XWiki on Ubuntu 16.04 LTS with Nginx Reverse Proxy

Install XWiki and all dependant programs on a 4 GB cloud server. This means:

1) Java
2) Tomcat
3) MySQL/MariaDB
4) XWiki
5) Nginx

Here we use Nginx as a reverse proxy to firstly redirect all HTTP to HTTPS and then forward all requests on port 80/443 to port 8080 (tomcat) on the localhost. Here I use LetsEncrytp for my SSL certificates.

Before we begin…

Setup DNS

wiki.dummydomains.org.uk ——>

Prepare the Server


Update and reboot the server.

apt-get update
apt-get dist-upgrade

Enable the firewall

ufw status
ufw enable
ufw allow ssh
ufw reload
ufw status

Install Oracle Java

This is a requirement before installing Tomcat or XWiki. At the time of writing, Java 8.x is recommended as 9.x is too new and has a number of known bugs still.

apt-get install software-properties-common
add-apt-repository ppa:webupd8team/java
apt-get update
apt-get install oracle-java8-installer

You will need to accept the license agreement:

Accept license agreement

Binary code license terms

Because many programs check for $JAVA_HOME, it is a good idea to set it now. If you don’t know the path, check with:

root@wiki:~# update-alternatives --config java
There is 1 choice for the alternative java (providing /usr/bin/java).

  Selection    Path                                     Priority   Status
  0            /usr/lib/jvm/java-8-oracle/jre/bin/java   1081      auto mode
* 1            /usr/lib/jvm/java-8-oracle/jre/bin/java   1081      manual mode

Press <enter> to keep the current choice[*], or type selection number:

Then edit your system $PATH variable so that the /usr/lib/jvm/java-8-oracle is the first path.

nano /etc/environment

Mine looks like this:

root@wiki:~# cat /etc/environment

You will need to log out and back in first but you can test with the below command.

root@wiki:~# echo $JAVA_HOME

Create Virtual Host and Generate SSL

Install Nginx and LetsEncrypt.


Install and configure Nginx.

apt-get install apache2-utils nginx
systemctl enable nginx

Create a very basic virtual host by editing the nginx configuration file and inserting your server name in the server_name variable.

vim /etc/nginx/sites-enabled/default

Mine looks like this.

root@wiki:~# egrep -v "^$|^[[:space:]]*#" /etc/nginx/sites-available/default 
server {
	listen 80 default_server;
	listen [::]:80 default_server;
	root /var/www/html;
	index index.html index.htm index.nginx-debian.html;
	server_name wiki.dummydomains.org.uk;
	location / {
		try_files $uri $uri/ =404;


systemctl restart nginx

Check it works!

Nginx test page
If it doesn’t, check the firewall…

Allow HTTP and HTTPS Traffic

If you use a local firewall like UFW or iptables, you will need to allow port 80 and 443.

ufw status
ufw allow http
ufw allow https
ufw status
ufw reload


add-apt-repository ppa:certbot/certbot
apt-get update
apt-get install python-certbot-nginx
certbot --nginx -d wiki.dummydomains.org.uk -d dummydomains.org.uk

Your certificate will get saved to /etc/letsencrypt/live/wiki.dummydomains.org.uk.

LetsEncrypt will edit your virtual hosts file.  The parts we are interested in are:

  listen 443 ssl; # managed by Certbot
  ssl_certificate /etc/letsencrypt/live/wiki.dummydomains.org.uk/fullchain.pem; # managed by Certbot
  ssl_certificate_key /etc/letsencrypt/live/wiki.dummydomains.org.uk/privkey.pem; # managed by Certbot
  include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
  ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

  if ($scheme != "https") {
    return 301 https://$host$request_uri;
  } # managed by Certbot


Install XWiki

Install XWiki.

wget -q "https://maven.xwiki.org/public.gpg" -O- | apt-key add -
wget "https://maven.xwiki.org/stable/xwiki-stable.list" -P /etc/apt/sources.list.d/
apt-get update

Search for XWiki packages to install.

apt-cache search xwiki

According to the official documentation, the enterprise version is out-of-date and the non-enterprise version should be used.

apt-get install xwiki-tomcat8-mysql

Set the root MySQL password:


Set root MySQL password
Set root MySQL password

When asked if you should configure the database with dbconfig-common, say yes.

Configure with dbconfig-common
Configure with dbconfig-common

MySQL application password:


Select application password
Select application password

Check tomcat8 is listening on port 8080:

root@wiki:~# netstat -plnt | grep :8080
tcp6       0      0 :::8080                 :::*                    LISTEN      15840/java

Check your memory usage:

root@wiki:~# free -h
              total        used        free      shared  buff/cache   available
Mem:           3.9G        487M        1.9G         10M        1.5G        3.3G
Swap:            0B          0B          0B

You will need to increase the default about of memory allocated to Java. Here’s how:

vim /etc/default/tomcat8


root@wiki:~# grep ^JAVA_OPTS /etc/default/tomcat8
JAVA_OPTS="-Djava.awt.headless=true -Xmx128m -XX:+UseConcMarkSweepGC"


root@wiki:~# grep ^JAVA_OPTS /etc/default/tomcat8
JAVA_OPTS="-Djava.awt.headless=true -Xmx1024m -XX:+UseConcMarkSweepGC"

Restart Tomcat

systemctl restart tomcat8

Test using using a browser:


If you’ve enabled a firewall and you want to test:

ufw allow 8080/tcp
ufw reload

However I’m not going to do this – I’m going to setup Nginx as a proxy first.

Configure Nginx

Remove the default virtual host configuration.

rm -v /etc/nginx/sites-enabled/default.conf
vim /etc/nginx/sites-available/wiki.dummydomains.org.uk.conf

My site configuration look as follows:

upstream tomcat {
  server fail_timeout=0;
  keepalive 64;

server {
  listen [::]:80;
  listen ssl;
  listen [::]:443 ssl;
  server_name wiki.dummydomains.org.uk dummydomains.org.uk;
  ssl_certificate /etc/letsencrypt/live/wiki.dummydomains.org.uk/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/wiki.dummydomains.org.uk/privkey.pem;
  include /etc/letsencrypt/options-ssl-nginx.conf;
  ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
  # redirect http to https
  if ($scheme != "https") {
    return 301 https://$host$request_uri;

  auth_basic "Authentication Required";
  auth_basic_user_file xwiki-access;

  location / {
    client_max_body_size 20M;
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-Server $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_pass_request_headers on;
    proxy_set_header Connection "keep-alive";
    proxy_store off;
    proxy_headers_hash_max_size 512;
    deny all;

    proxy_pass http://tomcat/;

I also want to password protect my wiki:

htpasswd -c /etc/nginx/xwiki-access andy

Enable the site:

cd /etc/nginx/sites-enabled/
ln -s ../sites-available/xwiki.dummydomains.org.uk.conf .

