How To Create Virtual Machine Instance And Install ShadowSocks Server On Oracle Always Free Cloud

Leave a Comment / Java Tutorial

Oracle Cloud provides an always-free service for virtual machines, databases, and network creation & usage. It is very good news because of free usage. This article will tell you how to register an oracle always free cloud account and how to create virtual machine instances in it, it also tells you how to set up ShadowSocks server on it.

1. Steps To Create & Use Oracle Cloud Always Free Service.

  1. Register an oracle always free account.
  2. Login to oracle cloud service.
  3. Create virtual machine instances in the oracle cloud use always-free image.
  4. Assign a public IP address to the above instance.
  5. Connect to the instance with ssh.
  6. Add a firewall rule to allow the client to use a special protocol and port number to access the service ( for example ShadowSocks Server  ) running on the instance.

2. Register Oracle Always Free Account.

The oracle always free account registration is very straightforward. Please follow the below steps to finish it.

  1. Search the keywords oracle always free cloud in google and open the oracle always free cloud registration page.
  2. Click the Start for free button on the above page to begin the registration process.
  3. Then input your email address, country, account usage, mobile number, etc in later following pages until you go to the last page to finish, the wizard is very straightforward. Now your oracle cloud account has been created successfully.

3. Login To Oracle Cloud Service.

  1. Go to the above oracle cloud account registration page.
  2. Click the user icon at the page top right corner before the sentence Oracle Cloud Free Tier, then click the Sign in to Cloud link at the CLOUD ACCOUNT section of the popup menu.
  3. Input your oracle cloud account name on the next page, click the Next button.
  4. Then it will direct you to the oracle cloud dashboard page, you can see the three items in the first line is always free services, they are Compute Service, Autonomous Transaction Processing Service, and Autonomous Data Warehouse Service.
  5. If you can not log in to the dashboard for so long time, you can change the country or region ( such as select hong kong instead of the United States ). The nearest region will improve connection speed very much. 

4. Create Virtual Machine Instance In Oracle Cloud.

  1. On the above oracle cloud quick actions page, click the Create a VM instance link in the COMPUTE section. It will open an instance creation dialog window.
  2. You can also click the three-horizontal-lines icon on page top left corner to open the oracle cloud main menu, then click Compute —> Instances menu item.
  3. If you see the Select a Compartment page, you should select your compartment from the COMPARTMENT List Scope at the bottom left corner of the page.
  4. After you select one compartment, and when you click the Instances link at the left panel, you can see the Create Instance button on page right side.
  5. Click the Create Instance button will open the oracle cloud Create Compute Instance page, input the instance name, and select one operating system image source, I choose Ubuntu.
  6. If you want to use another image source, click the Change Image Source button, it will list out all the image sources in a popup dialog window. You can select any image source as you like. The image source that is tagged with Always Free Eligible is always free image sources.
  7. Below the above Change Image Source button, there is a Show Shape, Network, and Storage Options link.
  8. When you click the above link, it will expand the page to let you configure the instance networking options, you can select Virtual cloud network and check the Assign a public IP address radio button in the options. You can also choose the Do not assign a public IP address radio button here and assign the public IP address to the instance later.
  9. Because oracle use key pair file to authenticate the user on Linux so you need to create key pair files use below command in a terminal. The command name is ssh-keygen, it will create two key pair files in the current folder ( ./oracle_cloud, ./oracle_cloud.pub ), and it will also print out the key fingerprint text. For more about ssh-keygen command usage, please read the article Managing Key Pairs on Linux Instances. 
    $ ssh-keygen -t rsa -N "" -b 2048 -C "oracle_cloud" -f oracle_cloud

Generating public/private rsa key pair.

Your identification has been saved in oracle_cloud.

Your public key has been saved in oracle_cloud.pub.

The key fingerprint is:

SHA256:ZYXOMiSvLloLJ2MEkR19LuI4aXt2fM+5LKR1SUDf3fQ oracle_cloud

The key's randomart image is:
+---[RSA 2048]----+
|.o.o  ..   ..  . |
|... . o.o o.. o .|
|.    o +.+o. . .E|
| .. . . ++o      |
| +.. . .So.      |
|+o.   .o o       |
|..* +.+ .        |
| o O.=.oo .      |
|  +.o.. o*.      |
+----[SHA256]-----+
  10. Now go back to the Create Compute Instance page, scroll down the page to the Add SSH key section. Click the Choose Files button to select the above ./oracle_cloud.pub file.
  11. Click the Create button to create the oracle always free virtual machine instance. If you see a green square with the letter I in the center of the square, it means the virtual machine instance has been created successfully.
  12. If you meet an error message like Out of host capacity. This means there is no spare host capacity for you to create. Also maybe you have already created one oracle cloud compute instance before, you should wait for some time to make the old oracle cloud compute instance terminated complete and recreate again.

4. Assign Public IP Address To Oracle Always Free Tier Virtual Machine Instance.

Only after you assign a public IP address to the virtual machine instance, then you can connect to the virtual machine instance using ssh client tool. You can follow the below steps to assign a public IP address to the virtual machine instance.

  1. After you create the above virtual machine instance in oracle always free cloud service, you can click ORACLE Cloud —> Compute —> Instances menu item to go to the virtual machine instances list page.
  2. Click the running virtual machine instance’s name link to go to it’s detail page.
  3. In the virtual machine instance detail information page, scroll down to the Primary VNIC Information section, you can see the Public IP Address item’s value is Unavailable. So to connect to this virtual machine instance, you should first assign a public IP address to it.
  4. Continue to scroll down the page until you see the floating Resources link list on the page left side like below.
  5. Click the Attached VNICs link in the above Resources link list. Then it will display the Attached VNICs list page.
  6. Click the Primary VNIC name link on the above page, it will direct you to the selected Attached VINC detail information page.
  7. Scroll down the Attached VNIC detail information page, and you can see the IP Addresses (1) link in the left floating Resources link list, click it will direct you to the IP Address detail page.
  8. At the end of the IP Address line item, there are three dots. Hover your mouse key on it, it will popup a menu list, click the Edit menu item in it, then it will popup an IP address edit dialog window.
  9. In the Public IP Address section, by default, the NO PUBLIC IP radio button is selected. You should select the RESERVED PUBLIC IP radio button. And then click the Create a New Reserved Public IP item in the RESERVED PUBLIC IP drop-down list. Then you can input a name in the RESERVED PUBLIC IP NAME input text box, but this is optional. Then click the Update button to assign a reserved public IP to this virtual machine instance. When the process completes successfully, you can get the assigned public IP address on the IP Addresses list page.

5. Connect To Oracle Always Free Tier Virtual Machine Instance.

  1. Open a terminal in Mac OS and run below command in it. If you meet below error ( Host key verification failed ), that means you are now using a new key pair file which is not the one when you create the oracle cloud virtual machine instance. 
    $ ssh -i ./oracle_cloud ubuntu@your_oracle_virtual_instance_public_ip_address

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!

Someone could be eavesdropping on you right now (man-in-the-middle attack)!

It is also possible that a host key has just been changed.

The fingerprint for the ECDSA key sent by the remote host is

SHA256:B1QN8JZXnYm+Bz4qmgMSkXFR5oL37Brh4x7OGJsd8D8.

Please contact your system administrator.

Add correct host key in /Users/songzhao/.ssh/known_hosts to get rid of this message.

Offending ECDSA key in /Users/songzhao/.ssh/known_hosts:1

ECDSA host key for your_oracle_virtual_instance_public_ip_address has changed and you have requested strict checking.

Host key verification failed.
  2. To fix above error, you need to run below command in terminal. 
    $ ssh-keygen -R your_oracle_virtual_instance_public_ip_address

# Host your_oracle_virtual_instance_public_ip_address found: line 1

/Users/songzhao/.ssh/known_hosts updated.

Original contents retained as /Users/songzhao/.ssh/known_hosts.old
  3. You may also meet below error which said the key pair public file ( ./oracle_cloud.pub ) permission is too open ( 0644 ), you should change it’s permission to ( 0600 ) 
    $ ssh -i ./oracle_cloud ubuntu@your_oracle_virtual_instance_public_ip_address

The authenticity of host 'your_oracle_virtual_instance_public_ip_address (your_oracle_virtual_instance_public_ip_address)' can't be established.

ECDSA key fingerprint is SHA256:B1QN8JZXnYm+Bz4qmgMSkXFR5oL37Brh4x7OGJsd8D8.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added 'your_oracle_virtual_instance_public_ip_address' (ECDSA) to the list of known hosts.

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

Permissions 0644 for './oracle_cloud.pub' are too open.

It is required that your private key files are NOT accessible by others.

This private key will be ignored.

Load key "./oracle_cloud.pub": bad permissions

opc@your_oracle_virtual_instance_public_ip_address: Permission denied (publickey).
  4. Run below command in terminal to change the file’s permission to 0600. 
    $ sudo chmod 0600 ./oracle_cloud.pub 

$ ls -l ./oracle_cloud.pub 

-rw-------  1 songzhao  staff  394 Nov 26 20:50 ./oracle_cloud.pub
  5. Now reconnect to the oracle cloud virtual instance again with below command. Then you are logged into the remote virtual machine instance. Below output message says System restart required, so we should run sudo reboot command to restart it. 
    $ ssh -i ./oracle_cloud ubuntu@your_oracle_virtual_instance_ip_address
Welcome to Ubuntu 18.04.3 LTS (GNU/Linux 4.15.0-1029-oracle x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage

  System information as of Wed Nov 27 12:42:50 UTC 2019

  System load:  0.05              Processes:           106
  Usage of /:   3.2% of 44.97GB   Users logged in:     0
  Memory usage: 32%               IP address for ens3: 10.0.0.3
  Swap usage:   0%

 * Overheard at KubeCon: "microk8s.status just blew my mind".

     https://microk8s.io/docs/commands#microk8s.status

 * Canonical Livepatch is available for installation.
   - Reduce system reboots and improve kernel security. Activate at:
     https://ubuntu.com/livepatch

16 packages can be updated.
0 updates are security updates.


*** System restart required ***

The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.

To run a command as administrator (user "root"), use "sudo <command>".
See "man sudo_root" for details.

ubuntu@instance-20191126-shadowsocks:~$ sudo reboot

6. Add Firewall Rule To Allow Special Network Protocol & Port Number Request To Service Running On The Instance.

6.1 Create Security List.

  1. Click ORACLE Cloud —> Networking —> Virtual Cloud Networks menu item to open the VCN list page.
  2. Click the virtual cloud network name link that is assigned to the oracle cloud virtual instance.
  3. Then it will open the VCN detail page, scroll down the page until you see the Resources —> Security Lists link on the page left side.
  4. When you click the Security Lists link menu on the page left side, it will open the security list page on the page right side.
  5. Click the default security list name link, then it will open it’s detail page. Scroll down the page to the Ingress / Egress Rules area, then you can add a firewall rule there. The Ingress Rules means inbound rules, and the Egress Rules means outbound rules.
  6. In this example, we want to install the ShadowSocks server on the oracle cloud instance, and ShadowSocks server listens on special port use TCP protocol, so you can add one ingress rule to allow ShadowSocks server used port number be accessed from outside. If you want to learn more about install and configure ShadowSocks server, you can read the article How To Setup ShadowSocks VPN On Mac, Windows And Linux

6.2 Create Network Security Group.

  1. Click ORACLE Cloud —> Networking —> Virtual Cloud Networks menu item to open the VCN list page.
  2. Click the virtual cloud network name link that is assigned to the oracle cloud virtual instance.
  3. Click the Resources —> Network Security Groups menu item in the left navigation panel.

6.3 Assign Above Network Security Group And Security List To Virtual Machine.

  1. Click ORACLE Cloud —> Compute —> Instances menu item to go to virtual machine instance list page.
  2. Click the virtual machine instance link.
  3. In the virtual machine instance detail page, find the Primary VNIC section, edit the Network Security Groups and Subset to add the above network security group and security list.

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.