Forwarding ports to a KVM guest using iptables and Network Address Translation (NAT)

This post describes how to create a BASH script that opens the KVM virtual network adapter to outside traffic, and forwards ports from the KVM host to the KVM guest using iptables and Network Address Translation (NAT).

The KVM virtual network adapter rejects packets from the outside world by default

By default, the virtual network adapter for KVM (virbr0) is configured to block network traffic originating from outside the host computer. This can be resolved with iptables directives, which will be described below.

You do not need to use /etc/ufw/before.rules or /etc/libvirt/hooks/qemu to forward ports to a KVM guest

Many Internet articles and posts on this subject give the incorrect impression that the only way to forward ports to a KVM guest is via UFW and its /etc/ufw/before.rules file, and/or that you need to create a post-configuration script as a qemu “hook” in the /etc/libvirt/hooks/qemu file. You can open the virtual network adapter to outside traffic and forward ports to the KVM guest under NAT solely using iptables directives.

An example of a BASH script that opens the virtual adapter to outside traffic, and forwards ports from the host to the guest

To illustrate the solution, here is a sample BASH script that contains iptables directives that open the virtual adapter to outside traffic, and forwards ports 80/tcp, 443/tcp, and 8022/tcp from the host to the guest.

A note about the source code view below

For formatting reasons, the text is limited to a fixed width. To fully view the text, you can scroll to the right to see the ends of lines, or use the print view for this blog post.

#!/usr/bin/bash
# generated 2021/04/07 20:37:46 EDT by forwardportstoguestgenerator.php v0102
# Gordon Buchan https://gordonbuchan.com

# values
kvmsubnet="192.168.122.0/24"
wanadaptername="enx4ce1734b693e"
wanadapterip="192.168.46.123"
kvmadaptername="virbr0"
kvmadapterip="192.168.122.174"

# allow virtual adapter to accept packets from outside the host
iptables -I FORWARD -i $wanadaptername -o $kvmadaptername -d $kvmsubnet -j ACCEPT
iptables -I FORWARD -i $kvmadapterip -o $wanadaptername -s $kvmsubnet -j ACCEPT
# forward ports from host to guest
iptables -t nat -A PREROUTING -i $wanadaptername -d $wanadapterip -p tcp --dport 80 -j  DNAT --to-destination $kvmadapterip:80
iptables -t nat -A PREROUTING -i $wanadaptername -d $wanadapterip -p tcp --dport 443 -j DNAT --to-destination $kvmadapterip:443
iptables -t nat -A PREROUTING -i $wanadaptername -d $wanadapterip -p tcp --dport 8022 -j DNAT --to-destination $kvmadapterip:22

A PHP script that generates a BASH script that opens the virtual network adapter to outside traffic, and forwards ports from the host to the guest

This script runs the ifconfig and virsh commands to compile lists of possible WAN interfaces and KVM guests. This script prompts for choices at console, and generates a text file containing a BASH script with iptables directives that open the virtual adapter to outside traffic, and forward ports from the host to the guest using network address translation (NAT).

A note about the source code view below

For formatting reasons, the text is limited to a fixed width. To fully view the text, you can scroll to the right to see the ends of lines, or use the print view for this blog post.

To view the source code in an another text editor, download and uncompress the zip file described below, or select and copy the text from the source code example below, and paste the text into a file on your computer called “forwardportstoguest.php”

Consider copying the file to your server’s /usr/bin directory with a chmod of 755 so that it can be executed from the system path. Steps to do so are included in the procedure below.

Saving the PHP script to a file called forwardportstoguestgenerator.php

Download this zip file:

https://blog.gordonbuchan.com/files/forwardtoguest0102.zip

Uncompress the zip file to extract the file “forwardportstoguestgenerator.php” then copy the file to your KVM host computer.

Select and copy the text from the source code example above, and paste the text into a file on your computer called “forwardportstoguestgenerator.php”

#!/usr/bin/php
<?PHP
// forwardportstoguestgenerator.php
// v0102
// scan ifconfig and virsh, create iptables directives to forward ports to kvm guests
// chmod this script 755 to run as ./forwardportstoguestgenerator.php or run with php forwardportstoguestgenerator.php
// writes to a text file the BASH script forwardportstoguestscript.sh
 
// 2021/04/07
// Gordon Buchan https://gordonbuchan.com
// MIT license https://mit-license.org
 
// overview
// run the command "ifconfig" to isolate potential wan adapter names and ip addresses
// infer the KVM subnet based on the first 3 sections of the ip address of the "virbr0" adapter
// run the command "virsh net-dhcp-leases default" to isolate potential kvm guest names and ip addresses
// ask client to choose WAN adapter
// ask client to choose KVM guest
// create a batch file containing iptables directives to open the virtual adapter to packets from outside the host
// and to forward ports from the host adapter to the KVM guest adapter 80/tcp, and 443/tcp, 8022/tcp
 
// //////////////////////////////////////////////////////////////////////////////////
// start function sink
 
// str_contains() polyfill for pre PHP8
if (!function_exists('str_contains')) {
    function str_contains(string $haystack, string $needle): bool
    {
        return '' === $needle || false !== strpos($haystack, $needle);
    }
}
 
// end function sink
// //////////////////////////////////////////////////////////////////////////////////
 
// start get the WAN adapter names and ip addresses
 
// capture output of ifconfig command to variable $ifcstr
$ifcstr = `ifconfig`;
 
// convert string $ifcstr to array of lines $ifcstrarr
// use linefeed as field delimiter in array population
$ifcstrarr = explode("\n",$ifcstr);
 
// count lines in the array
$ifcstrarrnumlines = count($ifcstrarr);
 
$adnamestrarr = array();
$adipstrarr = array();
 
$kvmsubnet = "";
 
// iterate through array of lines
for ( $i=0;$i<$ifcstrarrnumlines;$i++) {
 
    if ( str_contains($ifcstrarr[$i],"flags")) {
        $flagsstr = "flags";
        $flagsstrloc = strpos("$ifcstrarr[$i]", $flagsstr) - 2;
        $adnamestr = substr($ifcstrarr[$i],0,$flagsstrloc);
    } // close if str contains "flags"
 
    // we will eventually filter virbr0, but for now we can find out the subnet for the KVM guest network
 
    if ( str_contains($ifcstrarr[$i],"inet") && !str_contains($ifcstrarr[$i],"inet6") ) {
 
