How to use the UpCloud API to manage your UpCloud servers.
your
How to use the UpCloud API to manage your UpCloud servers
How to use the UpCloud API to manage your UpCloud servers.
Advertisement:
If you have not read my previous posts I have now moved my blog etc to the awesome UpCloud host. Sign up using this link to get $25 free credit.
I recently compared Digital Ocean, Vultr and UpCloud Disk IO here and UpCloud came out on top by a long way (read the blog post here).
Here is my blog post on moving from Vultr to UpCloud.
Spoiler: UpCloud performance is great.
I have never had an UpCloud page load take longer than 2 seconds since moving.
UpCloud API
UpCloud has an API that we can opt into to using where we can manage servers. Read the official UpCloud API documentation here.
The API allows you to control:
- Accounts
- Pricing
- Zones
- Timezones
- Plans
- Servers
- Storages
- IP-Addresses
- Firewall
- Tags
- etc
Create a sub-account to query the API
You should create a new user account (in the UpCloud dasbboard) just for API access. I created two accounts for use on my server and on my home laptop and my server (and set a limiting IP(s) that can access it).
Create a Sub Account for API Access
Login to your UpCloud account (create an account here and get $25 free credit),
- Click My Accounts,
- Click User Accounts,
- Click Change on your user and enable API connections.
- TIP: Set up an IP rule to limit access to your API for security (I set up a VPN to get a static IP on my dynamic IP Internet host at home)).
- Save the changes
TIP: Lock down the account to have the minimum permissions required.
e.g
- Disable access to the control panel (Untick).
- Allow API Connections (Tick) and specify an IP
- Disable access to billing contact (Untick).
- Disable access to billing section in the control panel (Untick).
- Disable allowing of emails to billing contact (Untick).
- Allow or Remove access to all server (or manually add access to desired servers)
- Allow or Remove access to modify storage (or manually allow or remove access to desired storage)
- etc
Save the account.
Now let’s make our first API call
I use OSX and I use the awesome Paw API testing tool from https://paw.cloud (This is not a plug, they are awesome). Postman is a popular API testing tool too. Any good programing language or CLI will allow you to send API requests.
First, let’s prepare the authorization string (this is a Base64 encoded combination of your username and password) read more here.
- Head over to https://www.base64encode.org/
- Click the Encode tab
- Add your “username:password” (without the quotes).
- Click Encode
A Base64 string will be outputted 🙂
e.g > eW91cmFwaXVzZXJuYW1lOnlvdXJzdXBlcnNlY3VyZXBhc3N3b3Jk
fyi
You can encode also Encode and Decode Base64 from the Ubuntu Command line
Encode Base64 from the CLI Sample
1 2 | echo -n 'yourapiusername:yoursupersecurepassword' | base64 eW91cmFwaXVzZXJuYW1lOnlvdXJzdXBlcnNlY3VyZXBhc3N3b3Jk |
Decode Base64 from the CLI Sample
1 2 | echo `echo eW91cmFwaXVzZXJuYW1lOnlvdXJzdXBlcnNlY3VyZXBhc3N3b3Jk | base64 --decode` yourapiusername:yoursupersecurepassword |
Now we can add an “Authorization Basic” token to the API request in Paw.
A quick test of the UpCloud Prices API endpoint https://api.upcloud.com/1.2/price reveals the API is working.
I can now see a full breakdown of my service prices in JSON 🙂
Query My Account
OK, Let’s see how much credit I have left by querying the https://api.upcloud.com/1.2/account, I duplicated the item in Paw and changed the URL to https://api.upcloud.com/1.2/account but no data returned?
I had to enable “Access to Billing section in Control Panel” for the user before this data returned from the API (make sense).
> HTTP/1.1 200 OK
Query (GET)
1 2 3 4 | GET /1.2/account HTTP/1.1 Host: api.upcloud.com User-Agent: Paw/3.1.7 (Macintosh; OS X/10.13.5) NSURLConnection/1452.23 Authorization: Basic ******************************************* |
Output
1 2 3 4 5 6 7 8 9 10 11 12 13 | HTTP/1.1 200 OK Date: Sun, 17 Jun 2018 04:23:32 GMT Content-Type: application/json; charset=UTF-8 Connection: close Content-Length: 91 Server: Apache { "account" : { "credits" : 2500.00, "username" : "yourapiusername" } } |
”2500.00″ = cents ($25)
Query All of Your Servers
Ok, Let’s get server information by querying https://api.upcloud.com/1.2/server
Query (GET)
1 2 3 4 | GET /1.2/server HTTP/1.1 Host: api.upcloud.com User-Agent: Paw/3.1.7 (Macintosh; OS X/10.13.5) NSURLConnection/1452.23 Authorization: Basic ##############base64hash############## |
Output
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 | HTTP/1.1 200 OK Date: Sun, 17 Jun 2018 04:32:22 GMT Content-Type: application/json; charset=UTF-8 Connection: close Content-Length: 1154 Server: Apache { "servers" : { "server" : [ { "core_number" : "1", "hostname" : "server1nameredacted.com", "license" : 0, "memory_amount" : "2048", "plan" : "1xCPU-2GB", "plan_ipv4_bytes" : "3472464313", "plan_ipv6_bytes" : "166293599", "state" : "started", "tags" : { "tag" : [ "tag1" ] }, "title" : "server1nameredacted.com", "uuid" : "########-####-####-####-############", "zone" : "us-chi1" }, { "core_number" : "1", "hostname" : "server2nameredacted.com", "license" : 0, "memory_amount" : "1024", "plan" : "1xCPU-1GB", "plan_ipv4_bytes" : "198911", "plan_ipv6_bytes" : "19742", "state" : "started", "tags" : { "tag" : [ "tag2" ] }, "title" : "server1nameredacted.com", "uuid" : "########-####-####-####-############", "zone" : "us-chi1" } ] } } |
Query Server Information
I have redated the UUID’s for my servers but once you know them you can query them by hitting https://api.upcloud.com/1.2/server/########-####-####-####-############
Query (GET)
1 2 3 4 | GET /1.2/server/########-####-####-####-############ HTTP/1.1 Host: api.upcloud.com User-Agent: Paw/3.1.7 (Macintosh; OS X/10.13.5) NSURLConnection/1452.23 Authorization: Basic ##############base64hash############## |
Output
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 | HTTP/1.1 200 OK Date: Sun, 17 Jun 2018 04:45:14 GMT Content-Type: application/json; charset=UTF-8 Connection: close Content-Length: 1656 Server: Apache { "server" : { "boot_order" : "cdrom,disk", "core_number" : "1", "firewall" : "on", "host" : redacted, "hostname" : "server1nameredacted.com", "ip_addresses" : { "ip_address" : [ { "access" : "private", "address" : "##.#.#.###", "family" : "IPv4" }, { "access" : "public", "address" : "###.###.###.###", "family" : "IPv4", "part_of_plan" : "yes" }, { "access" : "public", "address" : "####:####:####:####:####:####:########", "family" : "IPv6" } ] }, "license" : 0, "memory_amount" : "2048", "nic_model" : "virtio", "plan" : "1xCPU-2GB", "plan_ipv4_bytes" : "3519033266", "plan_ipv6_bytes" : "168200052", "state" : "started", "storage_devices" : { "storage_device" : [ { "address" : "virtio:0", "boot_disk" : "0", "part_of_plan" : "yes", "storage" : "########-####-####-####-############", "storage_size" : 50, "storage_title" : "system", "type" : "disk" } ] }, "tags" : { "tag" : [ "fearby" ] }, "timezone" : "Australia/Sydney", "title" : "server1nameredacted.com", "uuid" : "########-####-####-####-############", "video_model" : "cirrus", "vnc" : "off", "vnc_password" : "#########################", "zone" : "us-chi1" } } |
The servers name, IPv4 and IPV6 network adapters are listed, CPU(s), Memory, Disk Sized and UUID’s are all visible 🙂
Surprisingly the VNC password is visible (enabling access to the root console).
