# American Cloud — Complete documentation > American Cloud offers powerful compute, zero egress fees, and no lock-in. Cloud infrastructure built and operated in America. --- # Cloud compute Virtual machines and compute instances ## American Cloud & Cloudflare Tunnels ## Introduction This article explores using Cloudflare Tunnels to simplify application deployment, using a NextJS app with MongoDB as a practical example scenario. ## Key Problem Traditionally, exposing applications requires handling multiple complex tasks: - Configuring firewalls - Setting up reverse proxies - Managing DNS - Obtaining SSL certificates - Implementing access controls This creates security risks through misconfiguration. ## Benefits of Tunnels - No exposing of inbound ports needed - No reverse proxy required - No need to manage DNS records - Built-in encryption - Granular access rules - Simplified setup versus traditional networking approaches ## Implementation Steps ### Initial Setup 1. Create a Cloudflare account with Zero Trust features 2. Configure at least one domain in Cloudflare 3. Create a Cloudflared tunnel and note the authentication token 4. Update docker-compose configuration ### Docker Configuration The guide provides a complete docker-compose.yaml example with four services: - nextjs-app - mongo - mongo-express - cloudflared All containers connect via a custom bridge network with no exposed ports. ### Access Control - **Public Hostname:** Route app.mydomain.com to nextjs-app:3000 - **Restricted Hostname:** Route mongo-express.mydomain.com to mongo-express:8081 - Create Access Group restricting mongo-express to emails ending in @mydomain.com ## Advanced: Automated Deployments The article extends the setup with watchtower for automatic container updates triggered by CI/CD pipelines. When code is pushed, a GitHub Actions or GitLab CI workflow builds a new image and sends an HTTP request to watchtower, automatically rebuilding the application. ## Cloud Compute Cloud compute refers to the use of remote computing resources delivered over the internet, such as virtual machines (VMs) or containers, provided by cloud service providers. These resources can be configured and managed remotely, allowing users to run applications, store data, and perform computing tasks without having to invest in and maintain their own physical infrastructure. Cloud compute offers scalability, flexibility, and cost-effectiveness, as users can pay for only the resources they need and easily adjust their computing capacity as requirements change. ## Deploy a Compute Instance 1. Login to the Web Portal with a valid American Cloud account 2. On the left navigation column choose 'Cloud Compute' ![](/docs/images/cloud-compute/cloud-compute-01.png) 3. In Manage Instance select 'Create An Instance' ![](/docs/images/cloud-compute/cloud-compute-02.png) 4. In the Create New Instance popup select the desired project from the drop down or create a new project 5. Fill out the provided creation form which allows for full customization of the new Instance. The following fields are available: ### Location This field provides the ability to choose which geographic region the instance will reside. ### Network American Cloud provides two networking options Elastic Cloud or a VPC. For more information about Elastic/VPC networks, [Click Here](https://docs.americancloud.com/hc/docs/en/categories/networking). ### Server Image In this field select the desired Image or marketplace Apps For more information on marketplace apps, [Click Here](https://docs.americancloud.com/hc/docs/en/categories/marketplace-apps). ### Server Size Select from four prebuilt size configurations or specify size ### Personalize Instance This section allows personalization of an instance with options to add a startup script, add a new ssh key, or generate a new SSH key. ![](/docs/images/cloud-compute/cloud-compute-03.png) When using the 'Genarate New SSH Key' toggle, ensure to select the key once it's genarated and select 'Add New SSH Key'. More support adding and using startup scripts coming soon! For more support generating or adding an SSH key, [Click Here](https://docs.americancloud.com/hc/docs/articles/1722537850-managing-ssh-keys). ### Hostname & Label - This field allows for a name to be assigned to the to the instance. A unique name is suggested in order to easily differentiate between instances ### Billing Method & Coupon - Determine the method of billing between hourly or monthly. If a coupon has been redeemed ensure to select it here for applications ### Review & Deploy - Once all fields are filled in correct select 'Review and Deploy' 6. Review selections and cost in the Cost Breakdown window and select 'Deploy' ![](/docs/images/cloud-compute/cloud-compute-04.png) > **Note:** The first instance may take up to a minute to deploy. ![](/docs/images/cloud-compute/cloud-compute-05.png) - Following the successful creation, a redirection to server information will occur ![](/docs/images/cloud-compute/cloud-compute-06.png) ## Managing Instances ### Instance Dashboard The instances dashboards allows for certain controls over the instances. Navigate to the instance dashboard section. 1. From the 'Home Screen' on the left navigation column choose 'Cloud Compute' 2. Identify the instance to manage, each instance has it's own controls located to the right - Each toggle switch has an action described below ### Console ![](/docs/images/cloud-compute/cloud-compute-07.png) This toggle provides the ability to console into the instances using user name and password ![](/docs/images/cloud-compute/cloud-compute-08.png) ### Power ![](/docs/images/cloud-compute/cloud-compute-09.png) - The power toggle allows for powering on/off the respective instances. ### Reboot Server ![](/docs/images/cloud-compute/cloud-compute-10.png) - Provides the option of power cycling the respective instance ### Reinstall Server ![](/docs/images/cloud-compute/cloud-compute-11.png) - This function of complete reset of selected instance > **Note:** When resetting an instance all unsaved data will be lost ### Destroy Server ![](/docs/images/cloud-compute/cloud-compute-12.png) - The destroy toggle will permanently delete the selected VM ## Specific Instance Management Instance management provideds detailed overview and settings of the each individual instance. Navigate to an instance using the following steps. 1. On the navigation panel to the left select 'Cloud Compute' 2. On the Manage Instance page select the instance to manage - Inside the instance are Overview, Usage, Settings, Snapshots, and SSH Keys. Below each section is broken down. ### Overview ![](/docs/images/cloud-compute/cloud-compute-13.png) - This section provides a detailed view of the instance. Most importantly, the IP address, username, and default password used to SSH into the instance. Username and password are configured upon initial build but can be changed afterward. ![](/docs/images/cloud-compute/cloud-compute-14.png) ### Usage ![](/docs/images/cloud-compute/cloud-compute-15.png) - In usage a breakdown of monthly usage is provided in numerical values as well graphical values. Graphs provide information on CPU Usage, CPU Load, Memory Usage, Network Interface, and Disk Operations. ![](/docs/images/cloud-compute/cloud-compute-16.png) ### Settings ![](/docs/images/cloud-compute/cloud-compute-17.png) - Basic configurations are available inside the settings settions. Prior to executing any of these changes ensure you identify and read the warning banners. Several of the changes require an instance to be in a stopped state and may have impacts on data stored. ![](/docs/images/cloud-compute/cloud-compute-18.png) For more information on Firewalls and Port Forwarding Rules, Click Here[.](https://help.usacld.net/hc/help/articles/1718132221-firewall) ### Snapshots ![](/docs/images/cloud-compute/cloud-compute-19.png) - Snapshots are complete images of a drive's data at a specific moment, allowing for data recovery, rollback, or backup. They capture the drive's entire contents, including files, folders, and system settings. - When naming snapshots use naming conventions that are easily tracked and organized. ![](/docs/images/cloud-compute/cloud-compute-20.png) ### SSH Keys ![](/docs/images/cloud-compute/cloud-compute-21.png) - Keys applied to the instance will be listed under this section For more information on adding/using SSH Keys, [Click Here.](https://docs.americancloud.com/hc/docs/articles/1722537850-managing-ssh-keys) ## Instance Creation with Root SSH Permitted - Navigate to [https://app.americancloud.com/login](http://cmpprodc0-0.sjc0.usacld.net/login) ## Create an Instance with Start Up Script 1.) In the left navigation pane select "Cloud Compute" ![](/docs/images/cloud-compute/instance-creation-with-root-ssh-permitted-01.jpeg) 2.) Select "CREATE AN INSTANCE" ![](/docs/images/cloud-compute/instance-creation-with-root-ssh-permitted-02.jpeg) 3.) Select the project to build in and select "Proceed" ![](/docs/images/cloud-compute/instance-creation-with-root-ssh-permitted-03.jpeg) 4.) Select between "US-West-0" and "US-West-1" If wishing to build on our premium stack select "US-West-0" ![](/docs/images/cloud-compute/instance-creation-with-root-ssh-permitted-04.jpeg) 5.) Select between Standard or Premium in "US-West-0" and Standard in "US-West-0" ![](/docs/images/cloud-compute/instance-creation-with-root-ssh-permitted-05.jpeg) 6.) Select the desired OS/Marketplace App. ![](/docs/images/cloud-compute/instance-creation-with-root-ssh-permitted-06.jpeg) 7.) Provision your VM with our custom or default options. ![](/docs/images/cloud-compute/instance-creation-with-root-ssh-permitted-07.jpeg) 8.) Select "Add a new Startup Script" ![](/docs/images/cloud-compute/instance-creation-with-root-ssh-permitted-08.jpeg) 9.) Add this startup script to the block. Ensure to replace "mypubkey" with your actual pubkey leaving the quotations in place. ``` #!/bin/bash echo "PermitRootLogin yes" >> /etc/ssh/sshd_config SSH_KEY_CONTENT="mypubkey" echo "$SSH_KEY_CONTENT" >> /root/.ssh/authorized_keys chmod 600 /root/.ssh/authorized_keys chown root:root /root/.ssh/authorized_keys systemctl restart sshd echo "SSH configuration for root updated. Root login now permitted with specified key." ``` ![](/docs/images/cloud-compute/instance-creation-with-root-ssh-permitted-09.jpeg) 10.) Select "Add startup script" ![](/docs/images/cloud-compute/instance-creation-with-root-ssh-permitted-10.jpeg) 11.) Give the instance a customized hostname and label. ![](/docs/images/cloud-compute/instance-creation-with-root-ssh-permitted-11.jpeg) 12.) Select "Deploy Now" ![](/docs/images/cloud-compute/instance-creation-with-root-ssh-permitted-12.jpeg) ## Confirm Root SSH is enabled SSH using root user to confirm access `ssh root@'publicip'` ## Managing SSH Keys ## About SSH Keys SSH key, or Secure Shell key, is a cryptographic key pair used for securely authenticating and encrypting communication between two entities in a Secure Shell (SSH) protocol-based system, such as remote access to a server or a Git repository. SSH is a widely used protocol for securely connecting to and managing remote servers over a network. An SSH key pair consists of two keys: a private key and a public key. The private key is kept secret and is known only to the owner, while the public key is shared with other parties. When a client initiates an SSH connection to a server, the server requests the client to authenticate using a key pair. The client uses its private key to generate a digital signature, which is sent to the server along with the public key. The server then uses the public key to verify the digital signature, and if it matches, the client is granted access. ## RSA vs ED2519 RSA and Ed25519 are two different types of cryptographic key pairs used in SSH for secure communication and authentication. Here are the key differences between RSA and Ed25519 key pairs: ### Algorithm RSA (Rivest-Shamir-Adleman) is a widely used asymmetric encryption algorithm, while Ed25519 is a newer elliptic curve cryptography (ECC) algorithm. ### Key Size RSA key pairs typically have larger key sizes, such as 2048 bits or 4096 bits, while Ed25519 key pairs have a fixed key size of 256 bits. This means that RSA keys are generally larger and require more computational resources for key generation, encryption, and decryption compared to Ed25519 keys. ### Security Both RSA and Ed25519 are considered secure for most purposes. However, Ed25519 is generally considered to provide stronger security with smaller key sizes compared to RSA, due to the use of elliptic curve cryptography, which offers higher security levels with shorter key lengths. RSA is susceptible to attacks such as factorization, while Ed25519 is designed to be resistant to various cryptographic attacks. ### Performance Ed25519 is known for its faster performance compared to RSA, as it requires less computational resources for key generation, encryption, and decryption. This makes Ed25519 more efficient for use in resource-constrained environments, such as embedded systems or high-traffic networks. ### Compatibility RSA is more widely supported and compatible with older systems and software, as it has been in use for a longer time. Ed25519, being a newer algorithm, may not be supported by all SSH implementations or older systems. However, most modern SSH clients and servers support Ed25519, and it is gaining wider adoption in recent years. ### Key Management RSA keys are typically managed using the ssh-keygen tool, which is available on most operating systems. Ed25519 keys can also be generated using ssh-keygen, but it may require a newer version of the tool that supports ECC algorithms. Additionally, RSA keys often require regular key size updates for maintaining strong security, while Ed25519 keys are fixed at 256 bits. In summary, RSA and Ed25519 are both commonly used for SSH key-based authentication, but they differ in terms of algorithm, key size, security, performance, compatibility, and key management. The choice between RSA and Ed25519 depends on the specific use case, security requirements, and compatibility considerations of the system or network being used. ## Generating SSH Keys ### Generating SSH Keys using Terminal/CMD Prompt Here are two ways to generate an SSH key for use within the American Cloud Cloud Management Platform (CMP). Generate within the terminal or cmd prompt using the following commands: ### Terminal or CMD Prompt Open a terminal or cmd prompt on your local machine. ### Run Commands Run the command to generate rsa and/or ed2519 keys - RSA ``` ssh-keygen -t rsa -b 4096 -C "your_email@example.com" ``` - Ed2519 ``` ssh-keygen -t ed25519 -C "your_email@example.com" ``` ### Using AC Key Generator The American Cloud CMP offers a convenient toggle that automatically generates and saves an SSH key. This feature simplifies the process of creating an SSH key for use within the platform. Here's how it typically works: 1. In the left pane select 'Account' 2. On the user dashboard select 'Security' Tab 3. Select 'SSH Key' 4. Select 'Generate Keypair' 5. Save the newly Generated key pair to the local PC. Once key has been generated and saved, it will be displayed within the profile section and ready for use with new instances. ## Placing Pre-generated Keys The American Cloud CMP also offers the ability to place pre-built keys. Below are the steps to accomplish this: 1. In the left pane select 'Account' 2. Choose the 'Security' tab and then select 'SSH Key' 3. Select 'Upload SSH Key' 4. Add the new SSH key and select 'Add New SSH Key' ![](/docs/images/cloud-compute/managing-ssh-keys-01.png) 5. Once uploaded the key will populate within the list of available keys and is ready for use. ![](/docs/images/cloud-compute/managing-ssh-keys-02.png) ## OpenBSD ![](/docs/images/cloud-compute/openbsd-01.png) OpenBSD is a free and open-source Unix-like operating system known for its emphasis on security, correctness, and a strong commitment to free and open-source software principles. Developed by a community of volunteers, OpenBSD prioritizes code quality and rigorous security auditing, making it a preferred choice for security-conscious users and organizations. The system's proactive security features, such as privilege separation and a focus on secure coding practices, contribute to its reputation as one of the most secure operating systems available. OpenBSD supports various hardware architectures and includes a range of built-in utilities and services. Its commitment to simplicity, clarity, and a secure default configuration has established OpenBSD as a reliable platform for network infrastructure, firewalls, and security-focused applications. ## OpenBSD with American Cloud American Cloud offers two OpenBSD options. - ***OpenBSD (Beta) -Predefined*** with a 25GB startup disk and cloud init allowing interaction with CMP functions. - ***OpenBSD (Beta) -Self-Install*** version which requires more robust technical knowledge to utilze all the resources within the CMP. This documentation will discuss both. ## OpenBSD (Beta) -Predefined ### Build Instance 1. Login to the Web Portal with a valid American Cloud account 2. On the left navigation column choose 'Cloud Compute' 3. Click on "Create an Instance" select your "Project" and click "Proceed" 4. Select your location and network. Under "Choose Server Image" select "Other Services" tab and choose "OpenBSD 7.4 Beta" ![](/docs/images/cloud-compute/openbsd-02.png) ![](/docs/images/cloud-compute/openbsd-03.png) 5. Choose server size ![](/docs/images/cloud-compute/openbsd-04.png) ***Important:*** The base template will provide a 25GB root disk no matter the SSD selected. Therefore, only choose a 25GB root disk for pricing purposes. Later in the documentation, more storage will be allocated. 6. Click on Review and Deploy once reviewed click on Deploy Now Upon initial boot the American Cloud CMP will show a running status moments before the full boot is complete. By opening the console the boot process can be observed. ### Add Additional Storage - As discussed previously additional storage may be required. American Cloud provides this through block storage. Select here for additional documentation on building Block Storage [Click Here](https://docs.americancloud.com/hc/docs/articles/1722539010-block-storage). Ensure when building the block storage volume that the newly built instance is selected. - OpenBSD lacks a hot-add function. Therefore, a reboot is required following the build of block storage Reboot the system either through the CMP or command `sudo reboot`. #### Retrieve Disk Information 1. Upon reboot, use the command `sysctl -a | grep -i disk`. The disk count will be printed onto the screen. ``` ac-openbsd$ sysctl -a | grep -i disk hw.disknames=cd0:,sd0:5ca267e7629f19b2,sd1:,fd0: hw.diskcount=4 machdep.bios.diskinfo.128=bootdev = 0xa0000204, cylinders = 1023, heads = 255, sectors = 63 ``` 2. Access root using `sudo -i` and run the command `disklabel sd1` to print the drive information ``` ac-openbsd# disklabel sd1 # /dev/rsd1c: type: SCSI disk: SCSI disk label: Block Device duid: 0000000000000000 flags: bytes/sector: 512 sectors/track: 63 tracks/cylinder: 255 sectors/cylinder: 16065 cylinders: 6527 total sectors: 104857600 boundstart: 0 boundend: 104857600 16 partitions: # size offset fstype [fsize bsize cpg] c: 104857600 0 unused ``` #### Partition the Drive **Command Function** `help Display summary of available commands` `manual Display fdisk man page` `reinit Initialize the partition table` `setpid Set identifier of table entry` `edit Edit table entry` `flag Set flag value of table entry` `update Update MBR bootcode` `select Select MBR extended table entry` `swap Swap two table entries` `print Print partition table` `write Write partition table to disk` `exit Discard changes and exit edit level` `quit Save changes and exit edit level` `abort Discard changes and terminate fdisk` 1. Partition the drive using `fdisk -e sd1` ``` ac-openbsd# fdisk -e sd1 Enter 'help' for information sd1: 1> ``` 2. Use the `print` command to list the available partitions ``` sd1: 1> p Disk: sd1 geometry: 6527/255/63 [104857600 Sectors] Offset: 0 Signature: 0x0 Starting Ending LBA Info: #: id C H S - C H S [ start: size ] ------------------------------------------------------------------------------- 0: 00 0 0 0 - 0 0 0 [ 0: 0 ] Unused 1: 00 0 0 0 - 0 0 0 [ 0: 0 ] Unused 2: 00 0 0 0 - 0 0 0 [ 0: 0 ] Unused 3: 00 0 0 0 - 0 0 0 [ 0: 0 ] Unused ``` 3. Determine how to partition the drive and use the `edit` command to make adjustments. For this example a single 50GB partition will be built on partition 3 4. Select the partition id. To print a list of identifiers type `?`. For an identifier of OpenBSD utilize A6 5. Determine to use CHS or not. 6. Determine the partition offset and size ``` sd1: 1> edit 3 Partition id ('0' to disable) [01 - FF]: [00] (? for help) A6 Do you wish to edit in CHS mode? [n] n Partition offset [0 - 104857599]: [0] 0 Partition size [1 - 104857600]: [1] 104857600 ``` 7. Using the `print` command ensure the partition has been created. If satisfied use the `quit` command to save & exit fdisk 8. Build the new file system using the command `newfs sd1c`. #### Mount Drive 1. Using either nano or vim, open `/etc/fstab`. Insert the drive info using (duid /location perms) ex...`786d2bc033bfc8ff.c /mnt/test1 ffs rw,wxallowed 1 1` 2. Using the `mkdir` command build the location for the drive ``` ac-openbsd# mkdir /mnt/test1 ``` 3. Using `mount -a` command will mount all drives in the /etc/fstab file. 4. Finally list the drives using `df -h` ``` ac-openbsd# df -h Filesystem Size Used Avail Capacity Mounted on /dev/sd0a 24.2G 1.4G 21.6G 7% / /dev/sd1c 48.4G 2.0K 46.0G 1% /mnt/test1 ``` /dev/sdc1c at /mnt/test1 has been added ## OpenBSD (Beta) -Self-Install ### Build Instance 1. Login to the Web Portal with a valid American Cloud account 2. On the left navigation column choose 'Cloud Compute' 3. Click on "Create an Instance" select your "Project" and click "Proceed" 4. Select your location and network. Under "Choose Server Image" select "Other Services" tab and choose "OpenBSD 7.4 Beta" ![](/docs/images/cloud-compute/openbsd-05.png) 5. Choose server size ![](/docs/images/cloud-compute/openbsd-06.png) 6. Click on Review and Deploy once reviewed click on Deploy Now Upon initial boot the American Cloud CMP will show a running status moments before the full boot is complete. By opening the console the boot process can be observed. ### Finalize Install At first build the OpenBSD instances will not be receiving input from the CMP. Therefore, the console should be used to interact with the instance. 1. On the instance overview page launch the console utilizing the console toggle ![](/docs/images/cloud-compute/openbsd-07.png) 2. An initial install page will be displayed. Hit the `enter` key to continue ![](/docs/images/cloud-compute/openbsd-08.png) 3. Select the desired boot mode. This documentation will focus on normal boot mode ![](/docs/images/cloud-compute/openbsd-09.png) While conducting the initial setup options surrounded by "[ ]" are default. 4. Provide keyboard and hostname for the instance. This will be adjusted later in the documentation ``` Welcome to the OpenBSD/amd64 7.4 installation program. (I)nstall, (U)pgrade, (A)utoinstall or (S)hell? I Choose your keyboard layout ('?' or 'L' for list) [default] System hostname? (short form, e.g. 'foo') ac_openbsd ``` 5. Establish the network configuration ``` Available network interfaces are: em0 vlan0. Network interface to configure? (name, lladdr, '?', or 'done') [em0] IPv4 address for em0? (or 'autoconf' or 'none') [autoconf] IPv6 address for em0? (or 'autoconf' or 'none') [none] Available network interfaces are: em0 vlan0. Network interface to configure? (name, lladdr, '?', or 'done') [done] ``` 6. Configure root account information. This documentation is prohibiting-password for ssh login and should be adjusted to fit requirements ``` Password for root account? (will not echo) Password for root account? (again) Start sshd(8) by default? [yes] Do you expect to run the X Window System? [yes] no Change the default console to com0? [no] Setup a user? (enter a lower-case loginname, or 'no') [no] Allow root ssh login? (yes, no, prohibit-password) [no] prohibit-password What timezone are you in? ('?' for list) [US/Eastern] UTC ``` 7. Configure the required disk space. There are several options. This documentation a custom layout is utilized. The disk space was determined by step 5 in the Build Instance section ``` Available disks are: sd0. Which disk is the root disk ('?' for details) [sd0] Encrypt the root disk with a passphrase? [no] Use (W)hole disk MBR, whole disk )G)PT or (E)dit? [whole] Use (A)uto layout, (E)dit auto layout, or create (C)ustom layout? [a] C Label editor (enter '?' for help at any prompt) sd0>a partition to add: [a] offset: [64] size: [104857536] FS type: [4.2BSD] mount point: [none] / ``` 8. Once the drive has been built and mounted utilize the `p` command to review the disk. When satisfied use 'q' to quit and write label ``` sd0*> p sd0*> q Write new label?: [y] ``` 9. Install the sets utilizing the below information ``` Let's install the sets! Location of sets? (cd0 disk http nfs or 'done') [http] HTTP proxy URL? (e.g. 'http://proxy:8080' or 'none') [none] HTTP Server? (hostname, list#, 'done' or '?') [ftp.usa.openbsd.org] Server directory? [pub/OpenBSD/7.4/amd64] ``` 10. Next select sets. Upon initial population all sets will be selected. Use the `-all` command to unselect all and type the desired set names and reboot the instance ``` Select sets by entering a set name, a file name pattern or 'all'. Set name(s)? (or 'abort' or 'done') [done] -all Set name(s)? (or 'abort' or 'done') [done] bsd bsd.rd base74.tgz bsd.mp man74.tgz name(s)? (or 'abort' or 'done') [done] Locations of sets? (cd0 disk http nfs or 'done') [done] Exit to (S)hell, (H)alt or (R)eboot? [reboot] ``` #### Install Cloud init In order for the machine to interact with American Cloud CMP cloud-init is required. Below are the necessary requirements. 1. Install python using 'pkg_add python git`. 2. When prompted, choose option 3: python-3.10.13 ``` vm-play-w-9b186d# pkg_add python git quirks-6.160 signed on 2023-12-14T11:48:02Z Ambiguous: choose package for python a 0: 1: python-2.7.18p11 2: python-3.9.18 3: python-3.10.13 4: python-3.11.5 Your choice: ``` 3. Clone cloud-init using `git clone https://github.com/canonical/cloud-init.git` 4. Navigate to the cloud-init directory using `cd cloud-init/` 5. Using `./tools/build-on-openbsd` install the tools within the cloud-init directory 6. Install the preferred editor using `pkg_add vim` or `pkg_add nano` 7. Edit the rc.local file by running `vim /etc/rc.local` and inserting the below code under line number two. Also, comment out or remove the /usr/local/lib/cloud-init/ds-identify ``` rm -f var/run/.instance-id rm -f var/run/instance-data #/usr/local/lib/cloud-init/ds-identify ``` 8. Edit the cloud.cfg file using the command `vim /etc/cloud/cloud.cfg` to match the below. Ensure to add the datasource_list. ``` # The modules that run in the 'init' stage datasource_list: [ CloudStack ] datasource: CloudStack: {} None: {} # The modules that run in the 'init' stage cloud_init_modules: - seed_random - bootcmd - write_files - [set_hostname, always] - update_hostname - update_etc_hosts - ca_certs - rsyslog - users_groups - ssh # The modules that run in the 'config' stage cloud_config_modules: - ssh_import_id - keyboard - locale - [set_passwords, always] - ntp - timezone - disable_ec2_metadata - [runcmd, always] # System and/or distro specific settings # (not accessible to handlers/transforms) system_info: # This will affect which distro class gets used distro: openbsd # Default user name + that default users groups (if added/used) default_user: name: cloud lock_passwd: False gecos: cloud groups: [sudo, wheel] doas: - permit nopass cloud sudo: ["ALL=(ALL) NOPASSWD:ALL"] shell: /bin/ksh network: renderers: ['openbsd'] ``` 9. Reboot the system The instance can now be managed completely using the American Cloud CMP. This can be tested by changing hostname or password. --- # Kubernetes American Cloud Kubernetes Service (ACKS) ## Accessing Your Kubernetes Cluster via Public IP When deploying a Kubernetes cluster on American Cloud, it's important to understand the differences between the **API Load Balancer IP**, **Source NAT IP**, and your **Ingress Service IP**. ## Common Issue **Error Message:** `403 | ATTEMPT TO READ PROPERTY "NETWORK" ON NULL` **Cause:** This usually occurs when attempting to **port forward the cluster's API Load Balancer IP**, which is reserved for **Kubernetes API access only**. It is **not intended** for use with services deployed inside the cluster. ## Understanding Public IPs in Your Deployment **API Load Balancer IP** `0.0.0.0` – Used only for Kubernetes API access. Shown in the cluster card in the dashboard **Source NAT IP** `0.0.0.0` -Used for outbound traffic from the cluster. Found in the network card > Public IP Addresses **Ingress IP** `0.0.0.1` – For routing public traffic to your services (via nginx, istio, etc.) Retrieved via `kubectl` only ⚠️ *Note:* The **Ingress IP is not shown in the dashboard**. You must use Kubernetes commands to retrieve it. ## Retrieving the Correct Ingress IP Depending on the ingress controller you are using, run one of the following commands: ### If using **NGINX**: ``` bash kubectl get svc -n ingress-nginx ``` ### If using **Istio**: ``` bash kubectl get svc istio-ingressgateway -n istio-system ``` Look for the value under the `EXTERNAL-IP` column — this is the IP you should use to expose your services externally. ## Best Practices - Do **not** attempt to port forward the API Load Balancer or Source NAT IP. - Retrieve your Ingress IP using `kubectl`, since this IP is not currently displayed in the dashboard. - Ensure your ingress service is of type `LoadBalancer`. - Avoid manually adjusting firewall/network rules in the dashboard — these should be controlled via Kubernetes. - Consider using DNS to point to your ingress IP for stable access. ## Example From the dashboard: - **Cluster Name**: `my-k8s-cluster` - **API Load Balancer IP**: `0.0.0.0` - **Source NAT IP**: `0.0.0.0` - **Allocated IPs**: - `0.0.0.0` — Source NAT - `0.0.0.1` — Likely ingress service IP (with FW rules defined) From `kubectl`: ``` bash kubectl get svc istio-ingressgateway -n istio-system ``` Example output: ``` pgsql NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) istio-ingressgateway LoadBalancer 10.96.0.1 0.0.0.1 80:31380/TCP ``` ✅ Use `0.0.0.1` to access your workloads via the ingress controller. ## Kubernetes - Autoscaling ## Instructions to enable Kubernetes Autoscaling. 1. Login to the Web Portal with a valid American Cloud account 2. On the left navigation column choose 'Kubernetes' 3. Choose a cluster to enable autoscale. To create a cluster, [Click Here](https://docs.americancloud.com/hc/docs/articles/1722538069-kubernetes-_-getting-started). ![](/docs/images/kubernetes/autoscaling-01.png) 4. Click on "Scale Kubernetes Cluster" ![](/docs/images/kubernetes/autoscaling-02.png) 5. Toggle on "Enable Auto scaling" and Select the Minimum and Maximum cluster size. ![](/docs/images/kubernetes/autoscaling-03.png) ## Kubernetes - Getting Started Kubernetes, often abbreviated as "K8s", is an open-source container orchestration platform for automating the deployment, scaling, and management of containerized applications. Containers are lightweight, portable, and self-sufficient units that package software and its dependencies, allowing applications to run consistently across different environments. Kubernetes provides a framework for managing containerized applications at scale, abstracting the underlying infrastructure and providing a unified API for managing containers across multiple nodes or clusters of machines. It automates tasks such as container deployment, scaling, load balancing, rolling updates, self-healing, and service discovery, making it easier to deploy and manage containerized applications in production environments. Key components of Kubernetes include the master node, which manages the overall state of the cluster and coordinates tasks, and worker nodes, where containers are deployed and run. Containers are organized into logical units called pods, which are the smallest and simplest units in the Kubernetes object model. Kubernetes also provides declarative configuration through YAML manifests, allowing for version-controlled, reproducible application deployments. Kubernetes has become a popular choice for managing containerized applications due to its flexibility, scalability, and portability. It is widely used in cloud computing environments and has a large ecosystem of extensions, tools, and services that enhance its functionality, making it a leading platform for container orchestration and microservices architectures. ## American Cloud Kubernetes Service American Cloud Kubernetes Service (ACKS) is a fully-managed container service for deploying and managing containerized applications and workloads. First you need to install `kubectl` on your work station to interact with the cluster. ### Install kubectl #### Windows Visit [https://kubernetes.io/docs/tasks/tools/install-kubectl-windows/](https://kubernetes.io/docs/tasks/tools/install-kubectl-windows/) for the most recent Windows release. #### macOS Install via Homebrew: `brew install kubernetes-cli` #### Linux - Download the latest kubectl release: `curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl` - Make the downloaded file executable: `chmod +x ./kubectl` - Move the command into your PATH: `sudo mv ./kubectl /usr/local/bin/kubectl` ### Create an ACKS Cluster 1. Login to the Web Portal with a valid American Cloud account 2. On the left navigation column choose 'Kubernetes' 3. Choose '+ Create Cluster' ![](/docs/images/kubernetes/getting-started-01.png) 4. Fill out the provided creation form which allows for full customization of the new Instance. The following fields are available: #### Cluster Name Provide a custom name to the cluster. If running more that one cluster ensure a naming convention is put in place for easy management ![](/docs/images/kubernetes/getting-started-02.png) #### Select Project Select the appropriate project to add the cluster within ![](/docs/images/kubernetes/getting-started-03.png) #### Select Version Select the version of kubernetes desired ![](/docs/images/kubernetes/getting-started-04.png) Kubernetes license change based off last release and American Cloud will update based off this schedule #### Cluster Location Determine the region to launch the cluster ![](/docs/images/kubernetes/getting-started-05.png) #### Cluster Capacity Select the number of nodes required ![](/docs/images/kubernetes/getting-started-06.png) The node count in Kubernetes refers to the total number of worker nodes that are part of a Kubernetes cluster. Each node in a cluster can run one or more containers, and together, the nodes provide the computing resources necessary to run the containers and execute the tasks defined in Kubernetes manifests, such as Pods, Services, and Deployments. American Cloud provides four pricing pre-configured offerings, Basic, Small, Scale, and Enterprise. Pricing differs based on requirements. #### Enable High Availability (HA) Use the slider to enable or disable HA and sleect the appropiate number of Master Nodes ![](/docs/images/kubernetes/getting-started-07.png) High availability (HA) is a characteristic of a system or application that ensures it remains operational and accessible for users even in the presence of hardware failures, software failures, or other types of disruptions. In the context of Kubernetes, HA refers to the ability of a Kubernetes cluster to continue running and serving containerized applications even when some components or nodes within the cluster experience failures. Pricing for HA depends on the number of nodes added and which plan is selected. Pricing for HA depends on the number of nodes added and which plan is selected. Further explanation on how HA supports operations coming soon! #### SSH Keys Select or add a new SSH key for the kubernetes cluster ![](/docs/images/kubernetes/getting-started-08.png) #### Billing Method Select billing method and/or redeem a coupon. Review all billing information ![](/docs/images/kubernetes/getting-started-09.png) 5. Select 'Create Cluster' ![](/docs/images/kubernetes/getting-started-10.png) ### Access and Download your kubeconfig To access your cluster's kubeconfig, log into your American Cloud account and navigate to Kubernetes under Services. From the Kubernetes page, select the cluster you need the kubeconfig file. You will then be given the option to download the Config File. This will be downloaded to your work station. ![](/docs/images/kubernetes/getting-started-11.png) Open a terminal shell and save your kubeconfig file's path to the $KUBECONFIG environment variable. In the example command, the kubeconfig file is located in the Downloads folder, but you should alter this line with this folder's location on your computer: `export KUBECONFIG=~/Downloads/kube.conf` To view your cluster's nodes using kubectl. `kubectl get nodes` --- # DNS Domain name management and configuration ## DNS Management American Cloud's DNS Manager enables users to manage DNS records for each of their domains directly from the Web Portal. It supports most common DNS record types, including A, AAAA (quad A), CNAME, MX, TXT, NS, SOA, SRV, and CAA. Follow this guide to learn how to start using the DNS Manager. ## Understanding DNS DNS attaches human-readable domain names to machine-usable IP addresses. Instead of needing to know the IP address of the website you are navigating to, you can enter [https://americancloud.com](https://americancloud.com/) for example. ## Register the Domain American Cloud is not a domain registrar but our DNS Manager will work with any domain registrar. For example GoDaddy, BlueHost, HostGator, etc. ## Create the Domain Records Here you set your needed DNS records for a particular domain. 1. Log in to the Web Portal and select Networking. Click the Create under Manage DNS. 2. Click on Add A Domain Now. 3. Select the Project and enter your domain name in the Domain Name field. ![](/docs/images/dns/dns-management-01.png) 4. After clicking Add Domain you will be able to add the records to your domain. ![](/docs/images/dns/dns-management-02.png) ## Add DNS Records DNS records can associate specific domain names with pieces of information, such as a server's IP address. After the domain has been created, you can immediately start adding and editing DNS records for it. See Manage DNS Records for instructions. You can also view each supported DNS record type to learn more about what it does and how to create it. - A and AAA Records - CNAME Records - MX Records - TXT Records - NS Records ![](/docs/images/dns/dns-management-03.png) If you are migrating to American Cloud from another DNS provider, make sure you have added all of the necessary DNS records to DNS Manager before adding American Cloud's name servers to your domain's registrar. ## Use American Cloud's Name Servers Once you are ready, set American Cloud's name servers as the authoritative name servers for your domain. To do this, log in to your domain registrar's control panel and set the name servers for your domain name to the entries below. See the instructions on your domain name registrar's website for more information. - `ns1.americancloud.org` - `ns2.americancloud.org` ![](/docs/images/dns/dns-management-04.png) --- # Load balancing Traffic distribution and high availability ## Load Balancer ## What is a Load Balancer A Load Balancer can be used to help hand out tasks to multiple Compute Instances running the same application, so that one Compute Instance does not become over burdened with the use of the application. You will need to ensure that you have at least two identical Compute Instances capable of fully serving the needs of your users to be able to benefit from and use the Load Balancer. ## Create the Load Balancer Once you have an application that has been deployed on multiple Compute Instances, you are ready to use a Load Balancer. Simple instructions have been provided below. 1. Log in to the Web Portal, select Networking, and click Create Load Balancer. 2. Select the location of your Load Balancer and select your Project. 3. Choose your Network. ![](/docs/images/load-balancing/load-balancer-01.png) 4. Select your Compute instance. 5. Set your Forwarding Rules, use the + ADD NEW RULE to add more forwarding rules. 6. Select your Protocol and Algorithm. 7. Enter a unique name or leave the auto generated name for your Load Balancer. 8. Review your information and click Create Load Balancer. ![](/docs/images/load-balancing/load-balancer-02.png) --- # Block storage Persistent SSD storage volumes and snapshots ## Block Storage Block Storage Volumes are persistent storage devices that can be attached to a Compute Instance and used to store any type of data. They are especially useful for storing website files, databases, media, backups, and much more. To get started with Block Storage, create a Volume using the guide below. 