diff --git a/ci/vale/dictionary.txt b/ci/vale/dictionary.txt index cecc58e3b35..a4c0ab3e69b 100644 --- a/ci/vale/dictionary.txt +++ b/ci/vale/dictionary.txt @@ -1042,6 +1042,7 @@ iaas IaC icanhazip icann +Icecast iceweasel icinga icingacli @@ -1362,6 +1363,7 @@ linodes linroot linter Liquibase +Liquidsoap lish liskov listdir diff --git a/docs/guides/platform/migrate-to-linode/migrate-disk-image-using-cloud-init/index.md b/docs/guides/platform/migrate-to-linode/migrate-disk-image-using-cloud-init/index.md new file mode 100644 index 00000000000..ec7529e6730 --- /dev/null +++ b/docs/guides/platform/migrate-to-linode/migrate-disk-image-using-cloud-init/index.md @@ -0,0 +1,291 @@ +--- +slug: migrate-disk-image-using-cloud-init +title: "Migrate a Disk Image to Akamai Cloud Using Cloud-Init" +description: "This guide provides steps and configurations for migrating and deploying a disk image to a new Linode instance using cloud-init." +authors: ["John Dutton","Abe Massry"] +contributors: ["John Dutton","Abe Massry"] +published: 2025-08-06 +keywords: ['cloud-init','migrate','migration','disk image','aws','azure','google cloud','gcp','metadata'] +license: '[CC BY-ND 4.0](https://creativecommons.org/licenses/by-nd/4.0)' +external_resources: +- '[Linode API & CLI Documentation](https://techdocs.akamai.com/linode-api/reference/api)' +- '[Akamai Cloud-Init Guides](/docs/guides/applications/configuration-management/cloud-init/)' +- '[Cloud-Init Official Documentation](https://cloudinit.readthedocs.io/en/latest/)' +--- + +The ability to migrate a virtual machine’s disk image across cloud providers is essential to cloud architecture durability and a key component of multi-cloud portability. There are numerous methods of migrating a disk image, several of which can be found in our documentation library: [Migrate to Linode](/docs/guides/platform/migrate-to-linode/) + +This tutorial includes steps for deploying a disk image to a new compute instance using *cloud-init* and the Ubuntu 24.04 LTS distribution. Cloud-init is an industry standard configuration tool that helps automate the configuration of new compute instances upon initial boot. + +The method in this guide uses Object Storage on Akamai Cloud for disk image storage, and provides a custom cloud-init configuration compatible with [Akamai’s Metadata service](https://techdocs.akamai.com/cloud-computing/docs/overview-of-the-metadata-service). + +## How It Works + +Cloud-init configuration files act as a setup script that a compute instance reads during the initial boot process. During this process, metadata or other user-provided data (i.e. a custom disk image) is sourced and applied to the instance. + +The cloud-init configuration provided in this guide uses the Linux `pivot_root` function to swap the standard root file system for the new instance’s RAM disk, where it can temporarily store a custom disk image sourced from an object storage bucket via signed URL. The original root disk is remounted upon reboot. + +In order for the cloud-init script to function, the RAM disk of your new instance must be larger than the provided custom disk image file. Once the Linode is booted and the disk image is successfully loaded, the instance can be optionally downsized to a smaller plan with less RAM. + +## Before You Begin + +The following prerequisites are required for completing the steps in this guide: + +- An Akamai Cloud account with permissions in place for managing Object Storage and Compute Instances + +- The [Linode CLI](https://techdocs.akamai.com/cloud-computing/docs/getting-started-with-the-linode-cli) installed and configured for use with your Akamai Cloud account + +- An Object Storage bucket and valid access key for storing and accessing your disk image file + +- The [s3cmd](https://techdocs.akamai.com/cloud-computing/docs/using-s3cmd-with-object-storage) command line utility installed and configured to interact with your Object Storage bucket and region + +### Disk Image Requirements + +There are several requirements that must be met for your disk image to successfully run on a Linode instance. See our documentation for guidance on [setting up](https://techdocs.akamai.com/cloud-computing/docs/upload-an-image#set-up-an-image-file) or obtaining an image file. The process for acquiring a disk image may vary depending on the cloud provider you are migrating from (i.e. AWS, Azure, Google Cloud, etc.). + +- **Image size**: The total size of your disk image should be lower than the RAM disk size of your new compute instance. For example, if your disk image file is 12GB, your new instance should have 16GB of RAM available. If necessary, your new instance can be resized to a smaller plan size afterwards. + +- **Linux kernel**: It is recommended to use a platform-agnostic kernel such as the distro-provided kernel with GRUB 2 as the bootloader - rather than a provider-optimized kernel (i.e. [Amazon Linux](https://docs.aws.amazon.com/linux/) kernels). This helps avoid any platform-based dependencies or compatibility issues. + +- **Disk format and partitions**: The disk must use the ext3 or ext4 file system in order to be compatible. The cloud-init configuration provided in this guide only supports non-partitioned disk images. + +- **File type**: Your disk image can be either in uncompressed `.img` or compressed `.gz` (gzip) format. At the time of this writing, `.iso` image files are not supported. + +{{< note >}} +The provided cloud-init configuration uses a file’s metadata to gather information and does not look for specific file extensions. +{{< /note >}} + +If you are using a disk image that requires direct disk to boot (i.e. an image with partitioned disks or a Master Boot Record, or MBR), you may need to take additional steps to configure your system before image creation or after deployment for full compatibility with the Akamai Cloud platform. See our guide on [Installing a Custom Distribution](/docs/guides/install-a-custom-distribution/#make-the-system-compatible-with-the-linode-platform) for guidance and configuration options for a direct disk image. + +## Upload a Disk Image to Object Storage + +{{< note title ="Create an Object Storage Bucket" >}} +If you haven’t done so already, [create an Object Storage bucket](https://techdocs.akamai.com/cloud-computing/docs/create-and-manage-buckets) in which to store your disk image. +{{< /note >}} + +The Object Storage item upload limit is 5GB. This is the same as our [Custom Image upload limit](https://techdocs.akamai.com/cloud-computing/docs/upload-an-image). If using an uncompressed or compressed disk image larger than 5GB, you must use an alternative tool such as s3cmd when uploading your image file. + +You can optionally compress your disk image file using the following gzip command. The `-9` flag [regulates the speed](https://linux.die.net/man/1/gzip) of compression by running at a slower speed while maintaining