….and check configuration file for errors.

root@wiki:~# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Check config and restart Nginx:

systemctl restart nginx

Now try entering the following into your browser and complete the on-screen installation instructions:


Complete Installation

Here are few things I normally do after an installation.

Make Root Application

I want to make this Wiki instance the root web application and remove the trailing /xwiki from the URL.

systemctl stop tomcat8.service
mv -v /etc/tomcat8/Catalina/localhost/xwiki.xml /etc/tomcat8/Catalina/localhost/ROOT.xml
vim /etc/xwiki/xwiki-tomcat8.xml


<Context path="/xwiki" docBase="/usr/lib/xwiki" privileged="true" crossContext="true">
  <!-- make symlinks work in Tomcat -->
  <Resources allowLinking="true" />


<Context path="/" docBase="/usr/lib/xwiki" privileged="true" crossContext="true">
  <!-- make symlinks work in Tomcat -->
  <Resources allowLinking="true" />

Don’t forget to start Tomcat again:

systemctl start tomcat8.service

Now the URL is simply:


Enable superadmin

This is needed if you plan to import XWiki pages from a previous installation.

vim /etc/xwiki/xwiki.cfg

Find the following section.

#-# Enable to allow superadmin. It is disabled by default as this could be a
#-# security breach if it were set and you forgot about it. Should only be enabled
#-# for recovering the Wiki when the rights are completely messed.
# xwiki.superadminpassword=system

….and change to:

#-# Enable to allow superadmin. It is disabled by default as this could be a
#-# security breach if it were set and you forgot about it. Should only be enabled
#-# for recovering the Wiki when the rights are completely messed.

Don’t forget to restart Tomcat if necessary.

Update Cookie Encryption Keys

When a user logs in, three cookies are saved to their machine. These cookies are encrypted with the below details. First we need to get the two random strings of equal length.

root@wiki:~# date +%s | sha256sum | base64 | head -c 32 ; echo
root@wiki:~# date +%s | sha256sum | base64 | head -c 32 ; echo

Then edit the xwiki.cfg file.

vim /etc/xwiki/xwiki.cfg

Find the relevant section and edit to look like the below.


Don’t forget to restart Tomcat if necessary.

Complete the Installation

Login to complete the installation.

Log in
Log in

Click continue.

Installation wizard
Installation wizard

Register and log in.

Register and login
Register and login


Install xwiki
Install xwiki

Select 9.9 and continue.

Install 9.9
Install 9.9

Confirm installation again.

Confirm installation
Confirm installation



Continue again.

Continue again
Continue again

Confirm the report by clicking continue.

Confirm installation report
Confirm installation report

Installation complete!

Installation Complete
Installation Complete

Import old XWiki Content

Lets see if the import feature works!  Log in as the superadmin user and then navigate to the Administration section:


Then select Content, followed by Import:


Select the backup.xar that you (hopefully) took earlier and import all the content.

Package content
Package content

Select the following options.

Import options
Import options


X2Go on Ubuntu Server 14.04

In a previous post, I talked about my experience using X2Go with XFCE4 and Lubuntu.

XFCE4 via X2Go

Here is how it was achieved…..

On the Server

Here I’m using Ubuntu 14.04 LTS but you can install X2Go on just about any Linux distro.

Create a User Account

Create a regular user to run the desktop session under.

sudo useradd -m -s /bin/bash andrew
sudo passwd andrew

For your own sanity, I recommend you setup password-less key-based authentication as soon as possible……go, do it now!

Configure SSH

Open the main configuration file for the OpenSSH daemon process.

sudo vim /etc/ssh/sshd_config

Ensure X11 forwarding is enabled.

X11Forwarding yes

Don’t forget to test for configuration errors and restart the SSH service.

sudo sshd -t
sudo service ssh restart

Install Lightweight Desktop Environment

Both Lubuntu and XFCE4 work well, out-the-box with X2go. I installed both side-by-side for testing and both worked well together. You can even pause/suspend your Lubuntu or XFCE4 session and come back to it another time.


sudo apt-get install xfce4

Note, for some reason you will also need to install the following packages or you will have missing icons.

sudo apt-get install gnome-icon-theme-full tango-icon-theme

For Lubuntu

sudo apt-get install lubuntu-desktop

Along with (a load of) other packages, you will now have XOrg installed. This means, as long as X11 forwarding has been enabled on the client side of the SSH connection, you can now test X11 with a program like firefox if you have it installed already.

Install X2Go Server Software

Install the repository package if it’s not already installed.

sudo apt-get install software-properties-common

Add the X2Go repository and install packages. If using Ubuntu 10.04 or 12.04, install python-software-properties instead of the software-properties-common package.

sudo add-apt-repository ppa:x2go/stable
sudo apt-get update
sudo apt-get install x2goserver x2goserver-xsession

For information about other distributions, see the X2Go server installation page.

DE Bindings

If you installed Lubuntu, you may want to install the following package for Desktop Environment bindings. I don’t believe there is currently a desktop bindings package for XFCE4.

sudo apt-get install x2golxdebindings

This is probably a good place to reboot if like me you’ve installed a lot of new packages.

On the Client

Again, you can install the client on just about anything – including Windows! Here I am using Manjaro i3 Community Linux.

sudo pacman -S x2goclient

X2Go also has some other clients that look useful – like a Python one for example.

SSH Client Configuration

Make sure you have at least ForwardX11 yes in /etc/ssh/ssh_config or ~/.ssh/config.

Host *
ForwardX11 yes
ForwardX11Trusted yes

Test X11 Forwarding

You can test that X11 is being forwarded correctly by using SSH to log onto the remove server, from your local Linux desktop, and and issue the following.

andrew@loader:~$ firefox &
[1] 2257

You might also want to setup password-less SSH key-based authentication if you’ve not done so already.

Create Sessions

For Lubuntu, select Custom Desktop and enter the below for the command.

lxsession -e LXDE -s Lubuntu

For XFCE4, you can just select XFCE.

Lubuntu XFCE4

I’m using the i3wm – I found the best result in appearance using the Use whole display option under the Input/Output tab, and then select the display (monitor) you want to use.

i3wm compatible



Minimal Desktop Environment over SSH

So I wanted to install a Java desktop application and have it publicly available on a server somewhere. Using a light weight desktop environment on one of my cloud servers made sense – provided that is, I could find something reasonably secure.

I came across X2Go and decided to give it a try on one of my Rackspace cloud servers. I used a 2 GB General Purpose v1 server and was surprised at how low the resource usage was – and consequentially how quick and responsive it all felt.

X2Go is a remote desktop tool that uses the NX technology protocol and operates entirely over a secure SSH connection. Using SSH keys makes the process of logging in pretty painless too!

I’m using Ubuntu 14.04 LTS for the OS, on the server and Manjaro i3 community edition on my local desktop, as the client. On the server I tried both XFCE4 and Lubuntu as the Desktop Environments.

Lubuntu via X2Go

Personally I think I prefer XFCE4 as it was slightly easier to install and lightning quick to use. When I used Lubuntu, the start menu could take a while (like a minute!) to load. Once it had loaded though, it too was lightning quick. And to be fair to Lubuntu, I didn’t really look into it much further.

XFCE4 using X2Go

As a note to my future self, here’s what you need to do.

Rackspace DNS

Log into the Rackspace cloud control panel and click on on the DNS tab at the top of the screen.

Create Domain

Then click on Create Domain, fill out the details, and click Create Domain again to complete.

Create Zone

And that’s it! You have created a zone file for your domain.

Now we need to add a DNS record. You can do this by clicking Actions --> Add DNS Record... or simply click Add Record.

Create an A Record
Create an A Record

Here we create an A Record. Now all requests for pikedom.com will resolve to the IP address of my web server. I also create an CNAME Record so that www.pikedom.com points to pikedom.com.

Create CNAME Record
Create CNAME Record

Now our simple zone file is complete and people should be able to easily find your site.

All Records

Now all we need to do is change the name servers that are responsible for managing your DNS. That means logging into the control panel of your domain name registrar (the people you leave your domain name from) and change the name servers for your domain to the below. For example, if you lease your domain name through GoDaddy.com, then you need to log into their control panel and repoint your name servers.

– dns1.stabletransit.com
– dns2.stabletransit.com

Once you have repointed your name servers, the changes can take some time to propagate around the world. You can get an idea of the current state by navigating to www.whatsmydns.net and searching for an A Record for your domain.

Whats My DNS

Here you can see the changes have currently only been picked up in some parts of South East Asia.

Install NewRelic Server Monitoring Agent on Ubuntu 14.04 LTS

NewRelic is a real-time monitoring tool that has a number of useful plugins. Here I am installing the server monitoring agent to keep track of my servers health.

NewRelic - Server Monitoring

To install the server monitoring agent, first add the repository…

echo deb http://apt.newrelic.com/debian/ newrelic non-free >> /etc/apt/sources.list.d/newrelic.list
wget -O- https://download.newrelic.com/548C16BF.gpg | apt-key add -
apt-get update

…then install the monitoring agent….

apt-get install newrelic-sysmond

Configure and start server monitoring daemon…

nrsysmond-config --set license_key=<your_key_here>
/etc/init.d/newrelic-sysmond start

And here’s what the server monitoring overview page looks like.

NewRelic - Server Overview

Related Documents

newrelic.com: New Relic Servers for Linux

Rackspace Cloud Monitoring Agent

The Rackspace cloud monitoring agent allows you to monitor CPU, memory, filesystem usage and system processes. It does this by collecting information about the system and pushing it out to Rackspace Cloud Monitoring web services, where they can be analyzed, graphed, and alerted on. It is this technology that the Rackspace monitoring checks are built upon.

Plus you get a nice pretty little bar graph in the server details section of the control panel 🙂

Rackspace monitoring agent

Install the Agent

While the instructions used here are for Ubuntu 14.04 LTS, this page lists the exact commands needed for all major distros.

wget http://meta.packages.cloudmonitoring.rackspace.com/ubuntu-14.04-x86_64/rackspace-cloud-monitoring-meta-stable_1.0_all.deb
dpkg -i rackspace-cloud-monitoring-meta-stable_1.0_all.deb
apt-get update
apt-get install rackspace-monitoring-agent

If your distribution of choice isn’t listed, you can always install from source.

Configure and Start Daemon

If the /etc/rackspace-monitoring-agent.cfg file isn’t present, you will need to choose one of the methods below to start the service.

Quick Method

Run the below commands, replacing the username and API key with your own.

rackspace-monitoring-agent --setup --username <your-username> --apikey <your-api-key>
rackspace-monitoring-agent start -D

Interactive Method

Alternatively you can simply run the below to interactively enter your username and your API key or password.

rackspace-monitoring-agent --setup

Followed by…

service rackspace-monitoring-agent start


The monitoring agent does not update itself. However, if you installed using a package manager, such as apt-get, agent updates will be pulled in and applied with regular system updates anyway.

apt-get update
apt-get dist-upgrade

Uninstalling the Agent

Assuming you didn’t install from source and you used your distros package manager, you will uninstall with the same method. I am using Ubuntu, so…

apt-get remove rackspace-monitoring-agent

Or if you’re using CentOS/RHEL.

yum remove rackspace-monitoring-agent

Related Documents






Protect Your Cloud Infrastructure Servers with Isolated Cloud Networks

Create a Private Cloud Network

Create an isolated cloud network. Here I am using the supernova client to communicate with the Rackspace OpenStack API.

supernova uk network-create "Infrastructure" ""
| Property | Value                                |
| cidr     |                       |
| id       | 4d15b8ad-45c5-4169-a4fa-d36f1a776efd |
| label    | Infrastructure                       |

Take note of the id – you’ll need it shortly!