1. Log in to the Web portal with the username and password created when signing up. 2. On the left navigation column choose 'Block Storage' 3. In the Block Storage header window choose 'Create Block Storage' 4. Fill out the provided creation form which allows for full customization of the new Block Storage. The following fields are available: ## Select Project Choose the project for the block storage volume ## Select Instance Select the instance to create the block storage volume for ## Name Volume Create a custome name for the block storage volume that is easily identifiable. ## Select Volume Size Choose between seven pre-built volume sizes. ## Configuration American Cloud will attach the volume but allow manual format and mounting of the volume ## Billing Method Select the desired billing method. If a coupon is redeemable select the coupon. Review all billing information. ![](/docs/images/block-storage/block-storage-01.png) 5. Select 'Create Block Storage' ## Attach/Detach Block Storage Once a Block Storage Volume has been created, it can be attached to any Compute Instance in the same region. Since Volumes are external device, they are portable and can be attached and detached to Compute Instances as needed. Once attached, the device is assigned to an available block device (such as /dev/sdc) on a Compute Instance's Configuration Profile and has its own path in your instance's file system. When attaching and detaching a Volume, additional internal configuration is needed to create a file system (if one hasn't already been created), mount or unmount the Volume, and automatically mount the Volume at system boot. - Attach and Detach Existing Volumes - Configure a Volume on a Compute Instance When a Volume is attached to a Compute Instance, you can log in to that instance and access the Volume's data through its mount point. For instance, if the Volume was mounted in /mnt/volume/, you can navigate to that directly to view any files stored on that Volume. You can also use that directory when integrating your Volume with any software or tooling you might employ. ## Manage Block Storage 1. Log in to the Web portal with the username and password created when signing up. 2. On the left navigation column choose 'Block Storage' 3. On the Block Storage header tab choose 'Manage' 4. Select the Volume to Manage ### Overview Three options are available. Attach/detach instance, snapshot, and deletion. ### Attach/detach Instance ![](/docs/images/block-storage/block-storage-02.png) This allows for an instance to attached as well as detached from an volume ### Snapshot ![](/docs/images/block-storage/block-storage-03.png) When executed, a snapshot will be taken of the block storage volume. ### Destroy ![](/docs/images/block-storage/block-storage-04.png) Allows for the destruction/erase of the volume ## Snapshots Snapshots will be stored within the block storage Snapshots section. To navigate to, on the navigation pane to the left scroll down to and select 'Snapshots'. ![](/docs/images/block-storage/snapshots-01.png) Easily manage snapshots with our snapshots section. Here you can revert or delete snapshots freely. ![](/docs/images/block-storage/snapshots-02.png) --- # Object storage S3-compatible object storage (A2 Storage) ## A2 Object Storage Object storage is a type of data storage architecture that stores data as discrete objects, each with a unique identifier, rather than using a hierarchical file system like traditional file storage. Each object in object storage can contain data of any size or format, such as documents, images, videos, or other unstructured data. Object storage is highly scalable, durable, and accessible over the network, making it suitable for storing large amounts of data in a distributed and cost-effective manner. Object storage typically uses a simple interface, such as Representational State Transfer (REST) or Simple Storage Service (S3) API, for accessing and managing objects. Objects are stored in a flat address space, often referred to as a "bucket," and are identified using a unique object key or URL. Object storage can be used for a wide range of use cases, such as backup and restore, data archiving, content delivery, big data analytics, and cloud-based applications. Some key features of object storage include: - **Scalability**: Object storage is designed to scale horizontally and can handle a virtually unlimited amount of data. As data grows, more storage capacity can be added seamlessly without disrupting access to existing objects. - **Durability**: Object storage is designed for high data durability, with multiple copies of objects stored across multiple locations or nodes, ensuring data integrity and protection against hardware failures or data corruption. - **Accessibility**: Objects in object storage can be accessed over the network using standard APIs, making them easily accessible from anywhere, at any time, using different devices or platforms. - **Metadata and Custom Metadata**: Object storage allows for associating metadata, which are key-value pairs, with objects. This metadata can be used for indexing, searching, and managing objects. Custom metadata can also be used to store application-specific information with objects. - **Data Lifecycle Management**: Object storage often provides features for data lifecycle management, such as automated data retention policies, versioning, and expiration policies, allowing for efficient data management and compliance with data retention requirements. - **Cost-Effectiveness**: Object storage is typically designed with a cost-effective approach, as it uses commodity hardware and can be easily scaled, making it suitable for storing large amounts of data economically. Object storage has gained popularity in modern data storage architectures due to its scalability, durability, accessibility, and cost-effectiveness. It is commonly used in cloud storage services, data backup and archiving solutions, and big data analytics platforms, among others, to efficiently manage and store large volumes of unstructured data. `YOUR_TENANT_ID` is needed to use the URL to view and access the Object Storge in a browser, [https://a2-west.americancloud.com/aca2storage7903:acbucket01](https://a2-west.usacld.net/aca2storage7903:acbucket01). ![](/docs/images/object-storage/a2-object-storage-01.png) ## Create Object Storage 1. Login to the Web Portal with a valid American Cloud account 2. On the left navigation column choose 'Object Storage' 3. On the Object Storage screen choose 'Create A2 Storage Unit' 4. Fill out the provided creation form which allows for full customization of A2 Object Storage. The following fields are available: ### Location This field provides the ability to choose which geographic region the instance will reside. ### Select Project Select the project which to build Object Storage ### Object Storage Name Naming convention follows A2 protocol. Give a custom name to the Storage Plan. Keep in mind if running multiple plans a standard naming resolution is recommended for easy tracking ### Select Volume Size American Cloud offers a standard 1000 buckets. However, size volume is based off needs of the customer. Standard sizes are 250GB, 500GB, 1TB, 1.5TB, 2TB, 2.5TB, and 5TB. Select the desired size based off needs ### Billing Method For object storage monthly billing only is available. Select any coupons to redeem. Review summarized price - Select 'Create Object Storage' ![](/docs/images/object-storage/a2-object-storage-02.png) ## Create Bucket Object storage buckets are logical containers or directories used to organize and store objects in an object storage system. Similar to a folder in a traditional file system, a bucket acts as a top-level container that holds objects, which are individual data entities such as files, images, videos, or other unstructured data. To create a bucket within American Cloud's CMP follow the steps below: 1. Login to the Web Portal with a valid American Cloud account 2. On the left navigation column choose 'Object Storage' 3. Select the object storage plan to create the bucket within 4. Select 'Create Bucket' 5. Enter the unique bucket name ### Bucket Name Provide a unique name for the bucket ![](/docs/images/object-storage/a2-object-storage-03.png) ### Create Bucket ![](/docs/images/object-storage/a2-object-storage-04.png) - The bucket will now be created ## Object Storage Management 1. Login to the Web Portal with a valid American Cloud account 2. On the left navigation column choose 'Object Storage' 3. Select the Object Storage Profile to manage and select '#name'. 4. Within the profile select 'Settings' ### Settings A list of settings will be available. Storage, change plan, and keys ![](/docs/images/object-storage/a2-object-storage-05.png) ### Storage This section provides a detailed explanation of resources used and remaining ![](/docs/images/object-storage/a2-object-storage-06.png) ### Change Plan In the event more space is required. American Cloud provides the ability to change the plan. If upgrade is neccessary select the required memory in the drop down. ![](/docs/images/object-storage/a2-object-storage-07.png) > **Note:** Downgrading is currently not supported. Shrinking the hard disk is not possible without risking data loss. ### Keys In order to connect via s3cmd the access and secrect are required. In this section we can copy, reveal, or regenerate the keys. ![](/docs/images/object-storage/a2-object-storage-08.png) For more information on s3cmd, [Click Here](https://docs.americancloud.com/hc/docs/articles/1722539625-s3cmd-simple-storage-service-command-line-tool-and-api). ## Upload files 1. Login to the Web Portal with a valid American Cloud account 2. On the left navigation column choose 'Object Storage' 3. In 'A2 Storage Unit' select the desired Object Storage to manage 4. Select the desired bucket to upload to 5. On the following page select 'upload' ### Upload Once selected a popup will present for selection of the file to uploaded. Select file and open. The file will be added to the desired bucket. ![](/docs/images/object-storage/a2-object-storage-09.png) For further explanation on using s3cmd to upload files, [Click Here.](https://docs.americancloud.com/hc/docs/articles/1722539625-s3cmd-simple-storage-service-command-line-tool-and-api#add-files) ## Managing Files 1. Login to the Web Portal with a valid American Cloud account 2. On the left navigation column choose 'Object Storage' 3. On the A2 Object Units select the Storage to manage 4. Select the bucket to manage ### Select Action Pane Within the Action Pane, on the far right, are several options per file. Permissions, Download, Rename, Delete, Unsigned URL, and Pre-Signed URL ![](/docs/images/object-storage/a2-object-storage-10.png) ### Permission Select between private read or public read for extra security on files ### Download Quickly download a file from the American Cloud CMP to the local machine ### Rename Manage naming conventions by naming files for fast and easy identification ### Delete Quickly and easily remove unwanted files from a bucket ### Unsigned URL ### Pre-signed URL --- # Networking VPCs, firewalls, ACLs, and VPN configuration ## Access Control Lists (ACLs) ## Understanding Access Control Lists (ACLs) Access Control Lists (ACLs) are an integral part of networking and are used to control access to network resources. ACLs are essentially a list of permissions that specify which networks and protocols are allowed or denied access to the network it is applied to. Properly configuring ACLs, can prevent unauthorized access, reduce the risk of network security incidents, and maintain the confidentiality, integrity, and availability of network resources. ACLs are only available when using a Virtual Private Cloud (VPC) ## To create a custom ACL follow the below steps: 1. Login to the Web Portal with a valid American Cloud account. 2. On the left navigation column choose 'Networking'. 3. Select an already created VPC. If no VPC is present [Click Here](https://docs.americancloud.com/hc/docs/articles/1722538155-networking-offerings) to create a VPC. ![](/docs/images/networking/access-control-lists-acls-01.png) 4. Once the VPC is selected, click on'Settings'. 5. Choose 'Network ACL Lists'. 6. Choose '+Add network ACL list'. ![](/docs/images/networking/access-control-lists-acls-02.jpeg) 7. Enter a unique name for the ACL under 'ACL List name'. 8. Enter a description for the ACL under 'Description'. 9. Click on 'ADD ACL' to create the new ACL. ![](/docs/images/networking/access-control-lists-acls-03.png) 10. Select the newly created ACL list and click '+ Add ACL Rule'. ![](/docs/images/networking/access-control-lists-acls-04.jpeg) 11. Fill out the below fields to create the new ACL rule. ## Rule Number Rule numbers are used to prioritize and order the rules within an Access Control List, with lower numbers taking precedence over higher numbers. ## CIDR list CIDR list is a method used to specify a range of IP addresses in a concise manner to control access to network resources. ## Action Action is used to define whether the ACL rule is allowing or denying connection. - Allow - Deny ## Protocol Protocol is referring to network protocols which can be used to define the type of connection being allowed or denied in the ACL rule. Choosing the different protocol options will expand other fields to be filled out. See the additional fields under the below protocols. ### All Choosing 'All' will allow or deny all network protocols for the ACL rule. ### TCP TCP is a communication protocol that provides reliable, ordered, and error-checked delivery of data between applications over IP networks. - Start Port: This is where the network traffic originates. - End Port: This is the destination of the network traffic. ### UDP UDP is a connectionless communication protocol that allows for the exchange of datagrams between applications over IP networks without requiring a dedicated connection. - Start Port: This is where the network traffic originates. - End Port: This is the destination of the network traffic. ### ICMP ICMP is a network protocol used to send error messages and operational information about network conditions between hosts on an IP network. - ICMP Type - ICMP Code ### Protocol Number Protocol numbers are numerical values that identify the specific network protocol being used for communication, such as TCP, UDP, or ICMP. - End Port - Start Port - End Port - ICMP Type - ICMP Code ## Traffic Type Traffic type is how traffic flow is defined for the ACL rule. - Ingress: Traffic coming into a network - Egress: Traffic going out from a network ## Description Enter a custom description for the ACL rule. ![](/docs/images/networking/access-control-lists-acls-05.png) ## Create and Configure an Elastic Network in American Cloud ## Create The Network - Navigate to [https://app.americancloud.com](https://app.americancloud.com/dashboard) ![](/docs/images/networking/create-and-configure-an-elastic-network-in-01.jpeg) - Click "Networking" ![](/docs/images/networking/create-and-configure-an-elastic-network-in-02.jpeg) - Click "Elastic Network" ![](/docs/images/networking/create-and-configure-an-elastic-network-in-03.jpeg) - Click "+ CREATE ELASTIC NETWORK" ![](/docs/images/networking/create-and-configure-an-elastic-network-in-04.jpeg) - Select the zone in which to build the network. Keeping in mind US-West-0 provides a Premium and Standard cluster where US-West-1 only provides a standard cluster option. Choose based on your compute requirements. - Choose the project of which the network will reside. ![](/docs/images/networking/create-and-configure-an-elastic-network-in-05.jpeg) - **Enter Name**: This field allows for a name to be assigned to the Elastic Network. A unique name is suggested in order to easily differentiate between Elastic Networks, especially in regards to large-scale, multi-network environments. - **Enter Description for Elastic Network**: This field allows for a unique definition of the Elastic Network. - **Gateway**: This field is where to define the default-gateway for the new network. This is what the internal IP address would be on a router or firewall in a traditional network. This is the first-usable address in the IP range (ex. in 10.10.20.0/24, first-usable would be 10.10.20.1). - **Netmask**: This field is for the subnet mask of the IP block based on the desired available IP addresses. Select 'CREATE NETWORK'. ![](/docs/images/networking/create-and-configure-an-elastic-network-in-06.jpeg) - Quick add an instance to the network by selecting the ellipsis menu then "Add Instance". A redirect to instance creation will occur. ![](/docs/images/networking/create-and-configure-an-elastic-network-in-07.jpeg) - View the instances associated with the network by selecting the drop-down arrow. The instances will be depicted as below. ![](/docs/images/networking/create-and-configure-an-elastic-network-in-08.jpeg) ## Manage Public IP Addresses - Manage assigned IP Addresses, Firewall Rules, and Port Forwarding Rules by selecting "Public IP Addresses" from the top menu. ![](/docs/images/networking/create-and-configure-an-elastic-network-in-09.jpeg) - To add a new Firewall rule select "Add Firewall Rule" to the corresponding IP address. ![](/docs/images/networking/create-and-configure-an-elastic-network-in-10.jpeg) - Provide a source CIDR for the Firewall Rule. - Select the protocol required for the new rule. - Provide the protocol specifics ie... start and end port. Select "Add Firewall Rule". ![](/docs/images/networking/create-and-configure-an-elastic-network-in-11.jpeg) - Select "Add Port Forwarding Rule" ![](/docs/images/networking/create-and-configure-an-elastic-network-in-12.jpeg) - Select the VM to add the Port Forwarding Rule to. - Select the protocol for new Port Forwarding Rule. - Identify and input the private start and end ports. Then provide the public start and end ports. These are determined based on your network design. Select "Submit" ![](/docs/images/networking/create-and-configure-an-elastic-network-in-13.jpeg) - The newly created Firewall and Port Forwarding Rules will be displayed in the associated tables below the IP Address. ![](/docs/images/networking/create-and-configure-an-elastic-network-in-14.jpeg) - To delete a rule simply select "Delete Rule" on the associated rule. On the warning/last chance block select "Delete Firewall Rule" to proceed. ![](/docs/images/networking/create-and-configure-an-elastic-network-in-15.jpeg) - American Cloud provides the ability to acquire new IP addresses based on customer's needs. The acquisition of a new IP address cost a standard $1 a month. To acquire select "+ Acquire New IP" in the upper right corner. ![](/docs/images/networking/create-and-configure-an-elastic-network-in-16.jpeg) - In the popup select "Add IP" ![](/docs/images/networking/create-and-configure-an-elastic-network-in-17.jpeg) - Should a requirement for static nat be necessary select "Enable Static NAT" under the associated IP address. ![](/docs/images/networking/create-and-configure-an-elastic-network-in-18.jpeg) - From the drop-down select the VM to enable static nat for. Then select "Enable Static Nat". ![](/docs/images/networking/create-and-configure-an-elastic-network-in-19.jpeg) - Confirm the static nat IP address from the network overview page. ![](/docs/images/networking/create-and-configure-an-elastic-network-in-20.jpeg) - To disable static nat select "Disable Static NAT". ![](/docs/images/networking/create-and-configure-an-elastic-network-in-21.jpeg) ## Egress Rules - Navigate to Egress Rules in the top menu. To add a new rule select "+ Add New Rule" in the top right. ![](/docs/images/networking/create-and-configure-an-elastic-network-in-22.jpeg) - Provide the required fields - Source CIDR for the egress rule. - Input the destination CIDR for new rule. - Lastly choose the protocol and the required protocol information. Select "Add Egress Rule" ![](/docs/images/networking/create-and-configure-an-elastic-network-in-23.jpeg) - The newly created egress rule will be added to the table. To remove the egress rule select "Delete Rule". Then in the warning/last chance block select "Delete" to proceed. ![](/docs/images/networking/create-and-configure-an-elastic-network-in-24.jpeg) ## Remote Access VPN - To enable Remote Access VPN. Select "Remote Access VPN" from the top menu. On the remote access vpn page select the slider bar to activate the vpn. Wait while the connection is being made. The vpn will be available when VPN Status reads "running". ![](/docs/images/networking/create-and-configure-an-elastic-network-in-25.jpeg) - Once the VPN is running, the IP and IPSec pre-shared key will be displayed. Remote access VPN's require user credentials. To add users select "+ Add New User". ![](/docs/images/networking/create-and-configure-an-elastic-network-in-26.jpeg) - In the popup provide a username and password for the user. Save the credentials in a safe location and select "Add User". ![](/docs/images/networking/create-and-configure-an-elastic-network-in-27.jpeg) - Once the user has been added wait for an "Active" state. The user can then access the VPN. ![](/docs/images/networking/create-and-configure-an-elastic-network-in-28.jpeg) - To remove a user select the trashcan icon associated with the user. In the warning/last chance block select "Delete" to proceed. ![](/docs/images/networking/create-and-configure-an-elastic-network-in-29.jpeg) - The user will be removed from the table list. To disable the VPN select the slider bar. Wait as the VPN is disconnected. Once disabled the VPN Status will read "Disabled". ![](/docs/images/networking/create-and-configure-an-elastic-network-in-30.jpeg) ## Create/Manage a Virtual Private Cloud Network A VPC is a private, isolated section of a public cloud that provides a secure and customizable environment for deploying and managing resources. It allows you to control your network configuration, including IP address ranges, subnets, and security settings. VPCs are often used to create a private network within a public cloud, offering enhanced security and flexibility. Key features of a VPC include: - **Isolation**: VPCs are logically isolated from other networks in the public cloud, ensuring that your resources are private and secure. - **Customization**: You can define custom IP address ranges, create subnets, and set up network access control lists (ACLs) and security groups. - **Scalability**: VPCs can scale on demand, allowing you to add or remove resources as needed. - **Connectivity**: VPCs can be connected to on-premises data centers via secure connections like VPN or Direct Connect. - **Security**: VPCs offer robust security features, including network ACLs, security groups, and encryption. This ability to subnet the primary VPC provides the flexibility to create as complex of a networking scheme as needed, with the same functionality and segmentation that a traditional subnetted design would provide. ## Create The VPC - Navigate to [https://app.americancloud.com](https://app.americancloud.com/project) ![](/docs/images/networking/createmanage-a-virtual-private-cloud-network-01.jpeg) - Select "Networking" from the left navigation pane. ![](/docs/images/networking/createmanage-a-virtual-private-cloud-network-02.jpeg) - Select "+ CREATE VPC NETWORK" ![](/docs/images/networking/createmanage-a-virtual-private-cloud-network-03.jpeg) - Determine the zone to create the VPC in. Keeping in mind the premium cluster resides in US-West-0 and only standard clusters reside within US-West-1. ![](/docs/images/networking/createmanage-a-virtual-private-cloud-network-04.jpeg) - Select a project to create the VPC in. ![](/docs/images/networking/createmanage-a-virtual-private-cloud-network-05.jpeg) - Select the IP Address Range Prefix. This is a manual input based on your networking needs and design. - Determine the network size based off network design and planning. Take into consideration the number of networks necessary for your environment. - Name the VPC based off a naming convention of your choosing. - VPC description can be anything that supports the environmental design and navigation. - Lastly, choose the between monthly or hourly billing method. A VPC will cost a standard $12 a month. ![](/docs/images/networking/createmanage-a-virtual-private-cloud-network-06.jpeg) - Select "CREATE VPC" ![](/docs/images/networking/createmanage-a-virtual-private-cloud-network-07.jpeg) - "Hold on! Creating VPC network. Might take a few minutes..." will appear top of the screen while the VPC is being created. ![](/docs/images/networking/createmanage-a-virtual-private-cloud-network-08.jpeg) Tip: A VPC will NOT delete itself. Therefore, if you wish to destroy and not pay for a VPC you must manually delete. ## Create The Network - Once the VPC is created we must add an internal network to being building our environment. Select "+ ADD NETWORK". ![](/docs/images/networking/createmanage-a-virtual-private-cloud-network-09.jpeg) - Enter a name based off your naming convention for networks within the VPC. - Select the desired Network Offering. - **Source NAT** - This service enables the virtual router's public IP address to be applied to outgoing network traffic. This is the standard for local nodes to access the internet. - **External (Public) load-balancing** - This service redirects all traffic to a public IP address of a virtual router to other network routers. - **Internal (Private) load-balancing** - This service enables traffic entering the network to be balanced across different VMs within the network itself. - Determine the gateway for the network based on the VPC settings and network design. This field is where to define the default-gateway that will be for the new network. This is what the internal IP address would be on a router or firewall in a traditional network. Typically this is the first- or last-usable address in an IP range (ex. in 10.10.20.0/24, first-usable would be 10.10.20.1; last-usable would be 10.10.20.254). - Establish the Netmask required for the network. - You can assign an external id for the network. This allows the creation of tags to the new network. - Select the default ACL. This field provides the ability to assign a default 'permit-all (default_allow)' or 'deny-all (default_deny)' rule for the new network. Individual exceptions can be configured within the VPC. Select "CREATE NETWORK" ![](/docs/images/networking/createmanage-a-virtual-private-cloud-network-10.jpeg) - An instance can quickly be added to the network by selecting the three dots on the corresponding network. Then selecting "Add Instance". ![](/docs/images/networking/createmanage-a-virtual-private-cloud-network-11.jpeg) Tip: For more information on creating an instance [Click Here](https://docs.americancloud.com/hc/docs/articles/1722537204-cloud-compute). - By selecting the drop-down arrow we can list the Instances running in the network. ![](/docs/images/networking/createmanage-a-virtual-private-cloud-network-12.jpeg) ## Public IP Addresses - Select "Public IP Addresses" from the top menu. ![](/docs/images/networking/createmanage-a-virtual-private-cloud-network-13.jpeg) - Add a port forwarding rule by selecting "Add Port Forwarding Rule" on the corresponding IP Address and VM which can be identified in the far left. Already created or active PF rules will be listed below the IP table. ![](/docs/images/networking/createmanage-a-virtual-private-cloud-network-14.jpeg) - Create a rule: - Select the VM to add the rule to. - Select the network for the rule. - Select between TCP or UDP protocols. - Add a start and end private port - Then select the start and end public port. Click "Submit" ![](/docs/images/networking/createmanage-a-virtual-private-cloud-network-15.jpeg) - The newly created rule will be listed in the active rule table as depicted below. ![](/docs/images/networking/createmanage-a-virtual-private-cloud-network-16.jpeg) - To delete a PF rule simply select "Delete Rule". A warning block/last chance block will be presented. To proceed with the deletion select "Delete Port Forwarding Rule". ![](/docs/images/networking/createmanage-a-virtual-private-cloud-network-17.jpeg) - If another IP Addresses is needed select "+ Acquire New IP". ![](/docs/images/networking/createmanage-a-virtual-private-cloud-network-18.jpeg) - Select the Network to add the ip to. A additional ip will cost $1 a month. Select "Add IP" ![](/docs/images/networking/createmanage-a-virtual-private-cloud-network-19.jpeg) - The newly acquired ip will be listed in the ip table. To enable the ip as a static nat for a VM select "Enable Static NAT". ![](/docs/images/networking/createmanage-a-virtual-private-cloud-network-20.jpeg) - Select the network and vm to assign static nat to. Select "Enable Static Nat". ![](/docs/images/networking/createmanage-a-virtual-private-cloud-network-21.jpeg) - By listing the instances within the Network, you can see the static nat for the IP has been enabled. ![](/docs/images/networking/createmanage-a-virtual-private-cloud-network-22.jpeg) - To disable static nat for the vm select "Disable Static NAT". A warning/last chance block will appear select "Disable Static NAT" to proceed. ![](/docs/images/networking/createmanage-a-virtual-private-cloud-network-23.jpeg) - After disabling static nat, if the IP is no longer required, you can release the IP by selecting "Release IP". A warning/last chance block will appear select "Release IP" to proceed. ![](/docs/images/networking/createmanage-a-virtual-private-cloud-network-24.jpeg) - The table will update and show the IP no longer present. This will end your $1 a month requirement for the IP. ![](/docs/images/networking/createmanage-a-virtual-private-cloud-network-25.jpeg) ## Manage ACL - From the top menu tree select "ACL Lists". ![](/docs/images/networking/createmanage-a-virtual-private-cloud-network-26.jpeg) - To create and manage a custom ACL List select "+Add network ACL list". ![](/docs/images/networking/createmanage-a-virtual-private-cloud-network-27.jpeg) - Provide a name for the list and brief description of your choosing then select "Add ACL" ![](/docs/images/networking/createmanage-a-virtual-private-cloud-network-28.jpeg) - The newly created list will be added to the Network ACL Lists table. ![](/docs/images/networking/createmanage-a-virtual-private-cloud-network-29.jpeg) - Once the ACL is created we can add rules by selecting "+ Add ACL Rule". ![](/docs/images/networking/createmanage-a-virtual-private-cloud-network-30.jpeg) - **Rule Number:** Rule numbers are used to prioritize and order the rules within an Access Control List, with lower numbers taking precedence over higher numbers. - **CIDR List:** Is a method used to specify a range of IP addresses in a concise manner to control access to network resources. - **Action:** Action is used to define whether the ACL rule is allowing or denying connection. - Allow - Deny - **Protocols:** Protocol is referring to network protocols which can be used to define the type of connection being allowed or denied in the ACL rule. Choosing the different protocol options will expand other fields to be filled out. See the additional fields under the below protocols. - **All**: Choosing 'All' will allow or deny all network protocols for the ACL rule. - **TCP**: TCP is a communication protocol that provides reliable, ordered, and error-checked delivery of data between applications over IP networks. - Start Port: This is where the network traffic originates. - End Port: This is the destination of the network traffic. - **UDP**: UDP is a connectionless communication protocol that allows for the exchange of datagrams between applications over IP networks without requiring a dedicated connection. - Start Port: This is where the network traffic originates. - End Port: This is the destination of the network traffic. - **ICMP**: ICMP is a network protocol used to send error messages and operational information about network conditions between hosts on an IP network. - ICMP Type - ICMP Code - **Protocol Number:** Protocol numbers are numerical values that identify the specific network protocol being used for communication, such as TCP, UDP, or ICMP. - End Port - Start Port - End Port - ICMP Type - ICMP Code Select "Add ACL" ![](/docs/images/networking/createmanage-a-virtual-private-cloud-network-31.jpeg) - Click here. ![](/docs/images/networking/createmanage-a-virtual-private-cloud-network-32.jpeg) - To delete the rule simply select the trash can icon associated with the rule. A warning/last chance block will present itself. Select "Delete" to proceed with the deletion. ![](/docs/images/networking/createmanage-a-virtual-private-cloud-network-33.jpeg) - The rule will be removed from the rule table. ![](/docs/images/networking/createmanage-a-virtual-private-cloud-network-34.jpeg) - To delete the ACL List simply select the corresponding trash can icon. A warning/last chance block will present itself. Select "Delete" to proceed. ![](/docs/images/networking/createmanage-a-virtual-private-cloud-network-35.jpeg) - The ACL list will be removed from the table. ![](/docs/images/networking/createmanage-a-virtual-private-cloud-network-36.jpeg) ## Remote Access VPN - Remote access VPN's enables individual users to connect to a private network from various locations. Remote access VPNs require setup on each client and each user must initiate the tunnel setup. Remote access VPNs are ideal for remote employees needing secure access to a corporate network - From the top menu select "Remote Access VPN" ![](/docs/images/networking/createmanage-a-virtual-private-cloud-network-37.jpeg) - Select the slider bar to activate the VPN connection. ![](/docs/images/networking/createmanage-a-virtual-private-cloud-network-38.jpeg) - Once activated the VPN status will read "Running" and display the IPSec pre-shared key needed for connection. ![](/docs/images/networking/createmanage-a-virtual-private-cloud-network-39.jpeg) - Next users must be added. Select "+ Add New User" ![](/docs/images/networking/createmanage-a-virtual-private-cloud-network-40.jpeg) - Provide a Username and Password for the user. Then store in a secure location for sharing. Select "Add User" ![](/docs/images/networking/createmanage-a-virtual-private-cloud-network-41.jpeg) - The user will be added and show an active state. ![](/docs/images/networking/createmanage-a-virtual-private-cloud-network-42.jpeg) - If that user is no longer needed. Remove it by selecting the trashcan icon associated with the user and select delete in the warning/last chance block. ![](/docs/images/networking/createmanage-a-virtual-private-cloud-network-43.jpeg) - If the VPN connection is no longer required, simply select the slider bar. This will deactivate the VPN connection. ![](/docs/images/networking/createmanage-a-virtual-private-cloud-network-44.jpeg) Tip: For further information creating a VPN on the local host [Click Here](https://docs.americancloud.com/hc/docs/articles/1722538410-remote-access-vpn). ## Creating a VPN Customer Gateway - Navigate to [https://app.americancloud.com](https://app.americancloud.com/network/vpc/e0218977-ea43-4a94-ad85-1dc19efa13d7) ![](/docs/images/networking/creating-a-vpn-customer-gateway-01.jpeg) - Select "Networking" ![](/docs/images/networking/creating-a-vpn-customer-gateway-02.jpeg) - Select "VPN Customer Gateway" from the top menu. ![](/docs/images/networking/creating-a-vpn-customer-gateway-03.jpeg) - Select "+ Add VPN Customer Gateway" ![](/docs/images/networking/creating-a-vpn-customer-gateway-04.jpeg) - **Name** - Input a custom name for the Gateway **Project** - Select the project for the Gateway to reside ## Gateway - Select the public IP address for the Gateway. This should be the public IP of the distant network. Possibly a Firewall device. ## CIDR List - In the context of a gateway, a CIDR list can be used to define the range of IP addresses that are allowed to communicate through the gateway. This can be used as a security measure to restrict access to a network or to specify the range of IP addresses that are allowed to connect to a VPN. The CIDR list can be configured on the gateway device or in the cloud-based network infrastructure to enforce these restrictions. - Select the CIDR List preferred ## IPSEC Pre-shared Key - IPsec (Internet Protocol Security) Pre-shared key (PSK) is a method of authentication used to establish a secure and encrypted communication channel between two devices over a network. PSK is a shared secret key between the two devices that is used to encrypt and decrypt data passing through the communication channel. This method of authentication is commonly used in VPN (Virtual Private Network) connections, where the PSK is shared between the VPN client and server to establish a secure connection. - There are several online tools that generate keys or OPENSSL can be used on the local machine to generate an IPSEC PSK by running: `openssl rand -base64 24` - Create a PSK and add ![](/docs/images/networking/creating-a-vpn-customer-gateway-05.jpeg) - **IKE Encryption** - Internet Key Exchange (IKE) is a protocol used to establish a secure and encrypted connection between two devices in a VPN (Virtual Private Network). Encryption in IKE is used to protect the exchange of security parameters and shared secrets during the establishment of the VPN connection. IKE uses various encryption algorithms, such as AES, DES, and 3DES, to encrypt and protect data transmitted between the devices, ensuring confidentiality, integrity, and authenticity of the data being transmitted. - Input the chosen encryption type ## IKE Hash - Internet Key Exchange (IKE) hash is a cryptographic function used to ensure the integrity of data transmitted between two devices in a VPN (Virtual Private Network) connection. The hash function generates a fixed-size message digest from the input data, which is used to verify that the data has not been modified or tampered with during transmission. IKE supports several hash algorithms, such as SHA-1, SHA-2, and MD5, that can be used to provide different levels of security and performance in the VPN connection. - Input the chosen hash type ## IKE DH - Internet Key Exchange (IKE) Diffie-Hellman (DH) is a key exchange protocol used to establish a shared secret key between two devices in a VPN (Virtual Private Network) connection. DH is used to generate a shared secret key without exchanging the key directly, thus protecting the key from interception. IKE supports various DH groups, such as DH Group 1, 2, 5, 14, 19, 20, 24, etc., that offer different levels of security and performance in the VPN connection. - Input the chosen DH Group ## IKE Version - Internet Key Exchange (IKE) Version is the version of the IKE protocol used to establish a secure and encrypted connection between two devices in a VPN (Virtual Private Network). IKE has undergone several revisions, with each version introducing new features and improvements to the protocol. IKE versions include IKEv1 and IKEv2, with IKEv2 being the most recent version. IKEv2 offers improved security, efficiency, and flexibility over IKEv1, making it the preferred choice for many VPN implementations. - Input the chosen version ## ESP Encryption - Encapsulating Security Payload (ESP) is a protocol used to provide encryption and authentication of data transmitted between two devices in a VPN (Virtual Private Network) connection. ESP encrypts the payload of IP packets, ensuring confidentiality, integrity, and authenticity of the data being transmitted. ESP supports various encryption algorithms, such as AES, DES, and 3DES, that can be used to provide different levels of security and performance in the VPN connection. ESP also provides optional support for data compression and anti-replay protection. - Input the chosen Encryption ## ESP Hash - Encapsulating Security Payload (ESP) hash is a mechanism used to ensure the integrity of data transmitted between two devices in a VPN (Virtual Private Network) connection. The hash function generates a fixed-size message digest from the input data, which is used to verify that the data has not been modified or tampered with during transmission. ESP supports various hash algorithms, such as SHA-1, SHA-2, and MD5, that can be used to provide different levels of security and performance in the VPN connection. - Input the chosen hash ## Perfect Forward Secrecy - Perfect Forward Secrecy (PFS) is a property of cryptographic protocols that ensures that even if the private key of a user is compromised, past communications are still protected. PFS achieves this by generating a new set of public and private keys for each session. This means that even if an attacker gains access to the private key, they will not be able to decrypt previously encrypted messages, providing an additional layer of security to the communication. PFS is commonly used in VPN (Virtual Private Network) and secure messaging protocols. - Input the chosen perfect forward secrecy ![](/docs/images/networking/creating-a-vpn-customer-gateway-06.jpeg) - **IKE Lifetime** - Internet Key Exchange (IKE) lifetime refers to the duration for which the security associations (SA) established during IKE negotiations are valid. An SA is a security mechanism used to ensure the confidentiality, integrity, and authenticity of data transmitted between two devices in a VPN (Virtual Private Network) connection. IKE lifetime can be set by the VPN administrator, and the duration can vary from a few minutes to several hours, depending on the security requirements and network conditions. Once the IKE lifetime expires, the devices renegotiate a new SA to ensure continued secure communication. - Input the chosen lifetime ## ESP Lifetime - Encapsulating Security Payload (ESP) lifetime is the duration for which the encryption and authentication keys used by ESP to secure data transmitted between two devices in a VPN (Virtual Private Network) connection are valid. The ESP lifetime is defined by the VPN administrator and can vary from a few minutes to several hours, depending on the security requirements and network conditions. Once the ESP lifetime expires, the devices renegotiate new keys to ensure continued secure communication. The ESP lifetime can be configured to balance the security and performance requirements of the VPN connection. - Input the chosen lifetime ## Dead Peer Detection - Dead Peer Detection (DPD) is a mechanism used in VPN (Virtual Private Network) connections to detect if one of the peers has become unreachable or unresponsive. DPD monitors the state of the VPN connection and sends periodic requests to the remote peer to confirm its availability. If the peer fails to respond to the requests, the DPD mechanism considers it dead and initiates a new negotiation to establish a new VPN connection. DPD helps to ensure continuous availability and reliability of VPN connections. - Toggle disabled/enabled (Disabled by default) ## Split Connections - Split tunneling is a feature of VPN (Virtual Private Network) connections that allows some traffic to be sent through the VPN tunnel while other traffic is sent directly to the internet. With split tunneling, only the traffic destined for the corporate network is sent through the VPN tunnel, while other traffic, such as browsing the internet, is sent directly to the internet. Split tunneling can reduce the load on the VPN connection and improve the performance of internet-based applications. However, it can also pose security risks, as it can allow unencrypted traffic to bypass the VPN tunnel. - Toggle disabled/enabled (Disabled by default) ## Force UDP Encapsulation of ESP Packets - Force UDP encapsulation of Encapsulating Security Payload (ESP) packets is a technique used in VPN (Virtual Private Network) connections to improve the reliability and efficiency of the ESP protocol over networks that may block or interfere with ESP traffic. By encapsulating the ESP packets within User Datagram Protocol (UDP) packets, the VPN connection can bypass network restrictions and ensure that the ESP traffic is not dropped or modified. The UDP encapsulation can also provide additional security features, such as authentication and anti-replay protection. - Toggle disabled/inabled (Disabled by default) **Select 'ADD VPN GATEWAY** ![](/docs/images/networking/creating-a-vpn-customer-gateway-07.jpeg) - The new gateway will be added to the table. To copy the IPSec preshared-key select the copy icon on the right. Use the trashcan icon to delete the gateway if necessary. ![](/docs/images/networking/creating-a-vpn-customer-gateway-08.jpeg) ## Create Site-To-Site Tip: For more information on creating a VPC, see our [VPC Creation Doc](https://docs.americancloud.com/hc/docs/articles/1722538155-networking-offerings). - Select "VPC" from the top menu. ![](/docs/images/networking/creating-a-vpn-customer-gateway-09.jpeg) - Select the desired VPC network for adding the site-to-site VPN. ![](/docs/images/networking/creating-a-vpn-customer-gateway-10.jpeg) - In the top menu select "Site-to-site VPN" ![](/docs/images/networking/creating-a-vpn-customer-gateway-11.jpeg) - Select the slider bar to activate the site-to-site VPN. Once the VPN is running select "+ Create VPN Connection". ![](/docs/images/networking/creating-a-vpn-customer-gateway-12.jpeg) - In the drop-down select the customer gateway to be used during the connection creation and select "Create VPN Connection" ![](/docs/images/networking/creating-a-vpn-customer-gateway-13.jpeg) - The connection will show in the table below. The state of the connection will change from Pending -> Connecting -> Connected. This process usually takes only a few moments. If failures occur check accuracies on both ends of the connection. ![](/docs/images/networking/creating-a-vpn-customer-gateway-14.jpeg) ## Firewall A firewall is a security mechanism that acts as a barrier between networks, typically between the internet and an internal network. It monitors and filters network traffic based on predefined rules to allow or block specific types of traffic. American Cloud allows self assigned firewall and port forwarding rules. During initial instance launch a few firewall rules will be established as default. These default rules are in place to ensure SSH and CMP graph are operational. To view and create firewall rules follow the following guidelines. ## Adding Firewall Rules Port rules are one of the criteria used by firewalls to control network traffic. Ports are numbered virtual endpoints on a network device that allow different types of data to be transmitted and received. Firewalls can be configured with port rules to allow or block traffic based on the specific ports being used. For example, a firewall may be configured to allow incoming traffic on port 80, which is commonly used for web traffic, while blocking traffic on port 22, which is commonly used for SSH (Secure Shell) access. Port rules are an important aspect of firewall configuration, as they help control the flow of data between networks and protect against unauthorized access or malicious activities. Navigate to Firewall rules: 1. In the navigation pane to the left select 'Cloud Compute' 2. In the list of instances select the desired instance to apply a rule 3. In the tabs select 'Settings' 4. Then in the navigation pane select 'Firewall' ### Default Firewall Rules > **Note:** The default ports opened during instance build. These ports are opened so the American Cloud CMP can communicate with SSH and the graphs presented in the Usage section. ![](/docs/images/networking/firewall-01.jpeg) ### Select Add Firewall Rule To add a firewall rule select 'Add Firewall Rule'. ![](/docs/images/networking/firewall-02.png) ### Provide Specifics Input your Source CIDR, select a protocol, Start Port and End Port. ![](/docs/images/networking/firewall-03.jpeg) Further information on Transfer Protocols coming soon! ### Created - The new firewall rule will be created. ![](/docs/images/networking/firewall-04.jpeg) ### Create Port Forwarding Rule Navigate to Port Forwarding rules: 1. In the navigation pane to the left select 'Cloud Compute' 2. In the list of instances select the desired instance to apply a rule 3. In the tabs select 'Settings' 4. Then in the navigation pane select 'Port Forward' #### Add Port Forward Rule - Select ADD Port Forwarding Rule. ![](/docs/images/networking/firewall-05.png) #### Add Protocol and Port - Add protocol Private Port and Public Port. Select Submit. ![](/docs/images/networking/firewall-06.jpeg) More information on Transfer Protocols coming soon! #### New Rule Creation Now rule will be created. ![](/docs/images/networking/firewall-07.jpeg) ### Delete Firewall/Port Forwarding Rules To delete a rule simply navigate to firewall or port forwarding rules as previously described. Identify rule needing deletion and select "Delete Rule". In the warning/last chance block confirm deletion to continue. ![](/docs/images/networking/firewall-08.jpeg) ## Remote Access VPN Setup for VPC 1. Log in to the Web Portal and select Networking. Under the VPC tab, select your VPC. If no VPC is created please, [Click Here](https://docs.americancloud.com/hc/docs/articles/1722538155-networking-offerings). 2. Under the VPC select the Settings tab and click Remote Access VPN. 3. Click the slider to Enable Remote Access VPN. ![](/docs/images/networking/remote-access-vpn-01.png) 4. Once the Remote Access VPN is enabled the IPSec pre-shared key will be automatically generated. 5. Click on + Add New User and on New VPN User popup create username and password. ![](/docs/images/networking/remote-access-vpn-02.png) 6. With the Public IP Address, IPSec pre-shared key, username, and password. The client can be setup. ## Remote Access VPN Setup for Elastic Network 1. Log in to the Web Portal and select Networking. Under the Elastic Network tab, select your Elastic Network. If no Elastic Network is created please, [Click Here](https://docs.americancloud.com/hc/docs/articles/1722538265-elastic-network). 2. Under the Elastic Network select the Settings tab and click Remote Access VPN. 3. Click the slider to Enable Remote Access VPN. ![](/docs/images/networking/remote-access-vpn-03.png) 4. Once the Remote Access VPN is enabled the IPSec pre-shared key will be automatically generated. 5. Click on + Add New User and on New VPN User popup create username and password. ![](/docs/images/networking/remote-access-vpn-04.png) 6. With the Public IP Address, IPSec pre-shared key, username, and password. The client can be setup. ## VPN Connection VIA OS ### MacOS 1. In System Settings, click on Network on the left pane and then click on VPN. ![](/docs/images/networking/remote-access-vpn-05.png) 2. At the bottom right, click Add VPN Configuration dropdown and select L2TP over IPSec. ![](/docs/images/networking/remote-access-vpn-06.png) 3. Fill out the following fields. - Display name: unique name for VPN connection - Server address: Public IP Address of VPC - Account name: VPN username - Shared secret: IPSec pre-shared key 4. Click on Create once created test the connection by trying on the slider. ![](/docs/images/networking/remote-access-vpn-07.png) ### Windows 1. Select Start > Settings > Network & internet > VPN > Add VPN. 2. Under Add a VPN connection, do the following: - For VPN provider, choose Windows (built-in) - In the Connection name box, enter a unique name for VPN connection - In the Server name or address box, enter the Public IP address for the VPN server - For VPN type, select L2TP/IPsec and enter your pre-shared key 3. Select Save 4. To connect to the new VPN connection, select Start > Settings > Network & internet > VPN 5. Next to the VPN connection you want to use, select Connect 6. When prompted, enter your username and password To verify that the VPN is connected look on the VPN settings page, the VPN connection name will display Connected underneath it. In Windows you might need to go into Advanced Options > Edit More VPN Properties > Security Tab > Allow These Protocols > and check "Challenge Handshake Authentication Protocal (CHAP)" If no virtual machine is attached to the Elastic Network the client will fail to connect to the Remote Access VPN. --- # Account Account management, billing, and support ## American Cloud Account Under Account you will be able to manage your American Cloud account which is your gateway to creating and using American Cloud’s products and services. ## Manage Account 1. Login to the Web Portal with a valid American Cloud account 2. On the left navigation column choose 'Account' ![](/docs/images/account/american-cloud-account-01.png) Below is a breakdown of the settings under Account. ## Account Settings ### Personal Information This is the main user who signed up for an American Cloud account. ![](/docs/images/account/american-cloud-account-02.png) ### Contact Information This is the main contact information for the user who signed up for the American Cloud account. ![](/docs/images/account/american-cloud-account-03.png) ### Users This is where users can be managed and added to access the American Cloud account. ![](/docs/images/account/american-cloud-account-04.png) ## Security ### Authentication The main authentication settings including change password, two factor authentication, and trusted device security. ![](/docs/images/account/american-cloud-account-05.png) ### SSH Keys Manage and create new SSH keys for products and services. ![](/docs/images/account/american-cloud-account-06.png) ### KYC Know Your Client (KYC) is used for additional identity documentation which may be needed to use certain features. ![](/docs/images/account/american-cloud-account-07.png) ### Tax Information Used to add tax information for company purposes. ![](/docs/images/account/american-cloud-account-08.png) ## API American Cloud API Use the American Cloud API to build and communicate with different systems. ![](/docs/images/account/american-cloud-account-09.png) Note: To delete your American Cloud account, please email [help@americancloud.io](mailto:support@americancloud.io) and a technician will assist with account deletion. ## Billing Monitor metered resource usage, track outstanding balance, wallet balance, and view hourly, monthly, and yearly usage costs for better cost management in Kubernetes clusters. ## Add Funds Grants full control over the digital wallet by providing the ability to easily input the desired amount and apply it. When making payments, the wallet will be charged first, prior to your credit card on file, providing you with convenient and flexible management of your funds. ![](/docs/images/account/billing-01.png) ## Add Payment Method Facilitates the addition of new payment methods and allows for adjustments to the default method that will be charged for services. This feature provides flexibility in managing your payment options and ensures convenient and customized payment processing according to your preferences. ![](/docs/images/account/billing-02.png) ## Coupon At American Cloud, we occasionally offer promotional discounts to our valued customers. You can redeem these discounts by entering coupon codes in the designated area. This allows you to take advantage of special offers and enjoy savings on our services, enhancing your overall experience with American Cloud. ![](/docs/images/account/billing-03.png) ## Usage Invoices (Pre-April 2024) If account predates April 2024 a list of downloadable usage invoices will be presented here. ![](/docs/images/account/billing-04.png) ## Payments (Pre-April 2024) If account predates April 2024 a list of downloadable payment invoices will be presented here. ![](/docs/images/account/billing-05.png) ## Getting Started on American Cloud ## Getting Started on American Cloud Our goal at American Cloud is to be a comprehensive yet simple to use cloud provider. At American Cloud we value our customer's freedom to have their own opinions and beliefs. To this end, American Cloud offers a variety of cancel-proof and user-friendly cloud solutions, all of which can be managed using our custom Web UI. This guide will walk you through signing up for an American Cloud account, accessing the Web UI, creating your first services, and understanding how billing works. 1. Sign Up for an Account 2. Navigate the Web portal 3. Create Your First Compute Instance 4. Create Additional Services 5. Understand Billing 6. Explore American Cloud Guides ### Sign Up for an Account First, you need to create an American Cloud account to start using our services. If you already have a American Cloud account, you can skip to the next section. 1. Navigate to [americancloud.com](http://americancloud.com/) and choose **Sign Up Now**. You will need to choose between **"Organization"** or **"Personal"**. - **Organization**: Enter the organization or company name, full name, email address, phone number, and password. - **Personal**: Enter your full name, email address, phone number, and password. 2. A confirmation email will be sent to the email address you provided. Click the link in that email to confirm your email address. 3. Within the Billing section, fill out the required billing information and choose the initial amount of funds to load to your American Cloud account wallet. Then choose **Proceed to Checkout**. The following page will be for entering payment information. Verify the information is correct and check the box "I agree to pay the above total according to my card issuer agreement". Click **Pay Now**. 4. Most accounts are activated instantly and you can start adding services right away. A small number of accounts may require manual review prior to activation. ### Navigate the Web UI American Cloud's web portal is the gateway to our platform. It enables you to manage your account, view your bills, and manage/add services. Below is a quick breakdown of the Web portal - **Services**: Manage and create Cloud Compute and Kubernetes instances. - **Networking**: Manage and create DNS, load balancers, and networking instances. - **Storage**: Manage and create block storage and snapshots. - **Billing**: Manage and view your payment methods and invoices. - **Support**: Open and manage support tickets. - **Profile**: Manage and update your address, email, phone number, and 2FA. For a full overview of the web portal and its features, see our in depth user guide. ### Create Your First Compute Instance Compute Instances are virtual machines that can be created in a few easy clicks and used for many different applications. You will have the ability to customize your virtual machine to best fit your application computing needs. Use the below guide for further instructions on how to deploy a Compute Instance. - [Deploy a Compute Instance](https://docs.americancloud.com/hc/docs/articles/1722537204-cloud-compute) ### Create Additional Services In addition to Compute Instances, American Cloud has a vast selection of other services that will complete your cloud computing needs. If any of the below would be useful for you, they are only a few clicks away from being created. ### Compute - **ACKS (American Cloud Kubernetes Service)**: Managed Kubernetes clusters that simplify container orchestration. - **Bare Metal (COMING SOON!)**: Dedicated single-tenant hardware for advanced workloads. ### Storage - **Block Storage**: Scalable, high-speed, fault-tolerant, and portable (detachable) storage volumes used to add additional storage to a Compute Instance. - **Object Storage**: Scalability, advanced security features, an S3-compatible API, and easy-to-use management tools. - **Snapshots**: Fully managed automatic daily, weekly, and biweekly snapshots of your American Cloud Compute Instances. ### Networking - **Load Balancers**: Fully configured load balancers with health monitoring and automatic failover. - **Network Access Control Lists (ACLs)**: Customizable ACL lists used to control access to Compute Instances. - **Domain Name Service (DNS)**: A free and comprehensive domain management service included for all American Cloud customers. ### Understand Billing American Cloud services can be paid by either preloaded funds in your wallet or via the primary credit card linked to your American Cloud account. See the below guide for more billing information and pricing. - [Managing Billing in the Web Portal](https://docs.americancloud.com/hc/docs/articles/1722537088-billing) All services are charged even if the instance is in a powered off state. To ensure you are not charged for unused instances please delete the instance. ### Explore American Cloud Guides American Cloud offers a growing library of documentation. This collection covers not only the core products and services offered, but also addresses topics like networking, security, storage, compute instances, and more. For example: quickly learn how to deploy One-Click apps such as WordPress, Grafana, MySQL, Docker, PostgreSQL. American Cloud is here to provide you with an all-in-one cloud computing experience. ## Support ## Do you have a question or need support? Reach out to the team at American Cloud through our chat widget in your customer management portal. Navigate to the menu on the left side of the portal and click "Support." This will bring our chat module onto any page you are working on so you can get the help you need fast. ![](/docs/images/account/support-01.png) Our chat module also has docs which means you don't have to toggle between tabs on your browser. ![](/docs/images/account/support-02.png) ## Just looking for Documentation? You can get to our documentation inside of the chat module. If prefer an expanded view you can click "Docs" in the left hand menu of the customer portal or navigate to [docs.americancloud.com](https://docs.americancloud.com) --- # ACE American Cloud Enterprise private cloud ## ACE Add New User ## Add a New User 1. Log into the ACE environment as Admin 2. In the left-hand navigation bar select ``Accounts`` 3. Select the account to add the new user to. For example `AmericanCloud` in the display below ![](/docs/images/ace/add-new-user-01.png) 4. Once inside the account select `view users` ![](/docs/images/ace/add-new-user-02.png) 5. Select `Add User +` from the top right of the page ![](/docs/images/ace/add-new-user-03.png) 6. Finally add the required information for the user and select `OK`. ![](/docs/images/ace/add-new-user-04.png) 7. Record the new user's credentials into the preferred password management client ## ACE Affinity Groups To further reduce fault tolerance, running multiple instances serving your application/ service together with the load balancer feature provided from the virtual router in ACE, is recommended. In case you have multiple servers running your services, you can assign instances to an Affinity group in ACE. Affinity groups control VM placement by defining whether instances should run together **(affinity)** or apart **(anti-affinity**). **Strict rules** enforce hard placement—VMs **must** follow the rule or fail to deploy—while **non-strict rules** act as preferences that the scheduler will try to honor but may override for availability. Use strict settings when placement is critical (e.g., redundant services on separate hosts), and non-strict when flexibility or uptime takes priority. *Tip! Affinity groups can be attached to instances while creating the instance. You can change an Affinity group of an existing instance from the Instance Details tab. Make sure to stop the instance before changing the Affinity group.* ## Adding New Affinity Groups 1. From the left menu choose **Compute** > **Affinity Groups**, click **Add new Affinity Group**. ![](/docs/images/ace/affinity-groups-01.png) ![](/docs/images/ace/affinity-groups-02.png) ![](/docs/images/ace/affinity-groups-03.png) 2. Provide a name, optionally the description and choose affinity type. ![](/docs/images/ace/affinity-groups-04.png) ![](/docs/images/ace/affinity-groups-05.png) ![](/docs/images/ace/affinity-groups-06.png) ![](/docs/images/ace/affinity-groups-07.png) ## Adding Affinity Group to an Instance that has Already Been Built 1. From the left menu choose **Compute** > **Instances**, click on the instance name. ![](/docs/images/ace/affinity-groups-08.png) ![](/docs/images/ace/affinity-groups-09.png) ![](/docs/images/ace/affinity-groups-10.png) 2. Stop the instance, by clicking on **Stop instance** from the top right options. ![](/docs/images/ace/affinity-groups-11.png) ![](/docs/images/ace/affinity-groups-12.png) 3. Click on **Change Affinity**, from the top right options. ![](/docs/images/ace/affinity-groups-13.png) 4. Select the Affinity group and confirm by clicking **OK**. ![](/docs/images/ace/affinity-groups-14.png) ![](/docs/images/ace/affinity-groups-15.png) ![](/docs/images/ace/affinity-groups-16.png) 5. Make sure to start up your instance again. ![](/docs/images/ace/affinity-groups-17.png) ![](/docs/images/ace/affinity-groups-18.png) ## ACE Creating SSH Key Pair 1. Go to **Compute → SSH Keypairs** ![](/docs/images/ace/creating-ssh-key-pair-01.png) ![](/docs/images/ace/creating-ssh-key-pair-02.png) 2. Click **Create SSH Keypair**. ![](/docs/images/ace/creating-ssh-key-pair-03.png) 3. You'll have two options: - **Create a new keypair:** ACE will generate a keypair and give you the private key. - **Import an existing public key:** If you already have a key, paste the public key here. ![](/docs/images/ace/creating-ssh-key-pair-04.png) 4. After saving, the keypair is associated with your CloudStack account. ![](/docs/images/ace/creating-ssh-key-pair-05.png) 💡 When you launch a VM, select this keypair in the "SSH Keypair" dropdown. ACE will automatically place the public key into the VM's authorized keys. ## Notes - Always back up your private key securely. - CloudStack stores only the **public key**. - The keypair must be selected when creating the VM to be injected into the instance. ## ACE Features American Cloud ACE provides everything offered with the American Cloud CMP to include the below: - Backend API access - Backend GUI access - Custom offerings - Create your own templates - Updated Opentofu/Terraform provider - L3 engineer support access ## Access to CS via GUI & API Users can do just about everything except: - Create/update/delete domains & accounts - Create/update/delete offerings (network, disk, compute, etc...) ## Templates Featured category: AC-OS* = American Cloud curated OS templates Other os templates (legacy) Community category: Newer OS templates AC-APP* = American Cloud CMP(non-ACE) application templates Other CMP(non-ACE) templates (legacy) Appliances ## Offerings Prod-Custom-Standard = Custom CPU & MEM on standard hardware (GUI only for now) Prod-Custom-Premium = Custom CPU & MEM on premium hardware (GUI only for now) Dedicated* = pre-configured CPU & MEM on standare or premium ACKS* = pre-configured CPU & MEM for k8s clusters ## ACE Open Tofu / Terraform Install ## Required Software - LTS version TOFU > **Note:** To visit our github repo [Click Here](https://github.com/American-Cloud/ACE-TF-Examples) **The environment and accounts will be established by American Cloud engineers. Once complete the inital sign-in creds will be provided.** ## Create ACE directory and clone the repo using command ``` git clone https://github.com/American-Cloud/ACE-TF-Examples.git && cd ACE-TF-Examples ``` ## Setup the API environment varibles - Sign into the ACE environment by navigating to `https://gateway00.americancloud.com:8443/client/#/dashboard`. Be sure to add the provided domain. ![](/docs/images/ace/open-tofu-terraform-install-01.png) - Generate and retrieve the API and Secret Keys ![](/docs/images/ace/open-tofu-terraform-install-02.png) ![](/docs/images/ace/open-tofu-terraform-install-03.png) - Once generated add and run the following commands sequencially. ``` export CLOUDSTACK_API_URL="https://gateway00.americancloud.com:8443/client/api" export CLOUDSTACK_API_KEY="" export CLOUDSTACK_SECRET_KEY="" ``` ## Add a SSH keypair to the ACE For further description on generating SSH Keys [Click Here](https://docs.americancloud.com/hc/docs/articles/1722537850-managing-ssh-keys). - In the navigation select `SSH Key Pairs` ![](/docs/images/ace/open-tofu-terraform-install-04.png) - Select `Create A SSH Key Pair` ![](/docs/images/ace/open-tofu-terraform-install-05.png) - Fill in the required information. (The account field is optional and not required for American Cloud purposes.) ![](/docs/images/ace/open-tofu-terraform-install-06.png) ## Setup the VPC or Non-VPC examples by running the repective bash script from within the directory. ``` ./enable_non_vpc_example.sh ``` ``` ./enable_vpc_example.sh ``` - Using the preferred file editor, edit variables/ace.tfvars file after running the above bash scripts and add the keypair name. ``` keypair = "" # Key pair created in UI. Provide name here. ``` ## Initialize TOFU by running the command `Tofu init`. The below readout should be displayed. ``` Initializing the backend... Initializing provider plugins... - Reusing previous version of american-cloud/cloudstack from the dependency lock file - Using previously-installed american-cloud/cloudstack v0.4.2 OpenTofu has been successfully initialized! You may now begin working with OpenTofu. Try running "tofu plan" to see any changes that are required for your infrastructure. All OpenTofu commands should now work. If you ever set or change modules or backend configuration for OpenTofu, rerun this command to reinitialize your working directory. If you forget, other commands will detect it and remind you to do so if necessary. ``` ## Run the TOFU plan using the command ## `tofu plan -out example-tfplan -var-file variables/ace.tfvars` The following readout will be displayed identifying the resources to be built. ``` OpenTofu used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: + create OpenTofu will perform the following actions: # cloudstack_egress_firewall.default_egress will be created + resource "cloudstack_egress_firewall" "default_egress" { + id = (known after apply) + managed = false + network_id = (known after apply) + parallelism = 2 + rule { + cidr_list = [ + "0.0.0.0/0", ] + icmp_code = (known after apply) + icmp_type = (known after apply) + ports = [] + protocol = "all" + uuids = (known after apply) } } # cloudstack_firewall.firewall-web will be created + resource "cloudstack_firewall" "firewall-web" { + id = (known after apply) + ip_address_id = (known after apply) + managed = false + parallelism = 2 + rule { + cidr_list = [ + "0.0.0.0/0", ] + icmp_code = (known after apply) + icmp_type = (known after apply) + ports = [ + "2220", ] + protocol = "tcp" + uuids = (known after apply) } } # cloudstack_instance.web_net_1[0] will be created + resource "cloudstack_instance" "web_net_1" { + display_name = "ACE-Test-net-1-web-0" + expunge = true + group = (known after apply) + id = (known after apply) + ip_address = (known after apply) + keypair = "silverbullet" + name = "ACE-Test-net-1-web-0" + network_id = (known after apply) + project = (known after apply) + root_disk_size = 20 + service_offering = "ACE 2 vCPU 4GB Ram - z0" + start_vm = true + tags = { + "environment" = "staging" + "role" = "net-1-web" } + template = "AC-OS-ubuntu-22.04-2023-11-15T15-39-13Z" + zone = "zone0" } # cloudstack_ipaddress.pub-ip will be created + resource "cloudstack_ipaddress" "pub-ip" { + id = (known after apply) + ip_address = (known after apply) + is_portable = false + is_source_nat = (known after apply) + network_id = (known after apply) + project = (known after apply) + tags = (known after apply) + zone = "zone0" } # cloudstack_network.ace-network-1 will be created + resource "cloudstack_network" "ace-network-1" { + acl_id = "none" + cidr = "10.0.1.0/24" + display_text = (known after apply) + endip = (known after apply) + gateway = (known after apply) + id = (known after apply) + name = "ace-network-1" + network_domain = (known after apply) + network_offering = "DefaultIsolatedNetworkOfferingWithSourceNatService" + project = (known after apply) + source_nat_ip_address = (known after apply) + source_nat_ip_id = (known after apply) + startip = (known after apply) + tags = (known after apply) + zone = "zone0" } # cloudstack_port_forward.web_net_1[0] will be created + resource "cloudstack_port_forward" "web_net_1" { + id = (known after apply) + ip_address_id = (known after apply) + managed = false + forward { + private_port = 22 + protocol = "tcp" + public_port = 2220 + uuid = (known after apply) + virtual_machine_id = (known after apply) } } Plan: 6 to add, 0 to change, 0 to destroy. Changes to Outputs: + pub_ip = (known after apply) ─────────────────────────────────────────────────────────────────────────────── Saved the plan to: example-tfplan To perform exactly these actions, run the following command to apply: tofu apply "example-tfplan" ``` ## Apply the TOFU plan by running `tofu apply example-tfplan`. Once ran the resource changes will be displayed along with the Public IP to utilize when connecting to the instances. ``` Apply complete! Resources: 6 added, 0 changed, 0 destroyed. Outputs: pub_ip = "x.x.x.x" ``` - SSH into the machine using the following guidelines. ``` ssh -p 222X cloud@X.X.X.X ``` > **Note:** The port number `222X` the `X` is the index number of the server created. In the `variables/ace.tfvars` you will set the `count` of how many servers to create. If the count is `1`, then the port number would be `2220` as the indexing count starts at `0` In the `VPC` example the port forwarding is only setup on `web_net_1` instances. You will need to adjust VPC ACL rules to access instances on the `web_net_2`, as well as putting a SSH private key on the instances you are port forwarding to, so that you can SSH from `web_net_1` instances to `web_net_2` ## Lastly use the following command to cleanup the environment ``` tofu plan --destroy -out example-tfplan -var-file variables/ace.tfvars ``` - A readout will display all resource changes that will take place once applied ``` OpenTofu used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: - destroy OpenTofu will perform the following actions: # cloudstack_egress_firewall.default_egress will be destroyed - resource "cloudstack_egress_firewall" "default_egress" { - id = "89ed85c4-50bc-4e18-91ae-dcfbc9db31c9" -> null - managed = false -> null - network_id = "89ed85c4-50bc-4e18-91ae-dcfbc9db31c9" -> null - parallelism = 2 -> null - rule { - cidr_list = [ - "10.0.1.0/24", ] -> null - icmp_code = 0 -> null - icmp_type = 0 -> null - ports = [] -> null - protocol = "all" -> null - uuids = { - "all" = "1d297874-affe-4795-956a-f6f0e384e54e" } -> null } } # cloudstack_firewall.firewall-web will be destroyed - resource "cloudstack_firewall" "firewall-web" { - id = "7bf925eb-5a65-4ce3-8e04-7840334a73df" -> null - ip_address_id = "7bf925eb-5a65-4ce3-8e04-7840334a73df" -> null - managed = false -> null - parallelism = 2 -> null - rule { - cidr_list = [ - "0.0.0.0/0", ] -> null - icmp_code = 0 -> null - icmp_type = 0 -> null - ports = [ - "2220", ] -> null - protocol = "tcp" -> null - uuids = { - "2220" = "77905ac1-7d8f-459e-b812-8ba8b02a7916" } -> null } } # cloudstack_instance.web_net_1[0] will be destroyed - resource "cloudstack_instance" "web_net_1" { - display_name = "ACE-Test-net-1-web-0" -> null - expunge = true -> null - id = "afd6d90e-fc30-416b-8e1e-c0d8ee912188" -> null - ip_address = "10.0.1.244" -> null - keypair = "silverbullet" -> null - name = "ACE-Test-net-1-web-0" -> null - network_id = "89ed85c4-50bc-4e18-91ae-dcfbc9db31c9" -> null - root_disk_size = 20 -> null - service_offering = "ACE 2 vCPU 4GB Ram - z0" -> null - start_vm = true -> null - tags = { - "environment" = "staging" - "role" = "net-1-web" } -> null - template = "AC-OS-ubuntu-22.04-2023-11-15T15-39-13Z" -> null - zone = "zone0" -> null } # cloudstack_ipaddress.pub-ip will be destroyed - resource "cloudstack_ipaddress" "pub-ip" { - id = "7bf925eb-5a65-4ce3-8e04-7840334a73df" -> null - ip_address = "172.252.211.166" -> null - is_portable = false -> null - is_source_nat = true -> null - network_id = "89ed85c4-50bc-4e18-91ae-dcfbc9db31c9" -> null - tags = {} -> null - zone = "zone0" -> null } # cloudstack_network.ace-network-1 will be destroyed - resource "cloudstack_network" "ace-network-1" { - acl_id = "none" -> null - cidr = "10.0.1.0/24" -> null - display_text = "ace-network-1" -> null - gateway = "10.0.1.1" -> null - id = "89ed85c4-50bc-4e18-91ae-dcfbc9db31c9" -> null - name = "ace-network-1" -> null - network_domain = "cs260cloud.internal" -> null - network_offering = "DefaultIsolatedNetworkOfferingWithSourceNatService" -> null - tags = {} -> null - zone = "zone0" -> null } # cloudstack_port_forward.web_net_1[0] will be destroyed - resource "cloudstack_port_forward" "web_net_1" { - id = "7bf925eb-5a65-4ce3-8e04-7840334a73df" -> null - ip_address_id = "7bf925eb-5a65-4ce3-8e04-7840334a73df" -> null - managed = false -> null - forward { - private_port = 22 -> null - protocol = "tcp" -> null - public_port = 2220 -> null - uuid = "ed849b59-da71-4990-8563-fb8fee09036c" -> null - virtual_machine_id = "afd6d90e-fc30-416b-8e1e-c0d8ee912188" -> null } } Plan: 0 to add, 0 to change, 6 to destroy. Changes to Outputs: - pub_ip = "172.252.211.166" -> null ─────────────────────────────────────────────────────────────────────────────── Saved the plan to: example-tfplan To perform exactly these actions, run the following command to apply: tofu apply "example-tfplan" ``` - Next apply the plan ``` tofu apply example-tfplan ``` - Once complete a readout will display the changed resource ``` Apply complete! Resources: 0 added, 0 changed, 6 destroyed. ``` ## ACE VPN Portal Upon receipt of the ACE portal credentials navigate to [ace-vpn.americancloud.com](https://ace-vpn.americancloud.com/) and log in to access the remote access dashboard. Once logged in it's possible to manage the organization's users. Below is a layout explanation of the User Interface. ![](/docs/images/ace/vpn-portal-01.png) 1. The dropdown menu provides a means to access and edit the user account, a VPN connections, or to log out of the session. 2. This button allows quick access to the current user's VPN client profiles. 3. This button allows the management of additional end-users in the organization that may also require access to the ACE environment. 4. This section allows further information on the ACE features, setup and usage of the ACE environment, installation instructions for the WireGuard client to connect with based on OS, and additional CloudStack documentation for reference. ## User Account To access the user account, reset a password, and enable Two-Factor Authentication, use your dropdown menu and choose Edit Account: ![](/docs/images/ace/vpn-portal-02.png) The next screen will allow for confirmation of the user's contact information, change the user's password, and toggle Enable 2FA. ![](/docs/images/ace/vpn-portal-03.png) ## 2FA SMS Once Enable 2FA is toggled on and the SAVE button is pressed, the 2FA type will be available. Choose the method(s) available. ![](/docs/images/ace/vpn-portal-04.png) When you choose your 2FA type and SAVE, a Manage `type` link will be made available for testing and confirm that the method is functioning properly: ![](/docs/images/ace/vpn-portal-05.png) Access the Manage page and confirm the method is functioning properly prior to logging out of your session. ![](/docs/images/ace/vpn-portal-06.png) ## 2FA TOTP For TOTP, an auto-generated seed will be provided. To accept this seed, choose SAVE NEW SEED button, or to have a different one generated choose GENERATE RANDOM SEED. ![](/docs/images/ace/vpn-portal-07.png) Once the SAVE NEW SEED button is pressed the Verification option will become available. Save your seed to the TOTP application or scan the QR code in the application and enter the TOTP 6-digit code and choose VERIFY NEW CODE. ![](/docs/images/ace/vpn-portal-08.png) ## Remote Access VPN Clients To set up a remote access VPN client(s) expand the dropdown menu and choose VPN Clients or use the MANAGE VPN CLIENTS button on the dashboard main page (position 2). ![](/docs/images/ace/vpn-portal-09.png) The VPN USER-PORTAL page provides the ability to add, edit, and delete your VPN configurations. ![](/docs/images/ace/vpn-portal-10.png) To create a new peer connection choose ADD NEW PEER from the VPN USER-PORTAL page. This will generate a Public Key and provide an option to give the connection a friendly Identifier. Then select SAVE. Use nicknames that are easy for you to find and manage as needed, like 'officeworkstation', 'mobilephone', etc. ![](/docs/images/ace/vpn-portal-11.png) Now a Peer will be listed in the VPN User-Profile page. By selecting the peer it provides a download option of the automatically generated configuration file to import into the local WireGuard client. Choose INFO to access the Download option for the specific Peer being loaded on the current host. This will also display a QR code that can be scanned from a mobile device. Choose INFO at the front of the Profile to view the additional information. ![](/docs/images/ace/vpn-portal-12.png) Download the client VPN profile and import it into the WireGuard Client. There is an EDIT option as well at the end of each profile to change its nickname identifier or delete the profile. ![](/docs/images/ace/vpn-portal-13.png) ## Additional User Setup In order for other end-users within the organization to access the ACE environment they will need to have their own user account within the ACE-VPN portal to create their own VPN Profiles. From the main dashboard choose MANAGE USERS (option 3). This will provide a list of accounts in the organization. Additionally, the page provides the ability to create, edit, or delete users as needed. Only MANAGERS of the organization have this access and ability. ![](/docs/images/ace/vpn-portal-14.png) Choose ADD NEW USER from the VPN USERS page and fill out the new user information. When finished, SAVE the account and the new user will have access to this portal and may create, edit, and delete their own VPN Peers. ![](/docs/images/ace/vpn-portal-15.png) More information (Option 4 section of the dashboard) is provided for quick links to additional content, further reading, and ACE online documentation. ![](/docs/images/ace/vpn-portal-16.png) Your data is your own and by utilizing the American Cloud Enterprise VPN Portal you are in control of who accesses your data, wherever they may be. ## Available Templates/ISO's Pre-configured virtual machine images (OS or application-based) used to quickly deploy consistent environments. These may include Linux distributions (e.g., Ubuntu, Rocky), Windows Server versions, or full application stacks (e.g., GitLab, WordPress, Nextcloud). ## Operating Systems - **Ubuntu**: 16.04, 20.04, 22.04, 24.04 (incl. KDE/XFCE) - **Debian**: 11.6, 12 - **Rocky Linux**: 8, 9, 9.2, 9.5 - **CentOS**: 8, 9 - **Fedora**: 37, 38 - **Windows Server 2019**: Multiple builds - **Talos**: 1.10 - **OpenBSD**: 7.4 ## Kubernetes - CAPI on Ubuntu 20.04 (KUBE, K8S-1.27-CAPI) ## Applications - **Docker-based**: WordPress, Nextcloud, Supabase, Jitsi - **GitLab CE**: 16.7.2, 17.4.2, 17.11.0 - **Other Apps**: Coolify v4, CloudPanel v2, Docker (latest) ## ISO's Bootable disk images used for installing operating systems, drivers, or tools. ## Operating Systems - **Windows Server**: 2019, 2022 - **Ubuntu**: 22.04.1 Live Server ## Tools / Drivers - xs-tools.iso - vmware-tools.iso - Virtio ISO - Virtio New ## Kubernetes Binaries (ISOs) - Versions: 1.27.3, 1.26.6, 1.25.0, 1.24.0, 1.23.3, 1.22.6 ## Creating a Windows Server 2019 Demo Network 1. Navigate to [https://gateway00.americancloud.com:8443/client](https://gateway00.americancloud.com:8443/client) 2. Login to your ACE environment using the credentials from the Knox Vault. ![](/docs/images/ace/creating-a-windows-server-2019-demo-network-01.jpeg) ## Build Network - First, create an Isolated network to build your VM's on. ![](/docs/images/ace/creating-a-windows-server-2019-demo-network-02.jpeg) - Click "Add network" ![](/docs/images/ace/creating-a-windows-server-2019-demo-network-03.jpeg) - Provide the required information: **Name:** Provide a name based on your required naming convention **Description:** Helps to distinguish between networks **Zone:** This should be the zone you're wanting to build the VM's in. **Domain:** Since building an isolated network be sure to select the domain. **Account:** Once the domain is selected an additional box will display labeled account. Select the appropriate account for the network. **Network Domain:** Leave Blank **Network Offering:** Select [[Offering for Isolated networks with Source Nat service enabled]]. **External ID:** Leave Blank ![](/docs/images/ace/creating-a-windows-server-2019-demo-network-04.jpeg) - The remainder of the boxes can be left blank unless building the network for a VPC. Select 'OK'. ![](/docs/images/ace/creating-a-windows-server-2019-demo-network-05.jpeg) - Click "Win-Demo-Net" or the network built. ![](/docs/images/ace/creating-a-windows-server-2019-demo-network-06.jpeg) - Click "Public IP addresses" ![](/docs/images/ace/creating-a-windows-server-2019-demo-network-07.jpeg) - To begin we'll be missing an IP for our network. Following the first build ACE will assign an IP to the machine and enable that IP as the source NAT. On this page additional IP's can be acquired and managed for sequential machines. ![](/docs/images/ace/creating-a-windows-server-2019-demo-network-08.jpeg) ## Build the Instance - Click [[cloud/instance]] icon from the left navigation bar and select [[instances]]. ![](/docs/images/ace/creating-a-windows-server-2019-demo-network-09.jpeg) - Select [[Add Instance +]] toggle. ![](/docs/images/ace/creating-a-windows-server-2019-demo-network-10.jpeg) - Select the zone the VM should reside in. The zone should mirror the zone of the network to build on. ![](/docs/images/ace/creating-a-windows-server-2019-demo-network-11.jpeg) Alert: Currently Zone 0 offers a standard and premium node while Zone 1 only offers standard. - Click the "Search" field. ![](/docs/images/ace/creating-a-windows-server-2019-demo-network-12.jpeg) - Type "wind [[enter]]" This will narrow down the selection of offerings presented. - Click "Community" ![](/docs/images/ace/creating-a-windows-server-2019-demo-network-13.jpeg) - Click [[AC-OS-Windows-Server-2019-Standar-2024-07-01]] is the newest template of windows. Select it by the radio button to the left. ![](/docs/images/ace/creating-a-windows-server-2019-demo-network-14.jpeg) - If selecting an offering for zone0, you'll see two different options. An [[ACE-1C32-1R64-P]] and [[ACE-1C32-1R64-S]] where P= premium and S= standard. Zone 1 as stated above will only have the standard cluster. Select the appropriate offering. The ones listed above are custom offerings, allowing you to provision the vm more to your needs. We also have several default offerings. Once you've selected the CUSTOM service offering select the CPU cores from 1-32 and RAM from 1000-64000. This can all be scaled at a later date if necessary. ![](/docs/images/ace/creating-a-windows-server-2019-demo-network-15.jpeg) - Once CPU/RAM have been selected. You'll want to decide upon the size of the root disk. While looking at the VM build in the right-hand pane. You can identify the default disk offering of 50 GB. If your project requires more of a root disk. Select [[Override root disk offering]] toggle. In the disk offerings section select [[CustomLocal]]. Then scale the root disk to the appropriate size. If additional data disk are required select the size in section 4. Data Disk. ![](/docs/images/ace/creating-a-windows-server-2019-demo-network-16.jpeg) - Select the network for the VM. For the initial build we select the network we built in the first steps. Under default network we can leave the IP Address and MAC Address blank as they'll be issued via Cloudstack. ![](/docs/images/ace/creating-a-windows-server-2019-demo-network-17.jpeg) - The additional blocks are informational and optional. Fill them in as necessary and select [[Launch Instance]]. ![](/docs/images/ace/creating-a-windows-server-2019-demo-network-18.jpeg) - The machine will launch and move to a starting status. ![](/docs/images/ace/creating-a-windows-server-2019-demo-network-19.jpeg) - Once the machine goes to a running state, the password will be presented. Be sure to copy and securely store this password for SSH purposes if you haven't built a ssh key. You can close the popup once copied. ![](/docs/images/ace/creating-a-windows-server-2019-demo-network-20.jpeg) Tip: Congrats you've built your Windows machine. ## Access Machine - Click "VM-12c7eb61-e7ea-4b26-80f2-8ca4d77b5bb2" ![](/docs/images/ace/creating-a-windows-server-2019-demo-network-21.jpeg) - Click this icon. ![](/docs/images/ace/creating-a-windows-server-2019-demo-network-22.jpeg) - Initial a new password for the Administrator is required. Select 'OK'. ![](/docs/images/ace/creating-a-windows-server-2019-demo-network-23.jpeg) - Once the password has been excepted and changed successfully. Select 'OK' ![](/docs/images/ace/creating-a-windows-server-2019-demo-network-24.jpeg) - You'll be logged in and directed to the Server Manager for windows 2019 datacenter. ![](/docs/images/ace/creating-a-windows-server-2019-demo-network-25.jpeg) Tip: Additional to the ACE console is remote access. Remote access is a more desirable connection. [Made with Scribe](https://scribehow.com/shared/Creating_a_Windows_Server_2019_Demo_Network__eP9CjgFQR6OqWfIdRqILYQ) ## Enable Static NAT 1. Navigate to [https://gateway00.americancloud.com:8443/client](https://gateway00.americancloud.com:8443/client) 2. This is the VPC you built. Which looks good. ![](/docs/images/ace/enable-static-nat-01.png) 3. Click "Public IP addresses" to list the already allocated IP Addresses. ![](/docs/images/ace/enable-static-nat-02.png) 4. The below image identifies the IP addresses available. One is identified as source nat. Leave that one as is. The other can be utilized as needed. ![](/docs/images/ace/enable-static-nat-03.png) 5. We'll select the IP not being utilized. ![](/docs/images/ace/enable-static-nat-04.png) 6. That will bring us to the IP management page. We can assign an IP by selecting the '+' icon in the upper right as depicted. ![](/docs/images/ace/enable-static-nat-05.png) 7. Once selected a list of currently running vm's will appear. Simply select the VM to enable static nat for. ![](/docs/images/ace/enable-static-nat-06.png) *There are no VM's listed above b/c you've not built any or have destroyed what you had built.