Versions Compared

Old Version 14

changes.mady.by.user micheal.jones@cybera.ca

Saved on

compared with

New Version Current

changes.mady.by.user micheal.jones@cybera.ca

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Create a security group for the proxy instance. The security group will need to allow access to the instance itself, and ports that are to be forwarded to internal groups. Name the group Proxy

    Code Block
    Rule: Custom TCP Rule:
Open Port: Port
Port: 22
Remote: CIDR
CIDR: 0.0.0.0/0


Rule: Custom TCP Rule:
Open Port: Port
Port: 2200
Remote: CIDR
CIDR: 0.0.0.0/0


Rule: Custom TCP Rule:
Open Port: Port
Port: 80
Remote: CIDR
CIDR: 0.0.0.0/0

              

  2. Create a security group for the internal instances named Internal

    Code Block
    Rule: Custom TCP Rule:
Open Port: Port Range
From Port: 1
To Port: 65535
Remote: Security Group
Security Group: Proxy


  3.  Launch the proxy instance: 

    Image: Ubuntu 18.04
    Flavor: m1.tiny
    Security groups: default, Proxy
    Key pair: pre-generated

    Note

    The proxy instance must be provisioned from the Ubuntu 18.04 image, as it contains pre-built scripts that enable proxy functionality.


    Note

    We suggest adding the default security group to both instances as the default group has egress rules that permit outbound access to the wide world you normally expect. If you do not wish to use the default security group, you will need to add the egress rules. Please Networking#EgressRulesandSecurityGroups for instructions.


  4. Launch internal instance: 

    Image: Ubuntu 18.04
    Flavor: m1.small
    Security Groups: default, Internal
    Key pair: pre-generated

  5. Allocate and associate a floating IP to the proxy instance.

  6. Log-in to the proxy instance.

  7. Add the following lines to /etc/rac-iptables.sh to permit network address translation (NAT) forwarding to the internal instance. You must be root to modify rac-iptables.sh

    Code Block
    iptables -t nat -A PREROUTING -p tcp --dport 2200 -j DNAT --to-destination <private_ip_internal_instance>:22
iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination <private_ip_internal_instance>:80


  8. Run /usr/local/bin/proxyServer to enable IP forwarding, enable the rules added in step 7 to run at boot, and load those same rules immediately.

    If you receive an error about rc.local not existing run the following snippet:

    Code Block
    cat <<EOF | tee /etc/rc.local
bash /etc/rac-iptables.sh
exit 0
EOF


  9. If you have not already, load these rules immediately by running:

    Code Block
    sudo /etc/rac-iptables.sh


  10. Log-in to  to the internal instance via the proxy instance. Make sure you specify port 2200, else you will only ssh to the proxy: 

    Code Block
     $ ssh -p 2200 -i /path/to/<private_key> ubuntu@<floating_ip>


  11. Install apache on the internal instance: 

    Code Block
    $ sudo apt-get update && sudo apt-get install -y apache2


...