Create a Proxy Server and Attach to the Private Network

supernova uk boot proxy-bast --flavor 2 --image 189678ca-fe2c-4b7a-a986-30c3660edfa5 --nic net-id=4d15b8ad-45c5-4169-a4fa-d36f1a776efd

The above creates a server using the CentOS 6.6 image. Other images of interest are:

| ID                                   | Name                                     | Status |
| 189678ca-fe2c-4b7a-a986-30c3660edfa5 | CentOS 6 (PVHVM)                         | ACTIVE |
| f8ae535e-67c0-41a5-bf55-b06d0ee40cc2 | CentOS 7 (PVHVM)                         | ACTIVE |
| 6909f56c-bd77-411a-8c0e-c37876b68d1d | Ubuntu 14.04 LTS (Trusty Tahr) (PVHVM)   | ACTIVE |

Proxy Bastion Configuration

Later we create a cloud server with no public IP, which is protected by sitting behind our proxy bastion. From the bastion side, in order for our protected server to have access to the internet, we need to apply firewall rules for IP forwarding and Network Address Translation. This process differs depending on which distribution you use. Here I cover CentOS 6.6, CentOS 7 and Ubutnu 14.04.

CentOS 6.6

Under CentOS 6.6 and before, you need to configure IPTables to do the forwarding and the Network Address Translation (NAT). We will be forwarding the traffic from the eth2 interface, out through the eth0 interface. We also use Static NAT or MASQUERADE so that traffic coming from our protected infrastructure, takes on the public IP address of our proxy bastion.

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether bc:76:4e:08:40:d8 brd ff:ff:ff:ff:ff:ff
    inet brd scope global eth0
    inet6 2a00:1a48:7805:113:be76:4eff:fe08:40d8/64 scope global 
       valid_lft forever preferred_lft forever
    inet6 fe80::be76:4eff:fe08:40d8/64 scope link 
       valid_lft forever preferred_lft forever
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether bc:76:4e:08:3d:31 brd ff:ff:ff:ff:ff:ff
    inet brd scope global eth2
    inet6 fe80::be76:4eff:fe08:3d31/64 scope link 
       valid_lft forever preferred_lft forever
Enable IP Forwarding

To enable forwarding, you need to enable it in two places. One in /proc/sys/net/ipv4/ip_forward.

echo 1 > /proc/sys/net/ipv4/ip_forward

And the other in /etc/sysctl.conf. The below uses grep check the value of net.ipv4.ip_forward.

grep net.ipv4.ip_forward /etc/sysctl.conf 
net.ipv4.ip_forward = 0

If zero, enable with a one as shown below.

net.ipv4.ip_forward =


Configure Static NAT and Forwarding Rules
iptables --table nat --append POSTROUTING --out-interface eth0 -j SNAT --to
iptables --append FORWARD --in-interface eth2 -j ACCEPT
service iptables save

We also need to remove the default reject rule on the FORWARD’ing table:

iptables -D FORWARD 1

Here I delete rule number one from the FORWARD table. Make sure you delete the correct line. To see the line numbers, use:

[root@proxy-bast ~]# iptables -vnL --line-number
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1    44444   62M ACCEPT     all  --  *      *             ctstate RELATED,ESTABLISHED 
2        0     0 ACCEPT     icmp --  *      *             
3        0     0 ACCEPT     all  --  lo     *             
4        1    60 ACCEPT     tcp  --  *      *             ctstate NEW tcp dpt:22 
5        1    40 REJECT     all  --  *      *             reject-with icmp-host-prohibited 

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 REJECT     all  --  *      *             reject-with icmp-host-prohibited 

Chain OUTPUT (policy ACCEPT 8769 packets, 544K bytes)
num   pkts bytes target     prot opt in     out     source               destination

Make sure you have restarted everything.

service iptables restart
service network restart

Now configure the default gateway on the infrastructure server.

CentOS 7

With the introduction of firewalld, CentOS 7 now does things a little differently.

Method 1

This method uses the predefined zones available to us and is by far the easiest method to apply. The external zone has IP masquerading enabled by default so there should be little to do.

Define Your Zones

To view your zone setup.

[root@proxy-bast ~]# firewall-cmd --get-default-zone
[root@proxy-bast ~]# firewall-cmd --get-active-zones
  interfaces: eth0 eth1 eth2

To see the supported predefined zones , use the --get-zones</code option.

[root@proxy-bast ~]# firewall-cmd --get-zones
block dmz drop external home internal public trusted work

You can find out more about each zone with the below command.

[root@proxy-bast ~]# firewall-cmd --zone=public --list-all
public (default, active)
  interfaces: eth0 eth1 eth2
  services: dhcpv6-client ssh
  masquerade: no
  rich rules:

Or you can list all zones with the --list-all-zones option.

firewall-cmd --list-all-zones

The zones I will be using are external, work and internal.

  services: ssh


  rich rules:

  services: dhcpv6-client ipp-client ssh
  masquerade: no
  rich rules: 

  services: dhcpv6-client ipp-client mdns samba-client ssh
  masquerade: no
  rich rules: 

My setup looks like this…

Port	Firewall Zone	Name						IPv4				
eth0	external		PublicNet (Internet)		
eth1	work			ServiceNet (Rackspace)		
eth2	internal		Infrastructure

…and can be achieved with the below commands. Don’t forget to restart firewalld!

firewall-cmd --permanent --zone=external --change-interface=eth0
firewall-cmd --permanent --zone=work --change-interface=eth1
firewall-cmd --permanent --zone=internal --change-interface=eth2
firewall-cmd --reload
systemctl restart firewalld
Method 2

With this method we use the --direct option so we can include traditional iptable rules.

Enable IP Forwarding

This step is not needed if you are using the predefined “external” zone provided by firewalld, as masquerade is enabled by default already.

echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf

To check its enabled.

[root@proxy-bast ~]# sysctl -p
net.ipv4.conf.eth0.arp_notify = 1
vm.swappiness = 0
net.ipv4.ip_forward = 1
Configure Static NAT and Forwarding Rules
firewall-cmd --permanent --direct --passthrough ipv4 -t nat -I POSTROUTING --out-interface eth0 -j SNAT --to
firewall-cmd --permanent --direct --passthrough ipv4 --append FORWARD --in-interface eth2 -j ACCEPT
firewall-cmd --reload

systemctl restart network
systemctl restart firewalld
Method 2

Revert back to the tried and tested iptables.

Revert back to Using IPTables
systemctl stop firewalld
systemctl disable firewalld


touch /etc/sysconfig/iptables
systemctl start iptables
systemctl enable iptables

touch /etc/sysconfig/ip6tables
systemctl start ip6tables
systemctl enable ip6table

Now you can follow the instructions for CentOS 6.6.

Ubuntu 14.04 LTS

In Ubuntu we use the Uncomplicated Firewall (UFW).

Enable IP Forwarding

Use a text editor to open up the below file as root…

nano /etc/default/ufw

…and enable the default forward policy – change to ACCEPT.




We also need to edit the below…

nano /etc/ufw/sysctl.conf

…and uncomment the following lines.

Configure Static NAT and Forwarding Rules

As root, open the below file.

nano /etc/ufw/before.rules

From the top, my configuration file looks like the below. I inserted the lines in bold.

# rules.before
# Rules that should be run before the ufw command line added rules. Custom
# rules should be added to one of these chains:
#   ufw-before-input
#   ufw-before-output
#   ufw-before-forward

# nat Table rules *nat :POSTROUTING ACCEPT [0:0] :PREROUTING ACCEPT [0:0] -A POSTROUTING -s -o eth0 -j SNAT –to-source -A PREROUTING -i eth2 -j ACCEPT COMMIT

# Don't delete these required lines, otherwise there will be errors
:ufw-before-input - [0:0]
:ufw-before-output - [0:0]
:ufw-before-forward - [0:0]
:ufw-not-local - [0:0]
# End required lines

# allow all on loopback
-A ufw-before-input -i lo -j ACCEPT


You will need to restart ufw for the changes to take effect.

ufw disable && sudo ufw enable

For some reason this wiped my SSH rule:

ufw allow ssh
ufw reload
ufw status verbose

Create Infrastructure Server

Here we spin-up a server connected to our isolated cloud network and no public interface. All communications must go via the proxy-bast server.

supernova uk boot protected --flavor 2 --image 189678ca-fe2c-4b7a-a986-30c3660edfa5 --nic net-id=4d15b8ad-45c5-4169-a4fa-d36f1a776efd --no-service-net --no-public

Configure Internet Gateway

Here we simply need to route the traffic through the proxy bastion. We do this by defining it as our default gateway. We also need to set our DNS servers.

CentOS 6.6


echo "GATEWAY=" >> /etc/sysconfig/network
echo "nameserver" >> /etc/resolv.conf
echo "nameserver" >> /etc/resolv.conf
service network restart

CentOS 7

The default image provided by Rackspace comes with nmcli disabled. As such the process is similar to previous releases.

echo "GATEWAY=" >> /etc/sysconfig/network
echo "nameserver" >> /etc/resolv.conf
echo "nameserver" >> /etc/resolv.conf
echo "DNS1=" >> /etc/sysconfig/network-scripts/ifcfg-eth0
echo "DNS2=" >> /etc/sysconfig/network-scripts/ifcfg-eth0
systemctl restart network

Ubuntu 14.04 LTS

To define the default gateway, you need to edit the /etc/network/interfaces file.

nano /etc/network/interfaces

Mine looks like this. Make sure to add the gateway.

auto eth0
iface eth0 inet static


You will need to manually add Rackspaces name servers to your resolv.conf. However on Ubuntu this file is automatically generated. Instead we editing /etc/resolvconf/resolv.conf.d/base and regenerate the file using the resolvconf command.

root@protected:~# cat /etc/resolv.conf 
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
root@protected:~# echo "nameserver" >> /etc/resolvconf/resolv.conf.d/base
root@protected:~# echo "nameserver" >> /etc/resolvconf/resolv.conf.d/base
root@protected:~# resolvconf -u
root@protected:~# cat /etc/resolv.conf 
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)

I needed to reboot for the changes to take effect.


Related Documents

Rackspace Developer Blog: Protect your Infrastructure Servers with Bastion Hosts and Isolated Cloud Networks

Rackspace Developer Blog: Supernova: Managing OpenStack Environments Made Easy

Rackspace Knowledge Centre: Using OnMetal Cloud Servers through API

Fedora: Firewalld

Oracle-Base: Linux Firewall (firewalld, firewall-cmd, firewall-config)

Kevin’s Cheat Sheet: Configure iptables to act as a NAT gateway

Rackspace Developer Blog: Getting Started: Using rackspace-novaclient to manage Cloud Servers

James Rossiter: Forward ports in Ubuntu Server 12.04 using ufw

Ubuntu Documentation: Firewall

Github: UFW

Code Ghar: Ubuntu 12.04 IPv4 NAT Gateway and DHCP Server

Linux Gateway: A More Complex Firewall

netfilter.org: Saying How to Mangle the Packets

Ubuntu Documentation: IptablesHowTo

Major.io: Delete single iptables rules

iptables.info: Iptables

snipt.net: Insert an iptables rule on a specific line number with a comment, and restore all rules after reboot

stackexchange.com: How do I set my DNS on Ubuntu 14.04?

thesimplesynthesis.com: How to Set a Static IP and DNS in Ubuntu 14.04

Rackspace Knowledge Centre: Ubuntu – Setup

Rackspace Knowledge Centre: Introduction to iptables

Rackspace Knowledge Centre: Sample iptables ruleset

Ubuntu Geek: Howto add permanent static routes in Ubuntu

NixCraft: Debian / Ubuntu Linux Setting a Default Gateway

Ask Ubuntu: Set up permanent routing (Ubuntu 13.04)

cviorel.com: How to set up a VPN server on Ubuntu

Redhat Support: 10.4. Static Routes and the Default Gateway

Using the Rackspace Nova Client

List your Cloud Servers

You can list all your servers by simply using the nova client’s list sub-command.

$ nova list
| ID                                   | Name                  | Status | Task State | Power State | Networks                                                                             |
| 3c0fe504-6610-4e96-b2d3-5286cd2173db | dummydomains          | ACTIVE | -          | Running     | public=, 2a00:1a48:7805:113:be76:4eff:fe08:c88d; private=  |
| 128daa81-6f7e-44f8-bb8d-7a215b380535 | nginx-01              | ACTIVE | -          | Running     | public=, 2a00:1a48:7806:114:be76:4eff:fe08:1583; private= |
| e2f591f4-c48e-4ac3-b926-516e5a40ea24 | repository            | ACTIVE | -          | Running     | public=2a00:1a48:7806:116:936d:610a:ff08:6531,; private=   |

Nova Help

The nova client comes with a help subcommand.

