sehee

Hugo is a fast, open-source static site generator that simplifies creating websites.

brew install hugo

Creating a new hugo site

hugo new site <my-site-name>

- replace <my-site-name> with my desired project name: sarah-hugo

Installing a Theme for my hugo site

- Hugo doesn’t come with a built-in default theme
- choose a theme from hugo themes that suits my project (popular: Ananke theme (for beginners))
+ Initializing a Git Repository (in <my-site-name> folder)

cd sarah-hugo
git init
git submodule add https://github.com/theNewDynamic/gohugo-theme-ananke.git themes/ananke

Configure Hugo to use the theme by editing the hugo.toml configuration file

# vi sarah-hugo/hugo.toml
baseURL = 'https://example.org/'
languageCode = 'en-us'
title = 'My New Hugo Site'

theme = "ananke"

Creating a Simple Content File

hugo new posts/my-first-post.md

• generates a new Markdown file located in the content/posts directory

open the newly created file in my preferred text editor: 

nano content/posts/my-first-post.md

+++
date = '2025-11-05T17:45:09+09:00'
draft = true
title = 'My First Post'
+++

add some content below the front matter

# Welcome to My First Post! 

This is my very first post using Hugo and Git. Exciting times ahead!

• in nano, CTR + 0, then Enter, and then CTRL + X to exit

Staging my changes

stage all changes in my project directory by running: 

git add .

Making my first commit

git config --global user.email "my@gmail.com"
git config --global user.name "my name"

git commit -m "Add first post: My First Post"

Viewing my changes with Hugo

start the Hugo server to view the changes locally

hugo server -D

• -D flag stands for Draft

open my web browser and go to ‘http://localhost:1313’

Viewing my commit history

git log

commit axxxxxxxxxxxxxxxxx0 (HEAD → main)
Author: my name <my@gmail.com>
Date: Wed Nov 5 18:17:59 2025 +0900

Add first post: My First Post

Ignoring unnecessary files with .gitignore

it’s important to recognize that not all files need to be tracked by Git
- such as logs, build artifacts, and environment configurations

inside the root of your project directory, create a file named .gitignore: 

touch .gitignore

In this file, you can specify file patterns that Git should ignore. For example:

# Ignore log files
*.log

# Ignore Hugo build directory
public/

# Ignore temporary editor files
*.swp

References: 

From Theory to Practice: A Git Workshop for Beginners - https://hjortberg.substack.com/p/from-theory-to-practice-a-git-workshop

25.11.03 기준

Foundational

AWS Certified Cloud Practitioner

: CLF-C02 / 719 questions

https://www.examtopics.com/exams/amazon/aws-certified-cloud-practitioner-clf-c02/

AWS Certified AI Practitioner

: AIF-C01 / 318 questions

https://www.examtopics.com/exams/amazon/aws-certified-ai-practitioner-aif-c01/

Associate

AWS Certified Solutions Architect - Associate

: SAA-C03 / 1019 questions

https://www.examtopics.com/exams/amazon/aws-certified-solutions-architect-associate-saa-c03/

AWS Certified Machine Learning Engineer - Associate

: MLA-C01 / 145 questions

https://www.examtopics.com/exams/amazon/aws-certified-machine-learning-engineer-associate-mla-c01/

AWS Certified Developer - Associate

: DVA-C02 / 557 questions

https://www.examtopics.com/exams/amazon/aws-certified-developer-associate-dva-c02/

AWS Certified CloudOps Engineer - Associate

: SOA-C03 / 478 questions (C02 기준)

https://www.examtopics.com/exams/amazon/aws-certified-sysops-administrator-associate/

AWS Certified Data Engineer - Associate

: DEA-C01 / 261 questions

https://www.examtopics.com/exams/amazon/aws-certified-data-engineer-associate-dea-c01/

Professional

AWS Certified Solutions Architect - Professional

: SAP-C02 / 529 questions

https://www.examtopics.com/exams/amazon/aws-certified-solutions-architect-professional-sap-c02/

AWS Certified DevOps Engineer - Professional

: DOP-C02 / 390 questions

https://www.examtopics.com/exams/amazon/aws-certified-devops-engineer-professional-dop-c02/

