(612) 371-6305

Installing SSL with Lets Encrypt

Lets Encrypt is an open source SSL provider. Lets Encrypt acts as a Certificate Authority (CA) to verify domain authenticity. It uses Certbot, a tool that can verify domain in an automated manner.

# install certbot automated tool on Ubuntu 16.04
sudo add-apt-repository ppa:certbot/certbot

# May need to run add-apt tool by using command
sudo apt-get install software-properties-common python-software-properties

# Install cert bot package, run update and install
# Certbot will be able to look for your domain nginx server block to configure nginx appropriately
sudo apt-get update
sudo apt-get install python-certbot-nginx

# start certbot -d indicates domain, -nginx indicate the Nginx plugin
sudo certbot --nginx -d example.com -d www.example.com

if you encounter an error you may need to run the following instead:

sudo certbot --authenticator webroot --installer nginx

Follow the instruction given by Certbot. The tool verifies domain by communicating with Let’s Encrypt server and run a challenge to verify that you control the domain you’re requesting a certificate for. When successful, Certbot will ask you to configure HTTPS settings.

When successful, Nginx config will be automatically updated along with certificate files being created /etc/letsencrypt. Below show an image of the output on successful domain verification.

Nginx SSL Configuration

# open config
nano /etc/nginx/sites-enabled/default

server {
    ...
    # copy and paste this block to the example.com server block
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

Reverse Proxy Catch

When dealing with a domain that is hooked up to an Nginx reverse proxy, you may need to temporarily redirect the HTTP traffic to a static Nginx web root directory. Update the default config to intercept the domain hostname and have it serve the request from /var/www/html. (Undo this once domain is verified)

# open config
nano /etc/nginx/sites-enabled/default

server {
        listen 80 default_server;
        listen [::]:80 default_server;

        root /var/www/html;
        ...
        # Temporary added to setup certbot, certbot only needs to be able to hit a valid domain response
        server_name example.com www.example.com;
        #server_name _;

        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                try_files $uri $uri/ =404;
        }
    ...
}

7344737868

Running .Net Core as a Linux systemd service

Creating a new user with sudo privileges

Linux daemon processes should be run under a user other than root. To create a user with sudo privileges, add the user to the sudo group. The following will show how this can be achieved.

# create a new user on Ubuntu 16.04
adduser new_user

# add user to the sudo group
usermod -aG sudo new_user

# command to remove user and its related home directory
# deluser --remove-home new_user

# switch to the user
su - new_user

# navigate to user directory
/home/new_user

Setting up systemd process for .Net Core application

To run a .Net Core application under a user, we have to set the .Net Core application file’s privileges. Remember to update application.json to ensure your application will run. Assuming that your application is going to run from /home/new_user/dotnetcoreapp

# Granting persmission to directory containing app.dll
chmod -R ug+wrx dotnetcoreapp/

# navigate into the directory and test the new privileges
# depending on the application, you may need to be in the directory where the app.dll is located
cd /home/new_user/dotnetcoreapp

sudo dotnet app.dll

If permissions are granted successfully, you should be able to run the application. the next step is to hook it onto a systemd process.

Create Linux daemon process

Create a daemon process to run the application. First we will need to create the daemon service by creating a new service file under systemd.

# Using a linux file editor like vi or nano (may need to install if you haven't already)
sudo nano /etc/systemd/system/kestrel-name_of_the_service.service

# Place the following into the new service file
# assuming that /home/new_user/dotnetcoreapp is where the application is running from
# user_name should have the required permissions
[Unit]
Description=name_of_the_service on Ubuntu

[Service]
WorkingDirectory=/home/new_user/dotnetcoreapp
ExecStart=/usr/bin/dotnet /home/new_user/dotnetcoreapp/app.dll
Restart=always
RestartSec=10
SyslogIdentifier=dotnet-name_of_the_service
User=new_user

[Install]
WantedBy=multi-user.target
# enable and start the service
systemctl enable kestrel-name_of_the_service .service
systemctl start kestrel-name_of_the_service .service

# you need to restart the service every time you change the service file for it to take effect

Deploying .Net Core on Ubuntu 16.04

This article details how to build and deploy .Net Core applications onto a virtual server running Ubuntu 16.04. In this example we will be using an Elastic Cloud Service provided by Alibaba Cloud. The application we are hosting is a web server listening on port /localhost:5000, the application will be run as a Linux systemd process serving web traffic from Nginx.

