DEV Community: Ezequiel Esnaola

HTTP/2 vs HTTP/3

Ezequiel Esnaola — Fri, 17 Apr 2020 13:12:27 +0000

HTTP/3 is the new official version of the hypertext transfer protocol used to exchange binary information on the web. The most important HTTP/3 improvements come from QUIC, a new network layer protocol developed by Google in 2016.

What's the main difference with HTTP/2?

HTTP/3 implement a new layer protocol called QUIC (Quick UDP Internet Connection). This supports a set of multiplexed connections over UDP and has been designed to provide TLS 1.3 by default by, reducing latency in both connection and data transport.

Source: How quick is QUIC?

Connection establishment latency Definitely the main improvement! QUIC only needs a single handshake to establish a safe session. Also, after the server and client established connections for the first time, a new handshake is no longer necessary.
Connection migration Very valuable feature! QUIC brings its own unique identifier for a connection, it allows you to transfer networks and keep the same connection UUID. For example it allows to go from LTE to WIFI without renegotiating the session.
Multiplexing without HOL blocking HOL(head-of-line) blocking is what happens when you request multiple objects, and a small object gets stuck because a preceding large object got delayed. By using multiple streams, lost packets carrying data for an individual stream only impact that specific stream. Therefore, QUIC does significantly decrease HOL blocking. Also, allowing the developer to actually choose what are the most important requests, based on characteristics other than their size, it could be tremendously helpful in improving the overall user experience.

What's the problem with TCP?

TCP needs a handshake to establish a session between server and client, and TLS needs its own handshake to ensure that the session is secured. QUIC only needs a single handshake to establish a secure session. As simple as that, you get the connection establishment time cut in half.

Is it possible to use HTTP/3 at this very moment?

At this time few sites are compatible with this new protocol and most browsers are not yet ready.

Source: https://caniuse.com/http3

To check which websites are compatible, enter here and search for your favorite website.

Thanks for reading!

Let's Encrypt SSL with auto-renew on GoDaddy in 4 steps

Ezequiel Esnaola — Thu, 16 Apr 2020 15:50:49 +0000

I recently tried to install a Let's Encrypt SSL certificate on GoDaddy and I did'n find enough information to configure auto-renew.

It is simplified in 4 simple steps steps everything you need to install a free certificate and save some 💸💸💸

1. Connecting via SSH to your server

You must enable SSH access from your cPanel and log in with your credentials.

$ ssh [username]@[hostname]

2. Install acme.sh

Download this repo and install it.

$ curl https://get.acme.sh | sh

3. Issue the certificate

You only need write access to the web root folder to issue the certificate.

$ acme.sh --force --issue -d example.com -d www.example.com  -w /home/[username]/public_html

4. Deploy the certificate

There are 2 ways to implement the certificate and both leave the cronjob configured.

a. Deploy SSL to cPanel using UAPI (GoDaddy option)

This hook is using UAPI and works in cPanel & WHM version 56 or newer.

$ acme.sh --deploy -d example.com -d www.example.com --deploy-hook cpanel_uapi

b. Deploy SSL to cPanel (other cPanel version)

DEPLOY_CPANEL_USER and DEPLOY_CPANEL_PASSWORD is required only once.

$ export DEPLOY_CPANEL_USER=myusername
$ export DEPLOY_CPANEL_PASSWORD=PASSWORD
$ acme.sh --deploy -d example.com -d www.example.com --deploy-hook cpanel

For more documentation see the GitHub Wiki

I hope this may help you!

Manage SSH access with AWS IAM

Ezequiel Esnaola — Tue, 28 May 2019 13:23:47 +0000

When I started working at my current job I found that all the developers used the same key to access all the servers by ssh.

Looking for a solution I found a script that synchronizes the ssh keys with the users of IAM.

The problem was that all our infrastructure was based on Elastic Beanstalk and the solution was designed for EC2. If it was installed manually as in EC2 it would be erased when the instance is rebuilt.

To solve this problem, create a script that installs the package after each deploy (in case it is not installed previously) and then configure it.

To use this script it is necessary to save it in the .ebextensions folder and then make a new build.

Update June 2019: Check out Amazon EC2 Instance Connect as a replacement for this script.

For more documentation see the GitHub repository.

How to store private keys securely in AWS S3 for use with Elastic Beanstalk

Ezequiel Esnaola — Fri, 24 May 2019 14:09:30 +0000

The private keys that you use in a project should not be compromised with the source code. The best option is to configure Elastic Beanstalk to download the file from AWS S3 during the deploy of the application.

The following example shows an Elastic Beanstalk's configuration file getting a private key file from an S3 bucket.

# .ebextensions/serverkey.config
Resources:
  AWSEBAutoScalingGroup:
    Metadata:
      AWS::CloudFormation::Authentication:
        S3Auth:
          type: "s3"
          buckets: ["elasticbeanstalk-region-account-id"]
          roleName: 
            "Fn::GetOptionSetting": 
              Namespace: "aws:autoscaling:launchconfiguration"
              OptionName: "IamInstanceProfile"
              DefaultValue: "aws-elasticbeanstalk-ec2-role"
files:
  # Private key
  "/etc/pki/tls/certs/server.key":
    mode: "000400"
    owner: webapp
    group: webapp
    authentication: "S3Auth"
    source: https://s3.amazonaws.com/elasticbeanstalk-region-account-id/server.key

The instance profile "aws-elasticbeanstalk-ec2-role" must have permission to read the key object from the specified bucket. Look here to see how to do it.

You made set the url with an environment variable like this:

source: { "Fn::Join" : ["", ["https://s3.amazonaws.com/elasticbeanstalk-region-account-id/", {"Fn::GetOptionSetting": {"Namespace": "aws:elasticbeanstalk:application:environment", "OptionName": "APP_ENV"}}, ".key"]]}

Hope you have a good day!

Changing the Git history

Ezequiel Esnaola — Thu, 09 May 2019 13:06:25 +0000

After a month of having formatted my work computer, I noticed that my mail configured in GIT was wrong. This caused my commits to not recognize me as the author and not appear on my account activity.

If this error is detected after a single commit, it can be easily solved with the following command:

git commit --amend --author="Correct Name <youremail@example.com>"

If it is detected after several commits, as happened to me, the best solution is this:

I hope you enjoyed my first post ever on dev.to!