Skip to content

Home

  • in zh
  • 2 min read

案例研究:利豐家族企業

在這篇文章中,我們將討論從利豐家族企業中可以學習到的經驗。該公司存在已經超過一千年,其壽命之長的關鍵在於其為了生存而不斷地自我改造的能力。

不多的中國家族企業能夠成功地運營如此長的時間。利豐於1906年在廣州成立,是中國第一家貿易出口公司。今日,它已擴展到40個不同的國家,並雇用了超過20,000名員工。

家族企業的繼承帶來了重大挑戰。一句中國古語警告說,“富不過三代。”即使在美國,布魯克林學院的一項研究也顯示,70%的家族企業並未能從第一代過渡到第二代,88%則未能過渡到第三代。只有3%的家族企業能夠達到第四代。然而,利豐家族企業已經進入到了第四代。是什麼讓它脫穎而出?有哪些因素促成了它的成功?

答案在於創始人和繼承者之間的全球視野和開放思維。這種方法使家族企業能夠利用大規模經濟趨勢和變化。例如,當清朝末期中國開放貿易時,利豐將自己定位為第一個中國中間人,充分利用了他們對西方和中國市場的理解。通過與說英語的外國人的交往,他們擴大了他們比中國大陸其他商人更廣闊的視野。他們的適應能力使他們得以與香港作為製造業和服裝出口中心的崛起一同成長。他們同時也從中國的經濟改革中獲利,中國業務為他們的整體採購業務貢獻了超過51%。

然而,家族企業在第四代中面臨著挑戰,尤其是由於他們未能預見數字化趨勢。這一點在利豐拒絕了三次投資阿里巴巴的機會、堅持他們的傳統業務模式時尤其明顯。結果,他們在適應電子商務環境方面遇到了困難。這導致了利潤和收入的下降,因為全球品牌正在改變他們的供應鏈管理方式,往往繞過像利豐這樣的中間人。2017年,該公司被剔除出恒生成分股,這表明了它面臨的挑戰的規模。

儘管在其歷史上面臨過眾多挑戰,家族企業通過不斷自我重塑,並將這種精神傳遞給下一代,得以生存。例如,在朝鮮戰爭期間,美國對中國實行了禁運,影響了香港的再出口業務。然後家族從專注於再出口轉向出口香港本地商品。

等 第三代,受過哈佛商學院的教育,將新的現代管理理論帶入了傳統的家族企業中。這使得公司能夠上市,這要歸功於企業所有權與經營管理的劃分,以及良好治理實踐的建立。

利豐從“一個老闆/員工們”制度過渡到適當的管理階層制度,並更換由擁有大學學位的專業經理人員取代家族成員。儘管面臨了像1997年香港回歸中國這樣的歷史性挑戰,企業通過改變其與宏觀經濟趨勢相一致的策略進行了適應。

代表第四代的Spencer Fung也秉承了這些重要的家族價值觀。他在美國接受了MBA的教育,是個具有創業精神的人,並在矽谷共同創辦了個網路的行銷平台。儘管美國和中國之間的貿易戰爭,家族企業已經從中國轉向了越南和其他亞太國家。

下一個重要趨勢聚焦在速度、創新和數字化。第四代已經戰略性地投資於新技術,以減少供應鏈的交期並使3D虛擬設計快速成型。他們還使用進階的分析來改善各種業務指數。

總之,利豐家族企業成功地將西方在管理和科技的現代化與東方在關係和家庭價值觀方面的智慧相融合。他們不斷實施革命性的想法以推動變革和持續改進。他們在保持西式的系統管理方式的同時,加入了更多東方的,更具人情味的元素。雖然在美國,效率至上,但是利豐家族認識到了情商的重要性,對於企業的長期生存及其對於第四代面臨的挑戰的適應力至關重要。

  • 3 min read

MiFID II — What Is the Impact and What Opportunities Exist for Investors?

MiFID II aims to bring greater transparency and protection for investors across the financial markets. It introduces enhanced protections for all types of investors, from retail to professional, and expands the range of financial instruments covered.

Impact Beyond Europe

Markets directly affected include France, Greece, Malta, and the UK. Although it is a law in the Eurozone, MiFID II's new rules have a far-reaching, global impact. The regulation applies across the European Union (EU) and is also relevant for countries in the European Economic Area (EEA) that are not part of the EU. This means that any firm in the EEA conducting investment activities or services in financial instruments will be subject to the new rules.

