Checking out the VPS hosting with a company called Host1Plus. Their $15/mo plan: 40Gigs disc space, 2048MB RAM, 2 CPUs.
Installed ubuntu-12.10-x86_64
with a button click or two.
They generate a root/password, and when I ssh’d to root@theIPaddress got
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
xx:xx:xx:xx:etc
Please contact your system administrator.
Add correct host key in /Users/mikekilmer/.ssh/known_hosts to get rid of this message.
Offending RSA key in /Users/mikekilmer/.ssh/known_hosts:24
RSA host key for 191.101.14.198 has changed and you have requested strict checking.
Host key verification failed.
Maybe ’cause there’s no security certificate?
Copy output of:
$ ssh-keyscan -t rsa server_ip
And paste into ~/.ssh/known_hosts
.
Like this: ssh-keyscan -t rsa server_ip >> ~/.ssh/known_hosts
Now am in. I forget how to create users…
Oh yea,
# useradd mikekilmer
# passwd mikekilmer
Now…
# apt-get update
Lots of E: Some index files failed to download. They have been ignored, or old ones used instead.
# apt-get install git
Reading package lists... Done
Building dependency tree... Done
E: Unable to locate package git
No luck with git-core
either. Maybe ’cause headers not installed. Let’s try the Host1Plus help. Answered chat in moments! A female too. Her first recommendation was to run sudo apt-get update
. Same result, of course, because I was logged in as root when I ran apt-get update
. She ultimately says this needs to be looked at by senior technical support. Please open a ticket. Hmmm.
Couple of hours later tech support got back to me, ubuntu-12.10-x86_64
is no longer supported. Try installing a newer version of the OS. Tried one of the 13 versions. Same error.
Whenever I install a new OS template via the Host1Plus GUI this message pops up in a window:
Failed to reinstall OS: object(Core\Exceptions\NotFoundError)#29 (7) {
["message":protected]=>
string(4) "user"
["string":"Exception":private]=>
string(0) ""
["code":protected]=>
int(0)
["file":protected]=>
string(77) "/home/host1plus/public_html/manage/api/lib/Installer/Services/UserService.php"
["line":protected]=>
int(53)
["trace":"Exception":private]=>
array(1) {
[0]=>
array(6) {
["file"]=>
string(69) "/home/host1plus/public_html/manage/modules/servers/ovzp/ovzp_call.php"
["line"]=>
int(218)
["function"]=>
string(4) "load"
["class"]=>
string(30) "Installer\Services\UserService"
["type"]=>
string(2) "->"
["args"]=>
array(1) {
[0]=>
object(Installer\Resources\User)#17 (3) {
["id":"Installer\Resources\User":private]=>
int(54063)
["email":"Installer\Resources\User":private]=>
NULL
["password":"Installer\Resources\User":private]=>
NULL
}
}
}
}
["previous":"Exception":private]=>
NULL
}
success
Then I need to reload the browser window to see OS System. This one works: ubuntu-14.04-x86_64
. At least I can update apt
. When I ran apt-get upgrade` it installed a mail program.
I don’t have a domain name specified for the server yet, so this may create issues.
Yay. I can install git, too!
When I tried to add ~/.ssh/authorized_keys
errors were popping up because no user directory existed. Had forgotten that instead of using the low level useradd
, adduser
is recommended because it does all that home directory creating for you.
Let’s try installing a simply Rails three application.
sudo apt-get install ruby-full
Let’s go with rbenv
instead of RVM
.
sudo apt-get install git-core # gotta have git
git clone https://github.com/sstephenson/rbenv.git ~/.rbenv
Put it in the right place (above) and add to path:
echo 'export PATH="$HOME/.rbenv/bin:$PATH"' >> ~/.bashrc
This next command supposedly does something with the “shims” rbenv adds:
echo 'eval "$(rbenv init -)"' >> ~/.bashrc
Restart the shell:
source ~/.bashrc
Confirm working:
type rbenv
Thanks Digital Ocean
A little more to come and hopefully the fact that I already installed ruby-build won’t create any snags ’cause I’m not in the mood.
git clone https://github.com/sstephenson/ruby-build.git ~/.rbenv/plugins/ruby-build
git clone https://github.com/sstephenson/rbenv-gem-rehash.git ~/.rbenv/plugins/rbenv-gem-rehash
apt-get install build-essential libssl-dev libcurl4-openssl-dev libreadline-dev -y
rbenv install --list
I was going to use Ruby version 1.9.3 and Rails three, but since I’m really just playing with the server here I’m gonna simply follow the tutorial.
