[MUSIC] Hello, and welcome, Orlando Gentil here. Today I'll demonstrate how to create a Linux instance on OCI, and how to install a basic webserver. But before we get to that, let's take a look at Cloud Shell. Cloud Shell is a web browser-based terminal that you can use within OCI console. To access Cloud Shell button, go to the top right of the screen in between the drop-down for the regions in the announcement button, where will be the Cloud Shell button. Click on it in a new frame we will start within the browser window. That frame is persistent as you navigate on the other OCI strings. Cloud Shell gives you a bash shell. On this bash shell you have Ansible OCI CLI and some other tools. OCI CLI is pre-authenticated, so whenever you run commands, you don't have to authenticate, for example, let's get the namespace of this tenancy. Now that we know how to access Cloud Shell, let's use Cloud Shell to generate a pair of SSH keys. The SSH keys are going to be used to access the instances. Let's maximize this screen so we can see better what's happening on the prompt. To create the keys, we're going to use SSH key Gen, SSH key Gen can take several parameters, but for this demonstration, we're going to use it without parameters and follow the prompts. It prompts for the location where we want to save the file, we're going to use the default location. So we won't enter anything, just hit enter here. After that, it should prompt you for a passphrase or the private key as an extra security measure that you can use. I won't use a passphrase, so I will leave it empty and hit enter. It will prompt to re-enter the passphrase, I'm going to hit enter again because I didn't enter any value. At this point, the files were created and saved under the .ssh directory. As we didn't use any options and we let Ki Jin created the directory for us, the directory already has the right permissions and the key has the right permissions as well. If you had specified a different directory, you would have to make sure that the files had similar permissions to what we're going to show here, where the private key is accessible only for you, and the public key has only read access to others. Now that we have our SSH key pair, let's minimize Cloud Shell and start working on the instance creation. In order to create the instance, we have to go to the top left and click on the navigation menu and select compute, and then instances. The instance is a screen make sure to pre-select your compartment, after selecting the compartment, go to create instance. Let's name our instance webserver 01. As we already selected the compartment we don't have to change it here. Let's go to the next section the placement. The placement allows us to choose which availability domain the users will be placed if you have a region that has moved for available domains. Under AD the options we will have different capacity types. We have a lesson on each type of capacity, if you want to have more details on that, you want to change anything. The image shape, the image selection is where you select the OS. In this case, we are going with Oracle Linux 7, but we could also choose CentOS Windows or Ubuntu. The shape of the instance is the size of the instance that we're going to allocate. In this case, we are using AMD standard flex if we click here on change shape. The flex shapes allow us to customize the number of CPUs in the amount of memory this screen should be used by the instance. Let's leave the default values, 16, select sheet. In the network section, if you already have a VCN, it's going to be sure it's on the same compartment, it's going to show here on this box. If you don't have a VCN, you can click on Create and you're going to be prompted to enter the parameters, the cider block that's going to be used for the public subnet. You don't have all the options that are presented when you create using the VCN in screen, so if you want to customize, even more, I would advise you to recreate the VCN as on the VCN demo that we have. Let's go back to select the same instance that we have. The VCN instance, VCN network that we already have, We will be assigning a public IP address because we want to SSH to this instance. You could be using the bastion service, and it could be placed in the private subnet and you don't have to have a public IP address. But for this demonstration, we're going to assign a direct IP that we can connect from the public internet. For the SSH key, we will use option of paste here, public key. We're going to jump back on cloud shell, it's already open so we just have to restore. We're going to cap the file. Rsa.pub, our public key, we're going to copy this value And we're going to paste the value here, And go to the next section. The boot volume, we're going to leave the default. If you feel that you need the bigger volume, you can click on specify and define the size, remember that for Linux instances the minimum size is 50 gigabytes, for Windows it will be 256 gigabytes. You can go all the way up to 32 gig. I'm going to leave the default. You can use transit encryption or you can also choose to change the key. Let's click on Create. You start provisioning our instance. In the main time, I'm going to clear this screen here. While the instance is provisioning, this data is going to be shown as provisioning and it's going to be Orange. As soon as it turns green, we should be able to use the public IP address that we have here to SSH to that instance. And the user name is going to be OPC for Santos and Oracle Linux, if it's Ubuntu, the user name is going to be ubuntu Now that the status changes to running, you're ready to connect to the instance. Copy the IP address, let's go here to cloudshell, ssh, opc at the public IP. As we use the default name for the SSH keys, we don't have to specify them on the command line here. If you had the different file name for the key, you need to enter the parameter -i and the path, and the name of the key file to be used here. First time you connect to an instance you are prompted to accept the fingerprint. You have to type yes here, and voila, we are connected to the instance. Let's maximize CloudShell again so we can see what's going on. Let's clear the screen. Well, now on the shell, let's start installing the HTTP server. We're not what running the root user, so all the administrative commands that we're going to run here, they're going to have to be prepended with Sudo. To install the webserver, sudo yum Install, and the name of the package for Santos and Oracle Linux, it's going to be httpd. First time you run to install a package, it's going to update the information on the repositories. This can take some minutes to be done. After the kind of logs are updated, you're going to be prompted to accept the installation of the package. And along with its dependencies, it will be installed. Let's clear the screen once more. At this point, the service is installed but it's not running. And so next step it will be to set up the webserver to start at boot time and leave it started now. Sudo systemctl enable httpd .service --now. So, it should be up and running. Let's double-check if it's running Okay, Now that the service is up and running, we have to remember to open on the firewall, the Port 80, that is the http port. If you want to know what is the port that it's running a service you can run, but before we run, let's clear the screen. You can run sudo ss nlpt In grep for the process that's called httpd And it will show you port 8 here. So let's go ahead and open the firewall portrait. If you want to check the firewall ports before you run the command, you can run iptables-capital L-n, you have a whole bunch of rules but this is the chain that we're looking for in public allow. As you can see is accepting SSH connections from everywhere and we have to open the same, well we have a similar rule that will open port 80 in the same fashion. In order to do that, let's use the firewall CMD command. So sudo firewall-cmd, we want to make that change permanent, we are going to add service equal HTTP. Success. After adding the rule, we have to reload the service To make the change effective. And we can do that with the --reload option. If we go back in our history and check for the firewall rules Right next to the previous rule that we had with port 22, now we have port 80. Let's change the initial page to a custom text. To do that, echo, this is my server' We can't do that with the OPC user because it does not have permissions for that, so again we're going to use Sudo And we're going to send this message to var www.html/index.html, this is the default page that the webserver uses. If we do a cat on that file, or www/html. Is it html? We have that dest there in that, that's what shouldn't be presented when we try to access the page. Again, Let's minimize CloudShell because before accessing and testing the server, we have to make sure that we are allowed on the security rules to access the service. So we are going to the navigation menu, networking, regional cloud networks. We will select our VCN 01, we're going to our public subnet. We're using the default security list. We're going to add an ingress rule that allows anyone over the internet using the TCP protocol, access port 80, and this will be valid for any hosts that it placed in the public subnet. Let's add a description here. Rule to flow httpd, H-T-T-P Traffic to my webserver. I'm going to add the rule, Let's go back to our instance. Let's copy the public ip List. Paste address, And we can see the string that we just put inside the file. So, this concludes our demo, and you guys can see how easy is to set up a basic Linux webserver, on OCI.