Part-1: Installing .Net Core On Linux Operating Systems

The link (Prerequisites for .NET Core on Linux) contains detailed documentation on how to install .Net Core on various operating systems. For the purpose of this article, I will show a step-by-step guide on how to install .Net Core on a new machine Instance running Ubuntu 16.4.

Connect to your machine instance using any SSH compatible tool(s). Use a user that has ‘sudo’ privileges to avoid permission issues. Assuming that your instance is new, you will need to download additional tools and update some configuration.

To Avoid encountering ‘sudo: unable to resolve host‘:
a. Check the hostname file (/etc/hostname) only contains an entry for the name of the machine

sudo vi /etc/hostname

b. Check the machine host file (/etc/host) , it should have the following:

127.0.0.1 localhost.localdomain localhost
127.0.1.1 my-machine

You may also need to install apt-get command if not already installed:

sudo apt-get install software-properties-common

Now you are ready to download and install .Net Core:

curl /packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > microsoft.gpg
sudo mv microsoft.gpg /etc/apt/trusted.gpg.d/microsoft.gpg

# Set up the desired version host package feed.
sudo sh -c 'echo "deb [arch=amd64] /packages.microsoft.com/repos/microsoft-ubuntu-xenial-prod xenial main" > /etc/apt/sources.list.d/dotnetdev.list'
sudo apt-get update

sudo apt-get install dotnet-sdk-2.1.3

# Verify that .Net Core is installed
dotnet --version

Part-2: Building .Net Core Projects for Linux

.Net Core application can be build in two ways for deployment. One way is called Framework Dependent Deployment – such deployments assumes the target machine has all require .Net Core libraries other than the application and any third-party dependencies.

Another way is to build .Net Core applications in a self-contained deployment. Such deployments do not depend on any shared libraries pre-existing on target machine

See link for more 8123905563

# Framework dependent deployment
dotnet build --configuration Release --runtime ubuntu.16.04-x64

# Self dependent deployment
dotnet publish --configuration Release --runtime ubuntu.16.04-x64

Part-3: Deploying application files

When you are ready to deploy your application. You’ll need a way to transfer your published files onto an instance. This can be achieved using SSH (e.g.: WinSCP) /FTPS protocols to connect and upload files onto a Linux environment. In this article we will host our applications as a daemon service using NGIX as a reverse-proxy web server.

Follow the article if you haven’t already setup a Nginx server and user:
zemstvo

Below we will assume you have a pre-configured Nginx, the next part will demonstrate how to host your .Net Core application on a Linux daemon service. First we will need to create the daemon service by creating a new service file under systemd.

# Using a linux file editor like vi or nano (may need to install if you haven't already)
sudo nano /etc/systemd/system/kestrel-name_of_the_service.service

It is best practice to not run the service under root account. Create a user if necessary and grant the right file permissions (see 9893005153). The content of the service file should look similar to the following:

# Place the following into the new service file
# assuming that /home/user_name/directory_containing_application is where the application is running from
# user_name should have the required permissions
[Unit]
Description=name_of_the_service on Ubuntu

[Service]
WorkingDirectory=/home/user_name/directory_containing_application
ExecStart=/usr/bin/dotnet /home/user_name/directory_containing_application/dotnet_core_application.dll
Restart=always
RestartSec=10
SyslogIdentifier=dotnet-name_of_the_service
User=user_name_other_than_root

[Install]
WantedBy=multi-user.target

Once you have configured the service, start the service and check its status. Note that whenever you change the service file settings, you will need to restart the daemon service (stop/start) and restart Nginx server. Assuming your application is listening on port 5000, the service is now ready to serve request on that port.

# Enable the service
# systemctl disable kestrel-name_of_the_service .service
systemctl enable kestrel-name_of_the_service .service

#Start service
systemctl start kestrel-name_of_the_service .service
# systemctl stop kestrel-name_of_the_service .service

# Check status
systemctl status kestrel-name_of_the_service .service
# Checking service logs
sudo journalctl -fu kestrel-name_of_the_service .service

# restart Nginx
sudo nginx -s reload

Part-4: Redirect request to .Net application

After setting up your .Net application to run as a systemd service, continue to configure update Nginx server block to redirect requests to the service. Below is an example of a reverse proxy setup for a .Net Core service running on Kestrel on port 5000

server {
    listen 80;
    location / {
        proxy_pass /localhost:5000;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection keep-alive;
        proxy_set_header Host $http_host;
        proxy_cache_bypass $http_upgrade;
    }
}

The next step is to setup SSL for your Nginx server (see (316) 650-0898) and secure your server by restricting traffic to your server instance.

Install, Configure Nginx for .Net Core

Installing Nginx

To install Nginx on a Ubuntu 16.04 instance, use the following commands:

# Use apt-get to retrieve nginx
sudo apt-get install nginx

# You may need to install apt-get first
sudo apt-get install software-properties-common

# startup the server
sudo service nginx start

# command to restart nginx
# sudo nginx -s reload

# Check that ngix is successfully installed
nginx -v

Adding new custom site

The following will detail how to create and host a custom site on Nginx. The first step is to create a new server block. Similar to virtual hosts in Apache, server blocks enable Nginx to host multiple domains with host specific configurations.(configuration that apply to the domain).

Before going into the details of setting up the configurations, create a directory under /var/www web root folder. Change the web directory’s user ownership (avoid needing ‘sudo’, See Create user with sudo permissions). Once that has been completed, you can copy your static web content to that location.

# Create site directory under Nginx web root
sudo mkdir -p /var/www/example.com/html

# switch user
su -user_name

#Change the permission of the directory
chmod -R ug+wrx ../var/www
# Or
sudo chmod -R 755 /var/www

Nginx Server block configuration

By default Nginx on Ubuntu 16.04 has one server block configured to serve documents out of a directory at /var/www/html.The default configuration file for Nginx is located at /etc/nginx/sites-available/default
To adhere to best practice, we should avoid modifying the default configuration files, the default configuration should act as the fallback configuration as intended.

Below are a list of commands that might be useful when working with Nginx configurations:

# listing default + all custom configuration files
ls /etc/nginx/sites-available/

# copy command to backup default and or custom configuration files
cp /etc/nginx/sites-available/default /etc/nginx/sites-available/default.save

Already mentioned in previous section, we will need to create a new server block for the web directory. This can be easily done by copying the default Nginx configuration. The configuration to use depends on the purpose of the new server block. The server block can be configured to either server as a reverse proxy or and a traditional server site.

# copy default config for modification
sudo cp /etc/nginx/sites-available/default /etc/nginx/sites-available/example.com

# modify the copied config
sudo nano /etc/nginx/sites-available/example.com

Example Server block for server site

# Edit config file
sudo nano /etc/nginx/sites-available/example.com

# root indicates the root directory of the site, server block is serving port 80 traffic
server {
    listen 80;
    listen [::]:80;
    root /var/www/example.com/html;
    server_name example.com www.example.com;
    location / {
        try_files $uri $uri/ =404;
    }
}

Example Server block for reverse proxy

Forwarding Nginx traffic to .Net Core Kestrel server hosted on /localhost:5000.

