Access Antlets

Access Antlets Locally

If you setup an antsle.us subdomain in antHill, you can use the antlet name with your subdomain,

antlet_name.subdomain.antsle.us

In either case, the antlet must have a web server installed and listening on port 80 (http), else you may get a '502 Bad Gateway' error.

See the SSL (https) page for https access to an antlet.

Access antlets via SSH

There are several ways you can SSH to your antlets

  • From the edgeLinux terminal

  • Direct to the antlet using a bridged NIC

Access antlets from the terminal

Just login to Antsle's command line as shown in "Log in to the edgeLinux OS then open a new SSH session into your antlet. e.g. antlet has IP address 10.1.1.12

ssh root@10.1.1.12

The default username for all of our Linux templates is 'root', with the exception of the Ubuntu KVM template which has a default username 'ubuntu'. See the Templates page for default passwords.

In this example we are not required to include the username 'root' because, if omitted, SSH will use the name of the currently logged in user. The terminal prompt shows that 'root' is currently logged in.

Access antlets the IP address of a bridged NIC

If you have configured a bridged virtual NIC on an antlet you can SSH directly to the IP address of the bridged interface.

ssh root@192.168.1.63

Access antlets via ProxyJump

You can create an entry in your local SSH config file to make an SSH connection with a single command to an antlet with the ProxyJump keyword.

The 'config' file is located in HOME/.ssh/ directory

A typical entry looks like this where shazam is my antsle

Host shazam 
  HostName 192.168.1.33
  User root

This allows you to SSH to 192.168.1.33 with this command

ssh shazam

You can then use 'shazam' as a ProxyJump host to an antlet with a config entry like the following 

Host webserver1
  HostName 10.1.1.11
  User root
  ProxyJump shazam

In the example above, 10.1.1.11 is the IP address of the antlet and an entry for the host 'shazam' exists in the config file. Now you can start an SSH session to webserver1 with

ssh webserver1

To make things a bit easier, first copy your local ssh key to the antsle

ssh-copy-id root@192.168.1.33
or
ssh-copy-id shazam

Access antlets with VNC Console

Create your antlet and start it up. Once started you'll see a button for quick access to your VNC Console

A window will open up that directly displays your desktop. If you're using one of our prebuilt templates, just use the template's default password to log in and you're ready to go.

If you're running Windows, open the tab on the left side and click "special keys" you can then click the option for CTRL+ALT+DELETE which will allow you to type in your username and password.

Web Access to your antlets

After having logged in via ssh, install all the software you want. Use package managers such as apt-get in debian or Ubuntu, yum in CentOS or Fedora, or pkg in FreeBSD to install your software. To get started, you might try this guide or this one.

To make the web apps installed in your antlets accessible, edgeLinux provides a reverse proxy using a software package called nginx.

See how easy it is to get web access to your antlets:

Access antlets by Domain Name

If you want to configure Antsle so that the world can access your antlets by domain name, e.g. myawesomesite.com, then this page will guide you through the steps to do that.

Before you start, you need to setup port forwarding in your router. That step is only needed once. You don’t need to do that for every new domain name and/or antlet. You can skip port forwarding altogether if you (a) only access antlets from your local LAN/WiFi or (b) you’re using a tunnelling solution.

After you’ve setup port forwarding in your router (once), it’s a three-step process:

  1. Get a domain name.

  2. Set the A record.

  3. Connect domain with antlet.

Here are our instructions for each of these steps:

Get a domain name

You can register your domain name, e.g. mysite.com, through any domain registrar of your liking, e.g. godaddy.com.

Set the A record

Set the A record of your new domain to the public IP address of your home or office Internet connection. To check your IP address, just go to checkip.dyndns.org in your browser. Copy that IP address to your clipboard. The go to the portal of the registrar that you bought your domain from. In case you bought it from GoDaddy, see here for help.

Go to “DNS settings” and find where to set the A record. Set it to the IP address that you found out earlier.

After you’ve changed the A record, please allow up to 48 hours to let that change propagate through all DNS server of the Internet. In many cases you will be able to use the new domain after two hours or so. It’s a good idea to restart your router a few hours after you’ve updated the A record, so that the router will pull the latest DNS information from the Internet.

Please keep in mind that this step works best when you have a static IP address from your ISP. Alternatively, you can use a dynamic DNS provider.

HTTP Access with Domain Name

After steps 1 and 2 are done, any traffic for your domain will arrive in your router. The port forwarding in your router will send it onwards to your Antsle - forward ports 80 and 443 to the private IP address of the Antsle (displayed in antMan). The last step now is to tell the Antsle to connect the domain name to the antlet of your choice. In order to achieve that, follow these steps:

Login to your Antsle via ssh root@antsle_name.local.

Enter this command: cd /etc/nginx/virtualhosts.

Then enter this command: nano mysite.com.conf. Use your domain name, not mysite.com!

Paste this text into the file:

server {
    server_name www.mysite.com;
    rewrite ^ $scheme://mysite.com$request_uri redirect;
}
server {
    listen 80;
    server_name mysite.com;
    root /var/www;
    location / {
        proxy_read_timeout 300;
        proxy_connect_timeout 300;
        proxy_redirect off;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Protocol $scheme;
        proxy_set_header X-Forwarded-Ssl off;
        proxy_set_header X-Url-Scheme $scheme;
        proxy_set_header X-Frame-Options SAMEORIGIN;
        proxy_pass http://10.1.1.10;
    }
}

Make sure to replace mysite.com with the your own domain name, and replace 10.1.1.10 with the IP address of the antlet you want to connect this domain name to.

The intent of the first 'server { ... }' block is to redirect URLs prefixed with www to a URL without it, e.g. 'www.mysite.com' will redirect to 'mysite.com'. Many people always type a 'www' in the URL but is not part of many domain names.

