Would implementing a CDN involve moving images and changing path names? - cdn

I'm just learning about CDNs, so please forgive if this is a dumb question.
Would implementing a CDN involve moving images and changing paths?

Yes a CDN (Content Delivery Network) is at it basis nothing more that a set of webservers.
If you want to host files on a CDN you must copy your files to the CDN servers and then use the full CDN address that points to those files on those servers on your own webpage.

You can use a CDN on the same server but different URI. For instance, having your page in: www.example.com with cdn: cdn.example.com (with cdn.example.com as a vhost alias) should be faster then getting all data only from www.example.com, i think it's because of the number of http connections related to the address.
Of course it's best if you have it in another server, in this case you have to copy everything.

Not necessarily. You can use a service such as CloudFlare which requires only a modification of some of your DNS settings. In short, the service determines which files being served are static, and caches those in its network, generally reducing overall traffic to your servers. You also get the benefit of any geographical distribution the service provides that your own hosting service might not.

Related

Is there a distributed web hosting platform that allows for custom nginx configs?

I've got a static site I'd like to host in a distributed fashion (i.e. on cloudflare). The one restriction I have is I need the exact same response regardless of the path. I.e. /foo returns the same html response as /. Is there a distributed hosting provider out there for static pages that can accomplish that? Right now I've got a custom nginx config on a vps which works fine, but I'd prefer having a distributed host for latency reasons.
You can do this very easily with Cloudflare rewrite rules -
https://developers.cloudflare.com/rules/transform/url-rewrite/create-dashboard

How can I have a AWS subdomain website point to another EC2 instance which hosts wordpress?

Here is the situation:
I have a static website hosted by AWS S3(www.mysite.com), however, I want to also attach a blog to a sub-path with in my domain (www.mysite.com/blog) which uses wordpress on an EC2 instance.
How would I go about it?
Yes, this can be done, but you need to understand why the solution works the way it does.
A domain name points to a single logical endpoint, which handles all requests for the domain. If certain paths are handled by one system and other paths are handled by another one, then a single system must be in charge of routing those requests, and routing them through itself.
You cannot configure how paths are handled using DNS.
In my answer to Can I use CloudFront to serve a WordPress blog from the same domain, but a different server? (at Server Fault), I gave an overview of how this can be done in an AWS-centric solution. CloudFront, in addition to providing caching, is a reverse proxy, and that's fundamentally what you need, here: a reverse proxy to examine each request and select the correct back-end server. There are other solutions, such as using HAProxy in EC2 to handle request routing but they are more complex and may not perform as well in all cases.
You configure a CloudFront distribution with two origin servers (your bucket's web site endpoint and the Wordpress server), and use two cache behaviors so that /blog* goes to Wordpress and everything else goes to the bucket. Then you configure your domain name as an alternate domain name on the CloudFront distribution, and point your domain name to CloudFront in DNS.
The slightly tricky part here is that the wordpress site must be rooted at /blog and not at / because CloudFront will actually send the /blog (at the beginning of the path) to the WP machine, so it needs to expect that. CloudFront uses the path prefix to select the origin server (by finding the matching cache behavior for that path), but it can't remove the path prefix.¹
Wordpress is not my specialty, the this appears to require some WP configuration changes that appear to be fairly straightforward.
¹ CloudFront can't remove the path prefix. This will change when Lambda#Edge launches, which is an integration of CloudFront and Lambda functions, allowing server-side examination and manipulation of request and response headers from within the CloudFront infrastructure, but even when that is a available, it will still be advisable to configure WP to not be at the root, for simplicity.
By a different subdomain, I'm assuming that you want the blog to be at blog.mysite.com. I think that is the only way to go (you cannot use a /blog but will have to use a subdomain). In that case, following steps should work:
Create an Elastic IP and attach it to the EC2 instance
Configure the EC2 WP instance to respond to blog.mysite.com
In the DNS provider of www.mysite.com, point the A record of blog to point to the Elastic IP of the EC2 instance

How to safegaurd AWS EC2 node based website from Spam and DDOS?

