Why I Love the New Offering From Amazon Web Services – EFS

Here is the full description directly from Amazon EFS:

Amazon Elastic File System (Amazon EFS) provides simple, scalable file storage for use with Amazon EC2 instances in the AWS Cloud. Amazon EFS is easy to use and offers a simple interface that allows you to create and configure file systems quickly and easily. With Amazon EFS, storage capacity is elastic, growing and shrinking automatically as you add and remove files, so your applications have the storage they need, when they need it.

What Is Amazon Elastic File System?

Let’s say you want the ability to start new instances to handle a traffic spike on your web application. You have to make sure the new instance will have the updated version of every file created on your web applications and that everything will stay in sync. Ex: images, cache, etc. To do so, you are probably using a solution such as NAS storage or GlusterFS. They both work great but for every new instance, you’ll need to edit your security settings to allow access to the newly created instance. It’s a bother. Not anymore with Amazon EFS.

Amazon allows you to create a EFS instance and mount it on every instance in your security group. The storage space grows without any action from you. No more downtime to allow us to grow our storage space. Amazon also takes care of the reliability of the EFS system.

How to Setup a Highly Available System?

Let’s say you have a website called example.com. It runs on Nginx with MySQL as a database and WordPress for a CMS. Here is how I would set it up to make sure everything is highly reliable. In this example, I am using Amazon products but you could probably get it done with other products such as Google Cloud, DNS Made Easy, etc. You get the idea.

  1. I setup a Amazon Aurora database server with replication to make sure it is highly available.
  2. I use Amazon Route 53 to point example.com DNS to my Load Balancer from Amazon. No more DNS failure!
  3. I create the load balancer who will point toward my target instance group. When I create an instance, I just need to tell the target group to add the new instance and everything is taking care of.
  4. I create the new instance with the AMI I took from my full customized server. Once this is done, you can easily start new instances with EFS, Nginx, etc already installed on it. You don’t even have to SSH into the new instance. Just start or terminate it and everything will adjust itself.

How to Setup Default AMI Instance for Fast Deployment?

  1. Launch a new instance with the default Amazon AMI 64 bit. It works great and it’s really reliable.
  2. Install Nginx, PHP7-FPM
  3. Mount Amazon EFS partition with /etc/fstab to make sure that when a machine reboot, it automatically mount EFS.
  4. Store all your website and configuration files in the EFS partition. How I did it: I mounted EFS in the folder “/efs”. In it you can find the “nginx.conf” so that I can manage Nginx server blocks on all my instances at once. The wordpress files and cache also are there so that every new instance has the last versions of the website and that every server stay in sync when changes occur.
  5. Make sure to setup your primary services such as PHP and Nginx start at boot so that everything will work when starting up. Use a command such as “chkconfig nginx on”
  6. Create a AMI Image of the instance once it’s completely customized and working. This image will be the default AMI from which you will start new servers from.


Now, when you get a warning of resources getting scarce on your web infrastructure, just launch a new Amazon EC2 instance with the customized AMI with EFS and add it to your load balancer target group. There you go, you can now easily create or terminate EC2 instances to your liking without having to worry about files and database integrity.

In the future, you can even add CloudFront as a CDN to speed things up. Amazon WAF is also a good solution for those of you who want to handle DDoS attack and common vulnerability such as SQL Injection, etc.

Quick Solution for: PHP Can’t Connect to MySQL for Whatever Reason.

This will be a short article for today. I just wanted to share a quick solution to a problem I ran into with Compute Engine Instance from Google Cloud. I never had this problem before on my other providers like Amazon AWS, Linode, DigitalOcean, etc.

I started a Cloud SQL instance to host my WordPress’s MySQL database. I made sure to authorize access to it from my NGINX server IP but for whatever reason, I just couldn’t connect to it from WordPress. It drove me mad.

The first thing I checked is that I had installed the “php-mysql” module so that php could effectively connect to a mysql server. Everything was installed and running smoothly. What leads me to the answer was that my Nginx server could connect to a localhost MySQL server but not a remote one. When trying to connect WordPress to a remote SQL server, I kept getting the error:

Could not connect: Can't connect to MySQL server on 'REMOTE_SERVER_IP' (13)

Here Is How to Fix Error 13 Php-Mysql

Make sure the module “php-mysql” is installed on your machine. On Centos 6, the command is as followed:

yum install php-mysql

If it is installed and it’s still not connecting, try enabling your HTTP server to connect to a remote machine in SELinux with the command:

setsebool httpd_can_network_connect=1

This command is for Centos 6. Google Cloud is the first provider I had to do this to make it work. The theory is that with the setting set to 0, your instance cannot attack other machines in the network, etc.