rbenv install 2.1.0 -k
Use it globally:
rbenv global 2.1.0
Let’s install some Rails tools:
sudo apt-get install sqlite3 libsqlite3-dev
We need JavaScript runtime and DO is recommending adding NodeJS from Debian Backports:
sudo nano /etc/apt/sources.list
(Whoops need to apt-get install nano
)
And append to the file a couple of locations:
deb http://ftp.us.debian.org/debian/ wheezy-backports main
deb-src http://ftp.us.debian.org/debian/ wheezy-backports main
Now make sure we get all the possible package options:
sudo apt-get update
Now we can get Node.js:
sudo apt-get -t wheezy-backports install nodejs
Now we can use gem
to install rails:
gem install rails
Twiddle our thumbs for a minute. Take a few deep breaths. Admire our beautiful partner laying in bed.
Parsing the documentation seems to be taking for ever. Or at least the STDOUT has been sitting at Installing ri documentation for rails-4.2.4
for quite a while.
Now we can make a new Rails application:
rails new newrailsapp
rails s
Now I’m supposed to be able to see it at My IP address on port 3000, but
http://191.101.14.198:3000
Isn’t pulling up.
Let’s check out the Host1Plus tech support again…
The friendly person available right away in chat asks if I have opened that port. I had found sudo iptables -A INPUT -p tcp --dport 3000 -j ACCEPT
on SO, which he (Mark A) confirmed as correct command to open port 3000 in the firewall (that comes as part of the OS, I guess) as well as sending a link to a detailed explanation and also threw in a telnet command to test if port is open: telnet 191.101.14.198 3000
.
Mark A.: Have you added the rule in iptables?
Mark A.: Check using command “iptables -L”
Mark A.: Also save the rule using command “service iptables save”
Mark A.: Try iptables-save
Mark A.: You may restart the iptables service using this command “/etc/init.d/iptables-persistent restart”
That gave some positive output, but with rails server running, still connection refused via telnet and http.
Mark A.: Use this guide to save the iptables rules,
23:09Mark A.: https://wiki.debian.org/iptables
23:09Mark A.: Once it is done. restart the service again.
Mark A.: Okay, then you can save it like “iptables -save > /etc/iptables.up.rules”
Not quite there yet, but close. And tired. Calling it a night. More soon.
Ah. Wait. It seems we need to iptables-save > /etc/iptables/rules.v4
. Now the rules are still in place after restart.
Telnet still not working, though and chat support sent me to create a ticket.
Heard back from ticket within three hours:
Make sure that the service is actually listening to port 3000. You can do it by using “netstat -tunap” command, result of which is:
root@191:~# netstat -tunap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1726/sshd
tcp 0 0 127.0.0.1:3000 0.0.0.0:* LISTEN 6494/ruby
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1685/sendmail: MTA:
tcp 0 0 127.0.0.1:587 0.0.0.0:* LISTEN 1685/sendmail: MTA:
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1792/apache2
tcp 0 48 191.101.14.198:22 108.205.62.183:63531 ESTABLISHED 8001/1
tcp 0 0 191.101.14.198:22 108.205.62.183:60052 ESTABLISHED 5294/0
tcp 0 0 191.101.14.198:22 43.229.53.57:55916 ESTABLISHED 7999/sshd: root [pr
tcp6 0 0 :::22 :::* LISTEN 1726/sshd
And they recommended disabling iptables for testing. But no commend suggested. Trying:
/etc/init.d/iptables-persistent stop
Output recommended trying
/etc/init.d/iptables-persistent flush
(Which has cleared our rules)
Twelve hours later Level 2 Tech support replied, reminding me of what I should have known, that the rails server binds to 127.0.0.1 by default and you need to run the server like rails s -b 0.0.0.0
to set it to listen on all IP addresses.
So there ya go. An ignorant DevOps guy in the Host1Plus VPS playground. Maybe I’ll develop this rails app into something.
I would still love to know how to disable iptables on debian wheezy, but that may be an adventure for another day.
UPDATE – how awesome – now I know more about iptables thanks to Host1Plus VPS tech support:
It is impossible to stop iptables completely on Ubuntu/Debian distributions, however you can flush all the rules by running following commands:
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
But please note that it is not recommended to disable iptables for your server permanently.
Please do not hesitate to contact us if you have any more questions or requests.
Regards,
Nerijus K.
Support Specialist