Linode, ASP.NET Core, Nginx, WSL2 - Linode Cloud - Tricking Library Ep63

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

welcome back everybody today we're going to take a look at cloud infrastructure specifically we're going to be learning about it using lenod we're going to learn about system images how to set up a linux virtual machine specifically ubuntu 20.04 we're also going to take a look at some of the things that we want to do to our virtual machine to secure it as well as getting files on there and in the bigger picture how is our website going to actually be reached from the web and whatnot for this tutorial you're gonna need a windows terminal specifically with a linux distribution installed in because that's what i'm gonna be using and i recommend that you use it as well we're gonna be learning about cloud using the node cloud provider so link for that in the description you can grab a 20 credit if you want to follow these instructions using any other cloud provider feel free to do that so first thing that we want to do is we want to go to our cloud provider console and for lenode we're going to be in lenods and specifically we want to go ahead click on create and lenode so we're going to set up a new lenod and here we're going to select from the menu ubuntu 20. in the region uh select your own region it doesn't really matter that much i'm going to select london i'm going to grab the node the cheapest right we're all about the bargain and we're going to say just tricking dash library test right because we're testing this root password uh doesn't really matter that much just just set it up and whatever you can remember for a brief period of time because i'm going to show you how to disable it now go ahead click create and after that we are going to connect to the virtual machine and take a look at it so once your virtual machine has been set up this is approximately what it's going to look like uh you're going to see an ip address over here and the rest of the stuff not much of it matter so we're not going to be looking at the metrics volumes nothing like that at the moment all i want you to do is just grab the ip address and what we want to do is connect to the machine all right for this you're going to need a tool called ssh if you're just using windows and you don't have a linux distribution i highly recommend you get it your other option is putty and that option sucks okay so you want to go ahead ssh onto the machine you're gonna use the root user because that's the only user that's currently available in there they're gonna supply the ap address and that is going to are you sure you want to connect continue connecting yes we're sure go ahead supply the password that you've inputted during creation of the machine and now we're here so let's go ahead and clear it and here we are root on localhost first thing that you want to do when you connect to the machine as a root you want to disable root okay so you're going to need two things first you're going to need to create your own ssh key so for this we're going to go ahead and open up this ubuntu test distribution that i've showed you how to set up how you can get a clean distribution every single time on here let's go ahead and cd into the home directory by pressing uh by saying cd tilde i'm gonna make this a little bit bigger and in here specifically what we want to do is we want to invoke a command ssh-keygen this is gonna basically generate a key that we can use to sign in so if you specify a custom file name just make sure that you're gonna put it in dot ssh id rsa and i've just noticed i'm doing it as root so when installing this machine i've specified a user for myself so i'm actually going to switch to that user okay and i'm going to again switch to the home directory and again let's just get the keygen command up here right so this is where the this is the default file that's going to be generated in your slash home slash user dot ssh slash id rsa this is going to be your key just go ahead press enter if you specify a custom file we're going to take a look at it what that's going to look like later go ahead press enter enter a passphrase and just like that okay so we're going to take a look at passwords as well so just pay attention to what what password you've put in here okay let's go ahead clear the console here and now if you type in ls you shouldn't see anything in your home directory like right so if you just type in pwd you should be in your slash home slash user directory if you type la that should give you all your hidden directories if that doesn't happen just do ls ls a and you should be able to see the ssh directory what you want to do is let's go ahead and list the ssh directory and here you're going to have two keys the idea i say is your private key you do not want to expose this keep this as secret as possible do not mess with this one the idea i say is like you know kinda secret so what we want to do is we want to get the contents of the id rsa key dot pub and let's go ahead grab these and we're going to copy them now coming back to the previous terminal where we've been a user and just a note if you are inactive to for a long period of time in the terminal where the node what it's going to do is it's going to disconnect you okay and then it's going to freeze for a bit a bit of an unpleasant experience but just be warned okay so if sometimes if it's freezing you're just being timed out and you're being disconnected okay so first thing that we want to do is we want to create a user which is going to use this key to connect to us okay so let's go ahead and add a user i'm going to say right we're going to supply some kind of password and just uh like uh just take note of the password that you're supplying here okay and for the other options again we don't need them take note of the password because we're gonna do a little bit of experiment with securing later on as well once we have added a user what you want to do is you want to add them to these pseudo user group which is basically you're going to give the user administrator privileges okay specifically the command for giving administrator user privileges