by ·1 Comment

Warning: Use this script at your own risk. I am not responsible if it messes up your server or if you lose data.

I have tested the script on a fresh installation of Ubuntu 10.10 and recommend you also install this script on a fresh install. If you want to modify an existing installation this script might work but I’d recommend you read my previous blog post on this subject instead.
[ad name=”Google Adsense 468×60″]
Copy and paste the following line into your ssh terminal.

wget https://blog.jtclark.ca/wp-content/uploads/vpn-setup.sh;chmod +x vpn-setup.sh

Run the script

./vpn-setup.sh

Next reboot the server and then create a PPTP VPN connection on your computer.
The script automatically sets the login to user: user and pass: pass
You can change this by editing /etc/ppp/chap-secrets
[ad name=”Google Adsense 468×60″]
If you are curious of what the script does here is the source below.

#!/bin/sh
apt-get install pptpd -y
echo "localip 192.168.123.1" >> /etc/pptpd.conf
echo "remoteip 192.168.123.234-238,192.168.123.245" >> /etc/pptpd.conf

echo "user pptpd pass *" >> /etc/ppp/chap-secrets
/etc/init.d/pptpd restart
echo "ms-dns 208.67.222.222" >> /etc/ppp/pptpd-options
echo "ms-dns 208.67.220.220" >> /etc/ppp/pptpd-options
echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
sysctl -p
sed -n '$!p' /etc/rc.local > /tmp/rc.local.temp
cp /tmp/rc.local.temp /etc/rc.local
rm /tmp/rc.local.temp
echo "/sbin/iptables -t nat -A POSTROUTING -s 192.168.123.0/24 -o eth0 -j MASQUERADE" >> /etc/rc.local
echo "exit 0" >> /etc/rc.local
Share

by ·7 Comments

UPDATE: There was an error in one of the steps, the file /etc/ppp/options does not have to be edited, but /etc/ppp/pptpd-options does. The steps are now correct.

Like many Canadians I am jealous of the American’s and their ability to watch Hulu or listen to free music with Pandora. Both services claim they are working on making their site available to the world but I don’t like waiting.

[ad name=”Google Adsense 468×60″]

The way these types of sites figure out that you are not an American is by your IP address. I don’t know of any way of using an American IP address on my computer at home but it just so happens I have several Cloud Servers that are located in the US which of course have American IP addresses.

I have heard of people outside the US using the Proxy server or VPN server method but I had no idea it was so easy to setup. If you already have a cloud server up and running you could literally have it working in about 5 minutes. Setting it up from scratch should take about 10 minutes.

Below are the steps I followed to setup a Ubuntu based VPN server that allows me to access these coveted American sites from either my Mac or PC.

Cloud Computing & Cloud Hosting by Rackspace

I use Rackspace Cloud Servers for all my cloud server accounts but any VPS or dedicated server provider (provided they’re servers are located in the US) will work. I used Ubuntu 10.04 but any version of Ubuntu should work.

Connect to your server via SSH and start typing commands

If you just created a new Rackspace Cloud Server you’ll want to change your password.

passwd

Next update the package list and upgrade any packages that need updating.

apt-get update
apt-get upgrade

Now install the PPTP server package.

apt-get install pptpd

Specify the local and remote IP addresses. Default should work unless your local network is 192.168.123.0

nano /etc/pptpd.conf

Add these lines (or uncomment and modify existing ones)

localip 192.168.123.1
remoteip 192.168.123.234-238,192.168.123.245

Create a user account to connect to your server

nano /etc/ppp/chap-secrets

Add a user to the file in the following format:
username pptpd password *
For example:

john pptpd abc123 *

would create a user named john with a password abc123.
[ad name=”Google Adsense 468×60″]
Now restart the pptpd service

/etc/init.d/pptpd restart

You should be able to connect to your server via PPTP but you won’t be able to access any websites outside your server without a few more steps.

Setup DNS servers in the PPP Server options

nano /etc/ppp/pptpd-options

Uncomment and change the 2 lines starting with ms-dns
This sets up your server to make DNS requests via OpenDNS

ms-dns 208.67.222.222
ms-dns 208.67.220.220

Open the system configuration file and setup IP forwarding

nano /etc/sysctl.conf

Uncomment the following line

net.ipv4.ip_forward=1

To make the system configuration changes take effect:

sysctl -p

Edit this file

nano /etc/rc.local

Add these two lines above exit (0) in this file:

/sbin/iptables -t nat -A POSTROUTING -s 192.168.123.0/24 -o eth0 -j MASQUERADE
/sbin/iptables -I FORWARD -p tcp -syn -i ppp+ -j TCPMSS -set-mss 1356

Server is done. You can connect to this server using any PPTP client.

