Warning: Use this script at your own risk. I am not responsible if it messes up your server or if you lose data.
I have tested the script on a fresh installation of Ubuntu 10.10 and recommend you also install this script on a fresh install. If you want to modify an existing installation this script might work but I’d recommend you read my previous blog post on this subject instead.
Copy and paste the following line into your ssh terminal.
wget http://blog.jtclark.ca/wp-content/uploads/vpn-setup.sh;chmod +x vpn-setup.sh
Run the script
Next reboot the server and then create a PPTP VPN connection on your computer.
The script automatically sets the login to user: user and pass: pass
You can change this by editing /etc/ppp/chap-secrets
If you are curious of what the script does here is the source below.
#!/bin/sh apt-get install pptpd -y echo "localip 192.168.123.1" >> /etc/pptpd.conf echo "remoteip 192.168.123.234-238,192.168.123.245" >> /etc/pptpd.conf echo "user pptpd pass *" >> /etc/ppp/chap-secrets /etc/init.d/pptpd restart echo "ms-dns 220.127.116.11" >> /etc/ppp/pptpd-options echo "ms-dns 18.104.22.168" >> /etc/ppp/pptpd-options echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf sysctl -p sed -n '$!p' /etc/rc.local > /tmp/rc.local.temp cp /tmp/rc.local.temp /etc/rc.local rm /tmp/rc.local.temp echo "/sbin/iptables -t nat -A POSTROUTING -s 192.168.123.0/24 -o eth0 -j MASQUERADE" >> /etc/rc.local echo "exit 0" >> /etc/rc.local
UPDATE: There was an error in one of the steps, the file /etc/ppp/options does not have to be edited, but /etc/ppp/pptpd-options does. The steps are now correct.
Like many Canadians I am jealous of the American’s and their ability to watch Hulu or listen to free music with Pandora. Both services claim they are working on making their site available to the world but I don’t like waiting.
The way these types of sites figure out that you are not an American is by your IP address. I don’t know of any way of using an American IP address on my computer at home but it just so happens I have several Cloud Servers that are located in the US which of course have American IP addresses.
I have heard of people outside the US using the Proxy server or VPN server method but I had no idea it was so easy to setup. If you already have a cloud server up and running you could literally have it working in about 5 minutes. Setting it up from scratch should take about 10 minutes.
Below are the steps I followed to setup a Ubuntu based VPN server that allows me to access these coveted American sites from either my Mac or PC.
I use Rackspace Cloud Servers for all my cloud server accounts but any VPS or dedicated server provider (provided they’re servers are located in the US) will work. I used Ubuntu 10.04 but any version of Ubuntu should work.
Connect to your server via SSH and start typing commands
If you just created a new Rackspace Cloud Server you’ll want to change your password.
Next update the package list and upgrade any packages that need updating.
apt-get update apt-get upgrade
Now install the PPTP server package.
apt-get install pptpd
Specify the local and remote IP addresses. Default should work unless your local network is 192.168.123.0
Add these lines (or uncomment and modify existing ones)
localip 192.168.123.1 remoteip 192.168.123.234-238,192.168.123.245
Create a user account to connect to your server
Add a user to the file in the following format:
username pptpd password *
john pptpd abc123 *
would create a user named john with a password abc123.
Now restart the pptpd service
You should be able to connect to your server via PPTP but you won’t be able to access any websites outside your server without a few more steps.
Setup DNS servers in the PPP Server options
Uncomment and change the 2 lines starting with ms-dns
This sets up your server to make DNS requests via OpenDNS
ms-dns 22.214.171.124 ms-dns 126.96.36.199
Open the system configuration file and setup IP forwarding
Uncomment the following line
To make the system configuration changes take effect:
Edit this file
Add these two lines above exit (0) in this file:
/sbin/iptables -t nat -A POSTROUTING -s 192.168.123.0/24 -o eth0 -j MASQUERADE /sbin/iptables -I FORWARD -p tcp -syn -i ppp+ -j TCPMSS -set-mss 1356
Server is done. You can connect to this server using any PPTP client.
