If you launch an instance from the official CentOS or RHEL 7.x AMI on AWS, you will be running kernel 3.1 as of this writing. That’s not a good idea. You can easily take advantage of improved security features of newer kernels that are already available in a stable release. The renowned Linux kernel maintainer Greg Kroah-Hartman released the Linux Kernel 4.14.15, which includes important fixes for Spectre & Meltdown. Here is how to update your Linux kernel from 3.1 to 4.16 in place.
A secondary IP per EC2 instance running in a VPC has several advantages. It allows you to use more than one SSL certificate for your web server.
Assigning a secondary IP to an EC2 instance in a VPC is easy when you know how to get started. Here are some useful resources:
The AWS Command Line Interface (CLI) is a set of tools AWS provides to allow you to administer your AWS cloud infrastructure and other services in the command line on Windows, Mac and Linux. Installing them is quick and easy. Here is a quick guide to get you started.
In order to figure out how many days your letsencrypt certificates have left, you could check an online services such as:
However, that won’t work for a mail server that’s not also running a web server using the same certificate.
In this case, your best bet is to check the certificate file directly using the openssl command as follows:
openssl x509 -noout -dates -in /etc/letsencrypt/live/smtp.yourmailserverdomainname.com/cert.pem
Your users want to access a web server instance as a staging or production environment for DevOps… They want access to the web server document root of the sites they manage. Your job is to maintain the integrity of the whole system in terms of cyber security.
If you happen to be running a web server on Linux—for example in EC2 on Amazon AWS—and need to provide site owners remote access in a secure and responsible manner, here is how to do it.