AWS Certified Generative AI Developer - Professional[베타 시험]

: -

Specialty

AWS Certified Machine Learning - Specialty (until March 31, 2026)

: MLS-C01 / 369 questions

https://www.examtopics.com/exams/amazon/aws-certified-machine-learning-specialty/

AWS Certified Security - Specialty

: SCS-C02 / 307 questions

https://www.examtopics.com/exams/amazon/aws-certified-security-specialty-scs-c02/

AWS Certified Advanced Networking - Specialty

: ANS-C01 / 272 questions

https://www.examtopics.com/exams/amazon/aws-certified-advanced-networking-specialty-ans-c01/

References: 

https://aws.amazon.com/ko/certification/

VPN Basics

VPN allows hosts to communicate privately over an untrusted intermediary network like internet, in encrypted from

-

AWS 측 VPC: 10.0.0.0/16

onpremise 측 VPC: 192.168.0.0/16 (172.31.0.0/16)

VGW 생성

CGW 생성 (onprem-VPC의 EC2 인스턴스 퍼블릭 IP)

Site-to-Site VPN connection 생성 (static IP prefixes: 192.168.0.0/16)

IP Sec down

- VPN connections 우측 상단 Download configuration 버튼을 클릭하여, 각 고객 게이트웨이 디바이스 제공업체 별 configuration 파일 다운로드

- Actions > Modify VPN tunel options > 터널 1 선택하여 log group 설정(로그 기록 활성화 가능)

on-prem 라우터 설정

instance 설정 >

onprem-EC2에 strongswan 설치 및 설정

sudo yum update
sudo yum install strongswan  # Amazon Linux 2023에는 strongswan 패키지가 기본 저장소에 없음
sudo yum install libreswan -y

AWS-VPC 라우팅 테이블 설정

192.168.0.0/16 -> Virtual Private Gateway

Onprem-VPC 라우팅 테이블 설정

10.0.0.0/16 -> Local VPN instance

연결 테스트

# AWS-EC2에서

ping <onprem-EC2-private-IP>

# onprem-EC2에서

ping <AWS-EC2-private-IP>

-

CloudFormation Stacks > Outputs

Transit gateway attachments > VPN type, IP Address: Router1Public, BGP ASN: 65016

WebRTC (Web Real-Time Communication): 웹/앱에서 별다른 소프트웨어 없이 카메라/마이크 등을 사용하여 실시간 커뮤니케이션을 제공해주는 기술 [2]

Peer to Peer 통신을 하기 위해 사용자의 IP 주소를 알아야 하는데,

대부분의 사용자는 방화벽을 사용하여 STUN/TURN 서버가 필수적이다 [1].

1. STUN 서버

: Session Traversal Utilities for NAT

두 클라이언트가 같은 네트워크에 존재하고 있을 때는 해결되지 않는다.

Symmetric NAT의 경우는 애플리케이션이 달라지면 NAT의 매핑테이블이 바뀔 수 있다.

2. TURN 서버

: Traversal Using Relays around NAT

클라이언트들이 통신할 때 Public 망에 존재하는 TURN 서버를 경유하여 통신하게 된다.

ICE의 일부로 사용될 수 있도록 디자인 되었다.

3. ICE(Interactive Connectivity Establishment)

: Client가 모든 통신 가능한 주소를 식별하는 것

1) Relayed Address: TURN 서버가 패킷 릴레이를 위해 할당하는 주소

2) Server Reflexive Address: NAT가 매핑한 클라이언트의 공인망(Public IP, Port)

3) Local Address: 클라이언트의 사설 주소(Private IP, Port)

따라서 STUN 서버는 Server Reflexive Address 만을 응답하지만 TURN 서버는 Relayed Address와 Server Reflexive Address 모두 응답한다.