No Cloud Files
Rackspace Cloud Files was down for about an hour today. This had no effect on the connected CDN but it meant that all of my sites which use the Cloud Files API wouldn’t work. I contacted support, who told me there was a problem with the Cloud Files servers and that they would be posting the outage on their Rackspace Cloud Files Status blog shortly. Cloud Files must have been down for at least 15 minutes before they posted anything. I wish they would post to their status blog as soon as they have identified there is a problem. At least that way people like myself wouldn’t have to tie up their support channels with a question that could have easily been answered on their status page.
While checking my Cloud Files account I noticed that there seem to be references to options which will enable users to move backup images to Cloud Files. I couldn’t actually find the buttons that would allow the move, but the interface shows image locations now and claims there is a move button.
To create an On-Demand image, click the New Image button below. Images located Cloud Files will remain even after deleting their parent server. Images located With Server will be deleted if you destroy their parent server. To move an image to Cloud Files, click the Move link in the table below.
I’ve been waiting for this feature for a long time. Storing my servers’ backups in Cloud Files means I can create a new server, try something for a few hours, back it up and then delete my server. Then a few days later I can load that saved server image from Cloud Files and continue where I left off. At the moment, as soon as I delete a server it’s gone for good.
I still am a big fan of Rackspace’s Cloud services and I am eagerly awaiting the ability to store my backups in Cloud Files.
Every web developer needs some sort of web server. Some use a virtual machine running on their workstation. Some use a physical box connected to their LAN. Until recently, it wasn’t really even feasible to consider having a remotely hosted development server. But with the introduction of hosted VPS services like the Rackspace Cloud servers, it’s not only affordable but possibly cheaper, depending on your requirements, to have your own hosted VPS.
The following is a comparison of the total cost of ownership for a Rackspace Cloud Server versus running your own local web development server. We want the comparison to be as fair as possible, and therefore we will try to compensate for the major differences between a virtual server and a physical server.
Rackspace Cloud Server… 1.5¢ per hour? I’ll take 2 please.
Let’s start with a Rackspace Cloud Server. The cheapest Cloud Server plan–which is more than sufficient for web development–starts at $0.015 per hour. All plans include 4 virtual CPU cores and RAID 10, and provide dedicated resources and CPU time. The cheapest plan comes with 256MB memory, 10GB of disk space and a 10Mbps connection to the Internet.
Formula: (Hourly rate X 24 X 365.25) / 12
Rackspace charges an additional per-gigabyte fee for incoming and outgoing data transfer, but since this is a dev server, it’s very unlikely this will affect your monthly fee very much. In my case, my dev server never comes close to 1GB in or out.
|Bandwidth In||Bandwidth Out|
For these calculations, we will assume that we will be charged for 1GB incoming and 1GB outgoing transfer.
Our total transfer cost will be 1GB X $0.08 + 1GB X $0.22 = $0.30
Don’t forget to backup your Cloud Server
The last thing to consider is backup. Rackspace Cloud Server’s are hosted on servers featuring a RAID 10 hard drive configuration. Ideally your data should be safe, but just in case something goes wrong with the physical servers your Cloud Server is on, you’re covered. Rackspace’s backup for Cloud Servers is stored on their Cloud Files service. Backup storage is currently free, but it will eventually cost you $0.15 per gigabyte.
We’ll assume you want both a daily backup and a weekly backup, so your backup storage cost would be:
10GB X $0.15 X 2 = $3.00
Note: The backups are transferred via the network interface on your Rackspace Cloud Server that is connected to Rackspace private network. Rackspace does not charge any data transfer fees for any data transferred on this network.
Ok, so after adding up our average monthly server fee, monthly data transfer and backup charges, the total cost for running a Rackspace Cloud Server is:
Now let’s see what it costs to run your own server.
Running your own server
With a Cloud Server, you are essentially leasing space on Rackspace’s hardware. They provide the hardware and make sure it’s working. If it breaks, they have to pay to fix it. With your own server, well… it’s all up to you.
I know you can turn your old Pentium 4 desktop into a great Linux box, but it’s not really fair to compare a professional grade server product to a budget workstation. To make our comparison as accurate as possible, we will use a used or off-lease server that is easily affordable for the average web developer.
