├── .gitignore ├── README.md ├── databases └── MySql │ ├── Inbound rule.PNG │ ├── MySQL.md │ └── nginx.conf ├── deployment ├── Prerequisites.md ├── express │ ├── README.md │ ├── demo.zip │ ├── image-1.png │ ├── image-2.png │ └── image.png ├── flask │ ├── README.md │ ├── demo.zip │ ├── image-1.png │ └── image.png ├── laravel │ ├── README.md │ ├── example-app.zip │ ├── image-1.png │ ├── image-2.png │ ├── image.png │ └── nginx.conf ├── mini-project │ ├── README.md │ └── image-1.png ├── nginx │ ├── README.md │ └── image.png ├── spring │ ├── README.md │ ├── default.conf │ ├── image-1.png │ ├── image-2.png │ ├── image.png │ └── spring.zip └── static │ ├── angular │ └── Angular.md │ ├── html │ ├── README.md │ ├── demo.zip │ ├── image-1.png │ ├── image-2.png │ └── image.png │ ├── react │ └── React.md │ └── vue │ └── Vue.md ├── docker ├── README.md ├── image-1.png └── image.png ├── images └── devops.png ├── services └── linux │ ├── LDAP │ ├── 1.png │ ├── 10.png │ ├── 2.png │ ├── 3.png │ ├── 4.png │ ├── 5.png │ ├── 6.png │ ├── 7.png │ ├── 8.png │ ├── 9.png │ ├── README.md │ ├── image-1.png │ ├── image-10.png │ ├── image-11.png │ ├── image-12.png │ ├── image-13.png │ ├── image-14.png │ ├── image-15.PNG │ ├── image-2.png │ ├── image-3.png │ ├── image-4.png │ ├── image-5.png │ ├── image-6.png │ ├── image-7.png │ ├── image-8.png │ ├── image-9.png │ ├── image.png │ └── ldap.jpg │ └── Postfix │ ├── README.md │ ├── image-1.png │ ├── image-10.png │ ├── image-11.png │ ├── image-12.png │ ├── image-2.png │ ├── image-3.png │ ├── image-4.png │ ├── image-5.png │ ├── image-6.png │ ├── image-7.png │ ├── image-8.png │ ├── image-9.png │ └── image.png └── virtualization ├── esxi-vSphere ├── Capture-1.PNG ├── Capture.PNG ├── CreateVm.md ├── ExpandingResources.md ├── Networking.md ├── README.md ├── Storage.md ├── esxi-vsphere.jpg ├── image-1.png ├── image-10.png ├── image-11.png ├── image-12.png ├── image-13.png ├── image-14.png ├── image-15.png ├── image-16.png ├── image-17.png ├── image-18.png ├── image-19.png ├── image-2.png ├── image-20.png ├── image-21.png ├── image-22.png ├── image-23.png ├── image-24.png ├── image-25.png ├── image-26.png ├── image-27.png ├── image-28.png ├── image-29.png ├── image-3.png ├── image-30.png ├── image-31.png ├── image-32.png ├── image-33.png ├── image-34.png ├── image-35.png ├── image-4.png ├── image-5.png ├── image-6.png ├── image-7.png ├── image-8.png ├── image-9.png └── image.png └── vCenter ├── README.md ├── image-1.png ├── image-10.png ├── image-11.png ├── image-12.png ├── image-13.png ├── image-14.png ├── image-15.png ├── image-16.png ├── image-17.png ├── image-18.png ├── image-19.png ├── image-2.png ├── image-20.png ├── image-21.png ├── image-22.png ├── image-23.png ├── image-24.png ├── image-3.png ├── image-4.png ├── image-5.png ├── image-6.png ├── image-7.png ├── image-8.png ├── image-9.png └── image.png /.gitignore: -------------------------------------------------------------------------------- 1 | static/angular/angular-app 2 | static/react/react-app 3 | static/vue/vue-app 4 | static/vite/vite-app 5 | tuto 6 | 7 | 8 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Integrated IT Management Infrastructure and DevOps 2 | 3 | ![Alt Text](images/devops.png) 4 | 5 | DevOps is a dynamic and transformative approach that revolutionizes how software development and IT operations collaborate and deliver value to businesses. Picture this: you're on a journey where every step, from code inception to deployment and beyond, is a seamlessly integrated process. DevOps isn't just about tools or methodologies; it's a cultural shift, fostering collaboration, automation, and continuous improvement. As an IT Consultant, Instructor, and Senior Software Architect with expertise in Model Driven Engineering and Microservice Architecture, you're already well-versed in the intricacies of software development. Now, let's embark on a voyage where you'll harness the power of DevOps to streamline workflows, boost efficiency, and ultimately, drive innovation. Throughout this course, we'll delve into the core principles of DevOps, explore essential tools and practices, and equip you with the skills needed to orchestrate a harmonious symphony between development and operations. Are you ready to embark on this transformative journey into the world of DevOps? 6 | ## Disclaimer 7 | > Here, you'll find a treasure trove of practical exercises and hands-on activities designed to reinforce your understanding of DevOps principles and practices. However, please note that this repository contains only the labs, and if you're interested in accessing the full course materials, including lectures, slides, and additional resources, please reach out to me directly at m.aitsaid@uhp.ac.ma. I'll be more than happy to assist you in gaining access to the complete course content. 8 | 9 | ## Table of Contents 10 | 11 | ### Recap 12 | - System Information 13 | - Networks 14 | - Operating Systems 15 | 16 | ### Infrastructure 17 | - RAID 18 | - Server Installation 19 | - Linux 20 | - Windows 21 | - Network Installation 22 | 23 | ### Services 24 | - File Management Services 25 | - FTP 26 | - NFS 27 | - Samba 28 | - DNS 29 | - DHCP 30 | - [Postfix](services/linux/Postfix/README.md) 31 | - Active Directory 32 | - [LDAP](services/linux/LDAP/README.md) 33 | 34 | ### Databases 35 | - MySQL 36 | - MariaDB 37 | - PostgreSQL 38 | - Oracle Database 39 | - SQL Server 40 | - MongoDB 41 | - Elasticsearch 42 | 43 | ### Version Control (Git) 44 | - Introduction to Version Control 45 | - Getting Started with Git 46 | - Git Basics 47 | - Working with Remote Repositories 48 | - Collaboration with Git 49 | - Branching Strategies 50 | - Advanced Git Techniques 51 | - Git Tools and Integrations 52 | - Git Workflow Automation 53 | - Git Best Practices 54 | 55 | ### Web Servers 56 | - [Nginx](deployment/nginx/README.md) 57 | - Apache 58 | 59 | ### Deployment 60 | - [Prerequisites](deployment/Prerequisites.md) 61 | - [Static (HTML, CSS, and JS)](deployment/static/html/README.md) 62 | - Static (Webpack) 63 | - Angular 64 | - React 65 | - VueJs 66 | - [Java (Spring)](./deployment/spring/README.md) 67 | - [PHP (Laravel)](./deployment/laravel/README.md) 68 | - [NodeJS (Express)](./deployment/express/README.md) 69 | - [Python (Flask)](./deployment/flask/README.md) 70 | - [Mini-Project](./deployment/mini-project/README.md) 71 | 72 | ### Virtualization 73 | - VMware Workstation 74 | - Installation 75 | - Create a new VM 76 | - Expand Resource CPU and Memory 77 | - Expand and Add Disks 78 | - Networking 79 | - Snapshot 80 | - Cloning 81 | - ESXi and vSphere 82 | - [Installation and Initial Configuration](./virtualization/esxi-vSphere/README.md) 83 | - [Create a new VM](./virtualization/esxi-vSphere/CreateVm.md) 84 | - [Storage](./virtualization/esxi-vSphere/Storage.md) 85 | - [Expanding Resources](./virtualization/esxi-vSphere/ExpandingResources.md) 86 | - [Networking](./virtualization/esxi-vSphere/Networking.md) 87 | - Snapshots and Cloning 88 | - Performance Monitoring 89 | - vCenter 90 | - [Installation and Initial Configuration](./virtualization/vCenter/README.md) 91 | - Permissions and User Management 92 | - Resource Management 93 | - High Availability 94 | - Monitoring and Alarms 95 | - Backup and Restore 96 | - Cloning and Templates 97 | - vMotion 98 | - Distributed Resource Scheduler (DRS) 99 | - Fault Tolerance (FT) 100 | - Automation 101 | - PowerCLI 102 | - vRealize Orchestrator 103 | - Automated Deployment 104 | - Backup Automation 105 | - Scheduling and Task Automation 106 | - Configuration Management 107 | - Monitoring and Alerts Automation 108 | 109 | ### Dockerization 110 | - [Installation et Configuration](docker/README.md) 111 | - Application Deployment 112 | - [Prerequisites](deployment/Prerequisites.md) 113 | - [Static (HTML, CSS, and JS)](deployment/static/html/README.md) 114 | - Static (Webpack) 115 | - Angular 116 | - React 117 | - VueJs 118 | - [Java (Spring)](./deployment/spring/README.md) 119 | - [PHP (Laravel)](./deployment/laravel/README.md) 120 | - [NodeJS (Express)](./deployment/express/README.md) 121 | - [Python (Flask)](./deployment/flask/README.md) 122 | 123 | ### Automation 124 | - Scripting 125 | - Vagrant 126 | - Terraform 127 | - Puppet 128 | - Chef 129 | - Ansible 130 | 131 | ### DevOps 132 | - CI/CD (Continuous Integration & Continuous Delivery) 133 | - GitHub Actions 134 | - Jenkins 135 | - GitLab 136 | 137 | ### Security 138 | - SSL/TLS 139 | - Prowler 140 | - DevSecOps 141 | - Securing Pipelines 142 | - Securing Chains 143 | - ACL 144 | 145 | ### Monitoring 146 | - Logging 147 | - Prometheus 148 | - Kibana 149 | - Grafana 150 | - ELK Stack 151 | 152 | ### Kubernetes 153 | - Pods and Deployments 154 | - Services and Networking 155 | - Persistent Storage 156 | - Scaling and Autoscaling 157 | - ConfigMaps and Secrets 158 | - Helm and Package Management 159 | - Monitoring and Logging 160 | - Security Best Practices 161 | 162 | ### Cloud Computing 163 | - Introduction to Cloud Services 164 | - Definition of Cloud Computing 165 | - Definition of Hosting Services 166 | - Types of Cloud Services: 167 | - Infrastructure as a Service (IaaS) 168 | - Platform as a Service (PaaS) 169 | - Software as a Service (SaaS) 170 | - Overview of Popular Cloud Providers 171 | - Understanding Cloud Pricing 172 | - Factors Affecting Cloud Pricing 173 | - Pricing Models: 174 | - Pay-As-You-Go 175 | - Reserved Instances 176 | - Spot Instances 177 | - Estimating Costs: Cloud Pricing Calculators 178 | - Setting Up Virtual Private Servers (VPS) 179 | - Selecting a Cloud Provider (AWS vs GCP vs Azure) 180 | - Creating a Virtual Machine Instance 181 | - Configuring Security Groups and Firewall Rules 182 | - Connecting to the VPS via SSH 183 | - Deploying Apps using pre-configured services 184 | - Overview of Application Architecture 185 | - Setting Up a Server Instance 186 | - Deploying Application Code 187 | - Configuring Domain Name and DNS 188 | - Managing Storage and Databases 189 | - Choosing Storage Options: Object Storage vs. Block Storage 190 | - Creating and Managing Storage Buckets 191 | - Setting Databases 192 | - MySQL 193 | - MariaDB 194 | - PostgreSQL 195 | - Oracle Database 196 | - SQL Server 197 | - MongoDB 198 | - Elasticsearch 199 | - Backing Up and Restoring Data 200 | - Implementing Scalability and High Availability 201 | - Load Balancing Strategies 202 | - Auto Scaling Groups 203 | - Implementing Redundancy and Failover 204 | - Monitoring Performance and Health Checks 205 | - Implementing Security Best Practices 206 | - Identity and Access Management (IAM) 207 | - Encryption at Rest and in Transit 208 | - Network Security: VPCs, Security Groups, and ACLs 209 | - Compliance and Governance Considerations 210 | - Monitoring and Performance Optimization 211 | - Monitoring Infrastructure and Application Metrics 212 | - Setting Up Alerts and Notifications 213 | - Performance Optimization Techniques 214 | - Capacity Planning and Resource Optimization 215 | - Advanced Cloud Services 216 | - Serverless Computing with Functions as a Service (FaaS) 217 | - Big Data and Analytics Services 218 | - Machine Learning and Artificial Intelligence Services 219 | - Internet of Things (IoT) Integration 220 | 221 | ### Self hosted Services and Microservices 222 | - MinIO 223 | - Keycloak 224 | - Supabase 225 | - Parse Server 226 | - Eureka Server 227 | - Apache Kafka 228 | - RabbitMQ 229 | - Zipkin 230 | 231 | ### OpenStack 232 | - OpenStack Installation 233 | - OpenStack Horizon Dashboard 234 | - OpenStack CLI Client 235 | - Identity Service (Keystone) 236 | - Image Service (Glance) 237 | - Networking Service (Neutron) 238 | - Compute Service (Nova) 239 | - Block Storage Service (Cinder) 240 | - Object Storage Service (Swift) 241 | - Multi-Node Design & Scaling OpenStack 242 | - Expanding the Cluster 243 | 244 | ### OpenShift 245 | - Getting Started with OpenShift 246 | - OpenShift Concepts - Projects and Users 247 | - Concepts - Builds and Deployments 248 | - Networks, Services, Routes and Scaling 249 | - Storage, Templates and Catalog 250 | 251 | 252 | ## Compatibility Note 253 | 254 | These labs are designed to be compatible with various Linux distributions, including Ubuntu, CentOS, Debian, and others. While the examples and commands provided are based on an Ubuntu server, they can be easily adapted to your specific Linux distribution. 255 | 256 | ### Package Manager Variations 257 | 258 | - For Ubuntu and Debian-based distributions, the package manager used is `apt`. If you're using a different distribution, such as CentOS or Fedora, you can replace the `apt` commands with the appropriate package manager for your distribution (e.g., `yum` or `dnf`). 259 | - Example: Replace `apt install package-name` with `yum install package-name` or `dnf install package-name`. 260 | 261 | ### Firewall Command Variations 262 | 263 | - In this tutorial, the firewall commands are demonstrated using `ufw`, the default firewall configuration tool for Ubuntu. If you're using a different distribution, you can substitute the `ufw` commands with the appropriate firewall management commands for your distribution (e.g., `iptables` or `firewalld`). 264 | - Example: Replace `ufw allow port` with the appropriate command for your firewall management tool. 265 | 266 | Please ensure to consult the documentation or resources specific to your Linux distribution for accurate commands and package management guidelines. 267 | 268 | 269 | 270 | ## License 271 | 272 | [![License](https://img.shields.io/badge/License-Apache_2.0-blue.svg)](https://opensource.org/licenses/Apache-2.0) 273 | 274 | ## Authors 275 | 276 | - [Pr. AIT SAID Mehdi](https://www.linkedin.com/in/mehdi-aitsaid/) 277 | -------------------------------------------------------------------------------- /databases/MySql/Inbound rule.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/databases/MySql/Inbound rule.PNG -------------------------------------------------------------------------------- /databases/MySql/nginx.conf: -------------------------------------------------------------------------------- 1 | server { 2 | listen 8080; 3 | listen [::]:8080; 4 | root /var/www/phpmyadmin/; 5 | index index.php index.html index.htm index.nginx-debian.html; 6 | 7 | access_log /var/log/nginx/phpmyadmin_access.log; 8 | error_log /var/log/nginx/phpmyadmin_error.log; 9 | 10 | location / { 11 | 12 | autoindex on; 13 | autoindex_exact_size on; 14 | } 15 | 16 | location ~ ^/(doc|sql|setup)/ { 17 | deny all; 18 | } 19 | 20 | location ~ \.php$ { 21 | fastcgi_pass unix:/run/php/php8.1-fpm.sock; 22 | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 23 | include fastcgi_params; 24 | include snippets/fastcgi-php.conf; 25 | } 26 | 27 | location ~ /\.ht { 28 | deny all; 29 | } 30 | } -------------------------------------------------------------------------------- /deployment/Prerequisites.md: -------------------------------------------------------------------------------- 1 | # Prerequisites 2 | Before we begin configuring a web server, there are a few prerequisites to ensure a smooth learning experience. You will need two machines: one to act as the server and the other as the client. The client machine can be a Windows machine. Additionally, we need to configure DNS settings. If a DNS server is not available, we can use the hosts file to achieve the same result. 3 | 4 | ## Requirements 5 | 1. Server Machine: 6 | - This machine will host the Nginx server. 7 | - Ensure you have administrative access to make configuration changes. 8 | 9 | 2. Client Machine: 10 | - This machine will be used to access the server. 11 | - A Windows machine is suitable for this purpose. 12 | 13 | ## DNS Configuration 14 | To resolve domain names to the server’s IP address, we can configure DNS. If you do not have access to a DNS server, you can use the hosts file on both the client and the server machines. This is an old-school but effective solution for local network setups. 15 | 16 | 17 | > Note: For this lab, we will use server.io as the hostname for the server. You can name it anything else as you prefer. 18 | 19 | 20 | ### Configuring the Hosts File 21 | 22 | #### 1. Change the Hostname of Your Server: 23 | 24 | You need to change the hostname of your server to server.io or your chosen hostname. This can be done using the hostnamectl command. 25 | 26 | ``` 27 | $ sudo hostnamectl set-hostname server.io 28 | ``` 29 | 30 | Ensure that your /etc/hosts file has an entry 127.0.0.1 server.io 31 | 32 | #### 2. Determine Your Server's IP Address: 33 | 34 | Identify the IP address of your server machine. For this example, we will use 192.168.1.10. 35 | 36 | #### 3. Edit the Hosts File: 37 | 38 | On both the client and server machines, you need to modify the hosts file to map domain names to the server’s IP address. 39 | 40 | On Windows: 41 | 42 | - Open Notepad as an administrator. 43 | 44 | - Open the file C:\Windows\System32\drivers\etc\hosts. 45 | 46 | - Add the following lines to the file: 47 | 48 | ``` 49 | 192.168.1.10 server.io 50 | 192.168.1.10 static.server.io 51 | 192.168.1.10 laravel.server.io 52 | 192.168.1.10 spring.server.io 53 | 192.168.1.10 flask.server.io 54 | 192.168.1.10 express.server.io 55 | 192.168.1.10 phpmyadmin.server.io 56 | 192.168.1.10 php.server.io 57 | 192.168.1.10 java.server.io 58 | ``` 59 | 60 | On Linux/Mac: 61 | 62 | - Open a terminal. 63 | - Edit the hosts file using a text editor with superuser privileges, such as sudo nano /etc/hosts. 64 | - Add the same lines as above. -------------------------------------------------------------------------------- /deployment/express/README.md: -------------------------------------------------------------------------------- 1 | # Deploying a NodeJS/ExpressJS App with Nginx and with/without Docker 2 | 3 | ![Deploying a NodeJS/ExpressJS App with Nginx and with/without Docker](image.png) 4 | 5 | Node.js is a powerful, open-source runtime environment that allows developers to execute JavaScript code server-side. It is built on the V8 JavaScript engine, which is also used in Google Chrome, making it highly efficient and fast. Node.js is designed to be lightweight and scalable, leveraging an event-driven, non-blocking I/O model. This makes it particularly well-suited for building real-time applications, such as chat applications, online gaming, and collaborative tools, as well as for handling numerous simultaneous connections. 6 | 7 | Express.js is a minimal and flexible web application framework for Node.js that provides a robust set of features for web and mobile applications. It simplifies the development process by offering a comprehensive set of tools and utilities for building server-side applications. Express.js allows developers to set up middleware to respond to HTTP requests, define routes to handle different endpoints, and integrate with various template engines to dynamically render HTML pages. Its simplicity and flexibility make it a popular choice for creating RESTful APIs and single-page applications. 8 | 9 | > Note: Before starting this lab, ensure you have completed the following prerequisites: 10 | > - Setting up the client-server environment as described in the [Environment Setup](../../Prerequisites.md) section. Proper DNS configuration and hostname setup are essential for the exercises in this lab. 11 | > - Installing Nginx as outlined in the [Nginx Installation Guide](../../nginx/README.md). 12 | > - Alternatively, if you prefer to use Docker, make sure Docker is installed and running on your server. You can refer to the [Docker Installation Guide](../../../docker/README.md) for detailed instructions. 13 | 14 | In this lab, we will learn how to deploy a NodeJS/ExpressJS App on an Ubuntu server using Nginx. We will cover how to transfer your project to the server using SCP or a GitHub repository.For this lab, we will use the subdomain express.server.io and a demo project named [dome.zip](demo.zip) is attached in the same directory as this lab for your convenience. 15 | 16 | 17 | ## Deploying a Express App Using Nginx without Docker 18 | 19 | ### Step 1: Create the Website Folder 20 | 21 | #### Connect to the Server: 22 | 23 | 1. Open a terminal on your local machine. 24 | 25 | 2. Use SSH to connect to your Ubuntu server. Replace and with your server’s username and IP address: 26 | 27 | ```bash 28 | ssh @ 29 | ``` 30 | 31 | Example: 32 | 33 | ```bash 34 | ssh serverio@192.168.1.10 35 | ``` 36 | #### Create the Website Folder: 37 | 1. Create a new directory for your project: 38 | 39 | ```bash 40 | sudo mkdir -p /workdir/express.server.io 41 | 42 | sudo chown -R $USER:$USER /workdir/express.server.io 43 | sudo chmod -R 755 /workdir/express.server.io 44 | 45 | cd /workdir/express.server.io 46 | ``` 47 | 48 | ### Step 2: Transfer the Express App Files 49 | You can transfer your eExpress App files to the server using SCP or by cloning a GitHub repository. 50 | 51 | #### Using SCP: 52 | 53 | 1. Open a terminal on your local machine. 54 | 55 | 2. Use the scp command to transfer the files. Replace with the path to your project directory and and with your server's username and IP address: 56 | 57 | ```bash 58 | scp -r @:/workdir/express.server.io 59 | ``` 60 | Example: 61 | 62 | ```bash 63 | scp -r ./demo.zip serverio@192.168.1.10:/workdir/express.server.io 64 | ``` 65 | 66 | #### Using GitHub: 67 | 68 | 1. Navigate to the web root directory: 69 | 70 | ```bash 71 | cd /workdir/express.server.io 72 | ``` 73 | 2. Clone your repository: 74 | ```bash 75 | git clone https://github.com/yourusername/express-website.git express-website 76 | ``` 77 | 78 | ### Step 3: Install Node.js 79 | 80 | ```bash 81 | sudo apt install nodejs 82 | ``` 83 | 84 | Now, Install node package manager 85 | 86 | ```bash 87 | sudo apt install npm 88 | ``` 89 | 90 | ### Step 4: Setup your Express App 91 | 92 | ```bash 93 | cd /workdir/express.server.io 94 | sudo unzip demo.zip 95 | sudo rm demo.zip 96 | sudo npm i 97 | ``` 98 | ### Step 5: Leveraging PM2 for Streamlined Node.js Application Management 99 | 100 | We will use PM2 to simplify our Node.js application management. PM2 offers automatic restarts for unexpected crashes, graceful reloading for seamless updates, and centralized control over multiple applications. It also provides real-time performance monitoring and centralized logging, making it easier to maintain uptime, identify issues, and ensure a smooth user experience. 101 | 102 | ```bash 103 | sudo npm install -g pm2 104 | ``` 105 | 106 | Start the above application using pm2: 107 | ```bash 108 | pm2 start app.js 109 | ``` 110 | 111 | ![alt text](image-1.png) 112 | 113 | Check if you application is running or not: 114 | ```bash 115 | pm2 status 116 | ``` 117 | To stop your application you can do: 118 | ```bash 119 | pm2 stop 120 | ``` 121 | 122 | Your application name for us it is app.js or ID will be 0 as shown above in Output of pm2 status 123 | 124 | To restart your application: 125 | ```bash 126 | pm2 restart 127 | ``` 128 | 129 | After starting your application using pm2; Test your application using CURL if it is running successfully running locally or not 130 | ```bash 131 | curl localhost:3000 132 | ``` 133 | 134 | 135 | ### Step 6: Configure Nginx 136 | 137 | ![Reverse Proxy](image-2.png) 138 | 139 | 1. Create a new Nginx configuration file for your Express App : 140 | 141 | ```bash 142 | sudo nano /etc/nginx/sites-available/express.server.io 143 | ``` 144 | 145 | 2. Add the following configuration to the file: 146 | 147 | ```nginx 148 | server { 149 | listen 80; 150 | server_name express.server.io www.express.server.io; 151 | 152 | location / { 153 | proxy_pass http://localhost:3000; 154 | proxy_set_header Host $host; 155 | proxy_set_header X-Real-IP $remote_addr; 156 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 157 | proxy_set_header X-Forwarded-Proto $scheme; 158 | } 159 | 160 | # Define access log and error log locations 161 | access_log /var/log/nginx/express-app-proxy.access.log; 162 | error_log /var/log/nginx/express-app-proxy.error.log; 163 | } 164 | ``` 165 | 166 | ### Nginx Configuration for Express Boot Application 167 | 168 | This Nginx configuration file sets up a server to handle HTTP requests for a express application hosted under the `express.server.io` domain. The Nginx server acts as a reverse proxy, forwarding incoming requests to the express application running on localhost at port 3000. 169 | 170 | **Configuration Breakdown** 171 | 172 | - **Server Block:** 173 | - `listen 80;` 174 | - The server listens on port 80, which is the default port for HTTP traffic. 175 | - `server_name express.server.io www.express.server.io;` 176 | - The server responds to requests for the domain names `express.server.io` and `www.express.server.io`. 177 | 178 | - **Location Block:** 179 | - `location / { ... }` 180 | - Defines how requests to the root URL and its subpaths should be handled. 181 | 182 | - **Proxy Settings:** 183 | - `proxy_pass http://localhost:3000;` 184 | - Forwards all incoming requests to the express application running on localhost at port 3000. 185 | - `proxy_set_header Host $host;` 186 | - Sets the `Host` header in the forwarded request to the value of the original request's host header. 187 | - `proxy_set_header X-Real-IP $remote_addr;` 188 | - Sets the `X-Real-IP` header to the client’s IP address. 189 | - `proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;` 190 | - Sets the `X-Forwarded-For` header to include the client’s IP address. This header helps in tracking the original client's IP address when requests are forwarded through proxies. 191 | - `proxy_set_header X-Forwarded-Proto $scheme;` 192 | - Sets the `X-Forwarded-Proto` header to the scheme (HTTP or HTTPS) used in the original request. This is useful for applications that need to know the protocol used by the client. 193 | 194 | - **Log Configuration:** 195 | - `access_log /var/log/nginx/express-app-proxy.access.log;` 196 | - Specifies the location of the access log file, which records details about each request handled by the server. 197 | - `error_log /var/log/nginx/express-app-proxy.error.log;` 198 | - Specifies the location of the error log file, which records any errors encountered while processing requests. 199 | 200 | 201 | ```bash 202 | sudo ln -s /etc/nginx/sites-available/express.server.io /etc/nginx/sites-enabled/ 203 | ``` 204 | 205 | 4. Test the Nginx configuration for syntax errors: 206 | 207 | ```bash 208 | sudo nginx -t 209 | ``` 210 | 5. Reload Nginx to apply the changes: 211 | 212 | ```bash 213 | sudo systemctl reload nginx 214 | ``` 215 | 216 | ### Step 6: Verify the Deployment 217 | Open a web browser on your client machine. 218 | Navigate to http://express.server.io to see your deployed Express App. 219 | 220 | ![alt text](image-2.png) 221 | 222 | ## Deploying a Express App Using Nginx with Docker 223 | 224 | ### Step 1: Make Docker image 225 | 1. Inside the working directory (`/workdir/express.server.io`), create a `Dockerfile` with the following content: 226 | 227 | 228 | ```Dockerfile 229 | # Fetching the minified node image on apline linux 230 | FROM node:slim 231 | 232 | # Declaring env 233 | ENV NODE_ENV development 234 | 235 | # Setting up the work directory 236 | WORKDIR /express-docker 237 | 238 | # Copying all the files in our project 239 | COPY . . 