Notes on OCI (Oracle Cloud Infrastructure)23 May 2021
Some of my services are too light that I don’t want to run them endlessly on my beefy home server. One reason is that I want better availability and clearly it’s hard (a better word probably is expensive) to achieve that in my current set up. So I decided to go for the Cloud, after all… I was a cloud TA!
I chose OCI because they offer two always-free machines and it seems they are serious about this offer. So I migrated several of my services to OCI instances. This post is a summary of the quirks that I want to note down for future reference.
I don’t know why they make it so hard to achieve the same effect as AWS security groups… But anyway, here’s what I need to do to reach my service via the public Internet.
Set up VPC rules through the portal
In the instance detail page, click
Attached VNICs under the
Resources tab. Then find the subnet of VLAN that this instance is attached with. You will be directed to the subnet detail page, where you can find the
Security Lists, and that is our target (the equivalent of AWS security group). Then you can add/remove any rules you want.
Set up iptable rules via command line
This iptable thing actually confuses me a lot. I don’t know why they enforce iptable rules together with the security list set up.
SSH into the instance and run the following commands. These commands are taken from this SO post
sudo iptables-save > ~/iptables-rules # backup sudo iptables -P INPUT ACCEPT # the following commands effectively disable iptables by allowing all traffic sudo iptables -P OUTPUT ACCEPT sudo iptables -P FORWARD ACCEPT sudo iptables -F