SYS 360 Lab 11 2: AWS VPC NACLs - JadenGil/Jaden-Tech-Journal GitHub Wiki
Setup Apache on your Public Instance:
SSH into the public instance made in lab 10 and install apache with sudo yum install httpd
Once installed make a test page with some info pertaining to the class in /var/www/html/index.html and add Listen 8080 in /etc/httpd/conf/httpd.conf:
Then start HTTPD
The status page should look like this:
Jump Box/Bastion SSH:
We will need a second instance made exactly the same as our first public instance, but this one will not have Apache running on it. We also need to ensure that LampKey.pem is transferred over to that instance and can SSH into our other Public and Private instances.
Once the jumpbox has been created, and we've scp'd the private key over we should be able to SSH into both the web server and the private box:
Security Groups Update
We will now need to access the security groups for each of the boxes and edit the settings.
Public Web Server should follow these settings:
Public Jump Box should follow these settings:
Inbound:
Outbound:
And finally Private should follow these settings:
Inbound:
Outbound:
With those changes we should now be able to access the webpage we made on the workstation browser and through curling on the other boxes.
Deliverable 1:
Port 80
Port 8080
Deliverable 2:
Now, still on the private box run nc cosmosweb.champlain.edu 21 and it will open an FTP
Deviverable 3:
NACLs
For the public ACL we want to change the inbound and outbound rules to the following:
Inbound
Outbound:
Now when we try to use port 8080 to access the website on our workstation, it will deny access
Deliverable 4:
But our private instance will still be able to curl 8080
Deliverable 5:
We now need to update the private ACL so it can only get SSH from the jump box and so it will no longer allow FTP.
Deliverable 6:
Deliverable 7
Deliverable 8: