Difference between revisions of "Amahi on AWS"

From Amahi Wiki
Jump to: navigation, search
Line 5: Line 5:
  
 
* Register to Amazon AWS
 
* Register to Amazon AWS
* launch instance of AMI "ami-0d638d64"
+
* launch instance of AMI "ami-0d638d64", during launch you can setup "security group" during which you have to open ports 80 and 2000 for all Internet IP (0.0.0.0/0)
* ssh into it with the command shown on the amazon console
+
* ssh into it with the command shown on the amazon console, you'll need to save YOUR_KEYPAIR somewhere to do that
 +
* at this point you may want to create a root password with <code>passwd</code> for future convenience, if not skip this.
 
* create a user with:  
 
* create a user with:  
 
<code>useradd -p PASSWORD USERNAME</code>
 
<code>useradd -p PASSWORD USERNAME</code>
Line 14: Line 15:
 
<code>ssh-keygen</code>
 
<code>ssh-keygen</code>
 
* upload your ssh key to the running instance with:  
 
* upload your ssh key to the running instance with:  
<code>scp -i YOURKEYPAIR.pem ~/.ssh/id_rsa.pub root@INSTANCEPUBLICIP:/home/USERNAME/id_rsa.pub</code>
+
<code>scp -i YOUR_KEYPAIR.pem ~/.ssh/id_rsa.pub root@INSTANCE_PUBLIC_IP:/home/USERNAME/id_rsa.pub</code>
 
*from your server again move your keypair to the authorized ssh key with:
 
*from your server again move your keypair to the authorized ssh key with:
 
<code>mv ~/id_rsa ~/.ssh/authorized_keys2 </code>
 
<code>mv ~/id_rsa ~/.ssh/authorized_keys2 </code>
 
* check that /dev/null is readable, if not do a:  
 
* check that /dev/null is readable, if not do a:  
 
<code>chmod go+rw /dev/null</code>
 
<code>chmod go+rw /dev/null</code>
* use <code>route</code> and <code>ifconfig</code> to find out your network setting
+
* use <code>route</code> and <code>ifconfig</code> to find out your network setting (if you want a static IP you have to purchase an "elastic IP", please consider that IP persist after reboot but not after stop or termination)
 
* create your hda profile accordingly
 
* create your hda profile accordingly
  
as root follow the instruction on the wiki for a [[Self-install]], on reboot disable DHCP and SAMBA server as they conflict with amazon network settings.
+
as root follow the instruction for Fedora 12 system on the wiki ([[Self-install]]), on reboot disable DHCP and SAMBA server as they conflict with amazon network settings.
 +
At this point you have an amahi install which is reachable at the instance public ip and by following the above step you can now ssh into it from the computer where you generate the ssh key with <code>ssh USERNAME@INSTANCE_PUBLIC_IP</code>, if you need root access you can <code>su</code>.
 +
 
 +
=TUNNELING=
 +
It is possible to create a tunnel from an existing Amahi server (or any server) behind an ISP NAT to a running instance in order to make it reachable from all the Internet with ssh, by doing this one does not need an Amahi system to be installed on Amazon and it actually conflicts as one needs the instance NOT to host a server on the same ports that it forwards to the NATted endpoint.
 +
 
 +
* On the running instance linux system edit file <code>/etc/ssh/sshd_config</code> and uncomment the <code>AllowTcpForwarding yes</code> and <code>GatewayPorts yes</code>
 +
 
 +
* On the NATted endpoint check that you have a server listening on LOCAL_PORT, you'll need to have the ssh key that's in the instance <code>~/.ssh/authorized_keys2</code> on this endpoint <code>~/.ssh/id_rsa.pub</code> for this to work this way, if this is not the case you can modify the command adding <code>USERNAME@INSTANCE_PUBLIC_IP</code>
 +
 
 +
<code>ssh -R INSTANCE_PUBLIC_IP:LOCAL_PORT:localhost:REMOTE_PORT INSTANCE_PUBLIC_IP</code>
 +
 
 +
Example:
 +
INSTANCE_PUBLIC_IP: 50.36.23.23
 +
LOCAL_PORT: 80
 +
REMOTE_PORT: 80
 +
 
 +
<code>ssh -R 50.36.23.23:80:localhost:80 50.36.23.23</code>
 +
 
 +
and if you point to http://50.36.23.23/ you're actually being replied by the server listening on the NATted IP.

Revision as of 02:16, 17 November 2010

Running Amahi on Amazon Cloud computing service.

discussion is ongoing on the amahi forum about this.

IMPORTANT: THOSE INSTRUCTIONS DO NOT LEAD TO A FULLY WORKING AMAHI SYSTEM:

  • Register to Amazon AWS
  • launch instance of AMI "ami-0d638d64", during launch you can setup "security group" during which you have to open ports 80 and 2000 for all Internet IP (0.0.0.0/0)
  • ssh into it with the command shown on the amazon console, you'll need to save YOUR_KEYPAIR somewhere to do that
  • at this point you may want to create a root password with passwd for future convenience, if not skip this.
  • create a user with:

useradd -p PASSWORD USERNAME

  • check that /dev/null is readable, if not do a:

chmod go+rw /dev/null

  • from your home computer generate a ssh key if you don't already have one (check ~/.ssh/ for an id_rsa.pub file) with:

ssh-keygen

  • upload your ssh key to the running instance with:

scp -i YOUR_KEYPAIR.pem ~/.ssh/id_rsa.pub root@INSTANCE_PUBLIC_IP:/home/USERNAME/id_rsa.pub

  • from your server again move your keypair to the authorized ssh key with:

mv ~/id_rsa ~/.ssh/authorized_keys2

  • check that /dev/null is readable, if not do a:

chmod go+rw /dev/null

  • use route and ifconfig to find out your network setting (if you want a static IP you have to purchase an "elastic IP", please consider that IP persist after reboot but not after stop or termination)
  • create your hda profile accordingly

as root follow the instruction for Fedora 12 system on the wiki (Self-install), on reboot disable DHCP and SAMBA server as they conflict with amazon network settings. At this point you have an amahi install which is reachable at the instance public ip and by following the above step you can now ssh into it from the computer where you generate the ssh key with ssh USERNAME@INSTANCE_PUBLIC_IP, if you need root access you can su.

TUNNELING

It is possible to create a tunnel from an existing Amahi server (or any server) behind an ISP NAT to a running instance in order to make it reachable from all the Internet with ssh, by doing this one does not need an Amahi system to be installed on Amazon and it actually conflicts as one needs the instance NOT to host a server on the same ports that it forwards to the NATted endpoint.

  • On the running instance linux system edit file /etc/ssh/sshd_config and uncomment the AllowTcpForwarding yes and GatewayPorts yes
  • On the NATted endpoint check that you have a server listening on LOCAL_PORT, you'll need to have the ssh key that's in the instance ~/.ssh/authorized_keys2 on this endpoint ~/.ssh/id_rsa.pub for this to work this way, if this is not the case you can modify the command adding USERNAME@INSTANCE_PUBLIC_IP

ssh -R INSTANCE_PUBLIC_IP:LOCAL_PORT:localhost:REMOTE_PORT INSTANCE_PUBLIC_IP

Example: INSTANCE_PUBLIC_IP: 50.36.23.23 LOCAL_PORT: 80 REMOTE_PORT: 80

ssh -R 50.36.23.23:80:localhost:80 50.36.23.23

and if you point to http://50.36.23.23/ you're actually being replied by the server listening on the NATted IP.