Cloud Computing & Cloud Hosting by Rackspace

Share

by ·0 Comments

No Cloud Files

Rackspace Cloud Files was down for about an hour today. This had no effect on the connected CDN but it meant that all of my sites which use the Cloud Files API wouldn’t work. I contacted support, who told me there was a problem with the Cloud Files servers and that they would be posting the outage on their Rackspace Cloud Files Status blog shortly. Cloud Files must have been down for at least 15 minutes before they posted anything. I wish they would post to their status blog as soon as they have identified there is a problem. At least that way people like myself wouldn’t have to tie up their support channels with a question that could have easily been answered on their status page.

New Features?

While checking my Cloud Files account I noticed that there seem to be references to options which will enable users to move backup images to Cloud Files. I couldn’t actually find the buttons that would allow the move, but the interface shows image locations now and claims there is a move button.

To create an On-Demand image, click the New Image button below. Images located Cloud Files will remain even after deleting their parent server. Images located With Server will be deleted if you destroy their parent server. To move an image to Cloud Files, click the Move link in the table below.

I’ve been waiting for this feature for a long time. Storing my servers’ backups in Cloud Files means I can create a new server, try something for a few hours, back it up and then delete my server. Then a few days later I can load that saved server image from Cloud Files and continue where I left off. At the moment, as soon as I delete a server it’s gone for good.

I still am a big fan of Rackspace’s Cloud services and I am eagerly awaiting the ability to store my backups in Cloud Files.

Share

by ·3 Comments
Rackspace

Rackspace Cloud Server vs. Running Your Own ServerEvery web developer needs some sort of web server. Some use a virtual machine running on their workstation. Some use a physical box connected to their LAN. Until recently, it wasn’t really even feasible to consider having a remotely hosted development server. But with the introduction of hosted VPS services like the Rackspace Cloud servers, it’s not only affordable but possibly cheaper, depending on your requirements, to have your own hosted VPS.

The following is a comparison of the total cost of ownership for a Rackspace Cloud Server versus running your own local web development server. We want the comparison to be as fair as possible, and therefore we will try to compensate for the major differences between a virtual server and a physical server.

Rackspace Cloud Server… 1.5¢ per hour? I’ll take 2 please.

Let’s start with a Rackspace Cloud Server. The cheapest Cloud Server plan–which is more than sufficient for web development–starts at $0.015 per hour. All plans include 4 virtual CPU cores and RAID 10, and provide dedicated resources and CPU time. The cheapest plan comes with 256MB memory, 10GB of disk space and a 10Mbps connection to the Internet.

Hourly Daily Yearly Monthly
Price $0.015 $0.36 $131.49 $10.96

Formula: (Hourly rate X 24 X 365.25) / 12

Data transfer

Rackspace charges an additional per-gigabyte fee for incoming and outgoing data transfer, but since this is a dev server, it’s very unlikely this will affect your monthly fee very much. In my case, my dev server never comes close to 1GB in or out.

Bandwidth In Bandwidth Out
Price $0.08 $0.22

For these calculations, we will assume that we will be charged for 1GB incoming and 1GB outgoing transfer.

Our total transfer cost will be 1GB X $0.08 + 1GB X $0.22 = $0.30

Don’t forget to backup your Cloud Server

The last thing to consider is backup. Rackspace Cloud Server’s are hosted on servers featuring a RAID 10 hard drive configuration. Ideally your data should be safe, but just in case something goes wrong with the physical servers your Cloud Server is on, you’re covered. Rackspace’s backup for Cloud Servers is stored on their Cloud Files service. Backup storage is currently free, but it will eventually cost you $0.15 per gigabyte.

We’ll assume you want both a daily backup and a weekly backup, so your backup storage cost would be:

10GB X $0.15 X 2 = $3.00

Note: The backups are transferred via the network interface on your Rackspace Cloud Server that is connected to Rackspace private network. Rackspace does not charge any data transfer fees for any data transferred on this network.

Ok, so after adding up our average monthly server fee, monthly data transfer and backup charges, the total cost for running a Rackspace Cloud Server is:

$14.26 USD

Now let’s see what it costs to run your own server.

 

[ad name=”Google Adsense 468×60″]

Running your own server

With a Cloud Server, you are essentially leasing space on Rackspace’s hardware. They provide the hardware and make sure it’s working. If it breaks, they have to pay to fix it. With your own server, well… it’s all up to you.

I know you can turn your old Pentium 4 desktop into a great Linux box, but it’s not really fair to compare a professional grade server product to a budget workstation. To make our comparison as accurate as possible, we will use a used or off-lease server that is easily affordable for the average web developer.

