Basic Server Setup, Caddy, Docker, Tailscale¶
Basics¶
Creating the VM in oracle cloud¶
- Go to instances, new instance.
- Select the Always Free image, ARM or x86, recommended 4GB RAM.
- Choose Ubuntu image.
- Download the SSH key and name it accordingly.
SSH Keys¶
Using PuttyGen.
- Place the key in
./ssh/openssh_keys - Open PuttyGen, conversion -> import keys
- Save the key files as ppk file in root folder of
./ssh
Putty
- Grab the IP address in the cloud console
- Give a name in saved sessions
- Go to behavior, choose these options
- Under Data, make sure Terminal-type string is xterm-256color
- Under Terminal -> Features, check “disable application keypad mode” to fix issues with nano
- The private key needs to be load in Connection -> SSH -> Auth -> Credentials
To get the IP address of the VPS at any time
Useful packages to install
htop iotop iftop fio curl gnupg wget neofetch ca-certificates lsb-release fzf screen firewalld net-tools bash-completion
Docker¶
https://docs.docker.com/engine/install/ubuntu/
sudo apt-get update
sudo apt-get install \
ca-certificates \
curl \
gnupg \
lsb-release
sudo mkdir -p /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
$(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update
sudo apt-get install docker-ce docker-ce-cli containerd.io docker-compose-plugin docker-compose
sudo groupadd docker \
sudo usermod -aG docker ubuntu
newgrp docker # activate docker group immediately
Alternative use docker.io for out of the box install as this package is provided by the distro repo.
The machine needs to be rebooted from Oracle Cloud console to finish installation.
Follow docker for more setup.
Caddy¶
Docker Version Install¶
Detailed information on installing Caddy has moved to caddy
If Nginx is installed alongside Caddy, it needs to be changed to listen on port 81 instead.
- change the
serverblock’slistenfrom 80 to 81
Port Forwarding¶
On the Oracle Cloud side, login and go to Virtual Cloud Networks, click the one that’s available, then the default subnet, this will bring up the Security Lists
- this is an example of SSH port, configure by
Add Ingress Rulesand add the ports accordingly; it’s also possible to allow everything and install a firewall in the OS itself
On the Linux machine, either use iptables or firewall-cmd
sudo firewall-cmd --zone=public --add-port 19132/tcp --permanent
sudo firewall-cmd --zone=public --add-port 19132/udp --permanent
sudo firewall-cmd --zone=public --add-port 25565/tcp --permanent
sudo firewall-cmd --zone=public --add-port 25565/udp --permanent
sudo firewall-cmd --zone=public --add-port 80/tcp --permanent
sudo firewall-cmd --zone=public --add-port 443/tcp --permanent
sudo firewall-cmd --zone=public --add-port 5800/tcp --permanent
sudo firewall-cmd --reload
sudo iptables -I INPUT 6 -m state --state NEW -p tcp --dport 443 -j ACCEPT sudo iptables -I INPUT 6 -m state --state NEW -p tcp --dport 80 -j ACCEPT sudo iptables -I INPUT 6 -m state --state NEW -p tcp --dport 25565 -j ACCEPT sudo iptables -I INPUT 6 -m state --state NEW -p tcp --dport 19132 -j ACCEPT sudo iptables -I INPUT 6 -m state --state NEW -p udp --dport 25565 -j ACCEPT sudo iptables -I INPUT 6 -m state --state NEW -p udp --dport 19132 -j ACCEPT sudo iptables -I INPUT 6 -m state --state NEW -p udp --dport 51820 -j ACCEPT sudo netfilter-persistent save ^4f1e6a
Troubleshooting¶
For firewall-cmd, use this command to check all open ports.
Using netstat, or pipe it to grep
Tailscale¶
Installation and setup of basic services is covered in tunneling basic services. For usage such as exit-node and subnet-routes.
Exit Node/Subnet Routes¶
First need to enable IP forwarding.
echo 'net.ipv4.ip_forward = 1' | sudo tee -a /etc/sysctl.conf
echo 'net.ipv6.conf.all.forwarding = 1' | sudo tee -a /etc/sysctl.conf
sudo sysctl -p /etc/sysctl.conf
When using with firewalld, additional configuration is needed such as masquerade.
sudo firewall-cmd --add-masquerade --zone=public --permanent
sudo firewall-cmd --add-interface=tailscale0 --zone=trusted --permanent
sudo firewall-cmd --reload
Basic command to advertise as exit-node and subnet routes
When connect tailscale in CLI, additional arguments is needed to accept routes (the command below also activate exit node)
To enable these features, need to go to admin console, go to each machine settings,
Edit Route Settings and enable exit-node or subnet routes. Advanced¶
Tunneling Jellyfin and other web services with tailscale and caddy
Archived¶
Basic Setup + Docker
- Installing Caddy web server (simple to use reverse proxy), lightweight, easy and no need for docker. (Nginx is also a good candidate for reverse proxy as the command is easy to memorize and does not require consulting documentation sites. However, the syntax for nginx is extremely complex compared to caddy and might not be easily memorized.
https://caddyserver.com/docs/install#debian-ubuntu-raspbian
sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
sudo apt update
sudo apt install caddy net-tools
# net-tools is good utility, optionally can install firewall-cmd or nginx
# sudo apt install firewalld nginx
Basic Caddy Syntax (if applicable)
If the server that is being setup or restored needs functional service like bookstack or uptime-kuma, reverse proxy is needed.
{
email weebly2x10@gmail.com
}
your-uptime-kuma.yoursubdomain.duckdns.org {
reverse_proxy http://127.0.0.1:3001
}
wiki.yoursubdomain.duckdns.org {
reverse_proxy http://127.0.0.1:6975
}