DEV Community: Ayodeji Adesola

Setting Up a Highly Available Azure Storage Account with Public Access and Blob Management Features

Ayodeji Adesola — Fri, 13 Sep 2024 08:55:44 +0000

Recently, I worked on setting up a highly available storage account in Azure to support a public website. My goal was to ensure the storage account had high availability, enabled anonymous public access, and included additional features like soft delete and blob versioning. Here's a breakdown of the steps I followed and some key takeaways from the process.

Step 1: Creating a Highly Available Storage Account
To begin, I created a new storage account that would support the public website. I headed to the Azure portal, searched for "Storage accounts," and selected the "+ Create" option. For organization, I created a new resource group, gave it a name, and set up the storage account with a unique name (publicwebsite followed by an identifier to ensure uniqueness). I took the default settings for most of the configuration and proceeded to deploy the storage account.

Since this setup requires high availability, I needed to prepare for any potential regional outages. In the storage account settings under the "Redundancy" blade, I selected the "Read-access Geo-redundant storage" (RA-GRS) option. This setting not only provides geo-redundancy but also ensures that data can be read from a secondary region if the primary region goes down—a critical aspect for high availability.

Step 2: Enabling Anonymous Public Access
To ensure that information on the public website could be accessed without requiring customer logins, I configured the storage account to allow anonymous access to blobs. In the storage account’s "Configuration" settings, I enabled the "Allow blob anonymous access" option. This setting is essential for a public-facing website where users should be able to view content without barriers.

Step 3: Creating a Blob Storage Container with Anonymous Read Access
Next, I needed to create a blob storage container specifically for the website’s documents, images, and other content. In the "Data storage" section of the storage account, I navigated to the "Containers" blade and added a new container named public. I configured this container to allow anonymous read access by setting the public access level to "Blob (anonymous read access for blobs only)". This setting is perfect for allowing users to view or download content without needing authentication.

To test the setup, I uploaded a small file (like an image or text file) to the public container and grabbed the URL for the file. I pasted the URL into a new browser tab, and it displayed correctly—just what I needed for the public site.

Step 4: Configuring Soft Delete
One of my primary concerns was ensuring that website documents could be restored if accidentally deleted. To address this, I enabled soft delete for blobs. I went to the "Overview" blade of the storage account, located the "Blob service" section under "Properties," and enabled the "Blob soft delete" feature. I set the retention period to 21 days, which provides a decent buffer for accidental deletions.

I also practiced using this feature by deleting a test file from my container and then restoring it. After toggling the "Show deleted blobs" option, I was able to locate the deleted file, use the ellipses to restore it, and confirm the restoration by refreshing the container view. It’s a straightforward process that adds an extra layer of safety for my data.

Step 5: Enabling Blob Versioning
Lastly, I enabled blob versioning to keep track of changes and maintain different versions of the documents. This is particularly useful for a public website where content may need frequent updates. Again, in the "Overview" blade of the storage account, I found the "Versioning" setting under the "Blob service" section and enabled it.

To test versioning, I uploaded a new version of an existing file. As expected, the previous version was accessible through the "Show deleted blobs" feature, and I could easily manage different versions.

Key Takeaways
Setting up this highly available Azure storage account with public access and blob management features was a valuable exercise in understanding Azure’s storage capabilities. The configuration steps were straightforward, but the impact on data management and accessibility is significant. By leveraging RA-GRS, anonymous access, soft delete, and versioning, I created a robust storage solution that meets the needs of a public-facing application while ensuring data availability and recoverability.

Setting Up a Simple Azure Storage Account for Prototyping and Training

Ayodeji Adesola — Mon, 09 Sep 2024 07:56:23 +0000

Recently, I worked on a project where the goal was to prototype different storage scenarios and train new personnel in Azure. The data wasn’t critical, so there was no need for backups or complex recovery options if it got overwritten or removed. My task was to set up a simple and flexible storage configuration that could be easily adjusted. Here's a quick rundown of what I did and the steps I followed.

