Difference between revisions of "VRkour"

From CSLabsWiki
Jump to: navigation, search
Line 2: Line 2:
 
|ip_addr = 128.153.145.30
 
|ip_addr = 128.153.145.30
 
|contact_person = [[User:Jared|Jared Dunbar]]
 
|contact_person = [[User:Jared|Jared Dunbar]]
|last_update = 2016/11/2
+
|last_update = November 2016
 
|host_vm = [[VRkour]]
 
|host_vm = [[VRkour]]
 
|vm_host = [[hydra]]
 
|vm_host = [[hydra]]

Revision as of 01:40, 6 January 2017

VRkour
IP Address(es): 128.153.145.30
Contact Person: Jared Dunbar
Last Update: November 2016
VM Host (Physical): hydra
Host VM: VRkour
Services: vrkour


VRkour is a service which runs a VR site.

Handed off to Jared Dunbar in late October

Basic Diagnosis

Basically, I rooted the VM and determined what was on it.

In bruskajp's home folder there's a file called start.sh and a folder called VRArena

To start the software, cd to that folder and then run 'npm start'. That will then start the stuff

Solution

I did a few things to make it operational again.

Systemd

First, I set up a systemd service

/etc/systemd/system/vrkour.service

[Unit]
Description=vrkour

[Service]
User=bruskajp
ExecStart=/bin/bash /home/bruskajp/start.sh
Restart=always

[Install]
WantedBy=multi-user.target

Enable and start that service:

systemctl enable vrkour.service && systemctl start vrkour.service

Iptables Rules

Next, I added some iptables rules so that we can view port 3001 from 80 without privilege escalation.

So I added /etc/iptables.rules:

# Generated by iptables-save v1.4.21 on Wed Nov  2 17:27:10 2016
*nat
:PREROUTING ACCEPT [2:130]
:INPUT ACCEPT [2:130]
:OUTPUT ACCEPT [1:96]
:POSTROUTING ACCEPT [1:96]
-A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3001
COMMIT
# Completed on Wed Nov  2 17:27:10 2016

and as well, we have a script in /etc/network/if-pre-up.d/ named iptables, with these contents:

#!/bin/sh
iptables-restore < /etc/iptables.rules
exit 0

I also reboot after this because I'm too lazy to run the iptables command to enable it on the running system.

This loads the iptables rules which permits the site to be viewed. It's easier to configure than a nginx/apache proxy and keeps the privileges good (let's not run stuff as root).

The systemd service file reloads whenever it crashes. Apparently, according to James, crashing is a common problem.