Correction

I need to correct the networking part of my WordPress site hosted on OCI. Looks like I had a public IP address assigned to an instance I intended to use it as a WordPress server and allowed HTTP traffic to the instance directly. That’s not really what I want to do. As I’m learning Oracle Cloud Infrastructure more, I see some parts I blogged was wrong.

What I want to do is to have a NAT gateway that routes traffic to the private IP address assigned to the instance (host). I’m going to redo the networking part from scratch in the next days.

Open HTTP Traffic on Oracle Cloud Infrastructure

Open http and https Traffic

The host definitely needs to accept http and/or https traffic. I’m going to just add both http and https for now. SSH to the host and run the following commands as root.

firewall-cmd --add-service=http --zone=public --permanent
firewall-cmd --add-service=https --zone=public --permanent
firewall-cmd --reload

Install and Configure NGINX

As I wrote in my previous post, I’m planning to use NGINX as a reverse proxy. If you need to know what reverse proxy is, please read this article. Let’s install it!

$ sudo yum -y install nginx

We will start it and enable it so that it will survive reboots.

$ sudo systemctl start nginx
$ sudo systemctl enable nginx

If you run curl,  you can check if the service is actually up and running locally.

$ curl http://localhost

If you try to access NGINX from your desktop, however, it cannot be reached. That’s because your VCN (Virtual Cloud Network) doesn’t know how to route the traffic from outside to the internal resources within OCI. I will write up how to route TCP 80 traffic to the internal resources in OCI.

Open Menu -> Networking -> Virtual Cloud Networks.

Select the VCN that’s already there by clicking the link.

Click Security Lists under Resources section and select the security list that already exists.

Under Ingress Rules, click Add Ingress Rules button.

Enter 0.0.0.0/0 in SOURCE CIDR. Select TCP as IP PROTOCOL. Enter 80 in DESTINATION PORT RANGE. Finally, enter text like “HTTP traffic” in DESCRIPTION. It’s optional but it’s good to note what your intention was when you created this Ingress Rule.

Now when you try to hit the public IP address of the instance, you can now see the test page for NGINX.

Recap

We have learned to spin up an instance of Oracle Linux and to allow traffic from outside to the resource. We will keep trying. 🙂