Millcreek Systems, Inc.

Amazon AWS reduces prices again!

Michael Jensen — Fri, 01 Feb 2013 15:09:41 +0000

Amazon has reduced their AWS prices again. Hourly instances have been reduced by anywhere from 2% to 30% depending on the instance type and location. Outbound bandwidth prices have been reduced anywhere from 26% to 83% depending on the location you’re using.
You can see read their announcement for all of the details.

Amazon Lowers S3 pricing

Michael Jensen — Tue, 07 Feb 2012 12:08:34 +0000

It seems like Amazon is always giving you more bang for your buck. Today, they reduced S3 pricing. Here is how they’re changing effective Feb. 1:

Old New
First 1TB $0.140 $0.125
Next 49TB $0.125 $0.110
Next 450TB $0.110 $0.095
Next 500TB $0.095 $0.090
Next 4000TB $0.080 $0.080 (no change)
Over 5000TB $0.055 $0.055 (no change)

Here is where you can get full Amazon S3 price details for all regions.

Amazon AWS announces Support for DynamoDB

Michael Jensen — Wed, 18 Jan 2012 13:05:06 +0000

I logged into one of my AWS accounts this morning and what did I see? A brand new feature staring at me!

As it says, DynamoDB is a “Fast, Predictable, Highly-Scalable NoSQL Data Store” Which really means a highly available key-value store. Amazon has been using DynamoDB for the underlying storage technology for core parts of amazon.com for years.

Here’s Amazon’s page on DynamoDB.

You can read more technical details about DynamoDB here – http://www.allthingsdistributed.com/2007/10/amazons_dynamo.html

How to configure your Postfix server to relay email through Amazon Simple Email Service (SES)

Michael Jensen — Wed, 14 Dec 2011 18:30:51 +0000

Amazon recently announced SMTP Support for the Amazon Simple Email Service (SES) which is very cool. Now you can configure your server to send email through it regardless of what platform your site is built in (my previous post was only relevant to PHP servers) There are 3 main things you need to do to configure your Postfix server to relay email through SES: Verify a sender email address, create an IAM user for SMTP and configure your server to use SES.

Verify a sender email address

In the SES section of the AWS Management Console, click on “Verified Senders”:
Then click on the “Verify a New Sender” button:
Enter the Sender’s Email Address and click “Submit”:
Then you’ll see the confirmation message:
Go to that email account and click on the link Amazon will email to you to confirm the address.

Create IAM Credentials

In the SES section of the AWS Management Console, click on “SMTP Settings”:
Click on the button “Create My SMTP Credentials”:
Choose a User Name and click “Create”:
Save the SMTP Username and SMTP Password that are displayed . We’ll need them when we’re configuring the server.

Configure the server

Now for the fun part. Here I assume you’re running Postfix as the MTA on your server.

Install stunnel:
apt-get install stunnel
Add these lines to /etc/stunnel/stunnel.conf and make sure it starts properly (you may have to edit /etc/default/stunnel so that it starts automatically on boot):
[smtp-tls-wrapper] accept = 127.0.0.1:1125 client = yes connect = email-smtp.us-east-1.amazonaws.com:465
Add this line to /etc/postfix/sender_dependent_relayhost:
somesender@millcreeksys.com 127.0.0.1:1125
Generate the hashfile with this command:
postmap /etc/postfix/sender_dependent_relayhost
Add this line to /etc/postfix/password:
127.0.0.1:1125 :
Fix the permissions on /etc/postfix/password
chown root:root /etc/postfix/password chmod 600 /etc/postfix/password
Generate the hashfile with this command:
postmap /etc/postfix/password
Add these lines to /etc/postfix/main.cf:
sender_dependent_relayhost_maps = hash:/etc/postfix/sender_dependent_relayhost smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/password smtp_sasl_security_options =
Load the new configuration with this command:
postfix reload

Additional Notes

After setting it up, look closely at the mail logs on your server to verify that they are being delivered properly. As I found through testing, in certain misconfigurations your email will not be delivered and will not remain in the queue on the server. The mail logs are the only place that will indicate that delivery is failing.

If you need to add other senders in the future, edit /etc/postfix/sender_dependent_relayhost accordingly then run:
postmap /etc/postfix/sender_dependent_relayhost postfix reload

The reason for using sender_dependent_relayhost is because you want to specify what email gets sent through SES. If you try to send all email from the server through SES, you’ll probably have some end up going into a black hole. When I was testing this previous to using sender_dependent_relayhost, I didn’t have my root@ email address verified and so emails ended up bouncing back, then bouncing into oblivion never to be seen again (because it would try to relay email to root@ through SES too.)

http://www.millcreeksys.com/how-to-configure-your-postfix-server-to-relay-email-through-amazon-simple-email-service-ses/

Quick programming tip for servers behind load balancers

Michael Jensen — Fri, 28 Oct 2011 16:31:48 +0000

If you’re using PHP and wanting to check to make sure the incoming connections came over HTTPS, you are probably using the $_SERVER['HTTPS'] variable.

The problem is, if your servers are behind a load balancer which handles SSL encryption for you, this method of checking won’t work. Fortunately, there are other headers added by the load balancer you can use to detect SSL. They are the X-Forwarded-* headers.

For example:
$headers["X-Forwarded-For"] == 123.45.67.89 (because $_SERVER['REMOTE_ADDR'] is going to give you the load balancer’s IP address)
$headers["X-Forwarded-Port"] == 443
$headers["X-Forwarded-Proto"] == https

These headers should work with all loadbalancers, including Amazon’s ELB on EC2.

Server maintenance tonight

Michael Jensen — Fri, 25 Feb 2011 16:42:34 +0000

I’ll be performing maintenance on servers Tonight (Feb. 25) between 10pm and midnight (Mountain Time.) Many servers will require a reboot due to an OpenSSL kernel update. Other updates will be applied, but more detail on the OpenSSL vulnerability can be found here.

The maximum expected downtime for each server is only a few minutes. Please email me if you have concerns or questions.

Server maintenance tomorrow

Michael Jensen — Thu, 03 Feb 2011 20:42:17 +0000

I’ll be performing maintenance on servers this Friday night (Feb. 4) between 10pm and midnight (Mountain Time.) Many servers will require a reboot due to a kernel update. The maximum expected downtime for each server is only a few minutes. Please email me if you have concerns or questions.

Get up and running quickly with Amazon SES on your php website

Michael Jensen — Fri, 28 Jan 2011 18:16:47 +0000

Note: if you want to setup SES in a way that scales much better and functions even with non-PHP sites, please read this more recent HowTo: How to configure your Postfix server to relay email through Amazon Simple Email Service (SES)

Here’s how you can start using Amazon’s new SES (Simple Email Service) without having to actually implement it in the php of your website:

Download Amazon’s SES scripts from here

Extract the files and create a new one named “aws-credentials” with your key data in it; for example:

AWSAccessKeyId=022QF06E7MXBSH9DHM02 AWSSecretKey=kWcrlUX5JEDGM/LtmEENI/aVmYvHNif5zB+d9+ct

Verify an email address to use with SES

./ses-verify-email-address.pl -k ./aws-credentials -v someaddress@yourdomain.com

Check the email account for the address you’re verifying and click on the provided link.

Send a test email:

echo "This is only a test." | ./ses-send-email.pl -k ./aws-credentials -s "test subject for email" -f someaddress@yourdomain.com someaddress@yourdomain.com(Note – Until you receive production access to Amazon SES, you can only send to addresses you have verified. You can request production access here.)

Edit the sendmail_path config in your php.ini as follows:

sendmail_path = /path/to/ses-send-email.pl -k /path/to/aws-credentials -f someaddress@yourdomain.com -r

Restart/reload Apache and that’s it!

(Additional notes – The “From” address you set in your php.ini file will override any mail headers you set in php. Sending will fail if you try to set the “From” header to an unverified address or when setting the “Reply-To” header at all in php.)

Facebook offers HTTPS option

Michael Jensen — Wed, 26 Jan 2011 16:42:47 +0000

It took a bit longer than I expected, but Facebook now offers the option for HTTPS all of the time. You can read the full details here:

http://blog.facebook.com/blog.php?post=486790652130

Facebook has finally made the change, are you protecting your users?

Update your website directly from your git repository

Michael Jensen — Tue, 21 Dec 2010 16:31:09 +0000

Here is a php script you can use to update your website from your git repository. You can pass 2 parameters to it:

“r” – revision you want checked out from git (r=head works also)
“l” – number of log entries you want to view

For example, if I was running it on this site here is what each URL would do:

/gitpull.php – show current status and last 3 log entries (make no changes)
/gitpull.php?l=15 – show current status and last 15 log entries (make no changes)
/gitpull.php?r=f54f676 – Checkout f54f676 version, show the last 3 log entries
/gitpull.php?r=head&l=20 – Checkout HEAD version, show the last 20 log entries

You need to make sure that the directory structure is owned by the HTTP daemon user (so that the files can be updated.) It is best to run it initially from the command line as that user on the server to make sure everything is working properly.

One word of caution; you should restrict access to who can run this script (maybe with HTTP-Auth over HTTPS) because the script isn’t perfect and you don’t want to let anyone make changes to your site. There are also certain security risks that are increased when you have your website files owned by the webserver user. It is recommended that you only use this script in a protected environment.

/gitpull.php – show current status and last 3 log entries (make no changes)