Our used server will feature 2 hard drives in a RAID 1 configuration, a Pentium 4 processor, a 300W power supply and 1GB of RAM. I know the RAM here is 4 times the amount in Rackspace’s base Cloud Server, but since we are using a Pentium 4 processor instead of the quad core server class CPU Rackspace is using, I think that its use in our calculation is justified.
We’ll assign a price of $150 for this server.
What if the power goes out?
Since Rackspace obviously has uninterrupted power supplies supporting their servers, it’s only fair that we use one as well. Let’s assume we need a 300W UPS and it costs $50. If we add the cost of our server and UPS together we get $200. Let’s assume our used server will last 2 years (24 months).
$200 / 24 = $8.33
So a Rackspace Cloud Server costs almost double this amount? Not quite. I left out one important factor that you may not think about unless you’re the one paying the hydro bills: electricity. Surprisingly, the cost to run your server 24/7 is not an insignificant factor.
Electricity costs money too, you know
Since I live in Ontario, Canada, I’ll be using Canadian hydro rates for my initial calculations and then converting them to US dollars before adding them to our server total.
The non-Smart-Meter hydro rates for Ontario are as follows:
|First 1000 Kilo Watt Hours per month:||5.8 cents/kWh|
|Above 1000 kWh:||6.7 cents/kWh|
Assuming we use under 1000kWh per month, we’ll use the rate of 5.8 cents.
In order to calculate the cost of our electricity consumption, we must first figure out how much power our server will consume. Since the server will probably be idle for the majority of the day, we won’t use the maximum power consumption but rather an average. I used this website to determine how much power our server will use. The calculator gave me a power consumption of 163W.
Let’s convert that to kilowatts:
163W / 1000 = 0.163kW
Formula: (0.163kW X $0.058 X 24 X 365.25) / 12
Before you get too excited, we still have to convert this back into US dollars. We’ll use $1.00 USD = $0.95 CAD as our exchange rate.
$6.90 CAD X 0.95 = $6.56
Wow, you could definitely argue that shared hosting is cheaper than running your own server on the basis of the electricity cost alone. When we add our electricity bill to our server cost we get:
$8.33 + $6.56 = $14.89
Wow, they’re close!
|Rackspace Cloud Server||Your own server||Difference|
|Average monthly cost||$14.26 USD||$14.89 USD||$0.63|
The numbers speak for themselves.
Results with a grain of salt
There are two important aspects to consider when evaluating these results.
First, we made a lot of assumptions about our server. If you prefer to run a low power desktop as a server, can find a cheaper used server, or decide to turn your server off at night, these will significantly reduce the costs for running your own server.
Second, the value of the features and expertise provided by Rackspace is far superior to anything you might set up in your basement. I made a brief chart to highlight some of these differences that can’t easily be assigned a monthly monetary value.
|Rackspace Cloud Server||Your own server|
|Hardware||Managed for you by the professionals at Rackspace||It’s your problem|
|Support||24/7 – chat, phone, email||That’s up to you – 24/7 (if you don’t sleep)|
|Scalability||Add more RAM and disk space anytime automatically or with a few clicks||Turn off your server and open it up|
Obviously a Cloud Server is not ideal for everybody, but I bet that it could save a lot of developers a great deal of time and money.
Why not try a Cloud Server? It’s only 1.5 cents an hour!
This guide will help you set up the following:
- Zend Server CE (Apache/PHP)
- Postfix (for outgoing mail)
Some of these steps are taken from the Rackspace Cloud Server Knowledgebase.
Create a new server instance
Log in to http://manage.rackspacecloud.com and create a new server instance with Ubuntu 9.10. Any instance size is great. I’d recommend naming your server with your FQDN as it saves a few changes later on.
Securing the server
The Rackspace Cloud Server comes with the root account enabled and no firewall setup. This is not a good thing for a public server. So the first thing we will do is create a new administrator account which we will use to log in via SSH, and then we will set up Iptables as our firewall.
Rackspace will email you the IP address and password of your new server instance.
Log in over SSH to your server instance. If you have a Mac just open a terminal window and enter something like the following:
If you use windows download putty, enter the IP address in the host box and click connect.
You should now be logged in to your new Cloud Server.
The first thing we are going to do is change the root password.
Change the password by using:
Since we don’t want to log in as root anymore, we need to create a new user.
We want the admin user to be able to become a super user so we need to add admin to the visudo file by entering this:
Nano will open a file; add the following to the bottom of the file.
admin ALL=(ALL) ALL
Next we will make some changes to the SSH configuration file. It is also a good idea to change the port SSH uses for security. We will also disable root logins and enable admin to log in via SSH.
Port 54321 PermitRootLogin no X11Forwarding no UsePAM no UseDNS no AllowUsers admin
To make those changes take effect, restart SSH. You will not be disconnected, but if you do disconnect, you will need to reconnect using your new username and new port.
This server will be a web host so very few ports will be opened.
- HTTP 80
- HTTPS 443
- HTTP 10081 (Zend Server CE)
- SSH 54321
All other ports are dropped.
Create a file named iptables.test.rules in /etc and open it using nano.
Add the file lines to that file. Make changes where required.
* filter :INPUT DROP [1:48] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [129:20352] # Allows all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't -A INPUT -i lo -j ACCEPT -A INPUT -i ! lo -d 127.0.0.0/8 -j REJECT #Accept SSH connections -A INPUT -p tcp -m state --state NEW --dport 54321 -j ACCEPT #Accept Established connections -A INPUT -m state --state RELATED,ESTABLISH -j ACCEPT #Accept HTTP connections -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT -A INPUT -p tcp -m tcp --dport 10081 -j ACCEPT #Accept all PING requests on ICMP -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT # Reject all other inbound - default deny unless explicitly allowed policy -A INPUT -j REJECT -A FORWARD -j REJECT COMMIT
Now we are going to load the file to check for errors and to ensure the configuration is valid and our firewall works as expected.
iptables-restore < /etc/iptables.test.rules
You can view the active firewall rules by running this command.
If everything is satisfactory, save the rules into a new file which we will then configure to be automatically loaded upon boot.
iptables-save > /etc/iptables.up.rules
Now we need to add a line to the network interface’s initialization script so that our firewall rules will be loaded upon boot.
Add the following line after ‘iface lo inet loopback’:
pre-up iptables-restore < /etc/iptables.up.rules
Now before we do anything else, we need to test the configuration. We don’t want to inadvertently lock ourselves out of the server, so we will test the firewall by opening a new SSH connection in a new window. As long as we don’t close our currently active connection we can still make changes if our new SSH connection fails.
If you can successfully connect to the server with the new account on the new port with the firewall rules enabled, then you should reboot the server and verify that iptables loads your configuration file on boot.
You will be disconnected from both your SSH sessions.
Try reconnecting after 20 or 30 seconds, log in and then check your firewall configuration.
If the rules load successfully then we can move onto the next step.
Time Synchronization Setup
Run the timezone package configuration wizard selecting your time zone.
sudo dpkg-reconfigure tzdata
Create a cron job script:
sudo nano /etc/cron.daily/ntpdate
Enter the following in the /etc/cron.daily/ntpdate file:
sudo ntpdate ntp.ubuntu.com
Change permissions of the cron job script:
sudo chmod 755 /etc/cron.daily/ntpdate
Configure User Locales:
sudo locale-gen en_US.UTF-8
Configure local time zone:
sudo ln -sf /usr/share/zoneinfo/America/Toronto /etc/localtime
Outgoing Mail Server Setup
Install postfix and mail tools:
sudo apt-get install postfix mailx
Run the following command to install MySQL:
sudo apt-get install mysql-server
Zend Server CE Setup
I prefer the manual installation method. Instructions can be found here on Zend’s site.
I use a portion of those instructions in my setup.
Define a new package repository by opening the following file: /etc/apt/sources.list and adding the line:
deb http://repos.zend.com/zend-server/deb server non-free
Now download the GPG key:
sudo wget http://repos.zend.com/deb/zend.key -O- |sudo apt-key add -
Update the package list:
sudo apt-get update
Install Zend Server with PHP 5.3. Note: Zend does provide Zend Server with PHP 5.2 packages. View the Zend Server CE documentation for more information.
sudo apt-get install zend-server-ce-php-5.3
I like to install phpmyadmin but it is optional:
sudo apt-get install phpmyadmin-zend-server