Jack Moore

Email: jack(at)jmoore53.com
Project Updates

Deploy ubuntu server in the cloud over the pfsense server

23 Oct 2023 » code, infrastructure

The primary motivation behind moving from Opnsense to an Ubuntu server in the cloud is to simplify support and management.

For a while I was maintaining a virtual version of Opnsense in the cloud and the juice wasn’t worth the squeeze on it.
The core needs I had were limited to a reverse proxy and SSH access, making a full-featured firewall solution like Opnsense overkill. Shifting to a simpler solution allowed a standard OS within the environment allowing better log management and easier management.

Deploying a VM

This was easy, I used EC2 for the deployment.

Integrate with WireGuard:

Add the new Ubuntu server to the remote WireGuard configuration. This ensures secure connections between your server and other networked devices. This configuration isn’t being covered in this post.

Install and Configure Nginx:

Install Nginx to act as a reverse proxy. This routed traffic to the appropriate backend services, such as Gitea, while also managing SSL certificates for secure communication.

server {
    listen 80;
    listen [::]:80;

    server_name your_domain www.your_domain;
    
    location / {
        proxy_pass app_server_address;
        include proxy_params;
    }
}
  • After configuring the site, enable it and restart Nginx:
ln -s /etc/nginx/sites-available/example /etc/nginx/sites-enabled/example
sudo nginx -t  # Test the configuration for errors
sudo systemctl restart nginx

Certbot

I installed Certbot to obtain and manage SSL certificates with Let’s Encrypt. This is the one of the easiest SSL solutions.

sudo apt install certbot python3-certbot-nginx
sudo certbot --nginx -d example.com -d www.example.com

# Check renewal status and perform a dry run to ensure automatic renewal is working
sudo systemctl status certbot.timer
sudo certbot renew --dry-run

Resolve DNS and Sudo Issues on EC2:

A DNS issue was encountered upon rebooting the cloud instance after configuring wireguard and setting DNS to be an IP within the VPN which affected sudo commands. These were some of the fixes:

  • Run sudo commands using the loopback address: sudo -h 127.0.0.1 <command>
  • Update the /etc/hosts file to include both the FQDN and the shortname in the 127.0.0.1 entry
  • Set up DNS to include a fallback to 8.8.8.8 (Google’s public DNS)
  • (This was specific to me) Enable DNS server and Pi-hole services to start automatically on the Proxmox host within the homelab

Links

© Jack Moore - This site was last built Fri 30 Aug 2024 12:31:24 PM EDT