Difference between revisions of "VRkour"
Line 75: | Line 75: | ||
exit 0 | exit 0 | ||
</pre> | </pre> | ||
+ | |||
+ | I also reboot after this because I'm too lazy to run the iptables command to enable it on the running system. | ||
This loads the iptables rules which permits the site to be viewed. It's easier to configure than a nginx/apache proxy and keeps the privileges good (let's not run stuff as root). | This loads the iptables rules which permits the site to be viewed. It's easier to configure than a nginx/apache proxy and keeps the privileges good (let's not run stuff as root). | ||
The systemd service file reloads whenever it crashes. Apparently, according to James, crashing is a common problem. | The systemd service file reloads whenever it crashes. Apparently, according to James, crashing is a common problem. |
Revision as of 18:33, 2 November 2016
VRkour | |
IP Address(es): | 128.153.145.30 |
Contact Person: | User:Jared Jared |
Last Update: | 2016/11/2 |
VM Host (Physical): | hydra |
Host VM: | VRkour |
Services: | vrkour |
VRkour is a service which runs a VR site.
Handed off to Jared Dunbar in late October
Basic Diagnosis
Basically, I rooted the VM and determined what was on it.
In bruskajp's home folder there's a file called start.sh and a folder called VRArena
To start the software, cd to that folder and then run 'npm start'. That will then start the stuff
Solution
I did a few things to make it operational again.
Systemd
First, I set up a systemd service
/etc/systemd/system/vrkour.service
[Unit] Description=vrkour [Service] User=bruskajp ExecStart=/bin/bash /home/bruskajp/start.sh Restart=always [Install] WantedBy=multi-user.target
Enable and start that service:
systemctl enable vrkour.service && systemctl start vrkour.service
Iptables Rules
Next, I added some iptables rules so that we can view port 3001 from 80 without privilege escalation.
So I added /etc/iptables.rules:
# Generated by iptables-save v1.4.21 on Wed Nov 2 17:27:10 2016 *nat :PREROUTING ACCEPT [2:130] :INPUT ACCEPT [2:130] :OUTPUT ACCEPT [1:96] :POSTROUTING ACCEPT [1:96] -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3001 COMMIT # Completed on Wed Nov 2 17:27:10 2016
and as well, we have a script in /etc/network/if-pre-up.d/ named iptables, with these contents:
#!/bin/sh iptables-restore < /etc/iptables.rules exit 0
I also reboot after this because I'm too lazy to run the iptables command to enable it on the running system.
This loads the iptables rules which permits the site to be viewed. It's easier to configure than a nginx/apache proxy and keeps the privileges good (let's not run stuff as root).
The systemd service file reloads whenever it crashes. Apparently, according to James, crashing is a common problem.