is user mod a g sudo so we added the user to group of sudo and we say tashk right and or whatever username you provide right so whatever username you want really at this point this user should be a moderator and same as on your linux distribute on your local linux distribution what's gonna happen is if you're gonna not cd uh but okay we will see let's see back into the home directory so we get the full effect you know if we list the home directory we're gonna see that the tashiq user is now in here we go there and there's going to be almost nothing there we still have some hidden directories but that's pretty much it what we want to do now is we want to add the ssh folder in here so let's go ahead and cd into this user's directory we're going to make a directory so mkder mcder as i like to say and let's just make dot ssh right so now if we less again it's going to be the same effect as if we can't see it and if we list all that's the ssh folder let's a cd into there and what we want to do now is we want to create a file where we're going to put this key okay so we're going to touch authorized keys right and and if we now list the files in the ssh directory we should have this uh directory right let's go ahead and they use vi to go into authorized keys and again press i for insert ctrl v to paste not that username go back and copy the key again right paste it in here press escape to exit insert mode colon write and quit and exit right verify that the contents are indeed there and there you have it at this point you should be able to connect to the machine with your other user so let's go ahead switch switch the tab here and this user what we should be able to do now is we should be able to ssh as our user again i'll grab the ap address here and i'll paste it here and here we go so again accept connection and we'll input the password now the thing that we want to disable is if we exit it and we try to connect again let's say we enter the password incorrectly a couple of times you can see it will prompt us for a password right and if you try to remember how we signed in with the root account we also typed in a password now if we type in our password of the user with which we registered on the actual machine we don't want to be able to do that so the password of the user that is registered on the machine that should be inaccessible because that is a prone to brute force okay so somebody can brute force into your machine by just quickly retrying many many different types of passwords so we want to disable that and that's really the first thing that you should be aiming to do with your uh linux box so first thing disable the root user second thing uh disable the login logging logging in with password really so let's come back here let's exit as root and uh what we're going to do is we are now going to configure this uh machine to not be accessible with password login because this user is now an administrator as well remember we've added them to the group so to disable this we need to change the configuration file so the configuration file lives in etc ssh and it will be sshdconfig okay we will need if you notice if you try to just cut the file i think you will be able to but if you i think if you try to vi and you will let's say you will try to edit the file whereas my cursor something like this and then you'll try to write quit it will tell you you're in read-only mode so to exit the file you press colon quit and bang so you're basically just discarding the changes that you've just made go ahead and add sudo in front of it so you will only you will then be able to edit the file if you are in in basically administrator mode every time you add sudo you you enter administrator mode here we will have an option permit root login do not uncomment it what you want to do is you want to say no here okay the other option that you want to find is there will be a password authentication option go ahead and comment that and say no here as well okay exit that right quit and now what we want to do is we want to restart ssh so let's go ahead use c system ct sudo system ctl restart sshd okay that should restart it and now to verify that this is indeed working go back to your machine and try the root login and you should get permission denied okay coming back to here again same thing we can exit to disconnect from the machine we can try to connect to it and put the password in correct amount of times and then it's not going to permit us to log in with the password okay so password login is disabled now the only way to log into your machine is you need the private key and the password to that private key so it's like triple secured right or whatever amount of metrics secured now that our machine is secured we can go ahead and play around with it okay i'm gonna leave links for this in the description uh we're gonna go ahead and install net core onto our box and where are the instructions right here start an application and serve it through using nginx okay so go ahead copy the commands that are here uh go ahead just paste them in right so we get we get some kind of package we go ahead and unpackage it right put in your password for sudo uh if you say ls you see there is the package we've already unpackaged it so we can just go ahead and remove it with the rm command and remember that this was a brand new machine so what we want to do is we want to do sudo apt update right so just whatever it's doing back there you know magic you will never know just make sure that you run that okay so that has run and now we want to go ahead and just install the only bit that i'm going to install is this dotnet sdk i'm gonna opt in for 3.1 because i haven't used dotnet 5 really yet so we are not experimenting today let's go ahead say sudo apt install dotnet sdk and we'll say dash 3.1 okay we will need to say y to the flag right and that is going to install.net before installing this you can try running the dot net command it's not going to work okay so once this has finished go ahead and verify that dotnet has been installed so dotnet.net.net.help.net v whatever you want to use to test it right let's go ahead and clear this we are