Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Oracle Cloud Free Tier - Page 3
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Oracle Cloud Free Tier

1356764

Comments

  • You can add additional ingress rules. (port 22 is already whitelisted)
    egress is allow-all by default

  • rm_rm_ IPv6 Advocate, Veteran
    edited September 2019

    marrco said: is there a firewall panel somewhere?

    Yes there is, click through from your instance properties to "Subnet", then to "Public subnet ...........", then to "Default Security List".

    Also most ICMP is blocked by default so the instances don't ping, you have to allow ICMP there if you want them to (for monitoring and such).

  • thx @rm_ Did you find where to set the ptr? closest I can get is "DNS Domain Name: DNS isn’t enabled for this VCN" but I'm not even sure that's the right option to set the FQDN for the public IP

    Thanked by 1receivedthanks
  • rm_rm_ IPv6 Advocate, Veteran

    marrco said: Did you find where to set the ptr?

    No. Doesn't seem to be any way to set it.

  • marrcomarrco Member
    edited September 2019

    $ sudo virt-what
    kvm

    so we can reclaim some free space with

    tune2fs -m 1 /dev/sda1

    and It looks like there's no swap space set as a default.

    EDIT: as rm_ wrote, it already defaults to -m 0 so that's not a good idea!

    Thanked by 1receivedthanks
  • rm_rm_ IPv6 Advocate, Veteran

    marrco said: so we can reclaim some free space with

    tune2fs -m 1 /dev/sda1

    No, it appears to have been set as "-m 0" by default already on mine, and by applying "-m 1" you will actually reduce the available space.

    Thanked by 1receivedthanks
  • isn't "-m 0" a little too dangerous?

    I'm still exploring this cloud service, so I'm just sharing my findings. And you're right that setting "-m 1" the free space decreases, and on a newly created server

    ~$ sudo tune2fs -l /dev/sda1 | grep 'Reserved'
    Reserved block count: 0
    Reserved GDT blocks: 250
    Reserved blocks uid: 0 (user root)
    Reserved blocks gid: 0 (group root)

    Thanked by 1receivedthanks
  • marrcomarrco Member
    edited September 2019

    To create a persistent 1GB swapfile in the Ubuntu 1804 LTS (there's no Debian template in Oracle Cloud)

    sudo fallocate -l 1G /swapfile
    sudo chmod 600 /swapfile
    sudo mkswap /swapfile
    sudo swapon /swapfile
    echo "/swapfile swap swap defaults 0 0" | sudo tee -a /etc/fstab
    sudo swapon --show

    swappiness is already set at 60

  • Has anybody managed to get a working apache or nginx server on this thing (with Ubuntu 1804)?

    I've tried both servers, disabled iptables completely (ufw disable), added rules (ingress tcp 80) to Network Security Lists, put Apache/Nginx to listen to local or my assigned 10.xxx IPs or to "*" or to "0.0.0.0".

    I can modify Security Lists in order to allow pings and to enable/disable/limit SSH connections but I cannot make it listen and answer to stupid, plain http.

    Jesus! I think I am going nuts over this! What obvious shit am I missing?

    Thanked by 1receivedthanks
  • rm_rm_ IPv6 Advocate, Veteran
    edited September 2019

    tdelenikas said: disabled iptables completely (ufw disable)

    Maybe you somehow didn't disable them fully? Port 80 also didn't work for me by default, but works after iptables -I INPUT -p tcp --dport 80 -j ACCEPT.

    As for their panel firewall, I just created such rule, both on Ingress and Egress:

  • marrcomarrco Member
    edited September 2019

    on an empty server
    sudo iptables -L gives

    Chain INPUT (policy ACCEPT)
    target prot opt source destination
    ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
    ACCEPT icmp -- anywhere anywhere
    ACCEPT all -- anywhere anywhere
    ACCEPT udp -- anywhere anywhere udp spt:ntp
    ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
    REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

    Chain FORWARD (policy ACCEPT)
    target prot opt source destination
    REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination
    InstanceServices all -- anywhere link-local/16

    Chain InstanceServices (1 references)
    target prot opt source destination
    ACCEPT tcp -- anywhere 169.254.0.2 owner UID match root tcp dpt:iscsi-target /* See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule /
    ACCEPT tcp -- anywhere 169.254.2.0/24 owner UID match root tcp dpt:iscsi-target /
    See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule /
    ACCEPT tcp -- anywhere 169.254.0.2 tcp dpt:http /
    See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule /
    ACCEPT udp -- anywhere 169.254.169.254 udp dpt:domain /
    See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule /
    ACCEPT tcp -- anywhere 169.254.169.254 tcp dpt:domain /
    See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule /
    ACCEPT tcp -- anywhere 169.254.0.3 owner UID match root tcp dpt:http /
    See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule /
    ACCEPT tcp -- anywhere 169.254.0.4 tcp dpt:http /
    See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule /
    ACCEPT tcp -- anywhere 169.254.169.254 tcp dpt:http /
    See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule /
    ACCEPT udp -- anywhere 169.254.169.254 udp dpt:bootps /
    See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule /
    ACCEPT udp -- anywhere 169.254.169.254 udp dpt:tftp /
    See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule /
    ACCEPT udp -- anywhere 169.254.169.254 udp dpt:ntp /
    See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule /
    REJECT tcp -- anywhere link-local/16 tcp /
    See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule / reject-with tcp-reset
    REJECT udp -- anywhere link-local/16 udp /
    See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule */ reject-with icmp-port-unreachable

    and in https://docs.cloud.oracle.com/iaas/Content/Compute/References/images.htm

    Essential Firewall Rules

    All Oracle-provided images include rules that allow only "root" on Linux instances [..] to make outgoing connections to the iSCSI network endpoints (169.254.0.2:3260, 169.254.2.0/24:3260) that serve the instance's boot and block volumes.

