Introduction

Owncloud is pretty awesome, it provides me with my files everywhere I want on the world. However sometimes accessing my files is rather trivial. Think in terms of hotel lobbies, public access points. Sometimes there are some real restrictions on ports being used. By default my ISP blocks all server traffic below 1024, which is in my opinion a rather rude. I want my files! Luckily we can use the Amazon t1.micro (free tier) to provide a solution to this.

Preparing the Amazon image

So select a free tier Amazon t1.micro. This should be free the first year so no worries. As for configuration. Open the SSL and HTTPS port. Once this instance is running login to the instance as ‘ec2-user’ with your certificate file.

Installing HAProxy

Before we can compile we need to install the build tools.

sudo yum install -y make gcc openssl-devel pcre-devel pcre-static

Now download HAProxy and build it.

cd ~
wget http://haproxy.1wt.eu/download/1.5/src/devel/haproxy-1.5-dev24.tar.gz
tar -xzf haproxy-1.5-dev24.tar.gz
cd haproxy-1.5-dev24
 
make clean
make USE_OPENSSL=1 TARGET=linux26 USE_STATIC_PCRE=1
sudo make install

By default HAProxy is installed in the /usr/local folder, create a logical link or change the variable from the make.

sudo ln -s /usr/local/sbin/haproxy /usr/sbin/haproxy

Because we installed from source, there is no service script. So let’s create one.

sudo nano /etc/init.d/haproxy
#!/bin/sh
#
# haproxy
#
# chkconfig:   - 85 15
# description:  HAProxy is a free, very fast and reliable solution \
#               offering high availability, load balancing, and \
#               proxying for TCP and  HTTP-based applications
# processname: haproxy
# config:      /etc/haproxy/haproxy.cfg
# pidfile:     /var/run/haproxy.pid
 
# Source function library.
. /etc/rc.d/init.d/functions
 
# Source networking configuration.
. /etc/sysconfig/network
 
# Check that networking is up.
[ "$NETWORKING" = "no" ] && exit 0
 
exec="/usr/sbin/haproxy"
prog=$(basename $exec)
 
[ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog
 
lockfile=/var/lock/subsys/haproxy
 
check() {
    $exec -c -V -f /etc/$prog/$prog.cfg
}
 
start() {
    $exec -c -q -f /etc/$prog/$prog.cfg
    if [ $? -ne 0 ]; then
        echo "Errors in configuration file, check with $prog check."
        return 1
    fi
 
    echo -n $"Starting $prog: "
    # start it up here, usually something like "daemon $exec"
    daemon $exec -D -f /etc/$prog/$prog.cfg -p /var/run/$prog.pid
    retval=$?
    echo
    [ $retval -eq 0 ] && touch $lockfile
    return $retval
}
 
stop() {
    echo -n $"Stopping $prog: "
    # stop it here, often "killproc $prog"
    killproc $prog
    retval=$?
    echo
    [ $retval -eq 0 ] && rm -f $lockfile
    return $retval
}
 
restart() {
    $exec -c -q -f /etc/$prog/$prog.cfg
    if [ $? -ne 0 ]; then
        echo "Errors in configuration file, check with $prog check."
        return 1
    fi
    stop
    start
}
 
reload() {
    $exec -c -q -f /etc/$prog/$prog.cfg
    if [ $? -ne 0 ]; then
        echo "Errors in configuration file, check with $prog check."
        return 1
    fi
    echo -n $"Reloading $prog: "
    $exec -D -f /etc/$prog/$prog.cfg -p /var/run/$prog.pid -sf $(cat /var/run/$prog.pid)
    retval=$?
    echo
    return $retval
}
 
force_reload() {
    restart
}
 
fdr_status() {
    status $prog
}
 
case "$1" in
    start|stop|restart|reload)
        $1
        ;;
    force-reload)
        force_reload
        ;;
    check)
        check
        ;;
    status)
        fdr_status
        ;;
    condrestart|try-restart)
        [ ! -f $lockfile ] || restart
        ;;
    *)
        echo $"Usage: $0 {start|stop|status|restart|try-restart|reload|force-reload}"
        exit 2
esac

And assign execute rights.

sudo chmod +x /etc/init.d/haproxy

Configuration of HAProxy

now to configure HAProxy create the config file.