240 | 241 | # Installing dependencies 242 | RUN npm install 243 | 244 | # Starting our application 245 | CMD [ "node", "app.js" ] 246 | 247 | # Exposing server port 248 | EXPOSE 3000 249 | ``` 250 | 251 | 2. Delete the node_modules folder 252 | 253 | ```bash 254 | sudo rm -r node_modules 255 | ``` 256 | 257 | 258 | ## Step 2: Build and Run the Docker Container 259 | 260 | 1. Build the Docker image: 261 | ```bash 262 | sudo docker build -t express.server.io . 263 | ``` 264 | 265 | 2. Run the Docker container: 266 | ```bash 267 | sudo docker run -d -p 3000:3000 --name express.server.io-container express.server.io 268 | ``` 269 | - This command maps port 3000 on your server to port 3000 in the container. 270 | 271 | ### Step 3: Configure Nginx 272 | 273 | In this case we will use the same configuration for the section without docker 274 | 275 | 1. Create a new Nginx configuration file for your Express App : 276 | 277 | ```bash 278 | sudo nano /etc/nginx/sites-available/express.server.io 279 | ``` 280 | 281 | 2. Add the following configuration to the file: 282 | 283 | ```nginx 284 | server { 285 | listen 80; 286 | server_name express.server.io www.express.server.io; 287 | 288 | location / { 289 | proxy_pass http://localhost:3000; 290 | proxy_set_header Host $host; 291 | proxy_set_header X-Real-IP $remote_addr; 292 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 293 | proxy_set_header X-Forwarded-Proto $scheme; 294 | } 295 | 296 | # Define access log and error log locations 297 | access_log /var/log/nginx/express-app-proxy.access.log; 298 | error_log /var/log/nginx/express-app-proxy.error.log; 299 | } 300 | ``` 301 | 302 | ```bash 303 | sudo ln -s /etc/nginx/sites-available/express.server.io /etc/nginx/sites-enabled/ 304 | ``` 305 | 306 | 4. Test the Nginx configuration for syntax errors: 307 | 308 | ```bash 309 | sudo nginx -t 310 | ``` 311 | 5. Reload Nginx to apply the changes: 312 | 313 | ```bash 314 | sudo systemctl reload nginx 315 | ``` 316 | 317 | ### Step 6: Verify the Deployment 318 | Open a web browser on your client machine. 319 | Navigate to http://express.server.io to see your deployed Express App. -------------------------------------------------------------------------------- /deployment/express/demo.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/deployment/express/demo.zip -------------------------------------------------------------------------------- /deployment/express/image-1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/deployment/express/image-1.png -------------------------------------------------------------------------------- /deployment/express/image-2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/deployment/express/image-2.png -------------------------------------------------------------------------------- /deployment/express/image.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/deployment/express/image.png -------------------------------------------------------------------------------- /deployment/flask/README.md: -------------------------------------------------------------------------------- 1 | # Deploying a Flask App with Nginx and with/without Docker 2 | 3 | ![Deploying a Flask App with Nginx and with/without Docker](image.png) 4 | 5 | Flask is a lightweight and versatile web framework for Python. It is designed with simplicity and flexibility in mind, making it an excellent choice for both beginners and experienced developers who want to create robust web applications quickly and efficiently. Flask follows a minimalist approach, providing only the essential components needed to build web applications, while allowing developers to extend its functionality through a wide array of extensions. 6 | 7 | 8 | > Note: Before starting this lab, ensure you have completed the following prerequisites: 9 | > - Setting up the client-server environment as described in the [Environment Setup](../../Prerequisites.md) section. Proper DNS configuration and hostname setup are essential for the exercises in this lab. 10 | > - Installing Nginx as outlined in the [Nginx Installation Guide](../../nginx/README.md). 11 | > - Alternatively, if you prefer to use Docker, make sure Docker is installed and running on your server. You can refer to the [Docker Installation Guide](../../../docker/README.md) for detailed instructions. 12 | 13 | In this lab, we will learn how to deploy a Flask App on an Ubuntu server using Nginx. We will cover how to transfer your project to the server using SCP or a GitHub repository.For this lab, we will use the subdomain flask.server.io and a demo project named [dome.zip](demo.zip) is attached in the same directory as this lab for your convenience. 14 | 15 | 16 | ## Deploying a Flask App Using Nginx without Docker 17 | 18 | ### Step 1: Create the Website Folder 19 | 20 | #### Connect to the Server: 21 | 22 | 1. Open a terminal on your local machine. 23 | 24 | 2. Use SSH to connect to your Ubuntu server. Replace and with your server’s username and IP address: 25 | 26 | ```bash 27 | ssh @ 28 | ``` 29 | 30 | Example: 31 | 32 | ```bash 33 | ssh serverio@192.168.1.10 34 | ``` 35 | #### Create the Website Folder: 36 | 1. Create a new directory for your project: 37 | 38 | ```bash 39 | sudo mkdir -p /workdir/flask.server.io 40 | 41 | sudo chown -R $USER:$USER /workdir/flask.server.io 42 | sudo chmod -R 755 /workdir/flask.server.io 43 | 44 | cd /workdir/flask.server.io 45 | ``` 46 | 47 | ### Step 2: Transfer the flask App Files 48 | You can transfer your flask app files to the server using SCP or by cloning a GitHub repository. 49 | 50 | #### Using SCP: 51 | 52 | 1. Open a terminal on your local machine. 53 | 54 | 2. Use the scp command to transfer the files. Replace with the path to your project directory and and with your server's username and IP address: 55 | 56 | ```bash 57 | scp -r @:/workdir/flask.server.io 58 | ``` 59 | Example: 60 | 61 | ```bash 62 | scp -r ./demo.zip serverio@192.168.1.10:/workdir/flask.server.io 63 | ``` 64 | 65 | #### Using GitHub: 66 | 67 | 1. Navigate to the web root directory: 68 | 69 | ```bash 70 | cd /workdir/flask.server.io 71 | ``` 72 | 2. Clone your repository: 73 | ```bash 74 | git clone https://github.com/yourusername/flask-website.git flask-website 75 | ``` 76 | 77 | 78 | 79 | ### Step 3: Install Python 80 | 81 | ```bash 82 | sudo apt install python3-pip python3-dev 83 | ``` 84 | 85 | Now, Install the virtual environment manager 86 | 87 | ```bash 88 | sudo apt install python3.10-venv 89 | ``` 90 | 91 | ### Step 4: Setup your Flask App 92 | 93 | 1. Create a virtual environment for your Flask app and activate it: 94 | ```bash 95 | cd /workdir/flask.server.io 96 | python3 -m venv env 97 | source env/bin/activate 98 | ``` 99 | 100 | 2. Extract the project files 101 | ```bash 102 | sudo unzip demo.zip 103 | sudo rm demo.zip 104 | ``` 105 | 106 | 3. Install Flask and Gunicorn inside the virtual environment: 107 | 108 | ```bash 109 | pip install flask gunicorn 110 | ``` 111 | ### Step 5: Creating the systemd service 112 | Next, create the systemd service unit file. Creating a systemd unit file will allow Ubuntu’s init system to automatically start Gunicorn and serve the Flask application whenever the server boots. 113 | 114 | Create a unit file ending in .service within the /etc/systemd/system directory to begin: 115 | 116 | ```bash 117 | sudo nano /etc/systemd/system/flask.server.io.service 118 | ``` 119 | 120 | ```bash 121 | [Unit] 122 | Description=Gunicorn instance to serve flask.server.io 123 | After=network.target 124 | 125 | [Service] 126 | User=serverio 127 | Group=www-data 128 | WorkingDirectory=/workdir/flask.server.io 129 | Environment="PATH=/workdir/flask.server.io/env/bin" 130 | ExecStart=/workdir/flask.server.io/env/bin/gunicorn --bind 0.0.0.0:5000 app:app 131 | 132 | [Install] 133 | WantedBy=multi-user.target 134 | ``` 135 | 136 | This service file defines how to run a Flask application using Gunicorn as a daemon (background service) on a systemd-based Linux system. Let's break down each section: 137 | 138 | [Unit] 139 | 140 | - Description: This line provides a human-readable description of the service. Here, it indicates it's a Gunicorn instance serving a Flask application named flask.server.io. 141 | - After=network.target: This line specifies that this service should be started after the network.target is reached. This ensures that network interfaces are up and running before the service attempts to listen for connections. 142 | 143 | [Service] 144 | - User: This line defines the user under which the service will run. Here, it's set to serverio. This user should have the necessary permissions to access the application files and libraries. 145 | - Group: This line specifies the group to which the service process will belong. Here, it's set to www-data. This is commonly used for web services as it might provide access to resources needed by the application. 146 | - WorkingDirectory: This line defines the working directory where the service will be executed. Here, it's set to /workdir/flask.server.io, indicating the directory containing the Flask application code. 147 | - Environment: This line sets an environment variable named PATH. The value specifies the path to the directory containing the Gunicorn executable within the virtual environment (/workdir/flask.server.io/env/bin). This ensures Gunicorn can be found when the service is started. 148 | - ExecStart: This line defines the command to be executed to start the service. Here, it uses /workdir/flask.server.io/env/bin/gunicorn, which is the Gunicorn executable located in the virtual environment. The command arguments are: 149 | - --bind 0.0.0.0:5000: This tells Gunicorn to listen on all network interfaces (0.0.0.0) on port 5000. 150 | - app:app: This defines the application object (usually defined in your Flask application file) to be served by Gunicorn. 151 | 152 | 153 | [Install] 154 | - WantedBy=multi-user.target: This line specifies that the service should be automatically started when the system reaches the multi-user.target. This target indicates the system is ready for multi-user login and is a common place for services to be launched. 155 | 156 | 157 | 158 | With that, your systemd service file is complete. Save and close it now. 159 | 160 | You can now start the Gunicorn service that you created and enable it so that it starts at boot: 161 | 162 | ```bash 163 | sudo systemctl start flask.server.io 164 | ``` 165 | 166 | 167 | ### Step 6: Configure Nginx 168 | 169 | ![Reverse Proxy](image-2.png) 170 | 171 | 1. Create a new Nginx configuration file for your Flask App : 172 | 173 | ```bash 174 | sudo nano /etc/nginx/sites-available/flask.server.io 175 | ``` 176 | 177 | 2. Add the following configuration to the file: 178 | 179 | ```nginx 180 | server { 181 | listen 80; 182 | server_name flask.server.io www.flask.server.io; 183 | 184 | location / { 185 | proxy_pass http://localhost:5000; 186 | proxy_set_header Host $host; 187 | proxy_set_header X-Real-IP $remote_addr; 188 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 189 | proxy_set_header X-Forwarded-Proto $scheme; 190 | } 191 | 192 | # Define access log and error log locations 193 | access_log /var/log/nginx/flask-app-proxy.access.log; 194 | error_log /var/log/nginx/flask-app-proxy.error.log; 195 | } 196 | ``` 197 | 198 | ### Nginx Configuration for flask Boot Application 199 | 200 | This Nginx configuration file sets up a server to handle HTTP requests for a flask application hosted under the `flask.server.io` domain. The Nginx server acts as a reverse proxy, forwarding incoming requests to the flask application running on localhost at port 3000. 201 | 202 | **Configuration Breakdown** 203 | 204 | - **Server Block:** 205 | - `listen 80;` 206 | - The server listens on port 80, which is the default port for HTTP traffic. 207 | - `server_name flask.server.io www.flask.server.io;` 208 | - The server responds to requests for the domain names `flask.server.io` and `www.flask.server.io`. 209 | 210 | - **Location Block:** 211 | - `location / { ... }` 212 | - Defines how requests to the root URL and its subpaths should be handled. 213 | 214 | - **Proxy Settings:** 215 | - `proxy_pass http://localhost:5000;` 216 | - Forwards all incoming requests to the flask application running on localhost at port 5000. 217 | - `proxy_set_header Host $host;` 218 | - Sets the `Host` header in the forwarded request to the value of the original request's host header. 219 | - `proxy_set_header X-Real-IP $remote_addr;` 220 | - Sets the `X-Real-IP` header to the client’s IP address. 221 | - `proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;` 222 | - Sets the `X-Forwarded-For` header to include the client’s IP address. This header helps in tracking the original client's IP address when requests are forwarded through proxies. 223 | - `proxy_set_header X-Forwarded-Proto $scheme;` 224 | - Sets the `X-Forwarded-Proto` header to the scheme (HTTP or HTTPS) used in the original request. This is useful for applications that need to know the protocol used by the client. 225 | 226 | - **Log Configuration:** 227 | - `access_log /var/log/nginx/flask-app-proxy.access.log;` 228 | - Specifies the location of the access log file, which records details about each request handled by the server. 229 | - `error_log /var/log/nginx/flask-app-proxy.error.log;` 230 | - Specifies the location of the error log file, which records any errors encountered while processing requests. 231 | 232 | 233 | ```bash 234 | sudo ln -s /etc/nginx/sites-available/flask.server.io /etc/nginx/sites-enabled/ 235 | ``` 236 | 237 | 4. Test the Nginx configuration for syntax errors: 238 | 239 | ```bash 240 | sudo nginx -t 241 | ``` 242 | 5. Reload Nginx to apply the changes: 243 | 244 | ```bash 245 | sudo systemctl reload nginx 246 | ``` 247 | 248 | ### Step 6: Verify the Deployment 249 | Open a web browser on your client machine. 250 | Navigate to http://flask.server.io to see your deployed flask App. 251 | 252 | ![alt text](image-1.png) 253 | 254 | ## Deploying a Flask App Using Nginx with Docker 255 | 256 | ### Step 1: Make Docker image 257 | 1. Inside the working directory (`/workdir/flask.server.io`), create a `Dockerfile` with the following content: 258 | 259 | 260 | ```Dockerfile 261 | FROM python:3.10 262 | EXPOSE 5000 263 | WORKDIR /app 264 | #COPY requirements.txt . : if you have requirements.txt you can use this config 265 | #RUN pip install -r requirements.txt 266 | RUN pip install flask gunicorn 267 | COPY . . 268 | CMD ["gunicorn", "--bind", "0.0.0.0:5000", "app:app"] 269 | ``` 270 | 271 | ## Step 2: Build and Run the Docker Container 272 | 273 | 1. Build the Docker image: 274 | ```bash 275 | sudo docker build -t flask.server.io . 276 | ``` 277 | 278 | 2. Run the Docker container: 279 | ```bash 280 | sudo docker run -d -p 5000:5000 --name flask.server.io-container flask.server.io 281 | ``` 282 | - This command maps port 5000 on your server to port 5000 in the container. 283 | 284 | ### Step 3: Configure Nginx 285 | 286 | In this case we will use the same configuration for the section without docker 287 | 288 | 1. Create a new Nginx configuration file for your Flask App : 289 | 290 | ```bash 291 | sudo nano /etc/nginx/sites-available/flask.server.io 292 | ``` 293 | 294 | 2. Add the following configuration to the file: 295 | 296 | ```nginx 297 | server { 298 | listen 80; 299 | server_name flask.server.io www.flask.server.io; 300 | 301 | location / { 302 | proxy_pass http://localhost:5000; 303 | proxy_set_header Host $host; 304 | proxy_set_header X-Real-IP $remote_addr; 305 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 306 | proxy_set_header X-Forwarded-Proto $scheme; 307 | } 308 | 309 | # Define access log and error log locations 310 | access_log /var/log/nginx/flask-app-proxy.access.log; 311 | error_log /var/log/nginx/flask-app-proxy.error.log; 312 | } 313 | ``` 314 | 315 | ```bash 316 | sudo ln -s /etc/nginx/sites-available/flask.server.io /etc/nginx/sites-enabled/ 317 | ``` 318 | 319 | 4. Test the Nginx configuration for syntax errors: 320 | 321 | ```bash 322 | sudo nginx -t 323 | ``` 324 | 5. Reload Nginx to apply the changes: 325 | 326 | ```bash 327 | sudo systemctl reload nginx 328 | ``` 329 | 330 | ### Step 6: Verify the Deployment 331 | Open a web browser on your client machine. 332 | Navigate to http://flask.server.io to see your deployed flask App. -------------------------------------------------------------------------------- /deployment/flask/demo.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/deployment/flask/demo.zip -------------------------------------------------------------------------------- /deployment/flask/image-1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/deployment/flask/image-1.png -------------------------------------------------------------------------------- /deployment/flask/image.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/deployment/flask/image.png -------------------------------------------------------------------------------- /deployment/laravel/README.md: -------------------------------------------------------------------------------- 1 | # Deploying a Laravel app with Nginx and with/without Docker 2 | 3 | ![Deploying a Laravel app with Nginx and with/without Docker](image.png) 4 | 5 | In this lab, we will guide you through the process of deploying a Laravel application using Nginx as the web server. Laravel is a powerful PHP framework designed for web application development, offering a rich set of features and a clean, expressive syntax. Nginx, known for its high performance and low resource usage, is an excellent choice for serving Laravel applications. 6 | 7 | 8 | > Note: Before starting this lab, ensure you have completed the following prerequisites: 9 | > - Setting up the client-server environment as described in the [Environment Setup](../../Prerequisites.md) section. Proper DNS configuration and hostname setup are essential for the exercises in this lab. 10 | > - Installing Nginx as outlined in the [Nginx Installation Guide](../../nginx/README.md). 11 | > - Alternatively, if you prefer to use Docker, make sure Docker is installed and running on your server. You can refer to the [Docker Installation Guide](../../../docker/README.md) for detailed instructions. 12 | 13 | 14 | In this lab, we will explore the deployment process of a Laravel application on an Ubuntu server using Nginx with and without Docker. We will guide you through the steps of transferring your Laravel project to the server via SCP or a GitHub repository. For demonstration purposes, we'll utilize the subdomain laravel.server.io. Additionally, we have provided a demo Laravel project named [example-app.zip](example-app.zip) in the same directory as this lab for your convenience. Let's dive in and deploy your Laravel application with Nginx. 15 | 16 | ## Deploying a Laravel app Using Nginx without Docker 17 | 18 | ### Step 1: Connect to the Server and Create the Website Folder 19 | #### Connect to the Server: 20 | 21 | 1. Open a terminal on your local machine. 22 | 23 | 2. Use SSH to connect to your Ubuntu server. Replace and with your server’s username and IP address: 24 | 25 | ```bash 26 | ssh @ 27 | ``` 28 | 29 | Example: 30 | 31 | ```bash 32 | ssh serverio@192.168.1.10 33 | ``` 34 | 2. Create the Website Folder: 35 | 36 | Once connected to the server, create the directory structure for your laravel website. This structure will include a specific folder for your domain laravel.server.io. Run the following commands: 37 | 38 | ```bash 39 | sudo mkdir -p /var/www/laravel.server.io 40 | ``` 41 | 42 | 3. Set Permissions: 43 | 44 | Next, assign ownership of the directory with the $USER environment variable: 45 | 46 | ```bash 47 | sudo chown -R $USER:$USER /var/www/laravel.server.io 48 | ``` 49 | 50 | The permissions of your web roots should be correct if you haven’t modified your umask value, which sets default file permissions. To ensure that your permissions are correct and allow the owner to read, write, and execute the files while granting only read and execute permissions to groups and others, you can input the following command: 51 | 52 | ```bash 53 | sudo chmod -R 755 /var/www/laravel.server.io 54 | ``` 55 | 56 | 57 | ### Step 2: Transfer the Laravel app Files 58 | You can transfer your Laravel app files to the server using SCP or by cloning a GitHub repository. 59 | 60 | #### Using SCP: 61 | 62 | 1. Open a terminal on your local machine. 63 | 64 | 2. Use the scp command to transfer the files. Replace with the path to your project directory and and with your server's username and IP address: 65 | 66 | ```bash 67 | scp -r @:/var/www/html/laravel-site 68 | ``` 69 | Example: 70 | 71 | ```bash 72 | scp -r ./example-app.zip serverio@192.168.1.10:/var/www/laravel.server.io 73 | ``` 74 | 75 | 3. Connect to server and unzip the project files: 76 | 77 | ```bash 78 | sudo apt install unzip 79 | cd /var/www/laravel.server.io 80 | unzip example-app.zip 81 | ``` 82 | 83 | ### Using GitHub: 84 | 85 | 1. Navigate to the web root directory: 86 | 87 | ```bash 88 | cd /var/www/laravel.server.io 89 | ``` 90 | 2. Clone your repository: 91 | ```bash 92 | git clone https://github.com/yourusername/laravel-website.git laravel-website 93 | ``` 94 | 95 | ### Step 3: Installing PHP 8.3 on Ubuntu 96 | 97 | Follow these steps to install PHP 8.3 on your Ubuntu server: 98 | 99 | 1. Install essential packages: 100 | ```bash 101 | sudo apt-get install ca-certificates apt-transport-https software-properties-common 102 | ``` 103 | 104 | 2. Add the Ondrej PHP repository: 105 | ```bash 106 | sudo add-apt-repository ppa:ondrej/php 107 | ``` 108 | 109 | 3. Update the package list: 110 | ```bash 111 | sudo apt-get update 112 | ``` 113 | 114 | 4. Install PHP 8.3: 115 | ```bash 116 | sudo apt-get install php8.3 117 | ``` 118 | 119 | 5. Verify PHP version: 120 | ```bash 121 | php8.3 --version 122 | ``` 123 | 124 | 6. Install PHP-FPM (FastCGI Process Manager): 125 | ```bash 126 | sudo apt install php8.3-fpm 127 | ``` 128 | 129 | 7. (Optional) Verify PHP-FPM process is running: 130 | ```bash 131 | systemctl status php8.3-fpm 132 | ``` 133 | 134 | 8. Install common PHP extensions tailored for Laravel: 135 | ```bash 136 | sudo apt install openssl php8.3-bcmath php8.3-curl php8.3-mbstring php8.3-mysql php8.3-tokenizer php8.3-xml php8.3-zip php8.3-sqlite3 137 | ``` 138 | 139 | That's it! You now have PHP 8.3 installed on your Ubuntu server. You can proceed to configure your web server (e.g., Nginx or Apache) to work with PHP. 140 | 141 | ### Step 4: Configure Nginx 142 | 143 | 1. **Create Nginx Configuration File**: Create a new Nginx configuration file for your Laravel project. You can create a dedicated configuration file for your Laravel application under the `/etc/nginx/sites-available/` directory. For example, create a file named `laravel.server.io`: 144 | ```bash 145 | sudo nano /etc/nginx/sites-available/laravel.server.io 146 | ``` 147 | 148 | 2. **Configure Nginx**: Configure Nginx to serve your Laravel application. Below is a sample Nginx configuration block: 149 | ```nginx 150 | server { 151 | listen 80; 152 | server_name laravel.server.io www.laravel.server.io; 153 | root /var/www/laravel.server.io/example-app/public; 154 | 155 | index index.html index.htm index.php; 156 | 157 | location / { 158 | try_files $uri $uri/ = 404; 159 | } 160 | 161 | location ~ \.php$ { 162 | include snippets/fastcgi-php.conf; 163 | fastcgi_pass unix:/var/run/php/php8.3-fpm.sock; 164 | } 165 | 166 | location ~ /\.ht { 167 | deny all; 168 | } 169 | } 170 | ``` 171 | 172 | **Explanation of the Nginx Server Configuration** 173 | 174 | This Nginx configuration sets up a server to handle HTTP requests for the domain `laravel.server.io` and `www.laravel.server.io`. Let's break down each section: 175 | 176 | - **Server Block:** 177 | - The `server` block defines the configuration for handling requests to your server. 178 | 179 | - **Listening Port:** 180 | - `listen 80;` 181 | - Specifies that the server will listen on port 80, the default port for HTTP traffic. 182 | 183 | - **Server Name:** 184 | - `server_name laravel.server.io www.laravel.server.io;` 185 | - Defines the domain names that this server block should respond to. Here, it will respond to requests for `laravel.server.io` and `www.laravel.server.io`. 186 | 187 | - **Root Directory:** 188 | - `root /var/www/laravel.server.io/example-app/public;` 189 | - Defines the root directory for serving files for this server block. In this case, it's set to the public directory of a Laravel application. 190 | 191 | - **Index Files:** 192 | - `index index.html index.htm index.php;` 193 | - Specifies the index files to use when a directory is requested. It will first look for `index.html`, then `index.htm`, and finally `index.php`. 194 | 195 | - **Location Blocks:** 196 | - The `location` blocks define how Nginx should handle different types of requests. 197 | 198 | - **Default Location Block:** 199 | - `location / { ... }` 200 | - Handles requests for the root URL and its subpaths. It uses the `try_files` directive to attempt to serve the requested URI directly. If that fails, it returns a 404 error. 201 | 202 | - **PHP Processing Location Block:** 203 | - `location ~ \.php$ { ... }` 204 | - Processes PHP files. It includes the `fastcgi-php.conf` file to configure FastCGI processing, then passes PHP requests to the PHP-FPM socket for execution. 205 | 206 | - **Deny Access to .ht Files:** 207 | - `location ~ /\.ht { deny all; }` 208 | - Denies access to any `.ht` files, which are typically used for Apache configuration and should not be accessible over HTTP. 209 | 210 | 211 | 3. **Enable Nginx Configuration**: Create a symbolic link to enable the Nginx configuration: 212 | ```bash 213 | sudo ln -s /etc/nginx/sites-available/laravel.server.io /etc/nginx/sites-enabled/ 214 | ``` 215 | 216 | 4. **Test Nginx Configuration**: Test the Nginx configuration for syntax errors: 217 | ```bash 218 | sudo nginx -t 219 | ``` 220 | 221 | 5. **Reload Nginx**: Reload Nginx to apply the changes: 222 | ```bash 223 | sudo systemctl reload nginx 224 | ``` 225 | 226 | 227 | ### Step 5: Set Permissions 228 | 229 | 1. **Set File Permissions**: Set appropriate permissions for Laravel directories. Laravel requires write access to certain directories. Run the following commands to set permissions: 230 | ```bash 231 | cd /var/www/laravel.server.io 232 | sudo chown -R www-data example-app 233 | cd example-app 234 | sudo chown -R www-data:www-data storage bootstrap/cache 235 | sudo chmod -R 775 storage bootstrap/cache 236 | ``` 237 | 238 | ### Step 6: Configure Environment Variables (If Required) 239 | 240 | 1. **Set Environment Variables**: Configure Laravel environment variables. Copy the `.env.example` file to `.env` and update it with your database credentials and other settings: 241 | ```bash 242 | cp .env.example .env 243 | ``` 244 | 245 | 2. **Generate your application encryption key using**: 246 | ```bash 247 | php artisan key:generate 248 | ``` 249 | 250 | ### Step 7: Migrate Database (If Required) 251 | 252 | 1. **Database Migration**: If your Laravel application requires a database, run database migrations to create necessary tables: 253 | ```bash 254 | php artisan migrate 255 | ``` 256 | 257 | ### Step 6: Verify Deployment 258 | 259 | 1. **Access Your Laravel Application**: Open a web browser and navigate to your Laravel application's subdomain (e.g., `http://laravel.server.io`). You should see your Laravel application up and running. 