the highest quality: + +```command +gzip -9 {{< placeholder "exampleimage.img" >}} +``` + +### Upload Using Cloud Manager + +1. While logged into Cloud Manager, select **Object Storage** from the side bar. + +1. Select your bucket. + +1. Drop and drag your disk image file, or click **Browse Files** to select the file from your local machine. + +### Upload Using the Linode CLI + +1. Confirm access to your account by viewing a list of available buckets. If prompted, specify your bucket region (i.e. `us-east-1`): + + ```command + linode-cli obj ls + ``` + + ```output + 2025-07-16 18:37 {{< placeholder "bucket1" >}} + ``` + +1. Upload your disk image file to your bucket, replacing {{< placeholder "exampleimage.img" >}} with the your disk image and {{< placeholder "bucket1" >}} with your bucket name: + + ```command + linode-cli obj put --acl-public {{< placeholder "exampleimage.img" >}} {{< placeholder "bucket1" >}} + ``` + +1. Confirm the upload using the `ls` function: + + ```command + linode-cli obj ls {{< placeholder "bucket1" >}} + ``` + +### Upload Using s3cmd + +1. Confirm your s3cmd utility is configured to interact with your destination bucket by listing the available buckets: + + ```command + s3cmd ls + ``` + + ```output + 2025-07-16 18:37 s3://{{< placeholder "bucket1" >}} + ``` + +1. Upload your disk image using the `s3cmd put` command: + + ```command + s3cmd put {{< placeholder "exampleimage.img" >}} s3://{{< placeholder "bucket1" >}}/ + ``` + + s3cmd uses multi-part uploading for objects over a certain size. Allow this process to complete for the upload to finish: + + ```output + upload: '/path/to/image/{{< placeholder "exampleimage.img" >}}' -> 's3:/{{< placeholder "bucket1" >}}/{{< placeholder "exampleimage.img" >}}' [part 1 of 80, 15MB] [1 of 1] + 15728640 of 15728640 100% in 1s 10.46 MB/s done + upload: '/path/to/image/{{< placeholder "exampleimage.img" >}}' -> 's3://{{< placeholder "bucket1" >}}/{{< placeholder "exampleimage.img" >}}' [part 2 of 80, 15MB] [1 of 1] + 15728640 of 15728640 100% in 1s 13.66 MB/s done + upload: '/path/to/image/{{< placeholder "exampleimage.img" >}}' -> 's3:/{{< placeholder "bucket1" >}}/{{< placeholder "exampleimage.img" >}}' [part 3 of 80, 15MB] [1 of 1] + 15728640 of 15728640 100% in 1s 14.60 MB/s done + ... + ``` + +1. Confirm presence of the disk image file in your bucket: + + ```command + s3cmd ls s3://{{< placeholder "bucket1" >}} + ``` + + ```output + 2025-07-16 22:11 26289897472 s3://{{< placeholder "bucket1" >}}/{{< placeholder "exampleimage.img" >}} + ``` + +## Create a Signed URL for the Disk Image + +Signed URLs create a web link to specific objects in a bucket while limiting permission and applying a defined time limit for access. + +Use the following command to create a signed URL for your disk image [with the Linode CLI](https://techdocs.akamai.com/cloud-computing/docs/using-the-linode-cli-with-object-storage#create-a-signed-url-with-the-cli). Replace `{{< placeholder "bucket1" >}}` with your bucket name, and `{{< placeholder "exampleimage.img" >}}` with the name of your disk image. Replace `1000` (~16 minutes) with the number of seconds you wish to allow access to your object: + +```command {title="Linode CLI"} +linode-cli obj signurl {{< placeholder "bucket1" >}} {{< placeholder "exampleimage.img" >}} +1000 +``` + +Alternatively, if you wish to create a signed URL for your disk image [using s3cmd](https://techdocs.akamai.com/cloud-computing/docs/using-s3cmd-with-object-storage#create-a-signed-url-with-s3cmd), use the following command, replacing the same values as above: + +```command {title="s3cmd"} +s3cmd signurl s3://{{< placeholder "bucket1" >}}/{{< placeholder "exampleimage.img" >}} +1000 +``` + +This generates output in the form of a signed URL. Note that the below URL has been scrubbed of identifying information and is invalid: + +```output +https://us-east-1.linodeobjects.com/{{< placeholder "bucket1" >}}/{{< placeholder "exampleimage.img" >}}?AWSAccessKeyId=ABCNLJNAESNMPEE8N123&Signature=2cxU6qOKE2%2BjADFNRrdb1lMWubI%3D&Expires=1752849789 +``` + +Save your signed URL somewhere secure so that it can be used in the cloud-init configuration in the following section. + +## Deploy an Instance Using Your Disk Image + +1. While in Cloud Manager, select **Linodes** from the side bar, and click **Create Linode**. + +1. Use the following parameters as guidelines when creating your Linode instance: + + - **Region**: The same region as your Object Storage bucket (optional). + - **Linux Distribution**: Ubuntu 24.04 LTS + - **Linode Plan**: Select a compute plan with a larger RAM disk than your disk image size. For example, if your disk image is 25GB, select a Linode plan with 32GB RAM. The cloud-init script used in this guide swaps out the root boot disk and uses your new instance’s RAM disk to temporarily house your uploaded disk image. After your new instance is up and running, you can optionally downsize your Linode to a smaller plan with less RAM. + + {{< note title="Linode Plan Size Minimum" >}} + A [Linode plan](https://www.linode.com/pricing/) with a minimum of 16GB RAM is recommended for the cloud-init configuration to successfully run. + {{< /note >}} + +1. Under **Add User Data**, insert the following cloud-init config file contents in the **User Data** field. Make sure the config appears exactly as displayed below with no leading or trailing spaces. + + In the line `mount none /tmp/tmproot -t tmpfs -o size=30G` (row 9), adjust the temporary disk size in accordance with your chosen RAM disk size. Make sure to specify a smaller `tmpfs` (temporary file system) than your total RAM. It must be large enough to hold the cloud-init Ubuntu OS and disk image coming from Object Storage, and small enough that it doesn’t use up all the RAM available. Generally this means a `tmpfs` 2-4GB smaller than your total plan RAM size. + + For example, if your Linode plan has 64GB of RAM and your disk image size is between 30GB and 60GB (i.e. 48GB), change the RAM disk size to `60G`. This allows for some extra room between your disk image size and the total RAM disk. The `30G` example in the script assumes your disk image is large enough to require a plan size of 32GB. + + Replace the `SIGNED_URL` placeholder in the `wget` command (row 13) with the signed URL for your disk image generated in the previous section: + + ```file {title="cloud-init config" hl_lines="9 13"} + #cloud-config + write_files: + - path: /run/scripts/test-script.sh + content: | + #!