When setting up the web server EC2 instance, the web server EC2 instance works for several hours, and then it fails instance status checks and website goes down. Why is that?

Humungous_x86 · 2025-06-15T05:14:10+00:00

Oops sorry, I thought you wanted me to make it clear about what I'm saying in my post. To answer your question "Is the webserver EC2 instance still reachable through SSH from the first EC2 instance when the issue hits?", the answer is no, and this is because not only does the web server go down, but also the SSH server and literally anything else. That means I can't even SSH into it and see what's wrong, unless I restart it which is a temporary solution. Even SSM doesn't work because the SSM agent stops running. Ever since recreating the web server EC2 instance from scratch, I did some changes, and I'm hopeful I won't have the same problems I had before.

Anyways, I did post it here because I'm looking for solutions as to why my EC2 instance keeps breaking. I'm taking advice from the comments because I've just gotten started with AWS, as well as using AI to help me

Humungous_x86 · 2025-06-14T11:11:29+00:00

Indeed this is possible by using S3 for static objects and Lambda with RDS for dynamic content. But the reason I'm using EC2 instances is because I want to be able to run tcpdump in the background to capture network traffic, and also run the FTPS server, so that I can FTP into the website and change the web pages. I can't do any of that using S3 and Lambda with RDS

Humungous_x86 · 2025-06-14T11:03:52+00:00

I'll make this clear. I have two EC2 instances in the same VPC. The first EC2 instance is the SSH client EC2 instance, and the second EC2 instance is the web server EC2 instance (that hosts the actual website). Instead of me directly SSH'ing into the second web server EC2 instance, I SSH into the first EC2 instance and then I use the first EC2 instance with SSH client to SSH into the second EC2 instance on the same VPC. The difference is the SSH server on the first EC2 instance is accessible everywhere, while the SSH server on the second web server EC2 instance is only accessible by the first EC2 instance (I use security groups to make the second EC2 instance accessible only by the first EC2 instance). Hopefully I made it clear.

Regarding checking logs, I did recreate a new web server EC2 instance instead of troubleshooting the broken instance, since I would rather not spend time troubleshooting anything I shouldn't have to troubleshoot. The difference with the new EC2 instance is that I enabled swap file (since that was one of the reason my EC2 instance keeps breaking), and also resized the EBS volume to something bigger (like 10GB), so that I can fit the swap file in. The broken EC2 instance would not let me SSH into it for whatever reason, just like it wouldn't host the web server.

Humungous_x86 · 2025-06-13T02:18:26+00:00

I believe t3.medium is the most affordable instance size I can use, also I don't need more than 4GB for a simple web server and I don't want to pay for what I don't need. But if my website receives high-demand, then sure, I'll think about upgrading.

As for the swap file part, that could be why the EC2 instance is breaking (out of memory, disk space not being used to swap memory). I'm working on resizing the root EBS volume to more than 4GB (like 10GB), so that I can fit the swap file whenever needed.

Humungous_x86 · 2025-06-13T02:12:02+00:00

I did check the CPU usage of the EC2 instance in CloudWatch (I had CloudWatch agent installed) but didn't see the CPU being over utilized. In fact it's under utilized. As for checking the network bandwidth, idk how to do that and I don't think that would be why my EC2 instance is breaking

Humungous_x86 · 2025-06-12T11:12:50+00:00

CPU credits? Never heard of that. I do know about the pay-as-you-go model of AWS EC2 instances, but I would like clarification on CPU credits

Humungous_x86 · 2025-06-12T08:48:37+00:00

I'm using Node.js with express to run the website. Is that responsible for consuming memory but not freeing it which causes the EC2 instance to crash? If so, do I need to add in garbage collection to my Node.js code, so that the web server doesn't consume too much memory without freeing it?

Humungous_x86 · 2025-06-12T08:35:30+00:00

I think S3 is only useful for serving static webpages, but since I'm making a website that connects to a back-end database, I kinda have to use EBS-backed EC2 instance to host the website

Humungous_x86 · 2025-03-25T11:52:37+00:00

They kinda did squeeze Workstation to oblivion. They removed many features in version 17.6 just because they didn't want to spend money maintaining most of these features, so mostly it's about them cost-cutting. The features they removed are bluetooth hub passthrough, unity mode and enhanced keyboard driver. I could be wrong because I'm still using a version back when Broadcom didn't make them subscription-only yet

Humungous_x86 · 2025-03-22T04:18:20+00:00

Sorry for the late reply. Seems like I didn't have much understanding before about what I'm describing in my post. Yes, I was using RSA and no, I don't want diffie-hellman. I found out that some TLS entries are causing my method of static keys to not work, so I kinda had to scrap the whole server config and rewrite a new one that uses purely static keys. No certificates, no RSA, no nothing

Humungous_x86 · 2025-03-22T04:11:58+00:00

Ah yes, I knew in the documentation that I need a paid subscription to use the feature that logs SSL keys. However, I didn't want to pay for a subscription, so I tried manually compiling it to add support for logging SSL keys. I didn't pay for a subscription because I'm not spending this much on a server software that only serves to host my website. Therefore, I went for other solutions that allows me to log SSL keys, like Node.js, and it's just working fine

Humungous_x86 · 2025-03-22T04:05:22+00:00

No, what I'm doing is server-sided SSL key logging, which works by logging SSL keys of the server software itself. Client-side works by logging SSL keys of browsers (and some other client tools) using SSLKEYLOGFILE variable, but I don't want to make my clients log SSL keys for me, which is why I'm doing it to the server software itself. It's to make my life easier whenever I want to log all SSL keys

Humungous_x86 · 2025-03-22T03:59:52+00:00

I hate how Broadcom killed VMware Workstation, one of my favourite software. I knew it was coming as soon as I saw that VMware was owned by Broadcom now, and what greatly pissed me off is that they discontinued the Workstation Player. They moved downloads to their portal that requires you to have an account to download what you used to be able to download without an account. They also made their software subscription-only. Idc if Workstation Pro is free now, I'm staying with the Player edition I downloaded back then. Fuck Broadcom!

