Forem: Emmanuel Omoiya

Setting Up NGINX on Ubuntu: DevOps Stage 0

Emmanuel Omoiya — Fri, 31 Jan 2025 22:34:54 +0000

Introduction

As part of my DevOps internship journey, I was tasked with setting up and configuring NGINX on a fresh Ubuntu server. This task aimed to evaluate my ability to work with web server configurations and ensure I could deliver a functional web server. The final goal was to serve a custom HTML page displaying the message:

"Welcome to DevOps Stage 0 - Emmanuel Omoiya / Emmanuel Omoiya"

This blog post documents my approach, challenges faced, and key learnings from completing this task.

Step 1: Setting Up the Ubuntu Server

To begin, I set up an Ubuntu server on my preferred cloud platform. I used AWS EC2, but other options like Google Cloud or DigitalOcean could also be used. After launching the instance, I connected via SSH:

ssh ubuntu@<your-server-ip>

Tip: Ensure your security group allows inbound traffic on port 80 to make the NGINX server accessible publicly.

Step 2: Installing NGINX

Installing NGINX on Ubuntu was straightforward using the package manager:

sudo apt update  
sudo apt install nginx -y

Once installed, I verified that NGINX was running with:

sudo systemctl status nginx

If not running, I started the service:

sudo systemctl start nginx

And enabled it to start on boot:

sudo systemctl enable nginx

At this stage, visiting http://<your-server-ip>/ in a browser should display the default NGINX Welcome Page.

Step 3: Configuring the Custom HTML Page

Next, I created a simple HTML file to serve as the default page:

sudo nano /var/www/html/index.html

I replaced its content with:

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>DevOps Stage 0</title>
</head>
<body>
    <h1>Welcome to DevOps Stage 0 - Emmanuel Omoiya / Emmanuel Omoiya</h1>
</body>
</html>

After saving the file, I restarted NGINX to apply the changes:

sudo systemctl restart nginx

Now, visiting http://<your-server-ip>/ displayed the custom message.

Step 4: Verifying the Setup

To confirm everything was working correctly, I ran:

curl http://localhost/

The expected output should display the HTML content of my page. Additionally, I tested my server from a browser using the public IP address.

Challenges Faced and Solutions

1️⃣ NGINX Not Starting Due to Conflicts

At first, NGINX failed to start due to a port conflict. Running:

sudo lsof -i :80

showed that another process was using port 80. I resolved this by stopping the conflicting process:

sudo systemctl stop apache2
sudo systemctl disable apache2

2️⃣ Permission Issues While Editing HTML Files

When trying to edit /var/www/html/index.html, I encountered permission errors. Granting necessary access fixed this:

sudo chmod -R 755 /var/www/html

Key Takeaways

This task reinforced several important DevOps concepts:

✅ Server Setup & Configuration – I gained hands-on experience installing and configuring NGINX on a cloud-based Ubuntu server.

✅ Web Server Basics – Understanding how NGINX serves static content and how to customize the default page was invaluable.

✅ Troubleshooting Skills – Debugging issues like port conflicts and permission errors improved my problem-solving skills.

This foundational knowledge will be crucial as I advance in my DevOps journey, especially in Site Reliability Engineering and Cloud Engineering.

Final Thoughts

Completing this task gave me a deeper understanding of NGINX, a core component in web infrastructure. It also prepared me for more advanced topics like reverse proxying, load balancing, and SSL configurations.

For those interested in DevOps roles, check out:

🔹 Site Reliability Engineers

🔹 Cloud Engineers

Would love to hear about your experience with NGINX! Drop a comment below. 🚀

User and Group Management in Linux

Emmanuel Omoiya — Thu, 04 Jul 2024 09:16:02 +0000

In recent times where organizations and companies hold secrets of the biggest magnitude e.g. proprietary secrets, trademark secrets e.t.c. and store them on the main company network (server), adding employees to that network or server has to be done with high accuracy and precision by assigning the employee to the appropriate groups according to his/her job title in order to protect this secret of the company and to make sure no one has access to such information except certain people like, the C.E.O, C.T.O, C.M.O. e.t.c.

Today, we're going to look into such phenomenon taking Linux (Ubuntu distro) as our case study environment.

How are we going to implement this you may ask?

Well, we're going to create a bash script that takes the path to a .txt file as our input file which contains the names of employees and the groups you wish to place them in.

For example

alice; developers, foodies
bob; testers; admins

This .txt file contains lines in the format of user;groups delimited by a comma"

Before going into the code, we must first know and understand what we want our code to do explicitly

Read users in format user; groups
Create users and groups as specified
setup home directories with appropriate permissions and ownership
generate random passwords for the users
store the generated passwords securely in /var/secure/user_passwords.txt
log all actions to /var/log/user_management.log Note: handle error scenarios like existing users

Preparatory steps

Create a file named create_users.sh in your home directory on linux

touch create_users.sh

Open this file with nano editor to add your code

nano create_users.sh

Now let's follow through with how we want our script to run.

Step 1

Define the following paths in which you want to save your logs and users password

LOG_FILE="/var/log/user_management.log"
PASSWORD_FILE="/var/secure/user_passwords.txt"

Step 2

Ensure the directory exists and has the appropriate permissions

if [ ! -d "/var/secure" ]; then
    mkdir -p /var/secure
    chmod 700 /var/secure
fi

Step 3

Ensure the log file and password file exist and are writable

touch $LOG_FILE $PASSWORD_FILE
chmod 600 $PASSWORD_FILE
chmod 644 $LOG_FILE

Step 4

Add the function to log all user actions and include a timestamp to each respective action

log(){
    echo "$(date '+%Y-%m-%d %H:%M:%S') - $1" >> $LOG_FILE
}

Step 5

Check if the script is run as root

if [ "$EUID" -ne 0 ]; then
    log "Script must be run as root."
    echo "Please run as root."
    exit 1
fi

Step 6

Check if the input file is provided and readable

if [ ! -f "$1" ]; then
    log "Input file not provided or does not exist."
    echo "Usage: $0 <input_file>"
    exit 1
fi

Step 7

Add the function to generate user passwords

generate_password(){
    < /dev/urandom tr -dc 'A-Za-z0-9!@#$%^&*()_+' | head -c 8
}

Step 8

Read the input file line by line

while IFS=';' read -r user groups;
do
    user=$(echo "$user" | xargs) # Trim whitespace
    groups=$(echo "$groups" | xargs) # Trim whitespace

    if id "$user" &>/dev/null; then
        log "User $user already exists."
        echo "User $user already exists. Skipping."
        continue
    fi

Add the following codes to the while do block

Step 9

Create groups if they do not exist and collect them in a list

    IFS=',' read -ra group_list <<< "$groups"
    group_string=""
    for group in "${group_list[@]}"; do
        group=$(echo "$group" | xargs)  # Trim whitespace
        if ! getent group "$group" &>/dev/null; then
            groupadd "$group"
            log "Group $group created."
        else
            log "Group $group already exists."
        fi
        group_string+="$group,"
    done
    group_string=${group_string%,} # Remove trailing comma

Step 10

Create user and assign to groups

    useradd -m -G "$group_string" "$user"
    if [ $? -eq 0 ]; then
        log "User $user created and added to groups $groups"
    else
        log "Failed to create user $user."
        echo "Failed to create user $user. Check log for details."
        continue
    fi

Step 11

Generate and assign a password

    password=$(generate_password)
    echo "$user:$password" | chpasswd
    if [ $? -eq 0 ]; then
        log "Password set for user $user."
    else
        log "Failed to set password for user $user."
        echo "Failed to set password for user $user. Check logs for details."
        continue
    fi

Step 12

Store the password securely

    echo "$user:$password" >> $PASSWORD_FILE
    log "Password for user $user stored securely."

Step 13

Set ownership and permissions for home directory

    chown "$user:$user" "/home/$user"
    chmod 700 "/home/$user"
    log "Home directory for user $user set up with appropriate permissions."

Last Step

Close the while do block and log the end

done < "$1"

log "Users - groups creation process completed."
echo "User creation process completed. Check $LOG_FILE for details."

With this code you can be sure to add your respective employees to the appropriate Groups and add permissions, in order for your organization top secret information doesn't get into the wrong hands 😊.

Thanks for following me through with this article.

A big shout out to HNG, HNG Internship, HNG Hiring for inspiring this article.

Reach out to me on Linkedin or X(Twitter) if you want to have a nice chat about anything and I mean absolutely anything.

Challenge with RBAC Authentication

Emmanuel Omoiya — Tue, 02 Jul 2024 09:29:06 +0000

Building great and memorable experiences for any software requires a lot of things and one of those things is for your user to feel safe and "actually" be safe and secure...
The last thing any engineer would hope for is to wake up in the early hours of the morning and notice that the software has been down for close to 3hours and all the data in the database is gone due to a cyber-attack 😭.

I am an engineer that places the security of my user's data above anything else.
Therefore, I would not want a user to access the information of another user through some loop-hole found in the security system of my software.

I have built a lot of software ranging from websites to webservers, microservices, mobile applications, OS kernels and database ORM...

The most painful security experience I have had is with a web server RBAC (Role based access control) authentication feature, as much as it is simple, it can become complex very quickly.

That concept is a "pain in the ass", no cap 🧢...

Having to choose between either using cookies or sessions or even localStorage...
Having to be changing environments to test them out individually 😤...

We'll stop here for today... Follow me for the next part of this article

A big shout out to HNG, HNG Internship, HNG Hiring for inspiring this article.

Reach out to me on Linkedin or X(Twitter) if you want to have a nice chat about anything and I mean absolutely anything.

Understanding Mobile Development

Emmanuel Omoiya — Tue, 02 Jul 2024 08:14:20 +0000

Developing a mobile application isn't just about writing codes in either swift or flutter or react-native, NO...
It's about understanding the requirements of the software you want to build i.e. how it should work, your target audience, your proposed user-base quantity e.g. (2,000 users in 2 weeks) and its impact on the software ecosystem at large.

In order for you to fulfill the afore-mentioned requirements, you must understand the common architectural patterns of building Good Software and the platforms of delivering this software.

Common software Architectural pattens

Let's begin with the common software architectural patterns.

1. Model-View-Controller (MVC)

Think of MVC as splitting your software into three parts which in this case would be our mobile application:

Model: This is basically the brains and brawns of your software. It handles your business logic and data. Without this guy, your software is basically a user interface with no function, just for sight seeing
View: This is the user interface (what users see), I'm sure you know what will happen if this little but serious guy isn't available.
Controller: This guy is as the waiter in a restaurant that takes orders from you and sends the requests to the chef, and once your order is ready, the waiter brings it to you, it manages input and update the model and view (the go-between)

2. Model-View-ViewModel (MVVM)

MVVM is like MVC with an extra twist. It adds a ViewModel, which acts as a middleman between the Model and View (I'm sure you're wondering, what's the difference, isn't it the same as MVC, don't worry, I'll explain)

Model: Like the MVC this guy manages the data and business logic
View: This guys as well manages the user interface
ViewModel: But this guy, it's like a combination of view and model, to streamline the relationship between your data and your user interface

3. Model-View-Presenter (MVP)

MVP is another spin on MVCC, with the Presenter taking charge, (you might ask "what is this presenter?", take a chill man... you'll see it soon):

Model: Data and Business Logic.
View: User interface
Presenter: The presenter acts upon the model and the view. It retrieves data from repositories (the model), and formats it for display in the view

4. Clean Architecture...

We'll stop here for today... Follow me for the next part of this article

A big shout out to HNG, HNG Internship, HNG Hiring for inspiring this article.

Reach out to me on Linkedin or X(Twitter) if you want to have a nice chat about anything and I mean absolutely anything.