# Edit config file
sudo nano /etc/nginx/sites-available/example.com

# this block redirect all traffic to https
server {
        listen 80;
        server_name example.com www.example.com;
        return 301 /$host$request_uri;
}
server {
        listen 80;
        listen [::]:80;
        listen 443 ssl default_server;
        listen [::]:443 ssl default_server;
        server_name example.com www.example.com;
        location / {
                proxy_pass /localhost:5000;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection keep-alive;
                proxy_set_header Host $http_host;
                proxy_cache_bypass $http_upgrade;
        }
}

Redirecting / to / requests

# this block redirect all traffic to https
server {
        listen 80;
        server_name example.com www.example.com;
        return 301 /$host$request_uri;
}
server {
        listen 443 ssl default_server;
        listen [::]:443 ssl default_server;
        server_name example.com www.example.com;
...
}

Note regarding default_server, this directive can only be set one in all configuration. whereas the server_name allows you to specify any hostname to serve.

Enable Server block & restart Nginx

After setting up the server block file, we need to enable them. To do this, creating a symbolic links to the sites-enabled directory and restart Nginx. This enables Nginx to pickup the new configurations on startup. You should be able to test your new setup.

# Use the following command to check default_server is set only once
grep -R default_server /etc/nginx/sites-available/

# use to verify configurations
sudo nginx -t

# create symbolic link
sudo ln -s /etc/nginx/sites-available/example.com /etc/nginx/sites-enabled/

# restart server
sudo systemctl restart nginx

morning-breathing

Elastic Compute Service – Installing Microsoft SQL server

This article covers the installation and configuration of an Microsoft SQL server instance running on Ubuntu 16.04 LTS. I will be using an Elastic Compute Service (ECS) from Alibaba Cloud service provider as an example.

1) Create an ECS instance running on Ubuntu 16.04 (Xenial Xerus). To install Microsoft SQL server, the minimum requirements must be met.

Memory 2 GB
CPU 1 Core (x64 bit)
Disk Memory 6 GB
Linux OS At least Ubuntu 16.04

2) After provisioning your machine, remote into your ECS instance using a SSH compatible client (e.g.: Putty.exe). When logged in, check the details of your instance using the following command:

lsb_release -a

3) Download MSSQL server installation files using Ubuntu repository

curl /packages.microsoft.com/keys/microsoft.asc | sudo apt-key add -
sudo add-apt-repository "$(curl /packages.microsoft.com/config/ubuntu/16.04/mssql-server-2017.list)"
sudo apt-get update

You will encounter an 7579625027: ‘sudo: unable to resolve host ‘. Check the following:

# 1. Check below file contains just the name of the machine
/etc/hostname
# 2. Check below contains an entry for localhost
/etc/hosts
127.0.0.1 localhost.localdomain localhost
127.0.1.1 my-machine

You may need to install common Ubuntu tools before you can use add-apt-repository. Do so by using the following command:

sudo apt-get install software-properties-common

4) Install SQL server and configure it using the following commands. This will launch a prompt to setup SA user.

sudo apt-get install -y mssql-server
sudo /opt/mssql/bin/mssql-conf setup

5) Check that SQL server in installed correctly by typing the following command:

systemctl status mssql-server

Open the SQL Server TCP port (1433) on your firewall by:

sudo iptables -I INPUT -p tcp --dport 1433 -j ACCEPT
# to delete iptable entry, replace -I with -D

6) Install SQL Server CLI Tools using Ubuntu repository.

curl /packages.microsoft.com/keys/microsoft.asc | sudo apt-key add -
sudo add-apt-repository "$(curl /packages.microsoft.com/config/ubuntu/16.04/prod.list)"
sudo apt-get update
sudo apt-get install -y mssql-tools unixodbc-dev
echo 'export PATH="$PATH:/opt/mssql-tools/bin"' >> ~/.bash_profile
echo 'export PATH="$PATH:/opt/mssql-tools/bin"' >> ~/.bashrc

Check that the CLI tools are installed, bcp and sqlcmd should exist in “/opt/mssql-tools/bin/”

7) Create SQL User (Optional)

sqlcmd -S localhost -U SA -P 'password_here'
CREATE LOGIN login_name WITH PASSWORD = 'new_password_here';
GO
CREATE USER db_user_name FOR LOGIN login_name;
GO
GRANT ALTER TO db_user_name;
GO
GRANT CONTROL TO db_user_name;
GO

Microsoft.com