OCI, Create a simple cloud network

How to create an oracle cloud network for your website.

Oracle provide an Always Free Tier.

Part of this service is

  • Autonomous Database
  • 2 Virtual servers
  • Object Storage

What we can do with those resources?

  • Create a network for web application
    • Application server
    • Database server
  • Create a MySQL server – two MySQL servers wtih replication primary – primary
  • Create an application servers with high availablity

Website Network

Build a website network using always free tier.

To build a network we will set:

  • Virtual Cloud Network – VCN
  • Two Subnets
    • App Subnet
    • Database Subnet
  • Route Table
  • Security List
  • Internet Gateway
  • Nat Geteway
  • Two VMs
    • App Server
    • Database Server
  • Servcie Geteway

Steps to Build Your Network

  1. You need Oracle Always Free Tier account, create one at https://oracle.com
  2. Create compartment – APP
  3. Create VCN in compartmnet APP –
    1. Public subnet –
    2. Private subnet –
    3. NAT Getway
    4. Internet Gatway
    5. Security List
  4. App Server
  5. Database Server


Two server App server and DB server.

DB server – MySQL Community Database. Open port 3306 – default port for MySQL database.

App Server – Web server ( Apache, Nginx, Open Light Speed) with PHP.
PHP communicates with MySQL is over the private connection between subnets throw network

For public open port 80(HTTP) and 443 (HTTPS).

Administrator Access

For your access open port 22 ssh, but restrict it to specific IP – only your IP. ( additional ports will be required to open during complete configuration)

For MySQL access – configure tunnel throw app server using SSH connection.


Security LIst

APP Subnet

Ingress0.0.0.0/080Allow HTTP port
Ingress0.0.0.0/0443Allow HTTPS port
IngressFrom your IP

22Allow SSH from your IP address for security.
Do not open it from all IPs
Egress0.0.0.0/0443Allow outgoing HTTPS connections for server update
Egress0.0.0.0/080Allow outgoing HTTP connection for server update
Egress10.10.2.0/243306Allow MySQL outgoing connection to DB network
Egress10.10.2.0/2422Allow outgoing port 22 to DB network
Egress169.254.169.254/32123 UDPAllow outgoing port 123 – time server

DB Subnet

Ingress10.10.1.0/2422Allow SSH connection from app network
Ingress10.10.1.0/243306Allow MySQL connection from App network
Egrees0.0.0.0/0443Allow outgoing HTTPS connections for server update
Egrees0.0.0.0/080Allow outgoing HTTP connection for server update

Virtual Machine

App Server

OSOracle Linux
Time Server169.254.169.254 – 123 UDP
yum updateDaily update throw crontab

Database Server

OSOracle Linux
MySQL port 3306
Time Server – 123 UDP
yum updateDaily update throw crontab

Leave a Reply

Your email address will not be published. Required fields are marked *