Step 1: Creating a Resource Group
To start, I needed a resource group to keep everything organized:

I went to the Azure portal and searched for Resource groups.
Then, I clicked on + Create to start the process.
I gave my resource group a name, something simple like theprotonguy, to easily identify it.
After selecting a region (which I planned to use consistently throughout the project), I hit Review and create.
Finally, I clicked Create to deploy the resource group. This step ensures all my project resources stay neatly contained.

Step 2: Creating a Storage Account
With the resource group ready, the next thing on my list was setting up a storage account:

In the Azure portal, I searched for Storage accounts and selected + Create.
I made sure to choose the resource group I just created.
For the storage account name, I needed something unique across Azure, so I went with a distinctive name like teststorageaccount.
I set the performance tier to Standard since high performance wasn’t a priority for this prototype.
After reviewing everything, I clicked Create and waited for the deployment to finish. Once done, I clicked Go to resource to jump straight into the configuration.

Step 3: Configuring Basic Settings in the Storage Account
Now came the fun part—tweaking some basic settings to match the project's needs.

Configuring Redundancy
Since this was all about keeping costs low and we didn’t need high availability, I chose the simplest redundancy option:

I navigated to the Redundancy section under Data management in the storage account.
Here, I selected Locally-redundant storage (LRS), which stores data within a single location, minimizing costs.
I hit Save to lock in the changes and confirmed everything looked good by refreshing the page.

Enforcing Secure Transfer
Security is always a priority, even for training scenarios:

Under Configuration in the Settings section, I made sure that Secure transfer required was set to Enabled.
This ensures that all data transferred to and from the storage account uses secure connections, which adds a layer of protection.

Setting the Minimum TLS Version
To keep up with best practices, I adjusted the TLS settings:

Still in the Configuration section, I set the Minimal TLS version to 1.2. This step ensures that all connections meet modern security standards.
As usual, I saved these settings before moving on.

Disabling Shared Key Access
To prevent unauthorized access while the storage was idle, I disabled shared key access:

In the same Configuration area, I found Allow storage account key access and set it to Disabled.
After saving, this ensured that no one could access the account using shared keys, keeping it secure until needed.

Allowing Public Access from All Networks
Lastly, I adjusted the networking settings to ensure the storage account was easily accessible for testing:

Under the Networking blade in Security + networking, I set Public network access to Enabled from all networks.
After saving these changes, the storage account was ready for any network to connect, making it perfect for training and prototyping.

Overall, this was a straightforward setup designed for ease of use and low cost, ideal for scenarios where the data’s not critical. It was a great hands-on way to get familiar with Azure's storage configurations while keeping things simple and flexible. If you're looking to set up something similar or have questions, feel free to ask in the comments!

Key Concepts in Cloud Engineering

Ayodeji Adesola — Sun, 08 Sep 2024 20:03:59 +0000

Cloud engineering has transformed how businesses operate by offering scalable, flexible, and reliable solutions that can be accessed globally. In this post, we will explore some fundamental concepts in cloud engineering: Virtualization, Scalability, Agility, High Availability, Fault Tolerance, Global Reach, and the difference between Elasticity and Scalability.

