Difference between revisions of "Amahi on AWS"

From Amahi Wiki
Jump to: navigation, search
 
(5 intermediate revisions by 2 users not shown)
Line 1: Line 1:
Running Amahi on Amazon Cloud computing service.
+
{{NeedsUpdate}}
 +
 
 +
 
 +
=Running Amahi on Amazon Cloud computing service.=
 
discussion is ongoing on the amahi forum about this.
 
discussion is ongoing on the amahi forum about this.
  
IMPORTANT: THOSE INSTRUCTIONS DO NOT LEAD TO A FULLY WORKING AMAHI SYSTEM:
+
=IMPORTANT: THOSE INSTRUCTIONS DO NOT LEAD TO A FULLY WORKING AMAHI SYSTEM:=
  
# Register to Amazon AWS
+
* Register to Amazon AWS
# launch instance of AMI "ami-0d638d64"
+
* launch instance of AMI "ami-0d638d64", during launch you can setup "security group" during which you have to open ports 80 and 2000 for all Internet IP (0.0.0.0/0)
# ssh into it with the command shown on the amazon console
+
* ssh into it with the command shown on the amazon console, you'll need to save YOUR_KEYPAIR somewhere to do that
# create a user with:  
+
* at this point you may want to create a root password with <code>passwd</code> for future convenience, if not skip this.
 +
* create a user with:  
 
<code>useradd -p PASSWORD USERNAME</code>
 
<code>useradd -p PASSWORD USERNAME</code>
# check that /dev/null is readable, if not do a:  
+
* check that /dev/null is readable, if not do a:  
 
<code>chmod go+rw /dev/null</code>
 
<code>chmod go+rw /dev/null</code>
# from your home computer generate a ssh key if you don't already have one (check ~/.ssh/ for an id_rsa.pub file) with:  
+
* from your home computer generate a ssh key if you don't already have one (check ~/.ssh/ for an id_rsa.pub file) with:  
 
<code>ssh-keygen</code>
 
<code>ssh-keygen</code>
# upload your ssh key to the running instance with:  
+
* upload your ssh key to the running instance with:  
<code>scp -i YOURKEYPAIR.pem ~/.ssh/id_rsa.pub root@INSTANCEPUBLICIP:/home/USERNAME/id_rsa.pub</code>
+
<code>scp -i YOUR_KEYPAIR.pem ~/.ssh/id_rsa.pub root@INSTANCE_PUBLIC_IP:/home/USERNAME/id_rsa.pub</code>
#from your server again move your keypair to the authorized ssh key with:
+
*from your server again move your keypair to the authorized ssh key with:
 
<code>mv ~/id_rsa ~/.ssh/authorized_keys2 </code>
 
<code>mv ~/id_rsa ~/.ssh/authorized_keys2 </code>
# check that /dev/null is readable, if not do a:  
+
* check that /dev/null is readable, if not do a:  
 
<code>chmod go+rw /dev/null</code>
 
<code>chmod go+rw /dev/null</code>
# use <code>route</code> and <code>ifconfig</code> to find out your network setting
+
* use <code>route</code> and <code>ifconfig</code> to find out your network setting (if you want a static IP you have to purchase an "elastic IP", please consider that IP persist after reboot but not after stop or termination)
# create your hda profile accordingly
+
* create your hda profile accordingly
 +
 
 +
as root follow the instruction for Fedora 12 system on the wiki ([[Self-install]]), on reboot disable DHCP and SAMBA server as they conflict with amazon network settings.
 +
At this point you have an amahi install which is reachable at the instance public ip and by following the above step you can now ssh into it from the computer where you generate the ssh key with <code>ssh USERNAME@INSTANCE_PUBLIC_IP</code>, if you need root access you can <code>su</code>.
 +
 
 +
=TUNNELING=
 +
It is possible to create a tunnel from an existing Amahi server (or any server) behind an ISP NAT to a running instance in order to make it reachable from all the Internet with ssh, by doing this one does not need an Amahi system to be installed on Amazon and it actually conflicts as one needs the instance NOT to host a server on the same ports that it forwards to the NATted endpoint.
 +
 
 +
* On the running instance linux system edit file <code>/etc/ssh/sshd_config</code> and uncomment the <code>AllowTcpForwarding yes</code> and <code>GatewayPorts yes</code>
 +
 
 +
* On the NATted endpoint check that you have a server listening on LOCAL_PORT, fire up a terminal and do:
 +
 
