<?xml version="1.0" encoding="UTF-8"?>
<chapter annotations="slide" version="5.1" xml:id="sdi_hetzner"
         xmlns="http://docbook.org/ns/docbook"
         xmlns:xlink="http://www.w3.org/1999/xlink"
         xmlns:xila="http://www.w3.org/2001/XInclude/local-attributes"
         xmlns:xi="http://www.w3.org/2001/XInclude"
         xmlns:trans="http://docbook.org/ns/transclusion"
         xmlns:svg="http://www.w3.org/2000/svg"
         xmlns:m="http://www.w3.org/1998/Math/MathML"
         xmlns:html="http://www.w3.org/1999/xhtml"
         xmlns:db="http://docbook.org/ns/docbook">
  <title>Using the <orgname xlink:href="https://hetzner.com">Hetzner</orgname>
  cloud</title>

  <section xml:id="sdi_hetzner_getstarted">
    <title>Getting started</title>

    <figure xml:id="sdi_hetzner_getstarted_createSshKeyPair">
      <title>Create an <command>ssh</command> key pair</title>

      <screen>sdiuser@martin-pc-dachboden:~$ <command
          xlink:href="https://linux.die.net/man/1/ssh-keygen">ssh-keygen</command> -t ed25519 <co
          linkends="sdi_hetzner_getstarted_createSshKeyPair-1"
          xml:id="sdi_hetzner_getstarted_createSshKeyPair-1-co"/>
Generating public/private ed25519 key pair.
Enter file in which to save the key (/home/sdiuser/.ssh/id_ed25519): 
Created directory '/home/sdiuser/.ssh'.
Enter passphrase (empty for no passphrase): <co
          linkends="sdi_hetzner_getstarted_createSshKeyPair-2"
          xml:id="sdi_hetzner_getstarted_createSshKeyPair-2-co"/>
Enter same passphrase again: 
Your identification has been saved in /home/sdiuser/.ssh/id_ed25519 <co
          linkends="sdi_hetzner_getstarted_createSshKeyPair-3"
          xml:id="sdi_hetzner_getstarted_createSshKeyPair-3-co"/>
Your public key has been saved in /home/sdiuser/.ssh/id_ed25519.pub <co
          linkends="sdi_hetzner_getstarted_createSshKeyPair-4"
          xml:id="sdi_hetzner_getstarted_createSshKeyPair-4-co"/></screen>

      <calloutlist>
        <callout arearefs="sdi_hetzner_getstarted_createSshKeyPair-1-co"
                 xml:id="sdi_hetzner_getstarted_createSshKeyPair-1">
          <para>Create an elliptic rather than default <abbrev>RSA</abbrev>
          type key.</para>
        </callout>

        <callout arearefs="sdi_hetzner_getstarted_createSshKeyPair-2-co"
                 xml:id="sdi_hetzner_getstarted_createSshKeyPair-2">
          <para>Security aware folks will choose a decent passphrase
          protecting the private key being generated.</para>
        </callout>

        <callout arearefs="sdi_hetzner_getstarted_createSshKeyPair-3-co"
                 xml:id="sdi_hetzner_getstarted_createSshKeyPair-3">
          <para>The generated private key.</para>
        </callout>

        <callout arearefs="sdi_hetzner_getstarted_createSshKeyPair-4-co"
                 xml:id="sdi_hetzner_getstarted_createSshKeyPair-4">
          <para>The generated public key.</para>

          <note>
            <para>Different implementations like e.g. <command
            xlink:href="https://www.putty.org">putty</command> may use
            different key storage formats.</para>
          </note>
        </callout>
      </calloutlist>
    </figure>

    <figure xml:id="sdi_hetzner_getstarted_hetznerSignUp">
      <title>Create a <orgname>Hetzner</orgname> account</title>

      <itemizedlist>
        <listitem>
          <para>Sign up at <link
          xlink:href="https://accounts.hetzner.com/signUp">https://accounts.hetzner.com/signUp</link>
          using an account name of your choice.</para>
        </listitem>

        <listitem>
          <para>Optionally: Activate 2-factor authentication.</para>
        </listitem>

        <listitem>
          <para>You may validate your account by ID card or similar. No
          payment required!</para>
        </listitem>

        <listitem>
          <para>Publish your <orgname>Hetzner</orgname> account's username to
          your SDI course's group at <link
          xlink:href="https://learn.mi.hdm-stuttgart.de">https://learn.mi.hdm-stuttgart.de</link>.</para>
        </listitem>
      </itemizedlist>
    </figure>

    <figure xml:id="sdi_hetzner_getstarted_accessProject">
      <title>Access your project space</title>