        $inetstr = "inet";
        $inetstrloc = strpos("$ifcstrarr[$i]",$inetstr) + 5;
        $adipstr = substr($ifcstrarr[$i],$inetstrloc,"20");
        $spacestrloc = strpos("$adipstr"," ");
        // trimming the variable
        $adipstr = substr($adipstr,0,$spacestrloc);
 
        if (str_contains($adnamestr,"virbr0")) {
            // start infer KVM subnet
            // //////////////////////////////////////////////////////////
            // do stuff here to get the virbr0 ip address so we can infer subnet
            $kvmsubnetraw = $adipstr;
            $lastdotloc = strrpos($kvmsubnetraw,".");
            $kvmsubnet = substr($kvmsubnetraw,0,$lastdotloc) . ".0/24";
            echo "\nKVM subnet\nkvmsubnet: $kvmsubnet\n\n";
            // end infer KVM subnet
            // //////////////////////////////////////////////////////////
        } else {
            // stuff the arrays they will match by number because done at same time
            // filter for loopback device
            if (!($adipstr == "127.0.0.1")) {
                $adnamestrarr[] = $adnamestr;
                $adipstrarr[] = $adipstr;
            }
        }
 
    } // close if str contains "inet"
 
} // end for $i
 
//so we are always defined
$adnamestrarrnumlines = "";
$adnamestrarrnumlines = count ($adnamestrarr);
if (!$adnamestrarrnumlines) {
    echo "no WAN adapters found.\nStopping.\n";
    exit();
}

// if we do not have a KVM subnet, then something is wrong. Stop.
if (!$kvmsubnet) {
    echo "KVM subnet not detected. Stopping.\n";
    exit();
}
 
// end get the WAN adapter names and ip addresses
// //////////////////////////////////////////////////////////////////////////////////
 
// start get the KVM guest names and ip addresses
 
// capture output of virsh command to variable $ifcstr
$virshleastr = `virsh net-dhcp-leases default`;
 
// convert string $virshleastr to array of lines $virshleastrarr
// use linefeed as field delimiter in array population
$virshleastrarr = explode("\n",$virshleastr);
 
// count lines in the array
$virshleastrarrnumlines = count($virshleastrarr);
 
$kvmnamestrarr = array();
$kvmipstrarr = array();
 
// iterate through array of lines
for ( $j=0;$j<$virshleastrarrnumlines;$j++) {
    if ( str_contains($virshleastrarr[$j],"ipv4")) {
        $ipv4str = "ipv4";
        $ipv4strloc = strpos("$virshleastrarr[$j]", $ipv4str) + 11;
        $kvmlinestr = substr($virshleastrarr[$j],$ipv4strloc,50);
        $slashstr = "/";
        $slashstrloc = strpos("$kvmlinestr",$slashstr);
        $kvmipstr = substr($kvmlinestr,0,$slashstrloc);
        $kvmnamestr = substr($kvmlinestr,$slashstrloc+5,12);
        $kvmnamestr = trim($kvmnamestr);
        //stuff the arrays they will match by number because done at same time
        $kvmnamestrarr[] = $kvmnamestr;
        $kvmipstrarr[] = $kvmipstr;
    } // close if str contains "ipv4"
} // end for $j
 
$kvmnumlines = count ($kvmnamestrarr);
if (!$kvmnumlines) {
    echo "no VM guest DHCP leases found. Please start a VM.\nStopping.\n";
    exit();
}

// end get the KVM guest names and ip addresses
// //////////////////////////////////////////////////////////////////////////////////
 
// start ask client to choose WAN adapter
 
// show the possible WAN adapters as a numbered list to console:
echo "WAN adapters\n";
for ($k=0;$k<$adnamestrarrnumlines;$k++) {
    $displaynum = $k + 1;
    echo "$displaynum. $adnamestrarr[$k] $adipstrarr[$k]\n";
}
 
echo "\n";
 
// use readline function to ask questions interactively
// trap function in a while condition for sanity checking on input until satisfied
$wananswer = "";
while (!$wananswer || ($wananswer>$displaynum) || !is_numeric($wananswer) ) {
    $wananswer = readline("Please choose a WAN adapter (1-$displaynum): ");
}
 
echo "choice entered: $wananswer\n";
 
// because humans start at 1 and computers start at 0
$wanchoiceminus = $wananswer - 1;
 
$wanadaptername = $adnamestrarr[$wanchoiceminus];
$wanadapterip = $adipstrarr[$wanchoiceminus];
 
echo "\n";
echo "wanadaptername: $wanadaptername\n";
echo "wanadapterip: $wanadapterip\n";
echo "\n";
 
// end ask client to choose WAN adapter
// //////////////////////////////////////////////////////////////////////////////////
 
// start ask client to choose KVM guest
 
// show the possible KVM guests as a numbered list to console:
echo "KVM guests\n";
echo "(hint: if a VM is not listed here, start the VM so it gets a DHCP lease)\n";
for ($m=0;$m<$kvmnumlines;$m++) {
    $displaynum = $m + 1;
    echo "$displaynum. $kvmnamestrarr[$m] $kvmipstrarr[$m]\n";
}
 
echo "\n";
 
// use readline function to ask questions interactively
// trap function in a while condition for sanity checking on input until satisfied
$kvmanswer = "";
while (!$kvmanswer || ($kvmanswer>$displaynum) || !is_numeric($kvmanswer) ) {
    $kvmanswer = readline("Please choose a KVM guest (1-$displaynum): ");
}
 
echo "choice entered: $kvmanswer\n";
 
// because humans start at 1 and computers start at 0
$kvmchoiceminus = $kvmanswer - 1;
 
// we should not confuse kvm guest name with kvmadaptername
// we hardcode the name of the kvm adapter as the string "virbr0"
$kvmadaptername = "virbr0";
$kvmadapterip = $kvmipstrarr[$kvmchoiceminus];
 
echo "\n";
echo "kvmadaptername: $kvmadaptername\n";
echo "kvmadapterip: $kvmadapterip\n";
echo "\n";
 
// end ask client to choose KVM guest
// //////////////////////////////////////////////////////////////////////////////////
 
// start engine section
 
// construct the string variable containing the contents of the script file
 
$timestring = date("Y/m/d H:i:s T");
 
// start from nothing
$scriptcontents = "";
 
