Running .NET Core app on AWS Lightsail Linux instance. Part 1

Some time ago I needed simple tutorial site. Initially I was thinking about static page hosting and I started research. But during research I found AWS Lightsail service. It cost $3.5 per month and offers 1 vCPU, 512 MB of RAM, 20 GB of SSD space and 1 TB of data transfer. It is about that the same as my current hosting offers but in case of Amazon it is your own virtual PC, and you can do whatever you like there. It looks attractive, but there is one catch. It is Linux. I had some experience with Linux, but it was far from extensive. On another side I really like challenges, so I decided to try it.

But before I start, I must warn you. You cannot run CPU intensive tasks on such instance. This instance has burstable performance. It is very similar to EC T-type instances. You have certain CPU allowance. When you are using CPU, this allowance is decreasing. When you are not using, it is recovering. When allowance is depleted, then performance will drop.

As I mentioned some time ago, I am using Cloudscribe as blogging platform. It also has some CMS functionality. But again, I never had any experience with this platform on Linux. It looks like it will not be boring :)

Creating instance and preparation

I will not explain how to create Amazon account. It is very simple and there are plenty resources that explains it. But to be honest it is pretty straight forward and created account without any problems. After account created, go to Services and type Lightsail and press Enter, then click on that service. After that you will be redirected to own Lightsail portal.

Press “Create Instance” button, then select OS Only and select “Ubuntu 20.04” I think you can pickup any Linux version you are comfortable with. I had some recent experience with Ubuntu, so I chose Ubuntu. Then wait few minutes and your instance will be ready.

Networking

Every time you restart OS or stop and start instance, it will get new IP address. As far as I see static IP in Lightsail is free. So, it is better to create and use one. Click on 3 vertical dots on your instance and select Manage. Then click on Networking and there you can create and assign static IP.

Also, at the same place you can add HTTPS to firewall rules. At the end you will have 3 rules: SSH, HTTP and HTTPS. Most modern browsers prefer HTTPS, and it is not that hard to do if you are planning to use it with any domain.

Software

Now it is time to install necessary software. In Linux world software typically come from packages. Here are few commands to install:

# Update package sources
sudo apt-get update

# Install web server
sudo apt-get install nginx

# Enable SSH in firewall
sudo ufw allow OpenSSH

# Enable HTTP and HTTPS in firewall
sudo ufw allow "Nginx Full"
sudo ufw enable

# Add .NET package source to package manager
wget https://packages.microsoft.com/config/ubuntu/20.10/packages-microsoft-prod.deb -O packages-microsoft-prod.deb
sudo dpkg -i packages-microsoft-prod.deb

# Install .NET
sudo apt-get update; \
  sudo apt-get install -y apt-transport-https && \
  sudo apt-get update && \
  sudo apt-get install -y aspnetcore-runtime-3.1

# Install zip and unzip. It is necessary for last steps with auto deployments scripts. It is not necessary for .NET Core or web server
sudo apt install zip
sudo apt install unzip

After that you will have web server and .NET runtime installed and ready to use. And please note that it is good idea to enable firewall as one of the first steps. If you mess it up, then you will not be able to connect to that instance anymore. In this case you will have to delete instance and create new one. So, it is better to play with firewall early, so if something happens you will not lose much of your time.

And I would like to clarify something about firewall. In Networking section, you changed settings of Amazon router. Basically, it is something that forwards network packets to your virtual PC. In this section you changed firewall settings of your PC. Somebody can say that it is not necessary as traffic can come  to your PC only from Amazon router. But I always prefer layered defense. If somebody hack Amazon router, then there will have another obstacle, and then perhaps another. Everything can be hacked, but it is question of time. It is easy for me to add obstacle, so why not :) Also if you for whatever reason will use this script somewhere else, your PC will still be protected.

Next part is here.

Comments

Post comment