Before You Start

Make Sure That You Can SSH to ww Still

(Did you make iptables rules persistent?)

Apache

You’ve already had some experience running a Web Server in OPS245. We are using Apache once again in OPS345.

• install httpd
• Review your systemctl commands!
• If you make a change, remember to restart the service.

Elastic Block Store

When we are working in The Cloud©, this is the way that we abstract file systems.

• Some EBSes were created when we launched our instances.
• We are going to create one to store our Web Content.

Micro-Everything..!

This idea of breaking things down into microservices has gained a lot of traction. So our drives are separated from our instances, databases are separated from our drives, and so on.

Why is this useful?

LVM

Fortunately for us, we already have some experience dealing with drives in this manner. Recall what you learned in OPS245 in regards to LVM.

Logical Volume Management gives us the flexibility we need to solve problems (like running out of drive space) on the fly, with minimal downtime.

LVM Concepts Review

LVM Concepts

• Physical Volumes are added to a Volume Group.
• The Volume Group becomes a pool of all available storage space.
• Logical Volumes are created from the pool of storage space in a particular volume group.
• We still need to partition and mount these logical volumes before they are usable.

Testing With links

• links is a terminal-based web browser.
• localhost will point to your local machine, it lets us test HTML/CSS/PHP/Javascript when it’s not actually on the Web yet.
• The next step will be to make sure we can reach your page on the Web.

Removing Public IP addresses

Did you consider it strange when we set up port forwarding to ww even though it already had a public IP address? Here is where we remove that address and make sure everything will continue working.

We want our traffic (SSH and Web) to be going through router. Unfortunately we can’t remove a public IP address, so we need to remove the ww instance.

Create WWW

• Follow the steps from before to set up www. Repetition is the mother of all learning!
• Having to repeat a process because of one small wrinkle is also…. very common in the workplace. 😼
• Fortunately you don’t need to re-create the drive you mounted at /var/www, since that is considered independent of the instance!

Man In The Middle Attack?!?

• Sometimes (depending on OS and configuration), if the fingerprint of a machine changes when the IP address has not, you will get an error message.
• If you get a message warning of a possible MITM attack, it is because ww is gone and www is located at that IP address.
• Follow the steps to remove the ww entry from your known_hosts file (on your Linux Mint VM) and try again.

Make Sure You Test!

Lots of things need to be working to complete the lab. A checklist:

• Security Group Rule to allow WWW traffic
• iptables Rule to allow same
• httpd service is running
• www-data mounted correctly
• php installed

Make Sure You Test!

In addition, when instances reboot there’s a chance that things break.

• Are iptables rules persistent?
• Does www-data mount automatically on startup?
• Is the httpd service enabled?

Elastic IP Reminder

Recall that Elastic IPs will cost you money when they are not in use. We needed temporary-ip to install stuff on www, but that’s not complete.

• Disassociate the elastic IP once you have tested everything and completed the lab.