Difference between revisions of "VRkour"

From CSLabsWiki
Jump to: navigation, search
Line 15: Line 15:
  
 
==Basic Diagnosis==
 
==Basic Diagnosis==
 +
 +
Basically, I rooted the VM and determined what was on it.
  
 
In bruskajp's home folder there's a file called start.sh and a folder called VRArena
 
In bruskajp's home folder there's a file called start.sh and a folder called VRArena
  
To start the software, cd to that folder and then run npm start. That will then start the stuff
+
To start the software, cd to that folder and then run """npm start""". That will then start the stuff
  
 
==Solution==
 
==Solution==

Revision as of 19:32, 2 November 2016

VRkour
IP Address(es): 128.153.145.30
Contact Person: User:Jared Jared
Last Update: 2016/11/2
VM Host (Physical): hydra
Host VM: VRkour
Services: vrkour


VRkour is a service which runs a VR site.

Handed off to Jared Dunbar in late October

Basic Diagnosis

Basically, I rooted the VM and determined what was on it.

In bruskajp's home folder there's a file called start.sh and a folder called VRArena

To start the software, cd to that folder and then run """npm start""". That will then start the stuff

Solution

I did a few things to make it operational again.

Systemd

First, I set up a systemd service

/etc/systemd/system/vrkour.service

[Unit]
Description=vrkour

[Service]
User=bruskajp
ExecStart=/bin/bash /home/bruskajp/start.sh
Restart=always

[Install]
WantedBy=multi-user.target

Iptables Rules

Next, I added some iptables rules so that we can view port 3001 from 80 without privilege escalation.

So I added /etc/iptables.rules:

# Generated by iptables-save v1.4.21 on Wed Nov  2 17:27:10 2016
*nat
:PREROUTING ACCEPT [2:130]
:INPUT ACCEPT [2:130]
:OUTPUT ACCEPT [1:96]
:POSTROUTING ACCEPT [1:96]
-A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3001
COMMIT
# Completed on Wed Nov  2 17:27:10 2016

and as well, we have a script in /etc/network/if-pre-up.d/ named iptables, with these contents:

#!/bin/sh
iptables-restore < /etc/iptables.rules
exit 0

This loads the iptables rules which permits the site to be viewed. It's easier to configure than a nginx/apache proxy and keeps the privileges good (let's not run stuff as root).

The systemd service file reloads whenever it crashes. Apparently, according to James, crashing is a common problem.