The regulation also indirectly impacts regions beyond Europe, such as APAC. MiFID II doesn't directly apply to non-EEA firms, but it is relevant primarily when employees are involved in the origination of EEA-underwritten MiFID II products and services, such as debt and equity insurance.

MiFID II generally lacks extraterritorial effect, but:

  1. It would apply if a non-EEA entity were conducting MiFID investment services with respect to MiFID products in the EEA.
  2. Specific provisions have express extraterritorial impact, e.g., transaction reporting requirements apply to all branches of EEA entities.

There are four main areas of impact:

  1. Research — Considered an inducement under MiFID II, the receipt of free research is banned.

  2. Reporting — Transaction reporting must now include additional trade details, including cost elements. All periodic statements must be issued at least quarterly. Investors will be notified when there is a 10% depreciation in a discretionary portfolio, FX operations, or FX forward contracts.

  3. Best Execution — Investors will now have visibility into the quality of execution received and the venues used.

  4. Manufacturing and Distribution — Investors must be assigned Target Market attributes. Products must also be analyzed for their Target Market to prevent sales to unsuitable investors.

1. Research Unbundling

MiFID II introduces further restrictions for portfolio managers and independent investment advisers. They can only receive research and sales services if these are paid for either:

  • Directly from their own resources, or
  • Through a client-funded Research Payment Account (RPA).

This prevents potential conflicts of interest. Some bank analysts are nervously anticipating the changes, fearing job losses, while analysts at smaller or independent companies see it as an opportunity for fair compensation.

2. Reporting

MiFID II is introducing quarterly reports related to holdings and discretionary portfolio management. New requirements mandate that firms holding accounts with leveraged financial instruments (LFIs) or other contingent liability transactions (CLTs) must report to investors if the initial value of the instrument depreciates by 10%, and then by additional multiples of 10%.

A broader scope of financial transactions must now be reported. Both counter-parties (investment firms) involved in a trade must report transaction data, which includes investor details, to regulators.

3. Best Execution

Best Execution refers to a regulatory duty for firms to take all sufficient steps to obtain the best possible result for clients, considering factors like price, costs, speed, and likelihood of execution and settlement.

4. Manufacturing and Distribution

Investors need to be categorized when on-boarded for the purpose of conducting investment activities or providing investment services. This categorization affects the regulatory obligations of firms.

MiFID II also introduces the requirement for both manufacturers and distributors to identify a target market for the products they create or distribute. This analysis must also consider any negative target market, which refers to the customers to whom a product should not be sold.

If you have further questions, feel free to leave a comment below!

  • in podcast
  • 3 min read

MiFID II — What Is the Impact and What Opportunities Exist for Investors?

Welcome to "Continuous Improvement," the podcast where we explore the ever-evolving landscape of the financial markets and how they impact investors. I'm your host, Victor, and in today's episode, we're diving into the world of MiFID II.

MiFID II, short for Markets in Financial Instruments Directive II, is a regulatory framework that aims to bring greater transparency and protection for investors across the financial markets. While it directly affects markets in France, Greece, Malta, and the UK, its impact reaches far beyond Europe.

Joining us today is our expert guest, Emily, who will shed light on the global implications and key areas of impact resulting from MiFID II. Welcome, Emily.

Thank you, Victor. Glad to be here.

Emily, could you brief our listeners on the global reach of MiFID II and its significance beyond Europe?

Absolutely, Victor. While MiFID II is a law in the Eurozone, its new rules have a far-reaching, global impact. The regulation applies not only across the European Union (EU) but also to countries in the European Economic Area (EEA) that are not part of the EU. This means that any firm in the EEA conducting investment activities or services in financial instruments will be subject to the new rules.

Furthermore, MiFID II indirectly impacts regions beyond Europe, such as APAC. While it doesn't directly apply to non-EEA firms, it becomes relevant when employees are involved in the origination of EEA-underwritten MiFID II products and services.

That's fascinating, Emily. So, what are the main areas of impact that investors should be aware of?