TIP: Ensure your API account is safe and secure.
Query Storage Information
Now, Let’s query the storage with the GUID from above by querying https://api.upcloud.com/1.2/storage/########-####-####-####-############
Query (GET)
1 2 3 4 | GET /1.2/storage/########-####-####-####-############ HTTP/1.1 Host: api.upcloud.com User-Agent: Paw/3.1.7 (Macintosh; OS X/10.13.5) NSURLConnection/1452.23 Authorization: Basic ##############base64hash############## |
Output
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 | HTTP/1.1 200 OK Date: Sun, 17 Jun 2018 04:53:36 GMT Content-Type: application/json; charset=UTF-8 Connection: close Content-Length: 559 Server: Apache { "storage" : { "access" : "private", "backup_rule" : {}, "backups" : { "backup" : [ "########-####-####-####-############" ] }, "license" : 0, "part_of_plan" : "yes", "servers" : { "server" : [ "########-####-####-####-############" ] }, "size" : 50, "state" : "online", "tier" : "maxiops", "title" : "system", "type" : "normal", "uuid" : "########-####-####-####-############", "zone" : "us-chi1" } } |
I can see information about the storage’s assigned server and backups 🙂
Query Backup Information
Backup storage can be queried with the same storge API endpoint https://api.upcloud.com/1.2/storage/########-####-####-####-############
Query (GET)
1 2 3 4 | GET /1.2/storage/014fd483-ea90-4055-b445-bf2011951999 HTTP/1.1 Host: api.upcloud.com User-Agent: Paw/3.1.7 (Macintosh; OS X/10.13.5) NSURLConnection/1452.23 Authorization: Basic ##############base64hash############## |
Output
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 | HTTP/1.1 200 OK Date: Sun, 17 Jun 2018 05:01:11 GMT Content-Type: application/json; charset=UTF-8 Connection: close Content-Length: 412 Server: Apache { "storage" : { "access" : "private", "created" : "2018-06-16T04:47:56Z", "license" : 0, "origin" : "########-####-####-####-############", "servers" : { "server" : [] }, "size" : 50, "state" : "online", "title" : "On-Demand Backup", "type" : "backup", "uuid" : "########-####-####-####-############", "zone" : "us-chi1" } } |
Rename Backup
One thing that I would like to be able to do is to rename on-demand backups in the UpCloud dashboard (this is not a feature yet) but I can rename manual backup’s in the API though 🙂
Boring “On-Demand Backup” label.
I tried sending JSON to https://api.upcloud.com/1.2/storage/########-####-####-####-############ to rename a backup but kept getting an error?
JSON
{
> “storage”: {
> “title”: “Latest manual backup , Working NGINX, PHP, MySQL w Tweaks”,
> “size”: “50”
> }
> }
Result
> “error_code” : “CONTENT_TYPE_INVALID”,
> “error_message” : “The Content-Type header has an invalid value.”
I googled and found an old manual for UpClouds API (official support here).
I added these missing content type headers (108 was the length in chars of the payload)
1 2 | > Content-Type: application/json; Charset=UTF-8' > Content-Length: 108 |
Still no go?
I think the content length value is wrong, more here.
I fixed it, it turned out I had a semicolon in the Content-Type value. The JSON RFC always assumes that Content-Type is UTF8 encoded (more here).
This Fails
1 | Content-Type: application/json; charset=utf-8 |
This Works
1 | Content-Type: application/json |
Now I can rename my Backup (storage). I manually calculated the length of the JSON payload and added a “Content-Length” header and value.
Query (PUT)
1 2 3 4 5 6 7 8 | PUT /1.2/storage/########-####-####-####-############ HTTP/1.1 Host: api.upcloud.com User-Agent: Paw/3.1.7 (Macintosh; OS X/10.13.5) NSURLConnection/1452.23 Content-Type: application/json Content-Length: 113 Authorization: Basic ##############base64hash############## {"storage":{"size":"50","title":"Latest manual backup , Working NGINX, PHP, MySQL w Tweaks"}} |
Output
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 | HTTP/1.1 202 ACCEPTED Date: Sun, 17 Jun 2018 05:47:02 GMT Content-Type: application/json; charset=UTF-8 Connection: close Content-Length: 453 Server: Apache { "storage" : { "access" : "private", "created" : "2018-06-16T04:47:56Z", "license" : 0, "origin" : "########-####-####-####-############", "servers" : { "server" : [] }, "size" : 50, "state" : "online", "title" : "Latest manual backup , Working NGINX, PHP, MySQL w Tweaks", "type" : "backup", "uuid" : "########-####-####-####-############", "zone" : "us-chi1" } } |
Success 🙂
Create a Backup
Backups can be performed with a “/backup” added to the end of the query string.
Query (POST)
1 2 3 4 5 6 7 8 9 10 11 12 | POST /1.2/storage/########-####-####-####-############/backup HTTP/1.1 Host: api.upcloud.com User-Agent: Paw/3.1.7 (Macintosh; OS X/10.13.5) NSURLConnection/1452.23 Content-Type: application/json Content-Length: 100 Authorization: Basic ##############base64hash############## { "storage": { "title": "Sunday 17th Latest backup , Working NGINX, PHP, MySQL w Tweaks" } } |
Output
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 | HTTP/1.1 201 CREATED Date: Sun, 17 Jun 2018 06:17:35 GMT Content-Type: application/json; charset=UTF-8 Connection: close Content-Length: 487 Server: Apache { "storage" : { "access" : "private", "created" : "2018-06-17T06:17:35Z", "license" : 0, "origin" : "########-####-####-####-############", "progress" : "0", "servers" : { "server" : [] }, "size" : 50, "state" : "maintenance", "title" : "Sunday 17th Latest backup , Working NGINX, PHP, MySQL w Tweaks", "type" : "backup", "uuid" : "########-####-####-####-############", "zone" : "us-chi1" } } |
Success (UpCloud GUI)
Conclusion
UpCloud does have great API docs.
I can easily integrate this into bash scripts to manage my servers via API and a future Java app for managing servers.
Paw does give CURL output to allow me to copy working API’s for use in BASH 🙂
More to come
- BASH Script to Deploy and configure a server on UpCloud via Initalization scripts (or manual) (1 week)
- JAVA App to manage your server (3 months)
If you are signing up for UpCloud please consider using my referral code and get $25 credit for free.
