Skip to content

Commit

Permalink
New wiki page - Oracle Cloud Instance - Ports opening (#41)
Browse files Browse the repository at this point in the history 
* Create OCIConfiguration.md

* Update OCIConfiguration.md

* Create TMPFile

* Add files via upload

* Delete TMPFile

* Add files via upload

* Add files via upload

* Update OCIConfiguration.md

* Update OCIConfiguration.md
  • Loading branch information
@Athar42
Athar42 authored Sep 3, 2023
1 parent ca4bf69 commit 4e0866b
Show file tree
Hide file tree
Showing 6 changed files with 159 additions and 0 deletions.
Binary file added assets/ociconf/OCI_01.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added assets/ociconf/OCI_02.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added assets/ociconf/OCI_03.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added assets/ociconf/OCI_04.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added assets/ociconf/OCI_05.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
159 changes: 159 additions & 0 deletions community/OCIConfiguration.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,159 @@
---
layout: page
title: Oracle Cloud Instance - Ports opening (Oracle Linux and Ubuntu)
parent: Community Guides
nav_order: 9
---

# Oracle Cloud Instance - Ports opening (Oracle Linux and Ubuntu)
{: .no_toc }

> **Info about this guide:**
> In this guide, I'll only cover the ports management, both on OCI console and on the server itself.
> Focus will be held for BlueMap access, not your minecraft server or the way to setup it.
{: .info }

1. TOC
{:toc}


## Step 1 : Open the ports on your Oracle Instance (web console)

Go to your console ([Oracle Cloud Login page](https://cloud.oracle.com/)), next in the menu, go to "Networking" and then select "Virtual Cloud Networks"

![Screenshot of the OCI web configuration menu]({{site.baseurl}}/assets/ociconf/OCI_01.png)

On the new page, you should see your virtual network (in the form of "vcn-....", by default), select it.
After that, select your subnet and then, the "Default Security List" (only one of each).

You should get a page similar to this screenshot :

![Screenshot of the default OCI network rules]({{site.baseurl}}/assets/ociconf/OCI_02.png)

Select "Add Ingress Rules"
The first rule we add is for accessing BlueMap :

![Screenshot of the rule configuration for port opening of BlueMap]({{site.baseurl}}/assets/ociconf/OCI_03.png)

So, as the source, we set it to ANY, so : 0.0.0.0/0
For the port, if you let the default one : 8100
The protocol is TCP (standard for HTTP services)

Then, we also need to allow the access to our Minecraft server, if not done yet (depends on which version you installed and/or mods to allow either clients to connect to your Java server)

![Screenshot of the rule configuration for port opening of Minecraft Server]({{site.baseurl}}/assets/ociconf/OCI_04.png)

For all those settings, adapt the destination ports to your needs.

After that, you should have some rules like those ones :

![Screenshot of the OCI network rules summary]({{site.baseurl}}/assets/ociconf/OCI_05.png)


Now, a quick explanations here on what we did above :

"Stateless" ==> We do not want to manually create Egress rules, so we do not check this box and let the system handle the connections.
If we had selected it, we would have needed to create a rule to allow ANY destination to get out of our server from the BlueMap web server port (to any destination port (as this is a random port, never the same).

"Source CIDR" ==> We want to get ANY outside connection to connect to our server, so we specify in CIDR notation, "all", which is 0.0.0.0/0

"Source Port Range" ==> Is defined by the client host (random), so we let this box empty.

"Destination Port Range" ==> For this one, we set to the value of the destination service, in this case for example, the BlueMap port 8100.


## Step 2a - Oracle Linux 8

The official guide on how to open your ports can be found there : https://docs.oracle.com/en/operating-systems/oracle-linux/8/firewall/firewall-ConfiguringaPacketFilteringFirewall.html#ol-firewall

But, here is the summary on what you have to do for your Oracle Linux setup :

> **Info:**
> All those commands are preceded with "sudo". If you are already using the root account, you can remove it from the command !
{: .info }

First, check that `firewall-cmd` command is available on your system.
You can check it's presence with this command :
```
sudo firewall-cmd --version
```

If you don't get a version output or simply "Command not found", do the following commands to install it :
```
sudo dnf install firewalld
sudo systemctl enable firewalld
```
The second command ensure it will start on boot.


Then, you can simply add the needed ports to the rules list, for BlueMap, it's by default 8100/tcp, so the command will look like this :
```
sudo firewall-cmd --permanent --zone=public --add-port=8100/tcp
```

As a final command, just run this to reload the firewall configuration with your changes
```
sudo firewall-cmd --reload
```


## Step 2b - Ubuntu

As per Oracle's Best Practices, follow the steps explained here : https://blogs.oracle.com/developers/post/enabling-network-traffic-to-ubuntu-images-in-oracle-cloud-infrastructure ; At the chapter "Host Firewall".

The method used there is to edit a file named "/etc/iptables/rules.v4" and add your rules in there.

Your file should look like this (the start of it at least) :
```
# CLOUD_IMG: This file was created/modified by the Cloud Image build process
# iptables configuration for Oracle Cloud Infrastructure
# See the Oracle-Provided Images section in the Oracle Cloud Infrastructure
# documentation for security impact of modifying or removing these rule
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [463:49013]
:InstanceServices - [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p udp --sport 123 -j ACCEPT
-A [...]
COMMIT
```

You can then insert a new line, for BlueMap, this would look like this :
```
# CLOUD_IMG: This file was created/modified by the Cloud Image build process
# iptables configuration for Oracle Cloud Infrastructure
# See the Oracle-Provided Images section in the Oracle Cloud Infrastructure
# documentation for security impact of modifying or removing these rule
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [463:49013]
:InstanceServices - [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p udp --sport 123 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 8100 -j ACCEPT
-A [...]
COMMIT
```

Now, save the file and after that, you can either chose to reboot the server or run the following command :

```
sudo iptables-restore < /etc/iptables/rules.v4
```

## Step 3 - Enjoy !

If you did arrive there, you should be able to access your web map with the address : http://Your_Server_Public_IP:Your_BlueMap_Web_Port (port, by default is 8100).

If you want to use a custom DNS and/or HTTPS, you can find some information in the Webserver Wiki ([Reverse proxy BlueMap with NGINX](https://bluemap.bluecolored.de/wiki/webserver/NginxProxy.html))

0 comments on commit 4e0866b

Please sign in to comment.