Our used server will feature 2 hard drives in a RAID 1 configuration, a Pentium 4 processor, a 300W power supply and 1GB of RAM. I know the RAM here is 4 times the amount in Rackspace’s base Cloud Server, but since we are using a Pentium 4 processor instead of the quad core server class CPU Rackspace is using, I think that its use in our calculation is justified.

We’ll assign a price of $150 for this server.

What if the power goes out?

Since Rackspace obviously has uninterrupted power supplies supporting their servers, it’s only fair that we use one as well. Let’s assume we need a 300W UPS and it costs $50. If we add the cost of our server and UPS together we get $200. Let’s assume our used server will last 2 years (24 months).

$200 / 24 = $8.33

So a Rackspace Cloud Server costs almost double this amount? Not quite. I left out one important factor that you may not think about unless you’re the one paying the hydro bills: electricity. Surprisingly, the cost to run your server 24/7 is not an insignificant factor.

Electricity costs money too, you know

Since I live in Ontario, Canada, I’ll be using Canadian hydro rates for my initial calculations and then converting them to US dollars before adding them to our server total.

The non-Smart-Meter hydro rates for Ontario are as follows:

Condition Rate
First 1000 Kilo Watt Hours per month: 5.8 cents/kWh
Above 1000 kWh: 6.7 cents/kWh

Assuming we use under 1000kWh per month, we’ll use the rate of 5.8 cents.

In order to calculate the cost of our electricity consumption, we must first figure out how much power our server will consume. Since the server will probably be idle for the majority of the day, we won’t use the maximum power consumption but rather an average. I used this website to determine how much power our server will use. The calculator gave me a power consumption of 163W.

Let’s convert that to kilowatts:

163W / 1000 = 0.163kW

  Hourly Daily Yearly Monthly
Price $0.009454 $0.226896 $82.873764 $6.90

Formula: (0.163kW X $0.058 X 24 X 365.25) / 12

Before you get too excited, we still have to convert this back into US dollars. We’ll use $1.00 USD = $0.95 CAD as our exchange rate.

$6.90 CAD X 0.95 = $6.56

Wow, you could definitely argue that shared hosting is cheaper than running your own server on the basis of the electricity cost alone. When we add our electricity bill to our server cost we get:

$8.33 + $6.56 = $14.89

 

[ad name=”Google Adsense 468×60″]

Wow, they’re close!

  Rackspace Cloud Server Your own server Difference
Average monthly cost $14.26 USD $14.89 USD $0.63

The numbers speak for themselves.

Results with a grain of salt

There are two important aspects to consider when evaluating these results.

First, we made a lot of assumptions about our server. If you prefer to run a low power desktop as a server, can find a cheaper used server, or decide to turn your server off at night, these will significantly reduce the costs for running your own server.

Second, the value of the features and expertise provided by Rackspace is far superior to anything you might set up in your basement. I made a brief chart to highlight some of these differences that can’t easily be assigned a monthly monetary value.

  Rackspace Cloud Server Your own server
Hardware Managed for you by the professionals at Rackspace It’s your problem
Support 24/7 – chat, phone, email That’s up to you – 24/7 (if you don’t sleep)
Scalability Add more RAM and disk space anytime automatically or with a few clicks Turn off your server and open it up

Obviously a Cloud Server is not ideal for everybody, but I bet that it could save a lot of developers a great deal of time and money.

Why not try a Cloud Server? It’s only 1.5 cents an hour!

Cloud Computing & Cloud Hosting by Rackspace

Share

by ·9 Comments

Cloud Computing & Cloud Hosting by Rackspace

Overview

This guide will help you set up the following:

  • Zend Server CE (Apache/PHP)
  • Iptables
  • SSH
  • MySQL
  • Postfix (for outgoing mail)

Some of these steps are taken from the Rackspace Cloud Server Knowledgebase.

Create a new server instance

Log in to http://manage.rackspacecloud.com and create a new server instance with Ubuntu 9.10. Any instance size is great. I’d recommend naming your server with your FQDN as it saves a few changes later on.

Securing the server

The Rackspace Cloud Server comes with the root account enabled and no firewall setup. This is not a good thing for a public server. So the first thing we will do is create a new administrator account which we will use to log in via SSH, and then we will set up Iptables as our firewall.

Rackspace will email you the IP address and password of your new server instance.

Log in over SSH to your server instance. If you have a Mac just open a terminal window and enter something like the following:

ssh root@your_server_ip

If you use windows download putty, enter the IP address in the host box and click connect.

You should now be logged in to your new Cloud Server.

