OCI, Create a simple cloud network

How to create an oracle cloud network for your website.

Oracle provide an Always Free Tier.

Part of this service is

  • Autonomous Database
  • 2 Virtual servers
  • Object Storage

What we can do with those resources?

  • Create a network for web application
    • Application server
    • Database server
  • Create a MySQL server – two MySQL servers wtih replication primary – primary
  • Create an application servers with high availablity

Website Network

Build a website network using always free tier.

To build a network we will set:

  • Virtual Cloud Network – VCN
  • Two Subnets
    • App Subnet
    • Database Subnet
  • Route Table
  • Security List
  • Internet Gateway
  • Nat Geteway
  • Two VMs
    • App Server
    • Database Server
  • Servcie Geteway

Steps to Build Your Network

  1. You need Oracle Always Free Tier account, create one at https://oracle.com
  2. Create compartment – APP
  3. Create VCN in compartmnet APP – 10.10.0.0/16
    1. Public subnet – 10.10.1.0/24
    2. Private subnet – 10.10.2.0/24
    3. NAT Getway
    4. Internet Gatway
    5. Security List
  4. App Server
  5. Database Server

Description

Two server App server and DB server.

DB server – MySQL Community Database. Open port 3306 – default port for MySQL database.

App Server – Web server ( Apache, Nginx, Open Light Speed) with PHP.
PHP communicates with MySQL is over the private connection between subnets throw network 10.10.0.0/16

For public open port 80(HTTP) and 443 (HTTPS).

Administrator Access

For your access open port 22 ssh, but restrict it to specific IP – only your IP. ( additional ports will be required to open during complete configuration)

For MySQL access – configure tunnel throw app server using SSH connection.

Configuration

Security LIst

APP Subnet

TypeSource/DestinationPortDescription
Ingress0.0.0.0/080Allow HTTP port
Ingress0.0.0.0/0443Allow HTTPS port
IngressFrom your IP
https://whatismyipaddress.com/

Sample: 102.34.54.78/32
22Allow SSH from your IP address for security.
Do not open it from all IPs 0.0.0.0/0
Egress0.0.0.0/0443Allow outgoing HTTPS connections for server update
Egress0.0.0.0/080Allow outgoing HTTP connection for server update
Egress10.10.2.0/243306Allow MySQL outgoing connection to DB network
Egress10.10.2.0/2422Allow outgoing port 22 to DB network
Egress169.254.169.254/32123 UDPAllow outgoing port 123 – time server

DB Subnet

TypeSourcePortDescription
Ingress10.10.1.0/2422Allow SSH connection from app network
Ingress10.10.1.0/243306Allow MySQL connection from App network
Egrees0.0.0.0/0443Allow outgoing HTTPS connections for server update
Egrees0.0.0.0/080Allow outgoing HTTP connection for server update

Virtual Machine

App Server

ApplicationConfigurationNotes
OSOracle Linux
Time Server169.254.169.254 – 123 UDP
yum updateDaily update throw crontab

Database Server

ApplicationConfigurationNotes
OSOracle Linux
MySQL port 3306
Time Server 169.254.169.254 – 123 UDP
yum updateDaily update throw crontab

Leave a Reply

Your email address will not be published. Required fields are marked *