260 | 261 | 262 | ![alt text](image-1.png) 263 | 264 | ## Deploying a Laravel app Using Nginx with Docker 265 | 266 | 267 | ### Step 1: Create a Dockerfile for Your laravel Website 268 | 269 | 1. Create a new directory for your project: 270 | 271 | ```bash 272 | sudo mkdir -p /workdir/laravel.server.io 273 | 274 | sudo chown -R $USER:$USER /workdir/laravel.server.io 275 | sudo chmod -R 755 /workdir/laravel.server.io 276 | 277 | cd /workdir/laravel.server.io 278 | ``` 279 | 280 | 2. Add your laravel projet files to this directory using SCP or GitHub as explained in the previous section 281 | 282 | 283 | 3. Inside project directory (example-app), create a `Dockerfile` with the following content: 284 | ```Dockerfile 285 | FROM webdevops/php-nginx:8.3-alpine 286 | 287 | # Installation in your Image of the minimum required for Docker to function 288 | RUN apk add oniguruma-dev libxml2-dev 289 | RUN docker-php-ext-install \ 290 | bcmath \ 291 | ctype \ 292 | fileinfo \ 293 | mbstring \ 294 | pdo_mysql \ 295 | xml 296 | 297 | # Installation of Composer in your image 298 | COPY --from=composer:latest /usr/bin/composer /usr/bin/composer 299 | 300 | # Installation of NodeJS if you have compiled assets 301 | #RUN apk add nodejs npm 302 | 303 | ENV WEB_DOCUMENT_ROOT /app/public 304 | ENV APP_ENV production 305 | WORKDIR /app 306 | COPY . . 307 | 308 | # Copy the .env.example file and rename it to .env 309 | # You can modify the .env.example file to specify your site's configuration for production 310 | RUN cp -n .env.example .env 311 | 312 | 313 | # https://laravel.com/docs/10.x/deployment#optimizing-configuration-loading 314 | RUN composer install --no-interaction --optimize-autoloader --no-dev 315 | 316 | RUN php artisan key:generate 317 | 318 | RUN php artisan config:cache 319 | 320 | RUN php artisan route:cache 321 | 322 | RUN php artisan view:cache 323 | 324 | # If you have compiled assets 325 | #RUN npm install 326 | #RUN npm run build 327 | 328 | RUN chown -R application:application . 329 | ``` 330 | ## Step 2: Build and Run the Docker Container 331 | 332 | 1. Build the Docker image: 333 | ```bash 334 | sudo docker build -t laravel.server.io . 335 | ``` 336 | 337 | 2. Run the Docker container: 338 | ```bash 339 | sudo docker run -d -p 8888:80 --name laravel.server.io-container laravel.server.io 340 | ``` 341 | - This command maps port 8888 on your server to port 80 in the container. 342 | 343 | 344 | ### Step 3: Configure Nginx 345 | 346 | In this case we will use the same configuration for the section without docker 347 | 348 | 1. Create a new Nginx configuration file for your laravel App : 349 | 350 | ```bash 351 | sudo nano /etc/nginx/sites-available/laravel-proxy 352 | ``` 353 | 354 | 2. Add the following configuration to the file: 355 | 356 | ```nginx 357 | server { 358 | listen 80; 359 | server_name laravel.server.io www.laravel.server.io; 360 | 361 | location / { 362 | proxy_pass http://localhost:8888; 363 | proxy_set_header Host $host; 364 | proxy_set_header X-Real-IP $remote_addr; 365 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 366 | proxy_set_header X-Forwarded-Proto $scheme; 367 | } 368 | 369 | # Define access log and error log locations 370 | access_log /var/log/nginx/static-site-proxy.access.log; 371 | error_log /var/log/nginx/static-site-proxy.error.log; 372 | } 373 | ``` 374 | 375 | ```bash 376 | sudo ln -s /etc/nginx/sites-available/laravel-proxy /etc/nginx/sites-enabled/ 377 | ``` 378 | 379 | 4. Test the Nginx configuration for syntax errors: 380 | 381 | ```bash 382 | sudo nginx -t 383 | ``` 384 | 5. Reload Nginx to apply the changes: 385 | 386 | ```bash 387 | sudo systemctl reload nginx 388 | ``` 389 | 390 | ### Step 6: Verify the Deployment 391 | Open a web browser on your client machine. 392 | Navigate to http://laravel.server.io to see your deployed laravel App. 393 | 394 | ![alt text](image-2.png) 395 | 396 | 397 | 398 | 399 | -------------------------------------------------------------------------------- /deployment/laravel/example-app.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/deployment/laravel/example-app.zip -------------------------------------------------------------------------------- /deployment/laravel/image-1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/deployment/laravel/image-1.png -------------------------------------------------------------------------------- /deployment/laravel/image-2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/deployment/laravel/image-2.png -------------------------------------------------------------------------------- /deployment/laravel/image.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/deployment/laravel/image.png -------------------------------------------------------------------------------- /deployment/laravel/nginx.conf: -------------------------------------------------------------------------------- 1 | server { 2 | listen 80; 3 | server_name laravel.server.io www.laravel.server.io; 4 | root /var/www/html/public; 5 | 6 | index index.html index.htm index.php; 7 | 8 | location / { 9 | try_files $uri $uri/ = 404; 10 | } 11 | 12 | location ~ \.php$ { 13 | include snippets/fastcgi-php.conf; 14 | fastcgi_pass unix:/var/run/php/php8.3-fpm.sock; 15 | } 16 | 17 | location ~ /\.ht { 18 | deny all; 19 | } 20 | } -------------------------------------------------------------------------------- /deployment/mini-project/README.md: -------------------------------------------------------------------------------- 1 | # Mini-Project: Web Deployment Automation Tool 2 | 3 | ## Objective 4 | The goal of this project is to create a **Web Deployment Automation Tool** that validates your understanding of **Web Deployment** concepts. The tool will streamline web application deployments using Python and Nginx on an Ubuntu server. 5 | 6 | ## Project Description 7 | You are tasked with developing a Python-based tool that automates the deployment of web applications, manages server resources, supervises Nginx, and installs necessary dependencies. 8 | 9 | --- 10 | 11 | ## Functional Requirements 12 | Your project must include the following functionalities: 13 | 14 | ### 1. System Health Monitoring 15 | - Display essential server statistics: 16 | - **CPU**: Number of cores, usage per core, and total usage. 17 | - **Memory**: Total, used, and available RAM. 18 | - **Disk**: Partition usage and available space. 19 | - **Network**: Interface details, total data sent, and received. 20 | - Use the `psutil` library for system monitoring. 21 | - Format the output with color-coded sections for better readability. 22 | 23 | ### 2. Nginx Supervision 24 | - Check if **Nginx** is installed. 25 | - Prompt the user to install Nginx if it's not found. 26 | - Provide the following options for managing Nginx: 27 | - Start, stop, restart, reload, enable, or disable Nginx. 28 | - Check Nginx configuration syntax using `nginx -t`. 29 | 30 | ### 3. Manage Available Sites 31 | - List all available sites from `/etc/nginx/sites-available/`. 32 | - Add a new site: 33 | - Clone a GitHub repository into `/services/`. 34 | - Create a directory for the site if it doesn’t exist. 35 | - Generate an appropriate Nginx configuration file based on the site type: 36 | - **HTML**: Serves static files. 37 | - **PHP (Laravel)**: Configures PHP 8.3, Composer, and Laravel setup. 38 | - **Java (Spring Boot)**: Configures JAR deployment with proxy and systemd service. 39 | - **Python (Flask)**: Configures Flask with Gunicorn and systemd service. 40 | - **Node.js (Express)**: Manages Node.js apps with PM2 and proxy. 41 | 42 | ### 4. Manage Enabled Sites 43 | - List all enabled sites from `/etc/nginx/sites-enabled/`. 44 | - Provide the following management options: 45 | - Enable a site by creating a symbolic link from `/etc/nginx/sites-available/`. 46 | - Disable a site by removing the symbolic link. 47 | - Delete site configurations entirely. 48 | 49 | ### 5. Check and Install Dependencies 50 | - Ensure the following runtimes are installed: 51 | - **PHP 8.3 + Composer** 52 | - **Java 17** 53 | - **Node.js 22** 54 | - **Flask** (Python web framework) 55 | - Prompt users to install missing dependencies interactively. 56 | - Use a progress indicator for installations. 57 | 58 | --- 59 | 60 | ## Deliverables 61 | 1. **Project Code**: 62 | - Modular Python code organized into separate files for each functionality. 63 | - Ensure the code is clean, readable, and includes comments for clarity. 64 | 65 | 2. **README.md**: 66 | - Include a detailed project description. 67 | - Provide setup instructions and usage examples. 68 | 69 | 3. **Video**: 70 | - Attach terminal video showcasing the tool's functionalities. 71 | 72 | 4. **Submission**: 73 | - Compress the entire project folder into a `.zip` file. 74 | - Name the file as `_web_deployment_tool.zip`. 75 | - Send the zipped file via email with the subject: 76 | `DevOps and Cloud Mini-Project Submission - `. 77 | 78 | 79 | --- 80 | 81 | ## Example Video 82 | Here’s an example video demonstrating the terminal output and tool functionalities: 83 | 84 | [![Example Video](image-1.png)](https://drive.google.com/file/d/188mlmB9wqxH1usQ8fRKN4czMrrGg03uv/view?usp=sharing) 85 | 86 | -------------------------------------------------------------------------------- /deployment/mini-project/image-1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/deployment/mini-project/image-1.png -------------------------------------------------------------------------------- /deployment/nginx/README.md: -------------------------------------------------------------------------------- 1 | ![alt text](image.png) 2 | 3 | Nginx (prononcé "engine-x") est un serveur web open source très populaire, apprécié pour sa haute performance, sa stabilité et sa faible consommation de ressources. Développé par Igor Sysoev en 2004, Nginx a été initialement conçu pour résoudre le problème de gestion de plusieurs connexions simultanées. Aujourd'hui, il est largement utilisé non seulement comme serveur web, mais aussi comme proxy inverse, équilibreuse de charge et cache HTTP. 4 | 5 | Nginx se distingue par sa capacité à gérer efficacement des milliers de connexions simultanées avec une utilisation minimale de la mémoire. Grâce à son architecture événementielle et non bloquante, il offre une performance supérieure, particulièrement pour les sites à fort trafic. De plus, Nginx est hautement configurable et extensible, permettant aux administrateurs de personnaliser son comportement pour répondre aux besoins spécifiques de leurs applications. 6 | 7 | Cette section explorera les fonctionnalités clés de Nginx, y compris son installation, sa configuration de base et ses différents modules. Nous examinerons également comment utiliser Nginx comme serveur proxy et équilibreuse de charge pour améliorer la performance et la fiabilité des applications web. Nginx est un outil incontournable dans le monde du développement web moderne, et cette leçon vous fournira les connaissances nécessaires pour l'utiliser efficacement. 8 | 9 | 10 | ## 1 – Installation de Nginx 11 | Étant donné que Nginx est disponible dans les dépôts par défaut d'Ubuntu, il est possible de l'installer à partir de ces dépôts en utilisant le système de paquets apt. 12 | 13 | Comme il s'agit de notre première interaction avec le système de paquets apt dans cette session, nous allons mettre à jour notre index des paquets locaux pour avoir accès aux listes de paquets les plus récentes. Ensuite, nous pourrons installer Nginx : 14 | 15 | ``` 16 | sudo apt update 17 | sudo apt install nginx 18 | ``` 19 | 20 | Appuyez sur Y lorsque vous êtes invité à confirmer l'installation. Si vous êtes invité à redémarrer des services, appuyez sur ENTER pour accepter les valeurs par défaut et continuer. apt installera Nginx et toutes les dépendances requises sur votre serveur. 21 | 22 | ## 2 – Ajustement du Pare-feu 23 | Avant de tester Nginx, le logiciel de pare-feu doit être configuré pour permettre l'accès au service. Nginx s'enregistre comme un service avec ufw lors de l'installation, ce qui facilite l'autorisation de l'accès à Nginx. 24 | 25 | Listez les configurations d'application que ufw sait gérer en tapant : 26 | 27 | ``` 28 | sudo ufw app list 29 | ``` 30 | 31 | Vous devriez obtenir une liste des profils d'application : 32 | 33 | ``` 34 | Applications disponibles : 35 | Nginx Full 36 | Nginx HTTP 37 | Nginx HTTPS 38 | OpenSSH 39 | ``` 40 | 41 | Comme indiqué par la sortie, il existe trois profils disponibles pour Nginx : 42 | 43 | - **Nginx Full** : Ce profil ouvre à la fois le port 80 (trafic web normal non chiffré) et le port 443 (trafic chiffré TLS/SSL) 44 | - **Nginx HTTP** : Ce profil ouvre uniquement le port 80 (trafic web normal non chiffré) 45 | - **Nginx HTTPS** : Ce profil ouvre uniquement le port 443 (trafic chiffré TLS/SSL) 46 | 47 | Il est recommandé d'activer le profil le plus restrictif qui permettra toujours le trafic que vous avez configuré. Pour l'instant, nous n'aurons besoin d'autoriser le trafic que sur le port 80. 48 | 49 | Vous pouvez l'activer en tapant : 50 | 51 | ``` 52 | sudo ufw allow 'Nginx HTTP' 53 | ``` 54 | 55 | Vous pouvez vérifier le changement en tapant : 56 | 57 | ``` 58 | sudo ufw status 59 | ``` 60 | 61 | La sortie indiquera quel trafic HTTP est autorisé : 62 | 63 | ``` 64 | Output 65 | Status: active 66 | 67 | To Action From 68 | -- ------ ---- 69 | OpenSSH ALLOW Anywhere 70 | Nginx HTTP ALLOW Anywhere 71 | OpenSSH (v6) ALLOW Anywhere (v6) 72 | Nginx HTTP (v6) ALLOW Anywhere (v6) 73 | ``` 74 | 75 | ## 3 – Vérification de votre Serveur Web 76 | À la fin du processus d'installation, Ubuntu 22.04 démarre Nginx. Le serveur web devrait déjà être en cours d'exécution. 77 | 78 | Nous pouvons vérifier avec le système init systemd pour nous assurer que le service est en cours d'exécution en tapant : 79 | 80 | ``` 81 | systemctl status nginx 82 | ``` 83 | 84 | ``` 85 | Output 86 | ● nginx.service - A high performance web server and a reverse proxy server 87 | Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled) 88 | Active: active (running) since Fri 2022-03-01 16:08:19 UTC; 3 days ago 89 | Docs: man:nginx(8) 90 | Main PID: 2369 (nginx) 91 | Tasks: 2 (limit: 1153) 92 | Memory: 3.5M 93 | CGroup: /system.slice/nginx.service 94 | ├─2369 nginx: master process /usr/sbin/nginx -g daemon on; master_process on; 95 | └─2380 nginx: worker process 96 | ``` 97 | 98 | Comme confirmé par cette sortie, le service a démarré avec succès. Cependant, le meilleur moyen de tester cela est de demander réellement une page à Nginx. 99 | 100 | Vous pouvez accéder à la page de démarrage par défaut de Nginx pour confirmer que le logiciel fonctionne correctement en naviguant à l'adresse IP de votre serveur. Si vous ne connaissez pas l'adresse IP de votre serveur, vous pouvez la trouver en utilisant l'outil icanhazip.com, qui vous donnera votre adresse IP publique telle que reçue d'un autre endroit sur Internet : 101 | 102 | ``` 103 | curl your_domain 104 | ``` 105 | 106 | Lorsque vous avez l'adresse IP de votre serveur, entrez-la dans la barre d'adresse de votre navigateur : 107 | 108 | ``` 109 | http://your_server_ip 110 | ``` 111 | 112 | Vous devriez recevoir la page de démarrage par défaut de Nginx : 113 | 114 | 115 | Si vous êtes sur cette page, votre serveur fonctionne correctement et est prêt à être géré. 116 | 117 | Étape 4 – Gestion du Processus Nginx 118 | Maintenant que vous avez votre serveur web en cours d'exécution, passons en revue quelques commandes de gestion de base. 119 | 120 | Pour arrêter votre serveur web, tapez : 121 | 122 | ``` 123 | sudo systemctl stop nginx 124 | ``` 125 | 126 | Pour démarrer le serveur web lorsqu'il est arrêté, tapez : 127 | 128 | ``` 129 | sudo systemctl start nginx 130 | ``` 131 | 132 | Pour arrêter puis redémarrer le service, tapez : 133 | 134 | ``` 135 | sudo systemctl restart nginx 136 | ``` 137 | 138 | Si vous ne faites que des modifications de configuration, Nginx peut souvent recharger sans interrompre les connexions. Pour ce faire, tapez : 139 | 140 | ``` 141 | sudo systemctl reload nginx 142 | ``` 143 | 144 | Par défaut, Nginx est configuré pour démarrer automatiquement au démarrage du serveur. Si ce n'est pas ce que vous souhaitez, vous pouvez désactiver ce comportement en tapant : 145 | 146 | ``` 147 | sudo systemctl disable nginx 148 | ``` 149 | 150 | Pour réactiver le service afin qu'il démarre au démarrage, vous pouvez taper : 151 | 152 | ``` 153 | sudo systemctl enable nginx 154 | ``` 155 | 156 | Vous avez maintenant appris les commandes de gestion de base et devriez être prêt à configurer le site pour héberger plus d'un domaine. 157 | 158 | 159 | 160 | 161 | 162 | 163 | -------------------------------------------------------------------------------- /deployment/nginx/image.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/deployment/nginx/image.png -------------------------------------------------------------------------------- /deployment/spring/README.md: -------------------------------------------------------------------------------- 1 | # Deploying a Spring App with Nginx and with/without Docker 2 | 3 | ![Deploying a Spring App with Nginx and with/without Docker](image.png) 4 | 5 | Spring Boot is a powerful, feature-rich framework for building Java-based web applications and microservices. It simplifies the development process by providing a comprehensive suite of tools and default configurations, allowing developers to focus more on writing business logic rather than dealing with infrastructure and boilerplate code. 6 | 7 | Key features of Spring Boot include: 8 | 9 | - **Auto-Configuration:** Automatically configures Spring applications based on the dependencies you have included, minimizing the need for explicit XML configuration. 10 | - **Embedded Servers:** Spring Boot comes with embedded web servers like Tomcat, Jetty, and Undertow, allowing you to run applications as standalone executables without requiring a separate application server. 11 | - **Production-Ready:** Provides features such as metrics, health checks, and externalized configuration to help you monitor and manage your application in production environments. 12 | - **Microservices Support:** Spring Boot is well-suited for building microservices architectures, providing tools and conventions that simplify the creation and deployment of microservices. 13 | - **Spring Ecosystem Integration:** Seamlessly integrates with other projects in the Spring ecosystem, such as Spring Data, Spring Security, and Spring Cloud, to offer a cohesive and comprehensive development experience. 14 | 15 | 16 | > Note: Before starting this lab, ensure you have completed the following prerequisites: 17 | > - Setting up the client-server environment as described in the [Environment Setup](../../Prerequisites.md) section. Proper DNS configuration and hostname setup are essential for the exercises in this lab. 18 | > - Installing Nginx as outlined in the [Nginx Installation Guide](../../nginx/README.md). 19 | > - Alternatively, if you prefer to use Docker, make sure Docker is installed and running on your server. You can refer to the [Docker Installation Guide](../../../docker/README.md) for detailed instructions. 20 | 21 | 22 | In this lab, we will learn how to deploy a Spring App on an Ubuntu server using Nginx. We will cover how to transfer your project to the server using SCP or a GitHub repository.For this lab, we will use the subdomain spring.server.io and a demo project named [spring.jar](spring.zip) is attached in the same directory as this lab for your convenience. 23 | 24 | 25 | ## Deploying a Spring App Using Nginx without Docker 26 | 27 | ### Step 1: Create the Website Folder 28 | 29 | #### Connect to the Server: 30 | 31 | 1. Open a terminal on your local machine. 32 | 33 | 2. Use SSH to connect to your Ubuntu server. Replace and with your server’s username and IP address: 34 | 35 | ```bash 36 | ssh @ 37 | ``` 38 | 39 | Example: 40 | 41 | ```bash 42 | ssh serverio@192.168.1.10 43 | ``` 44 | #### Create the Website Folder: 45 | 1. Create a new directory for your project: 46 | 47 | ```bash 48 | sudo mkdir -p /workdir/spring.server.io 49 | 50 | sudo chown -R $USER:$USER /workdir/spring.server.io 51 | sudo chmod -R 755 /workdir/spring.server.io 52 | 53 | cd /workdir/spring.server.io 54 | ``` 55 | 56 | ### Step 2: Transfer the Spring App Files 57 | You can transfer your Spring App files to the server using SCP or by cloning a GitHub repository. 58 | 59 | #### Using SCP: 60 | 61 | 1. Open a terminal on your local machine. 62 | 63 | 2. Use the scp command to transfer the files. Replace with the path to your project directory and and with your server's username and IP address: 64 | 65 | ```bash 66 | scp -r @:/workdir/spring.server.io 67 | ``` 68 | Example: 69 | 70 | ```bash 71 | scp -r ./spring.zip serverio@192.168.1.10:/workdir/spring.server.io 72 | ``` 73 | 74 | And extract the spring.zip file : 75 | 76 | ```bash 77 | sudo unzip spring.zip 78 | ``` 79 | 80 | #### Using GitHub: 81 | 82 | 1. Navigate to the web root directory: 83 | 84 | ```bash 85 | cd /workdir/spring.server.io 86 | ``` 87 | 2. Clone your repository: 88 | ```bash 89 | git clone https://github.com/yourusername/spring-website.git spring-website 90 | ``` 91 | 92 | ### Step 3: Install Java 93 | #### Install JAVA using OpenJDK 94 | OpenJDK provides all the tools you need to develop Java-based applications and microservices, including the Java compiler, Java Runtime Environment (JRE), and Java class library. 95 | 96 | Ubuntu repositories provide the OpenJDK package by default, and you can search for its availability as shown. 97 | 98 | ```bash 99 | sudo apt-cache search openjdk 100 | ``` 101 | 102 | At the time of writing, the most recent release is OpenJDK 20. The latest LTS ( Long Term Support ) release is OpenJDK 17 and will be supported until 30 September 2026. 103 | 104 | To install OpenJDK 11 using the APT package manager, execute the command: 105 | 106 | ```bash 107 | sudo apt install openjdk-17-jdk -y 108 | ``` 109 | 110 | #### Configure Default Java Version on Ubuntu 111 | You can have multiple installations of Java on your system without much of an issue. However, you might be required to set a certain installation of Java as the default version based on your project’s requirements. 112 | 113 | You can accomplish this with the update-alternatives command-line utility, which allows you to list and set the default version of Java on your system. 114 | 115 | To configure the default Java version, run the command: 116 | 117 | ```bash 118 | sudo update-alternatives --config java 119 | ``` 120 | 121 | The command lists all the currently installed versions of Java and their installation paths. The default version is prefixed with an asterisk ( * ) in the ‘Selection’ column. You can choose to keep the current selection as the default version by pressing ‘ENTER’ or change the default version by typing a selection number of your preferred Java installation and pressing ‘ENTER’. 122 | 123 | In the example below, we have selected to configure OpenJDK 11 as the default Java version. 124 | 125 | You can later verify this by checking the version of Java. 126 | 127 | ```bash 128 | java -version 129 | ``` 130 | #### Installing Maven 131 | Maven is a build automation and project management tool primarily used for Java-based applications. It simplifies the process of compiling, testing, packaging, and managing project dependencies using a standard project structure and configuration file (pom.xml). Maven also supports plugins to extend its capabilities for various tasks like generating documentation or deploying applications. 132 | 133 | We have to install the Maven in our system to build the spring project and get the Jar file that can run for production : 134 | 135 | ```bash 136 | sudo apt install maven -y 137 | ``` 138 | 139 | Check the installed Maven version: 140 | ```bash 141 | mvn -version 142 | ``` 143 | 144 | 145 | You should see output like this: 146 | 147 | ```bash 148 | Apache Maven 3.x.x (latest version installed) 149 | Maven home: /usr/share/maven 150 | Java version: 17, vendor: OpenJDK, runtime: /usr/lib/jvm/java-17-openjdk-amd64 151 | Default locale: en_US, platform encoding: UTF-8 152 | ``` 153 | 154 | 155 | ### Step 4: Building a Spring Boot application 156 | Building a Spring Boot application involves compiling the source code, packaging it, and making it executable. Follow these steps: 157 | 158 | Go to the root directory of your Spring Boot application where the pom.xml (for Maven) or build.gradle (for Gradle) file is located: 159 | 160 | ```bash 161 | cd /workdir/spring.server.io 162 | ``` 163 | 164 | Run the following command to build the project: 165 | 166 | ```bash 167 | mvn clean package 168 | ``` 169 | 170 | This command: 171 | - Cleans the project (clean) 172 | - Compiles the source code 173 | - Packages the application into a JAR file (package). 174 | 175 | By default, the JAR file is located in the target directory: 176 | 177 | ```bash 178 | /workdir/spring.server.io/{app-name-version}.jar 179 | ``` 180 | 181 | ### Step 5: Configure Nginx 182 | 183 | 1. Create a new Nginx configuration file for your Spring App : 184 | 185 | ```bash 186 | sudo nano /etc/nginx/sites-available/spring.server.io 187 | ``` 188 | 189 | 2. Add the following configuration to the file: 190 | 191 | ```nginx 192 | server { 193 | listen 80; 194 | server_name spring.server.io www.spring.server.io; 195 | 196 | location / { 197 | proxy_pass http://localhost:8080; 198 | proxy_set_header Host $host; 199 | proxy_set_header X-Real-IP $remote_addr; 200 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 201 | proxy_set_header X-Forwarded-Proto $scheme; 202 | } 203 | 204 | # Define access log and error log locations 205 | access_log /var/log/nginx/spring-app-proxy.access.log; 206 | error_log /var/log/nginx/spring-app-proxy.error.log; 207 | } 208 | ``` 209 | 210 | #### Nginx Configuration for Spring Boot Application 211 | 212 | This Nginx configuration file sets up a server to handle HTTP requests for a Spring Boot application hosted under the `spring.server.io` domain. The Nginx server acts as a reverse proxy, forwarding incoming requests to the Spring Boot application running on localhost at port 8080. 213 | 214 | **Configuration Breakdown** 215 | 216 | - **Server Block:** 217 | - `listen 80;` 218 | - The server listens on port 80, which is the default port for HTTP traffic. 219 | - `server_name spring.server.io www.spring.server.io;` 220 | - The server responds to requests for the domain names `spring.server.io` and `www.spring.server.io`. 221 | 222 | - **Location Block:** 223 | - `location / { ... }` 224 | - Defines how requests to the root URL and its subpaths should be handled. 225 | 226 | - **Proxy Settings:** 227 | - `proxy_pass http://localhost:8080;` 228 | - Forwards all incoming requests to the Spring Boot application running on localhost at port 8080. 