Failed to connect to your instance after deploying mern app on aws ec2 instance

i dockerized my mern app (Next js, node js , mongodb) and trying to deploy it on aws ec2 instance. when i try to access my backend on port 5000 via aws public ip then it works fine when i try to access frontend then terminal stuck and if i try to reload the terminal then ssh gives error.
i am getting error if i try to reload the terminal
Failed to connect to your instance
Error establishing SSH connection to your instance. Try again later.
. then i have to stop the instance and start the instance. then again backend works fine and when try to access frontend it gives error. this is my folder structure looks like

myecommerce folder then it have two more folders backend frontend nginx (nginx have two files one is dockerfile and second is nginx.conf) docker-compose.yml

this is how my nginx docker file looks like

FROM nginx:latest


RUN rm /etc/nginx/conf.d/*

COPY ./nginx.conf /etc/nginx/conf.d/

CMD [ "nginx", "-g", "daemon off;" \]
this is how my nginx.conf file looks like

events {}

http {
server {
listen 80;
server_name here my aws public ip;

location / {
root /usr/share/nginx/html;
index index.html index.htm;
try_files $uri $uri/ /index.html;
}
}
}
this is my frontend folder docker file

FROM node:20-alpine

WORKDIR /app

COPY package*.json ./

RUN npm install

COPY . .

EXPOSE 3000

CMD npm run dev
this is my backend folder docker file

FROM node:20-alpine

RUN npm install -g nodemon


WORKDIR /app

COPY package*.json ./
RUN npm install

COPY . .

EXPOSE 5000

CMD ["npm", "run", "dev"\]
this is how my docker-compose.yml looks like

version: '3'
services:
frontend:
image: my frontend image from docker hub
ports:
\- "3000:3000"

backend:
image:my backend image from dockerhub
ports:
\- "5000:5000"

nginx:
image: my nginx image from dockerhub
ports:
\- "80:80"
later i want to setup github ci cd pipelines for it and using custom domain to access the website later. i am not sure if i am using docker-compose i still need to setup pm2. i am also posting my inbound rules i dont know why frontend is not working. guys i am beginner in aws deployment and dockerization. i am improving my skills please help me i am stuck in this from many days i saw alot of videos and watched multiple videos but not a single article or video doing what i am actually trying to do. Thanks in advance


https://redd.it/1bseijj
@r_devops

Container orchestration vs. VM orchestration in the cloud.

I'm trying to understand the specific use cases where we'd prefer to use container orchestration (Kubernetes) as opposed to VM orchestration (Nomad) in a cloud setting.

It seems to me that clearly, if you're focused on batch jobs, you're working with single-purpose VMs that are started then destroyed after doing their specific bit of work, so setting up a VM image to provision them with everything they need would seem to me to introduce less overhead into the cluster, and it wouldn't make much sense to use Kubernetes for a case like this. The distinguishing properties of the cloud that makes it easy to find one or more VMs that match the required scaling seem to me to make it as elastic and malleable as a container-level orchestration.

In what specific cases would you prefer to use Kubernetes?

https://redd.it/1bshdqx
@r_devops

Coursera Plus at 90% off

I will be inviting you to use Plus for a year (worth $399) on your email (corporate invites) at $39 and obviously you won't be paying me without any proof that you require from and before you are satisfied. If anyone is needy and actually needs it, can dm me. I'll help them!

https://redd.it/1bsj1nc
@r_devops

Vulnerability Management Lifecycle in DevSecOps

This is the first entry in a series on a technology-driven, automated approach to DevSecOps architecture! This post helps you set up your teams for success in making sense of all the noise that comes from various vulnerability scanners.

https://blog.gitguardian.com/vulnerability-management-lifecycle-in-devsecops/

https://redd.it/1bskn2k
@r_devops

How do you monitor the uptime of different microservices in k8s?

tl;dr: Got a bunch of third party cybersecurity tools/services running in our k8s cluster, I need to figure out a way to measure/benchmark the uptime of different microservices that these tools spin up so we can establish some SLOs.

Bit of background, I am on a small devops team that is there to support the internal security team of my company, which in turns supports 5000+ devs.

Almost everything we run is vendor tooling for all kinds of different security scanners, using their helm charts/manifests/w.e. Some of these tools have their own monitoring, but they are ok at best for our needs.

