Getting Started with Cloud Computing Niels Olof Bouvin 1
Overview What is Cloud Computing? Hosting Domain names Secure communication 2
The Cloud? Not just marketing-speak for someone else’s computer (though it is that too ) “Cloud computing is a model for enabling ubiquitous, convenient, on- demand network access to a shared pool of con fj gurable computing resources that can be rapidly provisioned and released with minimal management e ff ort or service provider interaction.” [NIST De fj nition] 3
On-demand self-service The user of the cloud service can add additional resources (computing, storage, network) as they wish, and when they wish directly through an interface It might even be possible for the system to add additional resources automatically, depending on the con fj guration and service plan e.g., add more servers, if there is a spike in tra ffi c 4
Broad access The cloud service is accessible through standard networking protocols 5
Resource pooling The cloud provider can pool their resources, and provide access to their users dynamically Access is independent of location of the provided machine though it can be speci fj ed, e.g., “give me a server within EU” 6
Measured service The user is billed according to the use of resources This can be continually and dynamically monitored by the cloud provider and user 7
Overview What is Cloud Computing? Hosting Domain names Secure communication 8
Finding a hosting company There are many cloud service providers The largest being Amazon AWS EC2 has a free tier, but their systems can be a bit daunting Others include Microsoft Azure, Digital Ocean, Google, IBM, Oracle, … I have chosen a Danish company: cloud.dk 9
cloud.dk 10
Choices How big a machine? from small, but adequate, to expensive, but powerful Which operating system? usually a choice between Windows and di ff erent kinds of Linux My choice Smallest instance (1 CPU, 0,5 GB RAM, 20 GB disk) Ubuntu 18.04 11
Overview of a virtual machine 12
Con fj guration & installation The cloud instance is standard issue, so we must adapt it to our needs create a user under which to run our server (root is only for administration) install the needed software and con fj gure it i.e., install node.js and MySQL and keep it updated Much like your Raspberry Pi, when you got it which also is running a Linux (Raspian) of the same family (Debian) as Ubuntu 13
Adding a user ‘pi’ adduser handles creating users 14
Installing Node.js & MySQL See the Resources page under Linux It is much the same as with Raspberry Pi 15
Getting connected ssh pi@<ip> ssh-keygen ssh-copy-id 16
Install the id_rsa.pub into GitLab… And with that, we can start pulling from GitLab as we do on the Raspberry Pi 17
The cloud server in action 18
Overview What is Cloud Computing? Hosting Domain names Secure communication 19
http://185.134.30.206:3000 is not catchy Raw IP addresses can work fj ne, but they are not easy to remember, and they cannot move We need a domain name which usually costs money Happily, there are free, if limited, alternatives one being http://freedns.afraid.org 20
http://freedns.afraid.org FreeDNS - Free DNS - Dynamic DNS - Static DNS subdomain and domain hosting For Members: Free DNS Hosting, Dynamic DNS Hosting, Static DNS Hosting, subdomain and DNS Auth Trace [ Main Menu ] domain hosting. your.domain.com [ Domains ] Trace [ Subdomains ] Update demo Web [ ] Forward Members: 3,154,075 [~] $ curl https://sync.afraid.org/u/CyTXMbtq5cPnLjEg5vKHTPDE/ Dynamic Premium: 3,663 Updated demo.freshdns.com from 107.170.238.X to 50.23.197.94 [ ] DNS Records: 9,677,505 IPv6 Zones: 1,067,299 IPv6 updates? Easy, just add v6. [ ] Reverse [~] $ curl https://v6.sync.afraid.org/u/CyTXMbtq5cPnLjEg5vKHTPDE/ Backup +50 subdomains [ ] Updated demo.freshdns.com from 50.23.197.94 to 2607:f0d0:1102:d5::2 DNS +3 stealth flags Wildcard DNS [ Preferences ] Just $5 a month! [ Registry ] Go premium today! Possible Uses: [ Logout ] Now accepting Bitcoin Host your own site on your own connection from home/work/school/etc Access your computer with a name (like zeus.afraid.org or yourdomain.com) instead of a numeric For IP address Everybody: Run your own http server, ftp server, or anything you want to install on your computer/server Fetchable URL to update your IP instantly on our network if you have a dynamic address Hosts even work for your LAN. If you have a LAN connected to the internet you can point hosts [ Home ] to private IP addresses (even private IPv6 addresses) and they will work within your network [ About Us ] Let your friends point theirname.yourdomain.com to their own connection [ FAQ ] Use web forwarding to transparently redirect a hostname to another URL. Let our servers handle [ News ] the redirection afraid.org has been un-interrupted for hundreds of days at a time DNS [ ] afraid.org is operated from multiple redundant high capacity well connected servers Stats The FreeDNS router setup guide with DD-WRT (v2) and the DD-WRT (v1) guide are guides that [ AUP/TOS ] 21 shows new users the most common/convenient configuration on a dynamic IP address, but is
http://freedns.afraid.org 22
Overview What is Cloud Computing? Hosting Domain names Secure communication 23
So… what is missing? We have hosting We have a domain We have a site running But, we are not connecting over an encrypted channel and our node server is communicating directly to the world 24
Hiding our node.js app behind NGINX itwot.mooo.com NGINX 80 The Internet 3000 node.js NGINX is a powerful and very versatile Web server It can act as a proxy for our node.js app as well as serve static content, but that is left to the reader Isolating the application from the Internet 25
Installing NGINX See the Resources page there are few steps, but it is quite straightforward 26
Con fj guring NGINX Open /etc/nginx/nginx.conf with nano Locate the line: include /etc/nginx/conf.d/*.conf; and add below it server { server_name itwot.mooo.com; location / { proxy_pass http://127.0.0.1:3000; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; proxy_set_header Host $host; proxy_cache_bypass $http_upgrade; } Save the fj le, and reload the con fj guration: nginx -s reload 27
Allowing only localhost to connect We need to ensure that Express does not connect to anything not originating from the local host (e.g., NGINX) This is easily done: app.listen(port, 'localhost', err => { if (err) return console.error(`An error occurred: ${err}`) console.log(`Listening on http://localhost:${port}/`) }) 28
Access denied on port 3000 29
Getting an encrypted line Getting a https connection requires a certi fj cate , and those used to be really expensive Not any more! Let’s Encrypt is a free and open Certi fj cation Authority It has enabled secure communications all over the Web And, happily, it is fairly easy to install on a Web server 30
https://letsencrypt.org 31
Installing certbot Again, refer to the resources, and remember to be logged in as root 32
sudo certbot --nginx An interactive installation, where you will be asked some questions, including your email address You should allow certbot to edit your nginx.conf to redirect all tra ffi c to 443 33
Finally, a proper Web site 34
Pro tip: the command tmux It is convenient to just launch your Web application from the command line (as ‘pi’ , not as root!) But, if the connection is broken, the Web application is terminated Unless, you use a command like tmux opens a virtual terminal, where you can enter your commands the terminal can be ‘detached’ by the keystroke Ctrl-b d and reattached by the command tmux attach 35
Creating a Web site in the cloud There are several, distinct steps that must be taken in acquiring a cloud host, con fj guring it, naming it, and securing it It is however not unsurpassable, and be had cheaply 24 kr/month Always on, and no worries about access through AU fj rewalls 36
Recommend
More recommend