$scriptcontents .= "#!/usr/bin/bash\n";
$scriptcontents .= "# generated $timestring by forwardportstoguestgenerator.php v0102\n";
$scriptcontents .= "# Gordon Buchan https://gordonbuchan.com\n";
$scriptcontents .= "\n";
$scriptcontents .= "# values\n";
$scriptcontents .= "kvmsubnet=\"$kvmsubnet\"\n";
$scriptcontents .= "wanadaptername=\"$wanadaptername\"\n";
$scriptcontents .= "wanadapterip=\"$wanadapterip\"\n";
$scriptcontents .= "kvmadaptername=\"$kvmadaptername\"\n";
$scriptcontents .= "kvmadapterip=\"$kvmadapterip\"\n";
$scriptcontents .= "\n";
$scriptcontents .= "# allow virtual adapter to accept packets from outside the host\n";
$scriptcontents .= "iptables -I FORWARD -i \$wanadaptername -o \$kvmadaptername -d \$kvmsubnet -j ACCEPT\n";
$scriptcontents .= "iptables -I FORWARD -i \$kvmadapterip -o \$wanadaptername -s \$kvmsubnet -j ACCEPT\n";
$scriptcontents .= "# forward ports from host to guest\n";
$scriptcontents .= "iptables -t nat -A PREROUTING -i \$wanadaptername -d \$wanadapterip -p tcp --dport 80 -j  DNAT --to-destination \$kvmadapterip:80\n";
$scriptcontents .= "iptables -t nat -A PREROUTING -i \$wanadaptername -d \$wanadapterip -p tcp --dport 443 -j DNAT --to-destination \$kvmadapterip:443\n";
$scriptcontents .= "iptables -t nat -A PREROUTING -i \$wanadaptername -d \$wanadapterip -p tcp --dport 8022 -j DNAT --to-destination \$kvmadapterip:22\n";
 
$scriptfilename = "forwardportstoguestscript.sh";
 
# write the text file
$fh = fopen("$scriptfilename","w");
$filesuccess = fwrite($fh,$scriptcontents);
fclose($fh);
 
if ($filesuccess) {
    echo "SUCCESS script written to file: $scriptfilename\n";
    chmod("$scriptfilename", 0755);
    $scriptperms = substr(sprintf('%o', fileperms("$scriptfilename")), -4);
    echo "scriptperms: $scriptperms\n";
    if ($scriptperms == "0755") {
        echo "SUCCESS chmod 755 $scriptfilename successful.\n";
    } else {
        echo "ERROR chmod 755 not $scriptfilename not successful.\n";
    }
} else {
    echo "ERROR script not written to file: $scriptfilename\n";
}
 
// end engine section
// /////////////////////

Executing as root

If you have not logged in as root, please escalate to root.

Enter this command:

sudo su

Installing php cli and net-tools

The PHP script requires the php cli and the ifconfig command from net-tools. The script also requires virsh, but you likely have that tool installed already if you are hosting KVM guests.

Ubuntu

Enter the command:

apt install php-cli net-tools

Fedora

Enter the command:

dnf install php-cli net-tools

Executing the PHP script forwardportstoguestgenerator.php to generate the BASH script forwardportstoguestscript.sh

Enter the command:

php forwardportstoguestgenerator.php

When prompted, choose a WAN adapter and a KVM guest.

You will see output similar to the following:

root@server:/usr/bin# php forwardportstoguestgenerator.php
KVM subnet
kvmsubnet: 192.168.122.0/24
WAN adapters
1. enx4ce1734b693e 192.168.46.123
2. wlp0s20f3 192.168.46.103
Please choose a WAN adapter (1-2): 1
choice entered: 1
wanadaptername: enx4ce1734b693e
wanadapterip: 192.168.46.123
KVM guests
(hint: if a VM is not listed here, start the VM so it gets a DHCP lease)
1. midland 192.168.122.174
Please choose a KVM guest (1-1): 1
choice entered: 1
kvmadaptername: virbr0
kvmadapterip: 192.168.122.174
SUCCESS script written to file: forwardportstoguestscript.sh
scriptperms: 0755
SUCCESS chmod 755 forwardportstoguestscript.sh successful.

Executing the BASH script forwardportstoguestscript.sh

Enter the command:

bash forwardportstoguestscript.sh

Testing the forwarded ports

Using a different workstation on the network, connect to the IP address of the computer hosting the KVM guest.

If you have forwarded the public-facing ports on your router to the IP address of the computer hosting the KVM guest, test whether traffic on the ports is forwarded to the KVM guest.

March 27, 2021April 17, 2021

Web presence step by step Chapter 12: Installing and configuring the WooCommerce plugin for WordPress to enable a shopping cart for transactions

Previous step: Chapter 11: Installing and configuring the WP Mail SMTP plugin for WordPress to enable WordPress to send email messages
Next step: Chapter 13: Installing and configuring MyBB to create a community forum site

Web presence step by step is a series of posts that show you to how to build a web presence.

In this chapter, we install and configure the WooCommerce plugin for WordPress to enable a shopping cart for transactions.

Accessing the WordPress control panel

Visit the URL for your WordPress control panel by entering your domain name followed by “/wp-admin” as in this example:

https://linuxstepbystep.com/wp-admin

Enter the username and password you specified when you created the WordPress blog in Chapter 8: Installing and configuring WordPress to create a website. Click “Log in”:

Installing the plugin

Click “Plugins”:

Click “Add New”:

search for the text “woocommerce”:

Click “Install Now”:

Click “Activate”:

Complete the fields “Address,” “Country/Region,” “City,” “Post code,” Click “Continue”:

Click “No thanks”:

Check boxes that apply to your situation. Click “Continue”:

For now, we will limit ourselves to the free tier of services, “Physical products” and “Downloads.” Avoid checking the remaining boxes until you become more expert, as these additional options incur a monthly or annual cost cost. Click “Continue”:

Select answers to the questions. Click “Continue”:

For now, we will de-select the additional services. Click “Continue”:

Click “Continue with my active theme”:

Click “No thanks”:

Click “Next”:

Click “Next”:

Click “Let’s go”:

Configuring WooCommerce

The WooCommerce plugin page appears. The “Finish setup” wizard is displayed. Explore the wizard by completing the steps. We will not explore this wizard in detail as it is largely self-explanatory, and there are many permutations of possible choices specific to each business case.

Avoid “Set up payments” until you have learned more

Delay configuring payments for your store until the end. You should feel comfortable experimenting with the software before there are live financial consequences due to a link with a payment service.

Avoid Jetpack and WooCommerce Tax, set up taxes manually

In the “Set up tax” section, avoid the option “Install Jetpack and WooCommerce Tax,” and instead select the option “Set up manually.”

Start by setting tax rates manually. If you decide later that you need the functionality in the “Jetpack” and “WooCommerce Tax” tools, you can install them later.

March 21, 2021April 17, 2021

Web presence step by step Chapter 11: Installing and configuring the WP Mail SMTP plugin for WordPress to enable WordPress to send email messages

Previous step: Chapter 10: Integrating Google Site Kit with WordPress to view Google Analytics and Google Search Console visitor statistics
Next step: Chapter 12: Installing and configuring the WooCommerce plugin for WordPress to enable a shopping cart for transactions

Web presence step by step is a series of posts that show you to how to build a web presence.

