Frequently Asked Questions for Oracle Cloud Infrastructure

How to connect to the server through SSH?

Obtaining your SSH credentials for your client

If you are using the Oracle Cloud Infrastructure Console, you must upload your public SSH key during the deployment to associate it to the server. To do so:

  • Log in to the Oracle Cloud Infrastructure Console using the Oracle Cloud Infrastructure Account associated with your instance.
  • Navigate to "Compute -> Instances" and click the "Launch an instance" button.
  • In the resulting screen, fill out the required fields and choose one of these two options to add your SSH key (.pem).
    • Option 1: Choose SSH key files. Click the "Browse" button to upload your SSH key. This must contain .pub extension to be valid.

      Upload SSH key

    • Option 2: Paste SSH keys. Paste the content of your public SSH key in the text box.

      Paste SSH key

    NOTE: To generate a new SSH key pair, you can use PuTTYgen (Windows) or the ssh-keygen command (Linux and Mac OS X). For instructions on how to use PuTTYgen, refer to this page. For instructions on how to use ssh-keygen, refer to this page.

Connecting with an SSH client

Connecting with an SSH client on Windows

In order to access your server via SSH tunnel you need an SSH client. In the instructions below we have selected PuTTY, a free SSH client for Windows and UNIX platforms. To access the server via SSH tunnel using PuTTY on a specific port using an SSH tunnel, you need to have it configured in order to allow connections to your server.

  • Step 1: Obtain PuTTY

    • Download the PuTTY ZIP archive from its website.
    • Extract the contents to a folder on your desktop.
  • Step 2: Convert your PEM private key to PPK format (optional)

    If your private key is in .pem format, it is necessary to convert it to PuTTY's own .ppk format before you can use it with PuTTY. If your private key is already in .ppk format, you may skip this step.

    Follow the steps below to convert your .pem private key to .ppk format:

    • Launch the PuTTY Key Generator by double-clicking the puttygen.exe file in the PuTTY installation directory.
    • Click the "Load" button and select the private key file in .pem format.

      PuTTY key conversion

    • Once the private key has been imported, click the "Save private key" button to convert and save the key in PuTTY's .ppk key file format.

      PuTTY key conversion

  • Step 3: Configure PuTTY

    • Double-click the putty.exe file to bring up the PuTTY configuration window.
    • In the PuTTY configuration window, enter the host name or public IP address of your server into the "Host Name (or IP address)" field, as well as into the "Saved Sessions" field. Then, click "Save" to save the new session so you can reuse it later.

    PuTTY configuration

    • Obtain your SSH credentials in order to allow the authentication against the server. Refer to the FAQ to learn how to obtain your SSH credentials for your client.
    • In the "Connection -> SSH -> Auth" section, browse to the private key file (.ppk) you've previously obtained in the step above.

    PuTTY configuration

    • In the "Connection -> Data" section, enter the username bitnami into the "Auto-login username" field, under the "Login details" section.

      PuTTY configuration

  • In the "Session" section, click on the "Save" button to save the current configuration.
  • Select the session you want to start (in case that you have saved more than one session) and click the "Open" button to open an SSH session to the server.

    PuTTY configuration

PuTTY will first ask you to confirm the server's host key and add it to the cache. Go ahead and click "Yes" to this request (learn more).

PuTTY connection

You should now be logged in to your server. Here is an example of what you'll see:

PuTTY connection

Connecting with an SSH client on Linux and Mac OS X

Linux and Mac OS X come bundled with SSH clients by default. In order to log in to your server, follow the steps below:

  • Open a new terminal window on your local system (for example, using "Finder -> Applications -> Utilities -> Terminal" in Mac OS X or the Dash in Ubuntu).
  • Set the permissions for your private key file (*.pem) to 600 using a command like the one below. Refer to the FAQ to learn how to obtain your SSH credentials.

      $ chmod 600 KEYFILE
    
  • Connect to the server using the following command:

      $ ssh -i KEYFILE bitnami@SERVER-IP
    

    Remember to replace KEYFILE in the previous commands with the path to your private key file (.pem), and SERVER-IP with the public IP address or hostname of your server.

  • Your SSH client might ask you to confirm the server's host key and add it to the cache before connecting. Accept this request by typing or selecting "Yes" (learn more).

You should now be logged in to your server. Here is an example of what you'll see:

SSH connection

Forwarding your key using SSH Agent

Forward your key it is an easy way to connect to a host (host A) with your SSH key, and from there, to connect to another host (host B) using the same key.

Forwarding your key using SSH Agent on Windows

To access the server via SSH forwarding your key using PuTTY you must have it configured. Please, check the how to connect to the server through SSH using an SSH client on Windows section for more information on this.

Once you have your SSH client correctly configured, you need to enable the SSH Agent forwarding. For doing so, follow these steps:

  • In the "Connection -> SSH -> Auth" section, activate the "Allow agent forwarding" checkbox.

PuTTY forward agent

  • In the "Session" section, save your changes by clicking the "Save" button.
  • Click the "Open" button to open an SSH session to the server. The SSH session will now forward your key, you can check it by running the following:

      $ ssh-add -L
    
Forwarding your key using SSH Agent on Linux and Mac OS X

To access the server forwarding SSH keys, follow the steps below.

  • Open a new terminal window on your local system (for example, using "Finder -> Applications -> Utilities -> Terminal" in Mac OS X or the Dash in Ubuntu).
  • To access the server forwarding your key, you need to have the following information:
  • Run the following command to add the SSH key to the agent. Remember to replace KEYFILE with the path to your private key:

      $ ssh-add KEYFILE
    
  • Connect to the server using -A option, remember to replace SERVER-IP with the public IP address or hostname of your server:

      $ ssh -A bitnami@SERVER-IP
    
  • The SSH session will now forward your key, you can check it by running the following:

      $ ssh-add -L
    

How to access a server using an SSH tunnel?

Bitnami strongly discourages you from opening server ports apart from those defined by default. In case you need to access a server on a specific port remotely, Bitnami recommends creating an SSH tunnel instead of opening the port in the server firewall.

Depending on your operating system, follow these instructions to create an SSH tunnel and ensure secure access to the application.

IMPORTANT: Before following the steps below, ensure that your application server is running.

Accessing a server using an SSH tunnel on Windows

In order to access your server via SSH tunnel you need an SSH client. In the instructions below we have selected PuTTY, a free SSH client for Windows and UNIX platforms.

Once you have your SSH client correctly configured and you tested that you can successfully access to your instance via SSH, you need to create an SSH tunnel. For doing so, follow these steps:

  • In the "Connection -> SSH -> Tunnels" section, create a secure tunnel by forwarding a port (the "destination port") on the remote server to a port (the "source port") on the local host (127.0.0.1 or localhost). An example of configuring an SSH tunnel between remote port 80 and local port 8888 is displayed below.

    PuTTY safe tunneling

  • Click the "Add" button to add the secure tunnel configuration to the session. (You'll see the added port in the list of "Forwarded ports"). An example of configuring an SSH tunnel between remote port 80 and local port 8888 is displayed below.

    PuTTY safe tunneling

  • In the "Session" section, save your changes by clicking the "Save" button.
  • Click the "Open" button to open an SSH session to the server. The SSH session will now include a secure SSH tunnel between the two specified ports.

While the tunnel is active, you should be able to access the application through the secure SSH tunnel you created, by browsing to http://127.0.0.1:SOURCE-PORT/ or http://localhost:SOURCE-PORT/. Remember to replace SOURCE-PORT with the source port number specified.

Accessing a server using an SSH tunnel on Linux and Mac OS X

To access the server on a specific port using an SSH tunnel, follow the steps below.

  • Open a new terminal window on your local system (for example, using "Finder -> Applications -> Utilities -> Terminal" in Mac OS X or the Dash in Ubuntu).
  • To access the server on a specific port using an SSH tunnel, you need to have the following information:
  • Run the following command to configure the SSH tunnel. Remember to replace SOURCE-PORT with the source port, DESTINATION-PORT with the destination port, KEYFILE with the path to your private key, and SERVER-IP with the public IP address or hostname of your server:

          $ ssh -N -L SOURCE-PORT:127.0.0.1:DESTINATION-PORT -i KEYFILE bitnami@SERVER-IP
    
NOTE: If successful, the above command will create an SSH tunnel but will not display any output on the server console.

While the tunnel is active, you should be able to access the application through the secure SSH tunnel you created, by browsing to http://127.0.0.1:SOURCE-PORT/ or http://localhost:SOURCE-PORT/. Remember to replace SOURCE-PORT with the source port number specified.

How to find application credentials?

Your default credentials become available once you launch an instance. To find them, follow these steps:

  • Log in to the Oracle Cloud Infrastructure Console using the Oracle Cloud Infrastructure Account associated with your instance.
  • Navigate to "Compute -> Instances" and click on the instance you want to retrieve the credentials. The resulting page displays the instances details. Take note of the "Public IP Address" of the instance.

    Server IP Address

  • Connect through SSH to your server.
  • Open the log file with a text editor:

    $ sudo cat /opt/bitnami/var/log/pre-start.log
    
  • You will see both the username and password set by default to access your application:

    Find application credentials

What is a Bitnami image?

A Bitnami image includes everything you need to run your Bitnami-packaged application of choice. The installation and configuration of all of the software included in the stack is completely automated, making it easy for everyone, including those who are not very technical, to get them up and running.

All Bitnami images are completely self-contained and run independently of the rest of the software or libraries installed on your system. This means that you don't have to worry about installing any other software on your system to make the new application work. They also won't interfere with any software already installed on the system, so everything will continue to work normally.

How to start or stop the services?

Each Bitnami stack includes a control script that lets you easily stop, start and restart services. The script is located at /opt/bitnami/ctlscript.sh. Call it without any service name arguments to start all services:

$ sudo /opt/bitnami/ctlscript.sh start

Or use it to restart a single service, such as Apache only, by passing the service name as argument:

$ sudo /opt/bitnami/ctlscript.sh restart apache

Use this script to stop all services:

$ sudo /opt/bitnami/ctlscript.sh stop

Restart the services by running the script without any arguments:

$ sudo /opt/bitnami/ctlscript.sh restart

Obtain a list of available services and operations by running the script without any arguments:

$ sudo /opt/bitnami/ctlscript.sh

What is the directory structure?

The installation process will create several sub-directories under the /opt/bitnami directory:

  • Servers and related tools: apache2/, mysql/, postgresql/, apache-tomcat/, etc.
  • Languages: php/, python/, ruby/, tcl/, etc.
  • Application files: apps/phpMyAdmin/, apps/drupal/, apps/joomla/, apps/redmine/, etc.
  • Common libraries: common/
  • Licenses of the components included in the stack: licenses/

Application files are stored in the /opt/bitnami/apps/APPNAME/htdocs directory. The configuration file for the Apache Web server is stored in the /opt/bitnami/apps/APPNAME/conf/ directory.

How to open the server ports for remote access?

IMPORTANT: Making this application's network ports public is a significant security risk. You are strongly advised to only allow access to those ports from trusted networks. If, for development purposes, you need to access from outside of a trusted network, please do not allow access to those ports via a public IP address. Instead, use a secure channel such as a VPN or an SSH tunnel. Follow these instructions to remotely connect safely and reliably.

By default, Oracle Cloud Infrastructure servers have some or all of their ports closed to secure them against external attacks. In some cases, ports needed for specific applications to operate properly are also left open by default.

If you need to access your server remotely using a different port, you must first open the necessary port(s) using the Oracle Cloud Infrastructure Console.

Follow these steps:

  • Log in to the Oracle Cloud Infrastructure Console.
  • Navigate to "Compute -> Instances".
  • In the list of available instances, find the instance you want to modify its firewall rules. Click on it to see the "Instace Details".

    List of launched instances

  • On the "Instance Details" page, click on the "Subnet" link. Yo will be redirected to the "Networking-> Virtual Cloud Networks -> Virtual Cloud Network Details -> Subnets" section. In this section you will find all the Subnets created for the compartment in which you have launched your instance.
  • Click the " Default Security List for" link in the "Security list" section of the Subnet in which you have launched your instance.

    List of Subnets

  • On the resulting screen, you will find a summary of all the rules applied to that Subnet. To open the application ports you need to create a new Ingress Rule.

Ingress Rules

  • To open a new port, click the "Edit All Rules" button. Then, scroll down and click the "+Add Rule" button as shown below:

Add new ingress rule

  • Once you have entered the information for this new ingress rule, click the "Save Security List Rules" so the changes take effect.

Save the new ingress rule

Your new security rule comes into effect immediately without any need to restart the server.

How to close the server ports and deny remote access?

To close ports for remote access, follow these steps:

  • Log in to the Oracle Cloud Infrastructure Console.
  • Navigate to "Compute -> Instances".
  • In the list of available instances, find the instance you want to modify its firewall rules. Click on it to see the "Instace Details".

    List of launched instances

  • On the "Instance Details" page, click on the "Subnet" link. Yo will be redirected to the "Networking-> Virtual Cloud Networks -> Virtual Cloud Network Details -> Subnets" section. In this section you will find all the Subnets created for the compartment in which you have launched your instance.
  • Click the " Default Security List for" link in the "Security list" section of the Subnet in which you have launched your instance.

    List of Subnets

  • On the resulting screen, you will find a summary of all the rules applied to that Subnet. To close the application ports you need to create a new Egress Rule. Navigate to the "Egress Rules" section and click the "Edit All Rules" button as shown below:

Egress Rules

  • To close a new port, scroll down to find the "Allow Rules for Egress", then click the "+Add Rule" button as shown below:

Add new egress rule

  • Once you have entered the information for this new egress rule, click the "Save Security List Rules" so the changes take effect.

Save the new egress rule

Your new security rule comes into effect immediately without any need to restart the server.

How to upload files to the server with SFTP?

NOTE: Bitnami applications can be found in /opt/bitnami/apps.

The first step is to ensure that you have an SSH key for your server.

  • If you are using the Oracle Cloud Infrastructure console, you would have already uploaded and associated your SSH key during the server deployment procedure.

  • If you are using the Bitnami Launchpad for Oracle Cloud Infrastructure, download the SSH key for your server in .ppk format (for FileZilla or WinSCP) or in .pem format (for Cyberduck) from the Launchpad detail page for your server.

    SSH keys

Although you can use any SFTP/SCP client to transfer files to your server, this guide documents FileZilla (Windows, Linux and Mac OS X), WinSCP (Windows) and Cyberduck (Mac OS X).

Using an SSH Key

Once you have your server's SSH key, choose your preferred application and follow the steps below to connect to the server using SFTP.

FileZilla
IMPORTANT: To use FileZilla, your server private key should be in PPK format.

Follow these steps:

  • Download and install FileZilla.
  • Launch FileZilla and use the "Edit -> Settings" command to bring up FileZilla's configuration settings.
  • Within the "Connection -> SFTP" section, use the "Add keyfile" command to select the private key file for the server. FileZilla will use this private key to log in to the server.

    FileZilla configuration

  • Use the "File -> Site Manager -> New Site" command to bring up the FileZilla Site Manager, where you can set up a connection to your server.
  • Enter your server host name and specify bitnami as the user name.
  • Select "SFTP" as the protocol and "Ask for password" as the logon type.

    FileZilla configuration

  • Use the "Connect" button to connect to the server and begin an SFTP session. You might need to accept the server key, by clicking "Yes" or "OK" to proceed.

You should now be logged into the /home/bitnami directory on the server. You can now transfer files by dragging and dropping them from the local server window to the remote server window.

If you have problems accessing your server, get extra information by use the "Edit -> Settings -> Debug" menu to activate FileZilla's debug log.

FileZilla debug log

WinSCP
IMPORTANT: To use WinSCP, your server private key should be in PPK format.

Follow these steps:

  • Download and install WinSCP.
  • Launch WinSCP and in the "Session" panel, select "SCP" as the file protocol.
  • Enter your server host name and specify bitnami as the user name.

    WinSCP configuration

  • Click the "Advanced…" button and within the "SSH -> Authentication -> Authentication parameters" section, select the private key file for the server. WinSCP will use this private key to log in to the server.

    WinSCP configuration

  • From the "Session" panel, use the "Login" button to connect to the server and begin an SCP session.

You should now be logged into the /home/bitnami directory on the server. You can now transfer files by dragging and dropping them from the local server window to the remote server window.

If you need to upload files to a location where the bitnami user doesn't have write permissions, you have two options:

  • Once you have configured WinSCP as described above, click the "Advanced…" button and within the "Environment -> Shell" panel, select sudo su - as your shell. This will allow you to upload files using the administrator account.

    WinSCP configuration

  • Upload the files to the /home/bitnami directory as usual. Then, connect via SSH and move the files to the desired location with the sudo command, as shown below:

     $ sudo mv /home/bitnami/uploaded-file /path/to/desired/location/
    
Cyberduck
IMPORTANT: To use Cyberduck, your server private key should be in PEM format.

Follow these steps:

  • Select the "Open Connection" command and specify "SFTP" as the connection protocol.

    Cyberduck configuration

  • In the connection details panel, under the "More Options" section, enable the "Use Public Key Authentication" option and specify the path to the private key file for the server.

    Cyberduck configuration

  • Use the "Connect" button to connect to the server and begin an SFTP session.

You should now be logged into the /home/bitnami directory on the server. You can now transfer files by dragging and dropping them from the local server window to the remote server window.

How to block a suspicious IP address?

NOTE: The steps below should be performed on all instances that receive inbound Internet traffic.

If you have detected an IP address that is collapsing your server or just making suspicious requests, block it using iptables. To do this, run the following command:

$ sudo su
$ iptables -A INPUT -s 1.2.3.4 -j DROP

Remember to replace 1.2.3.4 with the IP address you want to block.

IMPORTANT: Use with caution. If you don't specify an IP address, you will block yourself.

This will block all requests from that IP address. To have your iptables rules active even after rebooting the server, follow these steps:

  • Execute these commands:

     $ sudo su
     $ iptables-save > /opt/bitnami/iptables-rules
     $ crontab -e
    
  • Edit the above file with your favourite editor and include this line at the end of the file:

     @reboot /sbin/iptables-restore < /opt/bitnami/iptables-rules
    
  • Save the file and exit.

Now, on every boot, the system will load and apply the iptables rules.

To delete a rule, run the following command:

$ sudo su
$ iptables -D INPUT -s 1.2.3.4 -j DROP

This will delete the rule. Remember to replace 1.2.3.4 with a valid IP address.

Rerun the iptables-save command shown previously to make the new rules active even after rebooting the server.

How to configure a static IP address?

Oracle Cloud Infrastructure instances are launched with a dynamic IP address by default, which means that the IP address changes every time the server is stopped and restarted. It is not possible to configure a static IP address for these instances.

How to configure your application to use a third-party SMTP service for outgoing email?

Bitnami applications can be configured to use a third-party SMTP service for outgoing email. Examples of such third-party SMTP services are SendGrid and Mandrill. Instructions for using both these are provided below.

SendGrid

SendGrid's SMTP service can be accessed using your SendGrid account credentials. These credentials can be obtained by logging in to the SendGrid website and visiting the "Account Details" page.

SendGrid configuration

To configure your application to send email through SendGrid's SMTP service, use the settings below. Replace USERNAME with your SendGrid account username and PASSWORD with your SendGrid account password.

  • SMTP host: smtp.sendgrid.net
  • SMTP port: 25 or 587 for unencrypted/TLS email, 465 for SSL-encrypted email
  • SMTP username: USERNAME
  • SMTP password: PASSWORD

Here's an example of configuring WordPress to use SendGrid:

WordPress with SendGrid

More information is available in the SendGrid documentation.

Mandrill

Mandrill's SMTP service requires an API key for access. To obtain this key, log in to the Mandrill website, navigate to the "SMTP & API" section and create an API key. Note the SMTP server name, username and API key, as these serve as your credentials for accessing the Mandrill SMTP server.

Mandrill configuration

To configure your application to send email through Mandrill's SMTP service, use the settings below. Replace USERNAME with your SMTP username and API-KEY with the generated API key.

  • SMTP host: smtp.mandrillapp.com
  • SMTP port: 25, 587 or 2525 for unencrypted/TLS email, 465 for SSL-encrypted email
  • SMTP username: USERNAME
  • SMTP password: API-KEY

Here's an example of configuring WordPress to use Mandrill:

WordPress with Mandrill

More information is available in the Mandrill documentation.

Similar steps can be followed for other third-party SMTP services as well. Consult your service provider's documentation to obtain details on authentication credentials and available ports.

Does Bitnami collect any data from deployed Bitnami stacks?

Yes. Bitnami cloud images and virtual machines include a small agent that starts on boot and collects a few pieces of information about the system. For users of Bitnami Virtual Machine Images, Cloud Templates, and Container Images we may also collect information from downloaded, pulled or deployed images or instances, such as the instance type, IP address and operating system version or the Bitnami account used to launch the image in order to improve our product offerings.

We encourage you to leave this tracking on, but if you would like to turn it off, you can comment out or delete the following line in the /etc/crontab file:

X * * * * bitnami cd /opt/bitnami/stats && ./agent.bin --run -D

(where X is a random number for each instance generated at the boot time)

Our complete privacy policy is available online. If you have any questions, please feel free to contact us at hello@bitnami.com.

What does the SSH warning 'REMOTE HOST IDENTIFICATION HAS CHANGED' mean?

This warning is normal when trying to connect to the same IP address but a different machine - for instance, when you assign the same static IP address to another server. You can fix the problem by removing the IP address that you are trying to connect to from your ~/.ssh/known_hosts file.

If you use PuTTY, the SSH key mismatch warning looks like the image below:

SSH warning

In this case, click "Yes" if you know the reason for the key mismatch (IP address reassigned to another server, machine replaced, and so on).

How to troubleshoot server performance problems?

There are several possible reasons why your server might be under-performing. Use the list below to identify what could be affecting it.

  • Check the server type and ensure that it has the necessary CPU and RAM resources to meet your application requirements and user load.

  • Check if your application is using a cache. Consider enabling a cache if one is not already present. For applications like WordPress, caching plugins like W3 Total Cache can produce a significant improvement in performance.

  • Check if there are any cron jobs running on the server and consuming resources.

  • Review the server dashboard or monitoring page and check the list of processes consuming CPU and memory. Alternatively, log in to the machine console via SSH and execute the following command to see a list of running processes:

     $ ps -e -orss=,args= | sort -b -k1,1n | pr -TW$COLUMNS
     $ ps -e -o pcpu,nice,state,cputime,args --sort -pcpu | head -10
    
  • In case of problems with the disk size, check the free disk space and which directories have a large number of files:

     $ df -ih
     $ df -h
     $ cd /opt/bitnami
     $ sudo find . -type f | cut -d "/" -f 2 | sort | uniq -c | sort -n
     $ du -h -d 1
    

How to improve server performance?

Consider the following tips to improve the performance of your server.

oci

Bitnami Documentation