For more information, check out : Stack Overflow

Why I Switched From Office 365 to G Suite for Email

I was always a big user of Google products. I like how easy and light they are to use but when you work for big businesses, you will probably end up using Microsoft Word, Excel and Outlook. Why? Because it works better for office work.

I have tried using Google Sheet and Google Document but it’s just not the same. It doesn’t have all the functionality I am used to having with Microsoft Office.

I would only recommend using Google Document and Sheet for very light use and face it, the people you will work with are probably using Office so there may be compatibility issues to also take into consideration. I don’t know for you but when I am sending a spreadsheet to one of my clients, I want to make sure that it works just as I designed it. I became weary of calls saying, “Hey Simon, I don’t know what is going on but your spreadsheet doesn’t seem to work for us. What is going on?”

What I Love About G Suite

Google Mail works great. It’s light and simple to use. Outlook on another hand is slow and bulky. There is no doubt that the majority of my clients send me emails with Outlook/Exchange/Office 365 accounts but there isn’t as much a difference or compatibility issues as for Excel and Word so when it comes to email, I am keeping Gmail. 😉

The Search Function of G Suite

Sometimes, I have to find files sent to me by my colleagues and because of my lack organization, all that I can rely on to find those files is the search function given to me by my provider. This is where Google destroys Microsoft in such a major way. If you ever tried to find a file on Google Drive v. Microsoft OneDrive, you know what I mean.

With just a few keywords that I could remember of the top of my head, Google always find my files and email, no matter what. It’s like a mind reader. Awesome. Microsoft, not so much. I don’t know if it’s because it doesn’t index files and email like Google or what but it’s a lot harder to find something. Most of the time, I just end up going through the list of files by date and scrolling down until what I am looking for appear. A very tedious task, let me tell you.

Conclusion: Why Not Choose Both?

After some deliberation, I decided to go for both. Why bother choosing one over the other, when it ends up costing me the same price? I will take the good from Microsoft AND Google.

Microsoft: I took the Office 365 Business package that comes with all the applications for my desktop but with no email. Price? 10$ a month.

Google: It comes with all the function for just 5$ a month. I mostly wanted the email service but why not enjoy the 30 GB of storage, etc.

I have been using this solution for a few months now and I am very happy with my choice. I have been using Gmail, Excel extensively without any problem so far.

Find Missing’s Files in Google Drive

I ran into a  problem recently for one of my clients. When he went into his Google Drive, he knew he had certain files but they wouldn’t appear in “My Drive”. He thought that they were deleted by a colleague or something. Let’s just say he wasn’t a very happy camper.

While checking it out, I figured out that the files were still there but it wasn’t showing up in his folder because the files were missing a “location”. The files were still listing the client as the owner. Google calls those files, “orphaned files”. It’s basically a file that you still own but is no longer showing up in your Google Drive because you deleted the main directory where it was residing.

How to figure out if you have missing/orphaned files

Just go into your Google Drive Online and search for the terms “is:unorganized owner:me” or click this link who does the same thing for you: search for orphaned files.

Google will list all the files that you own but you can’t access because they no longer have a parent directory. Just do like I did: select them all and move them into a newly created folder called “Recovered”. You may want to organize them afterward. There you go, you should have your missing folders back. Enjoy!

Here is Google’s article about missing files and folders: Find orphaned files.

Secure Your Website EASY With NGINX, Centos and HTTPS

If you have a shopping website or anything that process transactions, you probably already know the importance of adding an SSL certificate to your website but we will now cover the subject of how to install them yourself and the basic configuration to make them airtight.

The advantage of an SSL certificate correctly installed is that once it’s there, it much harder for someone to intercept the data transmitted between yourself and the website you are visiting. Ex: Web forms, credit card transaction, etc. With prices as low as 10$ a year for a simple certificate, there is no real reason not to add a layer of security for your user.

In this blog post, I will cover the method I used to install PositiveSSL from Comodo sold by Namecheap on a VPS with Centos 6 and NGINX. All for the price of 10$ a year.

1. Order your SSL Certificate from your provider

Once you ordered the certificate, you will be prompted by the company to provide them a .CSR so that they can issue you the proper files. Here is how you can get the .CSR;

Go into your server with SSH. Change into the directory you wish to have the certificate installed in and issue the command to generate the .CSR(the file your ssl certificate provider want) and .KEY(security key you will need to secure your website) file. The commands:

# Go to the directory who will store your Certificate. Your choice!

cd /etc/nginx

# Generate the .CSR and . KEY

openssl req -new -newkey rsa:2048 -nodes -keyout yourdomain.com.key -out yourdomain.com.csr

Once you execute the last command, you will be prompted to answer several questions about your website’s organization. The only important question is the one about “Common Name”. Input the URL of the website you wish to install the certificate on. Ex: “youdomain.com”. If you bought a Wildcard SSL, make sure you input the domain as follows “*.youdomain.com” otherwise it won’t be valid.