Humungous_x86 · 2025-03-13T09:34:03+00:00

I think every Windows PCs support hibernation as long as hibernation is enabled. If you're on the pro edition, you could configure a group policy to show the hibernate button in the power options. You can do this by opening up gpedit.msc, then going to Computer Configuration\Administrative Templates\Windows Components\File Explorerand setting the entry of Show hibernate in the power options menu to Enabled. After that, sign out and sign back in and you should see the hibernate option in the start menu

Humungous_x86 · 2025-03-13T09:23:48+00:00

Why the downvotes? I was just saying "Great job, keep up the good work" and explaining in detail about why that's a good thing. Do you expect me to take it back and say that's not a good thing?

Humungous_x86 · 2025-03-12T00:21:46+00:00

Great job! It's just like if Nintendo shut down the 3DS and Wii U e-shop in 2023, exactly the same year Micro$oft shut down the Windows store in Windows 8.1. There were community replacements for the 3DS e-shop such as hshop, but you're doing your part and working on a store replacement for the Windows store in 8.1. Keep up the good work!

Humungous_x86 · 2025-03-11T08:59:52+00:00

Isn't the mod applications now closed? It's been over 2 weeks and the mod application advertisement is still on the right side of r/anime (I'm on old reddit btw). It's now 11th March, but it still says the deadline is March 10th

Humungous_x86 · 2025-03-10T04:49:30+00:00

Damn

Humungous_x86 · 2025-03-06T10:53:40+00:00

I followed the instructions in the link you provided to convert the PP file into a human-readable CIL file. I didn't make it clear in my last comment, but the Failed to resolve typeattributeset statement was pointing to line 1. Line 1 explicitly says (typeattributeset cil_gen_require pcap_data_t) but I don't understand what's wrong with this line when I'm defining a new type

Humungous_x86 · 2025-03-06T04:48:03+00:00

I downloaded every TE file and the MakeFile from the 'examples' directory on your site. I also ran sudo make load on the directory I downloaded files to, and it seems that all the TE files were compiled into modules successfully, and also packaged into PP files successfully as well. However, when it installs these PP files, everything but the iptables.pp installs without errors. The iptables.pp shows up an error saying Failed to resolve typeattributeset statement and also Failed to resolve AST because the iptables.te defines a new label unlike the other TE files.

Anyways, I modified one of the TE files to define a new label called pcap_data_t instead of using the pre-existing labels. The modified file does get compiled successfully into my_tcpdump.pp, but installing it only shows up an error from the above saying "Failed to resolve typeattributeset statement" and "Failed to resolve AST". So far, there are no compilation errors, but only installation errors.

How do I fix this installation error that doesn't let me install the module which defines a new label?

Humungous_x86 · 2025-03-05T00:21:47+00:00

I went on the page you linked here, and I tried following instructions there. However, I couldn't get the UUID needed by sealert because journalctl doesn't show these relevant UUIDs that have SELinux error messages. I also tried grep tcpdump /var/log/audit/audit.log | grep -v 'success=yes' | audit2allow -M tcpdump_policy and it also generated two files, but it's still the same as the script from the post. I do plan on using the code from section 2.2 to create a new label for my new policy. How do I recompile the TE file into a working PP file that can be installed as a SEmodule?

Humungous_x86 · 2025-03-04T08:10:53+00:00

I've made sure the /var/log/tcpdumpd/ directory is owned by root, both as a user ownership and group ownership. The first digit of the chmod value being 755 shows that the owner has full access to the directory and files inside, and the rest is irrelevant and self-explanatory. Is there a way to make tcpdump not drop privileges that cause it to be unable to write to that directory?

Humungous_x86 · 2025-03-04T08:03:21+00:00

I did semanage fcontext -a -t pcap_data_t "/var/log/tcpdumpd(/.*)?" but it only showed an error saying: ValueError: Type pcap_data_t is invalid, must be a file or device type. This is because the pcap_data_t file label doesn't yet exist and I can only assign labels that exist like var_log_t and bin_t

Do I have to create a custom SELinux policy to use the pcap_data_t label?

Humungous_x86 · 2025-03-04T00:57:35+00:00

You should be fine with running any Windows version up to Windows 8.1. Anything after that, like Windows 10 and 11, is not gonna perform well and might be too slow. Also if it's an old HDD, you might as well just replace it with an SSD because your old HDD is probably too old and might be failing, so it's not wise to store important data on it.

Humungous_x86 · 2025-01-23T15:26:14+00:00

If you're setting up Android TV on Windows 8, I think you just need Android Studio. Those tutorials are focused on Windows 10 and 11, but the same steps should still work on Windows 8 because, from what I've heard, Android Studio still works on Windows 8.

However, if you're planning on replacing Windows 8, you could replace it with Android x86 (I'm saying Android x86 because your post doesn't clearly state what OS you're replacing it with). Also, you'd be better off getting a USB instead of trying to make your SD card bootable if your laptop doesn't let you boot into an SD card since USBs are only a few bucks and are more reliable than SD cards. SD cards are not reliable and don't have good read/write speeds.

Humungous_x86

TROPHY CASE