Getting Started with Cloud Computing Niels Olof Bouvin 1 Overview - - PowerPoint PPT Presentation

Getting Started with Cloud Computing

Niels Olof Bouvin

1

Overview

What is Cloud Computing? Hosting Domain names Secure communication

2

The Cloud?

Not just marketing-speak for someone else’s computer

(though it is that too)

“Cloud computing is a model for enabling ubiquitous, convenient, on- demand network access to a shared pool of confjgurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction.”

[NIST Defjnition]

3

On-demand self-service

The user of the cloud service can add additional resources (computing, storage, network) as they wish, and when they wish directly through an interface It might even be possible for the system to add additional resources automatically, depending on the confjguration and service plan

e.g., add more servers, if there is a spike in traffic

4

Broad access

The cloud service is accessible through standard networking protocols

5

Resource pooling

The cloud provider can pool their resources, and provide access to their users dynamically Access is independent of location of the provided machine

though it can be specifjed, e.g., “give me a server within EU”

6

Measured service

The user is billed according to the use of resources This can be continually and dynamically monitored by the cloud provider and user

7

Overview

What is Cloud Computing? Hosting Domain names Secure communication

8

Finding a hosting company

There are many cloud service providers The largest being Amazon

AWS EC2 has a free tier, but their systems can be a bit daunting

Others include Microsoft Azure, Digital Ocean, Google, IBM, Oracle, … I have chosen a Danish company: cloud.dk

9

cloud.dk

10

Choices

How big a machine?

from small, but adequate, to expensive, but powerful

Which operating system?

usually a choice between Windows and different kinds of Linux

My choice

Smallest instance (1 CPU, 0,5 GB RAM, 20 GB disk) Ubuntu 18.04

11

Overview of a virtual machine

12

Confjguration & installation

The cloud instance is standard issue, so we must adapt it to our needs

create a user under which to run our server (root is only for administration) install the needed software and confjgure it i.e., install node.js and MySQL and keep it updated

Much like your Raspberry Pi, when you got it

which also is running a Linux (Raspian) of the same family (Debian) as Ubuntu

13

Adding a user ‘pi’

adduser handles creating users

14

Installing Node.js & MySQL

See the Resources page under Linux It is much the same as with Raspberry Pi

15

ssh pi@<ip> ssh-keygen ssh-copy-id

Getting connected

16

Install the id_rsa.pub into GitLab…

And with that, we can start pulling from GitLab as we do on the Raspberry Pi

17

The cloud server in action

18

Overview

What is Cloud Computing? Hosting Domain names Secure communication

19

http://185.134.30.206:3000 is not catchy

Raw IP addresses can work fjne, but they are not easy to remember, and they cannot move We need a domain name

which usually costs money

Happily, there are free, if limited, alternatives

• ne being http://freedns.afraid.org

20

http://freedns.afraid.org

FreeDNS - Free DNS - Dynamic DNS - Static DNS subdomain and domain hosting

For Members: [ Main Menu ] [ Domains ] [ Subdomains ] [ Web Forward ] [ Dynamic DNS ] [ IPv6 Reverse ] [ Backup DNS ] [ Preferences ] [ Registry ] [ Logout ] For Everybody: [ Home ] [ About Us ] [ FAQ ] [ News ] [ DNS Stats ] [ AUP/TOS ]

Free DNS Hosting, Dynamic DNS Hosting, Static DNS Hosting, subdomain and domain hosting.

Update demo [~] $ curl https://sync.afraid.org/u/CyTXMbtq5cPnLjEg5vKHTPDE/ Updated demo.freshdns.com from 107.170.238.X to 50.23.197.94 IPv6 updates? Easy, just add v6. [~] $ curl https://v6.sync.afraid.org/u/CyTXMbtq5cPnLjEg5vKHTPDE/ Updated demo.freshdns.com from 50.23.197.94 to 2607:f0d0:1102:d5::2 Possible Uses: Host your own site on your own connection from home/work/school/etc Access your computer with a name (like zeus.afraid.org or yourdomain.com) instead of a numeric IP address Run your own http server, ftp server, or anything you want to install on your computer/server Fetchable URL to update your IP instantly on our network if you have a dynamic address Hosts even work for your LAN. If you have a LAN connected to the internet you can point hosts to private IP addresses (even private IPv6 addresses) and they will work within your network Let your friends point theirname.yourdomain.com to their own connection Use web forwarding to transparently redirect a hostname to another URL. Let our servers handle the redirection afraid.org has been un-interrupted for hundreds of days at a time afraid.org is operated from multiple redundant high capacity well connected servers The FreeDNS router setup guide with DD-WRT (v2) and the DD-WRT (v1) guide are guides that shows new users the most common/convenient configuration on a dynamic IP address, but is DNS Auth Trace

your.domain.com Trace

Members: 3,154,075 Premium: 3,663 Records: 9,677,505 Zones: 1,067,299

+50 subdomains +3 stealth flags Wildcard DNS Just $5 a month! Go premium today! Now accepting Bitcoin

21

http://freedns.afraid.org

22

Overview

What is Cloud Computing? Hosting Domain names Secure communication

23

So… what is missing?

We have hosting We have a domain We have a site running But, we are not connecting over an encrypted channel and our node server is communicating directly to the world

24

Hiding our node.js app behind NGINX

NGINX is a powerful and very versatile Web server It can act as a proxy for our node.js app

as well as serve static content, but that is left to the reader

Isolating the application from the Internet

The Internet

itwot.mooo.com NGINX node.js 80 3000

25

Installing NGINX

See the Resources page

there are few steps, but it is quite straightforward

26

Confjguring NGINX

Open /etc/nginx/nginx.conf with nano Locate the line: include /etc/nginx/conf.d/*.conf; and add below it Save the fjle, and reload the confjguration:

nginx -s reload

server { server_name itwot.mooo.com; location / { proxy_pass http://127.0.0.1:3000; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; proxy_set_header Host $host; proxy_cache_bypass $http_upgrade; }

27

Allowing only localhost to connect

We need to ensure that Express does not connect to anything not originating from the local host (e.g., NGINX) This is easily done:

app.listen(port, 'localhost', err => { if (err) return console.error(`An error occurred: ${err}`) console.log(`Listening on http://localhost:${port}/`) })

28

Access denied on port 3000

29

Getting an encrypted line

Getting a https connection requires a certifjcate, and those used to be really expensive Not any more! Let’s Encrypt is a free and open Certifjcation Authority It has enabled secure communications all over the Web And, happily, it is fairly easy to install on a Web server

30

https://letsencrypt.org

31

Installing certbot

Again, refer to the resources, and remember to be logged in as root

32

sudo certbot --nginx

An interactive installation, where you will be asked some questions, including your email address You should allow certbot to edit your nginx.conf to redirect all traffic to 443

33

Finally, a proper Web site

34

Pro tip: the command tmux

It is convenient to just launch your Web application from the command line (as ‘pi’ , not as root!) But, if the connection is broken, the Web application is terminated Unless, you use a command like tmux

• pens a virtual terminal, where you can enter your commands

the terminal can be ‘detached’ by the keystroke Ctrl-b d and reattached by the command tmux attach

35

Creating a Web site in the cloud

There are several, distinct steps that must be taken in acquiring a cloud host, confjguring it, naming it, and securing it It is however not unsurpassable, and be had cheaply

24 kr/month

Always on, and no worries about access through AU fjrewalls

36