Back in the day, almost everyone’s first project was deploying a LAMP stack. LAMP stands for Linux, Apache, MySQL, PHP and was generally one of the easier ways of deploying a full-blown web server. Nowadays, people tend to lean towards more lightweight solution that is NGINX. NGINX configuration, even though on a first glance looking much different (and more complicated) than Apache’s, provides lots of flexibility and is generally quite easy to understand once we get our hands on documentation.
Before we deploy Nginx, however, we need to have a server that it will be running on. I’m going to go with Debian 9.6 but you’re free to use CentOS as the package names should generally be the same although CentOS will require some extra configuration (you will have to tame the powerful yet quite complicated beast that SELinux is). SELinux, in general, provides an additional layer of security. It’s often disabled by people because, if not configured properly, it might stand in a way of getting few things (including web servers!) running.
The network topology will look like on diagram:
It’s a very basic virtual network since we’re going to focus more on the configuration of the webserver VM rather than fiddling around with the LAP-N1-FW-001 firewall.
However, to make it possible for webserver to fetch all the packets that we’re going to need, make sure that either your router or the host machine is NATting traffic coming from our virtual environment. If you wish to make your host machine NAT traffic from/to internal network, we’ll need to enable NATing. To do it, we need to set up iptables.
It’s quite simple to do:
First, we need to make sure ip_forwarding is enabled
sudo sh -c 'echo 1 > /proc/sys/net/ipv4/ip_forward'
Then, as mentioned in this article, we make sure all the possible annoyances of default LibVirt config won’t bother us:
sudo iptables -F && sudo iptables -X
Then we enable NAT:
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE sudo iptables -A FORWARD -i eth0 -o virbr0 -m state --state RELATED,ESTABLISHED -j ACCEPT sudo iptables -A FORWARD -i virbr0 -o eth0 -j ACCEPT
Bear in mind, above example assumes your host’s NIC connecting it to the router is called eth0. In newer Ubuntu versions it will be something like enp3s0 or wlp1s0 for WLAN. virbr0 is interface attached to our routed network.
When all networking is sorted, we boot up our VM. We should be welcomed with this screen:
Let’s select the second option and hit Enter. We should be now asked to select our language settings, as well as keyboard layout. Pick whatever you’re comfortable with and let’s move to the next step which is Network Configuration. If you don’t have a DHCP server on your network, it will fail and show following message:
Fine! We will configure it ourselves…
After we select Configure network manually option, we will be asked to provide an IP address that we’re going to use. I’m adding a netmask as well to skip the netmask step:
I’m configuring everything like on the diagram, therefore this host’s gateway will be LAP-N1-FW-001’s interface with IP address 10.2.0.1:
For the nameserver I’ll go with 220.127.116.11 (Google’s DNS server) for now:
For the hostname I’m going to use my VM’s name:
Leave Domain Name field empty and hit Enter. Set the root password and provide some information when asked for user’s full name:
And set the username for the user as well as the password:
Now we get to partitioning:
I’m going to use the Manual method. This is so I can set up LVM and show you how to create partitions, configure virtual groups and handle physical volumes. Let’s point at Manual and hit enter. We now should see something like this:
Let’s select the Virtual disk 1 and confirm that we want to create a new partition table:
Let’s select Configure the Logical Volume Manager option and hit Enter. When asked if you want to write changes to the disk, confirm:
We should finally see the partitioning screen. Let’s select Create volume group and name it vg-root:
And add our only disk to the new vg-root group:
We will be asked if we want to write changes again. Press Yes.
We should now be back to the partitioning screen. You can now see the counters have changed and now we have one Used physical volume and one Volume Group. Select Create logical volume to start creating the partition:
Select our vg-root group and hit Enter. Now, let’s name our swap partition. I’m not very fun at parties, therefore for me it’s going to be just “swap”:
and the size will be 1G as I’m not planning to serve many users 😀
Let’s repeat the process to create a boot partition. Go to Create logical volume again. I’m going to assign 300MB as this should be more than enough:
And now it’s time to do something with all that unallocated storage! Let’s create our third and final logical root (“/”) volume:
We should now be back to the partitioning screen once again (that was the last time, I swear!). To sum it up, we should have one Used physical volume, one Volume Group and three Logical Volumes. Let’s hit Finish. We should now see the very first partitioning screen with summary of all of our partitions. Select the 300 MB boot partition from the top and hit Enter:
On the screen shown below highlight “Use As” and hit Enter. From the list select XFS journaling system. Now, highligh Mount point and hit Enter again. From the list select /boot and hit Enter. In the end, everything should look like below
Highlight Done setting up the partition and hit Enter.
We’ll repeat the process for root partition. Highlight the 30.9 GB partition and hit Enter. Now, change Use As to XFS journaling file system and Mount point to “/”:
Select Done setting up the partition and hit Enter.
Now we’re left with swap partition. The process will be slightly different in this case. In “Use As” we select swap area. We won’t be able to select a mount point:
Everything should look like below. If that’s the case, select Finish partitioning and write changes to disk and hit Enter. This will write all our changes to the disk and take us to the next step of installation.
As we hit Yes the installation will begin:
After base packages get installed, we will be asked if we want to scan for another CD. Press No:
And select the mirror country to fetch the packages from:
As well as the actual mirror:
Leave this screen blank and hit Continue:
If everything is configured properly, apt should start configuring itself and fetching some extra packages:
When this step finishes, you can opt-in to participate in a popularity-contest. If you select Yes, some anonymous information about your system will be sent back to maintainers:
When we get to the Software Selection screen, leave everything but last two options unchecked:
This is to ensure that our VM won’t have any unnecessary packages installed. If anything, we can install everything later.
At this screen, hit Yes to install GRUB. This is required. GRUB will boot our system:
Phew! What a ride! If you see the screen posted below, this means everything went fine! Press Continue to boot to your brand new Debian VM!
Now we’ve got that covered, more tutorials will be available soon! Let’s turn our first-born Debian VM into an actual webserver!