WEBVTT 00:00.140 --> 00:00.620 Hey, everyone. 00:00.620 --> 00:01.580 And welcome back. 00:01.580 --> 00:07.520 Now in today's video, we'll go ahead and launch the infrastructure which is required for installing 00:07.520 --> 00:08.270 Nginx. 00:08.300 --> 00:12.170 Now, just to revise to begin the Nginx installation process. 00:12.170 --> 00:18.380 What we need, we need one virtual machine with the operating system of either CentOS eight or Rocky 00:18.380 --> 00:19.280 Linux eight. 00:19.310 --> 00:24.500 Once we have our VM available, we'll go ahead and install Nginx on top of it. 00:24.500 --> 00:30.500 Now whenever you create a new Linux virtual machine, there are multiple ways in which you can log in 00:30.500 --> 00:31.310 to the server. 00:31.340 --> 00:34.580 The first one is the password based authentication. 00:34.580 --> 00:41.390 So this is the simplest approach where you specify the username and you specify the password to connect 00:41.390 --> 00:42.920 to the Linux server. 00:42.920 --> 00:48.560 So although this is good, but it is not really recommended specifically, if you have your server over 00:48.560 --> 00:54.590 the internet, you will observe that in case if you have a server over the internet and the SSH port 00:54.590 --> 01:00.930 is open for everyone, within just few days you will have thousands of brute force attempts from the 01:00.930 --> 01:06.690 attackers who are trying to hack into your server based on the password based authentication. 01:06.690 --> 01:13.800 So this is one of the primary reasons why do not enable password based auth for a Linux server on the 01:13.800 --> 01:14.430 internet. 01:14.430 --> 01:20.790 It has also been observed that many users also write down their passwords in notepad files or maybe 01:20.790 --> 01:21.810 even in sticky notes. 01:21.810 --> 01:27.600 So in case if their workstation is breached, the attacker can easily fetch the password from the plain 01:27.600 --> 01:28.380 text files. 01:28.380 --> 01:30.450 So this is one important part to note. 01:30.450 --> 01:32.160 So now what is the alternative? 01:32.190 --> 01:37.710 The alternative and also the recommended way is to make use of the key based authentication. 01:37.710 --> 01:42.180 And this is one of the common ways in most of the organizations as well. 01:42.180 --> 01:47.070 So what happens in key based authentication, there are two keys that are generated. 01:47.070 --> 01:48.510 First one is a public key. 01:48.540 --> 01:50.220 Second one is the private key. 01:50.220 --> 01:53.580 So this public key is stored in your Linux server. 01:53.580 --> 01:59.220 And whenever you want to log in to the Linux server, you need to have this private key as well. 01:59.220 --> 02:05.670 So just to revise you have a public key which is stored on the Linux server and when you want to log 02:05.670 --> 02:11.700 in to the Linux server, you will also have to make use of the private key which is stored in your laptop 02:11.700 --> 02:18.180 in order to successfully authenticate in case if you do not have this private key, you will not be 02:18.210 --> 02:19.440 able to log in. 02:19.440 --> 02:23.130 And this private key, as the name suggests, needs to be private. 02:23.130 --> 02:26.040 So this is something that you will not share with anyone. 02:26.040 --> 02:28.550 So now for this video, what do we need? 02:28.560 --> 02:32.040 We need to first create a public key and a private key. 02:32.040 --> 02:36.240 And then we also need to make use of a Linux virtual machine. 02:36.240 --> 02:40.080 So these are the two resources that we will be creating in today's video. 02:40.080 --> 02:46.320 So currently I am within the digital ocean environment and within your you have a resource of droplet. 02:46.320 --> 02:49.350 So droplet is nothing but a virtual machine. 02:49.350 --> 02:56.910 So depending upon the provider that you use in AWS, it is referred to as EC2 or in maybe generic terms, 02:56.910 --> 02:58.860 you can just call it as a virtual machine. 02:58.860 --> 03:01.380 In digital ocean it is referred to as a droplet. 03:01.380 --> 03:03.510 So all of these are the same thing. 03:03.510 --> 03:09.210 So all you can go ahead and do is you can create a new droplet here or to be precise, a new virtual 03:09.210 --> 03:09.900 machine here. 03:09.930 --> 03:14.700 The first important part is you have to select a right operating system image. 03:14.700 --> 03:20.010 We will be making use of a rocky Linux image based on the major version of it. 03:20.160 --> 03:23.070 The second one is you have to choose a plan. 03:23.100 --> 03:25.350 Again, there are multiple CPU options. 03:25.350 --> 03:31.320 Let's use the cheapest one, which is the regular Intel with SSD, which costs around $5 per month. 03:31.320 --> 03:33.090 Basically, this is an hourly cost. 03:33.090 --> 03:38.430 So even after ten hours you terminate your VM, you will only be charged for ten hours. 