    Oracle recommends that you do not reconfigure the firewall on your instance to remove these rules. Removing these rules allows non-root users or non-administrators to access the instance’s boot disk volume.

    Oracle recommends that you do not create custom images without these rules unless you understand the security risks.

    Running Uncomplicated Firewall (UFW) on Ubuntu images may cause issues with these rules, so Oracle recommends that you do not enable UFW on your instances. See Ubuntu Instance fails to reboot after enabling Uncomplicated Firewall (UFW) for more information.

    so I guess we need to use iptables to add INPUT rules for services (default to allow only ssh) without deleting other rules

  • @rm_ @marrco : Thank you, it worked. :smile:

    Thanked by 1receivedthanks
  • Out of host capacity.

    Thanked by 1receivedthanks
  • Free user can overuse resource?
    I don't like suprise invoice.

    Thanked by 1receivedthanks
  • cannot register while using my credit card...

    Thanked by 1receivedthanks
  • @dragon1993 said:
    Free user can overuse resource?
    I don't like suprise invoice.

    just dont. the reason free things are no longer free because of abuse.

  • dragon1993dragon1993 Member
    edited September 2019

    @creep said:

    @dragon1993 said:
    Free user can overuse resource?
    I don't like suprise invoice.

    just dont. the reason free things are no longer free because of abuse.

    So, i can't use paid services without upgrade account to paid account?

    Thanked by 1receivedthanks
  • farsighterfarsighter Member
    edited September 2019

    @creep said:

    @dragon1993 said:
    Free user can overuse resource?
    I don't like suprise invoice.

    just dont. the reason free things are no longer free because of abuse.

    overuse != abuse.

    I think he meant chance of being charged unwillingly for exceeding limits

    @JerryHou you can ask their chat

    Thanked by 1receivedthanks
  • @farsighter said:

    @creep said:

    @dragon1993 said:
    Free user can overuse resource?
    I don't like suprise invoice.

    just dont. the reason free things are no longer free because of abuse.

    overuse != abuse.

    I think he meant chance of being charged unwillingly for exceeding limits

    overuse is a polite term for abuse. I'm a creep, i cant be polite.

    Thanked by 1receivedthanks
  • @JerryHou said:
    cannot register while using my credit card...

    Depends on where you live, i think they have problem with Southeast Asia people. Maybe its only me, correct me if im wrong. I even used my two debit cards and one credit card. All are declined.

  • farsighterfarsighter Member
    edited September 2019

    @creep said:
    overuse is a polite term for abuse. I'm a creep, i cant be polite.

    Misuse is a closer term for abuse. Overuse is just excessive use (which can be OK, or OK when paid).

    Thanked by 1receivedthanks
  • I like use for only legal things.
    I worry about unexpected costs.
    Example: I start a VM, i got $100 invoice end of month.
    AWS typically looks like this.

    Thanked by 1receivedthanks
  • @dragon1993 said:
    I like use for only legal things.
    I worry about unexpected costs.
    Example: I start a VM, i got $100 invoice end of month.
    AWS typically looks like this.

    Open that window and ask their chat (no need to register). Then come back with an answer

    Thanked by 1receivedthanks
  • @dragon1993 said:
    So, i can't use paid services without upgrade account to paid account?

    Duh.

    Thanked by 1receivedthanks
  • @farsighter said:

    @dragon1993 said:
    I like use for only legal things.
    I worry about unexpected costs.
    Example: I start a VM, i got $100 invoice end of month.
    AWS typically looks like this.

    Open that window and ask their chat (no need to register). Then come back with an answer

    Chat overloaded currently

    Thanked by 1receivedthanks
  • jsgjsg Member, Resident Benchmarker

    Oracle? The company that basically dropped Sparc and all but killed Solaris and that is hardcore commercial?

    Sure, what can go wrong becoming a product of theirs...

  • marrcomarrco Member
    edited September 2019

    @dragon1993 said:
    I like use for only legal things.
    I worry about unexpected costs.
    Example: I start a VM, i got $100 invoice end of month.
    AWS typically looks like this.

    Paying for what is used should never be "unexpected". Often 'overuse' just means abusing resources you get. Like coin mining on a shared server or running intensive task ot the expense of your node neighbors. I use regular AWS services for years and never had 'unexpected' invoices, all my monthly invoices exactly reflect my use.

    Don't start a VM if you don't like paying for what you (over)use.

    If you have a doubt that your "use" can be considered 'overusing resources' why don't you buy a dedi so that you can rape your rented hardware 24/7?

    Thanked by 1receivedthanks
  • Specifications on the Free tier are not really clear.

    If I understood it correctly: one can create 2 free VPS's (albeit in the same satacenter) within the always free tier ?

    There is an overall limitation of a monthly 10 TB data in/out ? What if one would exceed this limit ?

    Thanked by 1receivedthanks
  • rm_rm_ IPv6 Advocate, Veteran
    edited September 2019

    wlambrechts said: one can create 2 free VPS's (albeit in the same satacenter) within the always free tier ?

    This much is pretty clear. But I don't think the same-DC limitation is intended, just a side effect of how their limits are currently designed. Did anyone ask them about it, or everyone just staying within one DC only for the free instance? Seems like such a waste since they got so many diverse locations.

    Thanked by 1receivedthanks
Sign In or Register to comment.