RDS MySQL, it may prompt with following error message. “ERROR 1227 (42000) at line xxx: Access denied; you need (at least one of) the SUPER privilege(s) for this operation

 

Error!

ERROR 1227 (42000) at line xxx: Access denied; you need (at least one of) the SUPER privilege(s) for this operation

This can be fixed by removing the DEFINER from MySQL dump. You can use following simple command to fix this issue.

 

there are alternative solution which provided by AWS premium support knowledge base , But that does not work for me. You can try that out if I above mentioned work around does not work.

Let’s look at why there is limited permission on RDS MySQL .

As you might be aware, AWS RDS (Relational Database Service) is a managed service  and hence in order to guarantee the stability of RDS instance, the permissions of master user (root user in RDS) are not same as root user in native mysql.

RDS Master user has the following permission:
SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, PROCESS, REFERENCES, INDEX, ALTER, SHOW DATABASES, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION CLIENT, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER ON *.* WITH GRANT OPTION, REPLICATION SLAVE (Only For Amazon RDS MySQL versions 5.6 and 5.7, Amazon RDS MariaDB)

So if you need more permission other than above, you have to request / inform it to AWS support team. they will do the necessary arrangement.

If you have any questions please do comment below. :)

have nice time !!

Jun 18

Letsencrypt ssl for a non standard web ports

In this tutorial, I would like to demonstrate how to use Letsencrypt ssl for a non standard web ports other than 80, 443 to generate a  SSL certificate for an Apache. If you wish, you can follow same method to implement SSL on other web servers such as nginx  and Tomcat as well. If you are new to Letsencrypt SSL, here is the brief introduction . Letsencrypt is a free, and non-profit CA (certificate authority) which owned by Internet Security  Research Group (ISRG).

please note this is done on Centos 7

01) Install cerbot

first enable the EPEL repository

how to enable EPEL repo on RHEL / Centos read this  and enable EPEL optional channel

then install cerbot using yum as follows

#yum install certbot

02) Install SSL certificate

execute following as root
#certbot certonly –manual  –preferred-challenges dns

This is the most important command, because we generate certificate manually even though cerbot provide Apache plugin. manually generated certificates are flexible so we can integrate it to any preferred web server later :) . preferred-challenges is set to dns, so domain verification is done using  TXT records

 

After that you will get similar wizard like following image. once you submit the domain. it will give DNS TXT record as challenge
. you must create it before continue. Then after it will generate ssl certificate for your domain.

certonly with dns

03) Configure SSL on Apache

you can use following Apache virtual-host config template

 

 

Letsencypt SSL for non standard port

 

04) SSL renewal

you can renew SSL certificate automatically. Add new cron just like following which runs renewal process every week. It’s recommended to reload / restart apache server, so in next line we do restart apache process as well

 

 

 

Older posts «

Fetch more items