If your domain name is prefixed with www or you are using some other subdomain like yoyo.mysite.com, you can delete the first 'server { ... }' block

server {
    server_name www.mysite.com;
    rewrite ^ $scheme://mysite.com$request_uri redirect;
}

and edit the second 'server { ... }' block with the full domain name.

server {
    listen 80;
    server_name yoyo.mysite.com;
    root /var/www;
    location / {
        proxy_read_timeout 300;
    ...
    }
}

Press Ctrl-X in nano, enter Y for Yes when asked if you want to save, and hit Enter for the file name.

Finally, enter this command: service nginx restart

You’re ready to go now. From anywhere in the world, mysite.com will lead you directly to your antlet now.

HTTPS Access with Domain Name

To set up an ssl certificate for an antlet we have a couple of options

  • Install the certificate in the antlet

  • Use nginx proxy to handle the certificate

The first option requires the antlet to have a bridged NIC and be addressed directly. The traffic for each antlet/webserver would require a unique public IP address or use a unique port number for the router to direct the traffic to the correct antlet IP address. Here the certificate files are installed and handled by the antlet

The second option allows nginx to connect to the proper antlet based on the URL in the header of the request. This is desireable because you can forward traffic (at the router) for multiple sites to one IP address, the private IP address of the Antsle. The certificate files are installed and handled by nginx on the edgeLinux OS.

First create a directory for your certificate files on the edgeLinux OS.

mkdir -p /etc/ssl/certs/mycerts

Use SCP or SFTP to copy your certificate files to this directory.

Create and edit a new nginx virtualhosts configuration file for your domain name. Replace example.com with your domain name.

  nano /etc/nginx/virtualhosts/ssl.example.com.conf

Paste the following content into the file and replace 'example.com' with your domain name.

# SSL to antlet

# If you want to use your domain example.com in HTTPS mode (with SSL),
# rename this file to ssl.example.com.conf (from ssl.example.com.conf.HTTPS)
# Replace example.com with your domain name.
# Make sure you have your SSL certificate installed properly.
# The certificate files are not required to be in the directories presented here, but
# the path must be the correct path to your certificate files.

# The webserver on your antlet will listen on port 80 (http).
# Nginx on edgeLinux handles SSL (https).

# Redirect http://www.example.com to https://example.com
# If your domain name does include 'www' then remove this server block and use the full
# domain name in the last server block.
server {
  listen 80;
  server_name www.example.com;
  rewrite ^ https://example.com$request_uri redirect;
}

# Redirect http://... to https://...
server {
  listen 80;
  server_name example.com;
  rewrite ^ https://example.com$request_uri redirect;
}

# Redirect https://www... to https://example.com
# If your domain name does include 'www' then remove this server block and use the full
# domain name in the last server block.
server {
  listen 443 ssl;
  ssl_certificate /etc/ssl/certs/mycerts/example.com.crt;
  ssl_certificate_key /etc/ssl/certs/mycerts/example.com.key;
  server_name www.example.com;
  rewrite ^ $scheme://example.com$request_uri redirect;
}

# Think of the word 'example' in 'upstream example' as a variable name which is
# used in other server blocks. This name must be unique among all your .conf
# files. It is used in the two 'proxy_pass' lines in the next server block.
# If you change the upstream variable name then be sure to update the proxy_pass
# lines also.
upstream example {
  # Enter the IP address and port number of your antlet handling this domain
  server 10.1.1.10:80;
}

server {
  listen 443 ssl;
  ssl_certificate /etc/ssl/certs/mycerts/example.com.crt;
  ssl_certificate_key /etc/ssl/certs/mycerts/example.com.key;
  server_name example.com;
  root /var/www;

  location / {
    proxy_read_timeout      300;
    proxy_connect_timeout   300;
    proxy_redirect          off;
    proxy_buffers         4 256k;
    proxy_buffer_size       128k;
    proxy_busy_buffers_size 256k;

    proxy_set_header    Host                 $host;
    proxy_set_header    X-Real-IP            $remote_addr;
    proxy_set_header    X-Forwarded-For      $proxy_add_x_forwarded_for;
    proxy_set_header    X-Forwarded-Proto    $scheme;
    proxy_set_header    X-Forwarded-Protocol $scheme;
    proxy_set_header    X-Forwarded-Ssl      off;
    proxy_set_header    X-Url-Scheme         $scheme;
    proxy_set_header    X-Frame-Options      SAMEORIGIN;

    proxy_pass http://example;
  }

  location ~*  \.(jpg|jpeg|png|gif|ico|css|js|pdf|woff|woff2)(\?.*)?$ {
    expires 365d;
    add_header Cache-Control "public, max-age=315360000";
    access_log off;

    proxy_read_timeout      300;
    proxy_connect_timeout   300;
    proxy_redirect          off;
    proxy_buffers         8 24k;
    proxy_buffer_size       2k;

    proxy_set_header    Host                 $host;
    proxy_set_header    X-Real-IP            $remote_addr;
    proxy_set_header    X-Forwarded-For      $proxy_add_x_forwarded_for;
    proxy_set_header    X-Forwarded-Proto    $scheme;
    proxy_set_header    X-Forwarded-Protocol $scheme;
    proxy_set_header    X-Forwarded-Ssl      off;
    proxy_set_header    X-Url-Scheme         $scheme;
    proxy_set_header    X-Frame-Options      SAMEORIGIN;

    proxy_cache            STATIC;
    proxy_cache_valid      200  1d;
    proxy_cache_use_stale  error timeout invalid_header updating
                           http_500 http_502 http_503 http_504;

    proxy_pass http://example;

  }
}

Restart the nginx service

service nginx restart
PreviousAntlet DetailsNextVirtual Drives

Last updated