There are four main areas of impact resulting from MiFID II, Victor. The first one to look out for is research unbundling. MiFID II introduces restrictions for portfolio managers and independent investment advisers, prohibiting them from receiving free research. Instead, research and sales services must be paid for either from their own resources or through a client-funded Research Payment Account (RPA).

The second area is reporting. Quarterly reports related to holdings and discretionary portfolio management are now mandatory. There are also new requirements regarding reporting of leveraged financial instruments and contingent liability transactions, ensuring that investors are informed when the initial value of the instrument depreciates by 10% or more.

The third area of impact is best execution. Firms now have a regulatory duty to take all necessary steps to obtain the best possible result for clients when executing trades, considering factors such as price, costs, speed, and likelihood of execution and settlement.

Lastly, manufacturing and distribution have also undergone changes. Investors need to be categorized when on-boarded for investment activities or services, affecting the regulatory obligations of firms. Additionally, both manufacturers and distributors must now identify a target market for the products they create or distribute, ensuring suitability for investors.

These are significant changes, Emily. How do you see them shaping the financial markets and investor protection?

MiFID II, at its core, aims to enhance transparency and protection for investors. The restrictions on research unbundling mitigate potential conflicts of interest, ensuring fair compensation for smaller or independent research firms. The introduction of reporting requirements and best execution standards empower investors to make more informed decisions and hold investment firms accountable.

By assigning target market attributes and analyzing products before distribution, MiFID II promotes investor suitability and prevents sales to unsuitable investors. This strengthens overall investor protection and builds confidence in the financial markets.

Well, Emily, thank you for sharing these valuable insights on the impact of MiFID II. Before we wrap up, is there anything else you would like to add?

One key aspect to remember, Victor, is that while MiFID II primarily focuses on Europe, its global impact is undeniable. It is crucial for investors and financial firms around the world to understand the implications, especially when conducting investment activities or services in the European Economic Area.

Absolutely, Emily. Understanding the regulatory landscape is essential for all market participants. Thank you once again for joining us today and shedding light on MiFID II.

That wraps up today's episode of "Continuous Improvement." I hope you found this discussion on MiFID II insightful and informative. If you have any further questions or comments, don't hesitate to leave them below. Until next time, keep striving for continuous improvement in your financial journey.

  • in zh
  • 1 min read

MiFID II - 對於投資者來說,其影響及存在的機會是什麼?

MiFID II旨在為各種金融市場的投資者帶來更大的透明度和保護。對所有類型的投資者,從零售到專業的,都引入了增強的保護,並擴大了涵蓋的金融工具範圍。

歐洲以外的影響

直接受影響的市場包括法國、希臘、馬爾他和英國。儘管MiFID II是歐元區的法律,但其新規則具有遠大的全球影響。該法規適用於整個歐盟,並且對於不是歐盟一部分的歐洲經濟區(EEA)國家也有關。這意味著在EEA內進行金融工具投資活動或服務的任何公司都將受到新規則的約束。

該法規也間接影響了歐洲以外的地區,如亞太地區。MiFID II並不直接適用於非EEA公司,但主要在員工參與起源於EEA的MiFID II產品和服務,如債務和權益保險时,其規定才具有相關性。

MiFID II通常并无领土外效力,但有以下兩個情況需要注意:

  1. 如果一個非EEA實體在EEA內進行MiFID投資服務,對於MiFID產品而言,該法規將適用。
  2. 特定規定有明確的领土外影響,例如,交易報告要求適用於所有EEA實體的分支機構。

主要有四個影響領域:

  1. 研究  - 在MiFID II下,獲取免費研究被視為誘使行為,因此被禁止。

  2. 報告 - 現在的交易報告必須包括額外的交易細節,包括成本元素。所有定期報告必須至少每季度發行一次。如果有在一個自由投資組合,外匯操作,或跨期外匯交易中出現10%的資產減少,投資者將會收到通知。

  3. 最佳執行 - 現在,投資者將能夠看到他們們收到的執行質量和所使用的交易場所。

  4. 生產和發行 - 必須為投資者指定目標市場屬性。也必須分析產品的目標市場以防止對不適合的投資者進行銷售。

1. 解偶研究

MiFID II对投资组合经理和独立投资顾问引入了更多的限制。他们只能在以下两种情况下获得研究和销售服务:

  • 直接用他們自己的資金支付,或者
  • 通过一個客戶出資的研究支付賬戶 (RPA)。

這避免了可能的利益衝突。一些銀行分析師對這些改變感到擔憂,擔心失去工作,而在較小或獨立公司的分析師認為這是一個公平報酬的機會。

2. 報告

MiFID II會引入与持有和自由投资组合管理相關的季度报告。新的要求规定,持有杠杆金融工具(LFI)或其他或有负债交易(CLT)的公司必须在工具的初值贬低10%,然后是10%的倍数时,向投资者报告。

现在必须报告更广泛的财务交易。双方(投资公司)都必须向监管机构报告交易数据,这包括投资者的详细信息。

3. 最佳執行

最佳執行指的是公司有法规責任采取所有必要的步骤,以考虑價格、成本、速度及執行和結算的可能性等因素,為客戶獲得最佳可能的結果。

4. 生產和發行

在進行投資活动或提供投资服务时,需要对投资者进行分类。这个分类会影响公司的法规义务。

MiFID II還引入了對生產商和分銷商的要求,需要為他們創建或分銷的產品確定一個目標市場。這項分析還必須考慮任何負面的目標市場,即不應將產品銷給何種客戶。

如果您有進一步的問題,請在下方留言!

  • 3 min read

Retrieving Real-Time Data from the Web to Excel

An undergraduate student recently asked me how to import real-time data from a website into Excel for a homework assignment. Many sources for financial data charge fees, so I offered him a simple, free solution. Now, I'll share that solution with you as well.

First, open Microsoft Excel 365 and go to the Data tab. Look for the option to Get Data from Other Sources and select Web.

Data Tab

Next, input the URL containing the data you want to retrieve.

Input URL

The Navigator will then display various tables to choose from. For this example, we'll select Table 8.

Select Table

Once this is done, the data will be imported into your Excel spreadsheet. However, it will need manual refreshing. To automate this, right-click on the query and change the Properties to Refresh Every 1 Minute.

Auto Refresh

That works well for minute-by-minute updates. But what if you want nearly real-time updates every second? In that case, you'll need to write some code.

Navigate to File -> Options -> Customize Ribbon. Under Main Tabs, enable the Developer Tab.

Developer Tab

Then, in the Developer tab, select Visual Basic.

Visual Basic

Choose Insert -> Module and then copy and paste the code snippet below:

Sub refresh_data()
    Sheets("Sheet2").Select
    Range("B2").Select
    Selection.Copy

    Sheets("Sheet1").Select
    Dim xCell As Range
    For Each xCell In ActiveSheet.Columns(1).Cells
        If Len(xCell.Value) = 0 Then
            xCell.Select
            Exit For
        End If
    Next
    ActiveSheet.Paste

    Sheets("Sheet2").Select
    ActiveWorkbook.RefreshAll
    Application.OnTime DateAdd("s", 1, Now), "refresh_data"
End Sub

Paste Code

Click Run, and you're all set! This code can be translated into simple steps: select Sheet 2, copy the current value, go to Sheet 1, find the last row of the first column and paste the value there, then return to Sheet 2 and refresh all data. Finally, the code will trigger itself every second, allowing you to achieve nearly real-time data updates in Excel.

If you have any further questions, feel free to leave a comment below. 🙂

  • in podcast
  • 2 min read

Retrieving Real-Time Data from the Web to Excel

Welcome back to another episode of Continuous Improvement, the podcast where we explore tips and strategies for personal and professional growth. I'm your host, Victor, and today we'll be discussing a simple and free solution for importing real-time data from a website into Excel.

Recently, I received a question from an undergraduate student looking for help with importing real-time data into Excel for a homework assignment. Many financial data sources charge fees, but I had a handy solution that I'm going to share with you today.

To get started, open Microsoft Excel 365 and navigate to the Data tab. Look for the option to Get Data from Other Sources and select Web.

Next, you'll need to input the URL that contains the data you want to retrieve. This could be from a website, an API, or any online source that provides real-time data.

Once you input the URL, the Navigator will display various tables to choose from. For our example, let's select Table 8.

Fantastic! Now, the data will be imported into your Excel spreadsheet. However, please note that it will require manual refreshing. But don't worry, there's a way to automate this process as well.

Right-click on the imported data query and change its properties to refresh every 1 minute.

