Skip to content

GitLab

Commit a6d4e42c authored by Valentina Sona's avatar Valentina Sona
Browse files

Completed slides

parent fb19dee8
Pipeline #1210 passed with stage
in 1 minute and 32 seconds
Hide whitespace changes
Inline Side-by-side
slides/content.md
View file @ a6d4e42c
# Slides ENG
---
## Deploy in Cloud
----
Why self hosting
### Why self hosting
- Various services available with self hosting
- [Lots of services](https://github.com/awesome-selfhosted/awesome-selfhosted) available via self hosting
- ... in a more customizable (CI GitLab)
- ... and private way!
Not even Google services last forever
https://github.com/awesome-selfhosted/awesome-selfhosted
https://killedbygoogle.com/
Moreover, tomorrow an online service you rely on might suddenly disappear... not even [Google services](https://killedbygoogle.com/) last forever!
----
Deployment methods
## Deployment methods
How do you get yourself a server?
- Bare metal (/@home)
- VPS
- Virtual Private Server (VPS)
----
## Bare metal
Advantages:
- Static resources allocation
Ddisadvantages:
- Price
- Setup
### Bare metal
<div style="display:flex;">
<div>
<b>Advantages:</b>
<ul>
<li> Static resources allocation</li>
</ul>
</div><!-- .element class="fragment" --><div>
<b>Disadvantages:</b>
<ul>
<li>Price of hardware</li>
<li>Setup is on you and takes time and skill</li>
</ul>
</div><!-- .element class="fragment" -->
</div>
----
### VPS
Advantages:
- Price
- Setup
- Deploy time / flexibility
- Provisioning
Disadvantages:
- Dynamic resources allocation
<div style="display:flex;">
<div>
<b>Advantages:</b>
<ul>
<li> Price is flexible </li>
<li> Setup is reduced and automated</li>
<li> Deploy time / flexibility </li><!-- ?-->
<li> Provisioning</li><!-- ?-->
</ul>
</div><!-- .element class="fragment" --><div>
<b>Disadvantages:</b>
<ul>
<li>Dynamic resource allocation</li>
</ul>
</div><!-- .element class="fragment" -->
</div>
---
......@@ -61,14 +67,13 @@ Disadvantages:
----
### Choose a provider
- Resources price
- Type of service: Uptime/Saas
- Uptime
Some factors to evaluate:
- Resources to price ratio
- Uptime of the provider
- NOT OVH
- Geographic location
- Geographic location
- NOT ~~FRANCE~~ OVH
- Resources flexibility
- Flexibility to allocate resources
----
......@@ -80,18 +85,28 @@ Disadvantages:
- Aruba
- ...
----
### Let's try on Azure!
---
## Log in to the server
## SSH
----
### SSH
### Log in to the server
Now that you've got your server, let's get you set up to manage it remotely with **SSH**.
----
What is SSH
### What is SSH?
Secure SHell
Is a protocol to establish a safe session between two machines connected through the net
**S**ecure **SH**ell
Is a protocol to establish a safe session between two machines connected through the net.
It provides two modes of authentication:
- Password login
- SSH keys login
......@@ -99,45 +114,78 @@ Is a protocol to establish a safe session between two machines connected through
### Authentication
The principle and advantage of Asymmetric encryption
The principle and advantage of **asymmetric** encryption
- Both keys are necessary to encrypt and decrypt messages
- Keys are usually longer than a standard password
----
### Configurazione SSH
- <!-- .element style="font-size:0.7em" --> Login con password<!-- .element class="fragment" -->
- `ssh <utente>@<ip_host>`
- <!-- .element style="font-size:0.7em" --> Key generation<!-- .element class="fragment" -->
- `ssh-keygen -C "<comment>" -f </path/to/key/file> -t <type (ed25519)>`
- <!-- .element style="font-size:0.7em" --> Copy the public key to server<!-- .element class="fragment" -->
- `ssh-copy-id -i </path/to/key/file> <utente>@<ip_host>`
- <!-- .element style="font-size:0.7em" --> Use sudo for the next few commands<!-- .element class="fragment" -->
- `sudo -s`
- <!-- .element style="font-size:0.7em" --> Disable password login<!-- .element class="fragment" -->
- `vim /etc/ssh/sshd_config` add line `PasswordAuthentication off` and then `systemctl restart ssh`
---
## Firewall
----