229 | - `proxy_set_header Host $host;` 230 | - Sets the `Host` header in the forwarded request to the value of the original request's host header. 231 | - `proxy_set_header X-Real-IP $remote_addr;` 232 | - Sets the `X-Real-IP` header to the client’s IP address. 233 | - `proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;` 234 | - Sets the `X-Forwarded-For` header to include the client’s IP address. This header helps in tracking the original client's IP address when requests are forwarded through proxies. 235 | - `proxy_set_header X-Forwarded-Proto $scheme;` 236 | - Sets the `X-Forwarded-Proto` header to the scheme (HTTP or HTTPS) used in the original request. This is useful for applications that need to know the protocol used by the client. 237 | 238 | - **Log Configuration:** 239 | - `access_log /var/log/nginx/spring-app-proxy.access.log;` 240 | - Specifies the location of the access log file, which records details about each request handled by the server. 241 | - `error_log /var/log/nginx/spring-app-proxy.error.log;` 242 | - Specifies the location of the error log file, which records any errors encountered while processing requests. 243 | 244 | 3. Enable the configuration by creating a symbolic link to the sites-enabled directory: 245 | 246 | ```bash 247 | sudo ln -s /etc/nginx/sites-available/spring.server.io /etc/nginx/sites-enabled/ 248 | ``` 249 | 250 | 4. Test the Nginx configuration for syntax errors: 251 | 252 | ```bash 253 | sudo nginx -t 254 | ``` 255 | 5. Reload Nginx to apply the changes: 256 | 257 | ```bash 258 | sudo systemctl reload nginx 259 | ``` 260 | 261 | ### Step 6: Creating an Init Script for the Spring Boot Application 262 | To access the new application externally across the internet, a few more steps are required. An init script for the Spring Boot application must be created inside the systemd server. This registers Spring Boot as a service and launches it at system start-up time. 263 | 264 | 1. Create a service script for spring.server.io.service in the /etc/systemd/system directory as follows. The ExecStart field must contain the full path to the application .jar file. This is the same file that ran inside Tomcat server earlier. For the path name, replace userdir with the name of the user directory. 265 | 266 | ```bash 267 | sudo nano /etc/systemd/system/spring.server.io.service 268 | ``` 269 | ```bash 270 | [Unit] 271 | Description=Spring.server.io 272 | After=syslog.target 273 | After=network.target[Service] 274 | User=username 275 | Type=simple 276 | 277 | [Service] 278 | ExecStart=/usr/bin/java -jar /workdir/spring.server.io/.jar 279 | Restart=always 280 | StandardOutput=syslog 281 | StandardError=syslog 282 | SyslogIdentifier=/workdir/spring.server.io 283 | 284 | [Install] 285 | WantedBy=multi-user.target 286 | ``` 287 | 288 | **Change the by the build name or your app** 289 | 290 | 2. Start the service. 291 | ```bash 292 | sudo systemctl start spring.server.io 293 | ``` 294 | 295 | 3. Verify the service is active. 296 | ```bash 297 | sudo systemctl status spring.server.io 298 | ``` 299 | 300 | ### Step 7: Verify the Deployment 301 | Open a web browser on your client machine. 302 | Navigate to http://spring.server.io to see your deployed Spring App. 303 | 304 | ![alt text](image-1.png) 305 | 306 | ## Deploying a Spring App Using Nginx with Docker 307 | 308 | ### Step 1: Make Docker image 309 | 1. Inside the working directory (`/workdir/spring.server.io`), create a `Dockerfile` with the following content: 310 | 311 | ```Dockerfile 312 | FROM openjdk:17-jdk-alpine as builder 313 | 314 | # Set working directory 315 | WORKDIR /app 316 | 317 | # Copy JAR file (replace "spring.jar" with your actual file name) 318 | COPY spring.jar app.jar 319 | 320 | # Expose port (replace 8080 with your application port) 321 | EXPOSE 8080 322 | 323 | # Entrypoint to run the application 324 | ENTRYPOINT ["java", "-jar", "app.jar"] 325 | ``` 326 | 327 | 328 | **Explanation:** 329 | 330 | > Line 1-4: The first stage (builder) uses the openjdk:17-jdk-alpine image, sets the working directory to /app, copies your Spring Boot application JAR file (replace "spring.jar" with the actual filename) and renames it to app.jar, and defines the build environment. 331 | 332 | > Line 5-7: The final stage inherits from a slimmer openjdk:17-jre-alpine image, exposes the container port (usually 8080 for Spring Boot apps), and defines the ENTRYPOINT command to run java -jar app.jar, launching your application at runtime. 333 | 334 | 335 | ## Step 2: Build and Run the Docker Container 336 | 337 | 1. Build the Docker image: 338 | ```bash 339 | sudo docker build -t spring.server.io . 340 | ``` 341 | 342 | 2. Run the Docker container: 343 | ```bash 344 | sudo docker run -d -p 8080:8080 --name spring.server.io-container spring.server.io 345 | ``` 346 | - This command maps port 8080 on your server to port 8080 in the container. 347 | 348 | ## Step 3: Configure Nginx as a Reverse Proxy 349 | 350 | ![Reverse Proxy](image-2.png) 351 | 352 | 1. On your server, edit the Nginx configuration file to set up a reverse proxy. Open the configuration file: 353 | ```bash 354 | sudo nano /etc/nginx/sites-available/spring-site-proxy 355 | ``` 356 | 357 | 2. Add the following configuration: 358 | ```nginx 359 | server { 360 | listen 80; 361 | server_name spring.server.io www.spring.server.io; 362 | 363 | location / { 364 | proxy_pass http://localhost:8080; 365 | proxy_set_header Host $host; 366 | proxy_set_header X-Real-IP $remote_addr; 367 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 368 | proxy_set_header X-Forwarded-Proto $scheme; 369 | } 370 | 371 | # Define access log and error log locations 372 | access_log /var/log/nginx/spring-site-proxy.access.log; 373 | error_log /var/log/nginx/spring-site-proxy.error.log; 374 | } 375 | ``` 376 | 377 | **Explanation of the Nginx Server Configuration** 378 | 379 | This Nginx configuration sets up a server to handle HTTP requests and proxy them to a Docker container running on port 8080. Here’s a detailed breakdown of the configuration: 380 | 381 | - **Server Block:** 382 | - The `server` block defines the configuration for handling requests to your server. 383 | 384 | - **Listening Port:** 385 | - `listen 80;` 386 | - Specifies that the server will listen on port 80, the default port for HTTP traffic. 387 | 388 | - **Server Name:** 389 | - `server_name spring.server.io www.spring.server.io;` 390 | - Defines the domain names that this server block should respond to. Here, it will respond to requests for `spring.server.io` and `www.spring.server.io`. 391 | 392 | - **Location Block:** 393 | - `location / { ... }` 394 | - The `location /` block defines how to handle requests for the root URL and its subpaths. 395 | 396 | - **Proxy Pass:** 397 | - `proxy_pass http://localhost:8080;` 398 | - This directive passes requests from Nginx to the backend server running on `http://localhost:8080`. In this case, it's the Docker container serving the spring app. 399 | 400 | - **Proxy Headers:** 401 | - `proxy_set_header Host $host;` 402 | - Sets the `Host` header in the proxied request to the original host requested by the client. 403 | - `proxy_set_header X-Real-IP $remote_addr;` 404 | - Sets the `X-Real-IP` header in the proxied request to the IP address of the client making the request. 405 | - `proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;` 406 | - Adds the client’s IP address to the `X-Forwarded-For` header, which is a standard header used for identifying the originating IP address of a client connecting to a web server through an HTTP proxy or load balancer. 407 | - `proxy_set_header X-Forwarded-Proto $scheme;` 408 | - Sets the `X-Forwarded-Proto` header to the scheme (HTTP or HTTPS) used by the client to connect to the server. 409 | 410 | - **Access Log:** 411 | - `access_log /var/log/nginx/spring-site-proxy.access.log;` 412 | - Defines the location of the access log file, where Nginx will log details of every request processed by this server block. 413 | 414 | - **Error Log:** 415 | - `error_log /var/log/nginx/spring-site-proxy.error.log;` 416 | - Specifies the location of the error log file, where Nginx will log errors encountered while processing requests. 417 | 418 | 3. Enable the configuration by creating a symbolic link to the `sites-enabled` directory: 419 | ```bash 420 | sudo ln -s /etc/nginx/sites-available/spring-site-proxy /etc/nginx/sites-enabled/ 421 | ``` 422 | 423 | 4. Test the Nginx configuration for syntax errors: 424 | ```bash 425 | sudo nginx -t 426 | ``` 427 | 428 | 5. Reload Nginx to apply the changes: 429 | ```bash 430 | sudo systemctl reload nginx 431 | ``` 432 | 433 | ## Step 4: Verify the Deployment 434 | 435 | 1. Open a web browser on your client machine. 436 | 2. Navigate to `http://spring.server.io` to see your deployed spring app served through Nginx and Docker. -------------------------------------------------------------------------------- /deployment/spring/default.conf: -------------------------------------------------------------------------------- 1 | server { 2 | listen 80 default_server; 3 | listen [::]:80 default_server; 4 | charset utf-8; 5 | access_log off; 6 | 7 | 8 | server_name 127.0.0.1; 9 | 10 | location / { 11 | proxy_pass http://localhost:8080; 12 | proxy_set_header Host $host:$server_port; 13 | proxy_set_header X-Forwarded-Host $server_name; 14 | proxy_set_header X-Real-IP $remote_addr; 15 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 16 | } 17 | } -------------------------------------------------------------------------------- /deployment/spring/image-1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/deployment/spring/image-1.png -------------------------------------------------------------------------------- /deployment/spring/image-2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/deployment/spring/image-2.png -------------------------------------------------------------------------------- /deployment/spring/image.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/deployment/spring/image.png -------------------------------------------------------------------------------- /deployment/spring/spring.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/deployment/spring/spring.zip -------------------------------------------------------------------------------- /deployment/static/angular/Angular.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/deployment/static/angular/Angular.md -------------------------------------------------------------------------------- /deployment/static/html/README.md: -------------------------------------------------------------------------------- 1 | # Deploying a Static Website with Nginx and with/without Docker 2 | 3 | ![Deploying a Static Website with Nginx with/without Docker](image.png) 4 | 5 | A static website is a collection of web pages with fixed content. Each page is coded in HTML and displays the same information to every visitor. Static websites are ideal for showcasing content that doesn't change frequently, such as personal blogs, portfolios, and informational sites. They are easy to create, secure, and can be hosted on any web server, making them a popular choice for many web projects. In this lab, we will learn how to deploy a static website using Nginx, a powerful and efficient web server. 6 | 7 | 8 | > Note: Before starting this lab, ensure you have completed the following prerequisites: 9 | > - Setting up the client-server environment as described in the [Environment Setup](../../Prerequisites.md) section. Proper DNS configuration and hostname setup are essential for the exercises in this lab. 10 | > - Installing Nginx as outlined in the [Nginx Installation Guide](../../nginx/README.md). 11 | > - Alternatively, if you prefer to use Docker, make sure Docker is installed and running on your server. You can refer to the [Docker Installation Guide](../../../docker/README.md) for detailed instructions. 12 | 13 | In this lab, we will learn how to deploy a static website on an Ubuntu server using Nginx. We will cover how to transfer your project to the server using SCP or a GitHub repository.For this lab, we will use the subdomain static.server.io and a demo project named [dome.zip](demo.zip) is attached in the same directory as this lab for your convenience. 14 | 15 | ## Deploying a Static Website Using Nginx without Docker 16 | 17 | ### Step 1: Connect to the Server and Create the Website Folder 18 | #### Connect to the Server: 19 | 20 | 1. Open a terminal on your local machine. 21 | 22 | 2. Use SSH to connect to your Ubuntu server. Replace and with your server’s username and IP address: 23 | 24 | ```bash 25 | ssh @ 26 | ``` 27 | 28 | Example: 29 | 30 | ```bash 31 | ssh serverio@192.168.1.10 32 | ``` 33 | 2. Create the Website Folder: 34 | 35 | Once connected to the server, create the directory structure for your static website. This structure will include a specific folder for your domain static.server.io. Run the following commands: 36 | 37 | ```bash 38 | sudo mkdir -p /var/www/static.server.io/html 39 | ``` 40 | 41 | 3. Set Permissions: 42 | 43 | Next, assign ownership of the directory with the $USER environment variable: 44 | 45 | ```bash 46 | sudo chown -R $USER:$USER /var/www/static.server.io/html 47 | ``` 48 | 49 | The permissions of your web roots should be correct if you haven’t modified your umask value, which sets default file permissions. To ensure that your permissions are correct and allow the owner to read, write, and execute the files while granting only read and execute permissions to groups and others, you can input the following command: 50 | 51 | ```bash 52 | sudo chmod -R 755 /var/www/static.server.io/html 53 | ``` 54 | 55 | ### Step 2: Transfer the Static Website Files 56 | You can transfer your static website files to the server using SCP or by cloning a GitHub repository. 57 | 58 | #### Using SCP: 59 | 60 | 1. Open a terminal on your local machine. 61 | 62 | 2. Use the scp command to transfer the files. Replace with the path to your project directory and and with your server's username and IP address: 63 | 64 | ```bash 65 | scp -r @:/var/www/html/static-site 66 | ``` 67 | Example: 68 | 69 | ```bash 70 | scp -r ./demo.zip serverio@192.168.1.10:/var/www/static.server.io/html 71 | ``` 72 | 73 | 3. Connect to server and unzip the project files: 74 | 75 | ```bash 76 | sudo apt install unzip 77 | cd /var/www/static.server.io/html 78 | unzip demo.zip 79 | ``` 80 | 81 | #### Using GitHub: 82 | 83 | 1. Navigate to the web root directory: 84 | 85 | ```bash 86 | cd /var/www/static.server.io 87 | ``` 88 | 2. Clone your repository: 89 | ```bash 90 | git clone https://github.com/yourusername/static-website.git static-website 91 | ``` 92 | 93 | ### Step 3: Configure Nginx 94 | 1. Create a new Nginx configuration file for your static site: 95 | 96 | ```bash 97 | sudo nano /etc/nginx/sites-available/static.server.io 98 | ``` 99 | 100 | 2. Add the following configuration to the file: 101 | 102 | ```nginx 103 | server { 104 | listen 80; 105 | server_name static.server.io www.static.server.io; 106 | 107 | # Define the root directory for your static files 108 | root /var/www/static.server.io/html; 109 | 110 | # Configure access to static files 111 | location / { 112 | try_files $uri $uri/ =404; 113 | } 114 | 115 | # Additional configuration options can be added here 116 | 117 | # Define access log and error log locations 118 | access_log /var/log/nginx/static.server.io.access.log; 119 | error_log /var/log/nginx/static.server.io.error.log; 120 | 121 | # Add any other server-specific configurations here 122 | 123 | } 124 | ``` 125 | 126 | **Explanation of the Nginx Server Configuration** 127 | 128 | This Nginx configuration sets up a basic HTTP server for the domain `static.server.io` and its `www` subdomain. It serves static files from `/var/www/static.server.io/html` and logs access and error information to specified log files. The `try_files` directive ensures that only existing files or directories are served; otherwise, a `404` error is returned. 129 | 130 | - **Server Block:** 131 | - The `server` block defines the configuration for handling requests to your server. 132 | 133 | - **Listening Port:** 134 | - `listen 80;` 135 | - Specifies that the server will listen on port 80, the default port for HTTP traffic. 136 | 137 | - **Server Name:** 138 | - `server_name static.server.io www.static.server.io;` 139 | - Defines the domain names that this server block should respond to. Here, it will respond to requests for `static.server.io` and `www.static.server.io`. 140 | 141 | - **Root Directory:** 142 | - `root /var/www/static.server.io/html;` 143 | - Specifies the root directory where the static files for the website are located. Nginx will serve files from this directory. 144 | 145 | - **Location Block:** 146 | - `location / { try_files $uri $uri/ =404; }` 147 | - The `location /` block defines how to handle requests for the root URL and its subpaths. 148 | - The `try_files` directive checks for the existence of the requested file (`$uri`) or directory (`$uri/`). If neither is found, it returns a `404 Not Found` error. 149 | 150 | - **Access Log:** 151 | - `access_log /var/log/nginx/example.com.access.log;` 152 | - Defines the location of the access log file, where Nginx will log details of every request processed by this server block. 153 | 154 | - **Error Log:** 155 | - `error_log /var/log/nginx/example.com.error.log;` 156 | - Specifies the location of the error log file, where Nginx will log errors encountered while processing requests. 157 | 158 | - **Additional Configuration:** 159 | - Comments `# Additional configuration options can be added here` and `# Add any other server-specific configurations here` are placeholders for any extra configurations you might want to include, such as security headers, gzip compression, etc. 160 | 161 | 3. Enable the configuration by creating a symbolic link to the sites-enabled directory: 162 | 163 | ```bash 164 | sudo ln -s /etc/nginx/sites-available/static.server.io /etc/nginx/sites-enabled/ 165 | ``` 166 | 167 | 4. Test the Nginx configuration for syntax errors: 168 | 169 | ```bash 170 | sudo nginx -t 171 | ``` 172 | 5. Reload Nginx to apply the changes: 173 | 174 | ```bash 175 | sudo systemctl reload nginx 176 | ``` 177 | 178 | ### Step 4: Verify the Deployment 179 | Open a web browser on your client machine. 180 | Navigate to http://static.server.io to see your deployed static website. 181 | 182 | ![alt text](image-1.png) 183 | 184 | 185 | ## Deploying a Static Website Using Nginx with Docker 186 | 187 | ### Step 1: Create a Dockerfile for Your Static Website 188 | 189 | 1. Create a new directory for your project: 190 | 191 | ```bash 192 | sudo mkdir -p /workdir/static.server.io 193 | 194 | sudo chown -R $USER:$USER /workdir/static.server.io 195 | sudo chmod -R 755 /workdir/static.server.io 196 | 197 | cd /workdir/static.server.io 198 | ``` 199 | 200 | 2. Inside this directory, create a `Dockerfile` with the following content: 201 | ```Dockerfile 202 | # Use the official Nginx image from the Docker Hub 203 | FROM nginx:alpine 204 | 205 | # Copy static website files to the Nginx HTML directory 206 | COPY . /usr/share/nginx/html 207 | 208 | # Expose port 80 209 | EXPOSE 80 210 | ``` 211 | 212 | 3. Add your static website files (e.g., `index.html`, `styles.css`, etc.) to this directory using SCP or GitHub as explained in the previous section 213 | 214 | ## Step 2: Build and Run the Docker Container 215 | 216 | 1. Build the Docker image: 217 | ```bash 218 | sudo docker build -t static.server.io . 219 | ``` 220 | 221 | 2. Run the Docker container: 222 | ```bash 223 | sudo docker run -d -p 8080:80 --name static.server.io-container static.server.io 224 | ``` 225 | - This command maps port 8080 on your server to port 80 in the container. 226 | 227 | 2. Show the list if the container: 228 | ```bash 229 | sudo docker container ls 230 | ``` 231 | 232 | ```bash 233 | Output 234 | ... 235 | 483baed20cc4 static.server.io "/docker-entrypoint.…" 18 seconds ago Up 17 seconds 0.0.0.0:8080->80/tcp, :::8080->80/tcp static.server.io-container 236 | ... 237 | ``` 238 | 239 | ## Step 3: Configure Nginx as a Reverse Proxy 240 | 241 | 1. On your server, edit the Nginx configuration file to set up a reverse proxy. Open the configuration file: 242 | ```bash 243 | sudo nano /etc/nginx/sites-available/static-site-proxy 244 | ``` 245 | 246 | 2. Add the following configuration: 247 | ```nginx 248 | server { 249 | listen 80; 250 | server_name static.server.io www.static.server.io; 251 | 252 | location / { 253 | proxy_pass http://localhost:8080; 254 | proxy_set_header Host $host; 255 | proxy_set_header X-Real-IP $remote_addr; 256 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 257 | proxy_set_header X-Forwarded-Proto $scheme; 258 | } 259 | 260 | # Define access log and error log locations 261 | access_log /var/log/nginx/static-site-proxy.access.log; 262 | error_log /var/log/nginx/static-site-proxy.error.log; 263 | } 264 | ``` 265 | 266 | **Explanation of the Nginx Server Configuration** 267 | 268 | This Nginx configuration sets up a server to handle HTTP requests and proxy them to a Docker container running on port 8080. Here’s a detailed breakdown of the configuration: 269 | 270 | - **Server Block:** 271 | - The `server` block defines the configuration for handling requests to your server. 272 | 273 | - **Listening Port:** 274 | - `listen 80;` 275 | - Specifies that the server will listen on port 80, the default port for HTTP traffic. 276 | 277 | - **Server Name:** 278 | - `server_name static.server.io www.static.server.io;` 279 | - Defines the domain names that this server block should respond to. Here, it will respond to requests for `static.server.io` and `www.static.server.io`. 280 | 281 | - **Location Block:** 282 | - `location / { ... }` 283 | - The `location /` block defines how to handle requests for the root URL and its subpaths. 284 | 285 | - **Proxy Pass:** 286 | - `proxy_pass http://localhost:8080;` 287 | - This directive passes requests from Nginx to the backend server running on `http://localhost:8080`. In this case, it's the Docker container serving the static website. 288 | 289 | - **Proxy Headers:** 290 | - `proxy_set_header Host $host;` 291 | - Sets the `Host` header in the proxied request to the original host requested by the client. 292 | - `proxy_set_header X-Real-IP $remote_addr;` 293 | - Sets the `X-Real-IP` header in the proxied request to the IP address of the client making the request. 294 | - `proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;` 295 | - Adds the client’s IP address to the `X-Forwarded-For` header, which is a standard header used for identifying the originating IP address of a client connecting to a web server through an HTTP proxy or load balancer. 296 | - `proxy_set_header X-Forwarded-Proto $scheme;` 297 | - Sets the `X-Forwarded-Proto` header to the scheme (HTTP or HTTPS) used by the client to connect to the server. 298 | 299 | - **Access Log:** 300 | - `access_log /var/log/nginx/static-site-proxy.access.log;` 301 | - Defines the location of the access log file, where Nginx will log details of every request processed by this server block. 302 | 303 | - **Error Log:** 304 | - `error_log /var/log/nginx/static-site-proxy.error.log;` 305 | - Specifies the location of the error log file, where Nginx will log errors encountered while processing requests. 306 | 307 | 308 | 309 | 310 | 3. Enable the configuration by creating a symbolic link to the `sites-enabled` directory: 311 | ```bash 312 | sudo ln -s /etc/nginx/sites-available/static-site-proxy /etc/nginx/sites-enabled/ 313 | ``` 314 | 315 | 4. Test the Nginx configuration for syntax errors: 316 | ```bash 317 | sudo nginx -t 318 | ``` 319 | 320 | 5. Reload Nginx to apply the changes: 321 | ```bash 322 | sudo systemctl reload nginx 323 | ``` 324 | 325 | ## Step 4: Verify the Deployment 326 | 327 | 1. Open a web browser on your client machine. 328 | 2. Navigate to `http://static.server.io` to see your deployed static website served through Nginx and Docker. 329 | 330 | ![alt text](image-2.png) -------------------------------------------------------------------------------- /deployment/static/html/demo.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/deployment/static/html/demo.zip -------------------------------------------------------------------------------- /deployment/static/html/image-1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/deployment/static/html/image-1.png -------------------------------------------------------------------------------- /deployment/static/html/image-2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/deployment/static/html/image-2.png -------------------------------------------------------------------------------- /deployment/static/html/image.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/deployment/static/html/image.png -------------------------------------------------------------------------------- /deployment/static/react/React.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/deployment/static/react/React.md -------------------------------------------------------------------------------- /deployment/static/vue/Vue.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/deployment/static/vue/Vue.md -------------------------------------------------------------------------------- /docker/README.md: -------------------------------------------------------------------------------- 1 | ![alt text](image-1.png) 2 | 3 | Docker est une plateforme logicielle qui permet de créer, déployer et gérer des applications dans des conteneurs. Les conteneurs sont des unités légères, portables et autonomes qui incluent tout le nécessaire pour exécuter une application : le code, les bibliothèques, les dépendances et les fichiers de configuration. Grâce à Docker, les développeurs peuvent standardiser leur environnement de développement, ce qui facilite grandement le déploiement et la mise à l'échelle des applications sur différents systèmes. 4 | 5 | Lancé en 2013 par Docker Inc., Docker a rapidement gagné en popularité grâce à sa capacité à simplifier le processus de développement et de déploiement des logiciels. Avant Docker, les développeurs devaient souvent gérer des environnements complexes et variés, ce qui pouvait entraîner des problèmes de compatibilité et de configuration. Docker résout ces problèmes en fournissant un environnement cohérent et reproductible, ce qui améliore la collaboration entre les équipes de développement et d'exploitation. 6 | 7 | Les principaux avantages de Docker incluent : 8 | 9 | 1. **Isolation des applications** : Chaque conteneur fonctionne de manière isolée, ce qui permet de s'assurer que les applications ne se chevauchent pas et n'interfèrent pas les unes avec les autres. 10 | 2. **Portabilité** : Les conteneurs Docker peuvent être exécutés de manière identique sur n'importe quel système prenant en charge Docker, qu'il s'agisse d'un ordinateur portable de développement, d'un serveur de production ou d'un cloud. 11 | 3. **Efficacité des ressources** : Les conteneurs partagent le même noyau du système d'exploitation, ce qui permet une utilisation plus efficace des ressources par rapport aux machines virtuelles traditionnelles. 12 | 4. **Déploiement et mise à l'échelle rapides** : Les conteneurs peuvent être créés, démarrés, arrêtés et répliqués rapidement, ce qui facilite le déploiement et la mise à l'échelle des applications. 13 | 14 | ## 1 — Installation de Docker 15 | 16 | Le paquet d'installation de Docker disponible dans le dépôt officiel d'Ubuntu peut ne pas être la dernière version. Pour nous assurer d'obtenir la version la plus récente, nous allons installer Docker à partir du dépôt officiel de Docker. Pour ce faire, nous allons ajouter une nouvelle source de paquets, ajouter la clé GPG de Docker pour garantir la validité des téléchargements, puis installer le paquet. 17 | 18 | Tout d'abord, mettez à jour votre liste de paquets existants : 19 | 20 | ``` 21 | sudo apt update 22 | ``` 23 | 24 | Ensuite, installez quelques paquets prérequis qui permettent à apt d'utiliser des paquets via HTTPS : 25 | 26 | ``` 27 | sudo apt install apt-transport-https ca-certificates curl software-properties-common 28 | ``` 29 | 30 | Ajoutez ensuite la clé GPG pour le dépôt officiel de Docker à votre système : 31 | 32 | ``` 33 | curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg 34 | ``` 35 | 36 | Ajoutez le dépôt Docker aux sources APT : 37 | 38 | ``` 39 | echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null 40 | ``` 41 | 42 | Mettez à jour à nouveau votre liste de paquets existants pour que l'ajout soit reconnu : 43 | 44 | ``` 45 | sudo apt update 46 | ``` 47 | 48 | Assurez-vous que vous allez installer à partir du dépôt Docker au lieu du dépôt par défaut d'Ubuntu : 49 | 50 | ``` 51 | apt-cache policy docker-ce 52 | ``` 53 | 54 | Vous verrez une sortie similaire à celle-ci, bien que le numéro de version de Docker puisse être différent : 55 | 56 | ``` 57 | Output 58 | docker-ce: 59 | Installed: (none) 60 | Candidate: 5:20.10.14~3-0~ubuntu-jammy 61 | Version table: 62 | 5:20.10.14~3-0~ubuntu-jammy 500 63 | 500 https://download.docker.com/linux/ubuntu jammy/stable amd64 Packages 64 | 5:20.10.13~3-0~ubuntu-jammy 500 65 | 500 https://download.docker.com/linux/ubuntu jammy/stable amd64 Packages 66 | 67 | ``` 68 | 69 | Remarquez que docker-ce n'est pas installé, mais le candidat pour l'installation provient du dépôt Docker pour Ubuntu 22.04 (jammy). 70 | 71 | Enfin, installez Docker : 72 | 73 | ``` 74 | sudo apt install docker-ce 75 | ``` 76 | 77 | Docker devrait maintenant être installé, le démon démarré, et le processus activé pour démarrer au boot. Vérifiez que Docker fonctionne : 78 | 79 | ``` 80 | sudo systemctl status docker 81 | ``` 82 | 83 | La sortie devrait être similaire à ce qui suit, montrant que le service est actif et en cours d'exécution : 84 | 85 | ``` 86 | Output 87 | ● docker.service - Docker Application Container Engine 88 | Loaded: loaded (/lib/systemd/system/docker.service; enabled; vendor preset: enabled) 89 | Active: active (running) since Fri 2022-04-01 21:30:25 UTC; 22s ago 90 | TriggeredBy: ● docker.socket 91 | Docs: https://docs.docker.com 92 | Main PID: 7854 (dockerd) 93 | Tasks: 7 94 | Memory: 38.3M 95 | CPU: 340ms 96 | CGroup: /system.slice/docker.service 97 | └─7854 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock 98 | 99 | ``` 100 | 101 | L'installation de Docker vous donne non seulement le service Docker (démon) mais aussi l'utilitaire en ligne de commande docker, ou le client Docker. Nous explorerons comment utiliser la commande docker plus tard dans ce tutoriel. 102 | 103 | ## 2 — Exécution de la Commande Docker Sans Sudo (Optionnel) 104 | Par défaut, la commande docker ne peut être exécutée que par l'utilisateur root ou par un utilisateur du groupe docker, qui est automatiquement créé lors de l'installation de Docker. Si vous essayez d'exécuter la commande docker sans la préfixer par sudo ou sans être dans le groupe docker, vous obtiendrez une sortie comme celle-ci : 105 | 106 | ``` 107 | Output 108 | docker: Cannot connect to the Docker daemon. Is the docker daemon running on this host?. 109 | See 'docker run --help'. 110 | ``` 111 | 112 | Si vous souhaitez éviter de taper sudo chaque fois que vous exécutez la commande docker, ajoutez votre nom d'utilisateur au groupe docker : 113 | 114 | ``` 115 | sudo usermod -aG docker ${USER} 116 | ``` 117 | 118 | Pour appliquer la nouvelle appartenance au groupe, déconnectez-vous du serveur et reconnectez-vous, ou tapez la commande suivante : 119 | 120 | ``` 121 | su - ${USER} 122 | ``` 123 | Vous serez invité à entrer le mot de passe de votre utilisateur pour continuer. 124 | 125 | Confirmez que votre utilisateur est maintenant ajouté au groupe docker en tapant : 126 | 127 | ``` 128 | groups 129 | ``` 130 | 131 | Si vous avez besoin d'ajouter un utilisateur au groupe docker qui n'est pas celui avec lequel vous êtes connecté, spécifiez ce nom d'utilisateur explicitement en utilisant : 132 | 133 | ``` 134 | sudo usermod -aG docker username 135 | ``` 136 | 137 | ## 3 — Installation de Docker Compose 138 | 139 | Pour vous assurer d'obtenir la version stable la plus récente de Docker Compose, vous téléchargerez ce logiciel à partir de son dépôt officiel sur Github. 140 | 141 | Tout d'abord, confirmez la dernière version disponible sur leur page de versions. Au moment de la rédaction de ce document, la version stable la plus récente est la 2.3.3. 142 | 143 | Utilisez la commande suivante pour télécharger : 144 | 145 | ``` 146 | mkdir -p ~/.docker/cli-plugins/ 147 | ``` 148 | ``` 149 | curl -SL https://github.com/docker/compose/releases/download/v2.3.3/docker-compose-linux-x86_64 -o ~/.docker/cli-plugins/docker-compose 150 | ``` 151 | 152 | Ensuite, définissez les permissions correctes pour que la commande docker compose soit exécutable : 153 | 154 | ``` 155 | chmod +x ~/.docker/cli-plugins/docker-compose 156 | ``` 157 | 158 | Pour vérifier que l'installation a réussi, vous pouvez exécuter : 159 | 160 | ``` 161 | docker compose version 162 | ``` -------------------------------------------------------------------------------- /docker/image-1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/docker/image-1.png -------------------------------------------------------------------------------- /docker/image.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/docker/image.png -------------------------------------------------------------------------------- /images/devops.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/images/devops.png -------------------------------------------------------------------------------- /services/linux/LDAP/1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/services/linux/LDAP/1.png -------------------------------------------------------------------------------- /services/linux/LDAP/10.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/services/linux/LDAP/10.png -------------------------------------------------------------------------------- /services/linux/LDAP/2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/services/linux/LDAP/2.png -------------------------------------------------------------------------------- /services/linux/LDAP/3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/services/linux/LDAP/3.png -------------------------------------------------------------------------------- /services/linux/LDAP/4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/services/linux/LDAP/4.png -------------------------------------------------------------------------------- /services/linux/LDAP/5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/services/linux/LDAP/5.png -------------------------------------------------------------------------------- /services/linux/LDAP/6.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/services/linux/LDAP/6.png -------------------------------------------------------------------------------- /services/linux/LDAP/7.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/services/linux/LDAP/7.png -------------------------------------------------------------------------------- /services/linux/LDAP/8.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/services/linux/LDAP/8.png -------------------------------------------------------------------------------- /services/linux/LDAP/9.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/services/linux/LDAP/9.png -------------------------------------------------------------------------------- /services/linux/LDAP/README.md: -------------------------------------------------------------------------------- 1 | # LDAP (Lightweight Directory Access Protocol) 2 | 3 | ![Alt Text](ldap.jpg) 4 | 5 | LDAP stands for Lightweight Directory Access Protocol. It's a protocol used for accessing and maintaining directory services over a network. A directory service is a centralized database that stores and organizes information about users, computers, and other resources within a network. 6 | 7 | LDAP is often used in enterprise environments for tasks such as user authentication, authorization, and storing information like email addresses, phone numbers, and other attributes associated with network resources. It provides a standardized way for applications and services to query and update directory information. 8 | 9 | One of the key features of LDAP is its simplicity and efficiency, which is particularly important for large-scale directory services. It's "lightweight" compared to other directory access protocols, making it suitable for use in a wide range of environments. 10 | 11 | 12 | ## LDAP (Lightweight Directory Access Protocol) Use Cases 13 | 14 | 1. **Centralized Authentication:** 15 | LDAP is widely used for centralized authentication in organizations, where user credentials and authentication information are stored in a central LDAP directory server. This allows users to access multiple systems and applications using a single set of credentials. 16 | 17 | 2. **Single Sign-On (SSO):** 18 | LDAP can be integrated with Single Sign-On solutions to provide users with seamless access to multiple applications and services without the need to enter credentials repeatedly. Users authenticate once with their LDAP credentials, and subsequent authentication requests are handled automatically. 19 | 20 | 3. **Directory Services:** 21 | LDAP serves as a centralized repository for storing and organizing directory information, such as user accounts, groups, and organizational units. It allows administrators to efficiently manage and access directory data, including adding, modifying, and deleting entries. 22 | 23 | 4. **Address Book and Contact Management:** 24 | LDAP is commonly used to store contact information and address books for organizations. Email clients, contact management applications, and other software can query LDAP servers to retrieve contact details and organizational information. 25 | 26 | 5. **Network Authentication and Authorization:** 27 | LDAP is used for network authentication and authorization, allowing users to access network resources based on their LDAP attributes and permissions. This includes accessing file shares, printers, and other network services. 28 | 29 | 6. **Application Integration:** 30 | LDAP integration is common in applications and services that require user authentication and authorization. Many applications support LDAP authentication, allowing them to authenticate users against an LDAP directory server. 31 | 32 | 7. **Identity Management:** 33 | LDAP is a key component of identity management solutions, providing a centralized platform for managing user identities, roles, and access privileges across an organization's IT infrastructure. 34 | 35 | 8. **Virtual Private Networks (VPNs):** 36 | LDAP can be used for user authentication in VPN solutions, allowing remote users to securely access corporate networks using their LDAP credentials. 37 | 38 | 9. **Web Portals and Intranets:** 39 | LDAP integration enables web portals and intranet sites to authenticate users against an LDAP directory, providing personalized access to resources and information based on user roles and permissions. 40 | 41 | 10. **Cloud Services Integration:** 42 | LDAP integration with cloud services allows organizations to extend their identity management capabilities to cloud-based applications and platforms, ensuring consistent user authentication and access control policies across on-premises and cloud environments. 43 | 44 | ## Prerequisites 45 | To follow along in this guide, ensure that you have the following in place: 46 | 47 | - An Instance of Ubuntu 22.04 48 | - SSH connection to the server 49 | 50 | ## Without SSL 51 | 52 | ### 1) Setup Server Hostname 53 | 54 | To start, the first step is setting up the hostname or Fully Qualified Domain Name (FQDN) for your server. In this tutorial, we'll set up the OpenLDAP server with the hostname ldap.server.io and the IP address 192.168.1.10. 55 | 56 | As root, execute the following command. Make sure to substitute ldap.server.io with your desired server domain and hostname. 57 | 58 | ``` 59 | # hostnamectl set-hostname ldap.server.io 60 | ``` 61 | 62 | Then, proceed to update the /etc/hosts file with the server hostname and its corresponding IP address. This step ensures proper hostname resolution within the network. 63 | 64 | ![Hostname](2.png) 65 | 66 | Now, perform a ping to the server hostname, and you should receive a successful ping response. 67 | 68 | ``` 69 | # ping -c 3 ldap.server.io 70 | ``` 71 | 72 | ### 2) Install OpenLDAP Packages 73 | 74 | The subsequent step involves installing OpenLDAP. Execute the following command to install the OpenLDAP packages. 75 | 76 | ``` 77 | # apt install slapd ldap-utils 78 | ``` 79 | 80 | ![Install OpenLDAP Packages](3.png) 81 | 82 | During the installation, you will be prompted to configure administrator password for your LDAP server. Provide a strong one and hit ENTER. 83 | 84 | ![Install OpenLDAP Packages](4.png) 85 | 86 | Next, re-enter the password to confirm your password and hit ENTER. 87 | 88 | ![Install OpenLDAP Packages](5.png) 89 | 90 | ### 3) Setup OpenLDAP Server 91 | 92 | ``` 93 | # dpkg-reconfigure slapd 94 | ``` 95 | 96 | The command will prompt a series of questions on your terminal. Initially, select the ‘No’ option at the first prompt to ensure the OpenLDAP server configuration is not skipped. 97 | 98 | ![Setup OpenLDAP Server](6.png) 99 | 100 | Subsequently, input a DNS domain name. This will be utilized to construct the base DN of the LDAP directory. For instance, in this example, we'll use the domain name server.io, resulting in the DN represented as “dc=server,dc=io”. Then, press ‘ENTER’. 101 | 102 | ![Setup OpenLDAP Server](7.png) 103 | 104 | 105 | Following that, supply a name for your organization, which will also be incorporated into the base DN. In alignment with our previous example, we'll use the same name as the domain name. 106 | 107 | ![Setup OpenLDAP Server](8.png) 108 | 109 | Following that, input the Administrator password for your LDAP directory and press ‘ENTER’. 110 | 111 | ![Setup OpenLDAP Server](9.png) 112 | 113 | Ensure to confirm the password by retyping it and then press ‘ENTER’. 114 | 115 | ![Setup OpenLDAP Server](10.png) 116 | 117 | When prompted regarding the removal of the database when slapd is purged, select ‘NO’. 118 | 119 | ![Setup OpenLDAP Server](image.png) 120 | 121 | Lastly, select ‘Yes’ to remove the old database, making space for the new database. 122 | 123 | ![Setup OpenLDAP Server](image-1.png) 124 | 125 | Finally, you should see the following output. 126 | 127 | ![alt text](image-2.png) 128 | 129 | Next, you'll need to make modifications to the main OpenLDAP configuration file. Open it using your preferred text editor. In this example, we'll use nano. 130 | 131 | ``` 132 | $ sudo nano /etc/ldap/ldap.conf 133 | ``` 134 | 135 | Locate and uncomment the lines beginning with “BASE” and “URI” and provide the domain name for your OpenLDAP server. In our case, the “BASE” is “dc=server,dc=io” and the “URI” for the OpenLDAP server is “ldap://ldap.server.io. 136 | 137 | ![alt text](image-3.png) 138 | 139 | Save the changes and exit the configuration file. Then restart the slapd daemon and check its status using the following commands. 140 | 141 | ``` 142 | $ systemctl restart slapd 143 | $ systemctl status slapd 144 | ``` 145 | 146 | Then execute the following command to confirm the basic configuration of OpenLDAP. You should receive the following output. 147 | 148 | ``` 149 | # ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// 150 | ``` 151 | 152 | ![alt text](image-4.png) 153 | 154 | ### 4) Setup Base group for OpenLDAP Users 155 | 156 | The subsequent step involves creating a new base group for OpenLDAP users. In this demonstration, we will create two base groups: "people" and "groups". The ‘people’ group will store regular users, while the ‘groups’ group will manage the groups on your LDAP server. 157 | 158 | Therefore, we will create the base-groups file as follows. 159 | 160 | ``` 161 | # nano base-groups.ldif 162 | ``` 163 | 164 | Paste the following lines to the configuration file. 165 | 166 | ![alt text](image-5.png) 167 | 168 | Save the changes and exit. 169 | 170 | To add the base groups, execute the command ldapadd against the ‘base-groups.ldif’ file. When prompted, provide the OpenLDAP admin password and press ‘ENTER’. 171 | 172 | ``` 173 | # ldapadd -x -D cn=admin,dc=server,dc=io -W -f base-groups.ldif 174 | ``` 175 | 176 | The output will display information informing you that the groups have successfully been added. 177 | 178 | ![alt text](image-6.png) 179 | 180 | To confirm that the groups have been added, run the following command. 181 | 182 | ``` 183 | # ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// 184 | ``` 185 | 186 | The command generates a block of output displaying all the details of your LDAP configuration including the groups we have just created. 187 | 188 | ![alt text](image-7.png) 189 | 190 | ### 5) Add a new group to the Base Group 191 | 192 | With the base groups already created, in this section, we will proceed to add a new group to the ‘groups’ base group. 193 | 194 | To achieve this, we will create a new group file called group.ldif. 195 | 196 | ``` 197 | # nano group.ldif 198 | ``` 199 | 200 | Paste the following lines of code. Here, we have specified a new group called support_engineers with a group ID of 5000. 201 | 202 | ``` 203 | dn: cn=support_engineers,ou=groups,dc=server,dc=io 204 | objectClass: posixGroup 205 | cn: support_engineers 206 | gidNumber: 5000 207 | ``` 208 | 209 | Once done, save the changes and exit the configuration file. Then run the command below to add the ‘support_engineers’ group to the ‘groups’ group. 210 | 211 | ``` 212 | # ldapadd -x -D cn=admin,dc=server,dc=io -W -f group.ldif 213 | ``` 214 | 215 | The command generates the following output confirming that the support_engineers group was successfully added. 216 | 217 | ![alt text](image-8.png) 218 | 219 | Then execute the following command to verify that the group ‘support_engineers’ is part of the ‘groups’ group with a GID of ‘5000’. 220 | 221 | ``` 222 | # ldapsearch -x -LLL -b dc=server,dc=io '(cn=support_engineers)' gidNumber 223 | ``` 224 | 225 | ![alt text](image-9.png) 226 | 227 | ### 5) Create a new OpenLDAP User 228 | 229 | The final step is to create an OpenLDAP user and associate the user with a specific base group. However, before proceeding, you need to generate an encrypted password for the user. Execute the following command, ensuring to provide a strong password. 230 | 231 | ``` 232 | # slappasswd 233 | ``` 234 | 235 | The password will be printed in an encrypted format. Copy the entire password beginning with {SSHA}to the last character and paste it somewhere as you will need this in the next step. 236 | 237 | ![alt text](image-10.png) 238 | 239 | Next, create a new user file as shown. 240 | 241 | ``` 242 | # nano user.ldif 243 | ``` 244 | 245 | Paste the following lines of code. In this configuration, we are creating a new user called ‘Mehdi’ with a UID of 7000. The default home directory will be “/home/mehdi” and the default login shell “/bin/bash”. The new user will be a part of the base group called ‘people’ with a GID of 7000. 246 | 247 | ![alt text](image-14.png) 248 | 249 | Save and exit the configuration file 250 | 251 | To add the user to the ‘people’ group, run the following command: 252 | 253 | ``` 254 | # ldapadd -x -D cn=admin,dc=server,dc=io -W -f user.ldif 255 | ``` 256 | 257 | You should get the following confirmation output. 258 | 259 | ![alt text](image-12.png) 260 | 261 | To confirm the creation of the user, execute the command. 262 | 263 | ``` 264 | # ldapsearch -x -LLL -b dc=server,dc=io '(uid=alex)' cn uidNumber gidNumber 265 | ``` 266 | 267 | ![alt text](image-13.png) 268 | 269 | 270 | ### 6) Configure LDAP Client in order to share user accounts in your local networks. 271 | 272 | Install LDAP Client Packages 273 | 274 | ``` 275 | # apt -y install libnss-ldapd libpam-ldapd ldap-utils 276 | ``` 277 | 278 | Configure LDAP Connection: 279 | 280 | Edit the LDAP client configuration file (/etc/ldap/ldap.conf or /etc/openldap/ldap.conf) to specify the LDAP server's URI, base DN, and other connection parameters. 281 | 282 | ![alt text](image-15.png) 283 | 284 | Configure Name Service Switch (NSS): 285 | 286 | Configure the Name Service Switch (/etc/nsswitch.conf) to use LDAP for user authentication, group lookup, and other services. 287 | Example configuration: 288 | 289 | ``` 290 | passwd: files ldap 291 | group: files ldap 292 | shadow: files ldap 293 | ``` 294 | 295 | Configure PAM Authentication: 296 | 297 | Configure the Pluggable Authentication Modules (PAM) system to use LDAP for user authentication. 298 | Edit PAM configuration files in /etc/pam.d/ (e.g., common-auth, common-account, common-password, common-session) to include LDAP authentication. 299 | Example configuration (in common-auth): 300 | 301 | ``` 302 | # sudo nano /etc/pam.d/common-session 303 | ``` 304 | 305 | ``` 306 | auth [success=1 default=ignore] pam_unix.so nullok_secure 307 | auth requisite pam_deny.so 308 | auth required pam_ldap.so use_first_pass 309 | ``` 310 | 311 | Test the LDAP connection using utilities like ldapsearch or getent. 312 | 313 | ``` 314 | ldapsearch -x -LLL -H ldap://ldap.server.io -b dc=server,dc=io '(uid=mehdi)' getent passwd 315 | ``` 316 | 317 | Restart Service: 318 | 319 | ``` 320 | sudo systemctl restart nscd 321 | ``` 322 | 323 | Test user authentication by logging in with LDAP user credentials on the client system. 324 | 325 | 326 | 327 | 328 | 329 | 330 | 331 | 332 | 333 | 334 | 335 | 336 | 337 | 338 | 339 | 340 | 341 | 342 | 343 | 344 | 345 | -------------------------------------------------------------------------------- /services/linux/LDAP/image-1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/services/linux/LDAP/image-1.png -------------------------------------------------------------------------------- /services/linux/LDAP/image-10.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/services/linux/LDAP/image-10.png -------------------------------------------------------------------------------- /services/linux/LDAP/image-11.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/services/linux/LDAP/image-11.png -------------------------------------------------------------------------------- /services/linux/LDAP/image-12.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/services/linux/LDAP/image-12.png -------------------------------------------------------------------------------- /services/linux/LDAP/image-13.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/services/linux/LDAP/image-13.png -------------------------------------------------------------------------------- /services/linux/LDAP/image-14.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/services/linux/LDAP/image-14.png -------------------------------------------------------------------------------- /services/linux/LDAP/image-15.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/services/linux/LDAP/image-15.PNG -------------------------------------------------------------------------------- /services/linux/LDAP/image-2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/services/linux/LDAP/image-2.png -------------------------------------------------------------------------------- /services/linux/LDAP/image-3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/services/linux/LDAP/image-3.png -------------------------------------------------------------------------------- /services/linux/LDAP/image-4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/services/linux/LDAP/image-4.png -------------------------------------------------------------------------------- /services/linux/LDAP/image-5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/services/linux/LDAP/image-5.png -------------------------------------------------------------------------------- /services/linux/LDAP/image-6.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/services/linux/LDAP/image-6.png -------------------------------------------------------------------------------- /services/linux/LDAP/image-7.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/services/linux/LDAP/image-7.png -------------------------------------------------------------------------------- /services/linux/LDAP/image-8.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/services/linux/LDAP/image-8.png -------------------------------------------------------------------------------- /services/linux/LDAP/image-9.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/services/linux/LDAP/image-9.png -------------------------------------------------------------------------------- /services/linux/LDAP/image.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/services/linux/LDAP/image.png -------------------------------------------------------------------------------- /services/linux/LDAP/ldap.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/services/linux/LDAP/ldap.jpg -------------------------------------------------------------------------------- /services/linux/Postfix/README.md: -------------------------------------------------------------------------------- 1 | # Install and Configure SMTP Server with Postfix on Ubuntu 2 | 3 | ![alt text](image.png) 4 | 5 | SMTP (Simple Mail Transfer Protocol) is a program used to facilitate the sending, receiving, and relaying of outgoing emails between mail servers, enabling communication between senders and receivers. This section provides a guide on installing and configuring an SMTP server with Postfix on Ubuntu. SMTP is essential for email communication, as it determines which servers will receive relay messages. 6 | 7 | A mail server encompasses systems responsible for collecting, processing, and delivering email messages. Every email message must pass through a mail server before reaching its intended recipient, much like a traditional mail carrier. 8 | 9 | Without servers, email communication would be limited to recipients within the same domain. SMTP servers provide addresses that mail clients or applications can establish connections with, facilitating the transmission of emails. 10 | 11 | Postfix serves as the mail transfer agent (MTA) for sending and receiving emails. It can be configured to restrict usage to local applications, which proves useful in scenarios where third-party email service providers impose limitations on sending email notifications or when handling significant outgoing traffic. Despite its lightweight nature, Postfix retains essential functionality, making it a suitable option for maintaining an efficient SMTP server setup. 12 | 13 | ## Prerequisites 14 | 15 | Configure DNS settings on your Ubuntu server to ensure proper domain resolution. DNS plays a crucial role in email delivery by translating domain names into IP addresses and vice versa. Proper DNS configuration ensures that your SMTP server can resolve domain names and deliver emails to the correct destinations. 16 | 17 | If you do not have access to a DNS server, you can still configure your mail server using the local hostname method. This involves manually setting the hostname and ensuring it resolves correctly within your local network. Here’s how you can do it: 18 | 19 | ## Setting up and configuring the hostname for a mail server 20 | 21 | 1. Check Current Hostname: 22 | Open a terminal and type the following command to check your current hostname: 23 | 24 | ``` 25 | $ hostnamectl 26 | ``` 27 | 28 | 2. Set the New Hostname: 29 | Use the hostnamectl command to set a new hostname. Replace your-new-hostname with your desired hostname: 30 | 31 | ``` 32 | $ sudo hostnamectl set-hostname your-new-hostname 33 | ``` 34 | 35 | 3. Edit the /etc/hosts File: 36 | Open the /etc/hosts file in a text editor: 37 | ``` 38 | $ sudo nano /etc/hosts 39 | ``` 40 | 41 | Add or modify the lines to associate your new hostname with the loopback address. For example: 42 | ``` 43 | 127.0.0.1 localhost 44 | 127.0.1.1 example.com 45 | xxx.xxx.xxx.xxx example.com # server ip 46 | xxx.xxx.xxx.xxx mail.example.com # server ip 47 | ``` 48 | 49 | ![alt text](image-1.png) 50 | 51 | ## 1. Install & Configure Postfix 52 | 53 | Connect to your server via SSH and install the Postfix server by executing the following commands: 54 | 55 | ``` 56 | $ sudo apt update -y 57 | $ sudo apt install -y postfix 58 | ``` 59 | 60 | You'll get the Postfix configuration screen, as shown below. Press TAB and ENTER to continue. 61 | 62 | ![alt text](image-2.png) 63 | 64 | On the next screen, select Internet Site, then TAB and ENTER. 65 | 66 | ![alt text](image-3.png) 67 | 68 | Enter the system mail name, which is your domain name. For instance, the server name is mail.example.com, so you'll enter example.com here. 69 | 70 | ![alt text](image-4.png) 71 | 72 | Back up the the /etc/postfix/main.cf file, and create a new one. 73 | 74 | ``` 75 | $ sudo mv /etc/postfix/main.cf /etc/postfix/main.cf.bk 76 | $ sudo nano /etc/postfix/main.cf 77 | ``` 78 | Enter the information below to the new file. Replace example.com with your domain name throughout the file. 79 | 80 | ``` 81 | smtpd_banner = $myhostname ESMTP $mail_name 82 | biff = no 83 | append_dot_mydomain = no 84 | readme_directory = no 85 | 86 | # TLS parameters 87 | smtp_use_tls = yes 88 | smtp_tls_security_level = may 89 | smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache 90 | 91 | smtpd_use_tls = yes 92 | smtpd_tls_security_level = may 93 | smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache 94 | smtpd_tls_cert_file = /etc/letsencrypt/live/example.com/fullchain.pem 95 | smtpd_tls_key_file = /etc/letsencrypt/live/example.com/privkey.pem 96 | smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination 97 | 98 | smtpd_sasl_auth_enable = yes 99 | smtpd_sasl_type = dovecot 100 | smtpd_sasl_path = private/auth 101 | 102 | virtual_transport = lmtp:unix:private/dovecot-lmtp 103 | virtual_mailbox_domains = /etc/postfix/virtual_mailbox_domains 104 | 105 | myhostname = mail.example.com 106 | myorigin = /etc/mailname 107 | mydestination = localhost.$mydomain, localhost 108 | relayhost = 109 | mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 110 | mailbox_size_limit = 0 111 | recipient_delimiter = + 112 | inet_interfaces = all 113 | inet_protocols = all 114 | alias_maps = hash:/etc/aliases 115 | alias_database = hash:/etc/aliases 116 | ``` 117 | Save and close the file. 118 | 119 | ## 2. Create Virtual Mail Box Domains 120 | 121 | The main.cf configuration file instructs postfix to look for email domains in the /etc/postfix/virtual_mailbox_domains file. Create the file: 122 | 123 | ``` 124 | $ sudo nano /etc/postfix/virtual_mailbox_domains 125 | ``` 126 | 127 | Add the information below to the file and replace example.com with your domain name. 128 | 129 | ``` 130 | example.com #domain 131 | ``` 132 | 133 | Use the postmap command to change /etc/postfix/virtual_mailbox_domains to a format recognizable by Postfix. Run this command every time you edit the file, for instance, after adding more domains to the file. 134 | 135 | $ sudo postmap /etc/postfix/virtual_mailbox_domains 136 | 137 | Edit the /etc/postfix/master.cf configuration file to enable the SMTP service. 138 | 139 | ``` 140 | $ sudo nano /etc/postfix/master.cf 141 | ``` 142 | 143 | Find the entry below. 144 | ``` 145 | ... 146 | #submission inet n - y - - smtpd 147 | ... 148 | ``` 149 | Remove the pound symbol at the beginning of the line. 150 | 151 | ``` 152 | ... 153 | submission inet n - y - - smtpd 154 | ... 155 | ``` 156 | 157 | Save and close the file. 158 | 159 | 160 | ## 3. Install & Configure Dovecot 161 | 162 | Install the Dovecot package and all the dependency packages required to run the imap, pop3, and lmtp service. 163 | 164 | ``` 165 | $ sudo apt install -y dovecot-core dovecot-imapd dovecot-pop3d dovecot-lmtpd 166 | ``` 167 | 168 | Edit the /etc/dovecot/conf.d/10-mail.conf file to instruct Dovecot on the directory to look for mails. 169 | 170 | ``` 171 | $ sudo nano /etc/dovecot/conf.d/10-mail.conf 172 | ``` 173 | 174 | Find the entry below. 175 | 176 | ``` 177 | mail_location = mbox:~/mail:INBOX=/var/mail/%u 178 | ``` 179 | 180 | Change to: 181 | 182 | ``` 183 | mail_location = maildir:/var/mail/vhosts/%d/%n 184 | ``` 185 | 186 | Save and close the file. The %d represents the domain, and %n represents the users. This means that you'll need to create a sub-directory in the /var/mail/vhosts for every domain receiving emails on your server. 187 | 188 | Create the first sub-directory and replace example.com with your domain name. 189 | 190 | ``` 191 | $ sudo mkdir -p /var/mail/vhosts/example.com 192 | ``` 193 | 194 | Create a Vmail user and group for the Dovecot service. 195 | 196 | Create the vmail group. 197 | 198 | ``` 199 | $ sudo groupadd -g 5000 vmail 200 | ``` 201 | 202 | Create a vmail user and add the user to the vmail group. 203 | 204 | ``` 205 | $ sudo useradd -r -g vmail -u 5000 vmail -d /var/mail/vhosts -c "virtual mail user" 206 | ``` 207 | 208 | Assign the ownership of the /var/mail/vhosts/ to the vmail user and group. 209 | 210 | ``` 211 | $ sudo chown -R vmail:vmail /var/mail/vhosts/ 212 | ``` 213 | 214 | Edit the Dovecot 10-master.conf file. 215 | 216 | ``` 217 | $ sudo nano /etc/dovecot/conf.d/10-master.conf 218 | ``` 219 | 220 | Locate the entries below. 221 | 222 | ``` 223 | ... 224 | inet_listener imaps { 225 | #port = 993 226 | #ssl = yes 227 | } 228 | ... 229 | ``` 230 | 231 | Remove the pound symbol before the port and ssl entries, as shown below, to allow Dovecot to use port 993 and SSL for secure IMAP. 232 | 233 | ``` 234 | ... 235 | inet_listener imaps { 236 | port = 993 237 | ssl = yes 238 | } 239 | ... 240 | ``` 241 | 242 | Locate the entries below. 243 | 244 | ``` 245 | ... 246 | inet_listener pop3s { 247 | #port = 995 248 | #ssl = yes 249 | } 250 | ... 251 | ``` 252 | Remove the pound symbol before the port = 995 and ssl = yes parameters. 253 | 254 | ``` 255 | ... 256 | inet_listener pop3s { 257 | port = 995 258 | ssl = yes 259 | } 260 | ... 261 | ``` 262 | 263 | Enable the lmtp service. Locate the entries below. 264 | 265 | ``` 266 | ... 267 | service lmtp { 268 | unix_listener lmtp { 269 | #mode = 0666 270 | } 271 | 272 | # Create inet listener only if you can't use the above UNIX socket 273 | #inet_listener lmtp { 274 | # Avoid making LMTP visible for the entire internet 275 | #address = 276 | #port = 277 | #} 278 | } 279 | ... 280 | ``` 281 | 282 | Change the configuration to: 283 | 284 | ``` 285 | ... 286 | service lmtp { 287 | unix_listener /var/spool/postfix/private/dovecot-lmtp { 288 | mode = 0600 289 | user = postfix 290 | group = postfix 291 | } 292 | } 293 | ... 294 | ``` 295 | 296 | Locate the Dovecot authentication socket configurations below. 297 | 298 | ``` 299 | ... 300 | # Postfix smtp-auth 301 | #unix_listener /var/spool/postfix/private/auth { 302 | # mode = 0666 303 | #} 304 | ... 305 | ``` 306 | Change the configuration to: 307 | 308 | ``` 309 | ... 310 | #Postfix smtp-auth 311 | unix_listener /var/spool/postfix/private/auth { 312 | mode = 0666 313 | user = postfix 314 | group = postfix 315 | } 316 | ... 317 | ``` 318 | 319 | Save and close the file. 320 | 321 | Configure Dovecot to use secure authentication. Edit the Dovecot 10-auth.conf file. 322 | 323 | ``` 324 | $ sudo nano /etc/dovecot/conf.d/10-auth.conf 325 | ``` 326 | 327 | Find the entry below. 328 | 329 | ``` 330 | # disable_plaintext_auth = yes 331 | ``` 332 | Uncomment the setting above by removing the # character to disable plain text authorization. 333 | 334 | ``` 335 | disable_plaintext_auth = yes 336 | ``` 337 | 338 | Find the entry below. 339 | 340 | ``` 341 | auth_mechanisms = plain 342 | ``` 343 | 344 | Change the authentication mechanisms from plain to plain login. 345 | 346 | ``` 347 | auth_mechanisms = plain login 348 | ``` 349 | 350 | Disable the Dovecot default authentication behavior that requires users to have a system account to use the email service. Find the line: 351 | 352 | ``` 353 | !include auth-system.conf.ext 354 | ``` 355 | 356 | Add a pound symbol at the beginning of the line to comment it out. 357 | 358 | ``` 359 | #!include auth-system.conf.ext 360 | ``` 361 | 362 | Find the line: 363 | 364 | ``` 365 | #!include auth-passwdfile.conf.ext 366 | ``` 367 | 368 | Remove the # symbol at the beginning to enable Dovecot to use a password file. 369 | ``` 370 | !include auth-passwdfile.conf.ext 371 | ``` 372 | 373 | Save and close the file. 374 | 375 | Edit the Dovecot password file, auth-passwdfile.conf.ext. 376 | 377 | ``` 378 | $ sudo nano /etc/dovecot/conf.d/auth-passwdfile.conf.ext 379 | ``` 380 | 381 | The file looks similar to the one shown below. 382 | 383 | ``` 384 | passdb { 385 | driver = passwd-file 386 | args = scheme=CRYPT username_format=%u /etc/dovecot/users 387 | } 388 | 389 | userdb { 390 | driver = passwd-file 391 | args = username_format=%u /etc/dovecot/users 392 | ... 393 | } 394 | ``` 395 | 396 | Make the changes to the file, as shown below. 397 | 398 | ``` 399 | passdb { 400 | driver = passwd-file 401 | args = scheme=PLAIN username_format=%u /etc/dovecot/dovecot-users 402 | } 403 | 404 | userdb { 405 | driver = static 406 | args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n 407 | } 408 | ``` 409 | 410 | Save and close the file. 411 | 412 | Create the /etc/dovecot/dovecot-users password file. This file is a plain text database that holds email users on your server. 413 | 414 | ``` 415 | $ sudo nano /etc/dovecot/dovecot-users 416 | ``` 417 | 418 | Add the users that you want to use the email service to the file by following the format below. Replace EXAMPLE_PASSWORD with your password. Also, replace example.com with your domain name. 419 | 420 | ``` 421 | admin@example.com:{plain}EXAMPLE_PASSWORD 422 | info@example.com:{plain}EXAMPLE_PASSWORD 423 | billing@example.com:{plain}EXAMPLE_PASSWORD 424 | ``` 425 | 426 | Like this : 427 | 428 | ![alt text](image-5.png) 429 | 430 | 431 | Save and close the file. 432 | 433 | Restart the postfix and dovecot services to use the new settings. 434 | 435 | ``` 436 | $ sudo service postfix restart 437 | $ sudo service dovecot restart 438 | ``` 439 | 440 | ## 4. Install & Configure Roundcube 441 | 442 | Roundcube is a free, open-source webmail client that allows users to manage their emails through a web interface. It's designed to be user-friendly, resembling the look and feel of a desktop email application, but it runs on a web server. 443 | 444 | ### 4.1 Install PHP 445 | ``` 446 | $ sudo apt -y install php8.1 php8.1-mbstring php-pear 447 | $ php -v 448 | ``` 449 | Verify installation to create a test script 450 | 451 | ``` 452 | $ echo '' > php_test.php 453 | $ php php_test.php | head 454 | 455 | Output 456 | phpinfo() 457 | PHP Version => 8.1.2 458 | 459 | System => Linux dlp.srv.world 5.15.0-25-generic #25-Ubuntu SMP Wed Mar 30 15:54:22 UTC 2022 x86_64 460 | Build Date => Apr 7 2022 17:46:26 461 | Build System => Linux 462 | Server API => Command Line Interface 463 | Virtual Directory Support => disabled 464 | Configuration File (php.ini) Path => /etc/php/8.1/cli 465 | Loaded Configuration File => /etc/php/8.1/cli/php.ini 466 | ``` 467 | 468 | ### 4.2 Install Apache2 469 | 470 | ``` 471 | $ sudo apt -y install php-fpm apache2 472 | ``` 473 | 474 | Add Settings in Virtualhost you'd like to set PHP-FPM. 475 | 476 | ``` 477 | $ sudo nano /etc/apache2/sites-available/default-ssl.conf 478 | ``` 479 | 480 | Add into - 481 | 482 | ``` 483 | 484 | SetHandler "proxy:unix:/var/run/php/php8.1-fpm.sock|fcgi://localhost/" 485 | 486 | ``` 487 | 488 | Enable the configuration 489 | 490 | ``` 491 | $ sudo a2enmod proxy_fcgi setenvif 492 | 493 | Output 494 | Considering dependency proxy for proxy_fcgi: 495 | Enabling module proxy. 496 | Enabling module proxy_fcgi. 497 | Module setenvif already enabled 498 | To activate the new configuration, you need to run: 499 | systemctl restart apache2 500 | ``` 501 | 502 | 503 | ``` 504 | $ sudo a2enconf php8.1-fpm 505 | 506 | Output 507 | Enabling conf php8.1-fpm. 508 | To activate the new configuration, you need to run: 509 | systemctl reload apache2 510 | ``` 511 | 512 | Restart the appache server amd PHP FPM 513 | ``` 514 | $ sudo systemctl restart php8.1-fpm apache2 515 | ``` 516 | 517 | Create [phpinfo] in Virtualhost's web-root you set PHP-FPM and access to it, then that's OK if [FPM/FastCGI] is displayed. 518 | 519 | ``` 520 | $ sudo echo '' > /var/www/html/info.php 521 | ``` 522 | 523 | ### 4.3 Install MariaDB to configure Database Server. 524 | 525 | ``` 526 | $ sudo apt -y install mariadb-server 527 | ``` 528 | 529 | Initial Settings for MariaDB. 530 | ``` 531 | $ sudo mysql_secure_installation 532 | 533 | Output 534 | 535 | NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB 536 | SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY! 537 | 538 | In order to log into MariaDB to secure it, we'll need the current 539 | password for the root user. If you've just installed MariaDB, and 540 | haven't set the root password yet, you should just press enter here. 541 | 542 | Enter current password for root (enter for none): 543 | OK, successfully used password, moving on... 544 | 545 | Setting the root password or using the unix_socket ensures that nobody 546 | can log into the MariaDB root user without the proper authorisation. 547 | 548 | You already have your root account protected, so you can safely answer 'n'. 549 | 550 | # Switch to [unix_socket] authentication or not 551 | # [unix_socket] auth is enabled for root user by default even if you select [No] 552 | Switch to unix_socket authentication [Y/n] n 553 | ... skipping. 554 | 555 | You already have your root account protected, so you can safely answer 'n'. 556 | 557 | # set MariaDB root password or not 558 | # [unix_socket] authentication is enabled by default, but 559 | # if you set root password, it's also possible to login with password authentication. 560 | # if not set root password, only OS root user can login as MariaDB root user 561 | Change the root password? [Y/n] Y 562 | ... set your root password. 563 | 564 | By default, a MariaDB installation has an anonymous user, allowing anyone 565 | to log into MariaDB without having to have a user account created for 566 | them. This is intended only for testing, and to make the installation 567 | go a bit smoother. You should remove them before moving into a 568 | production environment. 569 | 570 | # remove anonymous users 571 | Remove anonymous users? [Y/n] n 572 | ... Success! 573 | 574 | Normally, root should only be allowed to connect from 'localhost'. This 575 | ensures that someone cannot guess at the root password from the network. 576 | 577 | # disallow root login remotely 578 | Disallow root login remotely? [Y/n] n 579 | ... Success! 580 | 581 | By default, MariaDB comes with a database named 'test' that anyone can 582 | access. This is also intended only for testing, and should be removed 583 | before moving into a production environment. 584 | 585 | # remove test database 586 | Remove test database and access to it? [Y/n] n 587 | - Dropping test database... 588 | ... Success! 589 | - Removing privileges on test database... 590 | ... Success! 591 | 592 | Reloading the privilege tables will ensure that all changes made so far 593 | will take effect immediately. 594 | 595 | # reload privilege tables 596 | Reload privilege tables now? [Y/n] y 597 | ... Success! 598 | 599 | Cleaning up... 600 | 601 | All done! If you've completed all of the above steps, your MariaDB 602 | installation should now be secure. 603 | 604 | Thanks for using MariaDB! 605 | 606 | ``` 607 | 608 | ### 4.3 Install Roundcube 609 | 610 | To access Postfix and Dovecot servers, install Roundcube email client. 611 | 612 | ``` 613 | $ sudo apt -y install roundcube roundcube-mysql 614 | ``` 615 | Press ENTER to configure the database for use with Roundcube. 616 | 617 | ![alt text](image-6.png) 618 | 619 | On the next screen, enter a MySQL password to use with Roundcube. 620 | 621 | ![alt text](image-7.png) 622 | 623 | Press TAB and ENTER. 624 | 625 | Set the host server: 626 | 627 | ``` 628 | $ sudo nano /etc/roundcube/config.inc.php 629 | ``` 630 | 631 | Change $config['default_host'] and $config['smtp_server'] to localhost 632 | 633 | ![alt text](image-8.png) 634 | 635 | Setup Roundcube with Apache 636 | ``` 637 | $ sudo /etc/apache2/conf-enabled/roundcube.conf 638 | ``` 639 | Uncomment line 3 640 | ``` 641 | Alias /roundcube /var/lib/roundcube/public_html 642 | ``` 643 | 644 | Restart Apache 645 | ``` 646 | $ sudo systemctl restart apache2 647 | ``` 648 | 649 | Access to [https://(your server's hostname or IP address/)/roundcube/], then Roundcube login form is shown, authenticate with any user on Mail Server. 650 | 651 | ![alt text](image-9.png) 652 | 653 | ## 5. Test 654 | 655 | ### Step 1: Log in to the First Email Account 656 | 657 | - Enter the first email address (ex : admin@server2.io) in the username field. 658 | - Enter the corresponding password in the password field. 659 | - Click the "Login" button to access the email account.\ 660 | 661 | ![alt text](image-10.png) 662 | 663 | ### Step 2: Compose and Send an Email 664 | - Once logged in, click the "Compose" button, usually found in the top menu or sidebar. 665 | - In the "To" field, enter the recipient's email address (ex: info@server2.io). 666 | - Fill in the "Subject" field with an appropriate subject line (e.g., "Test Email"). 667 | - Type your message in the body of the email. 668 | - Click the "Send" button to send the email. 669 | 670 | ![alt text](image-11.png) 671 | 672 | ### Step 3: Log Out of the First Email Account 673 | Click on the "Logout" button, usually found in the top right corner of the interface, to log out of the admin@server2.io account. 674 | 675 | ### Step 4: Log in to the Second Email Account 676 | - On the Roundcube login page, enter the second email address (ex: info@server2.io) in the username field. 677 | - Enter the corresponding password in the password field. 678 | - Click the "Login" button to access the email account. 679 | 680 | ### Step 5: Check for the Received Email 681 | - Once logged in, navigate to the "Inbox" or main email folder. 682 | - Look for the email sent from admin@server2.io. It should appear in the list of received emails. 683 | - Click on the email to open and read it, verifying that the message was received successfully. 684 | 685 | ![alt text](image-12.png) 686 | 687 | ## Final Task: Setting Up Email Communication Between Two Servers 688 | 689 | Objective: Set up two separate mail servers on different virtual machines (VMs) and send an email between them to ensure proper configuration and functionality. 690 | 691 | Task: 692 | 693 | 1. Create Two Virtual Machines: Set up two VMs, naming them Server1 and Server2. 694 | 695 | 2. Install Mail Server Software: On both Server1 and Server2, install the necessary mail server software (e.g., Postfix, Dovecot, etc.). Ensure both servers have the required dependencies and are updated to the latest versions. 696 | 697 | 3. Configure DNS Records: Set up appropriate DNS records (MX, A, and PTR) for both servers to ensure proper mail routing. For example, Server1 should be associated with mail.server1.com and Server2 with mail.server2.com. **Alternatively, you can use local hostnames if you do not want to configure DNS.** 698 | 699 | 4. Set Up Roundcube on Both Servers: Install and configure Roundcube webmail client on both Server1 and Server2. Ensure Roundcube is properly connected to the mail servers for both sending and receiving emails. 700 | 701 | 5. Create Email Accounts: On Server1, create an email account admin@server1.com. On Server2, create an email account info@server2.com. 702 | 703 | 6. Send an Email from Server1 to Server2: Log in to the Roundcube webmail interface on Server1 using the admin@server1.com account. Compose and send an email to info@server2.com. Ensure that the email is sent without errors. 704 | 705 | 7. Check Email Receipt on Server2: Log in to the Roundcube webmail interface on Server2 using the info@server2.com account. Check the inbox to ensure that the email sent from admin@server1.com has been received. 706 | 707 | 8. Send a Reply from Server2 to Server1: Reply to the received email from info@server2.com back to admin@server1.com. Ensure that the reply is sent without errors. 708 | 709 | 9. Verify Email Receipt on Server1: Log in to the Roundcube webmail interface on Server1 using the admin@server1.com account. Check the inbox to ensure that the reply from info@server2.com has been received. 710 | 711 | 712 | **Document the Process** Provide a detailed report documenting each step of the setup process, configurations made, and any issues encountered along with their resolutions. Include screenshots of key steps and the successful email communications. 713 | 714 | **Submission:** Submit the report and screenshots through the designated submission platform by the due date. Ensure all configurations are properly documented for verification. 715 | 716 | **Evaluation Criteria:** Successful installation and configuration of mail servers on both VMs, proper DNS setup for email routing, correct installation and configuration of Roundcube on both servers, successful sending and receiving of emails between the two servers, and the quality and completeness of the documentation provided. -------------------------------------------------------------------------------- /services/linux/Postfix/image-1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/services/linux/Postfix/image-1.png -------------------------------------------------------------------------------- /services/linux/Postfix/image-10.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/services/linux/Postfix/image-10.png -------------------------------------------------------------------------------- /services/linux/Postfix/image-11.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/services/linux/Postfix/image-11.png -------------------------------------------------------------------------------- /services/linux/Postfix/image-12.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/services/linux/Postfix/image-12.png -------------------------------------------------------------------------------- /services/linux/Postfix/image-2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/services/linux/Postfix/image-2.png -------------------------------------------------------------------------------- /services/linux/Postfix/image-3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/services/linux/Postfix/image-3.png -------------------------------------------------------------------------------- /services/linux/Postfix/image-4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/services/linux/Postfix/image-4.png -------------------------------------------------------------------------------- /services/linux/Postfix/image-5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/services/linux/Postfix/image-5.png -------------------------------------------------------------------------------- /services/linux/Postfix/image-6.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/services/linux/Postfix/image-6.png -------------------------------------------------------------------------------- /services/linux/Postfix/image-7.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/services/linux/Postfix/image-7.png -------------------------------------------------------------------------------- /services/linux/Postfix/image-8.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/services/linux/Postfix/image-8.png -------------------------------------------------------------------------------- /services/linux/Postfix/image-9.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/services/linux/Postfix/image-9.png -------------------------------------------------------------------------------- /services/linux/Postfix/image.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/services/linux/Postfix/image.png -------------------------------------------------------------------------------- /virtualization/esxi-vSphere/Capture-1.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/virtualization/esxi-vSphere/Capture-1.PNG -------------------------------------------------------------------------------- /virtualization/esxi-vSphere/Capture.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/virtualization/esxi-vSphere/Capture.PNG -------------------------------------------------------------------------------- /virtualization/esxi-vSphere/CreateVm.md: -------------------------------------------------------------------------------- 1 | # Lab: Creating a New Virtual Machine on ESXi 2 | 3 | In this lab, you will learn how to create a new VM on a standalone ESXi host. 4 | 5 | ## Prerequisites 6 | - Access to the ESXi web client. 7 | - Administrator privileges on the ESXi host. 8 | - Knowledge of the VM specifications (CPU, memory, storage, OS) required for your use case. 9 | 10 | **Lab Note**: For our labs, we will be using the **Ubuntu Server Live** ISO as the guest operating system. 11 | 12 | 13 | ## Steps for Creating a New VM 14 | 15 | ### 1. Log in to the ESXi Web Client 16 | - Open a web browser and navigate to your ESXi host’s IP address. 17 | - Log in using your username and password with administrator privileges. 18 | 19 | ### 2. Start the VM Creation Wizard 20 | - In the **Navigator** pane on the left, click on **Virtual Machines**. 21 | - Click **Create / Register VM** to open the New Virtual Machine wizard. 22 | 23 | ![alt text](image-16.png) 24 | 25 | ### 3. Select the Creation Type 26 | - Choose **Create a new virtual machine**. 27 | - Click **Next** to proceed. 28 | 29 | ![alt text](image-19.png) 30 | 31 | ### 4. Name the VM and Select Compatibility 32 | - Enter a **Name** for the VM that will make it easy to identify. 33 | - Select the **Compatibility** setting, which defines the virtual hardware version. Typically, the default option is suitable. 34 | - Click **Next** to continue. 35 | 36 | ![alt text](image-17.png) 37 | 38 | ### 5. Select a Datastore 39 | - Choose a **Datastore** on the ESXi host where the VM files will be stored. 40 | - Make sure there is sufficient space available for the VM. 41 | - Click **Next** to proceed. 42 | 43 | ![alt text](image-18.png) 44 | 45 | 46 | 47 | ### 6. Configure Virtual Hardware 48 | - Specify the virtual hardware for the VM: 49 | - **CPU**: Enter the number of virtual CPUs you want to allocate. 50 | - **Memory**: Allocate the required memory (RAM) for the VM. 51 | - **Hard Disk**: Adjust the disk size, or add additional disks if necessary. 52 | - **Network Adapter**: Select the appropriate network for the VM to connect to. 53 | - **CD/DVD Drive**: Attach an ISO file if you are installing an OS **(See step 7)**. 54 | - **Additional Configuration**: 55 | - Expand and configure other settings, such as **Video Card**, **SCSI Controller**, or **USB Controller**, depending on your needs. 56 | 57 | ![alt text](image-20.png) 58 | 59 | ### 7. Select the Guest Operating System 60 | - Choose the **Guest OS Family** (e.g., Windows, Linux) and the specific **Guest OS Version** that matches the OS you plan to install. 61 | - **Note**: Selecting the correct guest OS is important as it influences the default virtual hardware settings. 62 | - If you haven't already uploaded the OS ISO, go to **Datastore Browser** in the ESXi interface, navigate to the appropriate datastore, and upload the ISO file. Once uploaded, attach the ISO to the VM's **CD/DVD Drive**. 63 | 64 | 65 | ![alt text](image-21.png) 66 | 67 | ![alt text](image-22.png) 68 | 69 | 70 | ### 8. Review and Complete 71 | - Review the settings on the **Ready to complete** screen. 72 | - If all settings are correct, click **Finish** to create the VM. 73 | 74 | ![alt text](image-23.png) 75 | 76 | ### 9. Power On the VM and Install the Guest OS 77 | - In the **Virtual Machines** list, locate the new VM. 78 | - Select the VM, then click **Power On**. 79 | - Use the **Console** tab to open the VM console and proceed with the installation of the guest OS. 80 | 81 | ![alt text](image-24.png) 82 | 83 | ![alt text](image-25.png) 84 | 85 | ![alt text](image-26.png) -------------------------------------------------------------------------------- /virtualization/esxi-vSphere/ExpandingResources.md: -------------------------------------------------------------------------------- 1 | # Lab: Expanding Resources on a Virtual Machine in ESXi 2 | 3 | In this lab, you will learn how to adjust the resources of a virtual machine (VM) on ESXi, including CPU, RAM, and disk storage. Before making changes, you will record the current state of the VM's resources. 4 | 5 | 6 | ## Step 1: Record Current VM Resources 7 | 8 | 1. **Log in to the VM** (e.g., via SSH or the VM console in the ESXi web interface). 9 | 2. Run the following commands to view the current disk, memory, and CPU usage: 10 | - `df -h`: Displays disk storage information. 11 | - `free -m`: Shows the memory (RAM) usage in megabytes. 12 | - `nproc`: Displays the number of CPU cores available. 13 | 14 | Record the output for each command to compare later. 15 | 16 | ![alt text](image-32.png) 17 | 18 | ## Step 2: Adjust VM Resources 19 | 20 | > **Note:** Not all versions of ESXi support changing CPU and memory allocations while the VM is running. Hot-add capabilities, which allow adding CPUs and memory without powering off the VM, depend on several factors: 21 | > 22 | > - **ESXi Version and License**: Newer ESXi versions may support hot-add, but it often requires a specific license level (e.g., Enterprise Plus). 23 | > - **VM Compatibility Level**: The virtual hardware version of the VM impacts hot-add support. Older hardware versions might not allow it even if the ESXi host does. 24 | > - **Guest OS Compatibility**: The guest OS must also support hot-add for these changes to apply without a reboot. 25 | > - **VM Configuration**: Hot-add must be enabled in the VM settings under "CPU" and "Memory" before starting the VM (e.g., by selecting "Enable CPU Hot Add" and "Memory Hot Add"). 26 | 27 | > For this lab, it is recommended to **power off the VM** before making changes to resources (RAM, CPU, or disk) and then **power it back on** after adjustments. This ensures compatibility across different ESXi versions. 28 | 29 | 30 | ### Adjusting RAM 31 | 32 | 1. In the ESXi **Web Client**, go to the **Virtual Machines** section. 33 | 2. Right-click on the VM you want to edit and select **Edit Settings**. 34 | 3. Under **Memory**, adjust the RAM allocation to the desired amount. 35 | 4. Click **Save** or **OK** to apply the changes. 36 | 37 | ### Adding a New CPU 38 | 39 | 1. In the **Edit Settings** menu of the VM, find the **CPU** section. 40 | 2. Increase the **Number of CPUs** or **Cores per Socket** as needed. 41 | 3. Save the configuration. 42 | 43 | ### Expanding the Current Disk 44 | 45 | 1. In the **Edit Settings** menu, locate the **Hard Disk** section. 46 | 2. Select the primary disk and increase the **Provisioned Size** to expand the disk. 47 | 3. Confirm and save the changes. 48 | 49 | ### Adding a New Disk 50 | 51 | 1. Still in **Edit Settings**, click **Add New Device** and select **Hard Disk**. 52 | 2. Specify the size and other settings for the new disk. 53 | 3. Save the configuration. 54 | 55 | ![alt text](image-33.png) 56 | 57 | ## Step 3: Verify Changes 58 | 59 | 1. Start or restart the VM if necessary to apply the new configuration. 60 | 2. Log back into the VM and run the following commands to verify the updated resources: 61 | - `df -h`: Check for disk storage changes. 62 | - `free -m`: Verify the new RAM allocation. 63 | - `nproc`: Confirm the updated CPU count. 64 | 65 | ![alt text](image-34.png) 66 | 67 | You should see that the CPU and RAM adjustments took effect immediately. However, the disk changes may not appear within the VM. 68 | 69 | - **Question**: Why do you think the disk changes are not visible within the VM? How would you resolve this? 70 | -------------------------------------------------------------------------------- /virtualization/esxi-vSphere/Networking.md: -------------------------------------------------------------------------------- 1 | # Lab: Configuring Networking with vSwitch, Port Group, and VMkernel NIC in ESXi 2 | 3 | **Note**: If you're running ESXi as a VM (nested virtualization) in VMware Workstation or another hypervisor, you will need to add a new **network adapter** to the ESXi virtual machine. This will allow you to connect to the new vSwitch and port group. 4 | 5 | In this lab, you will configure networking by creating a new **vSwitch** (virtual switch), a **port group**, and a **VMkernel NIC** to allow network communication for management and other functions. You will also connect a VM to this network. 6 | 7 | --- 8 | 9 | ## Task: 10 | 11 | 1. **Create a New vSwitch**: Configure a virtual switch to provide network connectivity to the virtual machines. 12 | 2. **Create a New Port Group**: Set up a port group on the new vSwitch to allow VMs to be connected to this virtual network. 13 | 3. **Configure a VMkernel NIC**: Create and configure a VMkernel NIC for management or other network functions. 14 | 4. **Connect a VM to the New Port Group**: Modify the network settings of a VM to connect it to the newly created port group. 15 | 16 | --- 17 | 18 | ## Steps: 19 | 20 | ### 1. Add a New Network Adapter (if running ESXi on a VM) 21 | 22 | 1. Log in to VMware Workstation or your hypervisor management interface. 23 | 2. Select the ESXi virtual machine and ensure it is powered off. 24 | 3. Add a new **network adapter** to the VM, which will be used for the new vSwitch. This network adapter will be bridged or connected to your physical network for the vSwitch. 25 | 4. Power on the ESXi VM after adding the new adapter. 26 | 27 | ### 2. Create a New vSwitch 28 | 29 | 1. Log in to the **vSphere Web Client** using your ESXi host IP address. 30 | 2. Navigate to **Networking** under **Host** > **Manage**. 31 | 3. Select the **Virtual Switches** tab. 32 | 4. Click **Add vSwitch** to create a new virtual switch. 33 | - **vSwitch Name**: Enter a name for the new switch (e.g., `vSwitch2`). 34 | - **Network Adapter**: Choose the newly added network adapter for the vSwitch. 35 | - **MTU**: Set the MTU (Maximum Transmission Unit) value. The default is typically `1500`. 36 | 5. Click **OK** to save the new vSwitch. 37 | 38 | ### 3. Create a New Port Group 39 | 40 | 1. Navigate to the **Port Groups** tab under **Networking**. 41 | 2. Click **Add Port Group** to create a new port group. 42 | 3. Provide the following details: 43 | - **Port Group Name**: Enter a name for the new port group (e.g., `VM_Network`). 44 | - **VSwitch**: Select the newly created vSwitch (e.g., `vSwitch2`). 45 | - **VLAN ID**: Set the VLAN ID if needed, or leave it as the default (e.g., `0` for no VLAN). 46 | 4. Click **OK** to create the port group. 47 | 48 | ### 4. Create a New VMkernel NIC 49 | 50 | 1. Go to the **VMkernel NICs** tab under **Networking**. 51 | 2. Click **Add VMkernel NIC** to create a new VMkernel NIC. 52 | 3. Provide the following details: 53 | - **Network Adapter**: Select the network adapter you added earlier. 54 | - **Port Group**: Select the port group created in the previous step (e.g., `VM_Network`). 55 | - **VMkernel NIC Settings**: 56 | - Choose the function for the VMkernel NIC (e.g., **Management Network** for ESXi management, or other functions like **vMotion** or **Storage**). 57 | - If necessary, set the **IPv4 Address** and **Subnet Mask** for the VMkernel NIC. 58 | 4. Click **OK** to create the VMkernel NIC. 59 | 60 | ### 5. Connect a VM to the New Port Group 61 | 62 | 1. In the **vSphere Web Client**, navigate to **VMs** and select the VM you want to connect to the new network. 63 | 2. Click **Edit Settings** for the selected VM. 64 | 3. In the **Network Adapter** section, click **Remove** to remove the current network adapter. 65 | 4. Click **Add** to add a new network adapter. 66 | 5. In the **Network Connection** dropdown, select the newly created port group (e.g., `VM_Network`). 67 | 6. Click **OK** to apply the changes. 68 | 69 | ### 6. Verify the Network Configuration 70 | 71 | 1. Power on the VM and check the network configuration inside the guest OS. 72 | 2. Verify that the VM receives an IP address from the new network and can communicate with other devices on the network. 73 | 3. You can use commands like `ifconfig` (Linux) or `ipconfig` (Windows) to check the network settings inside the VM. 74 | 75 | ### 7. Verify VMkernel NIC Connectivity 76 | 77 | 1. On the ESXi host, use the **esxcli** or **vicfg** commands to check the VMkernel NIC settings and verify that the network is properly configured. 78 | 2. Check connectivity to the management network or other network functions as required. 79 | -------------------------------------------------------------------------------- /virtualization/esxi-vSphere/README.md: -------------------------------------------------------------------------------- 1 | # ESXi and vSphere 2 | 3 | ![ESXi and vSphere](esxi-vsphere.jpg) 4 | 5 | ESXi and vSphere form the backbone of VMware's virtualization platform. **ESXi** is the hypervisor that enables you to create and manage virtual machines on physical hardware, while **vSphere** is the management platform that provides a suite of tools to manage your ESXi hosts and virtual infrastructure. 6 | 7 | ## Reminder: 8 | - **ESXi**: The hypervisor layer that runs on the physical server, providing the virtualization capabilities. 9 | - **vSphere**: Includes ESXi and **vCenter Server**, which provides centralized management of ESXi hosts and VMs. 10 | 11 | For an in-depth explanation of these concepts, refer to the relevant course materials. 12 | 13 | ## Lab Overview 14 | In this lab, we will cover the **installation and initial configuration** of **VMware ESXi** and **vSphere**, preparing the foundation for advanced management and automation tasks. 15 | 16 | ### Lab Objectives: 17 | - Learn how to install VMware ESXi on a physical server. 18 | - Perform the initial configuration to set up the host for virtual machine deployment. 19 | - Connect and manage ESXi with vSphere for centralized administration. 20 | 21 | Let's begin by diving into the installation steps! 22 | 23 | # Installing VMware ESXi 24 | 25 | ## Prerequisites 26 | - A physical server or a compatible VM if you want to use ESXi as a Type 2 hypervisor on top of the VM for installing ESXi. 27 | - IP address details for network configuration. 28 | - Access to server BIOS/UEFI settings. 29 | 30 | ## Downloading ESXi from Broadcom 31 | 32 | In this section, we will walk through the process of downloading VMware ESXi from the Broadcom website. 33 | 34 | ### 1. Go to the VMware ESXi Download Page 35 | - Open your browser and navigate to the Broadcom support website. 36 | - **URL**: [https://support.broadcom.com/](https://support.broadcom.com/) 37 | ![Broadcom support website](image.png) 38 | 39 | ### 2. Log in to Your Broadcom Account 40 | - Click the **Login** button at the top right of the webpage. 41 | - Enter your credentials (username and password) to access the downloads section. 42 | - If you don’t have an account, you may need to **register** for one. 43 | 44 | ### 3. Select the Version of ESXi You Want to Download 45 | - After logging in, locate the **VMware Cloud Foundation** section. 46 | 47 | ![VMware Cloud Foundation](image-1.png) 48 | 49 | - My Downloads and search VMware vSphere. 50 | 51 | ![alt text](Capture.PNG) 52 | 53 | - Choose VMware vSphere - Enterprise and pickup the latest version. 54 | - Select VMware vSphere Hypervisor (ESXi) - View Group. 55 | - Select Custom ISOs. 56 | 57 | ![alt text](Capture-1.PNG) 58 | 59 | - Download the version of **VMware ESXi** that is compatible with your hardware. 60 | 61 | **Note:** As we discussed in the course, if a VM was created using an older version, such as version 7, it will be compatible with higher versions, like version 8. However, the reverse is not true; if a VM was created with a newer version (e.g., version 8), downgrading to an older version will require a conversion process, which may not always be possible. 62 | 63 | ### 7. Prepare for Installation 64 | - Once you have the ESXi ISO file, you can proceed with creating a bootable USB or prepare a virtual machine (VM) to install ESXi if you are using it as a Type 2 hypervisor. 65 | 66 | 67 | ## Steps for Installing ESXi 68 | 69 | ### 1. Prepare the Installation Media 70 | - **Physical Server**: Use a tool like **Rufus** or **Etcher** to create a bootable USB drive with the ESXi ISO. 71 | - **Virtual Machine**: Attach the ISO file to the VM as a virtual CD/DVD. 72 | - **Note**: If you are installing ESXi on top of VMware Workstation, you must select **Custom Installation** when creating the virtual machine. In the configuration options, choose **ESXi** as the guest operating system to ensure compatibility. 73 | 74 | 75 | ### 2. Boot from the Installation Media 76 | - Insert the bootable USB drive into the server or configure the VM to boot from the attached ISO. 77 | - Restart the server/VM and access the **BIOS/UEFI settings** to ensure it boots from the correct media (USB or virtual CD/DVD). 78 | - Save the changes and reboot. 79 | 80 | ### 3. Start the ESXi Installer 81 | - The system will boot into the ESXi installer. 82 | 83 | ![alt text](image-2.png) 84 | ![alt text](image-3.png) 85 | 86 | - When prompted, press **Enter** to begin the installation process. 87 | 88 | ![alt text](image-4.png) 89 | 90 | ### 4. Accept the End User License Agreement (EULA) 91 | - Read through the EULA and press **F11** to accept and continue. 92 | 93 | ### 5. Select the Installation Disk 94 | - Choose the disk where ESXi should be installed. 95 | - **Note**: Ensure the disk has enough space and is not holding critical data, as it will be formatted. 96 | - Press **Enter** to confirm your selection. 97 | 98 | ![alt text](image-5.png) 99 | 100 | ### 6. Choose the Keyboard Layout 101 | - Select your preferred keyboard layout and press **Enter**. 102 | 103 | ### 7. Set the Root Password 104 | - Enter a secure root password and confirm it. This will be used to manage the ESXi host. 105 | - Press **Enter** to continue. 106 | 107 | ![alt text](image-6.png) 108 | 109 | ### 8. Confirm the Installation 110 | - A final confirmation screen will appear. 111 | - Press **F11** to start the installation. 112 | 113 | ![alt text](image-7.png) 114 | 115 | ### 9. Complete the Installation 116 | - The installation process will take a few minutes. Once complete, you will see a message indicating that the installation has finished. 117 | 118 | ![alt text](image-8.png) 119 | 120 | - Remove the installation media and press **Enter** to reboot. 121 | 122 | 123 | ![alt text](image-9.png) 124 | 125 | ### 10. Initial Configuration After Installation 126 | - After rebooting, you will see the **Direct Console User Interface (DCUI)**. 127 | 128 | ![alt text](image-10.png) 129 | 130 | - Press **F2** to log in using the root password you set earlier. 131 | 132 | ![alt text](image-11.png) 133 | 134 | - **Configure Network Settings**: 135 | - In the **DCUI** menu, navigate to **Configure Management Network**. 136 | - Select **Network Adapters** to choose which physical network adapter(s) ESXi will use for management traffic. 137 | - Go to **IPv4 Configuration** to set a static IP address: 138 | - Select **Set static IPv4 address and network configuration**. 139 | - Enter the **IP Address**, **Subnet Mask**, and **Default Gateway** as per your network requirements. 140 | - Select **DNS Configuration** to enter your **Primary DNS** and **Secondary DNS** (if applicable) for network connectivity. 141 | - Verify your settings and press **Enter** to save. 142 | 143 | ![alt text](image-12.png) 144 | 145 | - **Change the Hostname**: 146 | - In the **DCUI** menu, navigate to **Configure Management Network**. 147 | - Select **DNS Configuration**. 148 | - Change the **Hostname** to a descriptive name that matches your naming conventions. 149 | - Press **Enter** to save the changes. 150 | - Press **Escape** to exit the network configuration menu and apply any changes. 151 | 152 | ![alt text](image-13.png) 153 | 154 | - Press **Escape** to return to the main menu and apply all network settings. 155 | - Rebbot the server. 156 | 157 | ### 11. Access the ESXi Web Interface 158 | - Use a web browser to navigate to the ESXi host's IP address. 159 | - Log in with the root credentials. 160 | - **Note:** As discussed in the course, if a VM created on ESXi version 7 is used, it will be compatible with higher versions like 8. However, downgrading from version 8 to version 7 requires a conversion process, which may not always be feasible. 161 | 162 | ![alt text](image-14.png) 163 | ![alt text](image-15.png) -------------------------------------------------------------------------------- /virtualization/esxi-vSphere/Storage.md: -------------------------------------------------------------------------------- 1 | # Lab: Adding and Configuring Storage for ESXi 2 | 3 | In this lab, we will simulate the process of adding new storage to our ESXi environment using VMware Workstation and then create a new datastore in vSphere. 4 | 5 | ## Overview 6 | As we saw in the course, there are many storage solutions available, and in the industry, numerous providers offer NAS and SAN storage, such as **QNAP** **DELL**... While each provider has its own setup process, the general steps remain similar: 7 | 8 | 1. **Preparing the Environment**: Ensure the environment is ready with controlled conditions, such as room temperature and humidity. 9 | 2. **Installing Operating System**: Install the storage OS (if applicable) on the storage device. 10 | 3. **Creating a Storage Pool**: Define a storage pool to manage disks and redundancy. 11 | 4. **Creating a Volume**: Allocate storage capacity within the storage pool. 12 | 5. **(Optional) Creating a Shared Folder**: Configure a shared folder accessible to the network. 13 | 14 | After completing these steps, the process for mounting storage to vSphere is typically consistent across setups. 15 | 16 | --- 17 | 18 | ## Lab Setup 19 | 20 | For this lab, we will simulate adding new storage using VMware Workstation. However, if you are working with ESXi installed on a physical server, you would need to attach a new disk physically to the server. 21 | 22 | --- 23 | 24 | ## Steps to Add New Storage to ESXi in VMware Workstation and Create a Datastore in vSphere 25 | 26 | ### 1. Add a New Virtual Disk in VMware Workstation 27 | - In VMware Workstation, open the **Settings** for your ESXi virtual machine. 28 | - Go to **Add > Hard Disk** to add a new virtual disk. 29 | - Choose **Create a new virtual disk** and specify the size you want for the new storage. 30 | - Complete the wizard to attach the new disk to the ESXi virtual machine. 31 | 32 | ![alt text](image-27.png) 33 | 34 | 35 | ### 2. Log in to the ESXi Web Client 36 | - Open a web browser and log in to your ESXi host using the IP address, username, and password. 37 | 38 | ### 3. Navigate to Storage Configuration 39 | - In the ESXi **Navigator** pane, select **Storage** to view existing datastores. 40 | 41 | ### 4. Create a New Datastore 42 | - Click on **Datastore** > **New Datastore** to start the process of creating a new storage volume. 43 | 44 | ![alt text](image-28.png) 45 | 46 | ### 5. Select the Type of Datastore 47 | - Choose **Create new VMFS datastore** and click **Next**. 48 | 49 | ### 6. Select the Disk 50 | - From the available list of disks, choose the new virtual disk you added in VMware Workstation. 51 | - **Note**: Be careful to select the correct disk, as this will format the disk for use as a datastore in ESXi. 52 | 53 | ### 7. Name the Datastore 54 | - Enter a **Name** for your datastore, which will help you easily identify it in your ESXi environment. 55 | 56 | ![alt text](image-29.png) 57 | 58 | ### 8. Choose the VMFS Version 59 | - Select the **VMFS version** (typically, VMFS 6 is recommended if available). 60 | - Click **Next** to proceed. 61 | 62 | ![alt text](image-30.png) 63 | 64 | ### 9. Allocate Space for the Datastore 65 | - Review the space allocation for your new datastore and adjust if necessary. 66 | - Click **Next** to confirm the settings. 67 | 68 | ### 10. Complete the Datastore Creation 69 | - Review the configuration settings and click **Finish** to create the new datastore. 70 | - The new datastore should now be visible in the **Storage** section of your ESXi host. 71 | 72 | ![alt text](image-31.png) 73 | 74 | Create a new virtual machine (VM) and configure it to use the newly created datastore. 75 | 76 | # Task: Mount a New Disk Using Virtual NAS (TrueNAS) 77 | 78 | In this exercise, you will use a **Virtual NAS** (TrueNAS) to create and mount a new disk to your ESXi host. TrueNAS will act as the storage server, and you will configure it to be mounted on your ESXi host or VM. 79 | 80 | ## Task: 81 | 82 | 1. **Set up TrueNAS** as a Virtual NAS by installing it on a new VM. 83 | 2. **Create a new disk** in TrueNAS and configure it for sharing using the NFS protocol. 84 | 3. **Mount the disk** on the ESXi host as a new datastore using NFS. 85 | 4. **Use the newly mounted disk** as storage for a new VM in ESXi. 86 | 87 | 88 | -------------------------------------------------------------------------------- /virtualization/esxi-vSphere/esxi-vsphere.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/virtualization/esxi-vSphere/esxi-vsphere.jpg -------------------------------------------------------------------------------- /virtualization/esxi-vSphere/image-1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/virtualization/esxi-vSphere/image-1.png -------------------------------------------------------------------------------- /virtualization/esxi-vSphere/image-10.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/virtualization/esxi-vSphere/image-10.png -------------------------------------------------------------------------------- /virtualization/esxi-vSphere/image-11.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/virtualization/esxi-vSphere/image-11.png -------------------------------------------------------------------------------- /virtualization/esxi-vSphere/image-12.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/virtualization/esxi-vSphere/image-12.png -------------------------------------------------------------------------------- /virtualization/esxi-vSphere/image-13.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/virtualization/esxi-vSphere/image-13.png -------------------------------------------------------------------------------- /virtualization/esxi-vSphere/image-14.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/virtualization/esxi-vSphere/image-14.png -------------------------------------------------------------------------------- /virtualization/esxi-vSphere/image-15.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/virtualization/esxi-vSphere/image-15.png -------------------------------------------------------------------------------- /virtualization/esxi-vSphere/image-16.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/virtualization/esxi-vSphere/image-16.png -------------------------------------------------------------------------------- /virtualization/esxi-vSphere/image-17.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/virtualization/esxi-vSphere/image-17.png -------------------------------------------------------------------------------- /virtualization/esxi-vSphere/image-18.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/virtualization/esxi-vSphere/image-18.png -------------------------------------------------------------------------------- /virtualization/esxi-vSphere/image-19.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/virtualization/esxi-vSphere/image-19.png -------------------------------------------------------------------------------- /virtualization/esxi-vSphere/image-2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/virtualization/esxi-vSphere/image-2.png -------------------------------------------------------------------------------- /virtualization/esxi-vSphere/image-20.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/virtualization/esxi-vSphere/image-20.png -------------------------------------------------------------------------------- /virtualization/esxi-vSphere/image-21.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/virtualization/esxi-vSphere/image-21.png -------------------------------------------------------------------------------- /virtualization/esxi-vSphere/image-22.