 +
<code>ssh -R INSTANCE_PUBLIC_IP:LOCAL_PORT:localhost:REMOTE_PORT INSTANCE_PUBLIC_IP</code>
 +
 
 +
you'll need to have the ssh key that's in the instance <code>~/.ssh/authorized_keys2</code> on this endpoint <code>~/.ssh/id_rsa.pub</code> for this to work this way, if this is not the case you can modify the command with <code>USERNAME@INSTANCE_PUBLIC_IP</code> instead of <code>INSTANCE_PUBLIC_IP</code>
 +
 
 +
Example:
 +
INSTANCE_PUBLIC_IP: 50.36.23.23
 +
LOCAL_PORT: 80
 +
REMOTE_PORT: 80
 +
 
 +
<code>ssh -R 50.36.23.23:80:localhost:80 50.36.23.23</code>
  
as root follow the instruction on the wiki for a [[Self-install]], on reboot disable DHCP and SAMBA server as they conflict with amazon network settings.
+
Now as long as the terminal on the NATted enpoint stays open if you point to http://50.36.23.23/ you're actually being replied by the server listening on the NATted IP.

Latest revision as of 22:42, 14 September 2015

Msgbox.update.png Update Needed
The contents of this page have become outdated or irrelevant. Please consider updating it.


Running Amahi on Amazon Cloud computing service.

discussion is ongoing on the amahi forum about this.

IMPORTANT: THOSE INSTRUCTIONS DO NOT LEAD TO A FULLY WORKING AMAHI SYSTEM:

  • Register to Amazon AWS
  • launch instance of AMI "ami-0d638d64", during launch you can setup "security group" during which you have to open ports 80 and 2000 for all Internet IP (0.0.0.0/0)
  • ssh into it with the command shown on the amazon console, you'll need to save YOUR_KEYPAIR somewhere to do that
  • at this point you may want to create a root password with passwd for future convenience, if not skip this.
  • create a user with:

useradd -p PASSWORD USERNAME

  • check that /dev/null is readable, if not do a:

chmod go+rw /dev/null

  • from your home computer generate a ssh key if you don't already have one (check ~/.ssh/ for an id_rsa.pub file) with:

ssh-keygen

  • upload your ssh key to the running instance with:

scp -i YOUR_KEYPAIR.pem ~/.ssh/id_rsa.pub root@INSTANCE_PUBLIC_IP:/home/USERNAME/id_rsa.pub

  • from your server again move your keypair to the authorized ssh key with:

mv ~/id_rsa ~/.ssh/authorized_keys2

  • check that /dev/null is readable, if not do a:

chmod go+rw /dev/null

  • use route and ifconfig to find out your network setting (if you want a static IP you have to purchase an "elastic IP", please consider that IP persist after reboot but not after stop or termination)
  • create your hda profile accordingly

as root follow the instruction for Fedora 12 system on the wiki (Self-install), on reboot disable DHCP and SAMBA server as they conflict with amazon network settings. At this point you have an amahi install which is reachable at the instance public ip and by following the above step you can now ssh into it from the computer where you generate the ssh key with ssh USERNAME@INSTANCE_PUBLIC_IP, if you need root access you can su.

TUNNELING

It is possible to create a tunnel from an existing Amahi server (or any server) behind an ISP NAT to a running instance in order to make it reachable from all the Internet with ssh, by doing this one does not need an Amahi system to be installed on Amazon and it actually conflicts as one needs the instance NOT to host a server on the same ports that it forwards to the NATted endpoint.

  • On the running instance linux system edit file /etc/ssh/sshd_config and uncomment the AllowTcpForwarding yes and GatewayPorts yes
  • On the NATted endpoint check that you have a server listening on LOCAL_PORT, fire up a terminal and do:

ssh -R INSTANCE_PUBLIC_IP:LOCAL_PORT:localhost:REMOTE_PORT INSTANCE_PUBLIC_IP

you'll need to have the ssh key that's in the instance ~/.ssh/authorized_keys2 on this endpoint ~/.ssh/id_rsa.pub for this to work this way, if this is not the case you can modify the command with USERNAME@INSTANCE_PUBLIC_IP instead of INSTANCE_PUBLIC_IP

Example: INSTANCE_PUBLIC_IP: 50.36.23.23 LOCAL_PORT: 80 REMOTE_PORT: 80

ssh -R 50.36.23.23:80:localhost:80 50.36.23.23

Now as long as the terminal on the NATted enpoint stays open if you point to http://50.36.23.23/ you're actually being replied by the server listening on the NATted IP.