/bin/bash + echo 'making directory /tmp/tmproot' >&2 + mkdir /tmp/tmproot + echo 'mounting tmpfs to /tmp/tmproot' >&2 + mount none /tmp/tmproot -t tmpfs -o size={{< placeholder "30G" >}} + echo 'changing directory to /tmp/tmproot' >&2 + cd /tmp/tmproot + echo 'downloading signed image from object storage' >&2 + wget "{{< placeholder "SIGNED_URL" >}}" -O /tmp/tmproot/signed_image.img + filename="signed_image.img" + if [[ $(file -b signed_image.img) == *gzip* ]]; then + echo 'detected a compressed file gzip' >&2 + mv signed_image.img signed_image.img.gz + filename="signed_image.img.gz" + fi + echo 'running telinit 2 to switch to runlevel 2' >&2 + telinit 2 + echo 'making directories in /tmp/tmproot' >&2 + mkdir /tmp/tmproot/{proc,sys,usr,var,oldroot} + echo 'copying files to /tmp/tmproot' >&2 + cp -ax /{bin,etc,mnt,sbin,lib} /tmp/tmproot/ + echo 'copying directories to /tmp/tmproot/usr' >&2 + cp -ax /usr/{bin,sbin,lib} /tmp/tmproot/usr/ + echo 'copying directories to /tmp/tmproot/var etc.' >&2 + cp -ax /var/{account,empty,lib,local,lock,nis,opt,preserve,run,spool,tmp,yp} /tmp/tmproot/var/ + echo 'copying directories to /tmp/tmproot/dev' >&2 + cp -a /dev /tmp/tmproot/dev + echo 'copying directories to /tmp/tmproot/run' >&2 + cp -ax /run /tmp/tmproot/ + echo 'copying directories to /tmp/tmproot/lib64 and /tmp/tmproot/usr/lib64' >&2 + cp -ax /lib64 /tmp/tmproot/ + cp -ax /usr/lib64 /tmp/tmproot/usr/ + echo 'mount make-rprivate /' >&2 + mount --make-rprivate / + echo 'pivoting root to /tmp/tmproot' >&2 + pivot_root /tmp/tmproot/ /tmp/tmproot/oldroot + echo 'mounting none /proc -t proc' >&2 + mount none /proc -t proc + echo 'mounting none /sys -t sysfs' >&2 + mount none /sys -t sysfs + echo 'mounting none /dev/pts -t devpts' >&2 + mount none /dev/pts -t devpts + echo 'moving mounts from /oldroot to /' >&2 + for i in dev proc sys run; do mount --move /oldroot/$i /$i; done + echo 'telinit u to switch to runlevel 1' >&2 + telinit u + echo 'systemctl isolate rescue.target' >&2 + systemctl isolate default.target + echo '#!/bin/bash' > /tmp/test-script-cont.sh + chmod +x /tmp/test-script-cont.sh + echo 'exec >/dev/ttyS0 2>&1' >> /tmp/test-script-cont.sh + echo 'cd /' >> /tmp/test-script-cont.sh + echo 'echo "started sub script"' >> /tmp/test-script-cont.sh + echo 'pids=$(fuser -vm /oldroot | xargs | sed "s/kernel //") >> /tmp/test-script-cont.sh' + echo 'echo "got pids: $pids"' >> /tmp/test-script-cont.sh + echo 'kill $pids' >> /tmp/test-script-cont.sh + echo 'echo "killed pids"' >> /tmp/test-script-cont.sh + echo 'umount /oldroot' >> /tmp/test-script-cont.sh + echo 'echo "umounted /oldroot"' >> /tmp/test-script-cont.sh + # if filename matches gzip, decompress it + if [[ $filename == "signed_image.img.gz" ]]; then + echo 'echo "detected a compressed file gzip"' >> /tmp/test-script-cont.sh + echo 'which gzip' >> /tmp/test-script-cont.sh + echo 'gzip -cd signed_image.img.gz | dd of=/dev/sda status=progress' >> /tmp/test-script-cont.sh + else + echo 'dd if=signed_image.img of=/dev/sda status=progress' >> /tmp/test-script-cont.sh + fi + echo 'echo "dd finished about to reboot"' >> /tmp/test-script-cont.sh + echo 'reboot' >> /tmp/test-script-cont.sh + nohup bash -c /tmp/test-script-cont.sh & + permissions: '0755' + + runcmd: + - [ bash, "/run/scripts/test-script.sh" ] + ``` + +1. Finish selecting your Linode instance parameters, and click **Create Linode**. Depending on the contents and configuration of your disk image, this may take some time to complete. You can monitor the status of your instance’s deployment using the [Lish console](https://techdocs.akamai.com/cloud-computing/docs/access-your-system-console-using-lish). + +1. Once fully booted, log into your new instance using the user and credentials from your original disk image, replacing {{< placeholder "IP_ADDRESS" >}} with the IPv4 of your Linode instance: + + ```command + ssh {{< placeholder "USER" >}}@{{< placeholder "IP_ADDRESS" >}} + ``` + +1. Complete the steps in our [Set Up and Secure a Linode](https://techdocs.akamai.com/cloud-computing/docs/set-up-and-secure-a-compute-instance) guide to secure your instance, including updating your system, adding a limited sudo user, hardening SSH access with public key authentication, and configuring a firewall. + +{{< note title="Disk Name" >}} +Once the process is complete, the Linode instance's configuration displays the disk name as “Ubuntu 24.04” in Cloud Manager upon first boot regardless of the incoming operating system used by the origin disk. The *actual* operating system on the instance will match that of the incoming disk image. The configuration can be renamed within the Cloud Manager interface. +{{< /note >}} + +## Resizing the Instance + +Since the cloud-init script initially requires a larger amount of RAM, you may find yourself with more RAM than your use case requires. You can optionally resize your instance to a smaller Linode plan size to reduce unnecessary compute resources and lower billing cost. When downsizing, remember to select a Linode plan with enough CPU, RAM, and storage to support your original workload. + +See our [Resize a Linode](https://techdocs.akamai.com/cloud-computing/docs/resize-a-compute-instance) guide for instructions on how to change your Linode plan. \ No newline at end of file diff --git a/docs/guides/web-servers/apache/how-to-install-apache-ubuntu-2404/apache-example-website.png b/docs/guides/web-servers/apache/how-to-install-apache-ubuntu-2404/apache-example-website.png new file mode 100644 index 00000000000..992848bbe20 Binary files /dev/null and b/docs/guides/web-servers/apache/how-to-install-apache-ubuntu-2404/apache-example-website.png differ diff --git a/docs/guides/web-servers/apache/how-to-install-apache-ubuntu-2404/index.md b/docs/guides/web-servers/apache/how-to-install-apache-ubuntu-2404/index.md new file mode 100644 index 00000000000..f10d2332c4c --- /dev/null +++ b/docs/guides/web-servers/apache/how-to-install-apache-ubuntu-2404/index.md @@ -0,0 +1,281 @@ +--- +slug: how-to-install-apache-ubuntu-2404 +title: "How to Install and Use Apache on Ubuntu 24.04" +description: "Apache is an open-source web server, the most widely used on Linux systems, with a modular design that makes it highly adaptable. This guide shows you how to install Apache on Ubuntu 24.04 and how to get started using it." +authors: ["Akamai"] +contributors: ["Akamai"] +published: 2025-08-05 +keywords: ['apache','apache web server','apache http server','httpd','install apache on ubuntu'] +tags: ['ubuntu'] +license: '[CC BY-ND 4.0](https://creativecommons.org/licenses/by-nd/4.0)' +external_resources: +- '[Apache HTTP Server Documentation](https://httpd.apache.org/docs/current/)' +relations: + platform: + key: install-apache-server + keywords: + - distribution: Ubuntu 24.04 +--- + +The Apache HTTP Web Server — usually just called Apache — is one of the most widely used open-source web servers. It comes with a long history of success in a wide range of applications. In this guide, you can see how to install Apache on Ubuntu 24.04 and learn how to get started using it. + +## Before You Begin + +1. Familiarize yourself with our [Getting Started with Linode](/docs/products/platform/get-started/) guide, and complete the steps for setting your Linode's hostname and timezone. + +1. This guide uses `sudo` wherever possible. Complete the sections of our [How to Secure Your Server](/docs/products/compute/compute-instances/guides/set-up-and-secure/) guide to create a standard user account, harden SSH access, and remove unnecessary network services. + +1. Update your system: + + ```command + sudo apt update && sudo apt upgrade + ``` + +{{< note >}} +This guide is written for a non-root user. Commands that require elevated privileges are prefixed with `sudo`. If you’re not familiar with the `sudo` command, see the [Linux Users and Groups](/docs/guides/linux-users-and-groups/) guide. +{{< /note >}} + +## Installing Apache + +1. Install Apache from the package manager using the following command: + + ```command + sudo apt install apache2 + ``` + +1. Start the Apache service using the following command: + + ```command + sudo systemctl start apache2 + ``` + +1. To have Apache begin running at system startup, enable the Apache service using the following command: + + ```command + sudo systemctl enable apache2 + ``` + +## Managing Apache + +### Apache Service + +The Apache service runs on `systemd`, which can be used to manage the Apache service. + +1. View the current status of the Apache service using the following command: + + ```command + sudo systemctl status apache2 + ``` + +1. To stop the Apache service, use the following command: + + ```command + sudo systemctl stop apache2 + ``` + + You can then start the Apache service backup using the command below: + + ```command + sudo systemctl start apache2 + ``` + +1. To disable the Apache service, preventing it from beginning automatically at system startup, use the command below: + + ```command + sudo systemctl disable apache2 + ``` + + You can enable the Apache service again using the command below: + + ```command + sudo systemctl enable apache2 + ``` + +1. Restart the Apache service using the command below: + + ```command + sudo systemctl restart apache2 + ``` + +1. To reload Apache's configuration files, use the command below: + + ```command + sudo systemctl reload apache2 + ``` + +### Apache Modules + +Apache can be extended and modified with modules. These range from modules that integrate interpreters like PHP and Python, enabling dynamic content, to modules that change Apache's fundamental model for handling connections. (See the next section for more on the latter type of modules, called [Multi-processing Modules](/docs/guides/how-to-install-apache-ubuntu-2404/#multi-processing-modules)). + +Apache modules are typically installed via the package manager. After that, you can manage modules through Apache. + +1. To search for available modules, use the command below: + + ```command + sudo apt search libapache2-* + ``` + +1. To install a module, use a command like the following. In this and the following examples, the guide uses the `php8.3` module, which is available in the package manager as `libapache2-mod-php8.3`: + + ```command + sudo apt install libapache2-mod-php8.3 + ``` + +1. You can enable a module as follows. When managing a module via Apache, you use the module name, rather than the package name: + + ```command + sudo a2enmod php8.3 + ``` + + Usually, the module name is the last part of the package name, as in `libapache-mod-{module_name}` or `libapache2-{module_name}`. + +1. You can subsequently disable a module using the command below: + + ```command + sudo a2dismod php8.3 + ``` + +1. To list the modules currently enabled, use the command below + + ```command + sudo apache2ctl -M + ``` + +## Multi-processing Modules + +Apache supports several models for handling connections through a particular kind of module: Multi-processing Modules (MPMs). On many Linux distributions, the `event` module is Apache's default MPM. However, in Ubuntu 24.04, Apache defaults to the `mpm_prefork` module. This change is primarily due to the continued use of `libapache2-mod-php`, which is not thread-safe and requires the single-threaded prefork MPM for compatibility. +This section provides an overview of each of the three MPMs available and gives you the necessary commands for using them. + +### Prefork Module + +This MPM provides a single-threaded server. It has a single-parent process that spawns child processes, each of which is responsible for a single incoming request. While the `prefork` MPM is more resource-intensive, it is necessary for applications that do not support multiple threads, like PHP. + +1. Enable the `prefork` MPM. Be sure to first disable your current MPM — the `event` MPM in this example: + + ```command + sudo a2dismod mpm_event + sudo a2enmod mpm_prefork + ``` + +1. Find the configuration file for the `prefork` MPM here: `/etc/apache2/mods-available/mpm_prefork.conf`. Modify the defaults as needed. + + The `prefork` MPM is considered highly self-regulating, so usually it is not necessary to adjust its default configuration. However, you may want to review the `MaxRequestWorkers` value. You should ensure that it is large enough to handle the expected request volume but small enough not to exceed hardware memory limits. + +1. Restart the Apache service: + + ```command + sudo systemctl restart apache2 + ``` + +### Worker Module + +This MPM is a multi-threaded hybrid. Like the `prefork` MPM, it consists of a parent process that spawns child processes. But, unlike the `prefork` MPM, the `worker` MPM's child processes are each multi-threaded, allowing each to handle multiple tasks in parallel. + +1. Enable the `worker` MPM. Be sure to first disable your current MPM — the `event` MPM in this example: + + ```command + sudo a2dismod mpm_event + sudo a2enmod mpm_worker + ``` + +1. Find the configuration file for the `worker` MPM here: `/etc/apache2/mods-available/mpm_worker.conf`. Modify the defaults as needed. + +1. Restart the Apache service: + + ```command + sudo systemctl restart apache2 + ``` + +### Event Module + +This MPM functions similarly to the `worker` MPM. However, it adds listener threads. These threads handle the task of waiting on incoming requests, which frees up worker threads to continue processing new requests. + +1. The `event` MPM is enabled by default. Use the following command to re-enable it if needed. Remember to use `a2dismod` to disable any other enabled MPM first, as shown for the `prefork` and `worker` MPMs above: + + ```command + sudo a2enmod mpm_prefork + ``` + +1. Find the configuration file for the `event` MPM here: `/etc/apache2/mods-available/mpm_event.conf`. Modify the defaults as needed. + +1. Restart the Apache service: + + ```command + sudo systemctl restart apache2 + ``` + +## Using Apache + +This section walks you through setting up your own website using Apache. In doing so, it also illustrates how to use Apache's configuration files to set up *name-based virtual hosting*. This allows you to map one or more domains to your server's IP address. + +### Apache Configuration + +1. Apache comes with a default site configuration. Since this guide is setting up a custom configuration, you need to disable the default using the following command: + + ```command + sudo a2dissite 000-default.conf + ``` + +1. Create a configuration file for your site. Site configuration files should typically live in the `/etc/apache2/sites-available` directory, with each file being named according to the domain name you are using it for. + + In this example, replace `example.com` with your site's domain, in both the filename (`example.com.conf`) and in the file's contents. Do the same whenever you see `example.com` from here on: + + ```file {title="/etc/apache2/sites-available/example.com.conf" lang="aconf"} + + ServerAdmin webmaster@example.com + ServerName example.com + ServerAlias www.example.com + DocumentRoot /var/www/example.com/public/ + ErrorLog /var/www/example.com/logs/error.log + CustomLog /var/www/example.com/logs/access.log combined + + ``` + + This sets up a name-based virtual host for the `example.com` domain. You can host additional domain names by adding a configuration file for each. + +1. Create the directories to be used by your website. The first holds the website's static content and the second holds its log files: + + ```command + sudo mkdir -p /var/www/example.com/public + sudo mkdir -p /var/www/example.com/logs + ``` + +1. Enable the site in Apache: + + ```command + sudo a2ensite example.com + ``` + +1. Restart Apache for the configuration changes to take effect: + + ```command + sudo systemctl restart apache2 + ``` + +1. Open port `80` on your system's firewall. UFW is the front end typically used to manage firewall rules on Ubuntu. You can use the following command to open port `80` with UFW: + + ```command + sudo ufw allow http + ``` + + Refer to our [How to Configure a Firewall with UFW](/docs/guides/configure-firewall-with-ufw/) guide for more on how to use UFW for managing your firewall. + +### Launching the Website + +1. Give the website some content. Create a page for your website. The file should be named `index.html` and stored in your website's `DocumentRoot` directory: + + ```file {title="/var/www/example.com/public/index.html" lang="html"} + + + +

Hello, World!

+

This is an example website running on the Apache HTTP Web Server.

+ + + ``` + +1. In a browser, visit the domain you set up for your website — `example.com` above. + + You should see your website's "Hello, World!" page. + + ![Example web page hosted on the Apache HTTP Web Server.](apache-example-website.png) diff --git a/docs/guides/websites/hosting/intro-to-high-availability-and-disaster-recovery/index.md b/docs/guides/websites/hosting/intro-to-high-availability-and-disaster-recovery/index.md index d61d7f89f33..7badc63f476 100644 --- a/docs/guides/websites/hosting/intro-to-high-availability-and-disaster-recovery/index.md +++ b/docs/guides/websites/hosting/intro-to-high-availability-and-disaster-recovery/index.md @@ -2,8 +2,8 @@ slug: intro-to-high-availability-and-disaster-recovery title: 'Intro to High Availability and Disaster Recovery' description: 'This guide provides you with an introduction to concepts and terminology relating to high availability, a method of keeping your web servers up with maximum uptime.' -authors: ["Phil Zona", "Kazuki Fukushima", "Nathan Melehan", "Nathan LeSueur", "Kit Tan"] -contributors: ["Phil Zona", "Kazuki Fukushima", "Nathan Melehan", "Nathan LeSueur", "Kit Tan"] +authors: ["Phil Zona", "Kazuki Fukushima", "Nathan Melehan", "Nathan LeSueur", "Kit Tan", "Boris Chalinski"] +contributors: ["Phil Zona", "Kazuki Fukushima", "Nathan Melehan", "Nathan LeSueur", "Kit Tan", "Boris Chalinski"] published: 2016-07-12 modified: 2025-07-15 keywords: ["high availability", "disaster recovery", "hosting", "website", "failover", "ssd ha"] diff --git a/docs/marketplace-docs/guides/azuracast/azuracast-create-station.png b/docs/marketplace-docs/guides/azuracast/azuracast-create-station.png index 82f1d95f501..632aedeb139 100644 Binary files a/docs/marketplace-docs/guides/azuracast/azuracast-create-station.png and b/docs/marketplace-docs/guides/azuracast/azuracast-create-station.png differ diff --git a/docs/marketplace-docs/guides/azuracast/azuracast-login.png b/docs/marketplace-docs/guides/azuracast/azuracast-login.png new file mode 100644 index 00000000000..e74b08f585c Binary files /dev/null and b/docs/marketplace-docs/guides/azuracast/azuracast-login.png differ diff --git a/docs/marketplace-docs/guides/azuracast/azuracast-manage-station.png b/docs/marketplace-docs/guides/azuracast/azuracast-manage-station.png index 58025861e5f..32237c5eedd 100644 Binary files a/docs/marketplace-docs/guides/azuracast/azuracast-manage-station.png and b/docs/marketplace-docs/guides/azuracast/azuracast-manage-station.png differ diff --git a/docs/marketplace-docs/guides/azuracast/index.md b/docs/marketplace-docs/guides/azuracast/index.md index 7e29f9886bb..f52b4347df3 100644 --- a/docs/marketplace-docs/guides/azuracast/index.md +++ b/docs/marketplace-docs/guides/azuracast/index.md @@ -2,13 +2,13 @@ title: "Deploy AzuraCast through the Linode Marketplace" description: "AzuraCast is a self-hosted web radio station and management suite. Follow this guide to deploy AzuraCast on Linode using Marketplace Apps." published: 2020-09-28 -modified: 2022-03-08 +modified: 2025-07-16 keywords: ['azuracast','marketplace', 'server'] tags: ["debian","ubuntu","marketplace", "web applications","linode platform", "cloud manager"] image: DeployAzuraCast_OneClickApps.png external_resources: -- '[About AzuraCast](https://www.azuracast.com/about/)' -- '[Troubleshooting AzuraCast](https://www.azuracast.com/help/)' +- '[AzuraCast Website](https://www.azuracast.com/)' +- '[Troubleshooting AzuraCast](https://www.azuracast.com/docs/help/troubleshooting/)' - '[AzuraCast Github](https://github.com/azuracast/azuracast)' aliases: ['/products/tools/marketplace/guides/azuracast/','/platform/marketplace/how-to-deploy-azuracast-with-marketplace-apps/', '/platform/one-click/how-to-deploy-azuracast-with-one-click-apps/','/guides/how-to-deploy-azuracast-with-one-click-apps/','/guides/how-to-deploy-azuracast-with-marketplace-apps/','/guides/deploy-azuracast-with-one-click-apps/','/platform/one-click/deploy-azuracast-with-one-click-apps/','/guides/azuracast-marketplace-app/'] authors: ["Akamai"] @@ -18,7 +18,7 @@ marketplace_app_id: 662118 marketplace_app_name: "AzuraCast" --- -[AzuraCast](https://www.azuracast.com) is a free self-hosted web radio station and management suite. Installation is simple with Marketplace Apps, and the intuitive web interface makes running a web station easy. After installation, you can be broadcasting within in minutes. +[AzuraCast](https://www.azuracast.com) is a free self-hosted web radio station and management suite. The installation with Marketplace Apps is simple and the intuitive web interface makes the running a web station easy. After the installation, you can be broadcasting within minutes. ## Deploying a Marketplace App @@ -27,39 +27,45 @@ marketplace_app_name: "AzuraCast" {{% content "marketplace-verify-standard-shortguide" %}} {{< note >}} -**Estimated deployment time:** AzuraCast should be fully installed within 2-5 minutes after the Compute Instance has finished provisioning. +**Estimated deployment time:** AzuraCast should be fully installed within 5-10 minutes after the Compute Instance has finished provisioning. {{< /note >}} ## Configuration Options -- **Supported distributions:** Debian 10, Ubuntu 20.04 LTS +- **Supported distributions:** Ubuntu 24.04 LTS - **Recommended plan:** All plan types and sizes can be used. +## AzuraCast Options + +- **Email address** *(required)*: Enter the email address to use for generating the SSL certificates. + +{{% content "marketplace-required-limited-user-fields-shortguide" %}} + +{{% content "marketplace-custom-domain-fields-shortguide" %}} + +{{% content "marketplace-special-character-limitations-shortguide" %}} + ## Getting Started After Deployment ### Accessing AzuraCast -AzuraCast is now installed and ready to use. +Once you install AzuraCast: -1. Open your web browser and navigate to `http://[ip-address]/`, replacing *[ip-address]* with your Compute Instance's IPv4 address. See the [Managing IP Addresses](/docs/products/compute/compute-instances/guides/manage-ip-addresses/) guide for information on viewing your IP address. +1. Open your web browser and navigate to `http://[domain]/admin`, where *[domain]* is the custom domain you entered during deployment or your Compute Instance's rDNS domain (such as `192-0-2-1.ip.linodeusercontent.com`). To learn more about viewing IP addresses and rDNS, see [Managing IP Addresses](/docs/products/compute/compute-instances/guides/manage-ip-addresses/). -1. The first thing you want to do is create a *Super Administrator* account that has system-wide permissions. +1. Log in with your *Super Administrator* credentials. This account has system-wide permissions and was set up during the installation when you entered your Administrator Email Address. - !["AzuraCast Setup Account"](azuracast-setup-account.png "AzuraCast Setup Account") + !["AzuraCast Login"](azuracast-login.png "AzuraCast Login") -1. Next, AzuraCast prompts you to create a new radio station. Fill out the required fields, then click the **Save Changes** button at the bottom of the screen to continue. +1. Fill out the required fields in the registration form and click **Create and Continue**. !["AzuraCast Create Station"](azuracast-create-station.png "AzuraCast Create Station") -1. On the next page you can set other settings including using a custom URL if you have one set up. Learn more about using a custom URL with Linode DNS in our [DNS Manager](/docs/products/networking/dns-manager/) guide. When you are finished, click the **Save Changes** button at the bottom of the screen to continue. - -1. Your station is now ready. On the following page, you are taken to the control panel, and you are ready to start broadcasting your station. - -1. To manage the station you just created click the **Manage** button in the **Station Overview** section. This will open the Station Dashboard for the station you created during setup. +1. Configure station's settings including the use of a custom URL, if you have one set up. To learn more about using a custom URL with Linode DNS, see [DNS Manager](/docs/products/networking/dns-manager/). Click **Save Changes**. - !["AzuraCast Manage Station"](azuracast-manage-station.png "AzuraCast Manage Station") +Your station is now ready and you can start broadcasting. To manage the created station, click **Manage Stations** in the **Dashboard** section. This opens the *Station Dashboard* that you can use to control your station, add songs, add DJs, take requests, and more. -1. Here you can control your station, add songs, add DJs, take requests, and more. +!["AzuraCast Manage Station"](azuracast-manage-station.png "AzuraCast Manage Station") ## Software Included @@ -67,13 +73,10 @@ The AzuraCast Marketplace App installs the following software on your Linode: | **Software** | **Description** | |:--------------|:------------| -| [**Lquidsoap**](https://www.liquidsoap.info/) | An AutoDJ that keeps the tunes streaming.| -| [**Icecast 2.4 (Icecast-KH on supported systems)**](https://icecast.org/) | A broadcasting front end. | -| [**SHOUTcast 2 DNAS**](http://wiki.shoutcast.com/wiki/SHOUTcast_DNAS_Server_2) | An alternate broadcasting front end. | -| [**NGINX**](https://www.nginx.com/) | A webserver a proxy. | -| [**MariaDB**](https://mariadb.org/) | A database. | -| [**PHP 7**](https://secure.php.net/) | General purpose programming language used for the website. | -| [**InfluxDB**](https://www.influxdata.com/) | A database for capturing time-series based statistics. | -| [**Redis**](https://redis.io/) | A database for session management and caching | +| [**AzuraCast**](https://www.azuracast.com/) | All-in-one web radio management suite (includes Liquidsoap, Icecast, NGINX, PHP, and all radio streaming components) | +| [**MariaDB**](https://mariadb.org/) | Open-source relational database for data storage | +| [**Redis**](https://redis.io/) | In-memory data structure store for caching and session management | +| [**Docker**](https://www.docker.com/) | Container runtime for application deployment | +| [**Docker Compose**](https://docs.docker.com/compose/) | Tool for defining and running multi-container Docker applications | {{% content "marketplace-update-note-shortguide" %}} diff --git a/docs/marketplace-docs/guides/wireguard/index.md b/docs/marketplace-docs/guides/wireguard/index.md index e8d59b15111..b8e5843c368 100644 --- a/docs/marketplace-docs/guides/wireguard/index.md +++ b/docs/marketplace-docs/guides/wireguard/index.md @@ -1,8 +1,8 @@ --- title: "Deploy WireGuard through the Linode Marketplace" -description: 'Deploy a WireGuard Server on Linode with Marketplace Apps.' +description: 'Deploy a WireGuard Server or Client on Linode with Marketplace Apps.' published: 2019-03-28 -modified: 2022-03-08 +modified: 2025-07-08 keywords: ['vpn','wireguard','tunnel'] tags: ["cloud-manager","linode platform","security","marketplace","vpn"] bundles: ['network-security'] @@ -18,16 +18,16 @@ marketplace_app_id: 401706 marketplace_app_name: "WireGuard" --- -WireGuard® is a simple, fast, and modern virtual private network (VPN) which uses state-of-the-art cryptography. It aims to be faster and leaner than other VPN protocols such as OpenVPN and IPSec, and it has a much smaller source code footprint. +WireGuard® is a simple, fast, and modern virtual private network (VPN) which uses state-of-the-art cryptography. It aims to be faster and leaner than other VPN protocols such as OpenVPN and IPSec and it has a much smaller source code footprint. -Configuring WireGuard is