currently in our home directory so anytime you want to find out your directory type in pwd and in our directory what we're going to do is we're going to run dot net new we'll just type dash h to get all the possible templates it looks a little bit messed up but we'll just say dotnet new web for the empty template template right there and dash and to give it a name in our case we'll just say test okay that should start up the application and once that has finished or we can again go ls there is our directory we can go into test with ls and all family familiar things right so if we cat startup uh you already know what's going on here you can even have a quick play around with it go into vim and try to edit c sharp code without any intellisense or help whatsoever let's go ahead quit this and if you can guess we can actually start the application as well so it's just like having the thing on your computer really but now it's in the cloud all right let's go ahead close this and what we're going to do is we're going to pause right here we're going to create an image we're going to recreate our virtual machine for uh learning purposes right so let's go ahead disconnect we're going to go back to our lynode right here what we're going to do we're going to go into images you can stop your your lenod here your virtual machine you you can not do it if you want preferably you do want to stop it i love to live on the edge so we're going to what's it called just go ahead select the node that we want to turn into an image select its disk and the label let's just go ahead and say tricking a library test image we're going to go ahead and create it and the creation for that is scheduled so here you can see the image is being created and now we're just going to go ahead and give it a couple minutes to create so one once that has been created let's go ahead back to our lenode here we can go ahead and delete it so we're going to go into settings delete the node delete and press delete so that should initiate deletion of your lenode now we want to go ahead and write another one right this time what we're going to do is we're going to go to the images section and we're going to choose an image and here we're going to choose our trekking library test image and hopefully you can understand what is about to happen again select the region select the box type and here we're gonna say library okay so this is the three for recreated we are going to put in a password for root note that it matters we can put whatever we want uh root is disabled on this image and let's go ahead and create it right so we're going to wait a little bit for that to be created once that's done we're gonna continue this tutorial so once that has been created let's go ahead grab the ap address we'll say ssh root right we don't know the password anyway except the whatever and permission tonight right so it is the virtual machine that we've built up before it's a snapshot of it it's like as if you're writing code you're like right i'm at a good place commit and if i mess anything up it's something i can go back to okay or i can replicate this amongst the many virtual machines you know the world's eryster so when people talk about horizontal and vertical scaling vertical scaling is basically making the vm bigger so giving it more cpus more ram more memory whatever horizontal scaling is putting on more virtual machines so from one virtual machine to two three four five and etc okay now let's go ahead and connect to it again using our other user right coming back here so we're on the vm let's clear the console and we'll put dot net and here it is right if we list our directory our test application is here so a big point about images they help with deployment processes as well backup purposes and scaling purposes okay so just take note of those if you're ever in a situation where you need to solve that kind of problem and you don't have an experienced member on your team you're the man you already know you try to solve your problem using images in terms of ci cd etc okay now on this virtual machine what we want to do is want to try to connect to our application right what do we need to actually reach our test application right and see the hello world in the browser let's go ahead and say sudo apt install we're gonna install njinx and this is a web server right so nginx request comes in and then it goes ahead and outputs whatever you tell it to output so we're quick let's go ahead and copy the ap address we're going to try to go to it and we didn't quite make it but hopefully if njinx has uh installed them successfully you should see this screen when you reach your ip address right so i don't know how it's pronounced by the way and jinx and gen x pick pick whatever you want now that we're here let's go ahead and put some configuration in the nginx file and i'm going to show you basically how to do it right so again another link that will be in the description is uh instructions on how to host your application there is going to be a configure in jinx section here we're just going to grab this and again i'm just grabbing this from documentation when we actually go to deploy it's going to look a little bit different okay this is just so you understand what is going on more or less in the atc folder if you remember from the preview if you watched the previous episode the configuration for our postgresql also lived in the atc folder the configuration for ssh also lives in the atc folder you can kind of build up a pattern of where stuff is in which folders as well and where you can think of looking for things okay so in here we want to go into and jinx here we're gonna have a couple of things uh primarily the things to notice is the nginx.conf file uh that is like the centralized config for your nginx do not touch it okay uh what you want to do anytime you add a website and you want to enable a website you want to do the following right so you're going to go into sites available right so let's go ahead cd into here and what you want to do for all for each one of your websites you want to add a separate config okay so you will need to do sudo touch test so we're going to