This works great for minute-by-minute updates. But what if you need nearly real-time updates every second? In that case, we'll need to write some code.

Navigate to File, Options, and then Customize Ribbon. Under Main Tabs, enable the Developer Tab.

Now, in the Developer tab, select Visual Basic.

Choose Insert, then Module, and copy and paste the provided code snippet.

This code snippet will automate the process for you. It selects the appropriate sheet, copies the current value, finds the last row in the first column of another sheet, pastes the value there, refreshes all the data, and triggers itself every second for nearly real-time updates.

And that's it! You now have a way to import real-time data into Excel for your various needs. Whether it's financial data, stock prices, or any other dynamic information, this solution will keep you updated efficiently and effectively.

If you have any further questions or need additional guidance, don't hesitate to leave a comment below. I'm here to help!

That brings us to the end of another episode of Continuous Improvement. I hope you found today's discussion on importing real-time data into Excel insightful and practical. Remember, implementing continuous improvement practices in all aspects of our lives can lead to significant growth and success.

As always, thank you for tuning in. If you enjoyed this episode, please leave a review and share it with your friends and colleagues. Stay curious, keep learning, and join me next time as we continue our journey of continuous improvement.

  • in zh
  • 2 min read

從網路檢索實時數據到Excel

一位本科生最近問我如何將網站上的實時數據導入Excel來完成作業。許多金融數據來源都需要收費,因此我提供了一個簡單的、免費的解決方案。現在,我也將這個解決方案分享給您。

首先,打開Microsoft Excel 365並轉到數據選項卡。找到從其他來源獲取數據的選項,然後選擇網絡

數據選項卡

接下來,輸入包含所需數據的URL

輸入網址

然後導航器將顯示各種可選表格。對於這個例子,我們選擇表格8。

選擇表格

當這個完成后,數據將導入您的Excel表格。但是,它需要手動刷新。要自動化這個過程,請右鍵點擊查詢,然後將屬性更改為每1分鐘刷新一次

自動刷新

這對於每分鐘更新一次很有用。但是如果你希望每秒鐘幾乎實時更新怎麼辦?在那種情況下,您需要編寫一些代碼。

導航到文件 -> 選項 -> 自定義功能區。在主選項卡下,啟用開發者選項卡

開發人員選項卡

然後,在開發者選項卡中,選擇Visual Basic

Visual Basic

選擇插入 -> 模塊,然後復制並粘貼下面的代碼片段:

Sub refresh_data()
    Sheets("Sheet2").Select
    Range("B2").Select
    Selection.Copy

    Sheets("Sheet1").Select
    Dim xCell As Range
    For Each xCell In ActiveSheet.Columns(1).Cells
        If Len(xCell.Value) = 0 Then
            xCell.Select
            Exit For
        End If
    Next
    ActiveSheet.Paste

    Sheets("Sheet2").Select
    ActiveWorkbook.RefreshAll
    Application.OnTime DateAdd("s", 1, Now), "refresh_data"
End Sub

粘貼代碼

點擊運行,然後就全部設定完成了!這段代碼可以翻譯為簡單的步驟:選擇Sheet 2,複制當前值,去到Sheet 1,找到第一列的最後一行並將值粘貼在那裡,然後回到Sheet 2並刷新所有數據。最後,該代碼將每秒觸發一次,使您能夠在Excel中實現幾乎實時的數據更新。

如果您有任何進一步的問題,隨時在下面留言。:)

  • 3 min read

Enabling HTTPS on an AWS EC2 Instance with Node.js and Nginx on an Ubuntu Server

I have an AWS EC2 instance running Node.js and Nginx on an Ubuntu 16.04 server. In this tutorial, I will show you how to switch your website from HTTP to HTTPS using Let's Encrypt. HTTPS prevents unauthorized tampering with the communication between your website and your users' browsers. It encrypts this communication using Transport Layer Security (TLS) Certification. Let’s Encrypt is a certificate authority that provides free X.509 certificates.

