notes.dot.kitchen

Free Oracle VPS

Claire Furney -

Oracle Cloud Infrastructure (OCI) has a decent free allowance. You can create a Free Tier account and spin up 2 small "Always free" VM.Standard.E2.1.Micro instances (1 OCPU, 1 GB RAM each) running on AMD processors.

Supposedly on a Free Tier account, you can also spin up more powerful free instances running on ARM processors (up to 4 OCPUs and 24 GB RAM in total). In reality, this compute is difficult to provision on a purely "free" account. But by upgrading to a "paid" account and staying within the free limits, it works fine and you can then effectively have a decently specced server free. See "Note" here: https://docs.oracle.com/en-us/iaas/Content/FreeTier/freetier_topic-Always_Free_Resources.htm#compute

WARNING: Oracle may delete your server! See: https://docs.oracle.com/en-us/iaas/Content/FreeTier/freetier_topic-Always_Free_Resources.htm#compute__idleinstances

Create Free Tier Account and Upgrade

I'd already created a free account a while back. To upgrade to a Pay As You Go account go to Billing > Upgrade and Manage Payment, select to upgrade and enter credit card details. I was charged $100 and then the payment was immediately reversed. It took a good week for the upgrade to be completed (over Christmas and New Year, so most likely faster generally).

Provision Instance

As mentioned, in theory you can do with this a Free Tier account, but it most likely won't succeed (I tried multiple times over several days and even wrote a script to use the APIs in the background, but to no avail). Once the account had been upgraded to PAYG, I didn't have any issues.

  1. Compute > Instances > Create instance
  2. Select an image compatible with ARM e.g. Canonical Ubuntu 24.04 Minimal aarch64. The shape will automatically be updated to be compatible and should have "Always Free eligible" on it.
  3. You can use the 4 OCPUs and 24GB for 1 server or split across multiple, just ensure to stay within the free limits.
  4. Defaults for VCN, subnet and IP addresses should be fine
  5. Enter your SSH key so you can login after the server is provisioned

Configure server

Find the latest Webdock Perfect Server guide for LEMP and follow down to the installation of mariadb.

Install MySQL

  1. Install MySQL: https://ubuntu.com/server/docs/install-and-configure-a-mysql-server
  2. Performance settings for MySQL adapted from the ones on the Perfect Server docs with values halved since those were for 16GB and this server is only 12GB, but should check each one out and make sure these are appropriate
cp /etc/mysql/my.cnf ~/.my.cnf
cat >> ~/.my.cnf

# Performance settings
innodb_buffer_pool_size = 4G
innodb_log_file_size = 256M
thread_cache_size = 8
query_cache_size = 64M
query_cache_type = 1 # Do not change this
table_open_cache = 2048

# Connection settings
max_connections = 250
max_user_connections = 25

^D to exit
  1. Secure the MySQL installation
  2. Set a root password for MySQL: https://stackoverflow.com/a/65521644/1265167

Install PHPMyAdmin

  1. Sort out permissions on /var/www: https://superuser.com/a/19333/172686
sudo usermod -a -G www-data ubuntu
sudo chgrp -R www-data /var/www
sudo chmod -R g+w /var/www
sudo find /var/www -type d -exec chmod 2775 {} \;
sudo find /var/www -type f -exec chmod ug+rw {} \;
  1. Log out and in again
  2. Continue as per docs using regular ubuntu user. Finally need to do the change ownership of the tmp directory using sudo.
mkdir /var/www/phpmyadmin/tmp; sudo chown www-data:www-data /var/www/phpmyadmin/tmp;

Set up /var/www/html

As per the Perfect Server docs, but just name the site "default".

Open ports on VPS

Via the oracle cloud dashboard navigate to the public subnet for the instance and add 2 extra security settings to allow traffic on ports 80 and 443.

http://IP-ADDRESS/phpmyadmin/ should now work.

Secure PHPMyAdmin

  1. Set up a DNS A record to point to your IP address (requires a domain - I recommend porkbun.com if you need one)
  2. Update server_name in /etc/nginx/sites-available/default, restart nginx and check the site now works fine via the new domain name
  3. sudo certbot --nginx -d server.example.com
  4. HTTP should now automatically direct to HTTPS and certificate should be up and running fine

Other tasks

Create boot volume backup

Not tested, but you can create an instance from a restored boot volume backup, so create one in case the machine is deleted and this works fine using the same hostname as before

Create non root MySQL user

  • CREATE USER 'director'@'localhost' IDENTIFIED BY 'Passwor8^';
  • GRANT ALL PRIVILEGES ON *.* TO 'director'@'localhost'; FLUSH PRIVILEGES;

Create a MySQL user for accessing databases remotely

  • CREATE USER 'director'@'%' IDENTIFIED WITH mysql_native_password BY 'Passwor8^';
  • CREATE DATABASE appdb;
  • GRANT ALL PRIVILEGES ON appdb.* TO 'director'@'%'; FLUSH PRIVILEGES;
  • Open ports as required (3306)