How to create an oracle cloud network for your website.
Oracle provide an Always Free Tier.
Part of this service is
- Autonomous Database
- 2 Virtual servers
- Object Storage
What we can do with those resources?
- Create a network for web application
- Application server
- Database server
- Create a MySQL server – two MySQL servers wtih replication primary – primary
- Create an application servers with high availablity
Website Network
Build a website network using always free tier.
To build a network we will set:
- Virtual Cloud Network – VCN
- Two Subnets
- App Subnet
- Database Subnet
- Route Table
- Security List
- Internet Gateway
- Nat Geteway
- Two VMs
- App Server
- Database Server
- Servcie Geteway
Steps to Build Your Network
- You need Oracle Always Free Tier account, create one at https://oracle.com
- Create compartment – APP
- Create VCN in compartmnet APP – 10.10.0.0/16
- Public subnet – 10.10.1.0/24
- Private subnet – 10.10.2.0/24
- NAT Getway
- Internet Gatway
- Security List
- App Server
- Database Server
Description
Two server App server and DB server.
DB server – MySQL Community Database. Open port 3306 – default port for MySQL database.
App Server – Web server ( Apache, Nginx, Open Light Speed) with PHP.
PHP communicates with MySQL is over the private connection between subnets throw network 10.10.0.0/16
For public open port 80(HTTP) and 443 (HTTPS).
Administrator Access
For your access open port 22 ssh, but restrict it to specific IP – only your IP. ( additional ports will be required to open during complete configuration)
For MySQL access – configure tunnel throw app server using SSH connection.
Configuration
Security LIst
APP Subnet
Type | Source/Destination | Port | Description |
---|---|---|---|
Ingress | 0.0.0.0/0 | 80 | Allow HTTP port |
Ingress | 0.0.0.0/0 | 443 | Allow HTTPS port |
Ingress | From your IP https://whatismyipaddress.com/ Sample: 102.34.54.78/32 | 22 | Allow SSH from your IP address for security. Do not open it from all IPs 0.0.0.0/0 |
Egress | 0.0.0.0/0 | 443 | Allow outgoing HTTPS connections for server update |
Egress | 0.0.0.0/0 | 80 | Allow outgoing HTTP connection for server update |
Egress | 10.10.2.0/24 | 3306 | Allow MySQL outgoing connection to DB network |
Egress | 10.10.2.0/24 | 22 | Allow outgoing port 22 to DB network |
Egress | 169.254.169.254/32 | 123 UDP | Allow outgoing port 123 – time server |
DB Subnet
Type | Source | Port | Description |
---|---|---|---|
Ingress | 10.10.1.0/24 | 22 | Allow SSH connection from app network |
Ingress | 10.10.1.0/24 | 3306 | Allow MySQL connection from App network |
Egrees | 0.0.0.0/0 | 443 | Allow outgoing HTTPS connections for server update |
Egrees | 0.0.0.0/0 | 80 | Allow outgoing HTTP connection for server update |
Virtual Machine
App Server
Application | Configuration | Notes |
---|---|---|
OS | Oracle Linux | |
Time Server | 169.254.169.254 – 123 UDP | |
yum update | Daily update throw crontab | |
Database Server
Application | Configuration | Notes |
---|---|---|
OS | Oracle Linux | |
MySQL | port 3306 | |
Time Server | 169.254.169.254 – 123 UDP | |
yum update | Daily update throw crontab | |