All Posts By

kathleen cesar

SSL Certificate webpage

SSL Certification Installation Tutorial

By Development, Security, SSHNo Comments

Installing an SSL Certificate is something that can benefit all developers. SSL Certificates provide security when passing data back and forth between the user and the server. This specific Tutorial uses AWS for DNS and the server, Nginx as a reverse-proxy engine, and Namecheap for the SSL Certificate itself. Follow the steps and you will have the base knowledge to install an SSL Certificate in no time!

  1. Purchase a domain name from Route 53 on AWS.
    1. If you are following this tutorial for learning purposes only, I recommend choosing a cheap domain and ensuring auto-renew is turned off to avoid extra charges. This tutorial uses a .com domain, so that is recommended to follow the tutorial more precisely.
  2. Purchase an EC2 Server on AWS.
    1. I recommend an Ubuntu Server 16.04 LTS (HVM), SSD Volume Type
    2. For security groups, create or choose one that covers HTTP access (port 80), HTTPS access (port 443), and SSH access (port 22).
    3. Use your own key-pair when setting this up, you will need this later, save it in your .ssh folder.
  3. Connect domain name to server.
    1. You will need the IP address of the server.
    2. Follow this guide.
  4. Install and configure Nginx on server
    1. Add the following lines to your config file

      Host host_name
        Hostname IP_address_of_server
        User ubuntu
        IdentityFile ~/.ssh/.pem_file_from_key-pair_download
    2. SSH on to server using the following command

      $ ssh host_name
    3. Run the following commands.
      # To install Nginx and verify the installation worked
      $ sudo apt-get update
      $ sudo apt-get install nginx
      $ sudo ufw app list
      
      Expected output:
      
      
      Available applications:
        Nginx Full
        Nginx HTTP
        Nginx HTTPS
        OpenSSH
      
      # To allow connections to the server
      $ sudo ufw allow OpenSSH
      $ sudo ufw allow 'Nginx HTTP'
      $ sudo ufw allow 443
      $ sudo ufw allow HTTP
      
      # To enable the firewall and verify it worked
      $ sudo ufw enable
      $ sudo ufw status
      
      Expected output:
      
      Status: active
      
      To                         Action From
      --                         ------ ----
      OpenSSH                    ALLOW Anywhere           
      Nginx HTTP                 ALLOW Anywhere           
      80                         ALLOW Anywhere           
      443                        ALLOW Anywhere           
      OpenSSH (v6)               ALLOW Anywhere (v6)           
      Nginx HTTP (v6)            ALLOW Anywhere (v6)           
      80 (v6)                    ALLOW Anywhere (v6)           
      443 (v6)                   ALLOW Anywhere (v6) 
      
      # To ensure Nginx is running as expected
      $ systemctl status nginx
      
      Expected output: 
      
      nginx.service - A high performance web server and a reverse proxy server
         Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
         Active: active (running) since Thu 2018-05-31 20:58:15 UTC; 1 weeks 4 days ago
       Main PID: 17606 (nginx)
          Tasks: 2
         Memory: 2.1M
            CPU: 842ms
         CGroup: /system.slice/nginx.service
                 ├─17606 nginx: master process /usr/sbin/nginx -g daemon on; master_process on
                 └─17607 nginx: worker process                           
      
      Warning: Journal has been rotated since unit was started. Log output is incomplete or unavailable.
    4. Check this by going to your website, a “Welcome to Nginx” page should appear
  5. Add an index.html file that will appear once Nginx is complete
    1. Run the following commands

      $ ssh host_name
      $ cd /var/www/html
      $ touch index.html
      $ sudo nano index.html
    2. Add the following text to the file
      Hello!
      
    3. Use Control + O to write to the file, click enter, then Control + X to quit nano. 
    4. Purchase and set up SSL from Namecheap
      1. Choose a PositiveSSL
      2. Generate a CSR in your terminal by running

        $ openssl req -new -newkey rsa:2048 -nodes -keyout site_name.key -out site_name.csr
        
        Generating a 2048 bit RSA private key
        ............................+++
        .....................................................................+++
        writing new private key to 'site_name.key'
        -----
        You are about to be asked to enter information that will be incorporated
        into your certificate request.
        What you are about to enter is what is called a Distinguished Name or a DN.
        There are quite a few fields but you can leave some blank
        For some fields there will be a default value,
        If you enter '.', the field will be left blank.
        