* ## Unique IPs 1. If you'd like multiple servers with unique IP's, to acquire a new IP click "Acquire new IP" ![](/docs/images/ace/enable-static-nat-07.png) 2. The system will automatically select the first available IP for distribution. By selecting the drop-down arrow you can select from a list of available IP addresses. ![](/docs/images/ace/enable-static-nat-08.png) *Once the IP is acquired follow the previous steps to enable static nat.* ## Getting Started With ACE This guide provides a quick view of how to start using your ACE environment and how to build your first VM. For more detailed articles click the following links: - [KNOX User Guide](https://docs.americancloud.com/hc/docs/articles/1724695918-knoix) - [ACE VPN Portal](https://docs.americancloud.com/hc/docs/articles/1724695870-ace-vpn-portal) - [Adding New Users](https://docs.americancloud.com/hc/docs/articles/1727808068-ace-add-new-user) - [Installation of Open Tofu/Terraform](https://docs.americancloud.com/hc/docs/articles/1722538038-ace-install-and-use) - [Affinity Groups](https://docs.americancloud.com/hc/docs/articles/1753881226-ace-affinity-groups) - [Templates and ISO's](https://docs.americancloud.com/hc/docs/articles/1753888040-available-templates) - [SHH Key Pairs](https://docs.americancloud.com/hc/docs/articles/1753888977-ace-creating-ssh-key-pair) ## Getting Started with ACE After connecting to the [ACE VPN](https://docs.americancloud.com/hc/docs/articles/1724695870-ace-vpn-portal) Navigate to [https://gateway00.americancloud.com:8443/client/#/dashboard](https://gateway00.americancloud.com:8443/client/#/user/login?redirect=/dashboard). Enter your username, password and domain ID to log in on the ACE panel. - Tip! These Credentials are NOT the same as your **[*AmericanCloud.com*](https://americancloud.com/) customer portal. These are the credentials that were shared with you in your KNOX Vault. ([*https://knox.americancloud.io/#/login*](https://knox.americancloud.io/#/login)) Click "Login" ![](/docs/images/ace/getting-started-with-ace-01.png) ## Creating a Virtual Machine and Isolated Network - *Tip! We recommend adding a network or VPC before building your VM.* ### Adding an Isolated Network An isolated network can be deployed with different services like an HAproxy load balancer in the virtual router or source nat to communicate with other networks or a simple layer 2 network. A **Network Offering** in ACE defines how the isolated network is set up and which services to include with its deployment. **`Offering For Isolated Networks with Source Nat Service Enabled`** is our default offering that creates a single virtual router with Source Nat service enabled and egress traffic blocked by default. It provides the following services `[DHCP, firewall, port forwarding, Source NAT, Static NAT, User data, DNS, Load balancer and VPN]` - *We also have an offering used for our Kubernetes Service which is explained in a separate article.* From the Dashboard Select "Network" ![](/docs/images/ace/getting-started-with-ace-02.png) Select "Guest Networks" ![](/docs/images/ace/getting-started-with-ace-03.png) Click "Add Network" ![](/docs/images/ace/getting-started-with-ace-04.png) Name your Network and Add a Description if Needed ![](/docs/images/ace/getting-started-with-ace-05.png) Select your Domain ![](/docs/images/ace/getting-started-with-ace-06.png) Select the Zone where you will be building your Network and VM ![](/docs/images/ace/getting-started-with-ace-07.png) Select "`Offering for Isolated networks with Source Nat service enabled`" ![](/docs/images/ace/getting-started-with-ace-08.png) Click "OK" ![](/docs/images/ace/getting-started-with-ace-09.jpeg) Your Isolated Network has Been Allocated. The network can be viewed by going to **Network** > **Guest networks** ![](/docs/images/ace/getting-started-with-ace-10.jpeg) ## Creating a New Virtual Machine From the ACE Dashboard panel choose **Compute > Instances**, click **Add Instance** ![](/docs/images/ace/getting-started-with-ace-11.png) Select "Instances" ![](/docs/images/ace/getting-started-with-ace-12.png) Select "Add Instance" ![](/docs/images/ace/getting-started-with-ace-13.png) Choose the zone where you will be building your VM and have already built your Network ![](/docs/images/ace/getting-started-with-ace-14.png) Choose a **Template** or **ISO.** *Templates are images containing an OS used to boot up the server, or boot from an ISO a virtual DVD/ CD that can be uploaded separately. Too see a list of all of our templates *[*Click Here.*](https://docs.americancloud.com/hc/docs/articles/1753888040-available-templates) ![](/docs/images/ace/getting-started-with-ace-15.png) ![](/docs/images/ace/getting-started-with-ace-16.png) Select a Compute Offering for your Instance, which determines how many CPU cores and memory is allocated to the server or Create a custom offering. ![](/docs/images/ace/getting-started-with-ace-17.png) ![](/docs/images/ace/getting-started-with-ace-18.png) ![](/docs/images/ace/getting-started-with-ace-19.png) Override the Root Disk Offering if needed ![](/docs/images/ace/getting-started-with-ace-20.png) ![](/docs/images/ace/getting-started-with-ace-21.png) Select the **Network** in which the server will be deployed that was created earlier in this tutorial. ![](/docs/images/ace/getting-started-with-ace-22.png) You can Choose to associate an **SSH key** pair to the server. If you created SSH key pairs under the **Account** section they will show up here. ![](/docs/images/ace/getting-started-with-ace-23.png) *Tip! Select additional options under **Advanced Mode**, like boot type, add user data and/or select an **Affinity Group** to place the virtual machine in.* - *These options are not required but can help with setting up the virtual machine in a more specific state.* Click "Launch Instance" ![](/docs/images/ace/getting-started-with-ace-24.png) After the server is deployed, you will see the password show up in the panel if the password set has been configured in the chosen **Template**. Make sure to the save the password in a password manager of your choice. ## Knox **Knox is American Cloud's self-hosted credential platform based off of the trusted BitWarden Password Management application. As such, Knox provides a secure means for American Cloud to share and manage sensitive data with our clients via customized organizations and vaults. Knox provides a combination of both asymmetric and asymmetric encryption that protects sensitive information as it is shared, as well as organizational policies that ensure compliance with AICPA SOC2 Type 2 / Privacy Shield, GDPR, and CCPA regulations. All logins stored on Knox reside in an encrypted vault, utilizing AES-CBC 256 bit encryption, salted hashing, and PBKDF2 SHA-256 algorithms.** **Security is tantamount when it comes to credential and authentication management and American Cloud feels a solution as strong as Fort Knox is what it takes to deliver this.** ## Creating Account Knox is self hosted and completely separate from BitWarden. Please make sure to follow these steps even if you are already an active user of VaultWarden or BitWarden. There is information later in this document that goes over connecting this account to your current BitWarden Clients and Account Switching ## Invitation When it’s necessary for Clients of American Cloud to share information such as secure logins with an engineer or vice versa an invite to join a secure Organization in Knox will be initiated. *Employees of American Cloud will never ask for login information over the phone, email, or text.* Once you have opened the email from “Knox” with the email address ([ops@americancloud.us](mailto:ops@americancloud.us)) click the “Join Organization Now” button.![](/docs/images/ace/knox-01.jpeg) ## Join the Organization ***Important:*** For new user’s of American Cloud’s Knox Create a new account using the “Create Account” button. Even if you have a current BitWarden or VaultWarden account DO NOT try to Log In, Knox is a unique Vault with its own unique Domain([knox.americancloud.io](http://knox.americancloud.io)). ![](/docs/images/ace/knox-02.jpeg) ## Master Password After clicking the “create account” button you will be taken to the following screen. Here you will be able to create your username and master password. ***Important:*** If you forget your master password it will be unrecoverable. The only way to allow you back into the vault will be by having an Admin from American Cloud remove you from Knox completely and you will need to create a new account after being re-invited.![](/docs/images/ace/knox-03.jpeg) ## Logging In When you want to log into Knox you will navigate in your web browser to: [knox.americancloud.io](http://knox.americancloud.io). There you will be able to enter your email address and your master password. ***There will be instructions at the end of this document detailing how to add this domain to your bitwarden extensions and client if you are already a BitWarden user.*** ![](/docs/images/ace/knox-04.jpeg) ![](/docs/images/ace/knox-05.jpeg) ## 2FA and SOC-2 Compliance In order to be fully SOC-2 compliant we require all users to set up two factor authentication. If 2FA is not set up within 24 hours you will be removed from the organization. In order to gain access to the organization you will need to set up 2FA and an Admin from American Cloud will have to re-invite you. Along with that personal information should not be shared or stored in Knox. We have disabled the My Vault option. If you store any information in “My Vault” prior to joining the Organization you were invited to, it will be destroyed and unrecoverable upon joining the Organization. ## Setting Up 2FA Navigate to Account Settings once you are logged in ![](/docs/images/ace/knox-06.jpeg) Choose Security from the Account Setting menu and choose a form of 2FA. Any type of 2FA you choose will work. ![](/docs/images/ace/knox-07.jpeg) ## Account Switching If you have accounts on multiple servers, for example a previous bitwarden account and now `knox.americancloud.io`, use the **server selector drop down** that is located on the login screen and select the **Self-hosted** menu to change the **Server URL** to the URL for the account. ![Self-hosted domain selector](/docs/images/ace/knox-08.png)*Self-hosted domain selector* In this example, for American Cloud you would use `knox.americancloud.io` as the domain. --- # Marketplace apps One-click application deployments ## Cloudpanel ![](/docs/images/marketplace/cloudpanel-01.png) ## Cloudpanel CloudPanel is a web-based control panel designed to streamline and manage cloud infrastructure. It offers a user-friendly interface for configuring, monitoring, and optimizing cloud resources, simplifying tasks such as server provisioning, scaling, and security management. By centralizing control over diverse cloud services, CloudPanel enhances efficiency, reduces manual interventions, and ensures better resource utilization. It supports various cloud providers and facilitates seamless collaboration among teams. With features like automated backups, user management, and real-time analytics, CloudPanel empowers organizations to harness the full potential of their cloud environment while minimizing complexity. ## Create Instance 1. Login to the Web Portal with a valid American Cloud account. 2. On the left navigation column choose 'Cloud Compute'. 3. Click on "Create an Instance" select the "Project" and click "Proceed" 4. Select your location and network. Under "Choose Server Image" select "Marketplace Apps" tab and choose "Cloudpanel" ![](/docs/images/marketplace/cloudpanel-02.png) ![](/docs/images/marketplace/cloudpanel-03.png) 5. Choose a server size. ![](/docs/images/marketplace/cloudpanel-04.png) 6. ***Optional*** Generate or add SSH key. Click on Review and Deploy once reviewed click on Deploy Now. 7. ***Optional*** While the Wordpress VM is deploying a DNS record can be added if you already know what domain you are going to use for your site. The Public IP can be found under the Overview of the VM. ![](/docs/images/marketplace/cloudpanel-05.png) **Note:** DNS providers have different methods of doing this, please contact your DNS provider if you are having any issues. If desired American Cloud offers complimentary DNS Management. Add your domain to the DNS Management section in the left navigation menu on American Cloud. Afterwards go to your registar's website and point your domain to the American Cloud nameservers: [ns1.americancloud.org](http://ns1.americancloud.org/) and [ns2.americancloud.org](http://ns2.americancloud.org/). Inside the American Cloud UI navigate to the DNS Manager and create the appropriate A records. **Example Below:** Inside American Cloud DNS Management click the edit pencil for your new domain and create the appropriate A records, remember to swap 0.0.0.0 for your new Public IP address. ![](/docs/images/marketplace/cloudpanel-06.png) 8. Navigating to the [https://publicip:8443](https://publicip:8443/) via a browser will display the cloudpanel admin user setup page. Provide the necessary information ensuring to save the user/password. ![](/docs/images/marketplace/cloudpanel-07.png) 9. Using the credentials sign into the newly built cloud panel For further information on operating cloudpanel, visit the [cloudpanel docs here](https://www.cloudpanel.io/docs/v2/introduction/). ## Deploying a Coolify Instance Coolify is a comprehensive Platform as a Service (PaaS) designed to facilitate the self-hosting of various applications, databases, and services, such as WordPress, Plausible Analytics, and Ghost. It offers users the ability to host their own content without the complexities of server management. Serving as an open-source and self-hostable alternative to platforms like Heroku, Netlify, and Vercel, Coolify empowers individuals and businesses to deploy and run their applications seamlessly. With its user-friendly approach, Coolify streamlines the hosting process, allowing users to focus on their content or services rather than the intricacies of server administration. This platform thus provides a convenient and efficient solution for those seeking autonomy and control over their hosted applications. - Navigate to [https://app.americancloud.com](http://cmpprodc0-0.sjc0.usacld.net/instance) Navigate to 'Cloud Compute' ![](/docs/images/marketplace/deploying-a-coolify-instance-01.jpeg) - Click "CREATE AN INSTANCE" ![](/docs/images/marketplace/deploying-a-coolify-instance-02.jpeg) - Select the correct project and click "Proceed" ![](/docs/images/marketplace/deploying-a-coolify-instance-03.jpeg) - Select the zone to create the instance ![](/docs/images/marketplace/deploying-a-coolify-instance-04.jpeg) - Select the server type desired ![](/docs/images/marketplace/deploying-a-coolify-instance-05.jpeg) - Open marketplace apps tab and select 'coolify' ![](/docs/images/marketplace/deploying-a-coolify-instance-06.jpeg) - Provision the server to desired specifications ![](/docs/images/marketplace/deploying-a-coolify-instance-07.jpeg) - Change the host name based on naming convention. Once complete click "Deploy Now" ![](/docs/images/marketplace/deploying-a-coolify-instance-08.jpeg) - On the overview page of the coolify machine copy the Public IP address. In a new tab, navigate to [http://:8000](http://172.252.211.229:8000/register) exchanging with the coolify machines IP address. - Create a user account for the new instance and select 'Register' ![](/docs/images/marketplace/deploying-a-coolify-instance-09.jpeg) - Click "Get Started" ![](/docs/images/marketplace/deploying-a-coolify-instance-10.jpeg) - Click "Next" ![](/docs/images/marketplace/deploying-a-coolify-instance-11.jpeg) - Click "Localhost" ![](/docs/images/marketplace/deploying-a-coolify-instance-12.jpeg) - The initial connection will fail b/c we have yet to add the public key to the machine. Copy the public key. Using the credentials found on the machines overview page ssh into the machine. Add the public key to ~/.ssh/authorized_keys. ![](/docs/images/marketplace/deploying-a-coolify-instance-13.jpeg) - Either select 'localhost' or 'Check Again'. ![](/docs/images/marketplace/deploying-a-coolify-instance-14.jpeg) - Click "Create new project!" ![](/docs/images/marketplace/deploying-a-coolify-instance-15.jpeg) - Click "Let's do it!" ![](/docs/images/marketplace/deploying-a-coolify-instance-16.jpeg) - Click "Servers" ![](/docs/images/marketplace/deploying-a-coolify-instance-17.jpeg) - Click "localhost" ![](/docs/images/marketplace/deploying-a-coolify-instance-18.jpeg) - The server is now validated and proxy is running. You're free to start creating projects and building resources. ![](/docs/images/marketplace/deploying-a-coolify-instance-19.jpeg) Tip: If you need further assistance head over to the [Coolify Docs](https://coolify.io/docs/) ## GitLab ![](/docs/images/marketplace/gitlab-01.jpg) GitLab is a web-based platform that provides a complete DevOps lifecycle management tool. It offers features for version control, continuous integration, continuous delivery, and container orchestration. GitLab allows teams to collaborate on software development projects, manage repositories using Git, track issues, and automate the software delivery process. It integrates source code repositories, CI/CD pipelines, code review, and project management in a single interface. With built-in collaboration tools and a wide range of integrations, GitLab enables efficient and streamlined development workflows for teams of all sizes. ## System requirements It is recommended to utilize a server size of 4 CPU/8 GB RAM. ## Install GitLab 1. Login to the Web Portal with a valid American Cloud account 2. On the left navigation column choose 'Cloud Compute' 3. Click on "Create an Instance" select your "Project" and click "Proceed" 4. Select your location and network. Under "Choose Server Image" select "Marketplace Apps" tab and choose preferred "GitLab CE version" along with the desired "operating system" ![](/docs/images/marketplace/gitlab-02.png) ![](/docs/images/marketplace/gitlab-03.jpg) Fill out an email to be used for Let's Encrypt Certs and the domain name without `http/https` and `www.` ![](/docs/images/marketplace/gitlab-04.png) 5. After setting your environment variables, choose a server size and then click on "Add a new startup script". This will apply the environment variables you set earlier, so no further action is needed. ![](/docs/images/marketplace/gitlab-05.png) ![](/docs/images/marketplace/gitlab-06.png) 6. Click on Review and Deploy once reviewed click on Deploy Now. 7. Once the GitLab VM is deploying a DNS record can be added. The Public IP can be found under the Overview of the VM. ![](/docs/images/marketplace/gitlab-07.png) > Note: DNS providers have different methods of doing this, please contact your DNS provider if you are having any issues > > **Example**: American Cloud DNS Management, **insert your GitLab instance public IP instead of 0.0.0.0** ![](/docs/images/marketplace/gitlab-08.png) > After your domain is resolving to the correct IP address and when the script completes, your GitLab installation will be ready. This usually takes 10-15 minutes from the time you add your A records but this can vary drastically depening on your DNS provider, in a worst case scenario we have seen DNS providers take up to 24 hours before the new A records are reflected on the internet. 8. SSH into the VM and run the following command to set the username/password for login ``` sudo gitlab-rake "gitlab:password:reset" ``` 9. Provide username `root` and select the desired password for the root account. ![](/docs/images/marketplace/gitlab-09.png) **Note:** The password must be at least 8 characters long and must not contain commonly used word or letter combinations. 10. Finally, use the username `root` and the previously established password to sign into GitLab ![](/docs/images/marketplace/gitlab-10.png) ## Troubleshooting * Webpage or certs not configured correctly. Likely due to DNS service lag. A reconfigure command can resolve this issue. 1. SSH into the VM 2. Run command ``` sudo gitlab-ctl reconfigure ``` * Use Gitlab-ctl to list the handlers by running ``` sudo gitlab-ctl status ``` * To restart all handlers use the command ``` sudo gitlab-ctl restart ``` or restart a specifice handler ``` sudo gitlab-ctl restart {handler} ``` "For additional information on GitLab maintenance commands, [Click here](https://docs.gitlab.com/omnibus/maintenance/)" ## Jitsi Meet ## 1. Set up your Jitsi Meet installation After choosing your Zone, Network, click on the Marketplace Apps tab, select Jitsi Meet and pick your desired version. A section for Environment Variables will be displayed. Fill in the following information. ![](/docs/images/marketplace/jitsi-meet-01.jpg) ![](/docs/images/marketplace/jitsi-meet-02.jpg) **Your Email** - This is the email address that will receive any LetsEncrypt certificate alerts. **Your Domain** - This is the domain you want to use for your Jitsi Meet instance, we will configure the A records later since we don't know what the public IP will be just yet. - Note: Only input your subdomain or root domain. Do not include "https" or "www". Just "**my-subdomain.rootdomain.com**" ## 2. Initialize your Jitsi Meet After setting your environment variables, choose a server size and then click on "Add a new startup script". This will apply the environment variables you set earlier, so no further action is needed. ![](/docs/images/marketplace/jitsi-meet-03.jpg) Click "Add startup script" to confirm. ![](/docs/images/marketplace/jitsi-meet-04.jpg) Verify that the values for **\{Your Email\}** and **\{Your Domain\}** are correctly entered in the Add New Startup Script configuration. (Optional) Apply any ssh keys you wish to use, and name your instance. Review, and deploy. ## 3. Configure DNS After your server has been created, note the public IP address on the instance overview page, then navigate to your DNS provider for **`your_domain`** and create A records for your domain. Create one mapping for your domain/subdomain, and one prefixed with "www.", as seen in the example below. (use your VM's public IP as the value instead of 0.0.0.0) ![](/docs/images/marketplace/jitsi-meet-05.png) - Note: DNS providers have different methods of doing this, please contact your DNS provider if you are having any issues ## 4. Verify Jitsi deployment SSH into the server using the Username, Public IP Address, and Password provided during instance creation. After logging into the Virtual Machine, run the following command `tail -f /var/log/cloud-init-output.log` to monitor the installation status and confirm when DNS validation and installation are completed ![](/docs/images/marketplace/jitsi-meet-06.jpg) If the output displays **"Jitsi stack started"**, it confirms that the deployment completed successfully and DNS is configured correctly. ## 5. Config user To add authentication/admin user(s), please run the following command and add the `` and `` ![](/docs/images/marketplace/jitsi-meet-07.jpg) ## 6. Check your site Access the Jitsi web console using **\{Your Domain\}** configured during deployment. Users can create meeting rooms after accessing the site. Administrator privileges may require a one-time authentication using the configured `` and `` credentials. --- ## Troubleshooting If your Jitsi Meet installation is having issues, you can inspect the logs by connecting to the system with ssh and using docker-compose. ``` # View logs for all containers cd ~/docker-jitsi-meet-stable-10710 && docker compose -p jitsi-meet logs -f # Optional: View logs for specific containers docker compose -p jitsi-meet logs -f web docker compose -p jitsi-meet logs -f jicofo docker compose -p jitsi-meet logs -f jvb docker compose -p jitsi-meet logs -f prosody ``` If you are having trouble with your domain, or certificates/ssl, try restarting the proxy service. ``` cd ~/docker-jitsi-meet-stable-10710 && docker compose -p jitsi-meet restart web ``` ## Matomo Matomo is an open‑source web analytics platform and a privacy‑focused alternative to Google Analytics. In simple terms, it helps you understand who is visiting your website and how they interact with it—while ensuring that you retain full ownership of your data. ## What Matomo offers Matomo allows you to monitor and analyze key metrics such as: - Total number of visitors - Page views and most‑visited pages - Traffic sources (search engines, social media, direct access, etc.) - Visitor behavior, including clicks, downloads, and form submissions - Goals and conversion tracking ## Deploying instance with Matomo 1. Open your browser and navigate to [https://app.americancloud.com](https://app.americancloud.com) and navigate to 'Cloud Compute' ![](/docs/images/marketplace/matomo-01.jpg) 2. Click "CREATE AN INSTANCE" ![](/docs/images/marketplace/matomo-02.jpg) 3. Choose the appropriate project and click "Proceed." ![](/docs/images/marketplace/matomo-03.jpg) 4. Select the required zone where the instance will be created and choose the server type ![](/docs/images/marketplace/matomo-04.png) 5. Open the Marketplace Apps tab and select "Matomo." 6. Enter the required variables as prompted. ![](/docs/images/marketplace/matomo-05.png) **Important Note**: Do not create an A record in DNS before deploying the instance. Keep the domain name ready and once the instance is successfully created, use the public IP address to create the A record. This helps ensure an error‑free installation. 7. Configure the server with the desired specifications, Add the Startup Script. ![](/docs/images/marketplace/matomo-06.png) 8. Verify that the values entered earlier in the variables section are correctly reflected in the startup script popup. ![](/docs/images/marketplace/matomo-07.png) 9. After clicking "Add Startup Script," ensure the script is visible in the dashboard. Select the required SSH key and click "Deploy Now" to create the instance. ![](/docs/images/marketplace/matomo-08.png) 10. When the "Instance Starting" page appears, use the public IP address to create the DNS A record for the domain specified in the variables or startup scripts. ![](/docs/images/marketplace/matomo-09.png) **Matomo installation** 11. Once the instance is created, open a browser and navigate to the configured domain to begin the Matomo installation. Click "Next" to proceed. ![](/docs/images/marketplace/matomo-10.png) 12. During the system check, ensure that all checks show green ticks. This confirms the environment is correctly configured. Click "Next." ![](/docs/images/marketplace/matomo-11.png) 13. For the database setup, log in to the instance using the SSH key or password. Run the command **`docker ps -a`** to list the database and container names or IDs. ![](/docs/images/marketplace/matomo-12.png) 14. Use the command **`cat /matomo/.env`** to retrieve the database username and password. ![](/docs/images/marketplace/matomo-13.png) 15. Enter the database name, username, and password obtained from the previous step into the database setup page, then click "Next." ![](/docs/images/marketplace/matomo-14.png) 16. The installer will create the required database tables and prompt for confirmation. Click "Next" to continue. ![](/docs/images/marketplace/matomo-15.png) **User configuration and final setup** 17. For the Superuser setup, use the same username and password defined in the startup script. Click "Next." ![](/docs/images/marketplace/matomo-16.png) 18. Configure a website for tracking and click "Next." ![](/docs/images/marketplace/matomo-17.png) 19. The tracking code required for website analytics will be displayed. You may scroll down and click "Next." This tracking code will also be available again after the setup is complete. ![](/docs/images/marketplace/matomo-18.png) **Completion** 20. A confirmation screen will appear indicating that Matomo has been successfully installed. Click "Continue to Matomo" to access the dashboard. ![](/docs/images/marketplace/matomo-19.png) 21. Log in using the Superuser credentials created earlier. ![](/docs/images/marketplace/matomo-20.png) 22. After logging in, the tracking code will be shown again. Choose the preferred method to add this script to your website for analytics tracking. ![](/docs/images/marketplace/matomo-21.png) 23. To add additional websites, click on "All Websites" in the top‑right corner of the dashboard. ![](/docs/images/marketplace/matomo-22.png) ## NextCloud AIO Build ## Build Instance 1. Login to the Web Portal with a valid American Cloud account. 2. On the left navigation column choose 'Cloud Compute'. 3. Click on "Create an Instance" select your "Project" and click "Proceed" 4. Select your location and network. Under "Choose Server Image" select "Marketplace Apps" tab and choose "Nextcloud AIO" ![](/docs/images/marketplace/nextcloud-01.png) ![](/docs/images/marketplace/nextcloud-02.png) 5. Choose a server size and then click "Add a new startup script". ![](/docs/images/marketplace/nextcloud-03.png) ![](/docs/images/marketplace/nextcloud-04.png) 6. Select "ADD STARTUP SCRIPT" in the popup. This will run the initial command to build Nextcloud AIO. ![](/docs/images/marketplace/nextcloud-05.png) 7. Click "Review and Deploy" then "Deploy Now". 8. While the machine is deploying create the DNS A-record using the Public IP. ![](/docs/images/marketplace/nextcloud-06.png) **Note:** DNS providers have different methods of doing this, please contact your DNS provider if you are having any issues **Example** American Cloud DNS Management, insert your Nextcloud instance Public IP instead of 0.0.0.0 ![](/docs/images/marketplace/nextcloud-07.png) 9. Once the VM build is complete open a browser and navigate to https://public_ip:8080. Be sure to annotate the password on this page before proceeding. ![](/docs/images/marketplace/nextcloud-08.png) For further nextcloud documentation [Click Here](https://nextcloud.com/blog/how-to-install-the-nextcloud-all-in-one-on-linux/) ## Troubleshooting Nextcloud - Containers not starting 1. If containers fail to start following nextcloud launch use the reload option. ![](/docs/images/marketplace/nextcloud-09.png) 2. The containers will reload and show as running. If containers remain as starting, stop and restart containers using the "Stop Containers" function. ![](/docs/images/marketplace/nextcloud-10.png) 3. Using one or both of the above techniques the containers should show as running. ## Supabase After choosing your Zone, Network, click on the Marketplace Apps tab, select Supabase and pick your desired version. A section for Environment Variables will be displayed. Fill in the following information. ![](/docs/images/marketplace/supabase-01.png) ## Your Email - This is the email address that will receive any LetsEncrypt certificate alerts. ## Your Domain - This is the domain you want to use for your Supabase instance, we will configure the A records later since we don't know what the public IP will be just yet. - Note: Only input your subdomain or root domain. Do not include "https" or "www". Just "[my-subdomain.rootdomain.com](http://my-subdomain.rootdomain.com/)" ## JWT - [Go here](https://supabase.com/docs/guides/self-hosting/docker#generate-api-keys) to find a new JWT token. Use it to generate an `ANON_KEY` and a `SERVICE_KEY` from it while you're there and paste into the following 2 settings. - *If you don't want to use the key generated by the site, you can create your own with `openssl rand 48 | base64` and use that on that page to generate ANON and SERVICE keys.* ## ANON_KEY - The `ANON_KEY` from the **JWT** step above. ## SERVICE_KEY - The `SERVICE_KEY` from the **JWT** step above. ## BASIC_AUTH_USER - The username you want to use to access Supabase in your browser. ## BASIC_AUTH_PASSWORD - The password you want to use to access Supabase in your browser. ## 2. Initialize your Supabase After setting your environment variables, choose a server size and then click on "Add a new startup script". This will apply the environment variables you set earlier, so no further action is needed. ![](/docs/images/marketplace/supabase-02.png) Click "Add startup script" to confirm. (Optional) Apply any ssh keys you wish to use, and name your instance. Review, and deploy. ## 3. Configure DNS After your server has been created, note the public IP address on the instance overview page, then navigate to your DNS provider for `your_domain` and create A records for your domain. Create one mapping for your domain/subdomain, and one prefixed with "www.", as seen in the example below. (use your VM's public IP as the value instead of 0.0.0.0) ![](/docs/images/marketplace/supabase-03.png) - Note: DNS providers have different methods of doing this, please contact your DNS provider if you are having any issues ## 4. (Optional) Restart Proxy The last step is to tell your server to get new certificates, now that DNS is configured. This step might not be necessary if you configured your A records quickly, since the proxy container usually takes a minute or two to finish starting. SSH into your server, using the Username, IP address, and Password provided to you. - Note: Use your Public IP instead of 0.0.0.0 ``` ssh cloud@0.0.0.0 ``` Once you are in the VM, run the following command to restart your nginx proxy: ``` cd ~/nginx && docker compose restart nginx ``` ## 5. Check your site Congratulations! Your Supabase will be available shortly at the domain you configured earlier. Just be aware that the proxy can take a few minute to initialize and apply certificates, so try waiting 2 minutes or so before inspecting the VM. ## Troubleshooting If your Supabase installation is having issues, you can inspect the logs by connecting to the system with ssh and using docker compose. ``` cd ~/supabase/docker && docker compose logs -f ``` ``` cd ~/nginx && docker compose logs -f ``` If you are having trouble with your domain, or certificates/ssl, try restarting the proxy service. ``` cd ~/nginx && docker compose restart nginx ``` If you are stuck on the page that says "Connecting to Default Project", you may wish to recreate your database. ![](/docs/images/marketplace/supabase-04.png) To recreate your database, run the following commands to recreate your database: ``` cd ~/supabase/docker docker compose down sudo rm -rf volumes/db/data/ docker compose up -d ``` ## Wordpress on Open Lite Speed ![](/docs/images/marketplace/wordpress-on-open-lite-speed-01.png) ## OpenLite Speed LiteSpeed is a high-performance web server known for its speed and efficiency. Utilizing an event-driven architecture, it outpaces traditional servers like Apache, handling numerous connections with minimal resource usage. With advanced caching and support for protocols like HTTP/3, LiteSpeed significantly accelerates website loading times. Its built-in security features, including a Web Application Firewall (WAF), defend against online threats. LiteSpeed is a popular choice for high-traffic websites, offering optimal performance, scalability, and user-friendly configuration interfaces for seamless integration and management, making it a preferred solution for businesses and developers aiming to deliver fast, secure, and responsive web experiences. ## Create Instance 1. Login to the Web Portal with a valid American Cloud account. 2. On the left navigation column choose 'Cloud Compute'. 