03:38.790 --> 03:45.210 The next important part is you will have to choose a data center region so you can choose any data center 03:45.210 --> 03:47.880 which is closest to your location. 03:47.880 --> 03:52.260 And the next important part, as we were discussing, is the authentication. 03:52.260 --> 03:58.530 You can either use SSH keys or you can even make use of a password based authentication where you will 03:58.530 --> 04:01.710 have to supply the password that you want to use while logging in. 04:01.740 --> 04:04.320 However, this is something that we will not be using. 04:04.320 --> 04:06.810 We'll be using the key based authentication here. 04:06.810 --> 04:12.450 Now again, you see that we have multiple keys available, so basically each key is for a different 04:12.480 --> 04:12.690 course. 04:12.690 --> 04:18.420 So we have a Docker key for Docker core, Splunk key for Splunk, course console key for console course. 04:18.420 --> 04:21.060 And we also have a Kubernetes key available. 04:21.060 --> 04:24.720 So what we'll be doing, we'll be creating a new key altogether. 04:24.720 --> 04:29.160 And at this stage you will have to create a new public private key. 04:29.310 --> 04:33.630 So creating a new public private key is extremely simple. 04:33.630 --> 04:38.410 All you will have to do is you will have to specify the command of SSH keygen. 04:38.460 --> 04:45.150 So this works in Windows 10 as well, and SSH client comes default in Mac OS and even Linux. 04:45.150 --> 04:48.780 So if you are using Mac or Linux, you do not really need to worry at all. 04:48.780 --> 04:53.070 So once I press enter it is stating generating public private key. 04:53.070 --> 04:58.530 And here you have to specify the path in case if you would not like you can just press enter and the 04:58.530 --> 04:59.760 key will be created. 04:59.920 --> 05:01.900 Now I'll be specifying the path here. 05:01.900 --> 05:03.490 So let me copy this up. 05:03.490 --> 05:04.630 Let me paste it. 05:04.630 --> 05:07.120 And this is the name of the key. 05:07.120 --> 05:10.900 So let me just call it as Enginex key. 05:10.930 --> 05:12.130 I'll press enter. 05:12.250 --> 05:14.650 You can specify the passphrase as well. 05:14.680 --> 05:17.830 However, just for simplicity, this is something that I'll avoid. 05:18.940 --> 05:20.590 Let's press enter again. 05:20.590 --> 05:27.490 And now you see we have our private key and our public key that is created in this specific location. 05:27.490 --> 05:33.340 Now, one more important thing specifically for Windows users in case if you see that when you run SSH 05:33.370 --> 05:40.240 key gen, it says command not found specifically for Windows 10, that means the SSH is not really enabled. 05:40.690 --> 05:45.850 So basically what you need to do, you can just look into the app features. 05:45.850 --> 05:47.980 So for app and features here. 05:48.930 --> 05:53.810 You have optional features and within here you can just search for search. 05:53.820 --> 05:59.650 So you have a openssh client in case if it is not enabled, you can go ahead and enable it right away. 05:59.670 --> 06:06.750 Now for the users who are using an older version of operating system of Windows, you can also make 06:06.750 --> 06:08.730 use of a tool like Mobaxterm. 06:08.730 --> 06:16.200 So within Mobaxterm also if you just type SSH key gen, you see it works perfectly well similar to what 06:16.200 --> 06:17.850 we are seeing in Windows CLI. 06:18.090 --> 06:23.880 Now going into the directory where our public private key are created, so you should see that there 06:23.880 --> 06:24.510 are two keys. 06:24.510 --> 06:28.110 One is the Nginx public key and the nginx private key. 06:28.110 --> 06:31.920 And the public key is what will be stored at a server level. 06:31.920 --> 06:34.380 So let's quickly open the public key here. 06:35.640 --> 06:40.350 Let's open up with atom editor or you can even open it up with the notepad. 06:40.350 --> 06:43.110 So this is how the public key really looks like. 06:43.110 --> 06:44.250 Let's copy this up. 06:44.250 --> 06:50.380 And within our environment, I'll just paste the public key here and the name, let's just call it as 06:50.380 --> 06:57.460 nginx key, and I'll quickly add an SSH key here and within choose your SSH keys, you will have to 06:57.460 --> 06:59.650 select the new key that you have created. 06:59.650 --> 07:05.020 And if you go a bit down, the next important part is how many virtual machines you want to create. 07:05.020 --> 07:08.920 Currently we only need one VM, so I'll just select one droplet in case. 07:08.920 --> 07:12.850 If you need multiple virtual machines you can just increment it accordingly. 07:12.880 --> 07:18.310 However, to begin with, let's keep it simple and the name that we will give, let's just call it as 07:18.310 --> 07:22.600 Demo Nginx and you can go ahead and click on Create Droplet. 07:22.630 --> 07:28.870 However, before we just do that, let's verify the plan that we have selected. 