Read my setup guide here.
https://www.upcloud.com/register/?promo=D84793
I hope this guide helps someone.
Ask a question or recommend an article
Revision History
V1.1 updated typo
v1.0 Initial Post.
Write your first Java GUI app
Here is a quick guide that shows how you can create and compile your first Java app with Net Beans.
Advertisement:
I have a number of guides on moving hasting away form CPanel, Setting up VM’s on AWS, Vultr or Digital Ocean along with installing and managing WordPress from the command line. Updating the serves is a pain so I am writing a java app for Windows and OSX to help me manage the server by telnetting in on port 22 and performing routine actions from a button click in Java.
Installing Java and NetBeans IDE
Goto https://netbeans.org/downloads/index.html and click “JDK with NetBeans IDE Java SE bundle”
Download Netbeans and Java SE bundle
Install Netbeans and Java SE bundle
Creating your first GUI Java Application
Create New Project (Java Application) in NetBeans, Click Next
Name the project and set the main class as “main”
Add a new file, a “Swing GUI Form/JFrame form“.
Name the J Frame Form and click Finish.
Adding GUI elements in NetBeans IDE
In the Net Beans IDE, you can simply drag and drop elements. I like to move my properties screen to the bottom centre.
Set the panel at the default startup element
Add the following code to the main.java file
> framemain form = new framemain();
> form.setVisible(true);
Compile the App
The app compiles 🙂
Add an action to a button
You can add button actions (events) in the design mode.
Add Hello World alert box code to the button
Add the following to the Panel code file
> public static void infoBox(String infoMessage, String titleBar)
> {
> JOptionPane.showMessageDialog(null, infoMessage, “InfoBox: ” + titleBar, JOptionPane.INFORMATION_MESSAGE);
> }
Add this to the action (event)
System.out.println(“Hello World”);
> frame1.infoBox(“Hello World”, “Hello World”);
Build
To build right-click on the project and click Clean and Build
The result is an app you can run by double-clicking the jar file.
I hope this helps someone.
Making an OSX APP file from the JAR file
Coming soon
Making a Windows EXE file from the JAR file
Coming soon
I hope this guide helps someone.
Ask a question or recommend an article
Revision History
v1.0 Initial post
How to purchase your own domain name and set up a web server from $5 a month
This guide will show technically minded people how you can purchase your own domain name, set up a web server on Vultr with an online store using WordPress/WooCommerce from $5 a month. Warning this post is technical (if you have never used SSH, Ubuntu, Linux Command Line, hate risk or are not patient then this is NOT the guide you are after).
Advertisement:
Draft Post (released early to share)
I personally recommend (not a paid endorsement) the free WooCommerce plugin for the free WordPress.org CMS on the free Ubuntu Operating system with the free NGINX web server and the free MYSQL database engine and free SSL certificates from Lets Encrypt.
Sorry for using the word free a lot but I like free things. One of the benefits of a using a self-managed server is you get the option to install free software and configure the server how you want and secure it how you want. Truth be told managed ho (e.g CPanel, etc) are in the business of making money via monthly feed, expensive SSL certificates, taxing your transactions or pushing you to higher priced tiers.
Legend:
- Self Managed Server = A server that you create, you configure patch and support (all the reward and risk is owned by you and costs are low).
- Hosted Server = A server you have partial control of and the hosts manage the server and support (You hand away all risk and most of the control and pay for support/features).
I moved to a self-managed server after I was paying $25/m for a poorly performing website and $150/y for a poor quality SSL certificate and a slice of a server that seemed to always say “Usage Limit Exceeded”. Why pay for an insecure website that my visitors could not view because the usage limit was exceeded.
fyi: Fearby.com costs me $10 a month for a server and $5/m for CDN abilities.
CPanel hosts are an option when you don’t want to self-manage a service and take on the hassle but be prepared for server limitations (The image below was taken on an older CPanel based hosts before I moved to a self-managed Vultr server)
I recently discovered a well known and established website hosting service (that I used to use) and a friend is still using is insecure. My friend’s site has a static website on it but the server underneath was very old and insecure. Having a secure web server should be at the top of your list with any self-managed or hosted website (this will help search engine optimization and prevent risks to your website visitors).
Sites like Virus Total, SSL Labs and Alexa Site Info , Qualys are good ways to review a site’s credibility.
fyi: The awesome https://seositecheckup.com/ is awesome for evaluating our sites SEO score.
Before we set up a server with WordPress on your own server let’s quickly look at the alternative commercial ready to go website builders.
Alternative (paid) DIY Website Builders
The following leading commercial sites will allow you to build a site online.
- https://www.wix.com/
- https://www.squarespace.com/
- https://www.shopify.com.au/
- https://www.weebly.com/au
- https://www.wordpress.com
In my opinion, five things matter with setting up site online website.
- Setup Costs, Monthly Cost and Commissions (what are the hidden charges)
- Security (having a food SSL Certificate is key to having a good organic traffic from search engines)
- Site Speed (Having a slow site will impact search engine optimization and drive visitors away)
- Accessibility (if your site is not WCAG accessible it will not rank high on search engines).
- Control (will you be able to do everything you want too, nothing worse than going so far and being limited)
Ok, let’s see how much it will cost to set up a simple business site on the sites above.
Wix
Setup: Goto https://www.wix.com/, Login to Wix, click Create Site, click Business, Click Choose a Template, Edit the page, Click Save, Click “Connect your own customized domain“, Click “Connect a domain you already own“.
I was redirected to a Wix plan pricing page where I need to choose a plan to continue. From what I researched you cant control HTML on Wix so can’t add a MailChimp newsletter signup form so you would have to go with the $24.5/m option to enable Email Campaigns.
I could not see information about included SSL certificates, SEO or other chargers. SSL is free after you pay right?
The Wix editor appears OK (it may take a bit of learning though).
I clicked publish and the site was live
A quick check of the SSL, Accessibility and SEO and no obvious deal breakers here apart from the price and platform lock-in.
I performed a security check on the site with https://freescan.qualys.com (passed)
Conclusion: I hear Wix templates are hard to change so choose your template wisely, A large collection of apps are available that you can add to the site.
Although Wix was nice and it does include a full-featured look at the engine it is not for me ($24/m USD is too expensive).
Squarespace
Squarespace basic websites cost $16/$25 a month or $34/52 for online stores: https://www.squarespace.com/pricing/
Setup a Squarespace website: Goto https://www.squarespace.com/, Click Start a Free Trial, Choose a Template, Create an Account (a quick read of the terms of service and privacy policy, #scary), SpareSpace sites are pre-published?
Loading the webpage on a non-logged-in (with SquareSpace login) browser displays a trial warning. Trial pages are essentially restricted (unlike Wix).
The mobile view does not match the template? I guess the chosen template is more of a vibe and not a template.
Setting up a Squarespace website may take some time. Squarespace does have some nifty advance options in a slide-out menu though.
Because the public view of the page is restricted I cannot scan it with WCAG accessibility tools. Scanning the site performance speeds with gtmetrix also fails.
Squarespace is well known to be difficult to set up a website when compared to other drag and drop editors (but Squarespace sites do look nice).
I am not paying $54/m for a website so let’s move on.
Shopify
Shopify Setup: Goto https://shopify.com and click Create, Sign up and enter your store name. Complete the wizard.
Choose a Shopify Plan
Scalping transactions, no thanks. let’s move on.
Weebly
Weebly Setup: Goto https://www.weebly.com/au and click Get Started under Create Store. Enter your account details and click Create Your Site, enter the name of the store, Click I’m just trying Weebly, click the type of product you will be selling.
Weebly Site Setup
Theme Selection
Choose a Domain
Publish the site
Clicking publish appears to be a dead end.
“Please contact Weebly Support to verify your account”, No Thanks, let’s move on.
One candidate remains and that is WordPress hosted (wordpress.com not wordpress.org).
WordPress.com
WordPress.com offer hosted plans for WordPress in the cloud.
Setup a WordPress site, the only one that removes WordPress branding and allows third-party plugins to be installed it the Business plans for $33 a month.
Setup Basics
Choose a WordPress theme.
Assign a Domain
In order to buy a domain, you need to log in (top right) with an account
My working WordPress account (is no longer working), it was in my password manager.
I seem to be stuck in a signup loop
Time to move on. Time to set up my own server on Vultr and setup WordPress and WooCommerce,
But, before we do, let’s ensure our name is secure online.
Search for your Name/Brand
Do search for your website (or thing) in search engines to see if your name is already taken, don’t buy a domain that is owned or has IP or trademark presence. It is a good idea to use sites like https://namechk.com/ to see if your site or social media is already taken.
namechk.com will allow you to search for name availability online. The name “mything” is not fully available online.
You will want to see all green squares (name available) below before buying a domain name. This looks better.
I would recommend you create your social media accounts before or right after buying your domain. Sites like Twitter will insist on short usernames names so get your social media sites first.
Trademark and Brand Search
Also, perform a trademark and IP search.
Australian Trademark Search: https://search.ipaustralia.gov.au/trademarks/search/quick
United States Trademark Database: https://www.uspto.gov/trademarks-application-process/search-trademark-database
Global brand Search: http://www.wipo.int/branddb/en/
etc
Self Managed Warning
I tend to go the “self-managed server route” and install the free WordPress CMS because:
- I can.
- I am tight.
- I like having full control (usually the best features for online web hosts are hidden behind subscriber tiers, you can install and do whatever you want on your own server like build API’s, distributed MySQL servers, install MongoDB or Redis , use up to date PHP etc).
- I have been stung by CPanel hosts charging $150/y for a crappy SSL certificate (You can set up your own SSL certificate for $0 and set up super secure SSL rules).
- I can manage WordPress via the command line
- I can upgrade the server and restore it whenever I want.
- I can manage my own server performance (e.g setup PHP child workers) or install a Content Delivery Network.
- I can direct domain email to google G Suite, see pricing here.
- etc.
There are many reasons why you would not want to “self-manage” your own server
- Technical Requirements (and time to support).
- Higher Risk.
- Applying Updates and Patches.
- etc.
Being technically minded and choosing a “self-managed web servers” can take away time from the fun stuff like SEO, Site Design, customer needs, branding etc.
Self Managed Costs
For $5 a month you can buy a server with enough memory to install WordPress (cheaper if you don’t need WordPress)
Vultr is great. Vultr does have ready to go servers that you can deploy that have WordPress all set up.
The Vultr template above does use the Centos OS (read my guide setting up Centos on a different service provider here) but I prefer to manually setup a server with Ubuntu 16.04 OS on Vultr.
Wih a $5 server you can do what you want with it. I have blogged before about setting up your own Server. e.g Installing Centos and Ubuntu server on Digital Ocean. Digital Ocean does not have data centres in Australia and this kills scalability. AWS is good but 4x the price of Vultr. I have blogged about setting up and AWS server here (and upgrading an AWS instance). I tried to check out Alibaba Cloud but the verification process was broken so I decided to check our Vultr.
Manual Setup of Vultr on an Ubuntu 16.04 server
- Deploy a Vultr Server – Guide here ($2.5/m to New Jersey or Florida or $5/m to Sydney, I would recommend you opt in for the auto backup for $0.50c/m and $1/m respectively).
- Setup NGINX.
- Setup PHP and PHP-FPM (see guide above), consider adding PHP child workers.
- Setup and secure MySQL (see guide above), create a database for WordPress to use.
- Instal Adminder MySQL GUI (guide here).
- Setup a free Lets Encrypt SSL certificate (guide here).
- Install WordPress (and Jetpack plugin).
- Install WordPress CLI.
- Instal the WooCommerce Storefront WordPress Theme.
- Install WooCommerce Plugin.
- Secure Ubuntu.
- Also consider linking your domain to Cloudflare to boost performance, scanning your site with Qualys Freescan and OWASP ZAP).
- Consider setting up a WordPress image compressor and CDN plugin. like EWWW.io
Manual WooCommerce Plugin Setup
Once you setup Woocommerce you can setup the store defaults. Goto the WordPress dashboard and click WooCommerce Settings
Settings – General
- Set Address, City and State and Postcode
- Set allowed countries to sell in (e.g Australia)
- Set allowed countries to ship items to (e.g Australia)
- Set Enable Taxes
- Set Currency
- etc
Settings – Products
- Set Weight
- Set Dimensions
- Enable Product Reviews
- Enable Star Ratings on Reviews
- etc
Settings – Shipping
- Enable Shipping Calculator
- Add Shipping Classes
- Shipping Zones
- etc.
Settings – Checkout
- Force Secure Checkup
- Create a Terms and Conditions page (and set).
- etc
Settings – Account
- Set Account Options
- etc
Settings – Emails
- Set Email Preferences
- Set Email Header Image
- Set Email Colour
- Set Footer Text
- etc
Settings – API
- API can be disabled if you don’t need it.
Optional Actions
- Setup Yoast Plugin
- Setup other plugins
Instaling a Woo Commerce Child Theme
Goto https://woocommerce.com/product-category/themes/storefront-child-theme-themes/ and choose a theme.
Purchase and Install the desired child theme (I uploaded it to my /wp-content/themes/ folder with forklift). I chose a free deli theme.
Goto your WordPress then themes folder and activate your new child theme.
Post Site Setup
Just because your site is live does not mean you can rest.
SEO Optimization
Do use sites like https://seositecheckup.com/ and follow recommended actions to improve your SEO like updating meta tags.
More Reading
Attaching an email to your domain
You can pay $5 a month and link a G Suite email to your domain.
- Dedicated professional Google G Suite email account for $5 a month with 30GB storage (If you don’t want ot to buy a G Suite email and link it to your domain then you don’t need this).
Once you have a G Suite account you can link other domains (and domain emails) to it. You can login to your G Suite emails via G Mail and send emails from apps or the command line.
Why Vultr
I use the server host Vultr as they have data centres all around the world and the support of great, Digital Ocean is good too but they don’t have data centres in my country (Australia). Vultr allows you to deploy all over the world upgrade servers, move servers, add storage and restore servers.
Alternatively, you can buy a $2.5/m server and generate a static website
I use the Platforma Web HTML generator to build mobile and WCAG compliant websites.
Buying a domain, I buy my domains from https://www.namecheap.com/ it is a good idea to look for coupons first at https://www.namecheap.com/promos/coupons.aspx before buying a domain.
Once you buy a domain you can point it to a Vultr server and upload your website.
I hope this helps someone.
Donate and make this blog better
Ask a question or recommend an article
Revision History
v.1.2 WordPress WooCommerce
v1.1 SEO
v1.0 Initial Draft
Using the Qualys FreeScan Scanner to test your website for online vulnerabilities
It is possible to deploy a server in minutes to hours but it can take days to secure. What tools can you use to help identify what to secure on your website?
Advertisement:
I have a number of guides on moving hasting away form CPanel, Setting up VM’s on AWS, Vultr or Digital Ocean along with installing and managing WordPress from the command line, installing a Free SSL certificate and setting up SSL security.
Security Tools
- https://asafaweb.com/ is a good tool for quick scanning
- Kali Linux has a number of security tools you can use.
- You can run a system audit Lynis Audit.
- Checking your site for vulnerabilities with Zap.
- Run a Gravity Scan malware and supply chain scan
- Use Qualys SSL scan to test your SSL certificate: https://www.ssllabs.com/ssltest/
Qualys SSL Labs SSL Tester is the best tool for checking an SSL certificate strength
Most people don’t know Qualys also has another free (limited to 10 scans) vulnerability scanner for websites.
Goto https://freescan.qualys.com/ and click Start your free account.
Complete the signup form
Now check your email to login and confirm your email account
Login now from the email.
Create a password (why the 25 char max Qualys?)
Enter your website URL and click Scan
The scan can take hours
While the scan was being performed I noticed that Qualys offers alerts (I’ll check this out later): https://www.qualys.com/research/security-alerts/
Yes, the scan can take hours, take a walk or read other posts here.
The scan is almost complete
Yay, my latest scan revealed 0 High, 0 Medium and 0 Low-risk vulnerabilities.
It did report 23 informational alerts like “Firewall Detected“.
Threat Report Results
Patch Report Results
This report was empty (probably because I don’t run Windows)
Threat Report Results
The OWASP report contained partial scan results (maybe the full report is available to pro users)
Previous Scan Results
The Qualys dashboard will show all past scans.
My first scan showed a Low priority issue with the /wp-login.php page as the input fields did not have “autocomplete=”off””, I fixed this by adding “autocomplete=”off”” the removing the page (safer).
The second scan found two issues with cookies (possibly ad banner cookies) and 2 subfolders that I created in past development exercises. I deleted the two sub-folders that were not needed.
The third scan was clean.
Here is a scan of a static website of a friends server (static can be less secure if the server underneath is old or unpatched).
Happy scanning. I hope this guide helps someone.
Ask a question or recommend an article
Revision History
v1.1 Static Web Server Scan
v1.0 Initial post
Using OWASP ZAP GUI to scan your Applications for security issues
OWASP is a non-profit that lists the Top Ten Most Critical Web Application Security Risks, they also have a GUI Java tool called OWASP Zap that you can use to check your apps for security issue.
Advertisement:
I have a number of guides on moving hosting away form CPanel , Setting up VM’s on AWS, Vultr or Digital Ocean along with installing and managing WordPress from the command line. It is important that you always update your site and software and test your sites and software for vulnerabilities. Zap is free and completely open source.
Disclaimer, I am not an expert (this Zap post and my past Kali Linux guide will be updated as I learn more).
OWASP Top 10
OWASP has a top 10 list of things to review.
Download the OWASP 10 10 Application security risks PDF here form here.
Using the free OWASP Zap Tool
Snip from https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
“The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers*. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. It’s also a great tool for experienced pentesters to use for manual security testing.”
Zap Overview
Here is a quick demo of Zap in action.
Do check out the official Zap videos on youtube: https://www.youtube.com/user/OWASPGLOBAL/videos if you want to learn more.
Installing Zap
Download Zap from here.
Download Options
Download contents
Copy to the app to the OSX Application folder
App Installed
Open OSX’s Privacy and Security screen and click Open Anyway
OWASP Zap is now Installed
Ready for a Scan
But before we do let’s check out the Options
OWASP Zap allows you to label reports to ad from anyone you want.
Now let’s update the program and plugins, Click Manage Add-ons
Click Update All to Update addons
I clicked Update All
Installed some plugins
Zap is Ready
Add a site and right click on the site and you can perform an active scan or port scan.
First Scan (https failed)
I enabled unsafe SSL/TLS Renegotiation.
This did not work and this guide said I needed to install the “Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files” from here.
The extract files to /Library/Java/JavaVirtualMachines/%your_jdk%/Contents/Home/jre/lib/security
I restarted OWASP Zap and tried to scan my site buy it appears Cloudflare (that I recently set up) was blocking my scans and reported error 403. I decided to scan another site of mine that was not on Cloudflare but had the same Lets Encrypt style SSL cert.
fyi: I own and set up the site I queried below.
OWASP Zap scan performed over 800 requests and tried traversal exploits and many other checks. Do repair any major failures you find.
Generating a Report
To generate a report click Report then the appropriate generation menu of choice.
FYI: The High Priority Alert is a false positive with an HTML item being mistaken for a CC number.
I hope this guide helps someone. Happy software/server hardening and good luck.
More Reading
Check out my Kali Linux guide.
Ask a question or recommend an article
Revision History
V1.3 fixed hasting typo.
v1.2 False Positive
v1.1 updated main features
v1.0 Initial post
Setting up the Debian Kali Linux distro to perform penetration testing of your systems
This post will show you how to setup the Kali Linux distro to perform penetration testing of your systems
Advertisement:
I have a number of guides on moving hasting away form CPanel, Setting up VM’s on AWS, Vultr or Digital Ocean along with installing and managing WordPress from the command line. Securing your systems is very important (don’t stop) and keep learning (securing ubuntu in the cloud, securing checklist, run a Lynis system audit etc)
snip from: https://www.kali.org/about-us/
“Kali Linux is an open source project that is maintained and funded by Offensive Security, a provider of world-class information security training and penetration testing services. In addition to Kali Linux, Offensive Security also maintains the Exploit Database and the free online course, Metasploit Unleashed.”
Download Kali
I downloaded the torrent version (as the HTTP version kept stopping (even on 50/20 NBN).
After the download finished I checked the SHA sum to verify it’a integrity
1 2 3 | cd /Users/username/Downloads/kali-linux-2018.1-amd64 shasum -a 256 ./kali-linux-2018.1-amd64.iso ed88466834ceeba65f426235ec191fb3580f71d50364ac5131daec1bf976b317 ./kali-linux-2018.1-amd64.iso |
A least it matched the known (or hacked) hash here.
Installing Parallels in a VM on OSX
I use Parallels 11 on OSX to set up a VM os Demina Kali, you can use VirtualBox, VMWare etc.
Hardware: 2x CPU, 2048MB Ram, 32MB Graphics, 64GB Disk.
I selected Graphical Install (English, Australia, American English, host: kali, network: hyrule, New South Wales, Partition: Guided – entire disk, Default, Default, Default, Continue, Yes, Network Mirror: Yes, No Proxy, Installed GRUB bootloader on VM HD.