In this chapter, we install and configure the WP Mail SMTP plugin for WordPress to enable WordPress to send email messages.

WordPress needs to be able to send emails

Some operations require that the WordPress software be able to send email messages. We need to choose or create a Gmail account from which messages will be sent. We need to configure that Gmail account with a web application and OAUTH2 authentication tokens. We need to install and configure the WP Mail SMTP plugin with information from the Gmail account.

Choosing or creating a Gmail account from which to send email messages

Choose an existing Gmail account, or create a new Gmail account. This account should not be the same email account you use for some other purpose, such as employee email. This Gmail account will be used by the WP Mail SMTP plugin for WordPress to send email messages. Login to this Gmail account.

Creating a web application and OAUTH2 authentication tokens

Visit this website:

https://console.developers.google.com/flows/enableapi?apiid=gmail&pli=1

Check the box for “I agree to the Google Cloud Platform Terms of Service…”
Select Country
“I would like to receive periodic emails…” Select “No”
Click “Agree and continue”:

Click “Go to credentials”:

Which API are you using?
Gmail API

Which data will you be accessing?
Web server (e.g. node.js, Tomcat)

Click “What credentials do I need?”:

Click “Set up consent screen”:

User Type
Select “External”

Click “Create”:

Complete the fields as shown below (use your domain instead of the example domain)

Click “Save and continue”:

Click “Add users”:

Enter an email address. Click “Add”:

Click “Save and continue”:

You will see a screen similar to the following. Note that we are on the right tab. Click on the left tab:

Enter values for “Name,” “Authorized JavaScript engine.”

For the field “Authorized redirect URIs,” enter this value:

https://connect.wpmailsmtp.com/google/

Click “Refresh”:

Click “OAuth client ID”:

Click “Done”:

You will see a screen similar to the following:

Installing and Configuring the WP Mail SMTP plugin for WordPress

Go to the control panel for your WordPress blog software. Go to Plugins. Search for “smtp.” Click on the “Install Now” button next to “WP Mail SMTP by WPForms”:

Click “Activate”:

Select “Gmail”:

Enter the values for “Client ID” and “Client Secret” you obtained from the Gmail control panels earlier in this procedure. Enter this value for “Authorized redirect URI”:

https://connect.wpmailsmtp.com/google/

Click “Save Settings”:

Click “Allow plugin to send emails using your Google account”:

Select the Gmail account you chose to allow the WP SMTP Mail plugin for WordPress to send email messages:

Click “Continue”:

Click “Allow”:

Click “Allow”:

Sending a test message

Enter an email address. Click “Send Email”:

An email similar to the following should arrive in the test destination mailbox:

March 20, 2021April 17, 2021

Web presence step by step Chapter 10: Integrating Google Site Kit with WordPress to view Google Analytics and Google Search Console visitor statistics

Previous step: Chapter 9: Installing and configuring phpMyAdmin to manage MySQL databases
Next step: Chapter 11: Installing and configuring the WP Mail SMTP plugin for WordPress to enable WordPress to send email messages

Web presence step by step is a series of posts that show you to how to build a web presence.

In this post, we install and configure the Google Site Kit plugin for WordPress in order to access Google Analytics and Google Search Console website statistics.

Understanding the link between WordPress, the Google Site Kit plugin, Google Analytics, and Google Search Console

In order to track visitor statistics for your website, Google Analytics needs a tracking code inserted into each web page you host. Google Search Console requires that we prove we have the authorization of the owner of the domain in order to view search engine statistics specific to the domain. By installing and configuring the Google Site Kit plugin for WordPress, we are able to add the necessary tracking code, and to prove to Google that we are the authorized owner of the domain name.

Creating or choosing a Gmail account for the connections to Google Analytics and Google Search Console

We will need a Gmail account to control the Google Analytics and Google Search Console transactions for your website. This account may have to be shared with marketing consultants and sales personnel, so it should not be associated with the email for a specific employee. The Gmail account can be a personal (free) Gmail account.

Logging out of Gmail, just to be sure

Before we begin, sign out of Gmail:

Logging into the Gmail account you created for Google Analytics and Google Search Console

Enter the password for the account:

Gmail appears, logged into the account you created to manage Google Analytics and Google Search Console transactions:

Configuring Google Analytics to create a property

Visit the Google Analytics site. Click “Start measuring”:

Enter a value for “Account name,” check the boxes under “Account Data Sharing Settings.” Click “Next”:

Enter a value for “Property name.” Click “Next”:

Check a box for “Business size.” Check boxes as applicable under “How do you intend to use Google Analytics with your business (Check all that apply).” Click “Create”:

Check the boxes to accept the terms, click “I Accept” (if you want to):

Do not check any of these boxes. Click “Save”:

The Google Analytics site appears:

Installing the Google Site kit plugin for WordPress

Go to the control panel for your WordPress blog. Go to Plugins. Click “Add New.” Search for:

“analytics”

Locate “Site Kit by Google — Analytics, Search Console, AdSense, Speed.” Click on the button “Install Now” for the plugin:

Click “Activate”:

Click “Start setup”:

Click “Sign in with Google”:

Select the account you created to control Google Analytics and Google Search Console transactions for your domain:

Click “Allow”:

Click “Allow”:

Click “Allow”:

Click “Proceed”:

Click “Allow”:

Click “Add site”:

Click “Go to my Dashboard”:

The Google Site Kit plugin for WordPress Dashboard appears. In the box for “Analytics,” click on “Connect service”:

Select the Gmail account you created to control Google Analytics and Google Search Console Transactions for your website:

Click “Allow”:

Click “Allow”:

Select Account, Property. Provide a value for “View Name.” Click “Proceed”:

Select the Gmail account you created to control the Google Analytics and Google Search Console transactions for your domain:

Click “Allow”:

Click “Allow”:

The Google Site Kit plugin for WordPress Dashboard appears. Note that both “Search Console” and “Analytics” are now shown as “Connected”:

Wait a few days, then come back. There will be data then.

An example of what to expect:

March 13, 2021May 29, 2021

Web presence step by step Chapter 9: Installing and configuring phpMyAdmin to manage MySQL databases

Previous step: Chapter 8: Installing and configuring WordPress to create a website
Next step: Chapter 10: Integrating Google Site Kit with WordPress to view Google Analytics and Google Search Console visitor statistics

Web presence step by step is a series of posts that show you to how to build a web presence.

In this post, we install and configure phpMyAdmin to manage MySQL databases.

This post assumes that you have performed the steps described in Chapter 8: Installing and configuring WordPress to create a website.