$ nova help

You can find out more about how to use other subcommands by passing their names as arguments to the help subcommand. For example, to find out more about the list subcommand:

[andy@bashful ~]$ nova help list
usage: nova list [--reservation-id &lt;reservation-id&gt;] [--ip &lt;ip-regexp&gt;]
                 [--ip6 &lt;ip6-regexp&gt;] [--name &lt;name-regexp&gt;]
                 [--instance-name &lt;name-regexp&gt;] [--status &lt;status&gt;]
                 [--flavor &lt;flavor&gt;] [--image &lt;image&gt;] [--host &lt;hostname&gt;]
                 [--all-tenants [&lt;0|1&gt;]] [--tenant [&lt;tenant&gt;]] [--deleted]
                 [--fields &lt;fields&gt;] [--minimal]

List active servers.

Optional arguments:
  --reservation-id &lt;reservation-id&gt;
                                Only return servers that match reservation-id.
  --ip &lt;ip-regexp&gt;              Search with regular expression match by IP
  --ip6 &lt;ip6-regexp&gt;            Search with regular expression match by IPv6
  --name &lt;name-regexp&gt;          Search with regular expression match by name
  --instance-name &lt;name-regexp&gt;
                                Search with regular expression match by server
  --status &lt;status&gt;             Search by server status
  --flavor &lt;flavor&gt;             Search by flavor name or ID
  --image &lt;image&gt;               Search by image name or ID
  --host &lt;hostname&gt;             Search servers by hostname to which they are
                                assigned (Admin only).
  --all-tenants [&lt;0|1&gt;]         Display information from all tenants (Admin
  --tenant [&lt;tenant&gt;]           Display information from single tenant (Admin
  --deleted                     Only display deleted servers (Admin only).
  --fields &lt;fields&gt;             Comma-separated list of fields to display. Use
                                the show command to see which fields are
  --minimal                     Get only uuid and name.

Build a Server

To build a cloud server, you need to have two bits of information to hand:

  1. The image ID you want to boot with
  2. The ID of the virtual machine (flavour) you want to create

Choose an Image

To spin-up a new server, you need to decide which distribution you’re going to build it with. To see the list of available images, use the below command. Note, this will also include any server images you may have already taken.

$ nova image-list
| ID                                   | Name                                                                                         | Status | Server                               |
| 6904b226-f20f-454d-9f7d-a0f32bc7af22 | Arch 2015.2 (PVHVM)                                                                          | ACTIVE |                                      |
| d2fa624e-a6ec-4752-a738-81fc4b2462af | CentOS 5 (PV)                                                                                | ACTIVE |                                      |
| 2318853e-f3b1-4cf4-b1a4-d7db71ca9b50 | CentOS 6 (PV)                                                                                | ACTIVE |                                      |
| 4f465d85-4512-44a9-9301-0412f0928f8b | CentOS 6 (PVHVM)                                                                             | ACTIVE |                                      |
| 126a6674-6308-421f-801e-fc302ab4f53f | CentOS 7 (PVHVM)                                                                             | ACTIVE |                                      |
| 2f120d3a-9c30-4056-bd41-a233de98e2ba | CoreOS (Alpha)                                                                               | ACTIVE |                                      |
| 64be157e-13c1-4b83-a806-564b6f20f30b | CoreOS (Beta)                                                                                | ACTIVE |                                      |
| 05438eb5-af42-4bdd-bd32-309c2154927d | CoreOS (Stable)                                                                              | ACTIVE |                                      |
| cad1e45d-fcb9-489d-850c-a61c0537fa55 | Debian 6 (Squeeze) (PV)                                                                      | ACTIVE |                                      |
| f211a88e-4cc0-4660-bda1-56495b05cda2 | Debian 7 (Wheezy) (PVHVM)                                                                    | ACTIVE |                                      |
| e584bfca-afc4-4fd2-bd2f-a8d9ecde47ff | Debian Testing (Jessie) (PVHVM)                                                              | ACTIVE |                                      |
| 1e9d1590-415f-483f-8473-b52d329d9861 | Debian Unstable (Sid) (PVHVM)                                                                | ACTIVE |                                      |
| eabb9ed2-1318-4948-9de6-f378bb07a33e | Fedora 20 (Heisenbug) (PVHVM)                                                                | ACTIVE |                                      |
| 03ce0d51-7d3f-489b-845d-9edff88b40f9 | Fedora 21 (PVHVM)                                                                            | ACTIVE |                                      |
| b49f8b6d-7b31-47e3-8cc4-a2c0a9292e97 | FreeBSD 10 (PVHVM)                                                                           | ACTIVE |                                      |
| 8e31be89-b93a-4526-8a25-da99555f79f0 | Gentoo 15.1 (PVHVM)                                                                          | ACTIVE |                                      |
| f370935d-1aa9-47ac-b1c2-8b030b7386a4 | OpenSUSE 13.2 (PVHVM)                                                                        | ACTIVE |                                      |
| 62a553fc-a010-4ac5-93d2-a40a96ae07a2 | Red Hat Enterprise Linux 5 (PV)                                                              | ACTIVE |                                      |
| 1673126e-4f9d-486e-8bde-190cf7564211 | Red Hat Enterprise Linux 6 (PV)                                                              | ACTIVE |                                      |
| 677c4e59-fd0e-4f11-a330-8c25750e2ad7 | Red Hat Enterprise Linux 6 (PVHVM)                                                           | ACTIVE |                                      |
| 58bd5138-5802-4d00-8a81-c7b984cce2a8 | Red Hat Enterprise Linux 7 (PVHVM)                                                           | ACTIVE |                                      |
| 940b324e-79b7-4918-aaaa-66e57de4c6ea | Scientific Linux 6 (PVHVM)                                                                   | ACTIVE |                                      |
| e8decd12-791c-442b-a611-5d28e0af754b | Scientific Linux 7 (PVHVM)                                                                   | ACTIVE |                                      |
| 1780212e-3e67-4fc4-bddb-31deaeb90101 | Ubuntu 10.04 LTS (Lucid Lynx) (PV)                                                           | ACTIVE |                                      |
| 71893ec7-b625-44a5-b333-ca19885b941d | Ubuntu 12.04 LTS (Precise Pangolin) (PV)                                                     | ACTIVE |                                      |
| 1126e296-0423-46ce-b711-2701d89bf8a9 | Ubuntu 12.04 LTS (Precise Pangolin) (PVHVM)                                                  | ACTIVE |                                      |
| 28d39e78-a41c-4fd2-80b4-dc960c055074 | Ubuntu 14.04 LTS (Trusty Tahr) (PV)                                                          | ACTIVE |                                      |
| a1558fdc-3182-4a0f-b48a-aa900a5826c3 | Ubuntu 14.04 LTS (Trusty Tahr) (PVHVM)                                                       | ACTIVE |                                      |
| 3beb44aa-a77b-48eb-be56-ccccb38a6f3f | Ubuntu 14.10 (Utopic Unicorn) (PV)                                                           | ACTIVE |                                      |
| 5e919b80-e803-45bf-a66f-73fcdc3b8de2 | Ubuntu 14.10 (Utopic Unicorn) (PVHVM)                                                        | ACTIVE |                                      |
| ab66cb4a-ff11-4c5d-b08c-b3c134654bca | Vyatta Network OS 6.7R4                                                                      | ACTIVE |                                      |
| de700a1a-d13f-4ef9-a055-9b6f09c2875c | Windows Server 2008 R2 SP1                                                                   | ACTIVE |                                      |
| f46e9237-9971-44b1-b92f-3a5a03592d3e | Windows Server 2008 R2 SP1 (base install without updates)                                    | ACTIVE |                                      |
| 50854a1d-d130-4083-ac69-a75616dcf21e | Windows Server 2008 R2 SP1 + SQL Server 2008 R2 SP2 Standard                                 | ACTIVE |                                      |
| 6e290727-d5c3-4286-8a91-82a84f69f120 | Windows Server 2008 R2 SP1 + SQL Server 2008 R2 SP2 Web                                      | ACTIVE |                                      |
| b41c2705-f820-4b6f-8d32-d04b5f57a4f7 | Windows Server 2008 R2 SP1 + SQL Server 2012 SP1 Standard                                    | ACTIVE |                                      |
| c6301f02-1388-4a4a-ba7c-b52e1bff7813 | Windows Server 2008 R2 SP1 + SQL Server 2012 SP1 Web                                         | ACTIVE |                                      |
| b28d7079-c4e8-41cf-94ce-9c4b57cf6f23 | Windows Server 2008 R2 SP1 + SharePoint 2010 Foundation with SQL Server 2008 R2 Express      | ACTIVE |                                      |
| 959aee20-e0b8-42a7-9201-10057c2b7e05 | Windows Server 2008 R2 SP1 + SharePoint 2010 Foundation with SQL Server 2008 R2 SP1 Standard | ACTIVE |                                      |
| 78cc6fbe-ad59-4324-8712-5dd191cb6a5c | Windows Server 2012                                                                          | ACTIVE |                                      |
| c81a65a3-8217-4520-96de-1d9313ae3094 | Windows Server 2012 (base install without updates)                                           | ACTIVE |                                      |
| 25f64fd5-4d61-4d4a-8cdb-801de7d9d99b | Windows Server 2012 + SQL Server 2012 SP1 Standard                                           | ACTIVE |                                      |
| 06f917b0-9c0f-4634-8190-e43630bb3468 | Windows Server 2012 + SQL Server 2012 SP1 Web                                                | ACTIVE |                                      |
| d69d55ef-cb4c-4787-9f1b-2de41ecac9a1 | Windows Server 2012 + SharePoint 2013 with SQL Server 2012 SP1 Standard                      | ACTIVE |                                      |
| 66555a30-c336-47d9-aaee-08b4390c889d | Windows Server 2012 R2                                                                       | ACTIVE |                                      |
| fe486888-6890-47ac-a02d-b740868f143b | Windows Server 2012 R2 (base install without updates)                                        | ACTIVE |                                      |
| aec8fde6-1ba8-419d-a36c-8051e0d527f7 | Windows Server 2012 R2 + SQL Server 2014 Standard                                            | ACTIVE |                                      |
| e7c596c6-7049-4d00-94e7-c735d3b9f976 | Windows Server 2012 R2 + SQL Server 2014 Web                                                 | ACTIVE |                                      |
| 9aa0d346-c06f-4652-bbb1-4342a7d2d017 | iPXE Boot (boot.rackspace.com)                                                               | ACTIVE |                                      |