I am looking for a solution to help me monitor the uptime of all the different microservices that get spun up by these tools. We do have grafana/prometheus setup, and I've got prometheus blackbox exporter running for probing HTTP endpoints without too much logic built into it, but that doesn't always paint the whole picture.

It'd be nice to aim for 99% uptime, but 95% as a start is also acceptable. The stuff we run isn't super critical except for a few times per year, but we keep a close eye on the cluster during that time anyways. So whatever solution I come up with, it needs to check every 5-10 minutes to give a good enough granularity for measuring up to 99%. Two main options that I am considering and one kind of crazy one:

- Expand upon Blackbox exporter, try and get it to hit as many API endpoints as possible. I think most things we run have some kind of an API that I can use to check whether a service is up or not. I'd want to avoid this though because I am personally not a fan of writing too much logic in YAML
- Add service specific labels to each pod, so if ALL pods with that label go down, I know the particular service is degraded.
- Write a custom operator? Never wrote one before, but maybe this is the answer?

https://redd.it/1bsmhdx
@r_devops

Need advice about end to end testing

Hi all,

I’m new to the world of dev ops and while there is a lot to learn, I am enjoying it so far. In particular, I like that dev ops allows me to increase confidence in my deployments, and have better control over quality.

One of the areas in which I’d like to improve is in my frontend deployment. My stack consists of a backend in one repository, and then several decoupled React front ends where each live in its own repository. I want to have full confidence that I don’t accidentally break the integration between the frontend and backend when deploying new frontend code, I.e. that the frontend successfully calls the API of my backend every time I deploy.

The way I am thinking of approaching this is:

In my GitHub actions workflow, add a build step for an end to end test in my frontend repository. This build step accesses the repository for my backend, deploys a production-like environment, and then run end to end tests on this environment. Once the test are over, tear down the test environment.

I am wondering if this is a valid approach? I’m curious how mature organizations handle this sort of thing.

https://redd.it/1bsn6l1
@r_devops

AWS cost limit.

I’m an absolute beginner to aws and I have only on-premise or private cloud experience.
I like experimenting with new technologies and I’m not afraid to break things. However, this never applied to aws because I was afraid of financial ruin.
However, this situation sucks. I would like to learn aws in a save environment knowing that whatever comes I will never be charged more than e.g. 30$ per month.
Does such an option exist?

https://redd.it/1bslxt7
@r_devops

What’s the difference between devops , mlops

The devops guy can handle mlops?

https://redd.it/1bsq2md
@r_devops

What types of SLOs are you creating?

Do you guys have service level SLOs? On my team, we only have SLOs for CUJs and have a couple of SLOs per CUJ which encompass all services involved in that CUJ. There are no SLOs on any individual service.

A lot of documentation that I read seems to talk about service level SLOs. If you use these, do you alert on them? What CUJ do you group them into as a single service could belong to multiple CUJs? Do you use CUJ and service level SLOs?

I am trying to figure out if we are doing things incorrectly and should create SLOs per service as well

Also this seems to point to doing more product-level SLOs: https://sre.google/resources/practices-and-processes/product-focused-reliability-for-sre/#measure-performance



https://redd.it/1bsrbpu
@r_devops

Introducing Templater: A Simple CLI, inspired by helm, for Text File Templating for Developers

Today, I'm both excited and humbled to share a project that's been a labor of love and necessity: Templater.

This journey started with a personal frustration I encountered in my development work. The need for a simple, powerful way to template text data without diving into the deep end of another programming language led me to create Templater, drawing inspiration from Helm's templating capabilities.
Check out Templater on GitHub
Templater is an open-source tool that leverages the Sprig library, allowing you to template not just individual text files but entire directories. It's designed to be intuitively familiar for those of you who've worked with Helm. The main difference is you can feed any files, or directory.
I've included a practical example that demonstrates Templater's real-world application: a multi-region Packer build. This example, found in the examples directory, illustrates how Templater can streamline and simplify complex tasks, making it an invaluable tool in your development arsenal.
I warmly invite you to explore Templater, try it in your projects, and share your feedback. Your insights and contributions will be invaluable as we continue to refine and expand Templater's capabilities together.
Thank you for your support and curiosity. Let's make the development process a bit easier for everyone.
Warm regards,

Rajesh Rajendran

https://redd.it/1bsow5n
@r_devops

What is an essential read for DevOps?