        -----
        Country Name (2 letter code) [AU]:US
        State or Province Name (full name) [Some-State]:Maryland
        Locality Name (eg, city) []:Hampstead
        Organization Name (eg, company) [Internet Widgits Pty Ltd]:Bytelion
        Organizational Unit Name (eg, section) []:Bytelion
        Common Name (e.g. server FQDN or YOUR name) []:site_name.com
        Email Address []:your_email@domain.com
        
        Please enter the following 'extra' attributes
        to be sent with your certificate request
        A challenge password []:
        An optional company name []:
      3. Copy the CSR by running
        $ cat site_name.csr
      4. Paste the CSR into Namecheap when asked.
      5. Follow steps in namecheap for domain validation. This can be done 1 of 3 ways, but via email(if yours is listed) or DNS is recommended. For help with this validation, refer to the links in Namecheap.
      6. Once this is complete, the certificate will be emailed to you, but be patient because it can take a while for the email to come through.
    5. Install SSL on server
      1. Download the SSL files from your email and unzip the file. This should leave you with a folder by the name site_name_com containing the files site_name_com.crt and site_name_com.ca-bundle
      2. Open the folder in the terminal and run the following commands

        # To combine the two files into one
        $ cat site_name_com.crt site_name_com.ca-bundle >> site_name-bundle.crt
        
        # To copy the file into the .ssh folder to then put them onto the server
        $ sudo cp site_name-bundle.crt ~/.ssh
      3. Navigate to the site_name.key file that was created with your CSR, then run the following commands

        # To copy the file into the .ssh folder to then put them onto the server 
        $ sudo cp site_name.key ~/.ssh
        
        # To verify the files were successfully moved
        $ cd
        $ cd .ssh
        $ ls
      4. Verify the site_name-bundle.crt and site_name.key files are there.
      5. Run the following commands to put the files on to the server.

        $ scp site_name-bundle.crt ubuntu@IP_address_of_server:
        $ scp site_name.key ubuntu@IP_address_of_server:
      6. SSH onto the server

        $ ssh host_name
        $ ls
        
      7. Verify the site_name-bundle.crt and site_name.key files are there.
      8. Run the following commands to move the files to their appropriate folders.
        $ sudo mv site_name-bundle.crt /etc/ssl/certs/
        $ sudo mv site_name.key /etc/ssl/private/
      9. Run the following commands to begin the set up of the Nginx configurations

        $ cd /etc/nginx/sites-enabled
        $ touch site_name
        $ sudo nano site_name
      10. Edit the file to contain the following.

        error_log /var/log/nginx/error.log;
        
        server {
           listen       80;
           server_name  site_name.com;
           return 301 https://site_name.com$request_uri;
        }
        
        server {                       
           listen       443;
           server_name  site_name.com;
           ssl on;
           ssl_certificate /etc/ssl/certs/site_name-bundle.crt;
           ssl_certificate_key /etc/ssl/private/site_name-server.key;
           ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
           root /var/www/html/;
        }
      11. Use Control + O to write to the file, click enter, then Control + X to quit nano.
      12. Run the following commands to stop and start nginx

        $ sudo systemctl stop nginx
        $ sudo systemctl start nginx
        
        
  6. Go to your website. The site should say “Hello!” and the word Secure with the padlock should be shown. Navigating to site_name.com should now redirect to https://site_name.com. 

 

What’s the difference between Smoke Testing & Regression Testing?

By TestingNo Comments

You can prevent mistakes found within your application through Quality Assurance (QA) testing. This step is critical for any software project as it helps your team produce the best product before delivering it to the client. In this article, we will discuss two types of QA tests. If you are curious about QA and how it can help your project be sure to read our article Why is QA Essential for your Project?

What is a smoke test?

smoke testing

A smoke test is a quick run through of a site;  it focuses on critical functionality to ensure the site can perform basic features.  The primary features are often called red routes in the software industry.

It only takes a couple of minutes to complete, up to ten minutes at most. What is great about smoke tests is you can perform them either daily or every other day.

Smoke testing came to software testing from a similar hardware test -where the device passed if it did not catch fire (or smoked) the first time it was turned on!