In this example I’m going with Ubuntu 14.04 Long Term Support (LTS). You might want to make a note of the image ID you intend to use.

Obviously using a Windows or Red Hat image has cost implications.

| ID                                   | Name                                                                                         | Status | Server                               |
| a1558fdc-3182-4a0f-b48a-aa900a5826c3 | Ubuntu 14.04 LTS (Trusty Tahr) (PVHVM)                                                       | ACTIVE |                                      |

Choose a Flavour

You also need to decide what kind of virtual server you need. Obviously this has cost implications too.

$ nova flavor-list
| ID               | Name                    | Memory_MB | Disk | Ephemeral | Swap | VCPUs | RXTX_Factor | Is_Public |
| 2                | 512MB Standard Instance | 512       | 20   | 0         | 512  | 1     | 80.0        | N/A       |
| 3                | 1GB Standard Instance   | 1024      | 40   | 0         | 1024 | 1     | 120.0       | N/A       |
| 4                | 2GB Standard Instance   | 2048      | 80   | 0         | 2048 | 2     | 240.0       | N/A       |
| 5                | 4GB Standard Instance   | 4096      | 160  | 0         | 2048 | 2     | 400.0       | N/A       |
| 6                | 8GB Standard Instance   | 8192      | 320  | 0         | 2048 | 4     | 600.0       | N/A       |
| 7                | 15GB Standard Instance  | 15360     | 620  | 0         | 2048 | 6     | 800.0       | N/A       |
| 8                | 30GB Standard Instance  | 30720     | 1200 | 0         | 2048 | 8     | 1200.0      | N/A       |
| general1-1       | 1 GB General Purpose v1 | 1024      | 20   | 0         |      | 1     | 200.0       | N/A       |
| general1-2       | 2 GB General Purpose v1 | 2048      | 40   | 0         |      | 2     | 400.0       | N/A       |
| general1-4       | 4 GB General Purpose v1 | 4096      | 80   | 0         |      | 4     | 800.0       | N/A       |
| general1-8       | 8 GB General Purpose v1 | 8192      | 160  | 0         |      | 8     | 1600.0      | N/A       |
| io1-120          | 120 GB I/O v1           | 122880    | 40   | 1200      |      | 32    | 10000.0     | N/A       |
| io1-15           | 15 GB I/O v1            | 15360     | 40   | 150       |      | 4     | 1250.0      | N/A       |
| io1-30           | 30 GB I/O v1            | 30720     | 40   | 300       |      | 8     | 2500.0      | N/A       |
| io1-60           | 60 GB I/O v1            | 61440     | 40   | 600       |      | 16    | 5000.0      | N/A       |
| io1-90           | 90 GB I/O v1            | 92160     | 40   | 900       |      | 24    | 7500.0      | N/A       |
| performance1-1   | 1 GB Performance        | 1024      | 20   | 0         |      | 1     | 200.0       | N/A       |
| performance1-2   | 2 GB Performance        | 2048      | 40   | 20        |      | 2     | 400.0       | N/A       |
| performance1-4   | 4 GB Performance        | 4096      | 40   | 40        |      | 4     | 800.0       | N/A       |
| performance1-8   | 8 GB Performance        | 8192      | 40   | 80        |      | 8     | 1600.0      | N/A       |
| performance2-120 | 120 GB Performance      | 122880    | 40   | 1200      |      | 32    | 10000.0     | N/A       |
| performance2-15  | 15 GB Performance       | 15360     | 40   | 150       |      | 4     | 1250.0      | N/A       |
| performance2-30  | 30 GB Performance       | 30720     | 40   | 300       |      | 8     | 2500.0      | N/A       |
| performance2-60  | 60 GB Performance       | 61440     | 40   | 600       |      | 16    | 5000.0      | N/A       |
| performance2-90  | 90 GB Performance       | 92160     | 40   | 900       |      | 24    | 7500.0      | N/A       |