3. Click on "Create an Instance" select your "Project" and click "Proceed" 4. Select your location and network. Under "Choose Server Image" select "Marketplace Apps" tab and choose "WordPress" ![](/docs/images/marketplace/wordpress-on-open-lite-speed-02.png) ![](/docs/images/marketplace/wordpress-on-open-lite-speed-03.png) 5. Choose a server size. ![](/docs/images/marketplace/wordpress-on-open-lite-speed-04.png) 6. ***Optional*** Generate or add SSH key. Click on Review and Deploy once reviewed click on Deploy Now. 7. ***Optional*** While the Wordpress VM is deploying a DNS record can be added if you already know what domain you are going to use for your site. The Public IP can be found under the Overview of the VM. ![](/docs/images/marketplace/wordpress-on-open-lite-speed-05.png) **Note:** DNS providers have different methods of doing this, please contact your DNS provider if you are having any issues If desired American Cloud offers complimentary DNS Management. Add your domain to the DNS Management section in the left navigation menu on American Cloud. Afterwards go to your registar's website and point your domain to the American Cloud nameservers: [ns1.americancloud.org](http://ns1.americancloud.org/) and [ns2.americancloud.org](http://ns2.americancloud.org/). Inside the American Cloud UI navigate to the DNS Manager and create the appropriate A records. **Example Below:** Inside American Cloud DNS Management click the edit pencil for your new domain and create the appropriate A records, remember to swap 0.0.0.0 for your new Public IP address. ![](/docs/images/marketplace/wordpress-on-open-lite-speed-06.png) 8. Navigating to the Public IP Address via a browser will display the OpenLiteSpeed landing page. Select the Quickstart Guide link to open LiteSpeed docs if desired. ![](/docs/images/marketplace/wordpress-on-open-lite-speed-07.png) - [OpenLiteSpeed Quickstart Guide](https://docs.litespeedtech.com/cloud/images/wordpress/) 9. As directed on the LiteSpeed landing page SSH into the Wordpress instance utilizing the public ip, username, and password found on the instance overview page. ## Configure Litespeed ### Installed Software ![](/docs/images/marketplace/wordpress-on-open-lite-speed-08.png) 1. SSH into the instance ``` ssh cloud@public_ip ``` For further information on Using SSH [Click Here](https://docs.americancloud.com/hc/docs/articles/1722537850-managing-ssh-keys). 2. Insert Domain ``` Your domain: YOUR_DOMAIN.com ``` 3. Confirm Domain Name ``` The domain you put is: YOUR_DOMAIN.com Please verify it is correct. [y/N] y ``` 4. Determine if let's encrypt is ideal for the sites certificate and select y/n ``` Do you wish to issue a Let's encrypt certificate for this domain [y/N] ``` 5. Enter and confirm the email for the certificate ``` Please enter your E-mail: YourEmail@domain.com The E-mail you entered is: YourEmail@domain.com Please verify it is correct: [y/N] ``` **Note:** Once email is confirmed a key cert will be created. The read-out identify the location of the cert and logs. If a failure occurs at this point, check DNS to ensure A records have been updated. 6. Determine to force HTTPS rules be applied ``` Do you wish to force HTTPS rewrite rule for this domain? [y/N] ``` 7. Next determine whether or not to update the system ``` Do you wish to update the system now? This will update the web server as well. [Y/n]? ``` 8. Once the update is complete the site will be running at the domain specified. Open a browser and navigate to the site. Here the initial landing page for wordpress with be displayed ## Environment Differences - `cloud` is the default user for inital setup VM's in the American Cloud environment. The DB and panel passwords are stored in the root directory. Follow the below steps to access these passwords. 1. Access root utilizing `sudo -i` or preferred method. 2. Use the command `cat .db_password` which will present the MySQL root and wordpress passwords. 3. Use the command `cat .litespeed_password` to retrieve the panel password. --- # WordPress Managed WordPress hosting and site management ## Enterprise WordPress plans For WordPress Reseller and Enterprise plans, pricing and resources are tailored to your specific needs. These plans are designed for agencies, developers, and organizations that require greater flexibility, higher capacity, and custom performance or security requirements beyond standard packages. Customized plans include the same core benefits—high-performance WordPress acceleration, Redis object caching, SSL/TLS, automated backups, staging and cloning, SSH access, advanced DNS control, and proactive monitoring—while allowing adjustments to storage, bandwidth, account limits, and resource allocations. To discuss pricing, feature customization, or enterprise-level requirements, please [contact our team](/contact-us). We'll work with you to design a WordPress hosting solution that aligns with your technical goals and business growth. ## How to add another WordPress site? This help article explains how to add one or more WordPress sites to your current account. 1. Once you have clicked "Manage your sites", click "Create New Site": ![](/docs/images/wordpress/add-another-wordpress-site-01.png) 2. You will see the setup wizard with two options: A) Choose a domain later, or B) Use a domain you already own. These options allow you to create a site and change the domain later, or to use the domain you already own to start working with the site. ![](/docs/images/wordpress/add-another-wordpress-site-02.png) 3. Once you have selected the domain option and click "Continue", the setup of the new site will start: ![](/docs/images/wordpress/add-another-wordpress-site-03.png) 4. The new site would be manageable from "Your Websites": ![](/docs/images/wordpress/add-another-wordpress-site-04.png) ## How to configure WordPress's DNS? Once you have signed up, the next step would be to configure DNS. To use the American Cloud DNS service, which provides better integration as most records would be automatically created, simply create the following records at your registrar: ``` ns1.wp2tdsc0-0.americancloud.com -> 45.39.56.5 ns2.wp2tdsc0-1.americancloud.com -> 45.39.56.6 ``` Note: The registrar is where you purchased the domain. These nameservers are shown in the WordPress management interface: ![](/docs/images/wordpress/configure-wordpress-dns-01.png) You can also use your own nameservers, for example, CloudFlare. You will need to create the A record: ``` example.com -> 45.39.56.5 www.example.com CNAME example.com ``` Once you have configured the nameservers, the site will usually start resolving within a couple of minutes. ## How to create a WordPress site? American Cloud WordPress Hosting is a managed, performance-focused hosting platform built for secure and scalable WordPress deployments. It combines resource isolation, Redis object caching, AccelerateWP, and CDN integration to deliver fast, stable, and secure websites even under load. Key features include SSL/TLS by default, staging and site cloning, automated backups, and advanced DNS management. Proactive system alerts, strong firewall controls, and two-factor authentication help ensure reliability and security, making American Cloud an ideal choice for agencies, developers, and businesses running mission-critical WordPress sites. 1. To create a WordPress site, log in to [https://americancloud.com](https://americancloud.com) and click "WordPress". The interface shows the different plans you can select: ![](/docs/images/wordpress/create-a-wordpress-site-01.png) 2. Once you have selected the desired plan, the next screen provides confirmation and the opportunity to add an existing domain. Note: You can add the domain later and leave the field blank. ![](/docs/images/wordpress/create-a-wordpress-site-02.png) 3. Once you have clicked "Complete Purchase", the next screen shows the environment creation: ![](/docs/images/wordpress/create-a-wordpress-site-03.png) During this process, the following occurs: - The account is created. - Security settings are applied. - A default WordPress installation is configured. - If no domain was selected during the previous step, a temporary domain is created. 4. That is it! Once the environment is built, you can manage your site: ![](/docs/images/wordpress/create-a-wordpress-site-04.png) ## How to upgrade my WordPress plan? You may have signed up for a 1-site plan, and now you need to add more sites. This help article describes how to upgrade your current active plan: 1. The current active plan is shown under the WordPress dashboard interface: ![](/docs/images/wordpress/upgrade-wordpress-plan-01.png) 2. To upgrade your plan, please click "Actions" and then "Upgrade Plan" under the dropdown menu: ![](/docs/images/wordpress/upgrade-wordpress-plan-02.png) 3. Scroll down a bit to see the "Upgrade Your Plan" widget, and select the new plan: ![](/docs/images/wordpress/upgrade-wordpress-plan-03.png) 4. Click "Upgrade" in the confirmation pop-up: ![](/docs/images/wordpress/upgrade-wordpress-plan-04.png) 5. You will see the "Upgrade Successful" pop-up, click "OK": ![](/docs/images/wordpress/upgrade-wordpress-plan-05.png) 6. After the new environment is built, that is, after the upgrade is performed, you will see the new plan and the available sites: ![](/docs/images/wordpress/upgrade-wordpress-plan-06.png) That is it! You can start adding more sites. ## WordPress migrations We offer complimentary WordPress migrations to make your move to American Cloud simple and risk-free. Our team handles the transfer of your site, databases, and core configurations with minimal downtime, ensuring your site is ready to perform on our platform. No hidden fees, no disruption—just a smooth transition. Should you want to perform the migration, you can do so with the all-in-one WordPress migration plugin. You would install the All-in-One WordPress Migration plugin on their existing site, generate a full site export, and upload it to your new American Cloud WordPress environment. Once imported, the site is verified, caching and performance features are enabled, and SSL is applied—ensuring the site is live, secure, and optimized with minimal downtime. For more information, please review: [https://wordpress.org/plugins/all-in-one-wp-migration/](https://wordpress.org/plugins/all-in-one-wp-migration/) Please feel free to reach out to us for complimentary migrations: [https://americancloud.com/contact-us](https://americancloud.com/contact-us) ## WordPress support Feel free to contact our WordPress support team through the client portal or by submitting a request at [https://americancloud.com/contact-us](https://americancloud.com/contact-us). Our specialists review the site, diagnose issues, and fix problems directly. We tune performance, help to resolve plugin and theme conflicts, assist with updates, and perform basic security checks to keep WordPress sites fast, secure, and reliable. --- # Tutorials Step-by-step guides and how-tos ## Cockpit Installation Cockpit is a tool for server administration that provides you with real-time information about your server's status. It displays data on CPU usage, filesystem statistics, processes, and other relevant details. One of the advantages of using Cockpit is that it does not consume any server resources until you log in to the control panel. The service is only activated when you access the control panel. Cockpit enables you to perform various server administration tasks, such as managing users and addressing network issues. It also allows you to access a terminal from your computer or phone's browser. To log in and manage the system, Cockpit utilizes your system's users and sudo for privilege escalation. As a result, it does not introduce an additional layer of security considerations by creating a separate set of Cockpit-only users for your server. ## Instructions Using the below guides you can install Cockpit on various different Linux OS's. ### Ubuntu Ubuntu 17.04 and later: 1. Install cockpit: `. /etc/os-release` `sudo apt install -t ${VERSION_CODENAME}-backports cockpit` 2. Enable cockpit: `sudo systemctl enable --now cockpit.socket` ### Fedora 1. Install cockpit: `sudo dnf install cockpit` 2. Enable cockpit: `sudo systemctl enable --now cockpit.socket` 3. Ensure that the firewall is open: `sudo firewall-cmd --add-service=cockpit` `sudo firewall-cmd --add-service=cockpit --permanent` ### CentOS CentOS 7 and later: 1. Install cockpit: `sudo yum install cockpit` 2. Enable cockpit: `sudo systemctl enable --now cockpit.socket` 3. Open the firewall: `sudo firewall-cmd --permanent --zone=public --add-service=cockpit` `sudo firewall-cmd --reload` ### Debian Debian 10 and later: 1. To get the latest version, we recommend to enable the backports repository (as root): `. /etc/os-release` `echo "deb http://deb.debian.org/debian ${VERSION_CODENAME}-backports main" > \` `/etc/apt/sources.list.d/backports.list` `apt update` 2. Install or update the package: `apt install -t ${VERSION_CODENAME}-backports cockpit` ### Rocky Linux Rocky Linux 8 and later: 1. Install cockpit `sudo yum install cockpit` 2. Enable cockpit: `sudo systemctl enable --now cockpit.socket` 3. Allow port through firewall: `sudo firewall-cmd --add-service=cockpit --permanent` `sudo firewall-cmd --reload` ## Connecting Juice FS to American Cloud A2 Object Storage 1. Login to the Web Portal with a valid American Cloud account. 2. On the left navigation column choose 'Object Storage' 3. Click on 'Create A2 Storage Unit' to create object storage. ![](/docs/images/tutorials/connecting-juice-fs-to-american-cloud-a2-object-01.png) 4. Choose and fill out the following information location, project, A2 storage name, and volume size ![](/docs/images/tutorials/connecting-juice-fs-to-american-cloud-a2-object-02.png) 5. Obtain the A2 access key and secret key, which will be needed to configure JuiceFS. ![](/docs/images/tutorials/connecting-juice-fs-to-american-cloud-a2-object-03.png) 6. Under the newly create A2 storage click on 'Create Bucket' ![](/docs/images/tutorials/connecting-juice-fs-to-american-cloud-a2-object-04.png) 7. Enter a custom name in 'Bucket Name' ![](/docs/images/tutorials/connecting-juice-fs-to-american-cloud-a2-object-05.png) 8. From your JuiceFS machine use the JuiceFS CLI tool to create a new filesystem that is backed by the American Cloud A2 bucket you created in step 7. You can use the following command, replacing the values in brackets with your own information ``` juicefs create --backend s3 \ --bucket [your-bucket-name] \ --access-key [your-access-key] \ --secret-key [your-secret-key] \ --endpoint https://a2-west.americancloud.com/juicefsa2bucket \ --region a2-west ``` > **Note:** Replace the --endpoint and --region values with the region where you created your American Cloud A2 bucket. 9. Once your new filesystem is created, you can mount it on your JuiceFS machine and use it like any other filesystem. For example, you can use the following command to mount the filesystem: ``` sudo juicefs mount [local-mount-point] [juicefs-mount-point] ``` > **Note:** Replace [local-mount-point] with the path where you want to mount the filesystem on your JuiceFS machine, and replace [juicefs-mount-point] with the name of the JuiceFS filesystem you created in step 3. 10. You can also configure JuiceFS to use American Cloud A2 as a shared file system by setting up a shared file system using NFS or other network filesystem protocols. ## Deploy a simple web app with Kamal Alert: American Cloud doesn't allow 'root' as default. Only users that have a full understanding of their environments and the security implications should use this guide. - Navigate to [https://app.americancloud.com/login](http://cmpprodc0-0.sjc0.usacld.net/login) ## Create an Instance with Start Up Script 1.) In the left navigation pane select "Cloud Compute" ![](/docs/images/tutorials/deploy-a-simple-web-app-with-kamal-01.jpeg) 2.) Select "CREATE AN INSTANCE" ![](/docs/images/tutorials/deploy-a-simple-web-app-with-kamal-02.jpeg) 3.) Select the project to build in and select "Proceed" ![](/docs/images/tutorials/deploy-a-simple-web-app-with-kamal-03.jpeg) 4.) Select between "US-West-0" and "US-West-1" - If wishing to build on our premium stack select "US-West-0" ![](/docs/images/tutorials/deploy-a-simple-web-app-with-kamal-04.jpeg) 5.) Select between Standard or Premium in "US-West-0" and Standard in "US-West-0" ![](/docs/images/tutorials/deploy-a-simple-web-app-with-kamal-05.jpeg) 6.) Select the desired OS/Marketplace App. ![](/docs/images/tutorials/deploy-a-simple-web-app-with-kamal-06.jpeg) 7.) Provision your VM with our custom or default options. ![](/docs/images/tutorials/deploy-a-simple-web-app-with-kamal-07.jpeg) 8.) Select "Add a new Startup Script" ![](/docs/images/tutorials/deploy-a-simple-web-app-with-kamal-08.jpeg) 9.) Add this startup script to the block. Ensure to replace "mypubkey" with your actual pubkey leaving the quotations in place. ``` #!/bin/bash echo "PermitRootLogin yes" >> /etc/ssh/sshd_config SSH_KEY_CONTENT="mypubkey" echo "$SSH_KEY_CONTENT" >> /root/.ssh/authorized_keys chmod 600 /root/.ssh/authorized_keys chown root:root /root/.ssh/authorized_keys systemctl restart sshd echo "SSH configuration for root updated. Root login now permitted with specified key." ``` ![](/docs/images/tutorials/deploy-a-simple-web-app-with-kamal-09.jpeg) 10.) Select "Add startup script" ![](/docs/images/tutorials/deploy-a-simple-web-app-with-kamal-10.jpeg) 11.) Give the instance a customized hostname and label. ![](/docs/images/tutorials/deploy-a-simple-web-app-with-kamal-11.jpeg) 12.) Select "Deploy Now". ![](/docs/images/tutorials/deploy-a-simple-web-app-with-kamal-12.jpeg) ## Confirm Root SSH is enabled ssh using root to confirm access ``` ssh root@'publicip' ``` ## Install Kamal 13.) Now that root ssh access is established on the VM. It's time to install Kamal. There are a couple of prerequisites prior. - Docker and buildx is required on your machine. This tutorial is built on Mac so `brew install docker` and `brew install docker-buildx` was utilized. If docker and buildx is not installed a failure will occur during `kamal setup`. This step may be different depending on OS. It a relatively quick lookup. - The private key matching the public one on your VM should be added to your ssh-agent, you can ensure this is the case by running `ssh-add ~/.ssh/kamal_privkey` (whatever your key is) 14.) Install Kamal locally by running `gem install kamal` or set up an alias to [run in docker.](https://kamal-deploy.org/docs/installation/dockerized/) - If issues arise in step 14, you'll probably need to update ruby and set the ruby environment. 15.) Choose your container registry (it can be public or private), and create a personal access token with `write:packages` scope in order to push images to it. We are going to use [ghcr.io](http://ghcr.io/) and a private registry for this example. 16.) Select user menu in top right corner. ![](/docs/images/tutorials/deploy-a-simple-web-app-with-kamal-13.jpeg) 17.) Select "Settings" ![](/docs/images/tutorials/deploy-a-simple-web-app-with-kamal-14.jpeg) 18.) Scroll to the bottom of the menu and select "Developer settings" ![](/docs/images/tutorials/deploy-a-simple-web-app-with-kamal-15.jpeg) 19.) In the next menu select "Personal access tokens". Then in the dropdown select "Tokens (classic)" ![](/docs/images/tutorials/deploy-a-simple-web-app-with-kamal-16.jpeg) 20.) Select "Generate New Token" followed by "Generate new token (classic)" from the dropdown. ![](/docs/images/tutorials/deploy-a-simple-web-app-with-kamal-17.jpeg) 21.) In the section provide a name for the token and at a minimum select "write:packages" ![](/docs/images/tutorials/deploy-a-simple-web-app-with-kamal-18.jpeg) 22.) Select "Generate token" ![](/docs/images/tutorials/deploy-a-simple-web-app-with-kamal-19.jpeg) 23.) Copy the key to be utilized in the next steps. ![](/docs/images/tutorials/deploy-a-simple-web-app-with-kamal-20.jpeg) 24.) Set your personal access token as `KAMAL_REGISTRY_PASSWORD` using the export command below: ``` export KAMAL_REGISTRY_PASSWORD=ghp_12345abcde ``` 25.) Create a directory for kamal in the location you'd like to run it. For my example I'm simply creating on my `~/Desktop` utilizing `mkdir kamal` 26.) Set up your code, if you haven't already. Make sure you include a `Dockerfile` and that your app returns a `200 ok` on the path `/up` To test we can use some sample code. Inside the kamal directory create two files `Dockerfile` and `server.ts` 27.) server.ts ``` const server = Deno.listen({ port: 80 }); console.log("Server running on http://localhost:80"); for await (const conn of server) { handleConnection(conn); } async function handleConnection(conn: Deno.Conn) { for await (const requestEvent of Deno.serveHttp(conn)) { const url = new URL(requestEvent.request.url); requestEvent.respondWith(new Response("Hello, Kamal!", { status: 200 })); } } ``` 28.) Dockerfile ``` FROM denoland/deno:latest WORKDIR /app COPY server.ts . EXPOSE 80 CMD ["deno", "run", "--allow-net", "server.ts"] ``` ***29. (Optional) Skip this step if you are already using git.*** If your code is not already committed with git, you can continue by simply using git locally by running these commands ``` git init git add . git commit -m "Initial commit" ``` 30.) Initialize kamal by running `kamal init` from the kamal directory. 31.) Update your newly created `config/deply.yml` file located in the kamal directory with the below code. Consult the [Kamal docs](https://kamal-deploy.org/docs/configuration/overview/) for more options. **Ensure to change line 4&13 to reflect the username of the repository. Line 8 will change to server Public IP.** ``` # Name of your application. Used to uniquely configure containers. service: kamal-demo # Name of the container image. image: github-username/kamal-demo # Deploy to these servers. servers: web: - 192.168.0.0 #<-- Put your VM's public IP here # Credentials for your image host. registry: # Specify the registry server, if you're not using Docker Hub server: ghcr.io username: github-username # Always use an access token rather than real password (pulled from .kamal/secrets). password: - KAMAL_REGISTRY_PASSWORD # Configure builder setup. Make sure you use this if you are building on a Mac. builder: arch: amd64 ``` This mapping should already be present but to double-check that your `.kamal/secrets` file includes this mapping run: `KAMAL_REGISTRY_PASSWORD=$KAMAL_REGISTRY_PASSWORD` 32.) Commit your file changes to git - That's it! You're ready to deploy your app. 33.) Run `kamal setup` to begin the build on the host machine. 34.) Verify your app is running on your VM(s) by logging into your VM and checking the app `curl -X GET "http://localhost:80/"` This should return a `Hello, Kamal!` It's important before making your app public to utilize system hardening techniques as they're not installed by default. [Click here](https://rameerez.com/kamal-tutorial-how-to-deploy-a-postgresql-rails-app/) for a good article of reference. ## Deploying Web Applications with Kubernetes on American Cloud Kubernetes Service (ACKS) **Ensure No Other Proxies are Running on the local machine.** Deploying Web Applications with Kubernetes on American Cloud Kubernetes Service (ACKS) ## Prerequisites - Install `kubectl` by following [these instructions](https://kubernetes.io/docs/tasks/tools/#kubectl) - Install `helm` by following [these instructions](https://helm.sh/docs/intro/install/) - Owned domain with the ability to manage DNS - Dockerized application images in a public or private registry (extra steps in section [Connecting to Private Image Repositories](https://docs.americancloud.com/hc/docs/articles/1722539534-deploying-web-applications-with-kubernetes-on-american-cloud-kubernetes-service-acks)) ## 1. Provisioning Kubernetes Cluster 1. Choose a name, project, version, region, and node plan for your ACKS cluster. ![](/docs/images/tutorials/deploying-web-applications-with-kubernetes-on-01.png) ## 2. Connecting to Kubernetes Cluster 1. Once the cluster is in "Running" state: 2. Download the cluster config file by clicking on "Download Config File" ![](/docs/images/tutorials/deploying-web-applications-with-kubernetes-on-02.png) 3. Move the `kube.conf` file to a new directory. You'll be creating more files alongside it in order to set up your app. **Note**: `kube.conf` contains connection details on how your machine will connect and dispatch commands to the cluster. Every action will be of the form: `kubectl --kubeconfig kube.conf` unless you set it as the global kube config. - Set `kube.conf` as the default config by running `export KUBECONFIG=kube.conf`, or by copying the file to `~/.kube/config` **Note**: Example `1-create-admin-user.yaml` ``` apiVersion: v1 kind: ServiceAccount metadata: name: admin-user namespace: kubernetes-dashboard --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: admin-user roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: admin-user namespace: kubernetes-dashboard ``` *This generates one user (the ServiceAccount) and gives it the permissions necessary to access the Dashboard (the ClusterRoleBinding)* - Run `kubectl apply -f 1-create-admin-user.yaml` to create a user profile in order to generate access tokens to log in to the Dashboard. ``` ac-demo % kubectl apply -f 1-create-admin-user.yaml serviceaccount/admin-user created clusterrolebinding.rbac.authorization.k8s.io/admin-user created ``` 4. Run `kubectl proxy` in a new terminal to start the Dashboard UI locally. Leave this running in the background. 5. Open this url in your browser: [http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/](http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/) 6. Run `kubectl -n kubernetes-dashboard create token admin-user` to get a fresh token, and paste it in the input field of the Dashboard login. ![](/docs/images/tutorials/deploying-web-applications-with-kubernetes-on-03.png) 7. You will be met with an empty dashboard, and the namespace `default` selected. ![](/docs/images/tutorials/deploying-web-applications-with-kubernetes-on-04.png) ## 3. Creating App Resources First we want to get our app running in its own pods. Then we can expose it. We are going to create: **1 Deployment** (a prescriptive model of your application including environment variables, port mappings, and scaling details) **1 Service** (a way of allowing external access into your application) If your images are hosted in a private repository, you will need to create **1 Secret** as well (a protected resource containing repository access information, assuming your images are in a private registry) [Connecting to Private Image Repositories](https://docs.americancloud.com/hc/docs/articles/1722539534-deploying-web-applications-with-kubernetes-on-american-cloud-kubernetes-service-acks) Let's continue our example for now by pulling a public image which will run on internal port 8080. **Note**: Example `2-demo-app-deployment.yaml` ``` apiVersion: apps/v1 kind: Deployment metadata: name: demo-app namespace: default spec: replicas: 2 selector: matchLabels: app: demo-app strategy: type: RollingUpdate template: metadata: labels: app: demo-app spec: containers: - image: paulbouwer/hello-kubernetes:1.8 imagePullPolicy: IfNotPresent name: demo-app env: - name: MESSAGE value: Hello world! ports: - containerPort: 8080 --- apiVersion: v1 kind: Service metadata: name: demo-svc spec: type: ClusterIP ports: - port: 80 targetPort: 8080 selector: app: demo-app ``` Deploy by running `kubectl apply -f 2-demo-app-deployment.yaml` You can check on your resources by running `kubectl get pods` and `kubectl get svc`, or by checking in your Dashboard: ![](/docs/images/tutorials/deploying-web-applications-with-kubernetes-on-05.png) ![](/docs/images/tutorials/deploying-web-applications-with-kubernetes-on-06.png) Congratulations! Your application is running in Kubernetes. ## 4. Exposing Your App Next, we must create LoadBalancer and Ingress resources to allow external access. We start by installing the Kubernetes Nginx Ingress Controller ``` ac-demo % helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx "ingress-nginx" has been added to your repositories ``` ``` ac-demo % helm repo update Hang tight while we grab the latest from your chart repositories... ...Successfully got an update from the "ingress-nginx" chart repository Update Complete. ⎈Happy Helming!⎈ ``` ``` ac-demo % helm install nginx-ingress ingress-nginx/ingress-nginx --set controller.publishService.enabled=true NAME: nginx-ingress LAST DEPLOYED: Tue Oct 25 20:40:16 2022 NAMESPACE: default STATUS: deployed REVISION: 1 TEST SUITE: None NOTES: The ingress-nginx controller has been installed. It may take a few minutes for the LoadBalancer IP to be available. You can watch the status by running 'kubectl --namespace default get services -o wide -w nginx-ingress-ingress-nginx-controller' An example Ingress that makes use of the controller: apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: example namespace: foo spec: ingressClassName: nginx rules: - host: www.example.com http: paths: - pathType: Prefix backend: service: name: exampleService port: number: 80 path: / # This section is only required if TLS is to be enabled for the Ingress tls: - hosts: - www.example.com secretName: example-tls If TLS is enabled for the Ingress, a Secret containing the certificate and key must also be provided: apiVersion: v1 kind: Secret metadata: name: example-tls namespace: foo data: tls.crt: tls.key: type: kubernetes.io/tls ``` Take note of the new public ip after a couple minutes by running `kubectl --namespace default get services -o wide -w nginx-ingress-ingress-nginx-controller` Now we create an Ingress to point traffic to the LoadBalancer: **Note**: Example `3-nginx-ingress.yaml` ``` apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: demo-ingress annotations: kubernetes.io/ingress.class: nginx spec: rules: - host: "demo.your_domain_name" http: paths: - pathType: Prefix path: "/" backend: service: name: demo-svc port: number: 80 ``` Before we apply it, we need to ensure that we have a DNS A record pointing your domain to the new public ip of your LoadBalancer. Apply the Ingress: `kubectl apply -f 3-nginx-ingress.yaml` Go to https://demo.your_domain_name and see the Hello Kubernetes app! ![](/docs/images/tutorials/deploying-web-applications-with-kubernetes-on-07.png) ## 5. Securing Your App Now we need to get SSL / HTTPS playing nicely. ``` ac-demo % kubectl create namespace cert-manager namespace/cert-manager created ``` ``` ac-demo % helm repo add jetstack https://charts.jetstack.io "jetstack" has been added to your repositories ``` ``` ac-demo % helm repo update Hang tight while we grab the latest from your chart repositories... ...Successfully got an update from the "jetstack" chart repository ...Successfully got an update from the "ingress-nginx" chart repository Update Complete. ⎈Happy Helming!⎈ ``` ``` ac-demo % helm install cert-manager jetstack/cert-manager --namespace cert-manager --version v1.6.0 --set installCRDs=true NAME: cert-manager LAST DEPLOYED: Tue Oct 25 21:05:28 2022 NAMESPACE: cert-manager STATUS: deployed REVISION: 1 TEST SUITE: None NOTES: cert-manager v1.6.0 has been deployed successfully! In order to begin issuing certificates, you will need to set up a ClusterIssuer or Issuer resource (for example, by creating a 'letsencrypt-staging' issuer). More information on the different types of issuers and how to configure them can be found in our documentation: https://cert-manager.io/docs/configuration/ For information on how to configure cert-manager to automatically provision Certificates for Ingress resources, take a look at the `ingress-shim` documentation: https://cert-manager.io/docs/usage/ingress/ ``` **Note**: Example `4-production-issuer.yaml` ``` apiVersion: cert-manager.io/v1 kind: ClusterIssuer metadata: name: letsencrypt-prod spec: acme: # Email address used for ACME registration email: your_email_address server: https://acme-v02.api.letsencrypt.org/directory privateKeySecretRef: # Name of a secret used to store the ACME account private key name: letsencrypt-prod-private-key # Add a single challenge solver, HTTP01 using nginx solvers: - http01: ingress: class: nginx ``` ``` ac-demo % kubectl apply -f 4-production-issuer.yaml clusterissuer.cert-manager.io/letsencrypt-prod created ``` Update the Ingress by using a new config file: **Note**: Example `5-nginx-ingress-secured.yaml` ``` apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: demo-ingress annotations: kubernetes.io/ingress.class: nginx cert-manager.io/cluster-issuer: letsencrypt-prod spec: tls: - hosts: - demo.your_domain secretName: demo-tls rules: - host: "demo.your_domain" http: paths: - pathType: Prefix path: "/" backend: service: name: demo-svc port: number: 80 ``` ``` ac-demo % kubectl apply -f 5-nginx-ingress-secured.yaml ingress.networking.k8s.io/demo-ingress configured ``` ## Connecting to Private Image Repositories In order to connect to a private image or package repository, a token with sufficient access to pull images needs to be encoded and stored in Kubernetes as a Secret. In this example, we will be connecting to a private registry (GHCR: GitHub Container Registry) which contains a Docker image with a NextJS web application. We create a new personal access token with scope `read:packages` by visiting [https://github.com/settings/tokens/new?scopes=read:packages](https://github.com/settings/tokens/new?scopes=read:packages) ![](/docs/images/tutorials/deploying-web-applications-with-kubernetes-on-08.png) We are granted a token, in this example: `ghp_vMutK7pgmY1d6hOpF9vGeVpcUB34fd0i7O0j` We need a base64 encoded string which contains the username and the token: ``` ac-demo % echo -n "github-username:ghp_vMutK7pgmY1d6hOpF9vGeVpcUB34fd0i7O0j" | base64< Z2l0aHViLXVzZXJuYW1lOmdocF92TXV0SzdwZ21ZMWQ2aE9wRjl2R2VWcGNVQjM0ZmQwaTdPMGo= ``` Create a new file, `.dockerconfigjson`, with the following content: ``` { "auths": { "https://ghcr.io/ORGANIZATION_NAME/IMAGE_REPOSITORY_NAME":{ "username":"github-username", "password":"ghp_vMutK7pgmY1d6hOpF9vGeVpcUB34fd0i7O0j", "email":"YOUR_EMAIL", "auth":"Z2l0aHViLXVzZXJuYW1lOmdocF92TXV0SzdwZ21ZMWQ2aE9wRjl2R2VWcGNVQjM0ZmQwaTdPMGo=" } } } ``` *Note: This docker config format can be used to authenticate any Docker image repository, not just GHCR* Now encode this entire file, which we will save as the secret. ``` ac-demo % cat .dockerconfigjson | base64 ewogICAgImF1dGhzIjogewogICAgICAgICJodHRwczovL2doY3IuaW8vT1JHQU5JWkFUSU9OX05BTUUvSU1BR0VfUkVQT1NJVE9SWV9OQU1FIjp7CiAgICAgICAgICAgICJ1c2VybmFtZSI6ImdpdGh1Yi11c2VybmFtZSIsCiAgICAgICAgICAgICJwYXNzd29yZCI6ImdocF92TXV0SzdwZ21ZMWQ2aE9wRjl2R2VWcGNVQjM0ZmQwaTdPMGoiLAogICAgICAgICAgICAiZW1haWwiOiJZT1VSX0VNQUlMIiwKICAgICAgICAgICAgImF1dGgiOiJaMmwwYUhWaUxYVnpaWEp1WVcxbE9tZG9jRjkyVFhWMFN6ZHdaMjFaTVdRMmFFOXdSamwyUjJWV2NHTlZRak0wWm1Rd2FUZFBNR289IgogICAgCX0KICAgIH0KfQ== ``` This is the configuration file which will be used to create the Secret, along with a Deployment which uses it to connect to the image repository. ``` apiVersion: v1 kind: Secret metadata: name: registry-credentials namespace: default type: kubernetes.io/dockerconfigjson data: .dockerconfigjson: ewogICAgImF1dGhzIjogewogICAgICAgICJodHRwczovL2doY3IuaW8vT1JHQU5JWkFUSU9OX05BTUUvSU1BR0VfUkVQT1NJVE9SWV9OQU1FIjp7CiAgICAgICAgICAgICJ1c2VybmFtZSI6ImdpdGh1Yi11c2VybmFtZSIsCiAgICAgICAgICAgICJwYXNzd29yZCI6ImdocF92TXV0SzdwZ21ZMWQ2aE9wRjl2R2VWcGNVQjM0ZmQwaTdPMGoiLAogICAgICAgICAgICAiZW1haWwiOiJZT1VSX0VNQUlMIiwKICAgICAgICAgICAgImF1dGgiOiJaMmwwYUhWaUxYVnpaWEp1WVcxbE9tZG9jRjkyVFhWMFN6ZHdaMjFaTVdRMmFFOXdSamwyUjJWV2NHTlZRak0wWm1Rd2FUZFBNR289IgogICAgCX0KICAgIH0KfQ== --- apiVersion: apps/v1 kind: Deployment metadata: name: demo-app namespace: default spec: replicas: 2 selector: matchLabels: app: demo-app strategy: type: RollingUpdate template: metadata: labels: app: demo-app spec: containers: - image: ghcr.io/ORGANIZATION_NAME/IMAGE_REPOSITORY_NAME imagePullPolicy: IfNotPresent name: demo-app env: - name: REACT_APP_ENVIRONMENT value: PROD ports: - containerPort: 8080 imagePullSecrets: - name: registry-credentials ``` ## Use Traefik Ingress (Instead of NGINX) In order to use traefik as an ingress controller, simply run these commands and apply this traefik ingress file instead of using nginx. *Note: You still need to configure an A record to point to your domain.* `helm repo add traefik https://helm.traefik.io/traefik` `helm repo update` `helm install traefik traefik/traefik` traefik-ingress.yaml ``` apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: demo-ingress annotations: kubernetes.io/ingress.class: traefik spec: rules: - host: "demo.your_domain" http: paths: - pathType: Prefix path: "/" backend: service: name: demo-svc port: number: 80 ``` ``` ac-demo % kubectl apply -f traefik-ingress.yaml ingress.networking.k8s.io/demo-ingress created ``` ## Enable Autoscaling for your App In order to enable Kubernetes autoscaling follow our [Kubernetes Autoscaling Guide](https://docs.americancloud.com/hc/docs/articles/1722538105-kubernetes-_-autoscaling). ## How to configure CloudPanel backups for A2 storage Rclone is a command-line program used to manage and synchronize files with various cloud storage services and other locations. In this scenario, Rclone is used only for the initial configuration of the A2 object storage, and backups will be performed through the CloudPanel Interface. ## Rclone configuration To configure Rclone you first log in to the server via [SSH](https://docs.americancloud.com/hc/docs/articles/1722537850-managing-ssh-keys). Once you have logged in, please run the following command: `rclone config` The command will open a prompt that looks like the following: To configure Rclone to use A2 storage, the following information is required: - Bucket name - Storage directory - Bucket URL - Secret key - Access key This information can be found in your account under "Object Storage". For more information, please review: [A2 Object Storage](https://docs.americancloud.com/hc/docs/articles/1722538984-a2-object-storage) The easiest way to configure the destination will be to copy the below configuration into the following file: ``` /root/.config/rclone/rclone.conf ``` > **Note:** The name must be [remote] for CloudPanel to detect the configuration: ``` cat /root/.config/rclone/rclone.conf [remote] type = s3 provider = ceph access_key_id = $key_id secret_access_key = $access_key endpoint = a2-west.americancloud.com ``` Make sure to replace $key_id and $access_key with the ones provided under "Object Storage > Bucket > Settings", as shown in the screenshot: ![](/docs/images/tutorials/how-to-configure-cloudpanel-backups-for-a2-storage-01.png) Go back to CloudPanel and configure the bucket name and remote directory: ![](/docs/images/tutorials/how-to-configure-cloudpanel-backups-for-a2-storage-02.png) ## A2 storage If you do not have A2 storage, please review the following article: [A2 storage creation](https://docs.americancloud.com/hc/docs/articles/1722538984-a2-object-storage) ## Testing Backups Once the configuration has been completed, you can test with the following command, which shows remote directories in the bucket and confirms the connection is valid: ``` rclone lsf $remote_bucket_name: -R WordPressBackup/ FullBackup/ ``` ## Creating your first backup To create a manual backup, simply click on "Create Backup" as shown in the screenshot. The backup will be started in the background. ![](/docs/images/tutorials/how-to-configure-cloudpanel-backups-for-a2-storage-03.png) ## How to use MySQL Workbench with Coolify **The below documentation outlines neccessary steps to create a SSH connection between a Coolify MySQL and MySQL Workbench.** ## Set up Instance 1. Create the MySQL resource within Coolify by selecting the project for the resource. The default 'My first project' is utilized for the document. ![]() ![](/docs/images/tutorials/how-to-use-mysql-workbench-with-coolify-01.png) 2. Select the '+Add New Resource'. ![]() ![](/docs/images/tutorials/how-to-use-mysql-workbench-with-coolify-02.png) 3. Select the desired server for the resource. ![]() ![](/docs/images/tutorials/how-to-use-mysql-workbench-with-coolify-03.png) 4. Once the resource list is presented navigate down the page to the databases section. Select 'New MySQL'. ![]() ![](/docs/images/tutorials/how-to-use-mysql-workbench-with-coolify-04.png) 5. Identify the destination for the resource. Either by selecting a previously built or adding a new destination. ![]() ![](/docs/images/tutorials/how-to-use-mysql-workbench-with-coolify-05.png) 6. SSH into the coolify machine. Run the command `sudo docker run --rm -ti --name=ctop -v /var/run/docker.sock:/var/run/docker.sock quay.io/vektorlab/ctop:latest`. This will list containers running on the machine. Using the arrow keys scroll to the MySQL resource and press enter. The container needs to be in a running state to be accessed ![]() ![](/docs/images/tutorials/how-to-use-mysql-workbench-with-coolify-06.png) 7. The containers listening ports will be listed. This port will be used in the next step. ![]() ![](/docs/images/tutorials/how-to-use-mysql-workbench-with-coolify-07.png) 8. Once the resource is complete, 1) add the desired port to communicate on. In the example port 3000 for the local machine and 3306 for the container. 