as simple as configuring SSH. A connection is established by an exchange of public keys between server and client, and only a client whose public key is present in the server's configuration file is considered authorized. WireGuard sets up standard network interfaces which behave similarly to other common network interfaces, like `eth0`. This makes it possible to configure and manage WireGuard interfaces using standard networking tools such as ifconfig and ip. +Configuring WireGuard is as simple as configuring SSH. A connection is established by an exchange of public keys between server and client, and only a client whose public key is present in the server's configuration file is considered authorized. WireGuard sets up standard network interfaces which behave similarly to other common network interfaces, like `eth0`. This makes it possible to configure and manage WireGuard interfaces using standard networking tools such as `ifconfig` and `ip`. -The WireGuard Marketplace App will create a Linode instance and set up a WireGuard network device named `wg0` on it. This device will have a simple configuration which can send and receive traffic to/from a single WireGuard peer (which will also be referred to as your WireGuard *client*). +The WireGuard Marketplace App provides two separate applications: +1. **WireGuard Server**. Creates a Linode and sets up a WireGuard network device named `wg0` on it. This device acts as the central hub for your WireGuard network. +2. **WireGuard Client**. Creates a Linode that can connect to your WireGuard server. You can deploy multiple clients to connect to the same server. {{< note >}} -The peer configurations provided by the Marketplace App and this guide will allow you to directly connect your WireGuard server and client. This configuration will *not* enable forwarding of all of your client's traffic through the WireGuard server to the public Internet (though that arrangement is possible with WireGuard). - -Your WireGuard configuration can be adjusted after you first set up your Marketplace App; review the [WireGuard man page](https://manpages.debian.org/unstable/wireguard-tools/wg.8.en.html) for more information about the options that are available. +The WireGuard Server and Client apps can be deployed independently. If you already have a WireGuard server running, you can simply deploy the client app and configure it to connect to your existing server. {{< /note >}} ## Deploying a Marketplace App @@ -42,120 +42,127 @@ Your WireGuard configuration can be adjusted after you first set up your Marketp ## Configuration Options -- **Supported distributions:** Ubuntu 22.04 LTS -- **Recommended minimum plan:** All plan types and sizes can be used. The plan that you select should be appropriate for the amount of data transfer, users, and other stress that may affect the performance of your VPN. - -### WireGuard Options - -The WireGuard Marketplace form includes fields for your WireGuard client's [*public key*](https://www.wireguard.com/quickstart/#key-generation) and for your client's *endpoint IP* (which is your client's public IP address). If you have already set up your client and installed the WireGuard software on it before setting up your WireGuard Marketplace App, then you may already have this information. If you do have the key and the endpoint IP for the client, you can enter them into the app's creation form, and your server's configuration will be pre-populated with those values. - -{{< note >}} -A public key generated by WireGuard will not resemble [a public key that you might use for SSH connections](/docs/guides/use-public-key-authentication-with-ssh/); when in doubt, leave the form's **Public Key (Client)** field blank. -{{< /note >}} - -If you do not have the values for these fields, you can leave them empty. After the app is deployed, visit the [Configure and Connect your WireGuard Client and Server](#configure-and-connect-your-wireguard-client-and-server) section to set up your client and generate a key. The instructions in that section will also show you how to insert the key and the endpoint IP for your client into your server's configuration. - -- **Port:** Set your WireGuard server's listening port number. The default is: `51820`. -- **Tunnel IP:** Your WireGuard server's tunnel IP address and subnet in CIDR notation. The default is: `10.0.1.1/24`. This is not the same as a private IP address that Linode can assign to your Linode instance; instead, this address is managed by the network that WireGuard creates. -- **WireGuard Public Key (Client):** Your WireGuard client's public key. -- **Tunnel IP (Client):** Your WireGuard client's tunnel IP address and subnet in CIDR notation. The default is: `10.0.1.2/24`. This is not the same as a private IP address that Linode can assign to your Linode instance; instead, this address is managed by the network that WireGuard creates. -- **Endpoint IP (Client):** The Internet address of your WireGuard client. If your WireGuard client is another Linode, then the Endpoint IP is the public IP of that Linode, which is visible in the Linode's dashboard in the Linode Cloud Manager. - -## Getting Started after Deployment - -### Configure and Connect your WireGuard Client and Server - -After your Marketplace App has provisioned your WireGuard server, you can proceed with setting up your WireGuard client and establishing a connection to the server. - -If you did not provide a public key for WireGuard when you first set up your Marketplace App, you will need to follow the next set of steps. These instructions will set up your client and inform your server of your client's public key. If you did provide a public key when deploying the Marketplace App and have set up your client, skip to the second collection of steps in this section. - - -1. Follow the [WireGuard Client](/docs/guides/set-up-wireguard-vpn-on-ubuntu/#wireguard-client) section of our WireGuard guide to generate a public/private keypair for your client, and to set up the WireGuard network interface configuration on your client. - -1. [Connect to your Marketplace App's Linode via SSH](/docs/products/compute/compute-instances/guides/set-up-and-secure/#connect-to-the-instance). - -1. Bring down the `wg0` interface on the server: - - wg-quick down wg0 - -1. Open the `/etc/wireguard/wg0.conf` file in a text editor ([nano](/docs/quick-answers/linux/use-nano-to-edit-files-in-linux/), for example). - -1. You will see a line that reads `PublicKey = ` under the `[Peer]` section. Append your client's public key to this line. +- **Supported distributions:** Ubuntu 24.04 LTS +- **Suggested minimum plan:** All plan types and sizes can be used. The plan that you select should be appropriate for the amount of data transfer, users, and other stress that may affect the performance of your VPN. -1. You will also see a line that reads `Endpoint = `. Append your client's Internet address to this line and then save the file. If your WireGuard client is also a Linode, user your Linode's public IP. If your client is on your home computer, visit a site like [whatismyip.com](https://www.whatismyip.com) to get your address. +### WireGuard Server Options -1. Bring the `wg0` interface back up on the server: +The WireGuard Server Marketplace form includes the following fields: - wg-quick up wg0 +- **WireGuard Server Tunnel Address:** Your WireGuard server's tunnel IP address and subnet in CIDR notation. The default is: `10.0.0.1/24`. This is not the same as a private IP address that Linode can assign to your Linode instance; instead, this address is managed by the network that WireGuard creates. +- **WireGuard Listen Port:** Your WireGuard server's listening port number. The default is: `51820`. - {{< note >}} - `wg-quick` is a convenient wrapper for many of the common functions in `wg`. To learn more about all the available commands for each utility, issue the `wg --help` and `wg-quick --help` commands from your Linode's command line. - {{< /note >}} +### WireGuard Client Options -You should now have your server configuration completed. At this point, you still need to complete your client's configuration; specifically, you need to add your server as a peer to the client: +The WireGuard Client Marketplace form includes the following fields: -1. [Connect to your Marketplace App's Linode via SSH](/docs/products/compute/compute-instances/guides/set-up-and-secure/#connect-to-the-instance). +- **WireGuard Server Public Key:** The public key of your WireGuard server. You can find it in `/etc/wireguard/server_public.key` on your server instance. +- **WireGuard Server Endpoint:** The public IP address and port of your WireGuard server in the format `IP:PORT` (e.g., `192.0.2.1:51820`). +- **WireGuard Client Tunnel IP:** Your WireGuard client's tunnel IP address with the `/32` subnet. The default is: `10.0.0.2/32`. +- **Allowed IPs:** The IP addresses that should be routed through the WireGuard tunnel. The default is: `10.0.0.1/32`. -1. Just like your client, your server also has a public/private keypair of its own. The Marketplace App script leaves a copy of these keys in the root user's home folder: - - ls /root - - ```output - wg-private.key wg-public.key - ``` - -1. Use the `cat` command to get the value of the server's WireGuard public key: - - cat /root/wg-public.key - -1. You should see a random string similar to: - - ```output - FngGVypEJ13KU8+OeBGG1sOd2i+aazsj7qPL3ZxacG8= - ``` - -1. Copy the output of your server's public key, then use it to complete **steps 1 and 2** of the [Connect the Client and Server](/docs/guides/set-up-wireguard-vpn-on-ubuntu/#connect-the-client-and-server) section of our WireGuard guide. These steps will tell you to append `[Peer]` section to your client's existing WireGuard configuration and then how to enable the service on your client. - - Enter your server's WireGuard tunnel IP (using the `/24` CIDR notation) as the value for the `AllowedIPs` setting, and set the server's public IP address and WireGuard port to be the Endpoint. Here's an example template for a completed client configuration: - - ```file - [Interface] - PrivateKey = - Address = 10.0.1.2/24 - - [Peer] - PublicKey = - AllowedIPs = 10.0.1.1/24 - Endpoint = :51820 - ``` - - After you complete steps 1 and 2 from that section, you will have established the server as the client's peer. - -### Test your WireGuard Client's Connection - -This test should be performed once you have configured a WireGuard client and updated your WireGuard server to include the client's peer information: - -1. Access your WireGuard client and ping the WireGuard server. Replace `10.0.1.1` with the tunnel IP address you assigned to the WireGuard server in the Marketplace App creation form: - - ping 10.0.1.1 - -1. Use the WireGuard utility to verify your client's latest handshake: - - wg show - - The last two lines of the output from running the wg command should be similar to: +## Getting Started after Deployment - ```output - latest handshake: 1 minute, 17 seconds ago - transfer: 98.86 KiB received, 43.08 KiB sent - ``` +### Server-Side Configuration + +The deployment of the WireGuard Server Marketplace App automatically creates following files: + +- `/etc/wireguard/server_private.key`: The server's private key. +- `/etc/wireguard/server_public.key`: The server's public key. +- `/etc/wireguard/wg0.conf`: The server's WireGuard configuration file. + +The initial `wg0.conf` looks like this: + +```file +[Interface] +PrivateKey = +Address = +ListenPort = +``` + +### Client-Side Configuration + +The deployment of the WireGuard Client Marketplace App automatically creates following files: + +- `/etc/wireguard/client_private.key`: The client's private key. +- `/etc/wireguard/client_public.key`: The client's public key. +- `/etc/wireguard/wg0.conf`: The client's WireGuard configuration file. + +The initial `wg0.conf` looks like this: + +```file +[Interface] +PrivateKey = +Address = +MTU = 1420 +DNS = 8.8.8.8 + +[Peer] +PublicKey = +AllowedIPs = +Endpoint = +``` + +### Adding Clients to the Server + +To add a new client to your WireGuard server: + +1. Deploy a new WireGuard Client instance using the Marketplace App. +2. On the client instance, locate the client's public key: + ```bash + cat /etc/wireguard/client_public.key + ``` +3. On the server instance, edit the WireGuard configuration: + ```bash + sudo nano /etc/wireguard/wg0.conf + ``` +4. Add a new `[Peer]` section for the client: + ```file + [Peer] + PublicKey = + AllowedIPs = + ``` +5. Restart the WireGuard service on the server: + ```bash + sudo systemctl restart wg-quick@wg0 + sudo wg-quick down wg0 + sudo wg-quick up wg0 + ``` + +### Testing the Connection + +To test the connection between your WireGuard client and server: + +1. From the client instance, ping the server's tunnel IP: + ```bash + ping + ``` + +2. Check the WireGuard connection status: + ```bash + sudo wg show + ``` + + You should see a similar output: + ```output + interface: wg0 + public key: + private key: (hidden) + listening port: 51820 + + peer: + endpoint: : + allowed ips: + latest handshake: 1 minute, 17 seconds ago + transfer: 98.86 KiB received, 43.08 KiB sent + ``` ### Software Included | **Software** | **Description** | |--------------|-----------------| | [**WireGuard**](https://www.wireguard.com) | VPN software. | -| [**UFW (UncomplicatedFireWall)**](https://wiki.ubuntu.com/UncomplicatedFirewall) | Firewall utility. The Port assigned during the [WireGuard Options](#wireguard-options) step of the deployment will allow outgoing and incoming traffic. | +| [**UFW (UncomplicatedFireWall)**](https://wiki.ubuntu.com/UncomplicatedFirewall) | Firewall utility. The port assigned during the deployment that allows outgoing and incoming traffic. | {{% content "marketplace-update-note-shortguide" %}}