Firstly, SSH into your EC2 instance:

ssh -i <keyfile.pem> ubuntu@<public-ip-address>

Next, clone the Let’s Encrypt repository into the /opt/letsencrypt path:

sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt

Then, check if any application is listening on port 80 by running:

netstat -na | grep ':80.*LISTEN'

If any processes are returned, terminate them. For example, if you already have an Nginx server running on port 80, you may need to stop it as follows:

sudo systemctl stop nginx

After that, navigate to your repository with cd /opt/letsencrypt and run the following command to obtain the certificates:

./letsencrypt-auto certonly --standalone --email <your@email.com> -d <domain.com> -d <subdomain.domain.com>

If you encounter an error like this:

OSError: Command /opt/eff.org/certbot/venv/bin/python2.7 - setuptools pkg_resources pip wheel failed with error code 1

Then set the following environment variables before you rerun the script:

export LC_ALL="en_US.UTF-8"
export LC_CTYPE="en_US.UTF-8"

Follow the on-screen instructions, and you should receive your certificates at the path /etc/letsencrypt/live/<domain.com>.

Next, configure the Nginx settings to redirect your HTTP traffic to HTTPS. Edit the file using:

sudo vi /etc/nginx/sites-available/default

The content should look like this (remember to replace <YourDomain.com> and the root path for your website):

server {
  listen 443 ssl;
  server_name <YourDomain.com>;
  ssl_certificate /etc/letsencrypt/live/<YourDomain.com>/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/<YourDomain.com>/privkey.pem;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_prefer_server_ciphers on;
  ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';

  root /var/www/yourPath;
  index index.html index.htm;

  location / {
    proxy_pass http://localhost:3000/;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto http;
    proxy_set_header X-Nginx-Proxy true;
    proxy_redirect off;
  }
}
server {
  listen 80;
  server_name <domain.com>;
  return 301 https://$host$request_uri;
}

To test your configuration for any errors, run:

sudo nginx -t

If everything is okay, restart Nginx:

sudo service nginx stop
sudo service nginx start

Last but not least, go to the AWS console and make sure your security group has port 443 open for HTTPS.

AWS Console Screenshot

Done! Navigate to the HTTPS version of your domain to verify that it's working. If you encounter issues like a 502 Bad Gateway error, ensure that your Node.js application is running correctly. I use PM2 to keep it running. Let's make the internet more secure! 🙂

  • in podcast
  • 3 min read

Enabling HTTPS on an AWS EC2 Instance with Node.js and Nginx on an Ubuntu Server

Welcome to "Continuous Improvement," the podcast where we explore ways to enhance our skills and make progress in our personal and professional lives. I'm your host, Victor, and today we'll be discussing a topic that's crucial for any website owner – switching from HTTP to HTTPS using Let's Encrypt.

So, why is this important? Well, HTTPS provides a secure connection between your website and your users' browsers, preventing unauthorized tampering and encrypting communication using Transport Layer Security (TLS) Certification. And the best part? Let's Encrypt offers free X.509 certificates.

The first step is to SSH into your AWS EC2 instance running Node.js and Nginx on Ubuntu 16.04. Open your terminal and enter the following command:

ssh -i <keyfile.pem> ubuntu@<public-ip-address>

Great! Now that we're connected, let's clone the Let's Encrypt repository into the /opt/letsencrypt path:

sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt

Before we proceed, it's important to make sure there are no processes already listening on port 80. To check, run the following command:

netstat -na | grep ':80.*LISTEN'

If any processes are returned, terminate them. For instance, if you have an Nginx server running on port 80, you can stop it by entering:

sudo systemctl stop nginx

Excellent! Now let's navigate to the Let's Encrypt repository by running cd /opt/letsencrypt, and obtain our certificates with the following command:

./letsencrypt-auto certonly --standalone --email <your@email.com> -d <domain.com> -d <subdomain.domain.com>

If you encounter an error like this:

OSError: Command /opt/eff.org/certbot/venv/bin/python2.7 - setuptools pkg_resources pip wheel failed with error code 1

Simply set the following environment variables before rerunning the script:

export LC_ALL="en_US.UTF-8"
export LC_CTYPE="en_US.UTF-8"

Follow the on-screen instructions, and you should receive your certificates at the path /etc/letsencrypt/live/<domain.com>.

