Archive for May, 2018

Generate random UUID token that starts with what you want

May 31, 2018

I wanted to personalize my environments by assigning them unique tokens which will be used by consumer APIs. To generate those tokens, I wrote a simple program on Java:

import java.util.UUID;

public class RandomStringUUID {
    public static void main(String[] args) {

        while(true) {
            // Creating a random UUID (Universally unique identifier).
            UUID uuid = UUID.randomUUID();
            String randomUUIDString = uuid.toString();

            if (randomUUIDString.startsWith("c001")) {

                System.out.println("UUID token = " + randomUUIDString);
                System.out.println("UUID version       = " + uuid.version());
                System.out.println("UUID variant       = " + uuid.variant());



UUID token = c001ab8b-4224-4530-bb93-0fab6ad3f83b
UUID version = 4
UUID variant = 2

Process finished with exit code 0

Now, looking at the token I can tell to which environment it belongs. And my log analyzer too 🙂

Troubleshooting network connection

May 24, 2018

How to troubleshoot network connection between AWS Lambda, AWS EC2 through Application Load Balancer and outside world.

First try


returns empty.

Second try

curl --dump-header -

returns something more meaningful but a bit misleading:

HTTP/1.1 302 Found
 Date: Thu, 24 May 2018 01:15:46 GMT
 Content-Type: text/plain; charset=utf-8
 Content-Length: 0
 Connection: keep-alive
 Location: login_page

telnet connects though:

telnet thehost 443
Connected to
Escape character is '^]'.
telnet> status
Connected to
Operating in obsolete linemode
Local character echo
Escape character is '^]'.
Connection closed by foreign host

Third try

curl -svo /dev/null

gives us a hint with TLS info and the root of a problem below:

* Rebuilt URL to:
 * Trying
 * Connected to ( port 443 (#0)
 * found 148 certificates in /etc/ssl/certs/ca-certificates.crt
 * found 592 certificates in /etc/ssl/certs
 * ALPN, offering http/1.1
 * SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256
 * server certificate verification OK
 * server certificate status verification SKIPPED
 * common name: * (matched)
 * server certificate expiration date OK
 * server certificate activation date OK
 * certificate public key: RSA
 * certificate version: #3
 * subject: CN=*
 * start date: Thu, 22 Mar 2018 00:00:00 GMT
 * expire date: Mon, 22 Apr 2019 12:00:00 GMT
 * issuer: C=US,O=Amazon,OU=Server CA 1B,CN=Amazon
 * compression: NULL
 * ALPN, server accepted to use http/1.1
 > GET / HTTP/1.1
 > Host:
 > User-Agent: curl/7.47.0
 > Accept: */*
 < HTTP/1.1 502 Bad Gateway
 < Server: awselb/2.0
 < Date: Thu, 24 May 2018 01:25:00 GMT
 < Content-Type: text/html
 < Content-Length: 138
 < Connection: keep-alive

Referring to the doco, and here is the answer:

ALB does support HTTP/2, but only for HTTPS listeners. You will not be able to send plaintext HTTP/2 requests.

So, no traffic will go through HTTP/2 AWS ALB unless it’s on 443 port. Damn!




Tricks to try next time:

curl -L
wget -S -O /dev/null
wget -s -O /dev/null --header="Host:"
openssl s_client -connect
curl -v --http2

Another possible reason:

There were no “Content-Length” and “Transfer-Encoding” headers in the response, and the backend used keep-alive and didn’t close connection as ELB was expecting it to do. Placing Apache in between backend and ELB should solve this problem (I haven’t tested it yet).