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/virtualization/esxi-vSphere/image-22.png -------------------------------------------------------------------------------- /virtualization/esxi-vSphere/image-23.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/virtualization/esxi-vSphere/image-23.png -------------------------------------------------------------------------------- /virtualization/esxi-vSphere/image-24.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/virtualization/esxi-vSphere/image-24.png -------------------------------------------------------------------------------- /virtualization/esxi-vSphere/image-25.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/virtualization/esxi-vSphere/image-25.png -------------------------------------------------------------------------------- /virtualization/esxi-vSphere/image-26.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/virtualization/esxi-vSphere/image-26.png -------------------------------------------------------------------------------- /virtualization/esxi-vSphere/image-27.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/virtualization/esxi-vSphere/image-27.png -------------------------------------------------------------------------------- /virtualization/esxi-vSphere/image-28.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/virtualization/esxi-vSphere/image-28.png -------------------------------------------------------------------------------- /virtualization/esxi-vSphere/image-29.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/virtualization/esxi-vSphere/image-29.png -------------------------------------------------------------------------------- /virtualization/esxi-vSphere/image-3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/virtualization/esxi-vSphere/image-3.png -------------------------------------------------------------------------------- /virtualization/esxi-vSphere/image-30.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/virtualization/esxi-vSphere/image-30.png -------------------------------------------------------------------------------- /virtualization/esxi-vSphere/image-31.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/virtualization/esxi-vSphere/image-31.png -------------------------------------------------------------------------------- /virtualization/esxi-vSphere/image-32.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/virtualization/esxi-vSphere/image-32.png -------------------------------------------------------------------------------- /virtualization/esxi-vSphere/image-33.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/virtualization/esxi-vSphere/image-33.png -------------------------------------------------------------------------------- /virtualization/esxi-vSphere/image-34.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/virtualization/esxi-vSphere/image-34.png -------------------------------------------------------------------------------- /virtualization/esxi-vSphere/image-35.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/virtualization/esxi-vSphere/image-35.png -------------------------------------------------------------------------------- /virtualization/esxi-vSphere/image-4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/virtualization/esxi-vSphere/image-4.png -------------------------------------------------------------------------------- /virtualization/esxi-vSphere/image-5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/virtualization/esxi-vSphere/image-5.png -------------------------------------------------------------------------------- /virtualization/esxi-vSphere/image-6.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/virtualization/esxi-vSphere/image-6.png -------------------------------------------------------------------------------- /virtualization/esxi-vSphere/image-7.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/virtualization/esxi-vSphere/image-7.png -------------------------------------------------------------------------------- /virtualization/esxi-vSphere/image-8.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/virtualization/esxi-vSphere/image-8.png -------------------------------------------------------------------------------- /virtualization/esxi-vSphere/image-9.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/virtualization/esxi-vSphere/image-9.png -------------------------------------------------------------------------------- /virtualization/esxi-vSphere/image.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/virtualization/esxi-vSphere/image.png -------------------------------------------------------------------------------- /virtualization/vCenter/README.md: -------------------------------------------------------------------------------- 1 | # Installing and Configuring vCenter Server Appliance 2 | 3 | ![alt text](image.png) 4 | 5 | ## Objective 6 | 7 | In this lab, you will learn how to deploy and configure the vCenter Server Appliance using the Installer Method. By the end of this lab, you will have a functioning vCenter Server in your virtualized environment. 8 | 9 | --- 10 | 11 | ## Prerequisites (Reminder) 12 | 13 | Ensure you meet the following requirements before starting: 14 | 15 | 1. **VMware ESXi Host**: Version 6.5 or higher. 16 | 2. **Network Configuration**: Ensure DNS and NTP servers are configured. 17 | 3. **System Requirements**: 18 | 19 | | Component | Minimum Requirement | 20 | |-----------------------|-------------------------------------| 21 | | **CPU** | 2 vCPUs | 22 | | **Memory** | 12 GB RAM | 23 | | **Disk Space** | 250 GB (based on deployment size) | 24 | 25 | --- 26 | 27 | --- 28 | 29 | ## Installation Methods Overview 30 | 31 | There are several methods available to deploy the vCenter Server Appliance. Choose the one that best fits your environment and requirements: 32 | 33 | 1. **Installer Method**: Uses a GUI-based installer available on Windows, Mac, and Linux. This is the method we'll use in this lab. 34 | 2. **CLI Deployment**: Allows for automated deployments using a JSON configuration file, which is useful for scripting and large-scale environments. 35 | 3. **vSphere Lifecycle Manager**: This method integrates with vSphere Update Manager for streamlined upgrades and deployment within an existing VMware environment. 36 | 4. **Direct ESXi Console (OVF/OVA)**: Deploys the vCenter Appliance using an OVF or OVA file directly from the ESXi host, offering a manual option for more control. 37 | 38 | > **Note**: In this lab, we’ll focus on the **Installer Method** as it’s the most user-friendly and provides a straightforward GUI for setup. 39 | 40 | --- 41 | 42 | ## Step-by-Step Lab Instructions 43 | 44 | ### Step 1: Download the vCenter Server Appliance ISO 45 | 46 | 1. Visit VMware's official website and download the vCenter Server Appliance ISO. 47 | 2. Mount the ISO on your workstation to access the installer. 48 | 49 | ### Step 2: Launch the vCenter Installer 50 | 51 | 1. Open the mounted ISO and navigate to the `vcsa-ui-installer` folder. 52 | 2. Open the folder for your operating system (`win32` for Windows) and run **installer.exe**. 53 | 3. In the Installer window, select **Install** to begin. 54 | 55 | ![alt text](image-1.png) 56 | 57 | ![alt text](image-2.png) 58 | 59 | #### Introduction to vCenter Server Installation 60 | 61 | The installation of vCenter Server 8.0 is a streamlined two-stage process designed to deploy and configure your vCenter Server appliance efficiently. This installer guides you through each stage to ensure a smooth setup. 62 | 63 | **Overview of the Installation Stages** 64 | 65 | 1. **Stage 1: Deploy vCenter Server** 66 | - In the first stage, we will deploy a new vCenter Server instance to a target environment, which can be either an ESXi host or a compute resource within an existing vCenter Server. This stage primarily involves selecting deployment options and configuring the basic environment for the vCenter Server. 67 | 68 | 2. **Stage 2: Set Up vCenter Server** 69 | - The second stage finalizes the installation by setting up essential configurations on the deployed vCenter Server appliance. This includes configuring Single Sign-On (SSO), time synchronization, and other initial settings. 70 | 71 | After completing both stages, the vCenter Server will be fully operational and ready to manage your virtual environment. 72 | 73 | 74 | ### Step 3: Stage 1 - Deploy vCenter Server Appliance 75 | 76 | #### 3.1 Start Deployment 77 | 78 | 1. Click **Next** on the introduction screen. 79 | 2. Accept the **End User License Agreement (EULA)** and click **Next**. 80 | 81 | ![alt text](image-3.png) 82 | 83 | #### 3.2 Configure Deployment Target 84 | 85 | 1. Enter the **ESXi host** IP address or **Fully Qualified Domain Name (FQDN)** where you want to deploy vCenter. 86 | - **Note:** If you do not have an FQDN, you must enter the IP address of the ESXi host on which you want to install vCenter. 87 | 2. Provide the **ESXi host credentials** (username and password) and click **Next**. 88 | 89 | ![alt text](image-4.png) 90 | 91 | #### 3.3 Set Up Appliance VM 92 | 93 | 1. Enter a **name** for the vCenter Server Appliance VM. 94 | 2. Set and confirm a **root password**. 95 | 3. Click **Next**. 96 | 97 | ![alt text](image-5.png) 98 | 99 | #### 3.4 Select Deployment Size 100 | 101 | 1. Choose an appropriate **deployment size** based on your environment needs. vCenter Server offers different deployment sizes to accommodate various environments, each with specific resource requirements. The available options are: 102 | - **Tiny**: Suitable for environments with up to 10 hosts and 100 virtual machines. 103 | - **Small**: Designed for environments with up to 100 hosts and 1,000 virtual machines. 104 | - **Medium**: Ideal for environments with up to 400 hosts and 4,000 virtual machines. 105 | - **Large**: For larger environments with up to 1,000 hosts and 10,000 virtual machines. 106 | - **X-Large**: Supports very large environments with up to 2,000 hosts and 35,000 virtual machines. 107 | 108 | > **Note**: For more details on each deployment size and guidance on selecting the best fit for your environment, refer to the course materials. 109 | 110 | > **Note**: In this lab we will us only the Tiny size 111 | 112 | 2. Click **Next** to proceed with the selected deployment size. 113 | 114 | 115 | ![alt text](image-6.png) 116 | 117 | #### 3.5 Select Datastore 118 | 119 | 1. Select the **datastore** to host the vCenter Server Appliance. 120 | 2. Enable **thin disk mode** if you want to conserve disk space. 121 | 3. Click **Next**. 122 | 123 | 124 | ![alt text](image-7.png) 125 | 126 | 127 | ### Install on a New vSAN Cluster Containing the Target Host 128 | 129 | The **"Install on a new vSAN cluster containing the target host"** option refers to setting up vCenter Server on a **vSAN (VMware vSphere Virtual SAN)** cluster that includes the target host for deployment. 130 | 131 | #### Explanation 132 | 133 | 1. **vSAN Cluster Creation**: 134 | - vSAN is VMware's software-defined storage solution integrated directly into the ESXi hypervisor. 135 | - It combines local storage from multiple ESXi hosts in a cluster to create a distributed storage resource for virtual machines. 136 | - When creating a new vSAN cluster, you combine the storage resources of several hosts, providing shared storage across the cluster. 137 | 138 | 2. **Target Host Inclusion**: 139 | - The "target host" is the ESXi server on which vCenter Server is being deployed. 140 | - For this installation option, the target host must be a member of the vSAN cluster. 141 | - This allows vCenter Server to use the vSAN datastore as its primary storage both during and after the installation. 142 | 143 | 3. **Deploying vCenter Server**: 144 | - By choosing this option, vCenter Server will be installed on a datastore within the newly created vSAN cluster. 145 | - This setup is commonly used in environments with hyperconverged infrastructure, simplifying storage management and providing high availability for vCenter Server without requiring traditional SAN or NAS storage. 146 | 147 | #### Benefits 148 | 149 | - **High Availability**: vSAN offers built-in redundancy and fault tolerance, ensuring that vCenter Server remains operational even if individual hosts or drives fail. 150 | - **Scalability**: The vSAN cluster can be scaled by adding more hosts, providing additional storage and compute resources for the vCenter environment. 151 | - **Simplified Management**: vSAN simplifies storage management by eliminating the need for external storage hardware, ideal for streamlined data center environments. 152 | 153 | > **Note**: This deployment option is often chosen in advanced, high-availability environments or hyperconverged setups where vSAN is used for efficient, resilient storage. 154 | 155 | 156 | #### 3.6 Configure Network Settings 157 | 158 | 1. Select the **network** for the vCenter Server to connect to. 159 | 2. Choose **IP allocation method** (DHCP or Static). 160 | 3. If using a static IP, enter the IP address, subnet mask, gateway, and DNS servers. 161 | 4. Click **Next**. 162 | 163 | 164 | ![alt text](image-8.png) 165 | 166 | #### 3.7 Complete Deployment 167 | 168 | 1. Review the configuration summary and click **Finish** to begin the deployment. 169 | 170 | > **Note**: Deployment may take a few minutes. 171 | 172 | 173 | ![alt text](image-9.png) 174 | 175 | ![alt text](image-11.png) 176 | 177 | ![alt text](image-10.png) 178 | 179 | 180 | ### Step 4: Stage 2 - Configure vCenter Server Appliance 181 | 182 | #### 4.1 Begin Configuration 183 | 184 | Once Stage 1 completes, click **Continue** to proceed to Stage 2 configuration. 185 | 186 | #### 4.2 Configure Time Synchronization and NTP 187 | 188 | 1. Choose whether to synchronize time with the **ESXi host** or use an **NTP server**. 189 | 2. If using NTP, enter the NTP server details. 190 | 3. Click **Next**. 191 | 192 | 193 | ### 4.2 Configure Time Synchronization and NTP 194 | 195 | In this lab, you will configure time synchronization for your **ESXi host**. Follow the steps below to complete the configuration. 196 | 197 | 1. **Choose Time Synchronization Method:** 198 | - Select whether you want to synchronize the time with the **ESXi host** or use an **NTP server**. 199 | - **Option 1:** Sync with the ESXi host time. 200 | - **Option 2:** Use an NTP server for time synchronization. 201 | 202 | 2. **If using NTP:** 203 | - Enter the **NTP server** details. Make sure to input the correct NTP server address (e.g., `time.nist.gov`). 204 | 205 | 3. **Activate SSH (optional):** 206 | - If you want to activate SSH for remote management or troubleshooting, ensure that SSH access is enabled on the ESXi host. 207 | - To enable SSH later, go to **Host** > **Actions** > **Services** > **Enable Secure Shell (SSH)**. 208 | 209 | 4. **Proceed:** 210 | - After configuring the time synchronization and optional SSH settings, click **Next** to save your changes and continue. 211 | 212 | 213 | ![alt text](image-12.png) 214 | 215 | 216 | #### 4.3 Set Up Single Sign-On (SSO) 217 | 218 | 1. **Choose Single Sign-On (SSO) Domain Setup:** 219 | - You will need to choose whether to **create a new SSO domain** or **join an existing one**. 220 | - **Create a New Domain:** If this is a fresh setup and you don’t have an existing domain, choose to create a new SSO domain. 221 | - **Join an Existing Domain:** If you're integrating with an existing vSphere environment that already has an SSO domain, choose to join the existing domain. 222 | 223 | 2. **Create a New Domain:** 224 | - If you are creating a new domain, you will need to provide the following details: 225 | - **Domain Name:** Enter a unique name for the SSO domain. For example, you might use `vsphere.local` (a common default domain name). 226 | - **Administrator Password:** Set a strong password for the SSO administrator account. This account will have full administrative access to the SSO domain and its services. 227 | 228 | 3. **Click Next:** 229 | - After entering the required domain information, click **Next** to proceed with the configuration. 230 | - This will set up the SSO domain and allow you to manage authentication across your vSphere environment. 231 | 232 | 233 | ![alt text](image-13.png) 234 | 235 | #### 4.4 Enable Telemetry (Optional) 236 | 237 | 1. Choose whether to participate in the **Customer Experience Improvement Program (CEIP)**. 238 | 2. Click **Next**. 239 | 240 | 241 | #### 4.5 Review Configuration 242 | 243 | 1. Review the settings summary. 244 | 2. Click **Finish** to complete the configuration. 245 | 246 | > **Note**: The configuration will take a few minutes. Once completed, a confirmation screen will appear. 247 | 248 | 249 | ![alt text](image-14.png) 250 | 251 | ![alt text](image-15.png) 252 | 253 | ![alt text](image-16.png) 254 | 255 | 256 | ### Step 5: Access and Initial Configuration of vCenter 257 | 258 | In this step, you'll access the **vCenter Server** and perform some initial configuration tasks to get started with managing your vSphere environment. 259 | 260 | #### 1. Access the vCenter Server 261 | - Open a web browser and navigate to the vCenter Server login page by entering the following URL:### Step 5: Access and Initial Configuration of vCenter 262 | 263 | In this step, you'll access the **vCenter Server** and perform some initial configuration tasks to get started with managing your vSphere environment. 264 | 265 | #### 1. Access the vCenter Server 266 | - Open a web browser and navigate to the vCenter Server login page by entering the following URL: https:///ui 267 | 268 | 269 | Replace `` with the actual IP address or fully qualified domain name (FQDN) of your vCenter Server. 270 | 271 | #### 2. Log in with SSO Administrator Credentials 272 | - Once the login page loads, enter the **SSO administrator credentials** you created earlier during the **Single Sign-On (SSO)** setup. 273 | - **Username:** `administrator@vsphere.local` 274 | - **Password:** Enter the password you set for the **SSO administrator**. 275 | 276 | ![alt text](image-17.png) 277 | 278 | ![alt text](image-18.png) 279 | 280 | ### Step 6: Perform Initial Configuration Tasks 281 | 282 | After logging in successfully to your vCenter Server, you will access the vCenter interface. Follow these initial configuration steps to set up your environment for management. 283 | 284 | #### 1. Create a New Datacenter 285 | - Begin by creating a **new datacenter** to organize your resources. 286 | - In the vCenter interface, navigate to the **Hosts and Clusters** view. 287 | - Right-click on the root node (or select **New Datacenter** from the toolbar). 288 | - Provide a name for the datacenter (e.g., `Datacenter1`), and click **OK** to create the datacenter. 289 | 290 | 291 | ![alt text](image-19.png) 292 | 293 | #### 2. Create a New Cluster 294 | - After creating the datacenter, create a **new cluster** within that datacenter. 295 | - Right-click the newly created datacenter and select **New Cluster**. 296 | - Provide a name for the cluster (e.g., `Cluster1`), and configure any other settings like **DRS** (Distributed Resource Scheduler) and **HA** (High Availability) based on your environment’s requirements. 297 | - Click **OK** to create the cluster. 298 | 299 | ![alt text](image-20.png) 300 | 301 | 302 | #### 2. Add ESXi Hosts to vCenter 303 | - After creating the datacenter, you can start adding **ESXi hosts**. 304 | - In the **Hosts and Clusters** view, select the datacenter you just created. 305 | - Right-click the datacenter and choose **Add Host**. 306 | - Enter the IP address or FQDN of the **ESXi host** you want to add. 307 | - Follow the prompts to complete the process of adding the host, providing the correct credentials for the ESXi host. 308 | - Repeat the process to add more ESXi hosts as needed. 309 | 310 | 311 | ![alt text](image-21.png) 312 | 313 | ![alt text](image-22.png) 314 | 315 | 316 | #### 3.Lockdown Mode 317 | 318 | Lockdown Mode is a security feature for **ESXi hosts** that restricts remote access to the host. When enabled, only specific authorized methods can access the host, adding an extra layer of security to the environment. 319 | 320 | **Options for Lockdown Mode** 321 | When configuring lockdown mode on an ESXi host, you have the following options: 322 | 323 | - **Disabled** 324 | Lockdown mode is turned off, allowing remote users to log in to the host directly if they have the necessary credentials. This is the default setting. 325 | 326 | - **Normal** 327 | In Normal mode, the host is accessible only through: 328 | - **Local console**: Directly through a physical console or terminal attached to the host. 329 | - **vCenter Server**: Through centralized management using vCenter. 330 | 331 | This mode restricts direct access to the ESXi host from remote locations, requiring users to access the host through a centralized management tool or directly at the local console. 332 | 333 | - **Strict** 334 | In Strict mode, the host can only be accessed through **vCenter Server**. All other access methods, including the Direct Console User Interface (DCUI), are disabled, and the DCUI service is stopped. This mode provides the highest level of security by requiring all host management to be performed through vCenter. 335 | 336 | > **Note**: If you are unsure whether to enable lockdown mode, it’s best to leave it **disabled**. You can configure lockdown mode later by editing the **Security Profile** in the host settings. 337 | 338 | ### Summary 339 | | Lockdown Mode Option | Description | 340 | |----------------------|-------------| 341 | | **Disabled** | No restrictions on remote access to the host. | 342 | | **Normal** | Access restricted to local console and vCenter Server only. | 343 | | **Strict** | Access restricted to vCenter Server only; DCUI service stopped. | 344 | 345 | --- 346 | 347 | 348 | ![alt text](image-23.png) 349 | 350 | 351 | ![alt text](image-24.png) 352 | -------------------------------------------------------------------------------- /virtualization/vCenter/image-1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/virtualization/vCenter/image-1.png -------------------------------------------------------------------------------- /virtualization/vCenter/image-10.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/virtualization/vCenter/image-10.png -------------------------------------------------------------------------------- /virtualization/vCenter/image-11.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/virtualization/vCenter/image-11.png -------------------------------------------------------------------------------- /virtualization/vCenter/image-12.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/virtualization/vCenter/image-12.png -------------------------------------------------------------------------------- /virtualization/vCenter/image-13.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/virtualization/vCenter/image-13.png -------------------------------------------------------------------------------- /virtualization/vCenter/image-14.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/virtualization/vCenter/image-14.png -------------------------------------------------------------------------------- /virtualization/vCenter/image-15.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/virtualization/vCenter/image-15.png -------------------------------------------------------------------------------- /virtualization/vCenter/image-16.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/virtualization/vCenter/image-16.png -------------------------------------------------------------------------------- /virtualization/vCenter/image-17.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/virtualization/vCenter/image-17.png -------------------------------------------------------------------------------- /virtualization/vCenter/image-18.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/virtualization/vCenter/image-18.png -------------------------------------------------------------------------------- /virtualization/vCenter/image-19.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/virtualization/vCenter/image-19.png -------------------------------------------------------------------------------- /virtualization/vCenter/image-2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/virtualization/vCenter/image-2.png -------------------------------------------------------------------------------- /virtualization/vCenter/image-20.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/virtualization/vCenter/image-20.png -------------------------------------------------------------------------------- /virtualization/vCenter/image-21.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/virtualization/vCenter/image-21.png -------------------------------------------------------------------------------- /virtualization/vCenter/image-22.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/virtualization/vCenter/image-22.png -------------------------------------------------------------------------------- /virtualization/vCenter/image-23.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/virtualization/vCenter/image-23.png -------------------------------------------------------------------------------- /virtualization/vCenter/image-24.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/virtualization/vCenter/image-24.png -------------------------------------------------------------------------------- /virtualization/vCenter/image-3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/virtualization/vCenter/image-3.png -------------------------------------------------------------------------------- /virtualization/vCenter/image-4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/virtualization/vCenter/image-4.png -------------------------------------------------------------------------------- /virtualization/vCenter/image-5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/virtualization/vCenter/image-5.png -------------------------------------------------------------------------------- /virtualization/vCenter/image-6.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/virtualization/vCenter/image-6.png -------------------------------------------------------------------------------- /virtualization/vCenter/image-7.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/virtualization/vCenter/image-7.png -------------------------------------------------------------------------------- /virtualization/vCenter/image-8.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/virtualization/vCenter/image-8.png -------------------------------------------------------------------------------- /virtualization/vCenter/image-9.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/virtualization/vCenter/image-9.png -------------------------------------------------------------------------------- /virtualization/vCenter/image.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mehdiaitsaid/devops-course/a7a660989c3ab7a8fbf61855637e3fe0e628627c/virtualization/vCenter/image.png --------------------------------------------------------------------------------