A note re MySQL and MariaDB

A few years ago, the company that owned MySQL was purchased by Oracle. The open source code was legally “forked” into a project called MariaDB. When this document refers to “MySQL,” it is actually referring to the MariaDB descendant of the MySQL database engine, made possible by the terms of the GPLv2 open source software license. Notice that to maintain compatibility with existing software, the command to invoke MariaDB on the command line is “mysql.”

Installing the php-xml and php-mbstring libraries

Use an SSH terminal program to connect to the Ubuntu Linux cloud server you created in Chapter 3: Buying an Ubuntu Linux cloud server from Digital Ocean. Enter the commands:

apt install php-xml php-mbstring
systemctl restart apache2

Generating a blowfish secret passphrase (blowfish_secret)

phpMyAdmin uses an encryption cipher called “blowfish.” We need to generate a blowfish secret passphrase to customize the phpMyAdmin config.inc.php configuration file.

Use a web browser to visit the site:

https://phpsolved.com/phpmyadmin-blowfish-secret-generator/?g=[insert_php]echo%20$code;[/insert_php]

Select the text in the line under “to,” right-click (or command-click on MacOS), then select “Copy”:

Keep this web browser window open. You will need to copy the text in the line above to the clipboard then paste it into the config.inc.php file in one of the steps below.

Downloading the phpMyAdmin zip file

Use a web browser to visit the site:

https://www.phpmyadmin.net/

Click on the link “Download x.x.x” (where “x.x.x” represents the current version number):

Extracting the phpMyAdmin zip file

(Reminder: there are detailed examples in Chapter 8: Installing and configuring WordPress to create a website that show how to extract the contents of a zip file for each operating system.)

Go to the file manager for your operating system (Windows File Explorer, MacOS Finder, Linux Nautilus).

Windows

In File Explorer, right-click on the phpMyAdmin zip file. Select “Extract All.” In the next dialog, click “Extract.”

MacOS

If you downloaded the phpMyAdmin zip file with Safari

if you downloaded the phpMyAdmin zip file with Safari, the zip file’s contents will be already be extracted as a directory in the Downloads directory.

If you downloaded the phpMyAdmin zip file with Chrome

In Finder, go to the Downloads directory. Double-click on the phpMyAdmin zip file. The Archive Manager will extract the contents of the phpMyAdmin zip file to a directory in the Downloads directory.

Linux

In Nautilus, go to the Downloads directory. Right-click on the phpMyAdmin zip file. Select “Open with Archive Manager.” In Archive Manager, click on “Extract.” In the next dialog, click on “Extract.”

Renaming the phpMyAdmin-x-x-x-x directory, renaming and editing the config.inc.php configuration file

Windows

Use File Explorer. Locate the phpMyAdmin directory nested within a directory of the same name). Right-click on the directory. Select “Rename”:

enter the text “phpmyadmin”:

Locate the file “config.sample.inc.php” file. Right-click on the file. Select “Rename”:

Enter the text “config.inc.php”:

Right-click on the file “config.inc.php,” select “Open with…”:

Select the “Notepad” application. Check the box “Always use this app to open .php files.” Click OK:

Paste the blowfish secret string you obtained earlier in the step “Generating a blowfish secret passphrase (blowfish_secret)” into the $cfg[‘blowfish_secret’] string assignment. Be careful to place single quotes (‘) before and after the blowfish_secret string:

MacOS

In Finder, locate the phpMyAdmin directory. Command-click on the directory. Select “Rename”:

Enter the text “phpmyadmin”:

Locate the “config.sample.inc.php” file. Command-click on the file. Select “Rename”:

Enter the text “config.inc.php”:

Command-click on the file. Select “Always Open With,” select “TextEdit”:

Linux

In Nautilus, locate the phpMyAdmin directory. Right-click on the directory. Select “Rename”:

Enter the text “phpmyadmin”:

Locate the “config.sample.inc.php” file. Right-click on the file. Select “Rename”:

Enter the text “config.inc.php”:

Right-click on the file. Select “Open With Other Application”:

Click on “View All Applications”:

Select “Text Editor.” Click on “Select”:

A note about the example domain and a reminder that you should use your domain name in its place

For clarity and narrative flow we are using the example domain linuxstepbystep.com but you should substitute your domain name as appropriate.

Uploading the “phpmyadmin” directory to the Ubuntu Linux cloud server

Use the FileZilla file transfer program to connect to the Ubuntu Linux cloud server you created in Chapter 3: Buying an Ubuntu Linux cloud server from Digital Ocean. In the left (local) panel, locate the local phpmyadmin directory. Right-click (for MacOS, command-click) on the directory and select “Upload”:

Wait for the file transfer to complete:

Accessing the phpMyAdmin application using a web browser

Use a web browser to visit your domain name followed by “/phpmyadmin”:

https://linuxstepbystep.com/phpmyadmin

(These are the MySQL username and password that were created in Chapter 8: Installing and configuring WordPress to create a website: “Creating the MySQL database for the WordPress site.”)

Enter values for the “Username:” and “Password:” fields. Click on “Go”:

This screen appears. Click on the name of the database in the left panel:

Click on a table in the left panel:

Table view:

March 11, 2021March 20, 2023

Web presence step by step Chapter 8: Installing and configuring WordPress to create a website

Previous step: Chapter 7: Configuring the SSH server on an Ubuntu Linux cloud server to limit SFTP directory visibility within chroot jail directories
Next step: Chapter 9: Installing and configuring phpMyAdmin to manage MySQL databases

Web presence step by step is a series of posts that show you to how to build a web presence.

In this post, we install and configure WordPress to create a website.

This post assumes that you have performed the steps described in Chapter 7: Configuring the SSH server on an Ubuntu Linux cloud server to limit SFTP directory visibility within chroot jail directories.

A note re MySQL and MariaDB

Creating the MySQL database for the WordPress site

Use an SSH terminal program to connect to the Ubuntu Linux cloud server you created in Chapter 3: Buying an Ubuntu Linux cloud server from Digital Ocean.

Enter the command:

mysql -u root -p

Enter the commands (choose a password in place of “xxxxxx”):

create database blog01;
create user blog01;
alter user blog01 identified by 'xxxxxx';
use blog01;
grant all privileges on * to blog01;
quit

Downloading the WordPress zip file using Chrome on Windows, MacOS, and Linux

Use the Chrome web browser to visit the following site:

https://wordpress.org/download/#download-install

Click on “Download WordPress 5.7” (the version number may have changed by the time you read this):

The zip file will download to your computer:

Right-click on the icon representing the zip file in the lower-left corner of the browser. Click “Show in folder”:

Downloading the WordPress zip file using Safari on MacOS

(note the zip file’s contents will be extracted automatically by Safari after the download completes)

Use the Safari web browser to visit the following site:

https://wordpress.org/download/#download-install

Click on “Download WordPress 5.7” (the version number may have changed by the time you read this):

Click “Allow”:

Click on the download icon in the lower-right of the screen. Select “Open in Finder”:

Extracting the contents of the WordPress zip file using Windows

Go to the Downloads folder. Right-click on the WordPress zip file. Select “Extract All”:

This dialog will appear. Click “Extract”:

A dialog shows the progress in extraction of the zip file’s contents:

The extracted contents of the zip file will appear as a directory named “wordpress-xxx” (“xxx” representing the version number), within which will be a directory called “wordpress”:

Extracting the contents of the WordPress zip file using MacOS

If you downloaded the zip file with Chrome on MacOS

Double-click on the WordPress zip file:

The MacOS archive manager will extract the zip file:

If you downloaded the zip file using Safari on MacOS

Note that Safari has extracted the contents of the WordPress zip file:

Extracting the WordPress zip file using Linux

Right-click on the WordPress zip file. Select “Open with Archive Manager”:

Right-click on the “wordpress” folder within the Archive Manager. Select “Extract”:

Click on “Extract”:

The following dialog appears:

A note about the example domain and a reminder that you should use your domain name in its place

Note: for clarity and narrative flow we are using the example domain linuxstepbystep.com but you should substitute your domain name as appropriate.

Using FileZilla to transfer the WordPress files to the Ubuntu Linux cloud server

Run the FileZilla file transfer program. Enter the following information the following fields:

Host: linuxstepbystep.com
Username: linuxstepbystep_com
Password: xxxxxx (where “xxxxxx” is the password for the linuxstepbystep_com account)
Port: 22

Click “Quickconnect”:

After connecting, you will see the contents of the server account in the right pane:

In the left pane, select the directory called “wordpress”:

In the right pane, select the directory “linuxstepbystep.com”:

In the right pane, right-click on the “index.php” file. Select “Rename,” enter the value “index.old.php”:

In the left pane, select the directory that contains the contents of the WordPress zip file:

In the left pane, select all of the files and directories:

Right-click on the selected files and folders. Select “Upload”:

Observe the progress of the file transfer in the lower window of the FileZilla file transfer program:

After the file transfer completes:

Configuring WordPress using the web installation wizard

Use a web browser to visit your domain name:

Select a language. Click “Continue”:

Click “Let’s go!”:

Complete the fields for “Database Name,” “Username,” “Password,” “Database Host.” Leave “Table Prefix” unchanged. Click “Submit”:

Click “Run the installation”:

Complete the fields for “Site Title,” “Username,” “Password,” “Your Email.” Do not check the box “Discourage search engines from indexing this file.” Click “Install WordPress”:

Click “Log In”:

The control panel for the WordPress blog software appears.

Note: this control panel can be reached by enterning your domain name followed by “/wp-admin”:

https://linuxstepbystep.com/wp-admin

Enter the username and password you selected earlier in the WordPress setup wizard. Click “Log in”:

The control panel for the WordPress blog software that enables your website:

Use a web browser to visit your domain name. You should see the default WordPress page:

March 7, 2021March 27, 2021

Web presence step by step Chapter 7: Configuring the SSH server on an Ubuntu Linux cloud server to limit SFTP directory visibility within chroot jail directories

Previous step: Chapter 6: Configuring an Ubuntu Linux cloud server to create a Linux Apache MySQL PHP (LAMP) web server, Part 2
Next step: Chapter 8: Installing and configuring WordPress to create a website

Web presence step by step is a series of posts that show you to how to build a web presence.

In this post, we configure the SSH server on an Ubuntu Linux cloud server to limit SFTP directory visibility within chroot jail directories.

This post assumes that you have performed the steps described in Chapter 6: Configuring an Ubuntu Linux cloud server to create a Linux Apache MySQL PHP (LAMP) web server, Part 2.

Why would you want to limit a user to a chroot jail directory?

A web server can host multiple websites. You may want to give to a web contractor SFTP access for one of the websites hosted on the server, but also prevent that web contractor from viewing or modifying other files or directories on the server unrelated to the website.

We will configure the SSH server to limit each SFTP user to only be able to view or modify a specific directory and its subdirectories. The formal term for this kind of directory is “chroot,” short for “change root directory.”

In the preceding chapter, we created the usernames, specified their home directories, and specified the directory locations for websites. The directory structure, ownerships, and permissions we applied to each directory anticipated that the directories would later be configured as chroot jail directories.

A user cannot own its own home directory

A user cannot own its own home directory. A user can own a subdirectory within its home directory.

Using the Digital Ocean cloud server web console instead of an SSH terminal program to connect to the cloud server

Normally, we interact with the Ubuntu Linux cloud server hosted at Digital Ocean by connecting with an SSH terminal program. However, since we are modifying the configuration of the SSH server itself, there is a chance we could break the SSH server and lock ourselves out. The Digital Ocean cloud server console provides terminal access to the Ubuntu Linux cloud server. We will use this console to modify the SSH server to implement chroot jail directories for each user.

Connect to the Digital Ocean site and login. Click on the Droplet you created in Chapter 3: Buying an Ubuntu Linux cloud server from Digital Ocean:

Click on “Console”:

cd /etc/ssh
cp sshd_config sshd_config.factory
nano sshd_config

This is what it looks like when you load the file in the nano editor:

A note about the example domain and a reminder that you should use your domain name in its place

Note: for clarity and narrative flow we are using the example domain linuxstepbystep.com but you should substitute your domain name as appropriate.

Go to the bottom of the file, and add the following blocks of text:

Match User comingsoon
        ChrootDirectory /usr/web/comingsoon
        X11Forwarding no
        AllowTcpForwarding no
        ForceCommand internal-sftp
Match User linuxstepbystep_com
        ChrootDirectory /usr/web/linuxstepbystep_com
        X11Forwarding no
        AllowTcpForwarding no
        ForceCommand internal-sftp

Enter the command:

systemctl restart sshd

Obtaining the FileZilla file transfer program

Windows (client)

Warning re default “Download FileZilla” Client link for FileZilla for Windows

When downloading the Windows client from the FileZilla site, avoid the default “Download FileZilla Client” link, as it contains adware. Instead, click on the link “Show additional download options.” this is accessible via the following direct link. From this link, choose the option for “Windows 64bit x86”:

https://filezilla-project.org/download.php?show_all=1

MaOS (client)

From this link, choose the option for “MacOS X”:

https://filezilla-project.org/download.php?show_all=1

Ubuntu Linux (client)

