Difference between revisions of "VRkour"
| Line 23: | Line 23: | ||
I did a few things to make it operational again. |
I did a few things to make it operational again. |
||
| + | |||
| + | ===Systemd=== |
||
First, I set up a systemd service |
First, I set up a systemd service |
||
| Line 39: | Line 41: | ||
WantedBy=multi-user.target |
WantedBy=multi-user.target |
||
</pre> |
</pre> |
||
| + | |||
| + | ===Iptables Rules=== |
||
| + | |||
| + | Next, I added some iptables rules so that we can view port 3001 from 80 without privilege escalation. |
||
| + | |||
| + | So I added /etc/iptables.rules: |
||
| + | |||
| + | <pre> |
||
| + | # Generated by iptables-save v1.4.21 on Wed Nov 2 17:27:10 2016 |
||
| + | *nat |
||
| + | :PREROUTING ACCEPT [2:130] |
||
| + | :INPUT ACCEPT [2:130] |
||
| + | :OUTPUT ACCEPT [1:96] |
||
| + | :POSTROUTING ACCEPT [1:96] |
||
| + | -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3001 |
||
| + | COMMIT |
||
| + | # Completed on Wed Nov 2 17:27:10 2016 |
||
| + | </pre> |
||
| + | |||
| + | and as well, we have a script in /etc/network/if-pre-up.d/ named iptables, with these contents: |
||
| + | |||
| + | <pre> |
||
| + | #!/bin/sh |
||
| + | iptables-restore < /etc/iptables.rules |
||
| + | exit 0 |
||
| + | </pre> |
||
| + | |||
| + | This loads the iptables rules which permits the site to be viewed. It's easier to configure than a nginx/apache proxy and keeps the privileges good (let's not run stuff as root). |
||
| + | |||
| + | The systemd service file reloads whenever it crashes. Apparently, according to James, crashing is a common problem. |
||
Revision as of 18:31, 2 November 2016
| VRkour | |
| IP Address(es): | 128.153.145.30 |
| Contact Person: | User:Jared Jared |
| Last Update: | 2016/11/2 |
| VM Host (Physical): | hydra |
| Host VM: | VRkour |
| Services: | vrkour |
VRkour is a service which runs a VR site.
Handed off to Jared Dunbar in late October
Basic Diagnosis
In bruskajp's home folder there's a file called start.sh and a folder called VRArena
To start the software, cd to that folder and then run npm start. That will then start the stuff
Solution
I did a few things to make it operational again.
Systemd
First, I set up a systemd service
/etc/systemd/system/vrkour.service
[Unit] Description=vrkour [Service] User=bruskajp ExecStart=/bin/bash /home/bruskajp/start.sh Restart=always [Install] WantedBy=multi-user.target
Iptables Rules
Next, I added some iptables rules so that we can view port 3001 from 80 without privilege escalation.
So I added /etc/iptables.rules:
# Generated by iptables-save v1.4.21 on Wed Nov 2 17:27:10 2016 *nat :PREROUTING ACCEPT [2:130] :INPUT ACCEPT [2:130] :OUTPUT ACCEPT [1:96] :POSTROUTING ACCEPT [1:96] -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3001 COMMIT # Completed on Wed Nov 2 17:27:10 2016
and as well, we have a script in /etc/network/if-pre-up.d/ named iptables, with these contents:
#!/bin/sh iptables-restore < /etc/iptables.rules exit 0
This loads the iptables rules which permits the site to be viewed. It's easier to configure than a nginx/apache proxy and keeps the privileges good (let's not run stuff as root).
The systemd service file reloads whenever it crashes. Apparently, according to James, crashing is a common problem.