07:28.870 --> 07:31.900 So currently here you see we have a $40 per month plan. 07:31.900 --> 07:33.160 We do not need it. 07:33.190 --> 07:35.380 We'll be using the $5 per month plan. 07:35.380 --> 07:36.580 This is more than enough. 07:36.580 --> 07:39.940 And with the credits, you do not really even have to pay this. 07:40.030 --> 07:40.720 Great. 07:40.720 --> 07:45.130 So once you have done it, you can go ahead and create a new droplet. 07:45.760 --> 07:46.180 Great. 07:46.180 --> 07:52.360 So a new virtual machine is getting created so it can take around 2 to 3 minutes for the VM to be created 07:52.360 --> 07:52.690 here. 07:52.690 --> 07:55.030 So let's quickly wait for a moment here. 07:55.120 --> 07:55.690 Great. 07:55.690 --> 07:59.800 So it took around two minutes and our new virtual machine is up and running. 07:59.800 --> 08:01.840 It is also giving us the public IP. 08:01.960 --> 08:04.390 So let's quickly copy the public IP here. 08:04.570 --> 08:09.820 And from a CLI, let's quickly go to this specific directory where our key is created. 08:09.820 --> 08:16.930 So it is C drive users Zalora and we need to go to the SSH directory where our key is created. 08:16.930 --> 08:23.770 So now under this directory, if I do a dir in the case of Mac or Linux it should be LS. 08:23.800 --> 08:25.690 You should see that there are multiple keys. 08:25.690 --> 08:28.690 We are primarily interested in this nginx key. 08:28.690 --> 08:32.710 So basically this is the location where our key is stored. 08:32.830 --> 08:36.340 So in this location, let's go ahead and connect to the server. 08:36.340 --> 08:38.440 So I'll specify the name of the key. 08:38.440 --> 08:44.650 In this case it is nginx key and then you'll have to specify the username on the server side. 08:44.650 --> 08:48.820 So in case of rocky Linux the username is root in case. 08:48.820 --> 08:52.870 If you are making use of maybe CentOS then the username would be CentOS. 08:52.870 --> 08:59.470 So depending upon the cloud provider that you choose, the default username might change accordingly. 08:59.470 --> 09:04.540 In case of the AWS, the username might be EC2 user and so on. 09:04.540 --> 09:11.860 So I'll be specifying root followed by the IP address of the new server that we have created. 09:11.860 --> 09:12.970 I'll press enter. 09:13.210 --> 09:14.680 Let's do a yes. 09:15.670 --> 09:16.120 All right. 09:16.120 --> 09:18.400 So it is stating permission denied. 09:18.430 --> 09:20.250 No such file or directory. 09:20.260 --> 09:22.960 So this is primarily because of the typo. 09:22.990 --> 09:26.230 The name of the key is nginx underscore key. 09:26.260 --> 09:29.000 However, here we have specified nginx hyphen key. 09:29.020 --> 09:32.980 So let's go ahead and change this to nginx underscore key. 09:34.060 --> 09:34.480 All right. 09:34.480 --> 09:37.180 So now you see we are connected to our server. 09:37.210 --> 09:43.330 Again, just to reiterate, depending upon the cloud provider that you choose and the operating system 09:43.330 --> 09:47.480 that you choose, this default username might change for CentOS. 09:47.500 --> 09:53.340 In case if Root is not working for CentOS, you can try this username of CentOS. 09:53.350 --> 10:01.840 And in case of AWS, you can also try the username of EC2 hyphen user primarily because in AWS EC2, 10:01.870 --> 10:05.170 the root username is disallowed by default. 10:05.200 --> 10:07.750 The next important part is the firewall rule. 10:07.760 --> 10:10.540 So ideally you should have two firewall rules allowed. 10:10.570 --> 10:18.200 First one is the SSH connection from your ISP and the second one is port 80 should be allowed because 10:18.200 --> 10:20.630 Nginx would typically listen on port 80. 10:20.660 --> 10:25.520 So these are the two important rules that should be allowed in case if you are making use of digitalocean 10:25.520 --> 10:31.160 there is nothing to worry because by default the firewall is not really associated, so all the connections 10:31.160 --> 10:32.520 are allowed to the server. 10:32.540 --> 10:35.600 However, for AWS, this is not the case. 10:35.600 --> 10:41.420 You will have to create a new security group with these two ports that should be allowed in case. 10:41.420 --> 10:46.750 If you would also like, you can also restrict these two ports to your ISP IP address. 10:46.760 --> 10:48.560 However, we'll just keep it simple. 10:48.560 --> 10:53.990 And this is more of a informational purpose in case if you are using a different cloud provider. 10:54.230 --> 10:54.770 Great. 10:54.770 --> 10:58.190 So our base infrastructure for Nginx is up and running. 10:58.190 --> 11:03.770 So in the upcoming video, we'll go ahead with the installation of Nginx post which will be discussing 11:03.770 --> 11:07.430 about great features of Http and Nginx as a whole. 11:07.430 --> 11:09.710 So with this we'll conclude today's video.