Now, it's time to configure the Nginx settings to redirect your HTTP traffic to HTTPS. Use the following command to open the Nginx configuration file:

sudo vi /etc/nginx/sites-available/default

Inside the file, replace <YourDomain.com> and the root path for your website with your domain and the appropriate paths. Your configuration should look like this:

[nginx configuration]

Wonderful! To ensure that there are no errors in your configuration, run the command:

sudo nginx -t

If everything checks out, restart Nginx by entering:

sudo service nginx stop
sudo service nginx start

Almost there! Don't forget to go to your AWS console and make sure that your security group has port 443 open for HTTPS.

And that's it! You've successfully switched your website from HTTP to HTTPS using Let's Encrypt. To verify that everything is working correctly, navigate to the HTTPS version of your domain. If you encounter any issues, such as a 502 Bad Gateway error, make sure your Node.js application is running correctly. Consider using PM2 to keep it up and running smoothly.

Remember, by securing our websites and making the internet safer, we contribute to a more secure online environment for everyone. Keep up the excellent work, and until next time, keep striving for continuous improvement.

Thanks for tuning in to this episode of "Continuous Improvement." If you enjoyed this episode, be sure to subscribe to our podcast for more valuable insights. And if you have any suggestions for future topics, feel free to reach out. See you next time!

  • in zh
  • 2 min read

在Ubuntu伺服器上使用Node.js和Nginx,為AWS EC2實例啟用HTTPS

我有一個在Ubuntu 16.04伺服器上運行Node.js和Nginx的AWS EC2實例。在這篇教程中,我將向你展示如何使用Let's Encrypt將你的網站從HTTP轉換為HTTPS。HTTPS防止未經授權的篡改你的網站與用戶瀏覽器之間的通信。它使用傳輸層安全性(TLS)認證對這種通信進行加密。Let’s Encrypt是一個提供免費X.509證書的證書頒發機構。

首先,SSH 連接到你的 EC2 實例:

ssh -i <keyfile.pem> ubuntu@<public-ip-address>

接著,將Let’s Encrypt的儲存庫複製到/opt/letsencrypt路徑:

sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt

然後,透過運行以下指令來檢查是否有任何應用程式正在監聽80端口:

netstat -na | grep ':80.*LISTEN'

如果返回任何進程,終止它們。例如,如果你已經有一個Nginx伺服器在80端口運行,你可能需要如下停止它:

sudo systemctl stop nginx

之後,導航到你的儲存庫cd /opt/letsencrypt,並運行以下命令以獲得證書:

./letsencrypt-auto certonly --standalone --email <your@email.com> -d <domain.com> -d <subdomain.domain.com>

如果你遇到像這樣的錯誤:

OSError: Command /opt/eff.org/certbot/venv/bin/python2.7 - setuptools pkg_resources pip wheel failed with error code 1

然後在重新運行腳本之前設置以下環境變數:

export LC_ALL="en_US.UTF-8"
export LC_CTYPE="en_US.UTF-8"

遵循屏幕上的指示,您應該在路徑/etc/letsencrypt/live/<domain.com>處獲得您的證書。

接下來,配置Nginx設置以將HTTP流量重新導向到HTTPS。使用以下命令編輯文件:

sudo vi /etc/nginx/sites-available/default

內容應該像這樣(記得替換<YourDomain.com> 和你的網站的根路徑):

server {
  listen 443 ssl;
  server_name <YourDomain.com>;
  ssl_certificate /etc/letsencrypt/live/<YourDomain.com>/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/<YourDomain.com>/privkey.pem;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_prefer_server_ciphers on;
  ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';

  root /var/www/yourPath;
  index index.html index.htm;

  location / {
    proxy_pass http://localhost:3000/;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto http;
    proxy_set_header X-Nginx-Proxy true;
    proxy_redirect off;
  }
}
server {
  listen 80;
  server_name <domain.com>;
  return 301 https://$host$request_uri;
}

為了測試你的配置是否有任何錯誤,運行:

sudo nginx -t

如果一切正常,重啟Nginx:

sudo service nginx stop
sudo service nginx start

最後但並非最不重要的,前往 AWS 控制台,確保你的安全群組已打開 443 端口,開放 HTTPS 連接。

AWS Console Screenshot

完成!導航至HTTPS版本的你的網域,驗證它是否正常工作。如果您遇到像502 Bad Gateway這種錯誤,確保你的Node.js應用程式正確運行。我使用PM2來保持它運行。讓我們使網路更安全!🙂