NodeBB on Oracle VPS [I need help!]

thebok

Hello,
we are trying to build our own documentation in order to be able to quickly deploy a new forum.
We are 100% no profit and we choose NodeBB over any other platform (PhpBB, ect)

Now we have multiple documentations that we followed and we are now discovering that our Test Environment (Oracle Free Tier) has some anomalies regarding firewalls. We are beginners in networking and have no experiences with databases:

We are testing and deploying our Platform on one single VPS and MongoDB, NodeBB, Nginx all run on the same VM. After 2 days of trouble, we decided to now get in touch with the communities here on the net, because we have no time left to loose. We need to get our documentation for our final deployment. (it is very very important)

Can people please help us?

Best Regards

(We will post in the following posts what we need help with)

phenomlab

@thebok if you installed NodeBB and it's working (that is, running without errors) then the remainder is going to be outside of what this forum can assist with. However, I am a security, infrastructure, and networking expert by trade and can help you with this over at sudonix.com

julian

@thebok said in NodeBB on Oracle VPS [I need help!]:

has some anomalies regarding firewalls

Yeah, you'll probably need to share a little more than that, especially if you want actionable help

@phenomlab can help, or you can also reach out to us directly for consultation & support.

That'll get you faster answers, or you can post here, and the community can also help. Our community is pretty friendly

oplik0

Your issues with firewall are likely because Oracle is, essentially, using firewalld rules for all their images, even ones that don't have it included. So if you are running on Ubuntu, and trying to use ufw like most tutorials will recommend you do, it will do nothing with the default iptables entires and be essentially useless. And the bigger problem is that some of their rules are required to start to VMs (they need iSCSI access rules on boot)

The easy solution is to just give in to Oracle's config and install firewalld:

sudo apt install firewalld
sudo systmctl enable --now firewalld

(And ensure ufw is disabled)

You can then manage rules using firewall-cmd. For example:

sudo firewall-cmd --permanent --add-service={http,https}
sudo firewall-cmd --reload

Will allow http/https traffic.

The second option is the one I assume you tried: fix iptables and use ufw. But this is a bit more complex than it seems.
First issue is that IIRC the iptables rules will be applied again on reboot. Now, cloud init can be disabled, but there is another issue - the iSCSI rules.
The official Oracle workaround for ufw potentially making the VMs unbootable is "don't use ufw" (https://docs.oracle.com/en-us/iaas/Content/knownissues.htm#ufw), and while you should be able to just ensure everything is correctly configured with ufw, I honestly stopped bothering. firewalld works fine for me, so, like Oracle, I would recommend that route instead.

Additionally there is separate OCI networking and their firewall. You have to remember that Network Security Groups override Security Lists, so if you have one assigned to your VNIC, you need to edit it instead of the subnet-wide SL.

If there is something else specifically you need help with you'll need to give more details - this post is just based on a guess you have the common issues.