Posts

Sementic versioning for dotnet application

Image
Sementic versioning for dotnet applicationVersioning application allows us to know which features are currently available in the environment where we deployed but when our application is composed by multiple webservers, it becomes tedious to maintain the versioning. On top of that with the dotnet core movement, management of versioning has changed. Today I will show a way to automate the versioning using Gitversion and how it can be used for dotnet core and dotnet framework. This post will be composed by 3 parts:Version assembliesSementic versioningGitversion1. Versioning assembliesIn dotnet, assemblies are versioned via the AssemblyInfo.cs file. This file contains the metadata used by the compiler to populate the information about the assembly like the title, the author, the copyrights and the version.
It is handle via attributes. Here is an example of an assembly info file:using System.Reflection; [assembly: AssemblyTitle("HelloWorld")] [assembly: AssemblyProduct("He…

Microsoft Project Orleans ClientBuilder and SiloBuilder

Microsoft Project Orleans ClientBuilder and SiloBuilderPrior 2.0.0 stable, we used to configure client and silo using ClientConfiguration and ClusterConfiguration. I was hard to understand how to configure those as many options were available. Moving forward to 2.0.0 stable, ClientConfiguration and ClusterConfiguration no longer exist! It has now been replaced by a ClientBuilder and a SiloBuilder (notice there is no cluster builder). The shift toward builders makes life easier to us to configure client and silo. Today I want to take the time to explain how the migration between beta 3 and stable can be done in three parts:Configure ClientBuilderConfigure SiloBuilder1. Configure the ClientBuilderA client needs to connect to a cluster. The only configuration needed for the client is therefore:the id of the clusterthe id of the servicewhere to find the clusterDuring beta this used to be configured in ClientConfiguration, it is now done using the ClientBuilder:IClusterClient client = new …

Hashicorp Vault behind IIS

Image
Hashicorp Vault behind IISLast week I talked about Hashicorp Vault and how it could be used to store secrets. Today I will continue on the same line and show how we can host Vault behind IIS and use what we learnt in the previous post to retrieve secrets from ASP.NET Core.Setup VaultRead secrets from Vault from ASP.NET Core1. Setup VaultVault is a webserver which comes with a complete API. In this example, we will show how to setup Vault and proxy calls from IIS to Vault.1.1 Boot VaultTo begin with, we can follow the same steps described in my previous post - Hashicorp Vault and how it could be used to store secrets. As a quick overview, here are the steps to be executed inside Windows Server:download Vaultcreate the config.hcl filerun the command vault.exe server -config=config.hclIn config.hcl, we configured Vault to listen on http://localhost:8200 so the next thing to do is to proxy calls from IIS to Vault process.1.2 Configure IIS to direct calls to Vault processWe assume that we …

Manage secrets with Hashicorp Vault

Manage secrets with Hashicorp VaultDuring development it is common to save local connection string in the code via setting files. But when it comes the time to deploy, hosted environments should not have their secrets persisted as plain text in the code.
Since those can’t be saved in the git repository, they have to be stored in a secure place where they can be managed easily, a vault. Hashicorp Vault is one of this software which allows us to store and retrieve secrets while providing a granular level of control over the secret accesses.
Today we will see the basic configuration of Hashicorp Vault to store and retrieve secrets using the Vault CLI. This post will be composed by four parts:Start VaultSave secretsCreate a role with a policyRetrieve secrets1. Start Vault1.1 Configure VaultHead to https://www.vaultproject.io/downloads.html and download the latest binaries of Vault then place it in a folder and add the folder to PATH.Before starting Vault we need to create a configuration,…

Let’s Encrypt for ASP.NET Core application on IIS

Image
Let’s Encrypt for ASP.NET Core application on IISFew weeks ago we saw how we could generate a SSL cert for free using a browser based ACME implementation. While doing that, we had some manual process for the verification to happen, either by changing the DNS settings or making a key available on an endpoint and at the end we were handling the key to upload it to our server. Today we will see how we can achieve that with an automated verification process and without manual handling of the secrets using IIS and win-acme.Register application on IISSetup SSL with win-acme1. Register application on IISASP.NET Core runs on top of Kestrel. Kestrel was designed to be fast and lightweight therefore does not have all the functionalities that other application servers provide like IIS, Apache or nginx. Therefore for Windows Server, it is recommended to place Kestrel behind IIS.
For example, one of the reason why is that only one application can listen to the HTTP port at a time on a machine. IIS…

Estimating cloud infrastructure cost

Estimating cloud infrastructure costFew weeks ago I was tasked to estimate a cloud architecture with limited requirements.
Today we will see the rules which can be followed in order to come up with a price tag. This post is composed by three parts:Defining the requirementsSolution needsPrice1. Defining RequirementsBefore starting any estimation, it is important to get at least one requirement. In this example we will invent a scenario, really close to what I had irl, whereby we would be setting up a Christmas tree website with the following requirements.The trees are put to sale accross the whole year in advanceWe have about 50k purchases where 80% happens from November to DecemberThe most important aspect to remember is that estimates are estimates. It will never be exact, even if it happens to be exact, we probably got lucky. The goal of the estimates are to evaluate the magnitude of the price of an infrastructure whether the infrastructure would cost $100, $1000, $10K or $1M monthl…

Remote PowerShell to Windows VM with WinRM

Image
Remote PowerShell to Windows VM with WinRMThe Remote Desktop Protocol is great to access remotely a Windows Server machine. It is great for actions requiring visual but for actions which can be taken from a PowerShell prompt within the server, it would be best to directly access to a remote PowerShell session from our local computer. Today we will see how we use the Windows Remote Management included in Windows Server to gain access to a remote PowerShell session and therefore manage our server from our local computer through PowerShell. This post is composed by four parts:Open ports on Network Security Group and open ports on VM firewallSetup the certificate for HTTPS communication with SSLConfigure WinRMConnect on remote session1. Open ports on Network Security Group and open ports on VM firewallFor Azure or AWS, on the security group, the port 5986 needs to be open. It is the port used by WinRM for a PowerShell remote connection over HTTPS.Next RDP to your VM and open the same port…