If you are using Ubuntu Linux, you can install the FileZilla file transfer program with the command:

apt install filezilla

Fedora Linux (client)

If you are using Fedora or a related Red Hat system, you can install the FileZilla file transfer program with the command:

dnf install filezilla

Using the FileZilla file transfer program to connect to the cloud server

Complete the following fields. Click “Quickconnect”:

Host: your domain name
Username: linuxstepbystep_com
Password: (password)
Port: 22

Check the box “Always trust this host, add this key to the cache.” Click “OK”:

Note that the SFTP user is now limited to seeing the contents of its own directory. This means that if you have multiple websites on a server, the SFTP accounts that maintain those websites will not be able to view files or directories belonging to other websites or functions of the server:

Enter the subdirectory on the server to see the files and directories for the website:

March 2, 2021June 4, 2024

Web presence step by step Chapter 6: Configuring an Ubuntu Linux cloud server to create a Linux Apache MySQL PHP (LAMP) web server, Part 2

Previous step: Chapter 5: Configuring an Ubuntu Linux cloud server to create a Linux Apache MySQL PHP (LAMP) web server, Part 1
Next step: Chapter 7: Configuring the SSH server on an Ubuntu Linux cloud server to limit SFTP directory visibility within chroot jail directories

Web presence step by step is a series of posts that show you to how to build a web presence.

In this post, we do advanced configuration on an Ubuntu Linux cloud server to create a Linux Apache MySQL PHP (LAMP) web server.

A note re MySQL and MariaDB

This post assumes that you have performed the steps described in Chapter 5: Configuring an Ubuntu Linux cloud server to create a Linux Apache MySQL PHP (LAMP) web server, Part 1.

Configuring the Linux Apache MySQL PHP (LAMP) web server

In the previous chapter, Chapter 5: Configuring an Ubuntu Linux cloud server to create a Linux Apache MySQL PHP (LAMP) web server, Part 1, we used apt to install the meta-package “lamp-server,” which installs the components for a basic Linux Apache MySQL PHP (LAMP) web server. In this chapter we configure the components.

Installing MPM-ITK

We need to install MPM-ITK, which allows the web server to execute programs under different usernames. This means that if a website has a security issue, the damage is limited to that website’s directory: other websites and the host server should remain unaffected.

Enter the command:

apt install libapache2-mpm-itk

Configuring MySQL

The MySQL database server has been installed, but must be configured.

Enter the command:

mysql_secure_installation

Testing the MySQL server

Let’s test the MySQL server. Enter the command:

mysql -u root -p

enter the password you specified during the MySQL configuration step.

enter the command:

show databases;

You will see a list similar to the following. Enter the command:

exit

Testing that the web server is able to run PHP scripts

Let’s test that the web server is able to run PHP scripts.

Enter the commands:

cd /var/www/html
nano phpinfo.php

Enter the following text in the nano editor. Save and exit the file:

<?PHP

phpinfo();

Use a web browser to load your domain name, followed by /phpinfo.php, as in:

linuxstepbystep.com/phpinfo.php

If you are successful, a page similar to the following should appear:

Configuring the Apache web server

Enter the commands:

cd /etc/apache2
cp apache2.conf apache2.conf.factory
nano apache2.conf

Use the control-w command to search for the text “<directory”:

This is what it looks like when you find the section:

Insert a block with the following text:

<Directory /usr/web/>
        AllowOverride All
        Require all granted
</Directory>

Creating the users, directories, and documents for the websites

Enter the commands:

adduser --home /usr/web/comingsoon comingsoon

Enter and confirm a password for the user. Answer the prompts for additional information. When asked: “Is the information correct?” enter “y” for yes:

Enter the commands:

mkdir -p /usr/web/comingsoon/comingsoon
cd /usr/web/comingsoon/comingsoon
nano index.php

Enter the following text in the nano editor. Save and exit the file:

<?PHP

echo "<p>coming soon</p>\n";

Enter these commands, note that each “chown” and “chmod” command should be its own line:

chown -R root:root /usr/web/comingsoon
chown -R comingsoon:comingsoon /usr/web/comingsoon/comingsoon
chmod -R 755 /usr/web/comingsoon/comingsoon

A note about the example domain and a reminder that you should use your domain name in its place

Note: for clarity and narrative flow we are using the example domain linuxstepbystep.com but you should substitute your domain name as appropriate.

Enter this command (all on the same line):

adduser --home /usr/web/linuxstepbystep_com linuxstepbystep_com

Enter the commands:

mkdir -p /usr/web/linuxstepbystep_com/linuxstepbystep.com
cd /usr/web/linuxstepbystep_com/linuxstepbystep.com
nano index.php

Enter the following text in the nano editor. Save and exit the file:

<?PHP

echo "<p>linuxstepbystep.com</p>";

Enter these commands, note that each “chown” and “chmod” command should be its own line:

chown -R root:root /usr/web/linuxstepbystep_com
chown -R linuxstepbystep_com:linuxstepbystep_com /usr/web/linuxstepbystep_com/linuxstepbystep.com
chmod -R 755 /usr/web/linuxstepbystep_com/linuxstepbystep.com

Creating the virtual hosts for the websites

cd /etc/apache2
mv sites-available sites-available.factory
mkdir -p /etc/apache2/sites-available
cd /etc/apache2/sites-available

Enter the command:

nano 000.comingsoon.conf

Enter the following text in the nano editor. Save and exit the file:

<VirtualHost *:80>
<IfModule mpm_itk_module>
        AssignUserID comingsoon comingsoon
</IfModule>
ServerName comingsoon
DocumentRoot /usr/web/comingsoon/comingsoon
ServerAdmin info@linuxstepbystep.com
CustomLog /var/log/apache2/comingsoon-access_log combined
ErrorLog /var/log/apache2/comingsoon-error_log
</VirtualHost>

Enter the commands:

a2ensite 000.comingsoon.conf
nano 004.linuxstepbystep.com.conf

Enter the following text in the nano editor. Note the screen capture: the line starting with “AssignUserID” should be all on the same line. Save and exit the file:

<VirtualHost *:80>
<IfModule mpm_itk_module>
        AssignUserID linuxstepbystep_com linuxstepbystep_com
</IfModule>
ServerName linuxstepbystep.com
ServerAlias www.linuxstepbystep.com
DocumentRoot /usr/web/linuxstepbystep_com/linuxstepbystep.com
ServerAdmin info@linuxstepbystep.com
CustomLog /var/log/apache2/linuxstepbystep.com-access_log combined
ErrorLog /var/log/apache2/linuxstepbystep.com-error_log
</VirtualHost>

Enter the command:

a2ensite 004.linuxstepbystep.com.conf

Enter the command:

systemctl restart apache2

Testing the web server to see whether it can host separate virtual hosts (multiple websites)

The objective of this test is to display different text for each host name we enter in the web browser’s address bar.