The first thing we are going to do is change the root password.

Change the password by using:

passwd

Since we don’t want to log in as root anymore, we need to create a new user.

adduser admin

We want the admin user to be able to become a super user so we need to add admin to the visudo file by entering this:

visudo

Nano will open a file; add the following to the bottom of the file.

admin ALL=(ALL) ALL

Next we will make some changes to the SSH configuration file. It is also a good idea to change the port SSH uses for security. We will also disable root logins and enable admin to log in via SSH.

nano /etc/ssh/sshd_config

Port 54321
PermitRootLogin no
X11Forwarding no
UsePAM no
UseDNS no
AllowUsers admin

To make those changes take effect, restart SSH. You will not be disconnected, but if you do disconnect, you will need to reconnect using your new username and new port.

/etc/init.d/ssh restart

Firewall Configuration

This server will be a web host so very few ports will be opened.

  • HTTP 80
  • HTTPS 443
  • HTTP 10081 (Zend Server CE)
  • SSH 54321

All other ports are dropped.

Create a file named iptables.test.rules in /etc and open it using nano.

nano /etc/iptables.test.rules

Add the file lines to that file. Make changes where required.

* filter
:INPUT DROP [1:48]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [129:20352]  
  

#  Allows all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't
-A INPUT -i lo -j ACCEPT
-A INPUT -i ! lo -d 127.0.0.0/8 -j REJECT

    

#Accept SSH connections
-A INPUT -p tcp -m state --state NEW --dport 54321 -j ACCEPT    

#Accept Established connections
-A INPUT -m state --state RELATED,ESTABLISH -j ACCEPT    

#Accept HTTP connections
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 10081 -j ACCEPT

    

#Accept all PING requests on ICMP
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
    

# Reject all other inbound - default deny unless explicitly allowed policy
-A INPUT -j REJECT
-A FORWARD -j REJECT  

COMMIT

Now we are going to load the file to check for errors and to ensure the configuration is valid and our firewall works as expected.

iptables-restore < /etc/iptables.test.rules

You can view the active firewall rules by running this command.

iptables -L

If everything is satisfactory, save the rules into a new file which we will then configure to be automatically loaded upon boot.

iptables-save > /etc/iptables.up.rules

Now we need to add a line to the network interface’s initialization script so that our firewall rules will be loaded upon boot.

nano /etc/network/interfaces

Add the following line after ‘iface lo inet loopback’:

pre-up iptables-restore < /etc/iptables.up.rules

Now before we do anything else, we need to test the configuration. We don’t want to inadvertently lock ourselves out of the server, so we will test the firewall by opening a new SSH connection in a new window. As long as we don’t close our currently active connection we can still make changes if our new SSH connection fails.

If you can successfully connect to the server with the new account on the new port with the firewall rules enabled, then you should reboot the server and verify that iptables loads your configuration file on boot.

sudo reboot

You will be disconnected from both your SSH sessions.
Try reconnecting after 20 or 30 seconds, log in and then check your firewall configuration.

iptables -L

If the rules load successfully then we can move onto the next step.

Time Synchronization Setup

Run the timezone package configuration wizard selecting your time zone.

sudo dpkg-reconfigure tzdata

Create a cron job script:

sudo nano /etc/cron.daily/ntpdate

Enter the following in the /etc/cron.daily/ntpdate file:

sudo ntpdate ntp.ubuntu.com

Change permissions of the cron job script:

sudo chmod 755 /etc/cron.daily/ntpdate

Configure User Locales:

sudo locale-gen en_US.UTF-8

Configure local time zone:

sudo ln -sf /usr/share/zoneinfo/America/Toronto /etc/localtime

Outgoing Mail Server Setup

Install postfix and mail tools:

sudo apt-get install postfix mailx

MySQL Installation

Run the following command to install MySQL:

sudo apt-get install mysql-server

Zend Server CE Setup

I prefer the manual installation method. Instructions can be found here on Zend’s site.
I use a portion of those instructions in my setup.

Define a new package repository by opening the following file: /etc/apt/sources.list and adding the line:

deb http://repos.zend.com/zend-server/deb server non-free

Now download the GPG key:

sudo wget http://repos.zend.com/deb/zend.key -O- |sudo apt-key add -

Update the package list:

sudo apt-get update

Install Zend Server with PHP 5.3. Note: Zend does provide Zend Server with PHP 5.2 packages. View the Zend Server CE documentation for more information.

sudo apt-get install zend-server-ce-php-5.3

I like to install phpmyadmin but it is optional:

sudo apt-get install phpmyadmin-zend-server

[ad#Google Adsense 728×90]

Share