You can get a server with public IPv4 address and a (sub)domain, all for free.
"That must be some sort of scam!" I hear you scream internally. But no, it's not a scam, we are just (ab)using the power of capitalism and bad decisions. We will be sucking server power and IP addresses from the tech giant that is Oracle, which I deem to be a fit punishment on behalf of the 3 billion devices that run Java. (tho we might also run java, we'll see)
Well, you see, there is a thing called Oracle Cloud Free Tier, which is basically a set of resources that every account gets for free. If you look closer, you will notice that this involves 2 AMD VMs, 1GB of RAM each. This alone is good enough for simple web hosting or NAT, but that's not all!
You also get 4 ARM CPUs and 24GB of RAM to spread into up to 4 VMs as you deem fit. That is 2 times the CPU and 7 TIMES the RAM of ^C! (as of writing this) Sure, it's ARM, so you might have a bit of trouble getting some software to run, but most FOSS things should just work.
Everyone. All you need is a credit/debit card with at least one dollar on it. That does not mean that the registration process itself is easy tho. There is what I found to work:
It is EXTREMELY slow in Brave (might also apply to other chromium browsers). After that works fine, it's just the registration. Use Firefox, if possible.
Look into your banking app and fill in all contact info EXACTLY as is written in it. If your bank shows your name in all caps, then write it in all caps. It is very picky about this.
If all went good, you should have an account. Congrats, you can create a compute instance now!
Beware tho, as the AMD instances can only be created in one Availability Domain (subregions of sort) and while the ARM instances can be placed wherever, all domains claimed that they are full to me as of now. The manual says that this can happen from time to time and it should be resolved within few weeks, I have only had this account for few days, so I will inform about the progress in the next b-log.
When creating an instance, you will be asked to choose an OS. I tried their Oracle Linux, but the package manager didn't work for some reason, so I would recommend you go with Ubuntu (Minimal should be enough). Before you create the instance, don't forget to download the public and private ssh keys.
By default, you should automatically get a public IPv4 address upon instance creation. Now you can ssh into your server. (Fun fact: Windows has a built-in ssh client based on OpenSSH now, so no need for PuTTY) If you installed ubuntu, the default user is 'ubuntu', on Oracle Linux it's 'opc'.
On oracle Linux, the SSH connection wasn't working properly, so I added
export TERM=tmux-256color
into the '.bashrc' file to fix it. It worked better on Ubuntu, but adding it still made the colors better.
This was all caused by me using the Kitty terminal, so you might not have these issues.
Congrats, you now have a working, internet facing, server!
You have a public IP address, but you don't want to write it every time you want to connect to your server, right. You could register a domain, but that wouldn't be a 100% free VPS, now would it. Instead, we will use a free subdomain provider.
You see, domains are split into parts using dots. Each part of the domain corresponds to a computer that can send you one level lover (if there are any). The most right is called a top level domain (or a TLD for short). These are used only as DNS servers (the servers that tell you where the next domain is) and you must pay a fee if you want to use one. Once you register a second level domain, you can create more subdomains freely! These are usually used to distinguish different services, but they can just point to whatever computer you want.
Many hobbyists, like myself, don't really need the prettiest domain name, they just need something that works. There are many projects, that will fulfill exactly that need. Some I found are: duckdns, ipv64, dynu or desec.
I went with duckdns, purely because I think it's the most memorable name. Others provide some extra features, but I'm not super interested in those. It's technically a dynamic DNS sercive, but again, all I care about is having a pretty name in the URL bar.
OK, so I have a server, I have a domain name, now I just need to setup some services and we're golden!
I decided that until I get the ARM instance, I will just run a web server and a finger server.
You might be wondering why I need another web server? Well, my website on ^C has a very minimal theme, both in looks and in contents. I like it for what it is, but sometimes I want to do something a bit more crazy that does not fit on this site. Also, it being my server, I can run some more demanding projects that would be impolite to host on ^C.
As for the finger, I just think it's neat! ^C does not have one and my request to implement it was not taken well, so screw it. I'm making my own!
Let's get the easier out of the way. For finger server, I use efingerd. Over traditional fingerd, it fixes some security bugs and allows you to use custom scripts to get responses.
I started by installing the 'efingerd', 'ident2' and 'libident0' packages.
To start efingerd, add the following into your '/etc/inetd.conf':
finger stream tcp nowait efingerd /usr/sbin/tcpd /usr/sbin/efingerd -i -f
Yes, it's a mix of tabs and spaces It needs to be like this, just deal with it.
Now a bit less documented roadblock. You need to add execute permissions to all files in '/etc/efingerd/'. You will also have to do the same for '.efingerd' in your home directory and make your home directory executable and readable by all.
In other words, the 'efingerd' user must be able to execute all the files it needs to execute.
So now you have finger server running, right? Yes! But You can't access it. You will need to allow it in two places.
First one is Oracle ingress rules. When creating the web server, it should create a Virtual Cloud Network (VCN) for you. I have created my beforehand, so I'm not sure how it's named, but it should be in 'Networking > Virtual Cloud Networks'. Click on it and navigate into 'Security List'. Here click on 'Default security list' and you should see a bunch of rules.
Basically anything not specified here will not be allowed into your server. Click on 'Add Ingress Rules'. (Apple manual actually says it should be just 'Click', not 'Click on' but whatever...) You will be presented with a bunch of options. The only ones you should care about are 'Source CIDR', where you want to fill out '0.0.0.0/0' (accept from all IP addresses) and 'Destination Port Range' where you want to fill out port you want to allow. I allowed the following ports:
Secondly, you will also need to allow them on the server. The default firewall is restrictive, so you will need to allow your ports with the following command:
sudo iptables -I INPUT 4 -p tcp -m state --state NEW -m tcp --dport <PORT> -j ACCEPT
Now you should have a proper finger server!
And now to the web server. Since I have some experience using Apache from school, I decided to use Nginx instead, just to see what's out there.
Configuring Nginx was straight forward. I created a new site based on the example one and made it a new directory in '/var/www/'. I don't want to be root in order to edit the website, so I changed it's group to 'sudo' (Ubuntu version ot 'wheel') and added the 'g+s' chmod to it, so that newly created files within it will keep the group.
OK, now I have a HTTP server, but I want HTTPS. For that you need to have a certificate. Luckily, you can get one for free from Lets Encrypt.
I use certbot to manage my certificates. I will not go into detail how to set it up, as it has good docs. One thing to note is that after the setup, The site did not allow plain HTTP. As I want to support plain HTTP, i just had to edit the config, nothing crazy.
One small problem was that certbot wanted me to setup a crontab entry for it's updating. My install did not come with cron and I did not want to install more software than necessary on my already limited little server. I solved this by simply asking Claude to rewrite it into a Systemd timer.
Now I have both HTTP and HTTPS!
So far, I like it. I will write more entries as I'll add more stuff. If something Oracle-related goes wrong, I will also write about it.
You can go check out my new website, but I have to warn you. It's quote unorthodox.