Post Install
Install Parallel Tools
Official Guide: https://kb.parallels.com/en/123968
I opened the VM then selected the Actions then Install Parallels Tools, this mounted /media/cdrom/, I copied all contents to /temp/
As recommended by the Parallels instal bash script I updated headers.
1 | apt install linux-headers-4.14.0-kali1-amd64 |
Then the following from https://kb.parallels.com/en/123968
1 2 3 4 5 | apt-get clean apt-get update apt-get upgrade -y apt-get dist-upgrade -y apt-get install dkms kpartx printer-driver-postscript-hp |
Parallels will not install, I think I need to upgrade to parallel 12 or 12 as the printer driver detection is not detecting (even though it is installed).
Installing Google Chrome
I used the video below
I have to run chrome with
1 | /usr/bin/gogole-chrome-stable %U --no-sandbox --user-data=dir & |
It works.
Running your first remote vulnerability scan in Kali
I found this video useful in helping me scan and check my systems for exploits
Simple exploit search in Armitage (metasploit)
A quick scan of my server revealed three ports open and (22, 80 and 443). Port 80 redirects to 443 and port 22 is firewalled. I have WordPress and exploits I rued failed to work thanks to patching (always stay ahead of patching and updating of software and the OS.
Without knowing what I was doing I was able to check my WordPress against known exploits. 
If you open the Check Exploits menu at the end of the Attacks menu you can do a bulk exploit check.
WP Scan
Kali also comes with a WordPress scanner
1 | wpscan --url https://fearby.com |
This will try and output everything from your web server and WordPress plugins.
/xmlrpc.php was found and I was advised to deny access to that file in NGINX. xmlrpc.php is ok but can be used in denial of service attacks.
1 2 3 4 5 | location = /xmlrpc.php { deny all; access_log off; log_not_found off; } |
I had a hit for a vulnerability in a Youtube Embed plugin but I had a patched version.
TIP: Check your WordPress often.
More to come (Draft Post).
- OWASP scanner
- WPSCAN
- Ethical Hacker modules
- Cybrary training
- Sent tips to @FearbySoftware
Tips
Don’t have unwanted ports open, securely installed software, Use unattended security updates in Ubuntu, update WordPress frequently and limit plugins and also consider running more verbose audit tools like Lynis.
More Reading
Read my OWASP Zap guide on application testing and Cloudflare guide.
I hope this guide helps someone.
Ask a question or recommend an article
Revision History
v1.2 added More Reading links.
v1.1 Added bulk exploit check.
v1.0 Initial post
Using the free Adminer GUI for MySQL on your website
Adminer is a free GUI tool that can you can easily install on a PHP web server. Adminer allows you to easily connect to your MySQL instance, create databases/tables/indexes/rows and backup/import databases and much more.
Advertisement:
You can read my other posts on Useful Linux Terminal Commands and Useful OSX Terminal Commands.
I used to use phpMyAdmin to manage MySQL databases on AWS, Digital Ocean and Vultr but switched to Adminer due to forgotten issues. You can always manage MySQL via command line but that is quite boring.
The below screenshots were taken on my local Development Mac Laptop (with optional OSX Apache SSL Setup (that reports “Not Secure” (but it is good enough to use locally)). I prefer to code in SSL and warn when SSL is not detected.
Downloading and Installing Adminer
Navigate to https://www.adminer.org/ and click Download.
Click English only (.php file)
Save the Adminder for MySQL (.php) file to your web server and give it a random name and put in a folder also with a random name (I use https://www.grc.com/passwords.htm to generate strong password).
Tip: Uploading this file to a live serve offers hackers and unauthorized people potential access to your MySQL server. I would remove this file from live serves when you are not using it not to be sure.
Tip: Read my guide here on setting up NGINX, MySQL and PHP here. Basically I did this to setup MySQL on Ubuntu 16.04.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 | sudo apt-get install mysql-common sudo apt-get install mysql-server mysql --version >mysql Ver 14.14 Distrib 5.7.19, for Linux (x86_64) using EditLine wrapper sudo mysql_secure_installation >Y (Valitate plugin) >2 (Strong passwords) >N (Don't chnage root password) >Y (Remove anon accounts) >Y (No remote root login) >Y (Remove test DB) >Y (Reload) service mysql status > mysql.service - MySQL Community Server |
TIP: Ensure MySQL is secure and has a good root password, also consider setting up Ubuntu Firewalls and Securing Ubuntu. Also ensure the Server is patched and does not have exploits like Spectre and meltdown.
Now you can access your Admirer php file on your Web Server (hopefully with an obfiscated name).
Login to Adminer with your MySQL root password.
Click Create databaase
Give the database a name and choose the character coding standard (e.g UTF8 ceneral ci). Different standards have different performance impacts too.
Now that you have a database you can create a table.
Consider adding an auto-incrementing ID and say a Key and Value varchar column.
When the table is created you can add a row to the table.
I created one with a “TestKey” and “TestValue” row.
The row was inserted.
The final thing to do is add a database user that code can connect to the database with. Click Privileges.
Click Create user
Tick All privileges and click Save
Now the user is added to the database
Let’s create a PHP file and talk to the database. Let’s use parameterized queries
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 | <?php date_default_timezone_set('Australia/Sydney'); echo "Last modified: " . date ("F d Y H:i:s.", getlastmod()) . "<br /><br />"; // Turn on if you need to see errors // error_reporting(E_ALL); // ini_set('display_errors', 0); $dbhost = '127.0.0.1'; $dbname = 'dbtest'; $dbusername = 'dbtestuser'; $dbpassword = '*****************************************''; $con = mysqli_connect($dbhost, $dbusername, $dbpassword, $dbname); // Turn on debug stuff if you need it // echo var_dump($con); // printf(" - Error: %s.n", $stmt->error); if($con->connect_errno > 0){ printf(" - Error: %s.n", $stmt->error); die("Error: Unable to connect to MySQL"); } else { echo "Charset set to utf8<br />"; mysqli_set_charset($con,"utf8"); } if (!$con) { echo "Error: Unable to connect to MySQL (E002)" . PHP_EOL; echo "Debugging errno: " . mysqli_connect_errno() . PHP_EOL; echo "Debugging error: " . mysqli_connect_error() . PHP_EOL; exit; } else { echo "Database Connection OK<br />"; echo " Success: A proper connection to MySQL was made! The $dbname database is great." . PHP_EOL . "<br />"; echo " - Host information: " . mysqli_get_host_info($con) . PHP_EOL . "<br />"; echo " - Server Info: '" . mysqli_get_server_info($con) . "'<br />"; echo " - Server Protocol Info : ". mysqli_get_proto_info($con) . "<br />"; echo " - Server Version: " . mysqli_get_server_version($con) . "<br />"; //echo " - Server Connection Stats: " . print_r(vmysqli_get_connection_stats($con)) . "<br />"; echo " - Client Version: " . mysqli_get_client_version($con) . "<br />"; echo " - Client Info: '" . mysqli_get_client_info() . "'<br />"; echo "Ready to Query the database '$dbname'.<br />"; // Input Var's that are parameterized/bound into the query statement $in_key = mysqli_real_escape_string($con, 'TestKey'); // Output Var's that the query fills after querying the database // These variables will be filled with data from the current returned row $out_id = ""; $out_key = ""; $out_value = ""; echo "1. About to query the database: '$dbname'<br />"; $stmt = mysqli_stmt_init($con); $sql = "SELECT testid, testkey, testvalue FROM tbtest WHERE testkey = ?"; echo "SQL: $sql (In = $in_key)<br /"; if (mysqli_stmt_prepare($stmt, $sql)) { echo "2. Query Returned<br />"; /* Type specification chars Character Description i corresponding variable has type integer d corresponding variable has type double s corresponding variable has type string b corresponding variable is a blob and will be sent in packets */ mysqli_stmt_bind_param($stmt, 's', $in_key); mysqli_stmt_execute($stmt); mysqli_stmt_bind_result($stmt, $out_id, $out_key, $out_value); mysqli_stmt_fetch($stmt); // Do something with the 1st returned row echo " - Row: ID: $out_id, KEY: $out_key, VAL: $out_value <br />";// // Do we have more rows to process while($stmt->fetch()) { // Output returned values echo " - Row: ID: $out_id, KEY: $out_key, VAL: $out_value <br />";// } mysqli_stmt_close($stmt); echo "Done<br />"; } else { echo "3. Error Querying<br/>"; printf(" - Error: %s.n", $stmt->error); } } ?> |
Result
If you don’t have a server check out my guides on AWS, Digital Ocean and Vultr.
Happy coding and I hope this helps someone.
Donate and make this blog better
Ask a question or recommend an article
Revision History
v1.0 Initial Version
Using TG Pro to Manage Mac Book Pro Temps (and find your max working load)
I blogged about opening my Mac Book Pro and removing dust here. Here is a review of the TG Pro software from Tuna Belly Software. Below I show how you can stress test your Mac help find it’s thermal limits (and manage fan speeds with TG Pro).
Advertisement:
You can download TG Pro from here: https://www.tunabellysoftware.com/tgpro/
Stress Test your Mac
On OSX
- Open TG Pro (right).
- Open 4x terminal windows (blue) for the stress testing tool (yes).
- Open 1x terminal windows (green) for the top command line task manager.
- Open Activity Monitor (bottom left)
Once you start the stress testing tool you will need to manually end task the “yes” processes or reboot your Mac.
In each of the (blue) Terminal windows type: yes > /dev/null &
You will need to fire up as many top processes as required (depending on your processor) to get to 100% CPU activity in Activity Monitor.
You will see 4x process ID’s outputted in the blue terminal windows (remember these as you will need the process ID’s to kill the processes). The process ID is also shown in the green windows below. Failing this you can end task processes in Activity Monitor GUI.
With stock cooling profiles (Apple) in action, CPU temps jump to the low 90’s.
I clicked Auto Boost in TG Pro and temps jump down 10c each core. This was still with the stress test in action.
What will TG Pro – Auto Boost in Idle situations due to CPU temperatures? Instead of High 50ciI am getting Low 40’s. Nice.
Other TG Pro Options
What else can TG Pro do?
TG Pro can alert you when the CPU gets too hot.
TG Pro – Startup and update options.
TG Pro – Notification area options.
TG Pro – Celcius/Fahrenheit options etc.
TG Pro – Notification Options.
TG Pro – Logging Options.
TG Pro – I personally like these temperature/fan ramping configuration.
TG Pro – Updates Screen
TG Pro is awesome software and I use it to auto boost my Mac Book Pro fans post cleaning dust and reapplying thermal paste on my CPU/GPU. I paid for the software used in this review (this is not a paid review).
Hope this helps someone.
Donate and make this blog better
Ask a question or recommend an article
Revision History
v1.0 Initial Post
Building your first app on Heroku
Below is my blog post on setting up a hello world app on Heroku that is powered by a database (e.g Client requests a page, the page reads a database and return hello world).
Advertisement:
I found IBM/Cloudant would cost multiple thousands a month to run a good NoSQL database backend, I moved to a self-managed server on Digital Ocean in Singapore but the distance of the server killed latency and maximum throughput in Australia. I moved to a dedicated AWS EC2 instance with a Mongo DB cluster on AWS in Australia and it was great but pricey. A self-managed server (on Digital Ocean or Vultr) allows you to install whatever you want (e.g PHP, MySQL, MongoDB, Redis, SSL Certificate, Mail or WordPress) and configure what you want (but at what cost?).
Heroku say: “Get straight to building apps – Setting up, operating and maintaining your own platform is not where the race is won. Avoid the risk and complexity, and dedicate your energy to what really matters: building great apps.”.
Having setup serves on IBM Cloudant, Digital Ocean, AWS and Vultr (and even managing with RunCoud and Webmin) and not focusing on a self-managed server-issues like security, backup, security audits, upgrading PHP, updating ssl, setting up distributed mysql, updating https certificates etc sounds like the holy grail.
Let’s put that to the tets and build a Hello World App.
About Heroku
Heroku have a page here about what they offer.
Sign up for Free: https://signup.heroku.com
Programming Languages (Ruby, PHP, Python, NodeJS, Java, Cloujure, Scala, Go etc). I so wanted to select “I’m not a developer” but I won’t. I selected NodeJS.
Next: Verify your email, enter a password and you’ll find yourself here.
Now we can create an app?
Help
Ok, let’s skim the NodeJS help before we start: https://devcenter.heroku.com/articles/getting-started-with-nodejs#set-up
Let’s download the Command Line tools
Installing Heroku CLI on OSX was uneventful
I clicked the “I have installed the Heroku CLI” button.
Heroku wanted me to clone a repo but I logged in to Heroku the Heroku CLI and created a local Heroku folder first (in my local Terminal).
1 2 3 4 5 6 7 8 9 10 | Last login: Sat Nov 25 18:54:43 on ttys000 192-168-1-200:~ username$ mkdir ~/Desktop/heroku 192-168-1-200:~ username$ cd ~/Desktop/heroku 192-168-1-200:heroku simon$ pwd /Users/username/Desktop/heroku 192-168-1-200:~ username$ heroku login heroku-cli: Updating to 6.14.38-9bfc11a... 12.7 MB/12.7 MB Enter your Heroku credentials: Email: removed@removed.com Password: ******************************************************* |
I checked the Heroku Version
1 2 | heroku --version heroku-cli/6.14.38-9bfc11a (darwin-x64) node-v9.2.0 |
I checked Heroku Help
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 | heroku --help Usage: heroku COMMAND Help topics, type heroku help TOPIC for more details: access manage user access to apps addons tools and services for developing, extending, and operating your app apps manage apps auth heroku authentication authorizations OAuth authorizations buildpacks manage the buildpacks for an app certs a topic for the ssl plugin ci run an application test suite on Heroku clients OAuth clients on the platform config manage app config vars container Use containers to build and deploy Heroku apps domains manage the domains for an app drains list all log drains features manage optional features git manage local git repository for app keys manage ssh keys labs experimental features local run heroku app locally logs display recent log output maintenance manage maintenance mode for an app members manage organization members notifications display notifications orgs manage organizations pg manage postgresql databases pipelines manage collections of apps in pipelines plugins manage plugins ps manage dynos (dynos, workers) redis manage heroku redis instances regions list available regions releases manage app releases run run a one-off process inside a Heroku dyno sessions OAuth sessions spaces manage heroku private spaces status status of the Heroku platform teams manage teams update update CLI webhooks setup HTTP notifications of app activity |
I ran the advised commands
1 2 | git clone https://github.com/heroku/node-js-getting-started.git cd node-js-getting-started |
At this point, I followed the steps at https://devcenter.heroku.com/articles/getting-started-with-nodejs#deploy-the-app
Ran
1 2 3 | heroku create Creating app... done, ⬢ fathomless-anchorage-##### https://fathomless-anchorage-##removed##.herokuapp.com/ | https://git.heroku.com/fathomless-anchorage-70974.git |
The website is up
Where is this app located
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 | traceroute fathomless-anchorage-70974.herokuapp.com traceroute: Warning: fathomless-anchorage-70974.herokuapp.com has multiple addresses; using 54.243.121.236 traceroute to us-east-1-a.route.herokuapp.com (54.243.121.236), 64 hops max, 52 byte packets 1 192-168-1-1 (192.168.1.1) 1.045 ms 1.121 ms 0.727 ms 2 10.20.23.227 (10.20.23.227) 34.415 ms 30.378 ms 26.927 ms 3 syd-gls-har-agr11-be-12 (202.7.205.13) 42.363 ms 42.957 ms 35.670 ms 4 203-221-3-3 (203.221.3.3) 37.517 ms 203-221-3-4 (203.221.3.4) 29.832 ms 203-221-3-67 (203.221.3.67) 29.412 ms 5 10ge4-11.core1.sjc1.he.net (72.52.101.37) 208.270 ms 213.679 ms las-b24-link.telia.net (213.248.95.232) 181.162 ms 6 las-b21-link.telia.net (62.115.136.46) 173.171 ms 100ge1-1.core1.sjc2.he.net (184.105.65.114) 208.705 ms 10ge7-2.core1.sjc2.he.net (72.52.92.118) 212.061 ms 7 dls-b21-link.telia.net (62.115.137.106) 205.615 ms 100ge2-1.core4.fmt2.he.net (184.105.213.158) 204.186 ms dls-b21-link.telia.net (62.115.123.136) 204.317 ms 8 a100us-ic-303626-dls-bb1.c.telia.net (62.115.36.38) 332.192 ms 205.536 ms 100ge11-1.core1.dal1.he.net (184.105.64.222) 241.649 ms 9 176.32.125.172 (176.32.125.172) 209.481 ms 176.32.125.212 (176.32.125.212) 223.887 ms 176.32.125.164 (176.32.125.164) 205.608 ms 10 176.32.125.169 (176.32.125.169) 205.849 ms 176.32.125.150 (176.32.125.150) 274.887 ms 176.32.125.167 (176.32.125.167) 230.285 ms 11 * 176.32.125.241 (176.32.125.241) 232.125 ms * 12 * * 54.240.229.175 (54.240.229.175) 231.710 ms 13 * 54.240.229.171 (54.240.229.171) 239.321 ms * 14 * * * 15 *^C |
Traceroute times out but appears to be in the eastern United States (AWS).
Q1) Can I change to Sydney Australia?
Waiting for an answer from Twitter.
Virginia is a long way away.
It’s all good apart from on weak cipher (“TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) WEAK (112)“).
A shodan scan of the IP reveals an open port 80 and 443 (as expected, nothing out of the ordinary)
Pushing Changes
I ran this to push the app.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 | cd /Users/username/Desktop/heroku/node-js-getting-started git push heroku masterCounting objects: 488, done. Delta compression using up to 8 threads. Compressing objects: 100% (367/367), done. Writing objects: 100% (488/488), 231.76 KiB | 231.76 MiB/s, done. Total 488 (delta 86), reused 488 (delta 86) remote: Compressing source files... done. remote: Building source: remote: remote: -----> Node.js app detected remote: remote: -----> Creating runtime environment remote: remote: NPM_CONFIG_LOGLEVEL=error remote: NPM_CONFIG_PRODUCTION=true remote: NODE_VERBOSE=false remote: NODE_ENV=production remote: NODE_MODULES_CACHE=true remote: remote: -----> Installing binaries remote: engines.node (package.json): 8.9.1 remote: engines.npm (package.json): unspecified (use default) remote: remote: Resolving node version 8.9.1... remote: Downloading and installing node 8.9.1... remote: Using default npm version: 5.5.1 remote: remote: -----> Restoring cache remote: Skipping cache restore (not-found) remote: remote: -----> Building dependencies remote: Installing node modules (package.json) remote: added 49 packages in 1.686s remote: remote: -----> Caching build remote: Clearing previous node cache remote: Saving 2 cacheDirectories (default): remote: - node_modules remote: - bower_components (nothing to cache) remote: remote: -----> Build succeeded! remote: -----> Discovering process types remote: Procfile declares types -> web remote: remote: -----> Compressing... remote: Done: 17.7M remote: -----> Launching... remote: Released v3 remote: https://fathomless-anchorage-#####.herokuapp.com/ deployed to Heroku remote: remote: Verifying deploy... done. To https://git.heroku.com/fathomless-anchorage-#####.git * [new branch] master -> master |
I ran this to ensure the app was running
1 2 | heroku ps:scale web=1 Scaling dynos... done, now running web at 1:Free |
I ran this to open the app
1 | heroku open |
This opened the apps URL in a browser.
A nice help page was pushed to my app.
I changed the contents of “node-js-getting-started/views/pages/index.ejs” and repushed.
1 2 3 | git push heroku master heroku ps:scale web=1 heroku open |
It reported “Everything up-to-date“???
I tried to force a push (just in-case something on the server was changed)
1 2 | git push --force heroku master Everything up-to-date |
???
Ok, let’s pull and see what’s new?
1 2 3 4 | git pull heroku master From https://git.heroku.com/fathomless-anchorage-##### * branch master -> FETCH_HEAD Already up-to-date. |
I edited “./index.js” and made the entry point “pages/index2.ejs” and tried to push and no luck.
1 | Everything up-to-date |
I tried running push under sudo too (no luck)
Googling revealed I can go to https://dashboard.heroku.com/apps/YOUR-APP/deploy/heroku-gi and see what the issue is.
I logged into the app and could not find how to delete or edit it?
At this point, I would have just ssh’ed in and restarted the node process in pm2 or node on my own self-managed server and edited remote files locally in sublime on my local machine.
Personally, I like to know where files live and not delve into another designers management interface.
I’ll come back to this guide later until then I’ll stick with Digital Ocean or Vultr
Linking to your own Domain on Heroku
It looks like I can use custom domains via Namecheap to link a domain to a heroku app.
Or you can setup a domain sub domain to point to a heroku app with a DNS C Name record.
Database Setup
Todo..
Node talking to the database.
Todo..
App Cost on Heroku
todo: After Hello World is deployed. Digital Ocean (is as low as $5 a month) or Vultr (is as low as $2.5 a month)
Donate and make this blog better
Ask a question or recommend an article
Revision History
v1.4 added custom domain, database, CNAME info
etc