What is Virtualization?
Virtualization is a technology that allows you to create multiple simulated environments or virtual resources from a single physical hardware system. It abstracts the hardware of a single computer (such as a server) into multiple virtual machines (VMs) that can run different operating systems and applications independently from each other. Virtualization maximizes the use of resources by allowing multiple workloads to share the same hardware, reduces costs, and improves efficiency. It is the foundation of cloud computing, enabling the delivery of scalable and on-demand IT resources.
Scalability
Scalability refers to the ability of a system, network, or process to handle an increasing amount of work, or its potential to accommodate growth. In the context of cloud computing, scalability means that a cloud service can expand or reduce its resources and capacity to match the demand. For example, if your website experiences a sudden surge in traffic, a scalable cloud service can automatically add more computing power to manage the increased load, ensuring a smooth user experience without manual intervention.
Agility
Agility in cloud computing refers to the ability to rapidly develop, test, and deploy applications. It allows businesses to quickly respond to changes in the market or customer needs by providing the tools and environments necessary for rapid development and innovation. Agility is a critical advantage of cloud computing because it reduces the time it takes to bring new products or features to market, helping businesses stay competitive.
High Availability
High Availability (HA) refers to the ability of a system or service to operate continuously without interruption for a desired period. It is achieved through redundant components and failover strategies that ensure service continuity even if some components fail. For instance, if a server in a cloud environment goes down, another server can take over, keeping the application running. High Availability is crucial for mission-critical applications that require maximum uptime and reliability.
Fault Tolerance
Fault Tolerance is the capability of a system to continue functioning correctly even when part of the system fails. It involves designing systems in a way that they can detect failures and automatically recover from them without affecting the end-user experience. Fault-tolerant systems use redundancy, such as having multiple servers or data replication, to ensure that the system can withstand component failures and still maintain its operations.
Global Reach
Global Reach refers to the ability of cloud services to be accessed from anywhere in the world, providing a consistent and reliable experience to users regardless of their geographic location. Cloud providers have data centers distributed across various regions and continents, allowing businesses to deploy their applications closer to their customers. This reduces latency and improves performance, making services more accessible and efficient for a global audience.
What is the Difference Between Elasticity and Scalability?
Scalability and Elasticity are often used interchangeably but have distinct meanings:

Scalability is the ability of a system to grow in capacity to meet increased demand by adding resources like more servers or storage. Scalability can be achieved vertically (adding more power to an existing machine) or horizontally (adding more machines to the pool).

Elasticity, on the other hand, refers to the system’s ability to automatically adjust resources up or down based on the current workload. Elasticity is more dynamic and involves scaling both ways — expanding when demand spikes and shrinking when demand decreases, thus optimizing costs by using only the necessary resources at any given time.

In essence, scalability is about being able to grow, while elasticity is about the ability to adjust dynamically to changes in demand.

Deploy Django Web App with SSL on VPS using Nginx & Gunicorn

Ayodeji Adesola — Sat, 04 May 2024 12:30:59 +0000

Have you ever wanted to deploy your Django web application on a Virtual Private Server (VPS) with SSL encryption for secure communication? In this tutorial, we’ll walk through each step, from setting up prerequisites to configuring Nginx and Gunicorn, and finally securing your site with Let’s Encrypt SSL certificates.

Prerequisites:

Before we dive in, let’s ensure we have all the necessary tools and configurations in place.

First, we’ll need to create a requirements.txt file containing all the Python packages used in our project. We can easily generate this file using the pip freeze command.

pip freeze > requirements.txt
Next, we’ll set up static files using Whitenoise, a handy Django middleware for serving static files efficiently.

pip install whitenoise
Once installed, we’ll integrate Whitenoise into our Django project by adding it to the middleware list and configuring static file settings.

# settings.py
MIDDLEWARE = [
    ...
    "whitenoise.middleware.WhiteNoiseMiddleware",
    ...
]
STATIC_URL = '/static/'
STATIC_ROOT = BASE_DIR / "staticfiles"
STATICFILES_DIRS = [
    os.path.join(BASE_DIR, 'static'),
]
STATICFILES_STORAGE = "whitenoise.storage.CompressedManifestStaticFilesStorage"

With static files set up, let’s move on to deploying our project on a VPS.