      <para>Upon confirmation your <orgname>Hetzner</orgname> project space
      sdi_gxy (e.g. sdi_g01 corresponding to group 1) should be
      accessible.</para>
    </figure>

    <figure xml:id="sdi_hetzner_getstarted_">
      <title>Create a server</title>

      <informaltable border="0">
        <tr>
          <td valign="top"><orderedlist>
              <listitem>
                <para>Create a default firewall allowing <command
                xlink:href="https://linux.die.net/man/8/ping">ping</command>
                and <command
                xlink:href="https://linux.die.net/man/1/ssh">ssh</command></para>
              </listitem>

              <listitem>
                <para><productname>Ubuntu</productname> latest</para>
              </listitem>

              <listitem>
                <para>Shared vCPU / x86 / CX11 (<link
                xlink:href="https://www.hetzner.com/cloud/#pricing">the
                cheapest</link>)</para>
              </listitem>

              <listitem>
                <para>Add your personal <command>ssh</command> public key from
                <xref
                linkend="sdi_hetzner_getstarted_createSshKeyPair"/></para>
              </listitem>
            </orderedlist></td>

          <td valign="top"><orderedlist continuation="continues">
              <listitem>
                <para>Omit volume, labels and cloud config</para>
              </listitem>

              <listitem>
                <para>Note the <guimenuitem>Networking</guimenuitem> /
                <guisubmenu>Public IPv4</guisubmenu> address for later
                reference</para>
              </listitem>

              <listitem>
                <para>Click »Create &amp; Buy now«</para>
              </listitem>
            </orderedlist></td>
        </tr>
      </informaltable>
    </figure>

    <figure xml:id="sdi_hetzner_getstarted_accessServer">
      <title>Access your server</title>

      <itemizedlist>
        <listitem>
          <para>Ping your server:</para>

          <note>
            <para>The IP 91.107.232.156 serves just as a sample value
            irrespective of your individual actual server IP.</para>
          </note>

          <screen>sdiuser:~$ ping 91.107.232.156
PING 91.107.232.156 (91.107.232.156) 56(84) bytes of data.
64 bytes from 91.107.232.156: icmp_seq=1 ttl=49 time=18.3 ms
64 bytes from 91.107.232.156 ...</screen>
        </listitem>

        <listitem>
          <para>Login via <command>ssh</command>:</para>

          <screen>ssh root@91.107.232.156</screen>
        </listitem>
      </itemizedlist>
    </figure>

    <figure xml:id="sdi_hetzner_getstarted_updateServer">
      <title>Update and reboot</title>

      <orderedlist>
        <listitem>
          <para>apt update</para>
        </listitem>

        <listitem>
          <para>apt upgrade</para>
        </listitem>

        <listitem>
          <para>reboot</para>
        </listitem>
      </orderedlist>
    </figure>

    <figure xml:id="sdi_hetzner_getstarted_installNginx">
      <title>Install a web server</title>

      <screen>root@topsy:~# apt install nginx</screen>
    </figure>

    <figure xml:id="sdi_hetzner_getstarted_localHttpAccess">
      <title>Check local <acronym>http</acronym> web access</title>

      <screen>root@topsy:~# wget -O - 91.107.232.156
--2024-04-07 18:59:13--  http://91.107.232.156/
Connecting to 91.107.232.156:80... connected.
&lt;html&gt;
&lt;head&gt;
&lt;title&gt;Welcome to nginx!&lt;/title&gt; ...</screen>
    </figure>

    <figure xml:id="sdi_hetzner_getstarted_externHttp">
      <title>External <acronym>http</acronym> web access</title>

      <para>Point your browser to http://91.107.232.156.</para>

      <screen>sdiuser:~$ telnet 91.107.232.156 80
Trying 91.107.232.156...</screen>

      <para>Why is there no answer?</para>
    </figure>

    <figure xml:id="sdi_hetzner_getstarted_allowHttp">
      <title>Add port 80 / <acronym>http</acronym> firewall rule</title>

      <screen>sdiuser:~$ telnet 91.107.232.156 80
Trying 91.107.232.156...
Connected to 91.107.232.156.
Escape character is '^]'</screen>

      <para>Congrats: External Browser access is working now!</para>
    </figure>

    <figure xml:id="sdi_hetzner_getstarted_cleanUp">
      <title>Cleaning up!</title>

      <caution>
        <para>This is about <emphasis role="red">$$$ MONEY
        $$$</emphasis></para>
      </caution>

      <itemizedlist>
        <listitem>
          <para>Delete your server including the IPv4 address.</para>
        </listitem>

        <listitem>
          <para>You may delete your firewall</para>
        </listitem>
      </itemizedlist>
    </figure>
  </section>
</chapter>