Question : The app server called centos-host
is running a Go app on the 8081 port. You have been asked to
troubleshoot some issues with yum/dnf
on this system, Install Nginx
server, configure Nginx as a reverse proxy
for this Go app, install firewalld
package and then configure some firewall
rules.
Inspect the requirements in detail by clicking
on the icons of the interactive architecture diagram on the right and complete
the tasks. Once done click on the Check button to validate your work.
bob is able to login into GoApp using username "test" and password "test"
Configure Nginx as a reverse proxy for the GoApp so that we can access the GoApp on port "80
Start and Enable "nginx" service.
Start GoApp by running the "nohup go run main.go
&" command from "/home/bob/go-app/" directory, it can take
few seconds to start.
Install "nginx" package.
Install "firewalld" package.
Troubleshoot the issues with "yum/dnf" and make sure you are able to install the packages on "centos-host"
Start and Enable "firewalld" service
Add firewall rules to allow only incoming port "22", "80" and "8081".
The firewall rules must be permanent and effective immediately.
Solution:
1. At first switch to root user and Troubleshoot the issues with "yum/dnf" and make sure you are able to install the packages on "centos-host"
|
[bob@centos-host
~]$ sudo su - [root@centos-host
~]# yum install -y nginx CentOS Stream 8
- AppStream
0.0 B/s | 0
B 00:00 Errors during
downloading metadata for repository 'appstream': - Curl error (6): Couldn't resolve host
name for
http://mirrorlist.centos.org/?release=8-stream&arch=x86_64&repo=AppStream&infra=stock
[Could not resolve host: mirrorlist.centos.org] Error: Failed to
download metadata for repo 'appstream': Cannot prepare internal mirrorlist:
Curl error (6): Couldn't resolve host name for
http://mirrorlist.centos.org/?release=8-stream&arch=x86_64&repo=AppStream&infra=stock
[Could not resolve host: mirrorlist.centos.org] [root@centos-host
~]# |
2. Above error we get regards to DNS resolution unable to use Yum while install a pacakge
To resolve the issue we need to add Google nameserver as the first line in the file and save
|
[root@centos-host
~]# cat /etc/resolv.conf search
us-central1-a.c.kk-lab-prod.internal c.kk-lab-prod.internal google.internal options ndots:0 [root@centos-host
~]# vi /etc/resolv.conf [root@centos-host ~]# cat /etc/resolv.conf search
us-central1-a.c.kk-lab-prod.internal c.kk-lab-prod.internal google.internal options ndots:0 nameserver
8.8.8.8 [root@centos-host
~]# |
3. Install "nginx" & "firewalld" package
[root@centos-host
~]# yum install -y nginx CentOS Stream 8
- AppStream
22 MB/s | 25 MB
00:01 CentOS Stream 8
- BaseOS
29 MB/s | 26 MB 00:00
CentOS Stream 8
- Extras 33
kB/s | 18 kB 00:00
CentOS Stream 8
- Extras common packages
10 kB/s | 5.2
kB 00:00 Dependencies
resolved. =========================================================================================================================================================================== Package
Architecture Version
Repository
Size =========================================================================================================================================================================== Installing: nginx
x86_64
1:1.14.1-9.module_el8.0.0+1060+3ab382d3 appstream 570 k Installed: nginx-1:1.14.1-9.module_el8.0.0+1060+3ab382d3.x86_64
nginx-all-modules-1:1.14.1-9.module_el8.0.0+1060+3ab382d3.noarch
nginx-filesystem-1:1.14.1-9.module_el8.0.0+1060+3ab382d3.noarch
nginx-mod-http-image-filter-1:1.14.1-9.module_el8.0.0+1060+3ab382d3.x86_64
nginx-mod-http-perl-1:1.14.1-9.module_el8.0.0+1060+3ab382d3.x86_64
nginx-mod-http-xslt-filter-1:1.14.1-9.module_el8.0.0+1060+3ab382d3.x86_64 nginx-mod-mail-1:1.14.1-9.module_el8.0.0+1060+3ab382d3.x86_64
nginx-mod-stream-1:1.14.1-9.module_el8.0.0+1060+3ab382d3.x86_64 Complete! |
|
[root@centos-host
~]# yum install -y firewalld Last metadata
expiration check: 0:00:41 ago on Thu Nov 10 14:51:22 2022. Dependencies
resolved. =========================================================================================================================================================================== Package
Architecture
Version
Repository
Size =========================================================================================================================================================================== Installing: firewalld
noarch
0.9.3-13.el8
baseos
503 k Installed: firewalld-0.9.3-13.el8.noarch firewalld-filesystem-0.9.3-13.el8.noarch ipset-7.1-1.el8.x86_64
ipset-libs-7.1-1.el8.x86_64 python3-firewall-0.9.3-13.el8.noarch
python3-nftables-1:0.9.3-25.el8.x86_64 python3-slip-0.6.4-13.el8.noarch python3-slip-dbus-0.6.4-13.el8.noarch
Complete! |
4. Start and Enable "firewalld" service
Add firewall rules to allow only incoming port "22", "80" and "8081".
The firewall rules must be permanent and effective immediately.
|
[root@centos-host
~]# systemctl enable firewalld [root@centos-host
~]# systemctl start firewalld [root@centos-host
~]# systemctl status firewalld ●
firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service;
enabled; vendor preset: enabled) Active: active (running) since Thu
2022-11-10 14:52:31 UTC; 9s ago Docs: man:firewalld(1) Main PID: 39511 (firewalld) Tasks: 2 (limit: 1340704) Memory: 34.2M CGroup: /system.slice/firewalld.service └─39511
/usr/libexec/platform-python -s /usr/sbin/firewalld --nofork --nopid
Nov 10 14:52:31
centos-host firewalld[39511]: WARNING: AllowZoneDrifting is enabled. This is
considered an insecure configuration option. It will be removed in a future
r>
|
5. Start GoApp by running the "nohup go run main.go &" command from "/home/bob/go-app/" directory
|
[root@centos-host
~]# pushd /home/bob/go-app /home/bob/go-app
~ [root@centos-host
go-app]# nohup go run main.go & [1] 39823 [root@centos-host ~]# ps -ef |grep 39823 root 39823
31392 0 14:54 pts/0 00:00:09 go run main.go root 42442
39823 0 14:54 pts/0 00:00:00 /usr/bin/gcc -I
/root/go/pkg/mod/github.com/mattn/go-sqlite3@v2.0.3+incompatible -fPIC -m64
-pthread -fmessage-length=0
-fdebug-prefix-map=/tmp/go-build2816757721/b202=/tmp/go-build
-gno-record-gcc-switches -I /tmp/go-build2816757721/b202/ -g -O2 -std=gnu99
-DSQLITE_ENABLE_RTREE -DSQLITE_THREADSAFE=1 -DHAVE_USLEEP=1
-DSQLITE_ENABLE_FTS3 -DSQLITE_ENABLE_FTS3_PARENTHESIS
-DSQLITE_ENABLE_FTS4_UNICODE61 -DSQLITE_TRACE_SIZE_LIMIT=15
-DSQLITE_OMIT_DEPRECATED -DSQLITE_DISABLE_INTRINSIC -DSQLITE_DEFAULT_WAL_SYNCHRONOUS=1
-DSQLITE_ENABLE_UPDATE_DELETE_LIMIT -Wno-deprecated-declarations
-DHAVE_PREAD64=1 -DHAVE_PWRITE64=1
-I/root/go/pkg/mod/github.com/mattn/go-sqlite3@v2.0.3+incompatible -o
/tmp/go-build2816757721/b202/_x011.o -c sqlite3-binding.c root 42565
31392 0 14:55 pts/0 00:00:00 grep --color=auto 39823 [root@centos-host
~]# |
6. Configure Nginx as a reverse proxy for the GoApp so that we can access the GoApp on port "80
Start and Enable "nginx" service.
|
[root@centos-host
~]# vi /etc/nginx/nginx.conf [root@centos-host
~]# cat /etc/nginx/nginx.conf |grep proxy proxy_pass http://localhost:8081; [root@centos-host
~]# nginx -t nginx: the
configuration file /etc/nginx/nginx.conf syntax is ok nginx:
configuration file /etc/nginx/nginx.conf test is successful [root@centos-host
~]# [root@centos-host
~]# systemctl enable nginx Created symlink
/etc/systemd/system/multi-user.target.wants/nginx.service →
/usr/lib/systemd/system/nginx.service. [root@centos-host
~]# systemctl start nginx [root@centos-host ~]# systemctl status nginx ● nginx.service
- The nginx HTTP and reverse proxy server Loaded: loaded
(/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled) Active: active (running) since Thu
2022-11-10 14:58:00 UTC; 6s ago Process: 43266 ExecStart=/usr/sbin/nginx
(code=exited, status=0/SUCCESS) Process: 43248 ExecStartPre=/usr/sbin/nginx
-t (code=exited, status=0/SUCCESS) Process: 43241 ExecStartPre=/usr/bin/rm -f
/run/nginx.pid (code=exited, status=0/SUCCESS) Main PID: 43279 (nginx) Tasks: 37 (limit: 1340704) Memory: 55.5M CGroup: /system.slice/nginx.service ├─43279 nginx: master process
/usr/sbin/nginx ├─43280 nginx: worker process ├─43281 nginx: worker process ├─43282 nginx: worker process ├─43283 nginx: worker process ├─43284 nginx: worker process ├─43285 nginx: worker process ├─43286 nginx: worker process ├─43287 nginx: worker process ├─43288 nginx: worker process ├─43289 nginx: worker process ├─43290 nginx: worker process ├─43291 nginx: worker process ├─43292 nginx: worker process ├─43293 nginx: worker process ├─43294 nginx: worker process ├─43295 nginx: worker process ├─43296 nginx: worker process ├─43297 nginx: worker process ├─43298 nginx: worker process ├─43299 nginx: worker process ├─43300 nginx: worker process ├─43301 nginx: worker process ├─43302 nginx: worker process ├─43303 nginx: worker process ├─43304 nginx: worker process ├─43305 nginx: worker process ├─43306 nginx: worker process ├─43307 nginx: worker process ├─43308 nginx: worker process ├─43309 nginx: worker process ├─43310 nginx: worker process ├─43311 nginx: worker process ├─43312 nginx: worker process ├─43313 nginx: worker process ├─43314 nginx: worker process └─43315 nginx: worker process Nov 10 14:58:00 centos-host nginx[43248]: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok Nov 10 14:58:00
centos-host nginx[43248]: nginx: configuration file /etc/nginx/nginx.conf
test is successful [root@centos-host
~]# |
7. Validate by curl or Click the GoApp button above the terminal. You should get a login screen.
|
[root@centos-host ~]# curl -u test:test http://localhost:80 <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width,initial-scale=1"><!--[if IE]><link rel="icon" href="/favicon.ico"><![endif]--><title>vuejs-webapp-sample</title><link rel="stylesheet" href="//fonts.googleapis.com/css?family=Roboto:300,400,500,700,400italic"><link rel="stylesheet" href="//fonts.googleapis.com/icon?family=Material+Icons"><link href="/css/app.750b60b0.css" rel="preload" as="style"><link href="/css/chunk-vendors.533831d3.css" rel="preload" as="style"><link href="/js/app.dbc5a974.js" rel="preload" as="script"><link href="/js/chunk-vendors.0cedba66.js" rel="preload" as="script"><link href="/css/chunk-vendors.533831d3.css" rel="stylesheet"><link href="/css/app.750b60b0.css" rel="stylesheet"><link rel="icon" type="image/png" sizes="32x32" href="/img/icons/favicon-32x32.png"><link rel="icon" type="image/png" sizes="16x16" href="/img/icons/favicon-16x16.png"><link rel="manifest" href="/manifest.json"><meta name="theme-color" content="#4DBA87"><meta name="apple-mobile-web-app-capable" content="no"><meta name="apple-mobile-web-app-status-bar-style" content="default"><meta name="apple-mobile-web-app-title" content="vuejs-webapp-sample"><link rel="apple-touch-icon" href="/img/icons/apple-touch-icon-152x152.png"><link rel="mask-icon" href="/img/icons/safari-pinned-tab.svg" color="#4DBA87"><meta name="msapplication-TileImage" content="/img/icons/msapplication-icon-144x144.png"><meta name="msapplication-TileColor" content="#000000"></head><body><noscript><strong>We're sorry but vuejs-webapp-sample doesn't work properly without JavaScript enabled. Please enable it to continue.</strong></noscript><div id="app"></div><script src="/js/chunk-vendors.0cedba66.js"></script><script src="/js/app.dbc5a974.js"></script></body></html> [root@centos-host
~]# |
8. Click on Finish & Confirm to complete the task successfully
Automate the entire lab in a single script!
Happy Learning!!!!
0 Comments