Difference between revisions of "Ubuntu Virtual Servers"
Perspectoff (talk | contribs) (→Changing the SSH port) |
Perspectoff (talk | contribs) |
||
Line 8: | Line 8: | ||
Your router's configuration utility (often accessible from a web browser) allows you to configure "NAT port forwarding" so that traffic arriving at a certain port (such as port 22) will be "forwarded" to a specific server on the LAN (which will have its own unique IP address within the LAN). | Your router's configuration utility (often accessible from a web browser) allows you to configure "NAT port forwarding" so that traffic arriving at a certain port (such as port 22) will be "forwarded" to a specific server on the LAN (which will have its own unique IP address within the LAN). | ||
− | With Astronaut, all communications are sent through a secure SSH tunnel. By convention, SSH communications are usually sent on port 22 (but that can be changed). If you only have one SSH server on your LAN, using port 22 will be fine. However, if there are more than one SSH servers on your LAN, or if you want a modicum of greater security, then a [[ | + | With Astronaut, all communications are sent through a secure SSH tunnel. By convention, SSH communications are usually sent on port 22 (but that [[Changing_the_Astronaut_SSH_port|can be changed]]). If you only have one SSH server on your LAN, using port 22 will be fine. However, if there are more than one SSH servers on your LAN, or if you want a modicum of greater security, then a [[Changing_the_Astronaut_SSH_port|different port can be used for SSH]].) |
== Edit the virtual hosts file in the Ubuntu server == | == Edit the virtual hosts file in the Ubuntu server == |
Revision as of 21:15, 6 February 2010
(This entire section is under construction.)
The idea is to use a URL (such as worldvista.myoffice.org) for your site (that is registered on an Internet DNS (Domain Name Server)) to access the VistA server, instead of using the actual IP address of the server. Most configurations involve a LAN, and usually the registered URL will point not to the (LAN) IP address of the server itself (within the LAN), but to the (WAN, or Internet) IP address of the router. Therefore, communications arriving at the router must be forwarded from the router (connected to the Internet) to the server (within the LAN) properly.
NAT
Consumer-grade routers generally use NAT port-forwarding to send traffic that arrives at the router to a specific server within the LAN (such as the one hosting the VistA server). Certain types of traffic can be designated as flowing over "ports" and (in the simplest scenario) a specific server can be designated as the destination on the LAN to which all the traffic over a specific port will be sent.
Your router's configuration utility (often accessible from a web browser) allows you to configure "NAT port forwarding" so that traffic arriving at a certain port (such as port 22) will be "forwarded" to a specific server on the LAN (which will have its own unique IP address within the LAN).
With Astronaut, all communications are sent through a secure SSH tunnel. By convention, SSH communications are usually sent on port 22 (but that can be changed). If you only have one SSH server on your LAN, using port 22 will be fine. However, if there are more than one SSH servers on your LAN, or if you want a modicum of greater security, then a different port can be used for SSH.)
Edit the virtual hosts file in the Ubuntu server
The virtual host file tells the server to expect traffic arriving with the URL (worldvista.myoffice.org), and that it is indeed meant for server communications through port 22.
This step is not strictly necessary if the computer hosting the VistA server has no other servers on it, and there are no other SSH servers or VistA servers on the LAN.
But most networks eventually grow and eventually it is more likely than not that there will be other SSH servers on the LAN, so setting this up in the beginning will save headaches later.
- Copy and edit a configuration file in the Apache2 sites-available folder.
cd /etc/apache2/sites-available sudo cp default worldvista sudo kate worldvista
- Edit the virtual host file so that it looks like:
<VirtualHost *:22> ServerAdmin webmaster@worldvista.myoffice.org DocumentRoot /opt/worldvista/EHR ServerName worldvista.myoffice.org ServerAlias www.worldvista.myoffice.org worldvista.myoffice.org </VirtualHost>
where worldvista.myoffice.org is an example URL for your server (use your own, of course)
- Restart Apache2:
sudo /etc/init.d/apache2 restart
- Make sure your router forwards port 22 to the (static) IP address (on your LAN) at which the computer (or virtual machine) hosting the VistA server resides.
Changing the SSH port
(Under construction).
- See Ubuntuguide's section on SSH in the meantime.
This is not a trivial task, but for production systems may be worthwhile. (I have done it on all my systems). In the example I will use port 22144 instead of port 22 for SSH communications.
- Change
- Change the SSH port in PuTTY.
- C:/Program Files /VistA -> PuTTY -> putty.exe ->
- port: 22144
Doing this requires changing the way Astronaut calls PuTTY. We will create a configuration file just for Astronaut, and then all the Astronaut shortcuts must be edited to use this PuTTY configuration file.
- Change the SSH port in the Apache2 virtual hosts file (if present).
- Change the SSH port in the OpenSSH configuration file.