sudo mkdir -p /etc/haproxy
sudo nano /etc/haproxy/haproxy.cfg

To forward an HTTPS port use the mode TCP. This example forwards from the IP 255.255.255.255 (example). It proxifies (or tunnels) port 22443 to 443 and 22222 to 2222.

global
       daemon
       maxconn 10000
 
defaults
       timeout connect 500s
       timeout client 5000s
       timeout server 1h
 
frontend https_proxy
        mode tcp
        bind *:443
        default_backend https_servers
 
frontend ssh_proxy
        bind *:2222
        mode tcp
        default_backend ssh_servers
 
backend ssh_servers
        mode tcp
        server ssh 255.255.255.255:22222
 
backend https_servers
        mode tcp
        server server1 255.255.255.255:22443

This should do it. Your SSH and HTTPS connection are routed trough Amazon.

As for Owncloud (version 6.x), you will need to add your domain (example: ec2-255-255-255-255.eu-west-1.compute.amazonaws.com) to the config/config.php file:

  'trusted_domains' =>
  array (
    0 => '...........',
  ),

Introduction

With AWS you can add ephemeral storage to an EC2 instance. The downside of this storage is that it’s gone once you reboot the machine. This makes it perfectly suitable for swapspace. However you can’t add this swap to your /etc/fstab file. It will block the booting of your EC2 instance, as ephemeral storage will always reset. Any swap partitions assigned will vanish.

My way of coping with this is creating a little service that creates the swap at boot time.

Code

Let’s create a service named ‘swapon’.

sudo nano /etc/init.d/swapon

And add the following content:

# chkconfig: 2345 95 20
# description: Adding swap to ephemeral0
# Adding swap to ephemeral0
# processname: swap
dd if=/dev/zero of=/media/ephemeral0/swap bs=1024 count=8M
mkswap /media/ephemeral0/swap
chown root:root /media/ephemeral0/swap
chmod 600 /media/ephemeral0/swap
swapon /media/ephemeral0/swap

This service will generate a swap file of 8GB (hence the 8M * 1024byte). If you need less or more, change the ‘count’ parameter.

Now last step: let’s assign execute rights and enable this script/service at boot time.

sudo chmod +x /etc/init.d/swapon
sudo chkconfig --level 345 swapon on

Now your swap will be created every time you boot (or reboot) your EC2 instance. The only drawback of this method is that it will run in the background and your swap won’t be immediately available. But adding swap won’t block your machine boot process.

Example: my m1.small instance it takes about 5 minutes to create an 8GB swap file.

Introduction

By default Amazon Webservices doesn’t assigns the ephemeral storage. I don’t know whether or not this is done to favor their EBS products. But once you created a machine. It’s a real pain in the ass to enable it. At the moment of writing there is no way to add ephemeral storage to an existing EC2 instance. The only way I found to do this is to migrate the instance to a new one.

Procedure

Step 1: Shutdown the EC2 instance you wish to migrate.
Step 2: Write down the associated and attached EBS volumes from the EC2 instance.
Step 3: In the EC2 dashboard, go to the ‘Volumes’ section of the ‘Elastic Block Store’ menu, from there right click on all attached volumes and detach these.
Step 4: Go to the instances menu, right click on your EC2 instance and select ‘Launch more like this’. It’s also possible to create one from scratch but with the ‘Launch more like this’ option you will have the same configuration pre-selected.

Now from the ‘Storage’ options you can select the ‘Edit Storage’ option.
Press ‘Add new volume’ and select ‘Instance Store 0’. This is your ephemeral storage. It will depend how much you can assign. An m1.medium instance will have one 410GB disk drive.

More information at: Amazon EC2 Instance Store – Amazon Elastic Compute Cloud.
Step 5: Once your EC2 instance is created, stop it.
Step 6: Once your EC2 instance has been shutdown, move to the ‘Volumes’ section again and detach the newly created volume from the newly created EC2 instance.
Step 7: Attach the old volumes from the to migrate instance to your newly created one and attach it on the associated mappings. (Don’t worry, /dev/sda1, is ok to assign)
Step 8: Delete the volume created from the ‘Launch more like this’ option and start your new EC2 instance. You can also delete the old EC2 instance. We won’t need it anymore.

The only downside of this procedure is that the new instance will have a new instance id. Hopefully Amazon adds a way to do this once the runtime has been created.