Enter your domain name in a web browser’s address bar:

Enter the IP address of your cloud server in the web server’s address bar. This is to test whether the default “park page” is active. This page will be displayed if a host name is pointed at the IP address of the cloud server, but the cloud server’s web server has not yet been configured with a virtual host profile for that host name.

Installing SSL Encryption with Let’s Encrypt

Enter the following command:

apt install certbot python3-certbot-apache

Do you want to continue?

Enter “y” for yes:

Enter the command:

certbot --apache

Enter an email address:

Please read the Terms of Service at

Enter “a” for agree

Would you be willing to share your email address

Enter “no” for no

Which names would you like to activate HTTPS for?

leave input blank, press Enter:

Please choose whether or not to redirect HTTP traffic to HTTPS

Enter “2” then press Enter:

Enter the command:

systemctl restart apache2

Enter your domain name in a web browser’s address bar.

Notice the little lock symbol to the left of the host name. Click on the lock symbol, Click on Certificate. View the certificate’s details:

February 20, 2021March 27, 2021

Web presence step by step Chapter 5: Configuring an Ubuntu Linux cloud server to create a Linux Apache MySQL PHP (LAMP) web server, Part 1

Previous step: Chapter 4: Using an SSH terminal program to connect to an Ubuntu Linux Cloud Server
Next step: Chapter 6: Configuring an Ubuntu Linux cloud server to create a Linux Apache MySQL PHP (LAMP) web server, Part 2

Web presence step by step is a series of posts that show you to how to build a web presence.

In this post, we configure a basic Linux Apache MySQL PHP (LAMP) web server and test the IP address for reputation.

A note re MySQL and MariaDB

Installing a basic web server to test the reputation of the IP address

Sometimes, a cloud service provider will recycle an IP address with a troubled history and give you a server that has a “dirty” IP address that is blacklisted. In order to test the server’s IP address to make sure it is not blacklisted, we have to do a basic web server setup.

In order to do a basic web server setup, we will have to connect to the Ubuntu Linux cloud server with an SSH terminal program.

We will use an SSH terminal server to connect to the cloud server, and create a basic web server to test the IP address. If the IP address is blacklisted, we will simply destroy the cloud server and try again, getting a new IP address which we will test. Once we have a successful test, we can proceed to advanced web server setup in Chapter 6: Configuring an Ubuntu Linux cloud server to create a Linux Apache MySQL PHP (LAMP) web server, Part 2.

Connecting to the Ubuntu Linux cloud server with an SSH terminal program

(Note: this post assumes that you have read the preceding Chapter 4: Using an SSH terminal program to connect to an Ubuntu Linux Cloud Server, or you are familiar with SSH terminal programs.)

Use an SSH terminal program to connect to the IP address of the cloud server that you created in Chapter 3: Buying an Ubuntu Linux cloud server from Digital Ocean:

This is what a successful login looks like:

While we are here, we will add a second user to the server. Enter the command:

adduser desktop

Add the user to the sudo group. Enter the commands:

cd /etc
nano group

go to the line starting with sudo, add the desktop user after the colon:

Enter the commands:

apt clean
apt update

Enter the command:

apt upgrade

When prompted, enter y for yes, and press Enter:

If you see a question like this, accept the default. In this case, n for no and press Enter:

Enter the commands:

ufw allow 80/tcp
ufw allow 443/tcp
apt install net-tools iptraf-ng

Enter the command:

reboot

Use an SSH terminal program to connect to the Ubuntu Linux cloud server. Enter the command:

apt-get install lamp-server^

When prompted, enter y for yes, and press Enter:

This is what it looks like when the install finishes:

Testing the IP address of the Ubuntu Linux cloud server

Use a web browser to visit the IP address of the Ubuntu Linux cloud server.

If you get a warning like this, the IP address you have been assigned has a bad reputation. If this happens for you, use the Digital Ocean control panel to destroy the cloud server, then try again.

If you get a message like this, it means that the IP address you have been assigned has a good reputation. This means that we can proceed with the rest of the build:

Associating a host name with an IP address in DNS

Visit the Digital Ocean site. Click on the IP address of the cloud server to copy it to the clipboard:

Visit the GoDaddy site. Click on “Manage All”:

Click on “DNS”:

Click on “Manage Zones”:

search for your domain name:

This is the DNS Zone file for your domain name. It tells the Internet where to point requests for email and your website:

Click on the edit icon for the A record for the Name “@”

Enter the IP address for your Ubuntu Linux cloud server.
Specify a TTL of 1/2 hour.
Click save.

Note the CNAME record:

CNAME www @ 1 Hour

a CNAME, or “canonical name” is a nickname for a host. It means that www.yourdomainname.com will point to the IP address set for yourdomainname.com

GoDaddy populates a DNS zone file with this CNAME record by default. We are discussing this because you need to know this much about DNS zone files and domain names if you want to run a web server.

February 20, 2021March 2, 2021

Web presence step by step Chapter 4: Using an SSH terminal program to connect to an Ubuntu Linux cloud server

Previous step: Chapter 3: Buying an Ubuntu Linux cloud server from Digital Ocean
Next step: Chapter 5: Configuring an Ubuntu Linux cloud server to create a Linux Apache MySQL PHP (LAMP) web server, Part 1

Web presence step by step is a series of posts that show you how to build a web presence.

In this post, we learn how to use an SSH terminal program to connect to an Ubuntu Linux cloud server.

Windows

Visit this link to download the KiTTY SSH terminal program for Windows:

https://fosshub.com/KiTTY.html

Click on “Got it!” to remove the message at the bottom. Click on “DOWNLOAD KiTTY Windows classic”:

In the lower-left of your browser, right-click on the name of the downloaded file. Select “Show in folder”:

Right-click on kitty program. Click “Open”:

Un-check the box “Always ask before opening this file.” Click “Run”:

Host Name (or IP address): enter the IP address of your cloud server
Port: 22
Connection type: SSH
Saved Sessions/New Folder: enter the IP address of your cloud server

Click Save. Click Open:

The following warning appears. Click Yes:

A terminal window appears. This is what it looks like after you login::

MacOS

From Finder, go to Applications. From the Applications folder, double-click on Utilities:

Scroll down and locate the Terminal application. Double-click to start Terminal:

A Terminal window appears:

From this window, enter the command: root@ipaddressofyourcloudserver, substituting the IP address of your cloud server. This is what it looks like after you login: