How to properly configure the local LEMP server network?

A

at0m1x2017-05-02 22:02:46

linux

at0m1x, 2017-05-02 22:02:46

Available:
Host OS: Linux Mint 18.1
Guest OS: Debian GNU/Linux 8.7 (jessie) - installed on VirtualBox
Required:

guest OS should be as local server for PHP development (web server: NGINX);
the guest OS must have access to the Internet, to download packages for example;
from the main OS, there must be access via a static IP to the guest OS in order to open sites located on the guest OS, connect via SSH, and to the MySQL server;
access from the Internet to the guest OS must be disabled, i.e. from outside should not be able to connect via SSH, MySQL server or just open a site that is on a local server;

Setup steps:
1. Installing VirtualBox on the main OS.
2. Installing Debian on a virtual machine in VirtualBox.
3. Setting up a network for a virtual machine.
4. Installing PHP, NGINX, MySQL.
5. Allow the MySQL root user from the main OS to connect.
As a result, network settings in VirtualBox:

(DHCP Server - not checked, i.e. disabled)

Network settings in the guest OS:

[email protected]:~# ifconfig -a
eth0      Link encap:Ethernet  HWaddr 08:00:27:e1:f4:73  
          inet addr:10.0.2.15  Bcast:10.0.2.255  Mask:255.255.255.0
          inet6 addr: fe80::a00:27ff:fee1:f473/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:40 errors:0 dropped:0 overruns:0 frame:0
          TX packets:50 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:5353 (5.2 KiB)  TX bytes:16423 (16.0 KiB)

eth1      Link encap:Ethernet  HWaddr 08:00:27:95:2b:a4  
          inet addr:192.168.56.10  Bcast:192.168.56.255  Mask:255.255.255.0
          inet6 addr: fe80::a00:27ff:fe95:2ba4/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1457 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1064 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:137550 (134.3 KiB)  TX bytes:207150 (202.2 KiB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

In order to connect to the MySQL server from the main OS, the following settings were made:

В файле /etc/mysql/my.cnf
bind-address = 192.168.56.10

Далее в консоле:
$ mysql -u root
GRANT ALL ON *.* TO 'root'@'%';
exit;

$ sudo service mysql restart

After all the above actions, access via SSH from the main OS to the guest OS works:
$ ssh [email protected]
Connecting to the MySQL server from the main OS also works via IP 192.168.56.10.
If in the hosts of the main OS to register in /etc/hosts some site configured for the guest OS, then in the main OS, in the browser, it also opens.
Those. in the end everything works as it should. But I wanted to make sure everything was configured correctly in terms of network settings. And what is not unimportant, is there access to the local server from the external Internet with such settings?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

T

TyzhSysAdmin, 2017-05-02
@at0m1x

In this task, in setting up the network, it is simply impossible to "adjust" - it either works or not.
In terms of security, it is theoretically possible to get from the guest system to the host system, but this is usually already from the category of vulnerabilities of the virtualization system itself.
If you are interested in the opportunity in the "network" plan, then the firewall setting will dispel all your fears :)
Use it and don't worry, and most importantly, don't forward unnecessary ports on the router to the static address of the virtual machine.