Deploying on VPS:

SSH into Your Server: First, SSH into your VPS by running:
ssh username@server_ip_address

Update & Upgrade Server:

sudo apt-get update sudo apt-get upgrade

Install Python & Pip:

sudo apt install python3 sudo apt install python3-pip

Create & Activate Virtual Environment:

virtualenv /opt/myproject source /opt/myproject/bin/activate

Clone Repository onto server:

cd /opt/myproject mkdir myproject cd myproject git clone repo-url

Install Requirements (if any):

cd repo-name pip install -r requirements.txt pip install gunicorn

Nginx Configuration:

Install Nginx and configure it to serve your Django app:

sudo apt install nginx sudo nano /etc/nginx/sites-available/myproject
Add the following configuration:

server {
    listen 80;
    server_name yourip;

    access_log /var/log/nginx/website-name.log;

    location /static/ {
        alias /opt/myproject/myproject/path-to-static-files/;
    }

    location / {
        proxy_pass http://127.0.0.1:8000;
        proxy_set_header X-Forwarded-Host $server_name;
        proxy_set_header X-Real-IP $remote_addr;
        add_header P3P 'CP="ALLDSP COR PSAa PSDa OURNOR ONL UNI COM NAV"';
    }
}

Set up a symbolic link and restart Nginx:

cd /etc/nginx/sites-enabled sudo ln -s ../sites-available/myproject sudo service nginx restart

Testing Configuration:

Test your Nginx configuration and adjust the firewall settings:

sudo nginx -t sudo ufw allow 8000 sudo service nginx restart
Now, run Gunicorn and visit your project on your server’s IP address:

gunicorn --bind 0.0.0.0:8000 project_name.wsgi
With your Django app successfully deployed on your VPS, you’re one step closer to making it accessible to the world. But wait, there’s more!

Connecting a Domain:

To connect your project to a custom domain, follow these steps:

Open your domain registrar and navigate to the DNS settings for your domain.
Add an A record with the name “@” pointing to your server’s IP address.
Update your Nginx configuration to include your domain name.
Restart Nginx and wait for DNS changes to propagate.

Securing with SSL:

Installing SSL Certificates with Let’s Encrypt:

Securing your website with SSL certificates is crucial for ensuring encrypted communication between your server and your users’ browsers. Let’s Encrypt provides free SSL certificates, making it accessible for everyone to enable HTTPS on their websites.

Here’s how you can install SSL certificates on your VPS using Let’s Encrypt:

Install Certbot: sudo apt install certbot sudo apt install python3-certbot-nginx
Obtain SSL Certificates:

Run Certbot with the --nginx option and specify your domain name(s) to obtain SSL certificates. Replace your_domain.com with your actual domain name.

sudo certbot --nginx -d your_domain.com

Verify Configuration:

sudo nginx -t

Reload Nginx:

sudo systemctl reload nginx
By following these steps, you’ll have successfully installed SSL certificates on your VPS using Let’s Encrypt, enabling secure HTTPS connections for your Django web application.

Background Process with Gunicorn:

Additionally, if you want to run Gunicorn in the background to keep your Django application running even after you log out of your SSH session, you can use the nohup command followed by & to run Gunicorn as a background process. This ensures that your application remains accessible even when you're not actively managing it.

Here’s how you can run Gunicorn in the background:

Run Gunicorn:
Navigate to your Django project directory and run Gunicorn with the appropriate bind address and port.

cd /opt/myproject/myproject/repo-name nohup gunicorn --bind 0.0.0.0:8000 project_name.wsgi &

Check Process Status:

To verify that Gunicorn is running in the background, you can use the ps command to list all processes and grep for gunicorn.

ps aux | grep gunicorn

Stop Gunicorn Process:

If you ever need to stop the Gunicorn process running in the background, you can use the pkill command followed by gunicorn.

pkill gunicorn
Congratulations! Your Django web app is now deployed on a VPS with SSL encryption, ready to handle secure connections from users across the globe.

Conclusion:

In this tutorial, we’ve covered the entire deployment process, from setting up prerequisites to securing your site with SSL certificates. By following these steps, you can confidently deploy your Django projects on a VPS and provide a secure and reliable experience to your users.

Happy deploying!