### What is a firewall
### What is a firewall?
A firewall is a system used to secure a subnet by only allowing some sort of communication (usually by closing incoming connections on specific ports)
----
### Porte TCP/UDP
### TCP/UDP ports
Ports are how we interface with our server, and with services in general.
While some port numbers are assigned to specific services (e.g. websites are commonly served on port 80) there are thousands of ports available to us to run our services.
----
### Why struggle over a firewall
### Why struggle over a firewall?
**Security!** It helps minimize security risks coming from vulnerabilities in the software you host, which may allow unauthorized remote access and privilege escalation.
----
Security
- Minimize security risks coming from vulnerability in softwares on the machine (privilege escalation)
### Uncomplicated FireWall (UFW)
We will use it to set up a simple firewall by editing **iptables** (rules to manage network traffic).
----
### UFW
### Configurazione firewall
Uncomplicated FireWall
- Software used to set up a simple firewall by editing iptables (rules to manage network traffic)
- <!-- .element style="font-size:0.8em" -->Check firewall status:<!-- .element class="fragment" -->
- `ufw status` or `ufw status verbose` for more info
- <!-- .element style="font-size:0.8em" -->Enable and disable the firewall:<!-- .element class="fragment" -->
- `ufw enable`
- `ufw disable`
- <!-- .element style="font-size:0.8em" -->Enable and disable a port:<!-- .element class="fragment" -->
- `ufw allow <portnumber|servicename>`
- `ufw deny <portnumber|servicename>`
----
### What about SSH port(22)?
### Why dows SSH not require a port number?
SSH worked out of the box for us because it has an implicit port number: 22.
If for some reason the server is running the SSH service on a different port, you can always change it with the option `-p <portnumber>`
---
## Deploy a service
## Deploying a service
----
......@@ -147,8 +195,26 @@ Uncomplicated FireWall
- Container (podman/docker)
- Cluster
For this demonstration, we will use docker to show how to finally self-host a service.
Installing docker on your distro of choice may require different procedures.
----
### Docker(container)
### Some after install setup...
---
- Start the docker socket:<!-- .element class="fragment" -->
- `systemctl enable --now docker.socket`
- Add yourself to the docker group:<!-- .element class="fragment" -->
- `usermod -aG docker <username>` and logout&log back in.
- Pull the image from docker hub:<!-- .element class="fragment" -->
- `docker pull <image>:<tag>`
- List available images:<!-- .element class="fragment" -->
- `docker images`
----
### And finally... run it!
Whatever service you're trying to install will suggest you the appropriate command to launch your service.
Remember to open up your port in your firewall rules!
slides/intro.html
View file @ a6d4e42c
<section class="intro">
<h1>Corsi Punto Croce 2018</h1>
<h2>Come fare gli orli</h2>
<h1>Linux Week 2021</h1>
<h2>Deploy in cloud</h2>
<img src="./poul/img/logo-text-white.svg"/>
<img class="logo" src="./poul/img/logo-text-white.svg" alt="poul logo"/>
<p>Autore &lt;email@email.com&gt;</p>
</section>
\ No newline at end of file
<ul class="authors">
<li>Valentina Sona&lt;versus@poul.org&gt;</li>
<li>Matteo Rogora&lt;matteo.rogora@poul.org&gt;</li>
<li>Roberto Bochet&lt;avrdudo@poul.org&gt;</li></br>
</ul>
</section>
slides/outro.html
View file @ a6d4e42c
......@@ -6,6 +6,11 @@
<p>Rilasciato sotto licenza Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International</p>
<img class="cc" src="./poul/img/creativecommons-by-nc-sa.svg"/>
<ul class="authors" style="font-size:0.7em">
<li>Valentina Sona&lt;versus@poul.org&gt;</li>
<li>Matteo Rogora&lt;matteo.rogora@poul.org&gt;</li>
<li>Roberto Bochet&lt;avrdudo@poul.org&gt;</li></br>
<p>Autore &lt;email@email.com&gt;</p>
</section>
\ No newline at end of file
</ul>
</section>
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment