Cloud Server

Cloud Server Overview

A cloud server can also be included in your VPN of Nebula devices. Its primary purpose would be to serve as a database for the VPN. Unless you sign-up for a dedicated server, a cloud server typically is an instance of an Operating System, that being Linux, Windows or MacOS. So a cloud server can only be a JAR device. While an instance of an OS has an associated static IP address, it also exists on a LAN with a private IP address. Therefore, when installing a cloud server as a Nebula device on your VPN, be sure to check the Static IP checkbox.


Here are simple rules to follow when integrating a cloud server instance in your VPN.

1. Do not use the instance as Device 1. As stated in the rules for Device 1, “If Device 1 has a public static IP address it must also be able to contact all devices connected to its home network using their private address.” This can be restated as, “If Device 1 uses a static IP all devices connected to it must also have static IPs”. As a developer you can modify the Nebula code to use a cloud device as the Nebula device master database but not as a hub to the home devices.

2. Galixsys Networks has only tested Nebula on a cloud server instance of Ubuntu 18.04. Windows, MacOS and other Linux variations should work the same as their desktop counterparts but as of this writing, have not been tested and consequently are not well supported.

3. Use VNC or X windowing, as detailed here SSH with Xterm to monitor a cloud server or any other headless Nebula device.

4. Launching Nebula on a cloud server instance is the same as any other JAR device.

java -jar /path/to/nebula.jar

Server Setup

Galixsys Networks uses an instance of Ubuntu 18.04 supplied by Amazon Web Services(AWS). If you’re not already an AWS user you can sign up for a free tier trial. You will have to have an AWS account to proceed.

Once you have an AWS account here’s a link to help you find an Ubuntu 18.04 server in your region. Nebula should work fine on 16.04 but we used 18.04 to maintain consistency with our development platforms.

When signing up for the server, especially the first time:
  • Save the email address and password you signed up with.
  • Save the account name you provided and the account ID number Amazon set for you.
When you setup your server instance:
  • Get a new ssh key(.pem file), download it then move it to your home/.ssh folder.
  • Save your Instance ID.
  • Save the Public DNS of your server. Starts with ec2- and ends with .amazonaws.com.
  • Save the IPv4 Public IP address of your server.

Log in to your server from your home directory with:

ssh -i .ssh/<newkeyname>.pem ubuntu@<yourServerPublicDNS>

Update your server:

sudo apt update && sudo apt upgrade

Install java:

sudo apt install openjdk-11-jre-headless

Install the required X packages for xvnc monitoring:

sudo apt install x11-apps xterm

Optional but good idea to remove the default ubuntu user:

$ sudo su //now root user
# adduser <yourname> //with your password
# usermod -aG sudo <yourname> //you're a sudodoer
# cp -r /home/ubuntu/.ssh /home/<yourname> //add ssh key
# chown -R <yourname>:<yourname> /home/<yourname>/.ssh //own .ssh and the key
# su <yourname> //switch to you with your password
$ cd ~ //go to your home
$ ls -Rla .ssh //Check your .ssh and key file ownership
$ sudo su //verify you have sudo privileges with your password
# exit //back from root to you
$ exit //Logout

Log back in to your server with your name:

ssh -XCi .ssh/<newkeyname>.pem <yourname>@<yourPublicDNS>

All OK? Remove user ubuntu and its home directory:

sudo userdel -r ubuntu

You logged with X credentials(-XC) so see if it works.

xeyes

If the eyes follow the mouse pointer, you’re good to go. From a new terminal on your home computer, upload the nebula.jar file to your server home directory.

scp -i .ssh/<newkeyname>.pem /path/to/nebula.jar <yourname>@<yourServerPublicDNS>:/home/<yourname>/

Close the new Terminal and launch Nebula from your cloud server. Above you copied nebula.jar to your home folder.

java -jar ./nebula.jar

It may take a few moments but you should be presented with the Nebula new device installation screen with your Terminal shell showing log information. Now you can treat it as any other Nebula device by connecting it with your VPN Device 1 using the public IP or DNS.