We have a website deployed on AWS EC2 running on ubuntu,Apache, MYSQL. We have been getting continous requestes from below IP
"195.154.105.219"
"88.150.242.243". Requesting for xmlrpc.php file using POST method. As a result our website has become really slow and our clients work has been effected. As of now we have blocked these IP values by dropping them from iptables. We would like to know how to safegaurd our site from any future attacks like this.
The question is very general, and depending to your application's requirements, your budget and other factors, there are several techniques you can use, separately or together to mitigate DDOS and SPAM attacks.
Use Auto Scaling and an Elastic Load Balancer, to let AWS scale your infrastructure depending on traffic : http://aws.amazon.com/autoscaling/
Use S3 to serve static content. S3 is designed is scaling automatically for incoming traffic. All content served by S3 directly allows to offload your EC2 based web server : http://aws.amazon.com/s3/
Use CloudFront to distribute and server your content from AWS' edge location. This mitigates DDOS by distributing attackers' request to the network of edge locations instead of sending the traffic to your web server : http://aws.amazon.com/cloudfront/
All these three options have a cost associated, be sure to understand the pricing structure before deciding to implement any of these.
If you have a relatively short and stable list of IP addresses you want to block, you can customise either your EC2 instance's Security Group (http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_SecurityGroups.html) either your VPC Subnet ACL (http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_ACLs.html) to deny traffic from these IP addresses. This approach is not very scalable and, most of the time, you will play a mouse / cat game trying to catchup with whatever new addresses are used by your attackers
Last but not least, using plain old Apache configuration to block certain URL or restrict access to these by IP Addresses is very effective too (http://httpd.apache.org/docs/current/en/mod/mod_authz_core.html#require and File Directive)
Last but not least, I would encourage everyone to watch this re:invent talk about DDOS resiliency for AWS : https://www.youtube.com/watch?v=V7vTPlV8P3U)
Seb
xmlrpc.php is from wordpress. install the Disable xmlrpc pingback plugin, or better yet , in the wordpress site. .htaccess , deny xmlrpc.php file ;). that will fix it. Also checkup the wp-admin/scripts for any wierd script or just . find /var/www/ -type f -mtime -10 , to find the latest modified files.. check for any wierd php script..

Apache configuration to present multiple local-only http sites as a single public https site

I'm sure there's a simple solution - but I've banged my head against Apache documentation for what seems like forever... perhaps someone can give me a hint?
On a LAN, I've multiple websites (which, we should assume, have opaque implementations) each operating under a separate domain... and these work just fine.
I want to expose these websites over https, but I only have access to a single suitable IP address - making it desirable to map an /app1/ path to the internal site with an app1 hostname - and a path of /app2/ to the internal site with an app2 hostname - and this is my objective.
I've tried playing with "Apache Module mod_proxy" - and I've tried various combinations of ProxyPass, ProxyPassReverse and sections - all with the same problem. The site at http://app1.example.com/ contains pages that make references to uris of the form "/submit.php" and "/base.css" - which work relative to the multiple http site scheme - but are wrong in the public https scheme where there needs to be multiple roots - identified by the prefix of the path in the public URI.
What's the best way to go about ensuring these URIs are translated properly? Is mod_proxy appropriate for this sort of task?
You need SNI, server name identification.
What you want to achieve can't be achieve by a web server on its own, it needs the client to be nice and start the encrypted session only after it has sent the domain name, otherwise, it is not possible.
Here is a tutorial, techrepublic, good luck.
In case it helps other people...
My eventual solution was to use mod_proxy to bounce requests from the SSL server to my internal servers... but, for various reasons, it turns out to be far easier to translate the URI in a separate stage where the internal servers are hosted. I used mod_rewrite to strip the path prefix - and it works charmingly.
It is a pity that there is no obvious way to do this in the configuration of the SSL server (please correct me if I've just overlooked it) and I wasted a lot of time pursuing mod_html_proxy - which was rather strict about the html it would translate. In any case, it is preferable to translate the selected URIs in Apache than to get Apache to translate entire documents.

How does a URL qualify to be called a CDN

I would like to build my own Content Distrobution Network and I have come across a blog post showing how to do it with one of Google's services. But I can't understand it. Here's a few more questions.
Are images hosted in Flickr considered to be "in a CDN"?
If I create a subdomain within my domain, put directories for files in there, and link from my site to that subdomain, is that considered a CDN?
from wikipedia:
A content delivery network or content distribution network (CDN) is a system of computers containing copies of data, placed at various points in a network so as to maximize bandwidth for access to the data from clients throughout the network. A client accesses a copy of the data near to the client, as opposed to all clients accessing the same central server so as to avoid bottleneck near that server.
I suppose that once you replicate content across some computers around the world, any url should be fine.
A content distrobution network (CDN) is not just another place on your website. A CDN is a way of distributing content to different geographical/network locations.
CDNs receive requests based on DNS redirection at the client ISP's side of the request.

Resources