Setting Up A Cloud Server

I recently decided to set myself up with a Unix box in the cloud. I want it so I can use it for things I can’t do on my iPad, most notably using pandoc for converting MarkDown documents to various other formats.

There are any number of places that offer an incredibly cheap box. I found a special offer at one and bought myself a year for less than $20. I then fired up an Ubuntu 16 server.

Here’s what I did to get it all working in a (fairly) secure manner.

  • Log in to the server over SSH as root – the only account at first.
  • adduser username
  • Add the new user to the file /etc/sudoers. The easiest way to do this is to find the line root ALL=(ALL) ALL, duplicate it and change the “root” to “username”.
  • Login as username
  • Check you can use sudo
  • Now we stop root logging in over ssh by editing /etc/ssh/sshd/config and changing the line “PermitRootLogin yes” to “no”.
  • Restart ssh sudo systemctl restart ssh.

I could at this point expend the effort to get PKI working to lock it down further but I have to admit PKI is still a learning experience for me and considering I’m not going to put a lot of secure stuff on this box I’ll leave it to later.

Now I know that getting to my box from work is going to be problematic. I live behind a highly secure firewall so something will have to be done. After some research and exploration I decided to install “shellinabox” which gives you a shell session in a web browser. Indeed they even give you instructions on how to run it behind a reverse proxy using Apache. This means I can run it beside other web applications on the box and get to it over port 80 – easy to get through the firewall.

At this point I also went to the Ubuntu website and grabbed the Ubuntu 16 installer and created an Ubuntu VM in Fusion so I could practice stuff on an easily snapshotted box. Most of the steps from here down were done first on it and then checked before doing them on the live server. Having a VM you control is a great way to experiment and learn. If you can’t afford a copy of Fusion then Virtualbox is almost as good. You may discover that some things installed in the vanilla Ubuntu are not on your remote server and vice versa but these are usally minor and easily fixed.

  • sudo apt update to make sure you have a good package list
  • sudo apt install shellinabox
  • sudo systemctl stop shellinabox since it starts on install

At this point I wanted to turn off SSL for shellinabox (see my comment above about PKI). For this we need to change the defaults when it starts. For a well constructed Ubuntu service these will be in a file in etc/defalts so …

  • cd /etc/default
  • sudo cp shellinabox shellinabox.orig so we have a copy of the original
  • sudo vi shellinabox
  • Add -t to SHELLBOXDEFAULTS
  • Save the file and exit
  • sudo systemctl start shellinabox to get it going again.
  • On your home machine go to http://:4200/ in a web browser and you should see a login prompt. Success!

Now let’s see if we can get that reverse proxy working. First step is to turn on the proxy module in Apache.

  • sudo a2enmod proxy

Gee, that was easy. I can remember when you had to edit config files to do that sort of thing.

Now we need to give Apache the reverse proxy configuration. Add the lines below to /etc/apache2/sites-enabled/000-default.conf.


 ProxyPass http://localhost:4200/
 Order allow,deny
 Allow from all

Add them just before the end of the VirtualHost section.

  • sudo apachectl restart to get it to read it’s config files again.

Now if you point your browser at http:///shell/ you will get the login prompt. At the moment shellinabox can be accessed using both the original port and the reverse proxy. Now to turn off the port access.

  • cd /etc/default
  • sudo cp shellinabox shellinabox.orig so we have a copy of the original
  • sudo vi shellinabox
  • Add -localhost-only to SHELLBOXDEFAULTS
  • Save the file and exit
  • sudo systemctl restart shellinabox to get it going again.

In the next installment I’m going to tackle SSL and github. Wish me luck.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s