2) Restart the machine to put the new configs in place. ![]() ![](/docs/images/tutorials/how-to-use-mysql-workbench-with-coolify-08.png) 9. Once restared, check the container to ensure ports are configured appropriately by repeating steps 6&7 above. As an example (below), port 3000 is mapped from the local coolify instance to port 3306 if the mysql container. ![]() ![](/docs/images/tutorials/how-to-use-mysql-workbench-with-coolify-09.png) ## Set up Local Host 1. Set up SSH tunnel on your local machine that is running the MySQL client (ie. mysql or MySQL Workbench) by running the below command. ``` ssh -4 -f -N -T -L 3131:127.0.0.1:3000 cloud@coolify_public_ip_here ``` 2. Open MySQL Workbench and select '+' toggle to add a new connection. ![]() ![](/docs/images/tutorials/how-to-use-mysql-workbench-with-coolify-10.png) 3. In the pop up add a name for the connection. Make hostname localhost 127.0.0.1 and port 3131 as set previously. Select test connection. ![](/docs/images/tutorials/how-to-use-mysql-workbench-with-coolify-11.png) 4. Provide the MySQL root password from coolify in the MySQL Workbench pop up. Optionally, save the password to keychain for quick launch. ![](/docs/images/tutorials/how-to-use-mysql-workbench-with-coolify-12.png) 5. Select the newly built connection. If prompted provide root password. ![](/docs/images/tutorials/how-to-use-mysql-workbench-with-coolify-13.png) 6. Select 'Server Status' from the left navigation menu. ![](/docs/images/tutorials/how-to-use-mysql-workbench-with-coolify-14.png) 7. Ensure connection and server is running. ![](/docs/images/tutorials/how-to-use-mysql-workbench-with-coolify-15.png) ![](/docs/images/tutorials/how-to-use-mysql-workbench-with-coolify-16.png) MySQL Workbench is now connected to the Coolify MySQL resource and editable. ## Installing Ubuntu GUI American Cloud VMs are virtualized computing resources, allowing users to run virtual instances of operating systems and applications in the cloud. GUI integration can make it easier for users to interact with these VMs, especially for tasks that require visual feedback or interactions, such as managing the VM's configurations, accessing file systems, or installing software with graphical installers. ## Update & upgrade system ``` sudo apt update && sudo apt upgrade ``` American Cloud utilize a specific cloud.cfg file so customers can manage their VM's via their CMP dashboard. While running the update && upgrade, the system will ask to use the current configured cloud.cfg or the standard Ubuntu. Choose 'N' so management through the CMP is still possible. ![](/docs/images/tutorials/installing-ubuntu-gui-01.png) ## Install xrdp xrdp is a software tool that allows for remote desktop protocol (RDP) connections to Linux-based operating systems such as Ubuntu. It enables remote access to Ubuntu through a graphical user interface (GUI) from another device over a network connection. - To establish a remote connection to the Ubuntu OS, xrdp will be utilized. Install xrdp on the Virtual Machine to facilitate this connection using the below commands. ``` sudo apt-get install xrdp ``` Newly installed packages and space will be identified by the system. Select 'y' and press enter when promted to continue. ``` 0 upgraded, 266 newly installed, 0 to remove and 0 not upgraded. Need to get 130 MB of archives. After this operation, 489 MB of additional disk space will be used. Do you want to continue? [Y/n] y ``` - enable systemctl to start the process ``` sudo systemctl enable xrdp ``` ## Firewall settings - In the American cloud CMP create a new firewall rule allowing port 3389. ![](/docs/images/tutorials/installing-ubuntu-gui-02.png) > For a detailed firewall explanation, [Click Here](/docs/networking/firewall). - If utilizing UFW on linux ensure port 3389 is open for communication with the following command: ``` sudo ufw allow 3389/tcp ``` ## Create port forwarding rule - In the American cloud CMP create a new port forwarding rule for port 3389. ![](/docs/images/tutorials/installing-ubuntu-gui-03.jpg) > For a detailed firewall explanation, [Click Here](/docs/networking/firewall). ## Install Ubuntu Desktop Ubuntu Desktop is a popular Linux-based operating system designed for desktop and laptop computers. It provides a user-friendly interface with a graphical desktop environment, offering a wide range of pre-installed applications for productivity, web browsing, multimedia, and more. Ubuntu Desktop is known for its stability, security, and open-source nature, making it a popular choice for individuals, businesses, and educational institutions seeking a free and powerful operating system. - The below command will install Ubuntu Desktop. This will take several minutes to finish. ``` sudo apt-get install ubuntu-desktop ``` - Reboot the Virtual Machine to ensure everything gets saved properly. ``` sudo reboot ``` ## Mac: Connect to GUI on Mac > **Note:** For this tutorial Microsoft Remote Desktop will be used. In the app store search and install the Microsoft Remote Desktop. There are several remote desktop applications that may work as well. ### Download Microsoft Remote Desktop In the app serch field type 'Microsoft Remote Desktop' press enter. The first application will be Microsoft Remote Desktop, select 'GET'. After a few seconds the application will be downloaded and installed on the system. ![](/docs/images/tutorials/installing-ubuntu-gui-04.png) > **Note:** The picture shows open b/c the application has already been installed on this machine. ### Using Microsoft Remote Desktop Microsoft Remote Desktop is a software application that allows users to remotely access and control Windows-based computers or servers from another device, such as a computer, tablet, or mobile device. It uses the Remote Desktop Protocol (RDP) to establish a secure connection between the local device and the remote Windows-based computer, enabling users to interact with the remote desktop as if they were physically present at that computer. Microsoft Remote Desktop is widely used for remote work, technical support, and server administration, among other purposes. - Follow the steps below to connect to Ubuntu Desktop previously installed 1. Select 'Launchpad' from the tool bar. 2. Select 'Microsoft Remote Desktop' **Input connection information** - The application will launch with a single 'Add PC' switch. Select 'Add PC' or if desired the toolbar to the top select '+' icon. ![](/docs/images/tutorials/installing-ubuntu-gui-05.png) - A new window will appear requesting PC information. In the PC name field input the Public IP of the virtual machine Ubuntu Desktop is running. Additionally, if desired add and save the user account information. Once complete select add. ![](/docs/images/tutorials/installing-ubuntu-gui-06.png) > For help finding the Public IP within the AC CMP, [Click Here](/docs/networking/createmanage-a-virtual-private-cloud-network). ### Connect to the desktop - In the main application window the the new machine will be added. ![](/docs/images/tutorials/installing-ubuntu-gui-07.png) - Now select the three dot toggle on the lower right of the machine and select 'Connect'. ![](/docs/images/tutorials/installing-ubuntu-gui-08.png) - A warning window will populate. Select 'Connect' ![](/docs/images/tutorials/installing-ubuntu-gui-09.png) - In the popup provide the account credentials. ![](/docs/images/tutorials/installing-ubuntu-gui-10.png) - **The new connection has been made.** ![](/docs/images/tutorials/installing-ubuntu-gui-11.png) ## Windows: Connect to GUI on Windows - In windows this tutorial will utilize the built-in 'Remote Desktop Connection' software. ### Open Remote Desktop Connection - In the windows tool bar search field type 'Remote desktop connection' ![](/docs/images/tutorials/installing-ubuntu-gui-12.png) - In the windows popup window select 'Windows Remote Desktop' ![](/docs/images/tutorials/installing-ubuntu-gui-13.png) ### Connect to Ubuntu Desktop 1. Once the software starts, place the public IP in the computer name text box. ![](/docs/images/tutorials/installing-ubuntu-gui-14.png) > For help identifying the public IP, [Click Here](/docs/networking/createmanage-a-virtual-private-cloud-network). - If desired select the grey arrow in the lower left for more options and add user information. ![](/docs/images/tutorials/installing-ubuntu-gui-15.png) - Select 'Connect'. A warning window will populate select 'Yes' in order to continue. ![](/docs/images/tutorials/installing-ubuntu-gui-16.png) - Next sign into the account to continue to the Ubuntu Desktop. ![](/docs/images/tutorials/installing-ubuntu-gui-17.png) - Now the Ubuntu Desktop sign-in will appear. Sign in using the appropriate credintials. ![](/docs/images/tutorials/installing-ubuntu-gui-18.png) - That's it. It's connected. ## Mount or Unmount Drives ## List All Partitions Running the lsblk the available drives will be provided ``` lsblk ``` Once command is ran a read-out will be provided showing available drives similar to below. In this example the volume vdb size 50G is block-storage_1 inside the American Cloud CMP. Additionally, below we can see vdb is not mounted. ``` cloud@Compute-1:~$ lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT loop0 7:0 0 63.3M 1 loop /snap/core20/1822 loop1 7:1 0 91.9M 1 loop /snap/lxd/24061 loop2 7:2 0 49.9M 1 loop /snap/snapd/18357 loop3 7:3 0 63.3M 1 loop /snap/core20/1852 sr0 11:0 1 1024M 0 rom vda 252:0 0 25G 0 disk ├─vda1 252:1 0 24.9G 0 part / ├─vda14 252:14 0 4M 0 part └─vda15 252:15 0 106M 0 part /boot/efi vdb 252:16 0 50G 0 disk ``` ## Partition Drive - Partitioning a drive involves dividing it into one or more logical sections, each of which acts as a separate drive with its own file system. This can be useful for various reasons, such as isolating data for backup or security purposes, installing multiple operating systems on a single drive, or organizing files and folders more efficiently. Partitioning can be done using various tools, such as Disk Management in Windows, Disk Utility in macOS, or fdisk in Linux. - In this example fdisk command will be utilized 1. Identify the drive to partition using `fdisk -l` ``` sudo fdisk -l Disk /dev/loop0: 49.84 MiB, 52260864 bytes, 102072 sectors Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk /dev/loop1: 111.95 MiB, 117387264 bytes, 229272 sectors Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes ``` 2. Use fdisk command to partition the drive. - Identify the drives path. For this example /dev/vdb1 will be placed in fdisk command. This information was retrieved running fdisk -l above ``` sudo fdisk /dev/vdb1 ``` - A readout similar to the below will be displayed confirming drive is open using fdisk command ``` Welcome to fdisk (util-linux 2.37.2). Changes will remain in memory only, until you decide to write them. Be careful before using the write command. The device contains 'ext4' signature and it will be removed by a write command. See fdisk(8) man page and --wipe option for more details. Device does not contain a recognized partition table. Created a new DOS disklabel with disk identifier 0x11b600de. Command (m for help): ``` - fdisk command is a letter based operation where a letter is assigned to a command. Notice (m for help). Press 'm' and enter to enter help mode and print command layout. The first couple of columns are printed below ``` Command (m for help): m Help: DOS (MBR) a toggle a bootable flag b edit nested BSD disklabel c toggle the dos compatibility flag Generic d delete a partition F list free unpartitioned space l list known partition types n add a new partition p print the partition table t change a partition type v verify the partition table i print information about a partition ``` - Create new partition using 'n' command ``` Command (m for help): n Partition type p primary (0 primary, 0 extended, 4 free) e extended (container for logical partitions) Select (default p): p ``` - In the about command once the 'n' command has been given fdisk command request information on the partition type. Here a primary partition will be built identified by the 'p' command. Next we'll be asked the sector in which to build the new partition. The first (1) sector will be selected ``` Partition number (1-4, default 1): 1 ``` - Following the above we'll determine the size of the sector/partition. ``` Last sector, +/-sectors or +/-size{K,M,G,T,P} (10000-97654783, default 97654783): +10G ``` - The new partition of 10G has been built by fdisk command ``` Created a new partition 1 of type 'Linux' and of size 10 GiB. ``` - Notice partition type defaulted to 'Linux in the above read out. fdisk will automatically defualt to 'Linux' In order to change this use the 't' command. Following the 't' command a 'L' command can be given to list all available types ``` 1 EFI System C12A7328-F81F-11D2-BA4B-00A0C93EC93B 2 MBR partition scheme 024DEE41-33E7-11D3-9D69-0008C781F39F 3 Intel Fast Flash D3BFE2DE-3DAF-11DF-BA40-E3A556D89593 4 BIOS boot 21686148-6449-6E6F-744E-656564454649 5 Sony boot partition F4019732-066E-4E12-8273-346C5641494F 6 Lenovo boot partition BFBFAFE7-A34F-448A-9A5B-6213EB736C22 7 PowerPC PReP boot 9E1A2D38-C612-4316-AA26-8B49521E5A8B 8 ONIE boot 7412F7D5-A156-4B13-81DC-867174929325 9 ONIE config D4E6E2CD-4469-46F3-B5CB-1BFF57AFC149 10 Microsoft reserved E3C9E316-0B5C-4DB8-817D-F92DF00215AE 11 Microsoft basic data EBD0A0A2-B9E5-4433-87C0-68B6B72699C7 12 Microsoft LDM metadata 5808C8AA-7E8F-42E0-85D2-E1E90434CFB3 13 Microsoft LDM data AF9B60A0-1431-4F62-BC68-3311714A69AD 14 Windows recovery environment DE94BBA4-06D1-4D40-A16A-BFD50179D6AC 15 IBM General Parallel Fs 37AFFC90-EF7D-4E96-91C3-2D7AE055B174 16 Microsoft Storage Spaces E75CAF8F-F680-4CEE-AFA3-B001E56EFC2D 17 HP-UX data 75894C1E-3AEB-11D3-B7C1-7B03A0000000 18 HP-UX service E2A1E728-32E3-11D6-A682-7B03A0000000 19 Linux swap 0657FD6D-A4AB-43C4-84E5-0933C84B4F4F 20 Linux filesystem 0FC63DAF-8483-4772-8E79-3D69D8477DE4 21 Linux server data 3B8F8425-20E0-4F3B-907F-1A25A76F98E8 22 Linux root (x86) 44479540-F297-41B2-9AF7-D131D5F0458A 23 Linux root (x86-64) 4F68BCE3-E8CD-4DB1-96E7-FBCAF984B709 24 Linux root (ARM) 69DAD710-2CE4-4E3C-B16C-21A1D49ABED3 : ``` - Now the new partition is saved in memory and waiting to be written to disk. To review the newly built partition use the 'p' command ``` Command (m for help): p Disk /dev/vdb: 50 GiB, 53687091200 bytes, 104857600 sectors Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disklabel type: gpt Disk identifier: 0831ABEB-082B-4EF1-AA79-E22EE04FFF74 Device Start End Sectors Size Type /dev/vdb1 2048 20973567 20971520 10G Linux filesystem ``` - To write the changes use the 'w' command. This will write the newly developed partition to the disk ``` Command (m for help): w The partition table has been altered. Calling ioctl() to re-read partition table. Syncing disks. ``` - Using `sudo fdisk -l` double check the build of the new partition ## Format Drive There are different types of Linux format like btrfs, ext2, ext4, xfs, cramfs, ext3 and minix that are compatible with the Linux operating system ### BTRFS - Btrfs: A modern file system for Linux operating systems that provides features such as snapshots, compression, and checksums for data integrity. It is designed to improve performance, scalability, and manageability of file storage on modern systems. ### EXT2 - Ext2: A traditional file system for Linux operating systems that was introduced in the early 1990s. It provides support for basic file and directory operations and has been widely used in Linux distributions. However, it lacks some modern features such as journaling and dynamic resizing. ### EXT4 - Ext4: A modern file system for Linux operating systems that provides features such as journaling, support for large files and directories, and improved performance and scalability. It is the default file system in many Linux distributions and is widely used in production environments. ### XFS - XFS: A high-performance file system for Linux and other Unix-like operating systems. It was designed for scalability, supporting file systems up to 16 exabytes in size, and is optimized for handling large files and high-volume data throughput. XFS is widely used in enterprise and cloud environments. ### CRAMFS - Cramfs (Compressed ROM File System): A read-only file system commonly used in embedded systems such as routers, set-top boxes, and smartphones. It is designed to save storage space by compressing the file system and is loaded into memory at boot time for fast access. ### EXT3 - Ext3: A journaled file system for Linux operating systems that was introduced in 2001. It provides support for basic file and directory operations and also includes a journaling system for improved reliability and faster recovery from crashes. Ext3 is widely used in Linux distributions but has been largely replaced by Ext4. ### MINIX - MINIX: A file systems using a simple structure consisting of a boot block, superblock, and inode block. To format the drive follow the following steps: 1. Identify drive to format. If partitioning occured in the above step select the partition. 2. Run the below command to format drive. If desired change `ext4` to different format. ``` sudo mkfs.ext4 /dev/vdb1 ``` - Readout should look similar to: ``` mke2fs 1.46.5 (30-Dec-2021) Discarding device blocks: done Creating filesystem with 12206848 4k blocks and 3055616 inodes Filesystem UUID: a86a8d51-0ed0-4818-9c81-b7afb8c77309 Superblock backups stored on blocks: 32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208, 4096000, 7962624, 11239424 Allocating group tables: done Writing inode tables: done Creating journal (65536 blocks): done Writing superblocks and filesystem accounting information: done ``` - The drive is now formatted to ext4 ## Create Mount Point A mount point directory is a directory in a file system that serves as a reference point for accessing a storage device or a partition. When a storage device is connected to a computer or server, it must be mounted to be accessed by the system. Create the directory within /mnt by running the following command. ``` sudo mkdir /mnt/vdb1 ``` - To check creation run: ``` ls /mnt ``` ## Mount the Partition - Now that the new partition has been built, formatted, and created a mount point. Mount the partition. The below commands will be ran ``` sudo mount /dev/vdb1 /mnt/vdb1 ``` - There will not be a readout from this command. To check mounting use command `lsblk` as described in previous steps ``` cloud@Compute-AC-9:~$ lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS loop0 7:0 0 49.8M 1 loop /snap/snapd/18357 loop1 7:1 0 111.9M 1 loop /snap/lxd/24322 loop2 7:2 0 63.3M 1 loop /snap/core20/1828 loop3 7:3 0 63.3M 1 loop /snap/core20/1852 loop4 7:4 0 53.2M 1 loop /snap/snapd/18933 sr0 11:0 1 1024M 0 rom vda 252:0 0 25G 0 disk ├─vda1 252:1 0 24.9G 0 part / ├─vda14 252:14 0 4M 0 part └─vda15 252:15 0 106M 0 part /boot/efi vdb 252:16 0 50G 0 disk └─vdb1 252:17 0 10G 0 part /mnt/vdb1 ``` - In the above, vdb1 has been mounted to /mnt/vdb1 as depicted in the MOUNTPOINTS column > **Note:** The example uses partitions and drives on the local machine. Ensure to use accurate [paths] on your local machine. ## Unmount Partition - A drive can be unmounted using the 'umount' command ``` sudo umount /dev/vdb1 ``` - There will be no readout from this command. To check the success of the operation use the 'lsblk' command ``` lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS loop0 7:0 0 49.8M 1 loop /snap/snapd/18357 loop1 7:1 0 111.9M 1 loop /snap/lxd/24322 loop2 7:2 0 63.3M 1 loop /snap/core20/1828 loop3 7:3 0 63.3M 1 loop /snap/core20/1852 loop4 7:4 0 53.2M 1 loop /snap/snapd/18933 sr0 11:0 1 1024M 0 rom vda 252:0 0 25G 0 disk ├─vda1 252:1 0 24.9G 0 part / ├─vda14 252:14 0 4M 0 part └─vda15 252:15 0 106M 0 part /boot/efi vdb 252:16 0 50G 0 disk └─vdb1 252:17 0 10G 0 part ``` - Notice the mountpoint has been removed from vdb1 > **Note:** If desired use fdisk to remove partition from drive. All the examples have been built on an American Cloud CMP Block Storage drive. ## s3cmd (Simple Storage Service Command Line Tool and API) The S3 API allows developers to interact with S3 storage resources programmatically, enabling them to create, manage, and manipulate objects (files) in S3 buckets (containers) using various operations. The S3 API is RESTful (Representational State Transfer) in nature, which means it follows the principles of the REST architecture and uses standard HTTP methods, such as GET, PUT, POST, DELETE, etc., to perform operations on S3 objects and buckets. The S3 API supports both synchronous and asynchronous operations, allowing developers to interact with S3 in real-time or perform batch operations as needed. The s3 API requires install and configuration. Follow the steps below to get started: ## Install To install run the apt install as shown below. ``` sudo apt install s3cmd ``` - The system will provide warning of packages that'll be installed and size requirements. When prompted type 'y -> enter' to continue. ``` The following NEW packages will be installed: python3-dateutil s3cmd 0 upgraded, 2 newly installed, 0 to remove and 1 not upgraded. Need to get 199 kB of archives. After this operation, 861 kB of additional disk space will be used. Do you want to continue? [Y/n] ``` - If running homebrew for Mac use brew install. ``` brew install s3cmd ``` ## Configure s3cmd ### URL and API Keys The URL and API keys are required for configuration. Follow the steps below to configure s3cmd with the American Cloud CMP. 1. Sign into American Cloud CMP 2. On the left navigation column choose 'Storage' 3. Choose the A2 Object Storage header tab select 'Manage' #### Endpoint URL The S3 API endpoint URL is the web address used to interact with Amazon S3 programmatically. It specifies the S3 service region and provides a RESTful interface for performing operations on S3 objects and buckets via HTTP/HTTPS requests. The endpoint should follow the below configuration. ![](/docs/images/tutorials/s3cmd-simple-storage-service-command-line-tool-and-01.png) 4. Select Object Storage 'Settings' 5. Select 'Keys' inside settings menu #### API Keys S3 API keys are access credentials that enable programmatic interaction with Amazon S3. They consist of an access key and a secret access key, and are used to authenticate requests to perform operations on S3 objects and buckets via the S3 API. ![](/docs/images/tutorials/s3cmd-simple-storage-service-command-line-tool-and-02.png) ### Configure Using s3 Wizard The S3 configuration wizard is a tool that guides users through the process of setting up and configuring an Object Storage bucket. It provides step-by-step instructions for configuring access permissions, encryption, and other settings for the bucket.- Start the configurer by entering the below command. Below are the steps to configure with American Cloud's A2 Object Storage. #### Start the Wizard Once install, s3 commands will be recognized. To start the configuration wizard run the following: ``` s3cmd --configure ``` - Once started a readout like below will populate asking for the access key. ``` cloud@Compute-1:~$ s3cmd --configure Enter new values or accept defaults in brackets with Enter. Refer to user manual for detailed description of all options. Access key and Secret key are your identifiers for Amazon S3. Leave them empty for using the env variables. Access Key: ``` #### Key Placement Identification of American Object Storage Keys was explained in previous steps. Easily copy/paste the keys in the respective location as requested by the configuration wizard. [US] for connecting can be left as default. ``` Access Key: EXAMPLEJYJGRYBV6X Secret Key: EXAMPLEIuxqWjBad31hjQi3Eo97YM4 Default Region [US]: ``` #### Endpoint URL Identification of American Object Storage endpoint URL was explained in previous steps. Easily copy/paste the American Cloud endpoint. Below example is for buckets within American Cloud West region. This may change for some. ``` Use "s3.amazonaws.com" for S3 Endpoint and not modify it to the target Amazon S3. S3 Endpoint [s3.amazonaws.com]: a2-west.americancloud.com ``` #### DNS The S3 configuration wizard prompts for a URL template to access the bucket. Using the variable %(bucket)s. For this example in American Cloud object storage place 'n' for NO and press enter. ``` Use "%(bucket)s.s3.amazonaws.com" to the target Amazon S3. "%(bucket)s" and "%(location)s" vars can be used if the target S3 system supports dns based buckets. DNS-style bucket+hostname:port template for accessing a bucket [%(bucket)s.s3.amazonaws.com]: ``` #### Encryption Password The S3 configuration wizard may prompt for an optional encryption password. GPG encryption protects files both in transit and while stored on American Cloud's A2 Object Storage, unlike HTTPS which only protects files in transit. ``` Encryption password is used to protect your files from reading by unauthorized persons while in transfer to S3 Encryption password: ``` #### Path to GPG If using GPG a path to is required in the next prompt. On linux machines leave the default. ``` Path to GPG program: ``` #### HTTPS Next the wizard will prompt to use HTTPS which will protect traffic while being transmitted. Press enter to except the default of [Yes]. ``` When using secure HTTPS protocol all communication with Amazon S3 servers is protected from 3rd party eavesdropping. This method is slower than plain HTTP, and can only be proxied with Python 2.7 or newer Use HTTPS protocol [Yes]: ``` #### Proxy Leave blank and press enter unless running proxy. If so place IP or domain here. ``` On some networks all internet access must go through a HTTP proxy. Try setting it here if you can't connect to S3 directly HTTP Proxy server name: ``` #### Validate and Test The wizard will provide an overview of all newly assigned settings. Validate all settings are correct and input 'Y' to run test with provided settings. ``` New settings: Access Key: Secret Key: Default Region: US S3 Endpoint: s3.amazonaws.com DNS-style bucket+hostname: n Encryption password: Path to GPG program: None Use HTTPS protocol: True HTTP Proxy server name: HTTP Proxy server port: 0 Test access with supplied credentials? [Y/n] ``` #### Save Next prompt will ask if saving is desired. If yes type 'Y' press enter. If settings are saved the settings will be placed within the .s3cfg file for further use. If no the settings will be deleted. ``` Save settings? [y/N] ``` #### Retry The wizard next provides the option to retry the configuration. Select between Y/n. ``` Retry configuration? [Y/n] ``` - As previously mentioned, if chosen to save the configuration settings in the wizard, the settings will be stored in the .s3cfg file. If changes to the configuration settings are neccessary, such as generating new keys, easily access the .s3cfg file by running the command `vi .s3cfg` in your terminal or command prompt, and then edit the document accordingly. ``` [default] access_key = ACCESS KEY HERE secret_key = SECRET KEY HERE access_token = add_encoding_exts = add_headers = bucket_location = US ca_certs_file = cache_file = check_ssl_certificate = True check_ssl_hostname = True cloudfront_host = cloudfront.amazonaws.com connection_max_age = 5 connection_pooling = True content_disposition = content_type = default_mime_type = binary/octet-stream delay_updates = False delete_after = False delete_after_fetch = False delete_removed = False dry_run = False enable_multipart = True encoding = UTF-8 encrypt = False expiry_date = expiry_days = expiry_prefix = follow_symlinks = False force = False get_continue = False gpg_command = None gpg_decrypt = %(gpg_command)s -d --verbose --no-use-agent --batch --yes --passphrase-fd %(passphrase_fd)s -o %(output_file)s %(input_file)s gpg_encrypt = %(gpg_command)s -c --verbose --no-use-agent --batch --yes --passphrase-fd %(passphrase_fd)s -o %(output_file)s %(input_file)s gpg_passphrase = guess_mime_type = True host_base = a2-west.americancloud.com host_bucket = a2-west.americancloud.com human_readable_sizes = True invalidate_default_index_on_cf = False invalidate_default_index_root_on_cf = True invalidate_on_cf = False kms_key = limit = -1 limitrate = 0 list_allow_unordered = False list_md5 = False log_target_prefix = long_listing = False max_delete = -1 mime_type = multipart_chunk_size_mb = 500 multipart_copy_chunk_size_mb = 2048 multipart_max_chunks = 10000 preserve_attrs = True progress_meter = True proxy_host = proxy_port = 0 public_url_use_https = True put_continue = False recursive = False recv_chunk = 65536 reduced_redundancy = False requester_pays = False restore_days = 1 restore_priority = Standard send_chunk = 65536 server_side_encryption = False signature_v2 = False signurl_use_https = True simpledb_host = sdb.amazonaws.com skip_existing = False socket_timeout = 300 ssl_client_cert_file = ssl_client_key_file = stats = False stop_on_error = False storage_class = throttle_max = 100 upload_id = urlencoding_mode = normal use_http_expect = False use_https = True use_mime_magic = True verbosity = WARNING website_endpoint = https://a2-west.americancloud.com/ website_error = website_index = index.html`^` ``` ## Add Buckets Object storage buckets are containers for storing and organizing large volumes of unstructured data, such as files, images, and videos, in the cloud. They provide scalable, durable, and cost-effective storage solutions, allowing users to upload, retrieve, and manage data using APIs or web interfaces. Below are list of commands for adding buckets. ### Make Bucket Command ``` # Use mb (make bucket) command s3cmd mb s3://americancloud-1 ``` ``` cloud@Compute-1:~$ s3cmd mb s3://americancloud-1 Bucket 's3://americancloud-1/' created ``` - Using the ls command list buckets. ``` s3cmd ls ``` - The new bucket is listed. ``` cloud@Compute-1:~$ s3cmd ls 2023-04-19 23:46 s3://americancloud-1 2023-04-19 21:02 s3://bucketac2 ``` - As expected the bucket has been placed inside AC CMP. ![](/docs/images/tutorials/s3cmd-simple-storage-service-command-line-tool-and-03.png) ## Removing a Bucket Removing buckets is a process that permanently deletes a bucket and all its objects. To remove a bucket, the user must have appropriate permissions, and all objects within the bucket must be deleted first. Once a bucket is removed, its data cannot be recovered. It is important to exercise caution and ensure backups are in place before deleting any buckets in S3. ### Remove Bucket Command ``` s3cmd rb ``` ``` cloud@Compute-1:~$ s3cmd rb s3://ac-123 Bucket 's3://ac-123/' removed ``` - CMP side the bucket has been removed as well. ![](/docs/images/tutorials/s3cmd-simple-storage-service-command-line-tool-and-04.png) ## List Buckets and Files Listing files in S3 involves retrieving a list of objects (files) stored within a specific bucket. The list typically includes information such as object names, sizes, and metadata. It can be useful for navigating and managing objects in S3, including copying, deleting, or downloading files. Proper access permissions and authentication are required to list files in S3, ensuring data security and privacy. ### List command - The ls command will list the buckets within Object Storage. ``` s3cmd ls ``` ``` cloud@Compute-1:~$ s3cmd ls 2023-04-19 23:46 s3://americancloud-1 2023-04-20 17:51 s3://americancloud-2 ``` - List files within a bucket by running the ls s3://*bucketname. ``` s3cmd ls s3://americancloud-1 ``` ``` cloud@Compute-1:~$ s3cmd ls s3://americancloud-1 2023-04-20 03:16 89.6904296875k s3://americancloud-1/AC is Awesome.pages 2023-04-20 00:39 148.197265625k s3://americancloud-1/Screenshot 2023-04-19 at 6.52.20 PM-20230420123958.png 2023-04-20 00:20 148.90234375k s3://americancloud-1/Screenshot 2023-04-19 at 7.19.54 PM-20230420122021.png 2023-04-20 17:15 0 s3://americancloud-1/americancloudisawesome.txt 2023-04-20 17:14 0 s3://americancloud-1/sample.txt ``` - Additionally, list all files within all buckets by executing s3cmd la. ``` s3cmd la ``` ``` cloud@Compute-1:~$ s3cmd la 2023-04-20 03:16 89.6904296875k s3://americancloud-1/AC is Awesome.pages 2023-04-20 00:39 148.197265625k s3://americancloud-1/Screenshot 2023-04-19 at 6.52.20 PM-20230420123958.png 2023-04-20 00:20 148.90234375k s3://americancloud-1/Screenshot 2023-04-19 at 7.19.54 PM-20230420122021.png 2023-04-20 17:15 0 s3://americancloud-1/americancloudisawesome.txt 2023-04-20 17:14 0 s3://americancloud-1/sample.txt 2023-04-20 17:52 0 s3://americancloud-2/americancloudisawesome.txt ``` ## Add Files The "put" command in S3 is a command-line operation that allows users to upload (put) objects (files) from their local system to an S3 bucket. The "put" command requires specifying the source file path, destination S3 bucket name, and object key (file name) to store the object in S3. Proper permissions and authentication are necessary for successful object uploads. ### PUT Command - Single file upload ``` s3cmd put /file s3://americancloud-1 ``` ``` s3cmd put americancloudisawesome.txt s3://americancloud-1 upload: 'americancloudisawesome.txt' -> 's3://americancloud-1/americancloudisawesome.txt' [1 of 1] 0 of 0 0% in 0s 0.00 B/s done ``` - Multiple file upload ``` s3cmd put ac1.txt ac2.txt path/to/ac3.txt s3://americancloud-1 ``` ``` s3cmd put acisawesome.txt americancloudisawesome.txt s3://bucketac4 upload: 'acisawesome.txt' -> 's3://bucketac4/acisawesome.txt' [1 of 2] 0 of 0 0% in 0s 0.00 B/s done upload: 'americancloudisawesome.txt' -> 's3://bucketac4/americancloudisawesome.txt' [2 of 2] 0 of 0 0% in 0s 0.00 B/s done ``` - Change name during upload ``` s3cmd put ac1.txt s3://americancloud-1/newname.txt ``` ``` s3cmd put test.txt s3://bucketac4/ac-2.txt upload: 'test.txt' -> 's3://bucketac4/ac-2.txt' [1 of 1] 0 of 0 0% in 0s 0.00 B/s done ``` - If desired an entire director can be moved using 'sync' command. Idea for backup scenarios ``` cloud@Compute-AC-9:~$ s3cmd sync /home/cloud s3://bucketac4 upload: '/home/cloud/.bash_history' -> 's3://bucketac4/cloud/.bash_history' [1 of 12] 0 of 0 0% in 0s 0.00 B/s done upload: '/home/cloud/.bash_logout' -> 's3://bucketac4/cloud/.bash_logout' [2 of 12] 220 of 220 100% in 0s 7.99 KB/s done upload: '/home/cloud/.bashrc' -> 's3://bucketac4/cloud/.bashrc' [3 of 12] ``` ## Retrieving Files To retrieve files in S3, a cloud-based object storage service, you can use the S3 API or S3 console. First, authenticate and authorize access, then specify the S3 bucket and object key to identify the file. Use the appropriate method, such as GET, to retrieve the file from S3. Optionally, you can configure access control and encryption settings for added security. ### GET Command #### Single file download ``` s3cmd get s3://[bucketname]/filename ``` ``` s3cmd get s3://bucketac4/ac-2.txt download: 's3://bucketac4/ac-2.txt' -> './ac-2.txt' [1 of 1] 0 of 0 0% in 0s 0.00 B/s done ``` #### Multiple file download ``` s3cmd get s3://bucketac4/test1.txt s3://bucketac4/test2.txt download: 's3://bucketac4/test1.txt' -> './test1.txt' [1 of 2] 0 of 0 0% in 0s 0.00 B/s done download: 's3://bucketac4/test2.txt' -> './test2.txt' [2 of 2] 0 of 0 0% in 0s 0.00 B/s done ``` #### Change file name ``` s3cmd get s3://[bucketname]/filename newfilename ``` ``` s3cmd get s3://bucketac4/ac-4.txt ac-5.txt --recursive download: 's3://bucketac4/ac-4.txt' -> 'ac-5.txt' [1 of 1] 0 of 0 0% in 0s 0.00 B/s done ``` #### Use of --recursive. To pull all files from a bucket use the recursive flag. ``` s3cmd get s3://[bucketname]/ --recursive ``` ``` s3cmd get s3://bucketac4/ --recursive download: 's3://bucketac4/Screenshot 2023-04-18 at 11.03.46 PM-20230423120714.png' -> './Screenshot 2023-04-18 at 11.03.46 PM-20230423120714.png' [1 of 10] 512226 of 512226 100% in 0s 1229.82 KB/s done download: 's3://bucketac4/Screenshot 2023-04-21 at 5.20.19 PM-20230423120721.png' -> './Screenshot 2023-04-21 at 5.20.19 PM-20230423120721.png' [2 of 10] 42789 of 42789 100% in 0s 432.86 KB/s done ``` ## Removing Files Deleting a file in S3 is a straightforward process. Deleted files cannot be retrieved. ### Remove Command #### Remove files ``` s3cmd rm s3://[bucketname]/filename ``` ``` s3cmd rm s3://bucketac4/ac-5.txt delete: 's3://bucketac4/ac-5.txt' ``` #### Remove multiple files ``` s3cmd rm s3://bucketac4/ac-2.txt s3://bucketac4/ac-4.txt delete: 's3://bucketac4/ac-2.txt' delete: 's3://bucketac4/ac-4.txt' ``` #### Remove all files from a bucket use the recursive and force flag. ``` s3cmd rm s3://[bucketname]/ --recursive --force ``` ``` s3cmd get s3://bucketac4/ --recursive download: 's3://bucketac4/Screenshot 2023-04-18 at 11.03.46 PM-20230423120714.png' -> './Screenshot 2023-04-18 at 11.03.46 PM-20230423120714.png' [1 of 10] 512226 of 512226 100% in 0s 1229.82 KB/s done download: 's3://bucketac4/Screenshot 2023-04-21 at 5.20.19 PM-20230423120721.png' -> './Screenshot 2023-04-21 at 5.20.19 PM-20230423120721.png' [2 of 10] 42789 of 42789 100% in 0s 432.86 KB/s done ``` ## Setting Domain Registrar's Nameservers to American Cloud Nameservers Although American Cloud is not a domain registrar our free DNS Manager will work with any domain registrar. Using American Cloud DNS Manager you will need to set your domain registrar to use American Cloud's nameservers. Below are step-by-step guides on how to find your domain registrar and how to change nameservers for popular domain registrars. American Cloud Nameservers can be located in the American Cloud App in your DNS Management portal ## Looking up your Domain Registrar To lookup your domain's registrar you can use [https://www.whois.com/whois/](https://www.whois.com/whois/) to enter your domain and click search. ![](/docs/images/tutorials/setting-domain-registrars-nameservers-to-american-01.png) The results will provide you with your domain registrar information. ![](/docs/images/tutorials/setting-domain-registrars-nameservers-to-american-02.png) ## Changing your Nameservers Now that you know your domain registrar, you will need to login to your registrar account. Once you are logged into please use the below guides for your domain registrar to change the naeservers. ### easyDNS 1. Log into your easyDNS account. 2. Click on WHOIS. 3. Under NAME SERVERS click on EDIT. 4. Enter your name servers in the spaces provided. You can also click on the link to use the default easyDNS name servers for your domain. 5. Click NEXT. 6. Confirm your changes. ### NameCheap 1. Sign in to your Namecheap account. 2. Select Domain List from the left sidebar and click the Manage button next to your domain: 3. Find the Nameservers section and select your preferred option from the drop-down menu. Click on the green checkmark to save the changes: ### GoDaddy 1. Sign in to your GoDaddy Domain Portfolio. 2. Select the checkbox for domain being changed 3. Select Nameservers from the action menu. 4. Choose the nameserver setting, I'll use my own nameservers 5. Enter your custom nameservers. 6. Select Save, then Continue to complete your updates. ### HostGator 1. Sign in to your HostGator Customr Portal. 2. Click on Domains on the left menu. 3. Click on the More button for the domain to be updated. 4. Click on the Change link under the Name Servers 5. Enter American Cloud's nameservers. WARNING: When changing nameservers at the registrar, it can take up to 24-48 hours for DNS propagation time, where your website and email may not be available. ## Using Node.js to upload files to A2 Storage 1. Login to the Web Portal with a valid American Cloud account 2. Go to Cloud Compute and select the VM to install Node.js on. If no VM is created yet [Click Here](https://docs.americancloud.com/hc/docs/articles/1722537204-cloud-compute). 3. Get the password and public IP for the cloud user of the VM to SSH into the VM 4. SSH into the VM `ssh cloud@"PublicIP"` ## Install and configure Node.js 1. Run `sudo apt-get update` to ensure repositories are up to date 2. Install Node.js onto the VM using `sudo apt install nodejs` 3. Verify Node.js installed using `node -v` 4. Run `sudo apt install npm` to be able to install dependecies 5. Once Node.js is installed a dependency will need to be install `npm install aws-sdk` 6. Create a Node.js script to upload a file `sudo nano upload-to-a2.js` ``` const AWS = require('aws-sdk'); const fs = require('fs'); // Configure AWS SDK with your A2 endpoint and credentials const s3 = new AWS.S3({ endpoint: 'YOUR_A2_ENDPOINT', // Replace with your A2 endpoint. Don't include https:// accessKeyId: 'YOUR_ACCESS_KEY', secretAccessKey: 'YOUR_SECRET_KEY', s3ForcePathStyle: true, region: 'a2-west', // This doesn't need to be specific it can be anything }); // Define the bucket name and file name const bucketName = 'your-bucket-name'; const fileName = 'file-to-upload.txt'; // Rename or code to automatically generate names for files const tenant = 'YOUR_TENANT_ID' ; // Read the file const fileContent = fs.readFileSync(fileName); // Construct the URL with endpoint preceding the bucket name const fileURL = `https://${s3.config.endpoint}/${tenant}:${bucketName}/${fileName}`; // Create parameters for A2 upload const params = { Bucket: bucketName, Key: fileName, // The name you want to give to the file in A2 Body: fileContent, ACL: 'public-read', // Set to different permissions if needed }; // Upload file to A2 Storage s3.upload(params, (err, data) => { if (err) { console.error('Error uploading file:', err); } else { console.log('File uploaded successfully. File URL:', fileURL); } }); ``` ### "YOUR_A2_ENDPOINT" ![](/docs/images/tutorials/using-nodejs-to-upload-files-to-a2-storage-01.png) Copy the bucket URL the only thing needed will be the "[region.americancloud.com](http://region.americancloud.com/)" for the endpoint ### "your-bucket-name" ![](/docs/images/tutorials/using-nodejs-to-upload-files-to-a2-storage-02.png) ### "YOUR_TENANT_ID" ![](/docs/images/tutorials/using-nodejs-to-upload-files-to-a2-storage-03.png) For testing create a file to test uploading `touch file-to-upload.txt` ## Create Object Storage - To create and get the information needed from the A2 Storage [Click Here](https://docs.americancloud.com/hc/docs/articles/1722538984-a2-object-storage). ## Final Step Once Node.js is installed and configured and the A2 storage is setup. This command can be used to run the script `node upload-to-a2.js` ### Below is the successful output. ![](/docs/images/tutorials/using-nodejs-to-upload-files-to-a2-storage-04.png) ## Using SSH (Secured Shell) SSH stands for Secure Shell, and it is a secure network protocol that allows for remote access and control of a computer or server over an unsecured network. It is commonly used by system administrators and developers to securely manage and transfer data between computers over the internet. When connecting to a remote server using SSH, the connection is encrypted, which means that no one can eavesdrop on the communication or steal the login credentials. The encryption ensures that all data, including passwords and other sensitive information, is transmitted securely over the network. To use SSH, it's neccessary to have an SSH client installed on the computer, and the remote server must have an SSH server installed. Also needed is a username and password or a public/private key pair to authenticate to the remote server. Once authenticated, a command-line interface can be utilized to execute commands on the remote server or transfer files securely between computers and the remote server. SSH also allows for the creatation of encrypted tunnels to forward other network services such as HTTP or FTP, making it an essential tool for secure remote access and administration. ## Basic Usage ### Locate Required Credentials - In order to being the connection an IP address/Hostname, Username,and Password are required. In the American Cloud CMP this information can be found in the compute section. Follow the steps below to acquire the information 1. Login to the Web Portal with a valid American Cloud account 2. On the left navigation column choose 'Cloud Compute' 3. In Manage Instance select the desired instance to SSH into - Inside the 'Server Information' page retreive the public IP address, username (default cloud), and copy the password (default is a randomly selected password) ![](/docs/images/tutorials/using-ssh-secured-shell-01.png) ### SSH The Machine - Open a terminal or cmd prompt and type the following command ``` ssh cloud@[IPAddress] ``` ``` ssh cloud@0.0.0.0 The authenticity of host '0.0.0.0 (0.0.0.0)' can't be established. ED25519 key fingerprint is SHA256:EXAMPLEp01iD6zXvKCF+QdF5VLl3MiFrITEXAMPLE. This key is not known by any other names. Are you sure you want to continue connecting (yes/no/[fingerprint])? ``` 1. If this is the first login, a message asking to save the fingerprint will appear. Type 'yes' to continue 2. Next enter the password for the User being logged into ``` cloud@0.0.0.0's password: ``` ## SSH with Keys When using SSH keys, authentication to a remote server is possible without having to enter a password while logging in. Instead, a generated pair of cryptographic keys: a public key and a private key. The public key is uploaded to the remote server, while the private key is stored securely on the local computer. When connecting to the remote server using SSH, the server checks the public key against a list of authorized keys. If the public key is on the list, the server uses it to encrypt a message that can only be decrypted with the paired private key. The server sends this encrypted message back to the local computer, and the local SSH client uses the private key to decrypt the message and authenticate to the server. Using SSH keys has several advantages over using a password for authentication. First, it is more secure because it is much harder for an attacker to guess or steal a private key than it is for them to crack your password. Second, it is more convenient because typing a password every time log in isn't neccessary. And third, it is easier to automate scripts or other processes that require remote access, since the private key can be included in the scripts without having to store a password in plain text. To use SSH keys, first generate a key pair using a tool like ssh-keygen. Then copy the public key to the remote server using a command like ssh-copy-id or by manually appending the public key to the authorized_keys file on the remote server. Finally, configure the SSH client to use the private key when connecting to the remote server. - Follow the steps below to SSH a server 1. Generate the SSH key pair For more information on generating key pairs [Click Here](https://docs.americancloud.com/hc/docs/articles/1722537850-managing-ssh-keys). 