Share your favorites resources, please.

https://redd.it/1bsx3o4
@r_devops

Selecting an artifact management system for embedded firmware binaries

Really struggling with this at the moment so would appreciate some advice.

The company I currently work for produces electronic devices, some of which are heading the IoT route and require OTA update.

At the moment binaries are built by Jenkins and then manually stored on a backed-up Samba share. Internally they are published by email and a link to the binaries on this drive.

To publish some binaries for OTA we're planning an AWS Lightsail VPS which will need someone to manually upload new binaries and adjust a manifest file.

eye twitch intensifies

I've got the green light to introduce a company-wide artifact management system, one that will accept raw binaries in some form, allow promotion to our test department, then promotion to product management to decide when to publish. Product management could then promote the boundaries resulting in a push to some publication server (Lightsail?) or allow 3rd parties direct access to the artifacts in the management system itself, with suitable credentials.

But here's where I'm struggling and would take recommendations from anyone with suitable experience. JFrog Artifactory I've used before but seems rather complex a solution for our needs; getting everyone to understand it might be an uphill battle. When I used it before I had to wrap binary artifacts as RPMs for them to go into Artifactory; it seems that most artifact management systems expect to work with a package management system of some kind.

I want to avoid rolling our own solution and take something off the shelf if possible. "Artifactory but dumber and simpler to use, and can manage raw firmware binaries in some form."

https://redd.it/1bsxyyf
@r_devops

Automated post-deployment monitoring vendors

Hi all, I'm looking for some help sourcing some vendors general strategies for doing post-deployment monitoring.

**Tl;dr: I'm looking for a system that can handle pre-deployment checks, the actual deployment, and post-deployment monitoring with automated rollbacks.**

I recently joined a start-up with a manual deployment process. The start-up currently does scheduled releases on 2 days during the week, and we deploy the entire stack of a handful of microservices at the same time. Aside from the obvious problem to solve which is to move to a place where we can deploy individual services independently, I am looking for a platform where I can do pre-deployment checks (check list of things to verify it is safe to deploy), the deployment itself, and then post-deployment monitoring with auto-rollbacks.

To elaborate a bit on the pre and post-deployment phases: I want the ability check if there is an active OpsGenie incident declared, if it is a weekend deployment, etc. before we do an automated deployment. In post-deployment monitoring, I want the ability to configure an alarm that, when triggered, initiates a rollback automatically. This alarm would be monitored for a specified amount of time post-deployment (measured in hours or by some other trigger, like meeting a condition such as "1000 requests processed").

What I've looked at so far:

* **Argo Workflows**: promising amount of integrations, but very general purpose. My impression is that it can only deploy to K8s targets... am I wrong? We deploy more than just K8s workloads. I suppose I could write custom tasks to deploy to non-K8s... but Octopus can do this natively.
* **Octopus**: Can handle almost all of the pre-deployment requirements I have, can deploy to virtually any target (including K8s), but is unfortunately lacking any sort of post-deployment monitoring (verified after talking to a solutions architect at Octopus).
* **Codefresh**: Just bought by Octopus. Seems like it's also K8s specific.

I'd really appreciate any leads on systems out there! I come from one of the FAANGs where we had all of this (and more) but it was all internal tooling - does anything exist in the market?

https://redd.it/1bt08qs
@r_devops

Project advice for SE wanting to switch to DevOps

Hello people,

I am currently working as a software engineer, mainly using Rails. I used Java and React in my previous jobs.

Lately for the past 3 months, I got interested in the cloud and started studying for the AWS SAA certificate, and also trying to get better with Linux and Terraform on the side. I have some small project ideas to get your opinions on it:

- Setting up a React project I did earlier on AWS cloud with EC2, ASG, Load Balancer, and Route 53(with my own domain).

- Setting up a simple frontend plus backend project with basic CRUD stuff, that also uses RDS and CloudFront on top of the other things I used for the previous project. I want to write some basic tests for the backend so that I can set up a CI/CD with them.

I think of doing these projects manually via the Management console first, then learn how to automate it with Terraform.

I also want to practice using VPC, but don't know how I could use it in these projects. I also wonder how I could utilize Ansible in projects like this, would I even need it?

Do you think these projects are good to implement for getting into DevOps, or are they way too simple?

I am open to any positive or negative feedback. Feel free to roast me if I said something clueless.

