Mayank's questions

I need some help in nginx.conf. I need to protect resources starting from /devices using client certificate authentication. The other resources are over https but don't need client certificate.

I installed nginx on ubuntu 16.04 using repository. Then I create a file called dozee.conf inside /etc/nginx/conf.d/ and pasted the content from an serverfault Q&A (https://serverfault.com/a/721704/80340) and modified it as required.

The configuration inside dozee.conf looks like

server {
  listen       *:443 ssl;
  server_name localhost;

  ssl on;
  ssl_certificate         /etc/nginx/server.crt;
  ssl_certificate_key     /etc/nginx/server.key;
  ssl_client_certificate  /etc/nginx/ca.crt;

  ssl_verify_client on;

  location /device {
    proxy_pass          http://localhost:8080/device;
    proxy_read_timeout  90;
    #proxy_redirect      http://localhost/ $scheme://$host:$server_port/;
  }
}

server {
  listen       *:443 ssl;

  ssl on;
  ssl_certificate         /etc/nginx/server.crt;
  ssl_certificate_key     /etc/nginx/server.key;
  ssl_client_certificate  /etc/nginx/ca.crt;

  ssl_verify_client off;

  location / {
    proxy_pass          http://localhost:8080/;
    proxy_read_timeout  90;
    #proxy_redirect      http://localhost/ $scheme://$host:$server_port/;
  }
}

The issue I am facing here is that the behaviour of the nginx is dominated by second server block.

If I change ssl_verify_client off; in second server block to ssl_verify_client on; both the paths / & /device start asking client certificate.

If I keeps ssl_verify_client as off none of them needs a client certificate.

What I am doing wrong here?

I'm running XVM on my laptop. XVM has got FreeBSD installed with all the required ports to run APACHE/PHP.

I want this .vdi file to be imported into an EC2 instance.

• Is it possible to import a virtual OS to Amazon EC2?
• If yes, does it get all the libs installed and DBs created or just OS?
• Could somebody please share pointers/hints on how to do this!

Any help is much appreciated :)

I'm planning to host a website where in the first phase I would target 30,000 users. It is in php and runs on Apache server. I'm assuming 8,000 users can be online in worst case scenario and 1000 of them will be uploading photographs.

A photograph will be resized to around 1MB at client side and one HTTP request is uploading only one photograph.

My plan:

• 2 Small EC2 instances to run Apache httpd
• 2 Small EC2 instances to DB (Postgresql). I to write data and other its read replica.
• EBS volumes for DBs
• Last, Amazon S3 for uploaded photographs.

My question here

• Is Small EC2 instance more than what I require. I mean should I go for micro
• Is 8000 simultaneous user a right no. (to decide what EC2 instance to choose) for a new website
• Or should I go for Small instance so to make it capable of spikes

I'm planning to host a website. It would be a photo-sharing website. I'm trying to find out a server that I should buy to put the website online.

• The website is in Apache PHP.
• I'm assuming the number of users as 10,000 and 1000 are uploading the photos of average 1 MB.
• I'm assuming that this number, 10,000 will reach by the end of second year.
• I have multiple (5 to 7) DB servers(software) running and I'm planning to put all the DB's on one machine only. (Things do work for one user in laptop ;) )
• I'm using postgresql as my DB

Now, I'm looking for a (Dell T110 or R310 kinda) server that should be able to handle the HTTP requests properly. But I do not know

• Is 10,000 a big number of users, or if it may go more than expected
• Is it right decision to think of Buying a Server of my own instead of hosting it over a cloud or VPS
• Do I need to think of failover nodes, Load balancing for 10,000 users. (I'll keep a backup of DB and photos)

Please do let me know if question is very vague. I would be highly grateful if you could tell me the assumptions are totally dumb and provide me some pointers/hints.