Congratulations, you now have created 2 file into the directory “/etc/nginx”. One is your .CSR file which you can send to your SSL Provider so that they can issue you the proper files and one that is the .KEY file which you will need in order to install your certificate.

2. Prepare the .CRT file

I will assume that you just received by email the proper .CRT files after submitting your .CSR and paying for the SSL. Now, to make it work with NGINX on your server, you need to create a .CRT file on your server and copy/paste all the content of each file your provider sent you inside of it. Normally, it’s the certificate for your domain + the intermediate CA .CRT. Ex: *yourdomain.com*.crt + *yourdomain.com*.ca-bundle.

# Create the .CRT file in the same folder as the .KEY file

nano yourdomain.com.crt

# Copy and paste the content of the files sent by your SSL provider.

When it’s done, just save the file.

3. Enable SSL on your domain

Now that we have the certificate ready and installed, the only thing left to do is to tell NGINX which domain to encrypt and where are the key/crt. To do so, just edit the server block of yourdomain.com inside your NGINX.conf.

# Add this server block so that you can redirect non-https connection for www and non-www to HTTPS

server {
    listen 80;
    server_name  yourdomain.com www.yourdomain.com;
    return 301 https://yourdomain.com$request_uri;

# This server block redirect HTTPS connection with www.yourdomain.com to HTTPS without www

server {
    listen 443 ssl http2;

    server_name www.yourdomain.com;

    # This is where we say to NGINX where we saved our SSL Certificat

    ssl_certificate /etc/nginx/yourdomain.com.crt;
    ssl_certificate_key /etc/nginx/yourdomain.com.key;
    return 301 https://yourdomain.com$request_uri;

# This is the main server block. yourdomain.com without www and HTTPS secure.

server {

    listen 443 ssl http2;

    # The connection is SSL secure with HTTP2 and only Modern Ciphers allowed.


    ssl_prefer_server_ciphers on;

    # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
    add_header Strict-Transport-Security max-age=15768000;

    # OCSP Stapling ---
    # fetch OCSP records from URL in ssl_certificate and cache them
    ssl_stapling on;
    ssl_stapling_verify on;

    ssl_session_cache shared:SSL:10m;
    ssl_buffer_size 4k;
    ssl_session_timeout 10m;

    server_name yourdomain.com;

    root /usr/share/nginx/html/yourdomain.com;

    index index.html index.htm index.php;

    # This is where we say to NGINX where we saved our SSL Certificate 
    ssl_certificate /etc/nginx/yourdomain.com.crt;
    ssl_certificate_key /etc/nginx/yourdomain.com.key;

    ########### The rest of your main server block config. Ex. WordPress, etc. ###########

4. Apply the changes

You just need to restart NGINX server and the changes will be applied. The command is:

# Before restarting NGINX, I like to test the config with the command:

nginx -t

# If it comes back with syntax OK, I proceed:

service nginx restart

5. Test your SSL Certificate

The first step is to go to your website URL and check if you have the HTTPS seal. Here is a picture:

If it’s working, you can also check the level of security your SSL Certificate is providing you with. To do so, check out these websites:

A Great Alternative to Putty and Terminal for SSH

If you are a sysadmin, you probably use Putty for Windows and Terminal for Mac to connect to your servers with SSH. Those are both great solutions but recently I started using Google Chrome app, Secure Shell. An application made by Google Team. You can add it to Chrome and it works great with Mac and PC which is why I started using it. It just works and you don’t have to install it in your machine. If you use the same Google Profile for your different device, it syncs. Here is a Screenshot:

Secure Shell Google App

Since I started using the app, I never went back to Putty or Terminal. You can check it out for yourself directly from the Chrome Store: https://chrome.google.com/webstore/detail/secure-shell/pnhechapfaindjhompbnflcldabbghjo?hl=en

The Official Description

Secure Shell is an xterm-compatible terminal emulator and stand-alone ssh client for Chrome. It uses Native-Client to connect directly to ssh servers without the need for external proxies.


Secure Shell from Google is probably one of the easiest and most useful tools for managing servers with SSH protocol. Enjoy!