For software purposes, an example of smoke testing could be for a hotel reservation site. In this smoke test example, the tester would ensure the user will be able to sign up, change your password, create a booking, and be notified.

what-the-team-builds-1

What is a regression test?

A regression test is an in-depth, thorough examination of a site. It tests all of the complex user stories and detailed nuances of the site, therefore; they may take many hours to complete. Performing a regression test ensures any changes made did not negatively impact any of the functionality of the site. A regression test will cover every feature, new and old, along with bug fix checks to make sure bugs did not reappear in the software.

When should I perform a smoke test or a regression test?

You should frequently perform smoke tests. Performing a smoke test immediately following a push to production acts as a way to ensure the high-level functionality of the site is working.

In my experience, you should conduct regression on a per sprint (generally two weeks) basis. A regression test should occur immediately before a push from a testing environment to production. This will ensure that the push to production will not negatively impact the functionality of the site. If we use the previous hotel example, a regression test will check not only the basic items that make the site work but allow us to test more complicated use cases for bookings, such as multiple locations, discounts or promo codes, and international tax law.

Just a quick note about regression testing and developers… Never mix the two.  Developers are too close to the problem to test properly, and it takes them out of their development zone. Developers need to spend the majority of their time developing, rather than doing in-depth testing.

regressiontesting

Final Thoughts:

Now that you know a thing or two about the major types of user testing, you can apply the proper technique when you need it! Having your developers conduct smoke testing on their code helps them move along faster with their development, especially in the beginning of a project.  However, you need to be able to invest in regression testing on a routine basis or components of your application will begin to break. This small investment will allow you to fix things quickly and efficiently.

Have any questions about testing?  Our knowledgeable quality assurance team is happy to help! Please contact us info@bytelion.com

Kathleen was featured in a previous article about our interns.

screen-shot-2017-09-05-at-4-06-24-pm

Why is Quality Assurance Essential for your Project?

By Testing2 Comments

Why is Quality Assurance (QA) an essential step for your software project?

Picture this. Your website or app has finally launched after long and tedious months of development. You are ecstatic with how beautiful the website looks, and so far, it has been working fine… but then… you get a message from a furious user who is complaining that the app does not function correctly on their device.  Or, perhaps you receive a notification about a new change the development team just made and it is causing core features to stop working on the site.

You find yourself in a frenzy trying to figure out how you are going to get your site or app back up and running without losing or upsetting too many customers. Good news! Take a deep breath; you can avoid all of this chaos with Quality Assurance.
giphy-1

Software Bugs, the Inevitable Foe

It’s time to face the unfortunate truth: Software bugs are inevitable; no matter how awesome the development team is, there will always be bugs. According to Techopedia, a Software bug is a problem causing a program to crash or produce invalid output. A bug can be an error, mistake, defect or fault, which may cause failure or deviation from expected results. Preventing bugs is extremely difficult.  If you are running with a very lean team (as are almost all companies on a budget), you might not have time for complete test case development, or you aren’t completing extensive design reviews. Bugs can also happen because of dependencies on other systems.   

qa-comic

But who can Save my App from all of these Bugs?

Who exterminates these software bugs? Our heroes, the Quality Assurance Technicians (QA testers) find the bugs, so your users do not come across them unexpectedly. No one likes it when their app crashes or if the page they are browsing stops responding. The purpose of QA testing is to find and report these issues so they can be eliminated before the software reaches the user.

QA testers mostly do one of two things. They either perform regression testing or go through new features of the site looking for bugs. The regression tests help ensure the functionality of the site does not get diminished with any changes that are made to the site. Before new features can be added to a site or app, they need to be thoroughly tested. All of this QA work eliminates the negative interactions for the user.

screen-shot-2017-07-14-at-4-38-54-pm

Final Thoughts:

QA is a necessity for your next project. Without QA, you should expect a ton of negative feedback from your users. While developers usually test their own code, they don’t have time to review everything. QA testers are there to ensure you and your users have an almost flawless product and fantastic user experience. Your users will thank you for a beautifully designed product that works seamlessly. An app without major bugs will delight your customers and build an honorable reputation for your brand.


From all of us here at Bytelion, we wish you the best of luck when you are exterminating your software bugs!

Kathleen was featured in our intern blog.
Need QA for your future project? Contact us at info@bytelion.com