Here I’m going for the 512MB Standard Instance. Note, the image ID here is 2.

| ID               | Name                    | Memory_MB | Disk | Ephemeral | Swap | VCPUs | RXTX_Factor | Is_Public |
| 2                | 512MB Standard Instance | 512       | 20   | 0         | 512  | 1     | 80.0        | N/A       |

Spin-up the Server

To create a server, you use nova’s boot command with the following arguments.

nova boot --flavor &lt;Flavor ID&gt; --image &lt;Image ID&gt; &lt;Server Name&gt;

For example, to create a server using my image and flavour selections above, called “DummyDomains”, use the command below.

$ nova boot --flavor 2 --image a1558fdc-3182-4a0f-b48a-aa900a5826c3 DummyDomains
| Property                             | Value                                                                         |
| OS-DCF:diskConfig                    | MANUAL                                                                        |
| OS-EXT-STS:power_state               | 0                                                                             |
| OS-EXT-STS:task_state                | -                                                                             |
| OS-EXT-STS:vm_state                  | building                                                                      |
| RAX-PUBLIC-IP-ZONE-ID:publicIPZoneId | 41589a287f0d2417cf04cc3bdaeb992448f56708020de3b30dcd5558                      |
| accessIPv4                           |                                                                               |
| accessIPv6                           |                                                                               |
| adminPass                            | EPxHe8go3dC3                                                                  |
| flavor                               | 512MB Standard Instance (2)                                                   |
| id                                   | 128daa81-6f7e-44f8-bb8d-7a215b380535                                          |
| image                                | Ubuntu 14.04 LTS (Trusty Tahr) (PVHVM) (a1558fdc-3182-4a0f-b48a-aa900a5826c3) |
| metadata                             | {}                                                                            |
| name                                 | DummyDomains                                                                  |
| progress                             | 0                                                                             |
| status                               | BUILD                                                                         |

You should see some output similar to the above. You can also see information about the new instance with the below command.

$ nova list --status build
| ID                                   | Name         | Status | Task State | Power State | Networks                                                                             |
| 128daa81-6f7e-44f8-bb8d-7a215b380535 | DummyDomains | BUILD  | spawning   | NOSTATE     | public=, 2a00:1a48:7806:114:be76:4eff:fe08:1583; private= |


Snapshots are bootable and allow you to take a bit-for-bit image of your existing server. This allows you to delete a server and then at a later date, recreate it using a previously saved image. This is also a convenient ways to manage Virtual Machine upgrades.

Create Snapshot Image

You create a snapshot using nova’s image-create subcommand as shown below.

$ nova image-create DummyDomains DummyDomainsSnapshot

Delete a Saved Snapshot Image

You can delete a saved image with the image-delete subcommand.

$ nova image-delete DummyDomainsSnapshot

Delete a Cloud Server

Finally, you might well want to delete a cloud server. That can be achieved with.

$ nova delete DummyDomains
Request to delete server DummyDomains has been accepted.

Don’t forget you can always create a new server instance from an existing saving snapshot image. Just make sure you use the correct image ID.

Related Documents

Useful python-novaclient commands

Getting Started with the Rackspace Nova Client

You will need to export some environment variables used by the Nova client.

$ vim ~/.bash.profile

If you have a UK-based Rackspace cloud account, you will need to enter something like this:


…And if you have a US, Hong Kong and Sydney (based) account:


Because we have our password in a plain text file, it is recommended that we at least lock down the permissions so no other system users can see it:

$ chmod 600 ~/.bash_profile

Don’t forget that whenever you make changes to your bash profile that you need to run the below command first for the changes to take affect on your current users (without logging out/in of course).

$ source ~/.bash_profile

Check the command works by running something like:

$ nova image-list

Related Documents

Installing python-novaclient on Linux and Mac OS

Step 2. Install the nova Client with the Cloud Networks Extension

Rackspace Cloud DNS

Rackspace provides a great easy to use tool for managing your DNS.

The first thing you need to do is create a zone file for the domain you want to manage. To do this, first log into the mycloud.rackspace.co.uk customer portal and navigate to the DNS tab at the top of the page.

Click on “Create Domain” and fill out the details from the drop-down menu.

Rackspace Cloud DNS
Rackspace Cloud DNS

Click on “Create Domain” to create the zone file.

Create Domain
Create Domain

Now we need to add some DNS records to the zone file. Here I add an A record so the domain dummydomains.org.uk resolves to the IP

Add DNS Records
Add DNS Records

The last thing we need to do is make sure the Rackspace name servers are authoritative for our domain. To do this, you will need to make contact with whoever you lease the domain name through. I bought my domain name through fasthosts.co.uk; normally you will just need to log onto the control panel provided by your DNS registrar and set the DNS name servers for the domain in question to the below.


Job done!

You can check to see how your DNS changes propagate around the world using the below website.