The Easy Way to Manage Your Server Firewall

Tired of inserting your firewall rules by hand? Good news, you can use a Text User Interface to make it much easier and clearer. On Centos 6, it’s called “system-config-firewall-tui”. Here is a screenshot straight from the command line.


As you can see, you can easily add rules already configured by simply selecting trusted services in a drop-down list. System-config-firewall-tui is a Text User Interface to manage the preinstalled firewall called iptables on your system. Here is how to use it:

1. Install the interface for the firewall

# This command install system-config-firewall and the dependency messagebus

yum install system-config-firewall messagebus

2. Start the service messagebus and make sure it start when the server reboot

# Start the messagenus service

service messagebus start

# Make sure the service messagebus start when the server reboot

chkconfig messagebus on

3. Now, you only need to execute the Text User Interface to manage the server’s firewall with this command:



You can now manage your server iptables firewall easily. Add ports and trusted services to iptables in just a few steps. Its perfect for people who aren’t familiarized with the default firewall for Centos 6.

How to install your own VPN with OpenVPN and Centos 6 the EASY way!

Recently, all we hear about is how the government, our ISP and hackers want to intercept our internet activity for nefarious reasons. With new regulations coming our way, I think it’s time to make to secure our internet connection so that our right to privacy stay intact. Most of you already use a VPN which is a great way to protect yourself but today I will show you how to use your own VPN. Why? Easy. You want to be in control of your VPN and be the only one with admin access to it. Also, if you are the only user, you will be sure to have crazy fast download speed and no throttling at peak hours.

How to Install OpenVPN on Centos 6 the Easy Way

1. Connect to the server you want to use as a VPN. I created a small and cheap VPS for 12$/year and connected to it with SSH. Works great!

2. Make sure the server is up to date with the commands:

# This command upgrade Centos 6

yum upgrade

# This command update Centos 6

yum update

3. Create a directory to download and install OpenVPN on your server

# Mkdir command is to create a directory. In this case, a folder called openvpn

mkdir openvpn

# cd allow us to change directory. Right inside the openvpn directory we create previously

cd openvpn

4. Install Wget

# Install wget to allow us to download the .rpm package from OpenVPN.net

yum install wget

5. Go to https://openvpn.net/index.php/access-server/download-openvpn-as-sw.html to get the latest version of OpenVPN for your Operating System. In my case: it’s Centos 6 for 64 bit. Copy the link.

6. Download OpenVPN on your server with the copied link.

wget http://swupdate.openvpn.org/as/openvpn-as-2.1.4-CentOS6.x86_64.rpm

7. Install the package you downloaded with wget.

# This command will install the OpenVPN package you just installed

rpm --install openvpn*

Once installed, you should receive a message informing you on how to manage your OpenVPN installation. It should look like this:

The Access Server has been successfully installed in /usr/local/openvpn_as
Configuration log file has been written to /usr/local/openvpn_as/init.log
Please enter “passwd openvpn” to set the initial
administrative password, then login as “openvpn” to continue
configuration here: https://your_server_ip:943/admin
To reconfigure manually, use the /usr/local/openvpn_as/bin/ovpn-init tool.

Access Server web UIs are available here:
Admin UI: https://your_server_ip:943/admin
Client UI: https://your_server_ip:943/

How to use OpenVPN

Now that OpenVPN is installed, you just need to install the client on your computer, cellphone, etc… To do so, make sure to change the password for the default user with OpenVPN. Here is how:

# The command passwd tell the system that you want to change the password for a user. In this case, openvpn(the default user).

passwd openvpn

You will be prompted to enter the new password for the user. Just input the password you want. Once its done, go to OpenVPN Client UI:


Input “openvpn” as the user and “the password your inserted above” as the password and you should be able to connect. Once there, just download the client for your device. It should look like this:

OpenVPN Download Page Client UI

Double-click the downloaded file and install it. You will be prompted for a user and password and that’s it. Just input the same login, password as above and you should be connected.

Testing Your Connection With OpenVPN

The best way to make sure you aren’t leaving flaws in your security is to test it out. You need to go check if your real IP and DNS are leaking. To do so, check out those websites:


If everything went well, you should now have a perfectly safe VPN who is controlled and used only by yourself. In the future, you might want to change the default encryption used by OpenVPN or install a dedicated SSL certificate who’s valid(not a self-signed one) but it’s not required.

Port to Open in Your Firewall

If you want to use OpenVPN, you have to open the right ports in your firewall otherwise it won’t work. The port to open are as follows:

# It allow us to connect to the Admin and Client UI

Port TCP 443 and 943 

# Default port for tunneling the traffic from our device

Port UDP 1194