April 16, 2016

Get a free SSL certificate

Sometimes when you work on PoC for web-based projects using HTTPS, you may want to have a SSL certificate for testing. You may simply create a self-signed certificate from IIS, however, when you visit the web site installed with self-signed certificate, you'll see a warning page you must be quite familiar with


There's a certificate authority called Let’s Encrypt, who's offering free SSL certificate valid for 3 months. That means you'll need to renew the certificate every 3 months, but that's quite enough for PoC. You can use Let's Encrypt client to obtain your cert via some command lines. I'm not a fan of command line, but fortunately I found a website at https://www.sslforfree.com/ built upon Let's Encrypt. Following some simple (but a bit tricky for Windows users) steps, you can get your free cert.
  1. Go to the website, input the domain you would like to create the cert for and click Create Free SSL Certificate

  2. Choose the way of verifying you are the owner of the domain. I haven't tried Automatic FTP Verification so I'll simply walk through Manual Verification and click Manually Verify Domain





  3. Assuming you are a Windows user, set up a IIS web site. The web site has to be publicly exposed on the internet and whitelist 66.133.109.36 (at the time of writing this post, it is this IP address) as mentioned in the page and bind the domain to the web site
  4. Click Download File #1, you will get a text file for further uploading. The file name and content will be different every time you request for the cert
  5. Create a folder in the root of the website named .well-known. Notice that you may get a warning message to stop you.


    Instead use the folder name .well-known., the folder will be created successfully and the last dot will disappear
  6. Create a folder named acme-challenge under .well-known and copy the downloaded file to acme-challenge
  7. Click the link (for instance, http://test.petekcchen.com/.well-known/acme-challenge/mRIcor-5_-TPKeZJALHjCP4RdZMuchs-3u4XmfHT840) provided on the page, you may see 404 since the downloaded file does not have extension and it will be ignored by IIS. So go to your IIS website, add a MIME type as below
    then you'll be able to see the result

  8. Click Download SSL Certificate and the site service will communicate with Let's Encrypt to get the cert for you
  9. Click Download All SSL Certificate Files and you'll get a zip file named sslforfree.zip containing ca_bundle.crtcertificate.crt and private.key

    You can then install certificate.crt on IIS and configure the HTTPS binding. It will work perfectly.

April 3, 2016

TeamCity - 安裝分散式Build Agent

TeamCity在安裝完成時預設只會安裝1個build agent(以下簡稱BA),在之前的文章中也提到了如何安裝額外的BA,不管是Professional或是Enterprise版本,TC最多可以使用3個BA,除非以付費方式額外購買BA的授權(以目前官網報價1個BA含10個build configurations需美金299元)。

之前所介紹的BA安裝都是在本機上執行,但其實並非一定要安裝在本機上,也可以安裝在不同主機上,TC可以分散式的方式管理BA。在實務上,我遇到兩種情況讓我做分散式BA。
  1. 一個雙核VM,上面已有2個BA,為了增加效率,我把第3個BA安裝在另一個VM上,原本的VM就不需耗費太多額外資源(建置程式碼、跑單元測試或整合測試及自動佈署網站等)。
  2. 把BA安裝在data center中專門部署用的VM裡,讓BA可以直接打包系統發佈到production,加快部署速度。
設定分散式BA很簡單,只需要兩個主要步驟。
  1. 在另一台主機安裝BA。可參考TeamCity - 安裝額外的Build Agent一文,安裝過程一樣,差別只在於設定BA屬性時,serverUrl需指到TC所在位址,如http://192.168.1.11:80


  2. 在TC中授權新安裝的BA。安裝完BA後可以在Agents頁面看到Unauthorized有1個BA







    授權成功後可以看到Connected變為3


    點選buildagent3可以看到BA所在主機的相關資訊