Thanks in advance.


https://redd.it/1bt1mj7
@r_devops

In which order would you learn these?

Terraform, Docker, Kubernetes, Ansible, CI/CD, Prometheus/Grafana

 

I recently passed AWS Solutions Architect Associate and have Python development experience, RHCSA Linux, and Network+ under my belt.

I'm thinking of learning Terraform for a cloud-agnostic IaC (I already know cloudformation), followed by jumping into Docker containers and Kubernetes since that seems to be extremely in-demand within the industry. After that I might look into CI/CD with Gitlab and observability monitoring with Grafana. Thoughts?


Also, is Ansible stilll in demand in this day and age? The RHCE exam - which is the sequel to the RHCSA - is basically an Ansible exam. Knowing I've recently gotten the RHCSA, would it be a good idea to do the RHCE next, or should I skip that and focus more on Docker and Kubernetes?

https://redd.it/1bt3om5
@r_devops

The Latest Innovation in Incident Response - Most Privilege Access

Least privilege access is important but has shown its limitations during incidents.

As a result entitle.io developed a new feature that instantly empowers EVERYONE in the organization with full admin rights to combat cyber threats collectively.

Here’s how it works: https://www.entitle.io/lp/most-privilege-access

https://redd.it/1bt3iig
@r_devops

Inputs into API calls

We have a use case where our CICD pipelines will “deploy” to API end points. We’re unsure how we should store the API inputs in our Gitlab CICD repos. I figure we’ll need to house the API version number along with with PUT command’s payload.

Has anyone here worked with something similar? My go to would be a JSON input that we would then parse into the request but curious what others have seen/used in similar situations.

https://redd.it/1bt74gp
@r_devops

Teams being separated from O365

I see that it is a constant gripe in this sub about Slack and Teams. Well seems like the tyrants have made a decision to split Teams from the cost of m365. Its to only affect new customers.

Probably some very upset people out in the world right now reading this.

Realigning global licensing for Microsoft 365

https://redd.it/1btc167
@r_devops

Job searching with an inflated job title!

Hello, I’m in a bit of unique position in my career right now and I’m wondering if anyone can relate/ give any advice.

Graduated college with a CS degree in 2020 and got hired straight away at a big company into a cloud engineering role (with zero experience in the cloud). Immediately I come to realize I’m out of my depth as the role is really an Observability DevOps one and I am doing none of the programming I had been taught in school.

Our team uses a wide variety of tools and technologies, such as Azure, GCP, Kubernetes, Docker, Terraform, Jenkins, Helm, ArgoCD, Grafana, Opentelemetry, etc…I learned a little bit of everything, enough to keep afloat and be a useful enough member to the team.

Then, about a year ago, all the senior members of my team decided to move on to new opportunities. My management was unable/unwilling to find replacements, and instead decided to promote me and my coworker to Senior Engineers.

So, now here I am, a senior DevOps engineer with 4 total years of experience. I’m very aware of how inflated my title is. I am familiar with many DevOps concepts but I lack a foundation in Dev or Ops.

Now, I’m looking for a job where I would prefer to be a Junior engineer and even take a paycut just to get some mentorship and experience with fundamentals.

What I’m really struggling with is how to convey this to recruiters, and how to find roles that strike a good balance between letting me get back to the basics, while still letting me market the skills I do have.

Has anyone experienced something similar? 😭




https://redd.it/1btgj5z
@r_devops

Is there too much saturation for a senior admin to move into DevOps?

Just curious about how saturated the DevOps market is right now? I’m a senior systems engineer with 11 years of experience, but most of that is on-prem and not with IaaS. Jobs in my area are all on-prem except for SaaS apps. I’ve been automating with PowerShell for years and have experience with Terraforms VMware provider and using Ansible. No container experience outside of Docker. Any chance I could break into a DevOps or SRE position, or are the cards stacked against me now?

https://redd.it/1btkzgl
@r_devops

Career Advice of Scrum/PM and DevOPs

I wanted to know the input of some people as I see careers (PM/Scruum) which asks to know DevOPs, so I got the following inquiries:

Should I as a Scrum/PM, learn DevOps?

Is DevOps something worth knowing to help a team of developers? (As PM/Scrum) If, yes is there any path/certification which can help with this?

Any advice can be helpful.



https://redd.it/1btm8eg
@r_devops