be adding a configuration for our test website so if we list again there is our file we can then sudo v into our test file insert paste the configuration escape to exit insert and go to the line where we have the server name and press d twice to delete the line okay we delete cool press escape for good measure and write and quit okay so again you can just sudo cat test to make sure that you actually have written to it now what we want to do is we want to cd into uh sites enabled and in here you are also going to have a default you will notice that the color is a little bit different and the reason for that is that because this is a symbolic link okay and i can't explain too much about some symbolic links all i can all i think about it is like an object reference right if you just have an object you put it into one variable and you put it in the same in another variable both of those variables point to the same thing so here when you're going to create a symbolic link all i can say is that is just going to point to that file to which you are symbolically linking it with so the way you that you do this is sudo ln-s the first part is where are we pointing it to so we're going to point it to sites available and then we're going to select the test file and then test as in in this folder there is going to be a test file that is going to be linked to right so let's run this command we're going to say ls and there is our symbolically linked file so that's called test and if we cut test i mean it's still the same configuration although the file is actually in another direction so if we need to we remove this file and the other files in touch so this is basically how we enable disable things okay without like actually removing actual files okay so let's go ahead clear this up we're still in the sides enabled folder let's go ahead and cd into our home directory so cd dildo or i don't know the wave thing okay i'll clear this again and the thing that we want to do is we want to run a test if our nginx configuration is valid for this you're on nginx t and if you get an error don't be scared first time make sure you put sudo in from it okay and then you'll have this so next thing you want to restart the nginx server so reload the config so dash as a reload let's go ahead and do that and that's it right so the configuration is reloaded here let's go ahead and start our application right so in here let's cd into test and do dot net run and let's see if we can hit our application and kind of uh we're not going to be able to but we're going to see what it sort of takes to get there right so if we refresh this any amount of time we're still at the same page and that's because there is no real mapping from this ip address to our actual application if you pay attention to the documentation here how it says server name and it's pointing to it's asking for specific urls to be matched in order to get there this is something that's not happening here currently okay so let's go ahead and come out of here and what we're going to do is we're again going to go into and atc in gen x we're going to go into sites available we're going to go into test so we can't actually see the into there so let's just sudo we were we're going to edit it from here and here let's go ahead and insert enter a new line so server underscore name and let's go ahead and put our ip address we don't need the http or anything like that we will put the semicolon on the end escape to exit insert mode colon right quit okay again nothing is going to change because you need to rest you always test the configuration first and then go ahead and reload it once it's successful okay so once we've done that let's go ahead and run our application again once that has started we are gonna go ahead and refresh our website and we should see the hello world that's coming from up our application okay so now there are a couple of things that we can do in the episodes to come i'm gonna show you how we are gonna use the domains here if you've seen the two episodes ago we've been or two or three episodes ago we've been talking about setting up send grid on the admin panel and how it's pointing to my lenode server again we're gonna revisit that and we're going to point our domain to the notes over here and we're going to point our domain in this dashboard so in the domain section we're going to point it to our virtual machine within the uh linux infrastructure okay and then we will be able to input our domain and that's just going to take us to our application and all is going to be good and one thing if you notice if we can quickly go into the test file one test file we say the ip address and we say slash and that's gonna then we can say point to our nox js application if we say slash a if it begins with slash api point our.net application so on the same domain and the same subdomain really we can have two applications three applications for replica as many applications as you want can this be in disguised as living under one domain right so you're just composing one applications out of many other applications right and you're just saying where do we want to route these requests to all right so let's go ahead exit this now that we have sort of an idea of how that works let's go ahead and do something else we're going to learn a little bit about our sync and how to transfer files and this is going to be useful when we're going to be building our ci cd pipeline when we're going to be deploying our code to this uh directory right so let's go ahead and create a user so same way that we did before add a user and we're just going to call it ci cd for a continuous integration delivery or you know you can call it test or something like that and make sure you start with sudo password again we can just uh tell it some like password here correct information yes and now what we want to do we want to go through the same motions so let's go ahead open our ubuntu test here what we're going to do is we're going to create a separate key so ssh keygen uh let's actually see the into our actually su it's where that starts with root but yeah so we are in our home directory ssh key gen we want to generate a key so we can go ahead and put it in that directory or we can put it in home directory so let's go ahead and just say we want ci cd okay uh password you want to keep this empty and that's it okay so this is a little bit less secure but we're not giving this user admin privileges and we're gonna only give it a privilege just to a specific folder to write the files to there okay so this user is not going to be able to screw up our vm however you still need the key to connect with uh to our what's called you still need the key to connect to our virtual machine with it so it's still quite quite secure so if you do a less against the icd that's your private key cicd pub that's your public key a little bit less important but nevertheless do not expose neither of them really don't do not like email or post it in blog posts what not unless you're going to delete them straight after which is what i'm going to do so go ahead copy that key in here what we're going to do is now if we look in the home directory the same as we did when we checked for our touch user uh you can see here we have the cicd test user and we want to do really the same thing if we check we don't have the ssh folder let's go ahead and uh sudo mcdurr really some funny somebody was having fun here i can feel it authorized keys you know once you've done this a couple of times you can then script these and set these up automatically as well but we're not going to go over that uh sudo v insert paste this okay let's go ahead and just cut it so we make sure it's there cool so now that we got that let's go ahead and actually i'll make this a little bit bigger what we can do now is we can ssh and to specify the specific key what we're going to do is we're going to say i the key name and then we're going to see i see the underscore test at whatever ip we had so if we go here and there we go permission denied right so even more secured uh let's go ahead and try the task on there definitely maybe i'm forgetting something actually just seeing i've misspelled the user so cicd test there we go and we should be able to just get onto the machine no problem no password so the no password bit is important because in your ci cd pipeline you're not going to be able to you know pass the password prompt so this is how you want to do it right keep this account low privilege just give it permissions to put the files onto somewhere and then you're good okay so let's go ahead and see how the the rsync command is going to work okay let's go ahead and exit from here we're gonna ls the directory so we got a bunch of stuff let's go ahead and make a directory we're gonna call it app so in here we're gonna have our app and then we're gonna touch uh our app appropriately only and we're gonna touch something like a start app file so imagine that and make sure you put the dot at the beginning so because it's a local directory if you just say slash it's going to be starting at the root so if you do something like this if you do this it's your current directory which is the same as this okay so touch app start file so that's going to be in our app all right so if we ls oh just doing the same mistake again just okay so there we go so we can do something like two and three so we got a couple of files in there right so it's a real application now we got html pages we can put nested stuff in there uh let's go ahead and push that up to into the server okay so we go with the our sync command and then we want to specify but rather ssh where we supply our key which in our case is going to be in the same directory i can't even remember what i called it anymore so ls uh let's bring this command back it was like how typing it let's put this in here dash a c i c d so that's where it is then we want to specify some flags uh i won't be able to tell you off by heart what they mean like avr z i think ours recursive z is zipping avi v verbose a i can't remember but i i just remember that that's just what you want from building like a couple of pipelines we then say what we want to push so in our case we want to go ahead and push our amazing app and we want to push everything in there the last thing is the ci cd underscore test and same is connecting to our application just go ahead put the ip address here and on the end where do we want to put it so in our case let's just go ahead and put it in our home directory since we didn't give it any permissions to any other folders okay so in our case it's going to be ci cd test and dash the let's say deployed app i don't know if i'll let us create it but we'll see all right let's go ahead and run this cool if we go back to another terminal hopefully i haven't timed out i have uh let's go ahead and try to reconnect here so this guy right here okay there it is so deployed app is there and there are our files okay so that's a quick round out rundown of our sync that is basically how we're going to get our files onto the application once we are in the cicd pipeline if you remember the ci cd pipeline is a machine just like linux so if you can do it from your local machine you can do it from the linux machine and the build agent on like github actions on azure maybe you can do it from one cloud machine onto another cloud machine etc right all linux machines they're essentially the same so it doesn't matter where they are you can do the same things with them regardless okay there might be like different permissions and whatnot but generally if you can do it locally you can do it anywhere else okay so hopefully you've enjoyed this video if you did give it a like subscribe if you have any questions make sure to leave them in the comment section you can reach out to me on discord server i also stream on wednesdays and sundays on twitch go ahead and follow the link in the description i start streaming at six o'clock london time and as always hope to see in the next episode

Info

Channel: Raw Coding

Views: 1,733

Rating: undefined out of 5

Keywords: asp.net core, c#, tutorial, guide, web, development, nodejs, vm, linode, cloud, hosting, ssh, rsync

Id: UAWImLf5bgw

Channel Id: undefined

Length: 34min 25sec (2065 seconds)

Published: Fri Jan 01 2021