Interwebs.life

Getting a cloud server

host-from-home cloud docker ufw

Your cloud server will act as a proxy from the wider internet back to your local raspberry pi. This post will walk through setting up that server.

Create a droplet on digital ocean #

We’ll be installing docker on this machine, and that’s about it. Instead of doing this ourselves, we can just grab it from the marketplace:

https://marketplace.digitalocean.com/apps/docker

Just click create droplet and walk through the rest of the form. Select the smallest option available ($5).

Secure the server #

Assuming you added your ssh key, you can ssh into the server as root: ssh root@<ip address>

Let’s do the following to secure the server:

# Allow sudo to be used without a password
cat << EOF > /etc/sudoers.d/nopasswd
%sudo ALL=(ALL) NOPASSWD: ALL
EOF

# Create a new user and add it to sudoers
adduser --disabled-password iwbz
usermod -aG sudo iwbz
usermod -aG docker iwbz

# Set up ssh key for new user
sudo cp -R ~/.ssh /home/iwbz
sudo chown -R iwbz:iwbz /home/iwbz
chmod 700 /home/iwbz/.ssh
chmod 400 /home/iwbz/.ssh/authorized_keys

Log out of root, log back in as the new user, and turn off root login in /etc/ssh/sshd_config:

PermitRootLogin no

Set up firewall #

Docker doesn't play nice with ufw out of the box, but we can install a package called ufw-docker to help us manage the settings. First, update the default forward policy in /etc/defaut/ufw:

DEFAULT_FORWARD_POLICY="DROP"

Update ufw rules and install ufw-docker:

# Delete existing docker daemon firewall rules
sudo ufw delete allow 2375/tcp
sudo ufw delete allow 2376/tcp

# Install ufw-docker
sudo wget -O /usr/local/bin/ufw-docker \
  https://github.com/chaifeng/ufw-docker/raw/master/ufw-docker
sudo chmod +x /usr/local/bin/ufw-docker

sudo ufw-docker install

sudo systemctl restart ufw

Test it out #

We can start up an example web server and expose it to the outside world:

# start a webserver on port 2015
docker run --rm -d -p 2015:2015 --name webserver abiosoft/caddy

# expose the web server through the firewall
sudo ufw-docker allow webserver

← Home