...
Create a security group for the proxy instance. The security group will need to allow access to the instance itself, and ports that are to be forwarded to internal groups. Name the group Proxy:
Code Block Rule: Custom TCP Rule: Open Port: Port Port: 22 Remote: CIDR CIDR: 0.0.0.0/0 Rule: Custom TCP Rule: Open Port: Port Port: 2200 Remote: CIDR CIDR: 0.0.0.0/0 Rule: Custom TCP Rule: Open Port: Port Port: 80 Remote: CIDR CIDR: 0.0.0.0/0
Create a security group for the internal instances named Internal:
Code Block Rule: Custom TCP Rule: Open Port: Port Range From Port: 1 To Port: 65535 Remote: Security Group Security Group: Proxy
Launch the proxy instance:
Image: Ubuntu 18.04
Flavor: m1.tiny
Security groups: Proxy
Key pair: pre-generatedNote The proxy instance must be provisioned from the Ubuntu 18.04 image, as it contains pre-built scripts that enable proxy functionality.
Launch internal instance:
Image: Ubuntu 18.04
Flavor: m1.small
Security Groups: Internal
Key pair: pre-generated- Allocate and associate a floating IP to the proxy instance.
- Log-in to the proxy instance.
Add the following lines to
/etc/rac-iptables.sh
to permit network address translation (NAT) forwarding to the internal instance. You must be root to modifyrac-iptables.sh
:Code Block iptables -t nat -A PREROUTING -p tcp --dport 2200 -j DNAT --to-destination <private_ip_internal_instance>:22 iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination <private_ip_internal_instance>:80
Run
/usr/local/bin/proxyServer
to enable IP forwarding, enable the rules added in step 7 to run at boot, and load those same rules immediately.
If you receive an error about rc.local not existing run the following snippet:Code Block cat <<EOF | tee /etc/rc.local bash /etc/rac-iptables.sh exit 0 EOF
Log-in to the internal instance via the proxy instance. Make sure you specify port 2200, else you will only ssh to the proxy:
Code Block $ ssh -p 2200 -i /path/to/<private_key> ubuntu@<floating_ip>
Install apache on the internal instance:
Code Block $ sudo apt-get update && sudo apt-get install -y apache2
...