4. Coturn

TURN과 STUN 프로토콜을 구현한 서버 소프트웨어

STUN 서버는 Server Reflexive Address 만을 응답

TURN 서버는 Relayed Address 와 Server Reflexive Address 모두 응답

References:

[1] WebRTC란? (STUN과 TURN 서버의 이해) (2) - https://andonekwon.tistory.com/59

[2] [WebRTC] WebRTC란 무엇일까? - https://gh402.tistory.com/38

AWS Route 53 resolver의 CreateResolverQueryLogConfig 시

query logs의 Destination을 bucket name으로 설정할 경우, 

aws route53resolver create-resolver-query-log-config --name "log-config-name" --destination-arn "arn:aws:s3:::s3-query-logging"

S3 버킷 삭제

aws s3api delete-bucket-policy --bucket s3-query-logging

Empty bucket > permanently delete

AssociateResolverQueryLogConfig API 실행

aws route53resolver associate-resolver-query-log-config --resolver-query-log-config-id "rqlc-12aaa456fxxx4519" --resource-id "vpc-0a53xxxxxxxxx2deb"

정상 생성(Active)

{
    "ResolverQueryLogConfigAssociation": {
        "Id": "rqlca-8389713dfa194521",
        "ResolverQueryLogConfigId": "rqlc-12aaa456f7394519",
        "ResourceId": "vpc-0a535fa915c062deb",
        "Status": "CREATING",
        "Error": "NONE",
        "ErrorMessage": "",
        "CreationTime": "2025-08-07T07:06:27.873745085Z"
    }
}

VPC가 타 query log config와 연결되어 있을 경우

An error occurred (InvalidRequestException) when calling the AssociateResolverQueryLogConfig operation: [RSLVR-01306] The resource is already associated with a query logging configuration that is sending query logs to the specified destination type. Trace Id: "1-689450aa-38d4c77e583b368f14ffa282"

버킷 삭제 시(Failed)

INTERNAL_SERVICE_ERROR[RSLVR-00200] Internal Service Error, trace ID: "1-6894513d-1a1dxxxxxxxxxxxxxxxx4477"

References: 

[1] AssociateResolverQueryLogConfig - Errors - https://docs.aws.amazon.com/ko_kr/Route53/latest/APIReference/API_route53resolver_AssociateResolverQueryLogConfig.html#API_route53resolver_AssociateResolverQueryLogConfig_Errors

ALB는 대상 응답에 서버 헤더가 없는 경우에만 awselb/2.0 값을 갖는 서버 헤더 정보를 추가한다.

이 때 서버 헤더를 비활성화(enabled false)할 경우, 헤더 정보를 추가하지 않도록 설정하여 awselb/2.0과 같은 서버 정보가 노출되는 것을 방지할 수 있다.

→ 자동 스캐닝 도구나 공격자가 특정 서버 소프트웨어에서 발견된 취약점을 악용하는 것을 방지한다.

while true; do 
    echo "============= $(date '+%Y-%m-%d %H:%M:%S') ============="
    curl -k -I -w "time: %{time_total}s\n" https://ALB-1234567890.us-east-1.elb.amazonaws.com
    echo "====================================================="
    sleep 1
done

ALB server response header 설정(save changes) 후 적용되기까지 10초 정도 소요

- 리스너 단위 설정, Edit listener attributes

=====================================================
============= 2025-05-19 16:50:52 =============
HTTP/2 503 
server: awselb/2.0
date: Mon, 19 May 2025 07:50:53 GMT
content-type: text/html
content-length: 162

time: 0.582316s
=====================================================
============= 2025-05-19 16:50:54 =============
HTTP/2 503 
date: Mon, 19 May 2025 07:50:55 GMT
content-type: text/html
content-length: 162

time: 0.599829s
=====================================================

true: server header on

false: server header off

aws elbv2 modify-listener-attributes \
  --listener-arn ARN \
  --attributes Key="routing.http.response.server.enabled",Value=false

References:

[1] Application Load Balancer에 대한 HTTP 헤더 수정 - 헤더 비활성화 - https://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/application/header-modification.html#disable-header
[2] AWS Application Load Balancer introduces header modification for enhanced traffic control and security - https://aws.amazon.com/about-aws/whats-new/2024/11/aws-application-load-balancer-header-modification-enhanced-traffic-control-security/
[3] Securing your web applications and optimizing their performance with AWS Application Load Balancer - https://aws.amazon.com/blogs/networking-and-content-delivery/securing-your-web-applications-and-optimizing-their-performance-with-aws-application-load-balancer/?nc1=h_ls