Setup: Azure, Ubuntu 13.10, Node.js, Express.js

In my last post, I covered how you would setup a Virtual Box virtual machine on a Windows host for a Ubuntu 13.10 client, running as a web server with Node.js.

This post will take it to the next level: the cloud. Microsoft’s Azure cloud specifically. We will spin up a virtual machine in Azure with an Ubuntu image. From what I’ve seen, the Azure team has put a lot of effort into their Ubuntu images in the gallery. They’re pretty nice.

The next step will be to setup an SSH connection using Putty. Putty tends to be the most popular way to connect to remote servers that only have a command line. It’s not very exciting from user interface perspective, but, these are web servers, not gaming machines.

After the Putty install, certificate key generation, and connection to the server, the rest will be the usual install with some additional information I learned to make the process a bit better. Specifically, I’ll focus on setting up Express.js on top of Node.js. Express.js is a server side MVC framework that runs on top of Node.js and makes handling requests just a little bit easier.

Okay, on with the walk through.

The Azure Portal part

Log into your Azure Portal using your Windows Live Login ID.
On the left navigation of the Azure portal, click the Virtual Machines.
azure-virtual-machines

Then in the bottom left, there will be a “+New” button. Click that to begin creating your new virtual machine.
Pick through the choices like in this image:
azure-virtual-machine-gallery

Choose the Ubuntu 13.10:
azure-virtual-machine-gallery-ubuntu

This will take you the first server setup page. Before you can fill this page out though, you need a very important thing: An Azure Compatible Key
So, open a new browser, and download a program that generates SSL keys.

If you want to know how to get an SSL cert for your Windows Azure account, please follow the instructions here:

http://www.windowsazure.com/en-us/documentation/articles/linux-use-ssh-key/

It can be a pain, but eventually you’ll end up with a .pem file that you enter on the Azure VM page.

Fill out the rest of the information: server name, size (small), username, password along with your .pem cert file.
This takes you to the second screen of the VM setup, where you can choose your DNS name, storage account, and regional affinity.
Choose a region closest to you or your client physically

The final screen lets you configure your End Points. You want a web server and you want to control it through Putty, so you need three: HTTP, HTTPS, and SSH. Just select them in the drop down and Azure does the work for you:
azure-virtual-machine-endpoints

Create the server and watch it spin for a few minutes. Now that part is done. Next we will setup Putty. If you are a Windows Developer, you may never have used a Telnet or SSH client before. You may feel like you’ve gone back in history 20,000 years to witness the awesome power of a server without a user interface. And you may be surprised to know that this is exactly why Unix admins made jokes behind your back. Well, now it’s time to put that behind you.

The Putty part

Okay, so the first thing you need is not putty, it’s the puttygen program. It can be downloaded here: http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html.
You might be thinking, why is that URL not something like www.putty.com or some more legit sounding domain. Suffice to say, the developer doesn’t care.

On that page, look for the binaries section and download puttygen and putty
puttygen-download

The Ubuntu part

Okay, so you’ve got your VM, you’ve installed and configured Putty, and you’re connected to the VM. Here’s the command line steps to get a minimal install setup:


sudo apt-get update
sudo apt-get install -y python-software-properties python g++ make
sudo add-apt-repository ppa:chris-lea/node.js
sudo apt-get update
sudo apt-get install g++ curl libssl-dev apache2-utils
sudo apt-get install git-core
sudo apt-get install nodejs
sudo npm install express
sudo nano package.json

Copy these lines into your window, then hit CTRL-X, Y, Enter. This file sets up the dependencies for the project. In this case, we’re just including express. After this, when we do the sudo npm install, that command will run through the package.json file and install any libraries under the dependencies part. If you have them mistyped… well it won’t work.


{
  "name": "a-test-app-no-spaces",
  "description": "spaces are okay here",
  "version": "0.0.1",
  "private": true,
  "dependencies": {
    "express": "3.x"
  }
}

sudo nano server.js


var path   =   require("path");
var fs    =  require("fs");
var http  =  require("http");
var express  =  require("express");
var app  =  express();

//capture logs in the console
app.use(express.logger("dev"));

//serve static files - blank in the quotes means server.js is in the same folder as your HTML files.
app.use(express.static(__dirname + ''));

//404 error
app.use(function(req, res, next) {
  res.send(404, "file not found");
});

//start server
app.listen(80);
console.log("listening on port 80");

sudo npm install
sudo node server.js

So, after all this, you can open a browser to the domain name of your server, and you should see the 404 error message, since you have no HTML files:
azure-express-web-server

And if you are watching your Putty session, you should see the activity logged by Express.js like this:
azure-putty-express

And there you have it.
So now, we’ve covered how to setup this web server in both Virtual Box and Windows Azure.
Thanks for checking in.

Security Training Preparation

With DerbyCon three weeks away, I’ve started ramping up by reading books on security and getting a laptop setup for the training.  It’ll be 12 hour days of veterans and noobs showing off their black and white hat stuff.

The training requires a laptop with 2 virtual machines setup; one for XP and one for BackTrack Linux (Ubuntu).  When it comes to virtualization, my inclination was to use Microsoft’s Hyper-V.  The internet quickly informed me that my Windows 7 laptop isn’t able to support Hyper-V…  It also informed me that Oracle’s VirtualBox has no problem running on Windows 7 and doing what I need and is free.  I do enjoy eating out of Microsoft’s dog bowl, but they often do things like this that “force” me to leave their nest.  Sort of like when they dragged their feet on getting a good ORM so we “had” to use SubSonic (which I heard rumors that it was mostly created by MS or ex-MS eployees) because it was so elegant and efficient at generating all that ADO nonsense :)  Anyway…

Virtual Box comes with many OS flavors ready to go.

Setting up a VM with BackTrack Linux was as easy as following the instructions here: : http://www.backtrack-linux.org/wiki/index.php/VirtualBox_Install

The goal of the preparation will be to have a virtual network with 1 server running XP (or whatever you want to run security checks against) and one running Linux where you simulate attacks against the XP box.  My goal in learning this is more to teach myself about Web and WinForms Application security.  There are a lot of people that know the networking side and it appears that the industry thinks it has a good handle on that side with firewalls and patch management and tripwire type programs to watch the perimeters.  I’m more interested in how nations full of growing computer scientists might dismantle my humble web applications and how to stop them from embarrassing me.

Look forward to more technical posts in the coming month.

 

© Copyright Duke Hall - Designed by Pexeto