2. Save the newly generated SSH key pair to the '/.ssh' directory 3. Place the Public Key in the '/.ssh/authorize_keys' directory - There are two primary ways to accomplish step 3 discussed below ### ssh-copy-id - The ssh-copy-id command is an easy way to add the local machines public key to the remote servers /.ssh/authorized_keys directory. To accomplish this follow the below commands ``` ssh-copy-id cloud@[IPAddress] ``` - After pressing enter the remote server will being receiving ssh key pairs from the local machine. As shown the user's password will be required for completion ``` ssh-copy-id cloud@0.0.0.0 /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/Users/work/.ssh/id_ed25519.pub" /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys cloud@0.0.0.0's password: ``` - Following an accurate password the system will show the number of keys imported and log out ``` Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'cloud@0.0.0.0'" and check to make sure that only the key(s) you wanted were added. ``` Next log back into the remote server using the standard ssh command. If a passphrase was established during generation it will be requested ``` ssh cloud@0.0.0.0 Enter passphrase for key '/Users/joeevans/.ssh/id_ed25519': ``` - A connection not requiring user password will be made ### Placing Public Key in Authorized_keys directory - Another way to accomplish placing a public key into the /.ssh/authorized_keys directory is below. Follow these steps 1. On the local machine naviate to the /.ssh directory. 2. Copy the desired public key. 3. Log into the remote server using the username/password ``` ssh cloud@0.0.0.0 ``` 4. Edit the /.ssh/authorized_keys using the preferred editor. ``` vi /.ssh/authorized_keys ``` 5. Paste the copied public key from the local machine inside the folder ``` ssh-ed25519 Example333lZDI1aaaAAAAIxxxghuGkFSh4256QQoDC+DI5vMwi2EXAMPLE ``` 6. Log out of the remote server using the 'exit' command - It is now possible to log in without needing the user's password. Again if a passphrase was used while generating the key pair input it here. --- # FAQs Frequently asked questions ## Can I change the CIDR of an existing network? CIDR changes are restricted when IP reservations exist or if the new CIDR isn't a valid subset. It is typically more practical to establish a fresh network with the appropriate CIDR parameters from the outset. This approach avoids the limitations and complications associated with modifying existing network configurations that may have dependencies or reservation constraints. ## Can I log in with the root user? Virtual machines are initially created with the "cloud" username, which has sudo privileges. You can modify the VM creation script to enable root. Please review the following article: [Create a VM with the root user](https://docs.americancloud.com/hc/docs/articles/1738366932-instance-creation-with-root-ssh-permitted) ## Can I request specific IP addresses (e.g., within the 25.140.100.x subnet) when purchasing cloud computing resources from your platform? Our system automatically manages and distributes IP addresses from our available pool. When you create a new compute instance, it is automatically assigned one dedicated public IP address. If additional public IPs are required, they can be purchased and managed separately. However, we do not support manual assignment of IPs within a specific subnet. ## Can the global internet infrastructure block American Cloud from operating? American Cloud operates its own network and recursive DNS servers, so from an infrastructure standpoint, we can guarantee uptime and won’t be shut down. However, if major global providers block access to our IP space, it could impact performance due to longer data routing paths. Proper system design can help mitigate these effects. ## Can we move existing VMs to new VPC networks without recreating them? Yes, you can move VMs to new networks by updating their NIC configurations. After completing the network migration, administrators should re-enable static NAT for each VM to restore proper network address translation functionality. This approach offers a more efficient alternative to the traditional method of recreating VMs entirely when network changes are needed. ## How can we create a network using a different CIDR than the default? You can create a network with a different CIDR by specifying the **Gateway** and **Netmask** fields during network creation. ## Example By inputting: - **Gateway:** `10.1.2.1` - **Netmask:** `255.255.255.0` The system generates a network designated as `10.1.2.0/24`. This approach allows administrators to customize their network architecture beyond the default CIDR allocation, enabling flexible network design within the American Cloud platform. ## How is RDNS configured? RDNS is configured by us upon request. To enable it, we require KYC verification, including a government-issued ID, a bank statement showing the American Cloud charge, or other information to validate the customer. ## How to resolve IP conflicts when connecting to multiple networks with the same CIDR? You should create new networks with unique CIDRs to avoid IP overlap. The solution recommends redesigning network architecture to eliminate overlapping address spaces rather than attempting to bridge incompatible configurations. ## Is it possible to live-migrate a VM to a different region? Currently, it is not possible to live migrate a VM to a different region. You can create a backup of the VM and restore it to a different region. For detailed information on creating VM backups please review the following article: [American Cloud Backups](https://docs.americancloud.com/hc/docs/articles/1722537204-cloud-compute) ## Is it possible to scale Kubernetes workers vertically and add more CPU and RAM to a provisioned cluster? Vertical scaling is in our roadmap. As of today, it is not possible to vertically scale a cluster. Horizontal scaling is available by clicking the "Scale Kubernetes" button in the user interface and adding more workers. For more information on deploying Kubernetes applications please review: [American Cloud Kubernetes](https://docs.americancloud.com/hc/docs/articles/1722538069-kubernetes-_-getting-started) ## Is my bill paid automatically from my wallet balance, or do I need to add funds manually? You can either add funds to your wallet or keep a valid payment method on file. If a valid card is available, charges will be made automatically when your invoice is due. ## Is there support for integrating network-based storage solutions such as NFS, and if so, what is the recommended approach for provisioning and attaching such volumes within the cluster? We recommend Longhorn to accomplish PVCs: [https://longhorn.io/](https://longhorn.io/) If using PostgreSQL, please review the following article: [https://docs.percona.com/everest/index.html](https://docs.percona.com/everest/index.html) ## My card is repeatedly declined. I have tried to change the address multiple times, but it is still not working. If the main address is a P.O. Box, please make sure to use the secondary physical address configured for the credit card. ## What is the most efficient way to run a WordPress site with American Cloud? Setting up a compute instance (VM) and running WordPress from the marketplace is the preferred method. Please review the following articles on creating a new VM and running WordPress from the marketplace: [WordPress with Open LiteSpeed](https://docs.americancloud.com/hc/docs/articles/1722539363-wordpress-on-open-lite-speed) [Create VMs with American Cloud](https://docs.americancloud.com/hc/docs/articles/1722537204-cloud-compute) ## What’s the difference between ACE accounts and Public Cloud accounts? ACE (American Cloud Enterprise) accounts provide access to a private cloud with a separate interface and advanced infrastructure tools. They include API access and a Terraform provider. If you're interested, we’d be happy to schedule a demo. --- # Legal ## Acceptable Use Policy Content that does any of the following violates the American Cloud Acceptable Use Policy: - **Promotes violence:** The First Amendment creates a wide swath for free speech. But speech that is directed to inciting or producing imminent lawless action and is likely to incite or produce such action is not protected by the First Amendment. - **Infringes intellectual property rights:** Intellectual property rights are fundamental rights hardwired into the constitution and recognized as critical instruments for the promotion of science and creativity. Content that infringes or misappropriates intellectual property rights runs afoul of the American Cloud Acceptable Use Policy. - **Defames another:** Statements about an individual that are false and that harm the reputation of that individual are not constitutionally protected. Defamatory content violates the American Cloud Acceptable Use Policy. - **Facilitates human trafficking or illegal sex work:** Content that helps the trafficking of human beings as commodities, or that serves to enable other sorts of exploitative activities are contrary to the principles of individual liberty that guide American Cloud. - **Enables the sale of illegal goods:** American Cloud systems should not be used as a marketplace for the buying and selling of goods that would otherwise be illegal in the jurisdictions where the parties to the transaction reside. - **Inflicts psychological harm or invades privacy:** Certain content has the ability to wrongfully inflict devastating harm on others, and is not welcome on any American Cloud system. This includes revenge porn and other content that is intended primarily to injure another. - **Distributes harmful software:** Federal laws such as the Computer Fraud and Abuse Act serve to protect the private property interests of individuals and companies who engage in commerce and communications online. Using a American Cloud system to distribute technology that is destructive of these interests violates the American Cloud Acceptable Use Policy. - **Doxes another person:** Americans enjoy a First Amendment right to speak anonymously, particularly on matters of political or other societal concern. American Cloud will not aid any efforts to impede the exercise of this important right by permitting use of intimidating tactics to publicly identify individuals who wish to speak anonymously. - **Involves phishing, spamming or other unwanted or fraudulent communications:** These types of actions and communications are not protected by any free speech interest and only serve to detract from meaningful participation in the marketplace of ideas. American Cloud welcomes discussion about these Policies. Please feel free to send us an email at legal@americancloud.io Last updated: Oct 17, 2022. ## Services Agreement This legally binding Services Agreement (the "Agreement") is by and between American Cloud, LLC, a Delaware limited liability company with a registered address at 11 Church Rd., Ste. 1A, Hatfield, PA 19440 ("American Cloud") and the customer identified on the Order or other applicable Attachment that refers to this Agreement ("Customer"). This Agreement is effective as of the date on which Customer and American Cloud have both signed an Order or other applicable Attachment, or the date on which Customer first receives any Services, whichever is earlier (the "Effective Date"). By ordering the Services, Customer acknowledges and agrees that Customer has read, understands, acknowledges and agrees to be bound by all the provisions of this Agreement. The parties acknowledge receipt and sufficiency of good and valuable consideration and agree as follows: ## Definitions Capitalized words not elsewhere defined in this Agreement will have the following meanings: **"Account Information"** means any valid information, including billing information, contact information, payment information and such other information that Customer provides to American Cloud. **"Affiliate"** means any legal entity that owns, is owned by, or is commonly owned with a party. "Own" means having more than 50% ownership or the right to direct the management of the entity. **"American Cloud Parties"** means American Cloud and its subsidiaries, parents, Affiliates, shareholders, directors, officers, employees, agents, licensors, contractors, successors and assigns, and providers of Third-Party services, and those parties' respective subsidiaries, parents, Affiliates, shareholders, directors, officers, employees, agents, licensors, contractors, successors and assigns. **"American Cloud Portal"** means that set of online interfaces American Cloud or one of its Affiliates provides to Customer for purposes including but not limited to communication, billing, account management services and activities, etc. **"Attachment"** means any of the following, all of which are hereby incorporated by reference into this Agreement: (i) any electronic or hard copy document executed by the parties, including but not limited to any document made available and executed via the American Cloud Portal, that that refers or relates to this Agreement, (ii) any American Cloud-accepted written Order for the Services, and (iii) any document hyperlinked from within this Agreement. Capitalized words not otherwise defined within such Attachment will have the meanings of such words as defined in this Agreement. **"Billing Start Date"** means the date on which Fees first become due for the Services, as set forth in the applicable Attachment. **"Custom Deliverables"** means all materials developed specifically and exclusively for Customer by American Cloud, as set forth in an Order, in connection with Professional Services. **"Customer Data"** means all data, software and information, including, without limitation, data, text, software, scripts, video, sound, music, graphics and images that are uploaded or stored in connection with the Services by Customer or its Affiliates. **"Customer End User"** means a Third Party which is an end user of a Customer Offering. **"Customer Offering"** means any services provided by Customer to Third Parties, that directly utilize the Services. **"Customer Parties"** means Customer and its subsidiaries, parents, Affiliates, shareholders, directors, officers, employees, agents, licensors, contractors, successors and assigns. **"Due Date"** means the date on which Fees are due, initially established by the Billing Start Date, recurring each month as set forth in this Agreement, or pursuant to an applicable Attachment. **"Fees"** means those amounts due to American Cloud in exchange for the performance of the Services, as provided in an applicable Attachment. **"Implementation Start Date"** means the date on which American Cloud shall begin implementing Services (defined below) for Customer as set forth in an Order. **"Intellectual Property Rights"** means all inventions, patents, copyrights, trade secrets, trademarks, trade names, know-how, moral rights, and all other intangible proprietary or property rights, whether or not patentable (or otherwise subject to legally enforceable restrictions or protections against unauthorized third party usage), and any and all applications for, and extensions, divisions, and reissuances of, any of the foregoing, and rights therein, everywhere in the world, and whether arising by statute or common law. **"Order"** means a written document executed (including electronically) via both parties that sets forth the specific Services and any Deliverables to be provided, together with other commercial terms relating thereto, including but not limited to pricing, timelines and specific terms and conditions. **"Professional Services"** means migration, development, implementation, consulting and any other professional services that Customer may order, and American Cloud agrees to provide in accordance with an Order. **"Service Level Agreement" or "SLA"** means that service level agreement pertaining to the Services set forth at legal@americancloud.io. **"Services"** means those services American Cloud will provide to Customer as set forth in any Order or added by Customer in the future via any method, and includes Professional Services and Usage-Based Billed Services. **"Service Period"** means the period of time American Cloud will provide the Services to Customer as set forth in an applicable Attachment, such period to begin upon the Billing Start Date or a date otherwise agreed to in an Attachment. **"Site"** means any American Cloud data center location. **"SLA Credits"** mean the credits for applicable qualifying events as described in the Service Level Agreement. **"Third Party"** means any person or entity other than American Cloud or Customer, or such parties' Affiliates. **"Undisputed Fees"** means all Fees due under this Agreement except for those amounts for which Customer: (a) believes in good faith to be not due and owing, (b) designates in writing as "disputed" to American Cloud no less than 10 days prior to the Due Date, and (c) provides detail as to the basis of the disputed nature sufficient to enable American Cloud to propose and undertake a solution to the issue giving rise to the dispute. **"Usage-Based Billed Services"** means those Services provided under this Agreement that are billed on the basis of actual usage of the Services by Customer, the cost for which will be calculated by multiplying a fixed unit by a rate set forth in an applicable Attachment. **"Website"** means American Cloud.com or any successor website. ## Services American Cloud will provide the Services to Customer according to the specifications and timeframes set forth in the applicable Order, beginning on the Billing Start Date. Subject to Customer's compliance with the terms and conditions of this Agreement, American Cloud grants to Customer a nonexclusive, nontransferable, non-sublicensable, revocable right to access and use the Services for Customer's internal business purposes and to use the Services to create, offer and provide Customer Offerings. Customer will have sole responsibility to instruct American Cloud via the American Cloud Portal or another acceptable method to decommission, add, modify or remove any portion of the Services. Customer hereby grants to American Cloud a nonexclusive, royalty free, worldwide right and license to host Customer Data to the extent necessary for American Cloud to provide the Services to Customer under this Agreement. ## Fees and Payment Customer will pay American Cloud the Fees for the Services in the amounts and otherwise as set forth in the applicable Attachment. Customer will pay the Fees to American Cloud no later than the Due Date, each month, in U.S. Dollars. Any portion of Fees remaining unpaid 1 day or more beyond the Due Date will be subject to interest of 1.5% per month or the maximum permitted by law, whichever is less. Usage-Based Billed Services identified as such in an applicable Attachment will be billed on the basis of consumption and in intervals set forth in an applicable Attachment. Each unit of a Usage-Based Billed Service consumed by Customer will be rounded up to the next whole unit. A base rate and overage rate for the Services may be established by American Cloud and communicated to Customer in an applicable Attachment. Customer will be responsible for the tracking and controlling of its usage of the Usage-Based Billed Services from within the American Cloud Portal, and American Cloud will have no responsibility to notify Customer pertaining to any usage. Professional Services will be provided on an hourly basis and billed in 15-minute intervals at American Cloud's then current rates or otherwise as agreed by the parties. Professional services provided for purposes of onboarding (including but not limited to data migration from other providers, configuration of servers, and other tasks directly related to "moving in") will be billed at a flat one-time rate agreed upon by the parties in advance and set forth in an Order. Customer will pay all Fees using a payment method that is maintained on file with American Cloud, such as, but not limited to, credit card, ACH electronic funds transfer, or such other method as approved by American Cloud. Customer will be responsible for all fees, including processing fees, associated with making payment via wire transfer to American Cloud. Returned electronic check payments will be subject to a returned check fee of $25.00 or the highest amount permitted by law, whichever is lower. Customer is responsible for any fees and costs (including, but not limited to, reasonable actual attorney's fees, court costs and collection agency fees) incurred by American Cloud in enforcing collection of Fees. Customer hereby authorizes American Cloud to automatically charge Customer's payment method on file with American Cloud on or before the applicable Due Date. If Customer's payment method is a physical check or money order, Customer authorizes American Cloud to use information from the check to make a one-time electronic transfer from Customer's account as soon as the same day Customer makes payment, in which case Customer may not receive the check back from its financial institution. Customer will pay or provide appropriate exemption documentation for all taxes, duties, levies, and any other fees (except for taxes based upon American Cloud's net income) related to the Services imposed by any governmental authority. All Fees are exclusive of any such taxes, duties, levies, or fees. In the event that American Cloud suspends or terminates any portion of the Services due to cause, such as non-payment of Fees, or other violations of this Agreement (including but not limited to violations of the American Cloud Community Policies), as authorized under this Agreement, American Cloud may, as a condition for restoring the Services, require that Customer pay to American Cloud, in advance, a reasonable reconnection fee to defray American Cloud's reasonable administrative and similar costs to restore the Services to Customer. The payment of such reconnection fee will be in addition to any Fees remaining due and owing to American Cloud. All Fees are nonrefundable. Customer's sole remedy for American Cloud's nonperformance of any Services will be a credit issued in accordance with any applicable Service Level Agreement. American Cloud may adjust the Fees in proportion with any increase in or changes to Third Party costs which are directly related to providing the Services to Customer, provided that (a) such increase or change is not due to any action initiated by American Cloud, and (b) American Cloud is unable to procure at more favorable prices alternative, comparable (as determined in American Cloud's discretion) Third Party products despite American Cloud's commercially reasonable efforts to do so. American Cloud may adjust its software offering and associated Fees in accordance with Third Party vendor program releases, policies or requirements. American Cloud will provide at least 30 days' prior notice to Customer of any increase in or changes to Third Party Costs under this subsection. ## Term This Agreement will begin on the Effective Date, and unless terminated earlier as permitted under this Agreement, will continue in effect until the completion of all Services as set forth in all applicable Attachments. Service Periods will be set forth in the applicable Attachment. If the Implementation Start Date is delayed due to Customer action or inaction, American Cloud may establish a new Implementation Start Date up to 15 days later than the initial Implementation Start Date, provided that any Customer action or inaction does not (i) make such new Implementation Start Date impracticable, or (ii) make American Cloud's efforts at addressing the issue in response to any Customer action or inaction commercially unfeasible. American Cloud may, at American Cloud's sole discretion, extend the Service Period by the number of days by which the Implementation Start Date is delayed. Customer may request additional Services during the term of this Agreement by submitting the appropriate written Order form for such Services. The Service Period for each such new Service will be set forth in the Order. ## Suspension and Termination American Cloud acknowledges that the discontinuation of Services is a drastic remedy that impacts the freedom of information to be transmitted and shared. Accordingly, American Cloud has adopted the provisions of this section relating to suspension and termination to narrowly address circumstances where such suspension is necessary to protect the legitimate and lawful interests of American Cloud, other customers, and the general public interest in a free and open internet. American Cloud may suspend the Services if Customer is in material breach of any provision of this Agreement (including nonpayment of any Undisputed Fees) and such breach has not been cured to American Cloud's reasonable satisfaction within 14 days' written notice to Customer. Prior notice of suspension will not be required if American Cloud determines, in its reasonable discretion, that suspension is necessary to protect American Cloud, its providers, or its other customers from operational, security, or other material risk, or if the suspension is ordered by a court or other tribunal. In the event of suspension, Customer will remain liable for all Fees that would have been paid had the Services not been suspended. Either party may terminate this Agreement or the Services under an applicable Attachment for material breach (including nonpayment of any Undisputed Fees) as provided in this subsection. If this Agreement or an applicable Attachment provides for Customer to receive the Services on a month-to-month basis, either party may terminate for material breach, provided that the nonbreaching party has given the other party written notice of and the opportunity to cure the breach, and such breach has not been cured within 10 days of the notice. If this Agreement or an applicable Attachment provides for Customer to receive the Services on terms longer than a month-to-month basis, either party may terminate for material breach, provided that the nonbreaching party has given the other party written notice of and the opportunity to cure the breach, and such breach has not been cured within 30 days of the notice. Termination for breach will not alter or affect either party's right to seek any available remedy. Except for termination as provided in this Section due to American Cloud's material breach, in the event Customer seeks to terminate this Agreement or an applicable Attachment prior to expiration, Customer will be liable for all Fees due during the remainder of the Service Periods of all applicable Services, and such Fees will become immediately due and payable without further notice or demand from American Cloud. ## Post Termination Obligations and Procedures Upon expiration or termination of this Agreement or, as applicable, an Attachment: Customer will discontinue use of the Services and relinquish use of the IP addresses and server names assigned to Customer by American Cloud and any other materials provided to Customer by American Cloud in connection with the Services, including pointing the DNS for Customer domain name(s) away from the Services; and all licenses granted to Customer, and all rights of Customer to receive the Services, will terminate. American Cloud will have no obligation to provide any transition services or access to data except as expressly provided in this Agreement or as otherwise agreed in writing by the parties and as set forth in an applicable Attachment. Provided that Customer has paid all Undisputed Fees and is not otherwise in material breach under this Agreement, for a period of 7 days following the effective termination or expiration of this Agreement or applicable Attachment, American Cloud will permit Customer to copy Customer Data from American Cloud's system. After such time, American Cloud will have no obligation to retain any Customer Data and may freely delete such Customer Data without liability to Customer. For purposes of clarity, nothing in this Agreement will impair American Cloud's right and ability to immediately and permanently delete any Customer Data or other content that violates the American Cloud's Acceptable Use Policy set forth at americancloud.com/legal#AUP. Any obligations and duties which by their nature extend beyond the expiration or termination of this Agreement will survive the expiration or termination of this Agreement. Without limiting the generality of the foregoing, Sections 1, 5, 6, 13, 15, 16, 18 and 23 will survive the expiration or termination of this Agreement. ## User Control Considerations Customer will (a) delegate access to Customer employees via the American Cloud Portal, (b) assign and maintain a secure authentication mechanism to control access to sensitive information, including but not limited to, Customer passwords, (c) maintain and change passwords frequently, and promptly upon providing access to American Cloud or any Third Party to perform maintenance activities on Customer's behalf, and (d) provide to American Cloud a primary notification point of contact to serve as Customer's authorized representative to make technical and financial decisions. ## Service Levels American Cloud will provide the Services in accordance with the Service Level Agreement set forth at americancloud.com/legal#SLA. American Cloud will provide SLA Credits according to the terms of the applicable Service Level Agreement. Credits under the Service Level Agreement, if issued to Customer's account, will be used only to offset future Fees for certain Services as provided in the Service Level Agreement. Such credits may not be sold, converted to cash, used to pay past due balances, or transferred to any Third Party or Affiliate, and will expire on the termination or expiration of this Agreement. American Cloud may provide support services via the American Cloud Portal or other means as it determines from time to time. American Cloud may close or put on hold any request for service if Customer has not updated such request for 72 hours after notification from American Cloud. ## Subcontractors American Cloud may use one or more subcontractors to provide the Services or a portion of the Services. Unless otherwise agreed in writing, American Cloud will be solely responsible for any fees or charges incurred through use of subcontractors to the extent required to provide the Services, and subcontracting will not increase the Fees payable under this Agreement. Customer will pay any fees for subcontractors that American Cloud may retain to provide agreed upon services in excess of the scope of the Services set forth in this Agreement. ## Backup and Security Except for responsibility for reasonable physical security of the servers and related hardware used to provide the Services, and except as expressly provided in an applicable Attachment, Customer will be solely responsible for data maintenance, integrity, retention, security, business continuity, disaster recovery and backup of Customer Data. Customer has the option to contract with American Cloud for the services listed in the preceding sentence, or related services. Customer will use reasonable security precautions for providing access to the Services by its employees or other individuals to whom it provides access, whether in connection with Customer's internal business purposes or as a Customer Offering. Customer will be solely responsible for ensuring the confidentiality and security of all account usernames and passwords, and for all user conduct in connection with such account credentials. Customer will implement internal protocols and procedures whereby terminated personnel will no longer be able to use any Customer username or password. All passwords used by Customer, or its personnel must be smart, secure combinations of characters and not be comprised solely of dictionary words. American Cloud will comply with all applicable laws pertaining to data breach and notification of same. Customer shall promptly notify American Cloud of any potential, suspected or actual security breach concerning the Services or Customer Data about which Customer becomes aware. ## Client Consent to Monitor American Cloud, LLC (AC) uses monitoring software to track usage information. By agreeing to this services agreement, you acknowledge and consent that when you access an AC information system (IS): - All communications and data transiting, traveling to or from, or stored on this IS will be monitored. - You consent to the unrestricted monitoring, interception, recording, and searching of all communications and data transiting, traveling to or from, or stored on this system at any time and for any purpose by AC and by any person or entity, including government entities, authorized by AC. - You consent to the unrestricted disclosure of all communications and data transiting, traveling to or from, or stored on this system at any time and for any purpose to any person or entity, including government entities, authorized by AC. - You are acknowledging that you have no reasonable expectation of privacy regarding your use of this IS. - These acknowledgments and consents cover all use of the IS, including work-related use and personal use without exception. ## Customer's Obligations Customer will comply, and will require its Customer End Users comply, with American Cloud's Acceptable Use Policy available at americancloud.com/legal#AUP and will not otherwise use the Services for any unlawful purpose. Customer will provide reasonable cooperation with American Cloud to investigate any violation of this provision. Customer will promptly remove or disable access to any content alleged to infringe the copyright of any third party, and otherwise comply with all other requirements of the safe harbor provisions of the Digital Millennium Copyright Act ("DMCA"), found at 17 U.S.C. §512, as amended from time to time. The obligations of Customer to comply with DMCA takedown notices applies regardless of whether Customer has received a takedown notice directly from a third party, or has received a forwarded takedown notice from American Cloud. Without limiting any other provision in this Agreement, Customer agrees that any repeated failure to promptly disable access to or delete content alleged to infringe copyright is a material breach of this Agreement, and American Cloud may immediately terminate this Agreement or take other reasonably necessary actions to ensure that no further infringements will occur. For the term of this Agreement and for the period of twelve (12) months thereafter, without the prior written consent of the other party, neither party shall either directly or indirectly solicit or entice away (or seek or attempt to entice away) from the employment of the other party any person employed (or any person who has been so employed in the preceding six (6) months) by such other party in the provision or receipt of the Services. Customer agrees to do each of the following: (a) cooperate with American Cloud's investigation of outages, security problems, and any suspected breach of this Agreement; (b) reasonably cooperate with any lawful and valid law enforcement investigation (including, but not limited to providing appropriate responses to or arguments against subpoenas or court orders relating to Customer's or Customer End User's conduct); (c) comply with all license terms or terms of use for any software, content, service or website (including Customer Data) which Customer uses or accesses when using the Services; (d) give American Cloud true, accurate, current, and complete Account Information; (e) keep Customer's Account Information up to date; (f) be responsible for the use of the Services by Customer and Customer End Users and any other person to whom Customer has given access to the Customer Offering; (g) use commercially reasonable efforts to prevent unauthorized access to or use of the Services; and (h) where the Customer provides a Customer Offering as permitted under this Agreement, enter into an agreements with Customer's End Users containing relevant terms of this Agreement and releasing American Cloud from any and all liability for damages or losses Customer End Users may incur as a result of using the Customer Offering. Customer will not copy, transfer, reverse engineer, disassemble, decompile, create derivative works of, or, except as part of an authorized Customer Offering, allow Third Party access to the Services. Customer will not remove any proprietary notices or labels contained in or placed by the Services and will not use, post, transmit, or introduce any device, software, or routine which interferes or attempts to interfere with the operation of the Services. Customer will not take any action that imposes an unreasonable or disproportionately large load on the infrastructure of the Services' systems or networks, or any systems or networks connected to the Services. Customer will reasonably comply with any request by American Cloud to cooperate in connection with any third-party audit, including but not limited to software audits. ## IP Allocation Customer acknowledges and agrees that the use of IP addresses in a manner not authorized under this section does not affirm the important free speech and other interests set forth in the American Cloud Community Policies. ### IP Addresses Assignment of an American Cloud IP (Internet Protocol) address to Customer, either IPv4 or IPv6, does not constitute transfer of ownership, as the IP address will continue to be owned by American Cloud, licensed to Customer for use in accordance with the terms and conditions of this Agreement. American Cloud will use commercially reasonable efforts to ensure that the IP addresses allocated to Customer remain allocated to Customer. However, American Cloud reserves the right to change IP address allocations for any reason (including, but not limited to upgrades, security provisioning, or other network migration service). American Cloud will use commercially reasonable efforts to provide Customer with advance notice of IP address changes. ### Obligation to Preserve the Good Standing of American Cloud IPs and Not to Manipulate IP Addresses If Customer is assigned any of American Cloud's IP addresses (IPv4 and/or IPv6), Customer agrees to maintain the integrity and industry good-standing of American Cloud's IP addresses and not to undertake any actions that might cause American Cloud's mail servers or any of its IP addresses or ranges to be placed on any "blacklist" or "black hole list" (e.g., www.spamhaus.org, "XBL," or "SBL") or any other mail filtering software systems used by companies on the internet. Customer agrees to notify American Cloud immediately if Customer learns that any of American Cloud's IP addresses have been placed on any such list. Customer agrees to take whatever steps are necessary (or fully cooperate with American Cloud in taking whatever actions it deems necessary) to remove any of American Cloud's IP addresses from any such lists immediately. Customer agrees to not modify any configuration that will conflict with, or disrupt American Cloud's network services. Customer acknowledges and agrees that American Cloud information may be associated with Customer's servers' IP addresses as Customer's webhosting provider on WHOIS and other webhost lookup/search tools. ## Indemnification Each party recognizes, in the spirit of the American Cloud Community Policies, that it has a responsibility concerning its own actions, and accordingly, the parties agree in this section to allocate the risks arising from the others' conduct in a reasonable manner. Customer will defend, indemnify, and hold the American Cloud Parties harmless from and against all Claims, whether or not suit is filed, arising out of, resulting from or connected with, in whole or in part: (i) Customer's use of the Services or Third Party services; (ii) any infringement or alleged infringement by the Customer Data of any Third Party Intellectual Property Right, (iii) any breach or alleged breach by Customer of this Agreement, including any warranty contained in this Agreement; (iv) any violation or alleged violation by Customer or Customer End Users of a Third Party's rights, including, without limitation, any actual or alleged infringement or misappropriation of a Third Party's copyright, trade secret, patent, trademark, privacy, right of publicity or other proprietary right; (v) any damage caused by or alleged to have been caused by Customer or Customer End Users to the Site or Services; (vi) any actual or alleged violation or noncompliance by Customer or Customer End Users with any applicable law, court order, rule or regulation in any jurisdiction; or (vii) as applicable, Customer's resale of the Services. ## Warranties Each party represents and warrants to the other that it is a business entity duly organized, that it has all rights necessary to enter into this Agreement, and that by entering into this Agreement it will not be in breach of any other agreement or obligation. American Cloud warrants that the Services will be provided in a diligent and skillful manner in accordance with reasonable industry standards. Customer warrants and represents that (a) its use of the Services will comply with and be in accordance with all applicable laws and regulations, including but not limited to all laws and regulations specifically addressing Customer's industry, and (b) that the Customer Data will not infringe or misappropriate the Intellectual Property Rights or other rights of any Third Party. ## Disclaimer of Warranties Except for the warranties set forth above, which are limited warranties and the only warranties provided by American Cloud Parties to Customer, the Services are provided "AS IS," and American Cloud Parties make no additional warranties, express, implied, arising from course of dealing or usage of trade, or statutory, as to the Services or any matter whatsoever. American Cloud Parties disclaim all implied warranties of merchantability, fitness for a particular purpose, satisfactory quality, title and non-infringement. American Cloud Parties do not warrant that the Services will meet any Customer requirements not set forth in this Agreement, that the Services will be uninterrupted or error-free, or that all errors will be corrected. ## Limitation of Liability IN NO EVENT SHALL AMERICAN CLOUD PARTIES, BE LIABLE TO CUSTOMER OR ANY OTHER PERSON OR ENTITY FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES WHATSOEVER WHETHER BASED ON WARRANTY, CONTRACT, TORT, OR ANY OTHER LEGAL OR EQUITABLE THEORY, (INCLUDING FOR LOSS OF PROFITS, SAVINGS, REVENUE, OR USE, DAMAGED OR LOST FILES OR DATA, OR BUSINESS INTERRUPTION) THAT MAY ARISE IN CONNECTION WITH THIS AGREEMENT, ANY SERVICES PROVIDED TO CUSTOMER, OR ANY MATTER WHATSOEVER, REGARDLESS OF THE CAUSE OF ACTION OR CHARACTERIZATION OF THE DAMAGES, EVEN IF THE PARTY SOUGHT TO BE HELD LIABLE HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. IN ADDITION, CUSTOMER SPECIFICALLY ACKNOWLEDGES AND AGREE THAT IN NO EVENT SHALL AMERICAN CLOUD'S TOTAL AGGREGATE LIABILITY EXCEED THE AMOUNT OF FEES PAID BY CUSTOMER UNDER THIS AGREEMENT DURING THE 12-MONTH PERIOD PRECEDING THE FIRST ACT GIVING RISE TO LIABILITY. THE FOREGOING LIMITATION OF LIABILITY SHALL APPLY TO THE FULLEST EXTENT PERMITTED BY LAW, AND SHALL SURVIVE ANY TERMINATION OR EXPIRATION OF THIS AGREEMENT OR YOUR USE OF THE SERVICES. ## Essential Basis of Bargain Customer acknowledges that the Fees reflect the overall allocation of risk between the parties, including by means of the provisions for limitation of liability and exclusive remedies described in this Agreement. Such provisions form an essential basis of the bargain between the parties and a modification of such provisions would affect substantially the Fees charged by American Cloud. In consideration of such Fees, Customer agrees to such allocation of risk and hereby waives any and all rights, through equitable relief or otherwise, to subsequently seek a modification of such provisions or allocation of risk. ## Confidentiality Each party agrees that information relating to the other that is known to be confidential or proprietary, or which is clearly marked as such, will be held in confidence and will not be disclosed or used except to the extent that such disclosure or use is necessary to the performance of the Services. The obligations of confidentiality in this Section will not apply with respect to information that is independently developed by either party, lawfully becomes a part of the public domain, or of which the other party gained knowledge or possession free of any confidentiality obligation. American Cloud may disclose information, including information that Customer, or Customer End Users, may consider confidential, in order to comply with a court order, subpoena, summons, discovery request, warrant, regulation, or governmental request. ## Export Customer will comply with all applicable export laws and regulations of the United States of America, and assure that its use of the Services will not result in (a) export, directly or indirectly, in violation of any applicable export laws; or (b) any use or purpose prohibited by applicable export laws, including nuclear, chemical, or biological weapons proliferation. The parties will not take any actions that would cause either party to violate the U.S. Foreign Corrupt Practices Act of 1997, as amended. ## Intellectual Property Rights As between the parties, American Cloud retains all right, title and interest in and to the software and systems used to provide the Services. For purposes of clarity, as between American Cloud and Customer, American Cloud shall retain all Intellectual Property Rights associated with or embodied within the Services. Customer acknowledges that Third Party software may be embedded or otherwise delivered as part of the Services. Customer may only use such Third-Party software as integrated with and part of the Services. The licensors of the Third-Party software are intended beneficiaries of this Agreement, as it pertains to Customer's rights to use such software. American Cloud reserves all rights in the Services which it has not expressly granted to Customer under this Agreement, and Customer agrees to not assert any implied rights to use or otherwise exercise any rights in any American Cloud system or software. Customer hereby grants to American Cloud a nonexclusive, worldwide, royalty-free, fully paid-up license during the term to use Customer's trademarks, marks, logos or trade names in connection with American Cloud's provision of Services (including support of Services) to Customer and to be listed as an American Cloud customer on the Website and in other marketing or promotional materials. ## Custom Deliverables Unless otherwise set forth in an applicable Attachment, Customer will own the Custom Deliverables, if any, and such Custom Deliverables will be considered a work made for hire. To the extent the Custom Deliverables cannot be considered a work made for hire, American Cloud hereby assigns to Customer its entire right, title and interest, including all Intellectual Property Rights, in the Work Product. American Cloud shall retain all right, title and interest, including all Intellectual Property Rights embodied within or associated with American Cloud's Background Technology. "Background Technology" means any materials, technologies, know-how or the like created or developed by or for American Cloud, or acquired by American Cloud (including materials and technology available to American Cloud in accordance with a license grant) either (i) prior to the Effective Date of this Agreement, (ii) subsequent to such Effective Date if conceived, reduced to practice, authored, created or developed separately and independently of American Cloud's performance under this Agreement, or (iii) of general utility to American Cloud in the performance of services in the marketplace. ## Press Releases and Publicity After execution of this Agreement, the parties may issue a joint press release announcing the parties' relationship under this Agreement. The timing and content of any press release will be subject to the approval of each party, which approval may not be unreasonably withheld, conditioned or delayed. American Cloud may, however, identify Customer as a customer of American Cloud in marketing, promotion and other public communications. Except as required by law, and as permitted under this Section, neither party will make any public statements, press releases or other public announcements regarding the parties' relationship without the prior written approval of the other party, and neither party may use the other party's trademarks or company name. ## General Provisions ### Force Majeure With the exception of Customer's payment obligations, neither party will be responsible for delays or failures in performance resulting from acts of God, acts of civil or military authority, fire, flood, strikes, war, terrorism, epidemics, pandemics, shortage of power, telecommunications or internet service interruptions or other acts or causes reasonably beyond the control of that party. ### Governing Law and Dispute Resolution This Agreement will be governed in all respects by the laws of the Commonwealth of Pennsylvania without regard to conflict of law provisions. Any dispute arising under this Agreement will be subject to binding arbitration by a single arbitrator with the American Arbitration Association (AAA), in accordance with its relevant industry rules, if any. The arbitration will be held in Doylestown, Pennsylvania. The arbitrator will have the authority to grant injunctive relief and specific performance to enforce the terms of this Agreement. Judgment on any award rendered by the arbitrator may be entered in any court of competent jurisdiction. ### Compliance With Laws Each party will comply with all applicable federal, state and local laws and regulations. If, after the Effective Date of this Agreement any law becomes effective which substantially and materially alters the ability or cost of either party to perform its obligations under this Agreement in whole or part, the parties will renegotiate the provisions of this Agreement to the extent necessary to reflect the effect of such law. If renegotiations do not result in terms agreeable to both parties, the party that would bear the altered cost due to the change in the law will have the right to terminate this Agreement without penalty upon thirty (30) days' written notice to the other party. ### Limitations of Actions No action, regardless of form or substance, arising out of this Agreement or the performance or nonperformance of any of the parties' obligations hereunder may be brought more than one (1) year after a party knew or should have known of the occurrence of the event giving rise to such cause of action. ### Assignment Neither party will assign or transfer any rights or obligations under this Agreement (including by operation of law or otherwise) without the prior written consent of the other party. Notwithstanding the preceding sentence, with the exception of an assignment to a competitor of the non-assigning party (which will require consent from the non-assigning party), either party may assign this Agreement without obtaining the consent of the other party, to an entity into which the assigning party is merged, or to an acquirer of all or substantially all of the business or assets of the assigning party, or as part of a business restructuring, sale of stock, or other recapitalization or reorganization. Any purported assignment of rights or transfer of obligations in violation of this section is void. This Agreement will bind each party's authorized successors and assigns. ### No Third-Party Beneficiaries Nothing expressed or implied in this Agreement is intended to confer upon any person other than the parties and their respective successors or permitted assigns, any rights, remedies, obligations or liabilities whatsoever. ### No Waiver The waiver by either party of any breach of this Agreement will not be construed to be a waiver of any succeeding breach. All waivers must be in writing, and signed by the party waiving its rights. ### Notices Any notice required under this Agreement shall be provided to the other party in writing. Any notice from Customer to American Cloud must be delivered personally or sent by nationally recognized overnight courier or by certified mail, postage prepaid, return receipt requested, to: American Cloud, Attn: Legal Dept., 11 Church Rd., Ste. 1A, Hatfield, PA 19440. American Cloud may give general notices concerning the Services to Customer by means of a notice on the American Cloud Portal, and notices specific to Customer by electronic mail to the Customer e-mail address in American Cloud's account records for Customer, or delivered personally or sent by nationally-recognized overnight courier or by certified mail, postage prepaid, return receipt requested to the Customer address on record in American Cloud's account records. ### Relation of the Parties The parties agree they are acting as independent contractors and under no circumstances will any of the employees of one party be deemed the employees of the other for any purpose. Except as otherwise expressly agreed by the parties, this Agreement will not be construed as authority for either party to act for the other party in any agency or other capacity, or to make commitments of any kind for the account of or on behalf of the other. Nothing in this Agreement will be deemed to constitute a joint venture or partnership between the parties. ### Severability If any provision of this Agreement is found to be unenforceable or contrary to law, it will be modified to the least extent necessary to make it enforceable, and the remaining provisions of this Agreement will remain in full force and effect. ### Pronouns Unless otherwise stated in this Agreement, a reference to the singular includes the plural and vice versa. ### Order of Precedence The parties hereby incorporate all Attachments into this Agreement by reference. In the event of inconsistency between any Attachment and this Agreement, unless the Attachment expressly provides that it prevails, the relevant provisions of this Agreement will prevail. ### Headings Headings and titles used in this Agreement are for convenience only and do not form a part of this Agreement. ### Entire Agreement This Agreement constitutes the entire agreement between the parties with respect to its subject matter, and supersedes all other agreements (express or implied), proposals, negotiations, representations or communications relating to the subject matter. Both parties acknowledge that they have not been induced to enter this Agreement by any representations or promises not specifically stated in this Agreement. The protections of this Agreement will apply to actions of the parties performed in preparation for and anticipation of the execution of this Agreement. Acceptance of any Order by American Cloud is made upon the express understanding that it will be governed by the terms and conditions of this Agreement only and that any additional, conflicting, or inconsistent terms and conditions which may appear in any Order provided by Customer will be void and have no force and effect notwithstanding any acceptance or execution by American Cloud. Any amendment to this Agreement must be in writing and signed by duly authorized representatives of the parties. Last updated: Oct 17, 2022. ## Privacy Policy This Privacy Policy describes how American Cloud Inc. and its affiliates (collectively, "American Cloud," "we," "our" or "us") collect and use Personal Data in relation to the American Cloud websites, products, applications, and similar services (collectively, the "Services") that link to this Privacy Policy. We take the privacy, security and confidentiality of your information, including any data collected that could directly or indirectly identify you ("Personal Data") seriously. We want you to be aware of how we use your Personal Data, and how to update or correct your information if necessary. This Privacy Policy is for you. Please read it carefully. BY ACCESSING THE SITES, CREATING A AMERICAN CLOUD ACCOUNT, OR USING OUR SERVICES, YOU ARE CONSENTING TO THE COLLECTION, USE, DISCLOSURE, TRANSFER, AND STORAGE OF PERSONAL AND NON-PERSONAL DATA OR OTHER INFORMATION RECEIVED BY US AS A RESULT OF SUCH USE IN ACCORDANCE WITH THIS PRIVACY POLICY. Please note that this Privacy Policy does not apply to any of the data or content processed, stored or hosted by American Cloud customers by or through a customer account. Please see the American Cloud services agreement set forth at americancloud.com/legal#SA for information regarding the same. ## Information That We Collect ### Information that You Provide Directly We collect the following types of information that you provide directly when you establish an account, use our Services, for promotional purposes, and in connection with certain online surveys or sweepstakes that we sponsor: name, email address, billing and/or mailing address, telephone number, zip code, date of birth, and other, similar types of data. This information will be used to keep you updated about our Services and any of the American Cloud agreements which are applicable to the products or services you have purchased or to which you have subscribed, and to keep you informed about special offers, sales or new features of the Services that we think may be of interest to you. In the event that you are purchasing extensions, such as domain names, we may require additional supporting documentation, including driver's license number, passport number, and similar. We do not store or otherwise use this information except in connection with the same. ### Information that We Collect Automatically We automatically collect site usage information which includes, without limitation, Internet Protocol ("IP") address(es), browser information, other characteristics of your device and software, domain names of your Internet Service Provider, your approximate geographic location, the time of your usage and certain aggregated use data. This information is used to analyze the use of, and to improve our Services (including to help diagnose and prevent problems with our servers or our products or services), to administer American Cloud and more generally to provide our customers with the best possible user experience. Like many online providers, American Cloud uses a technology called "cookies" to collect some of this data. A cookie is a piece of information that is placed on your browser when you access a site. In many cases, the information collected using cookies (and related technologies) is used in non-identifiable ways. For example, we use information we collect about users to optimize our sites and to understand traffic and usage patterns. In other cases, we associate the information we collect using cookies and related technologies in a manner that may directly or indirectly identify you, and in such cases treat it as Personal Data. Additionally, if the settings on your location-aware device allow us to receive geo-location data or information, we may collect that information automatically. We also use tracking information to determine which areas of our site users visit most frequently. American Cloud does not track what individual users read, but rather how often each page is visited. Cookies help provide additional functionality to the sites and help us to more accurately analyze usage of the sites. For instance, the sites may set a cookie on your browser that allows you to more quickly access the sites during future visits. We use cookies to monitor and to maintain information about your use of the sites. Cookies are also used to track the identity of the website you visited immediately prior to visiting any of our sites. We do not otherwise track information about your use of other websites. Cookies also allow us to hold selections in a shopping cart when a user leaves the sites without checking out. Cookies are not used on the sites to store your account information as this information is stored securely on a server. When you log in at the sites with your username and password, we will assign you a secure session id. The server then passes your information to you through this secure session id. Cookies may be session cookies (i.e., last only for one browser session) or persistent cookies (i.e., continue in your browser until they are deleted or expire). Some of the cookies we use may be flash cookies or Adobe cookies. While they are harmless, they may contain demographic information and depending on your browser these cookies may not normally be deleted when your cookies are deleted. Please check your browser to determine where these types of cookies are stored and how they may be deleted. In some countries, including countries in the European Economic Area ("EEA"), these sorts of cookie data may be considered Personal Data under applicable data protection laws. While we recommend that you leave cookies turned on as they allow you to take advantage of some of the features of the sites, you have the ability to control the use and moderation of our cookies. However, if you elect not to allow cookies to be placed as provided herein, you may not be able to use or to enjoy all of the services and features of the sites. Specifically, you can configure the settings (i) to receive notifications when you are receiving new cookies, (ii) to disable cookies or (iii) to delete cookies. Please refer to your browser's help section for information on how to do this. We also use analytics providers, to collect certain information about our users and the use of our sites more generally. ### Information that Third Parties Provide About You We may also receive information about you from third parties. For example, if you are on another website that provides information about service providers like American Cloud and you request to receive information from American Cloud, that website will forward your contact and other information to us so that we may contact you as requested. Third parties may also provide information about you in connection with a marketing arrangement we may have with those third parties. We may supplement the information we collect with outside records from third parties in order to provide you with the information, goods, or services you have requested to enhance our ability to serve you and to offer you opportunities to purchase products or services that we believe may be of interest to you. We may combine the information we receive from those other outside sources with information we collect through our Services. In those cases, we will apply this Privacy Policy to the combined information. ### Do Not Track Please note that American Cloud does not support "Do Not Track" browser settings and we do not currently participate in any "Do Not Track" frameworks that would allow us to respond to signals or other mechanisms from you regarding the collection of your personal or non-personal identifying information. ## How We Use Your Information We use your Personal Data and other information as necessary to provide our Services, including to make ongoing improvements. We may also use your Personal Data for internal business purposes including, without limitation, to help us improve the content and functionality of the Services, to better understand our users and the ways in which they use the sites and Services to protect against, identify or address fraudulent activities, to manage your account, and to provide you with customer service and to generally manage the Services and our business. Finally, we may use your Personal Data to contact you for certain marketing and advertising purposes, including, without limitation, to inform you about our offers, contests or surveys which may be of interest to you and to display content and advertising on or off the sites regarding our Services which may be of relevance to you. ## Sharing Your Information American Cloud is not in the business of selling your Personal Data. We do not share, sell or rent any of the Personal Data provided to use through our sites or the Services to third parties, except as expressly described in this Privacy Policy. Instances in which we may share your Personal Data include: **With Service Providers:** We, like many businesses, sometimes engage other companies to perform certain business-related functions on our behalf so that we can focus on our core business. Examples of these services include, but are not limited to, payment processing and authorization, fraud protection and credit risk reduction, product customization, order fulfillment and shipping, marketing and promotional material distribution, website evaluation, social media management, data analysis and, where applicable, data cleansing. In connection with services those partners provide for us, we may provide or otherwise give them access to certain Personal Data, but their access to and use of this information is strictly limited to the purposes of providing these specific services to American Cloud. **For Business Transfers:** As with any business, it is possible that as our business develops, we might sell, assign, buy, transfer or otherwise acquire or dispose of certain businesses or corporate assets. In any such event, Personal Data may be part of the transferred assets. You acknowledge and agree that any successor to or acquirer of us will continue to have the right to use your Personal Data and other information in accordance with the terms of this Privacy Policy. **With Parents, Subsidiaries and Affiliates:** We may also share your Personal Data with our parent company, future subsidiaries and/or affiliates consistent with this Privacy Policy. Our future subsidiaries and affiliates will be bound to treat and to maintain any Personal Data in accordance with this Privacy Policy. **Legal Requirements:** We may disclose your Personal Data if required to do so by law (including, without limitation responding to a subpoena or request from law enforcement, court or government agency or other public authorities) or in the good faith belief that such action is necessary (i) to comply with a legal obligation, (ii) to protect or defend our rights, interests or property or that of other customers or users, (iii) to act in urgent circumstances to protect the personal safety of users of the Services or the public, or (iv) to protect against legal liability or potential fraud, as determined in our sole discretion. **With Your Consent:** If we intend to use any Personal Data in any manner that is not specified herein, we will inform you of such anticipated use prior to or at the time at which the Personal Data is collected or we will obtain your consent subsequent to such collection but prior to such use. In short, we will honor the choices you make regarding your Personal Data and will inform you about any other intended uses of such information. ## Changing Your Information; Updating Your Personal Data For information and Personal Data that we have collected on your behalf, we will grant you reasonable access to the same as required by applicable law. If you have established an American Cloud Account, we rely on you to keep the information on record updated and accurate. Our Services allow you to modify or delete your Account information at your discretion. If any of our Services do not permit you to update or modify your information, please contact us as set forth herein below to request assistance with the same. Note that we may keep historical information in our backup files as permitted by law. ## Employment Applications If you apply for employment with American Cloud through our sites, we, or a third party providing human resources assistance, may ask you to provide self-identifying information (such as veteran status, gender, and ethnicity) in conjunction with laws and regulations enforced by the Equal Employment Opportunity Commission ("EEOC"), the Office of Federal Contract Compliance Programs ("OFCCP"), and similar state and local regulatory agencies. Providing self-identifying information is voluntary, but if you do provide us with that information, we may submit it to the EEOC, the OFCCP, and similar state and local regulatory agencies for business-related purposes, including responding to information requests, fulfilling regulatory reporting requirements, and defending against employment related complaints. Otherwise, any information submitted as a part of the employment process will be treated in accordance with this Privacy Policy. ## Third Party Content and Links to Other Sites Our sites may contain links to other websites not operated or controlled by us ("Third Party Sites"). The policies and procedures set forth herein do not apply to any Third Party Sites. The owners and operators of all Third Party Sites are responsible for all Personal Data and non-Personal Data provided, collected, maintained, stored or otherwise disclosed on those sites, if any. If there are any links on our sites to any Third Party Sites, such links are provided for convenience only and the presence of the same does not imply that we endorse or have reviewed the Third Party Sites, including their privacy policies, if any. We strongly encourage contacting those sites directly for information on their privacy policies. If you access American Cloud through a link from any of our advertising or marketing partners, the applicable sites may include a frame of the relevant advertising or marketing partner. Nevertheless, the information you provide to us through these framed web pages is collected by us, and our use of such information is governed by this Privacy Policy. If you use a social media platform or your mobile device (or other method of communication) to interact with American Cloud, that platform or application may have a specific privacy statement that governs the use of Personal Data related to it. If you have questions about the security and privacy settings of your mobile device, please refer to instructions from your mobile service provider or the manufacturer of your device to learn how to adjust your settings. We do not control the data collection or privacy practices of any outside platform through which you access the American Cloud or by which you contact us. ## Information Security American Cloud has implemented commercially reasonable information security measures, including administrative, technical and physical controls that are designed to reasonably safeguard Personal Data. Even though we have taken and will continue to implement measures to protect the data which we are entrusted with, you acknowledge that no such measures can fully eliminate all information security risks. Though we take commercially reasonable steps to protect the security and confidentiality of all data and Personal Data provided via the Services from loss, misuse, unauthorized access, inadvertent disclosure, alteration and/or destruction, no online transmission is ever fully secure or error free. Please keep this in mind when disclosing any Personal Data via the Internet or by email. We do not and will not, at any time, ask you to provide your Personal Data or other personal information in a non-secure or unsolicited email or telephone communication. If you receive such an email, please contact us to bring it to our attention. For more information about unsolicited requests for identifying information or other sensitive details, commonly known as "phishing," you can visit the Federal Trade Commission's informational page at www.consumer.ftc.gov/articles/0003-phishing. ## Information From Children American Cloud is directed toward a general audience and is not intended for use by children. We do not knowingly collect or intend to collect Personal Data from anyone who is under the age of 13. We encourage parents and legal guardians to monitor their children's Internet usage and to help enforce our Privacy Policy by instructing their children never to provide Personal Data through the Sites. If you have reason to believe that a child under the age of 13 has provided Personal Data to us, please contact us and we will endeavor to delete that information from our databases. ## Consent to Transfer American Cloud is based in the United States. If you are located outside of the United States, please be aware that any information you provide to us may be transferred to and processed in the United States. By using American Cloud, or providing us with any information, you consent to this transfer, processing and storage of your information in the United States, a jurisdiction in which the privacy laws may be different than those in the country where you reside or are a citizen. ## California Privacy California residents have additional rights regarding the privacy and disclosure of Personal Data, including, but not limited to a right to request that we not sell their Personal Data, as well as a right to be informed about our other uses and disclosures of their Personal Data. American Cloud does not sell your Personal Data, and we use and disclose Personal Data solely in accordance with this Privacy Policy. If you are a California resident and would like additional information about our use of your Personal Data, please contact us as indicated below. ### California Do Not Track Notice California law requires websites to disclose whether they and/or any third party(s) collect Personal Data about their users' online activities over time and across different sites. California law also requires that we disclose how we respond to "do not track" signals and similar mechanisms. We do not currently participate in any "Do Not Track" frameworks that would allow us to respond to signals or other mechanisms from you regarding the collection of your personal or non-personal identifying information. If you would like to learn more about browser tracking signals and "do not track" generally, please visit https://allaboutdnt.org. ## Nevada Privacy If you are a Nevada resident, you may ask us to add you to our opt-out list for possible future sales of certain information that we have collected or will collect about you. To submit such a request, please contact us as indicated below. ## European Union Resident Privacy American Cloud complies with the provisions of the European Union's General Data Protection Regulation ("GDPR") as to any information in its possession regarding EU-based persons ("data subjects"). Accordingly, American Cloud only processes Personal Data on data subjects where it has a lawful basis to do so, which may include the consent of each person (especially in the case of website visitors who provide their information) or compliance with a legal obligation. American Cloud provides notice to all data subjects as required by GDPR Article 13 or 14, as appropriate, and honors the rights of data subjects provided in Articles 12-23, including the right to be forgotten. For more information about American Cloud and the GDPR, please see our GDPR Notice. ## Updates to This Privacy Policy The American Cloud sites and our business may change from time to time. As a result, it may be necessary for us to make changes to this Privacy Policy. We reserve the right to update, change, amend or modify this Privacy Policy at any time and from time to time without prior notice. Please review this policy periodically, and especially before you provide any Personal Data. If we make any material changes to this Privacy Policy, we will post a notice on the American Cloud homepage notifying users of the changes and providing an opportunity for you to take action relative to those changes prior to their implementation. In some cases, we also may send a notice via your American Cloud Account or by email notifying registered users of upcoming changes. Your continued use of the Services after any changes or revisions to this Privacy Policy become effective shall indicate your agreement with the terms of such revised and then-current Privacy Policy. ## Contact Us If you have any questions or concerns about this Privacy Policy, please feel free to contact us at legal@americancloud.io Last updated: Oct 17, 2022. ## GDPR Notice American Cloud complies with the provisions of the European Union's General Data Protection Regulation ("GDPR") as to any information in its possession regarding EU-based persons ("data subjects"). Accordingly, American Cloud only processes Personal Data on data subjects where it has a lawful basis to do so, as set forth more fully in this GDPR Notice. ## American Cloud's Status Under GDPR Under GDPR, American Cloud may be designated as either (i) a "processor" or (ii) a "controller" for certain data sets. ### American Cloud as Processor In most cases, American Cloud will be a "processor." This means that we will store or perform some other set of operations on a data set that contains Personal Data for a customer, at the customer's written direction. If American Cloud is a "processor" under GDPR for a particular data set, we will enter into a processor agreement or data processor addendum. This agreement is required by GDPR and governs the terms of American Cloud's processing of the protected data at issue. ### American Cloud as Controller As set forth in our Privacy Policy, American Cloud also collects and stores certain contract information, payment information, employee records, and other information for the purposes of conducting business, marketing, employment, and more. In these cases, American Cloud is a controller of data. If American Cloud is a "controller" under GDPR, we will comply with applicable GDPR obligations. These include, but are not limited to the following: - Lawfully process data - Enter into processing agreements with any third-party processors prior to sending personal data to such processors - Maintain all required records and provide required modalities for the exercise of rights of the data subject - Retain data only as long as necessary for the purpose for which it was obtained - Provide data subjects with certain required notices - Adopt all required policies and procedures and train employees who handle personal data governed by GDPR - Implement privacy by design and privacy by default with regard to personal data governed by GDPR - Provide required notifications in the event of a data breach ## Transfer Outside of EU/EEA From time to time American Cloud may transfer Personal Data outside of the European Union or European Economic Area. Whenever we do so, appropriate safeguards will be in place, such as the insertion of approved model clauses. American Cloud will only transfer Personal Data to foreign controllers and processors who meet these standards. ## Duration of Storage American Cloud will only store your data as long as required by the basis for processing. For example, we will only store Personal Data that is being processed pursuant to our legitimate interest so long as such interest is present. If we are processing Personal Data based on consent, that consent may be withdrawn by you at any time. Please contact legal@americancloud.io to withdraw such consent. ## Your Rights as a Data Subject American Cloud is committed to fulfilling its obligations concerning the exercise of your rights under GDPR. Please be advised that you have the following rights under GDPR (to the extent GDPR applies to your personal data): - The right to request access to, rectification or erasure (i.e., the right to be forgotten) of personal data or restriction of processing or to object to processing - The right to data portability - The right to lodge a complaint with a supervisory authority - The right to know the source of the data and whether the source was public (in certain circumstances) Should you have any questions regarding the exercise of these rights, please contact us at legal@americancloud.io. We may provide additional information in communications directly with data subjects as necessary. Last updated: Oct 17, 2022. ## DMCA Notice Policy American Cloud respects the intellectual property rights of others and we ask our users to do the same. American Cloud may, in appropriate circumstances and at its discretion, disable and/or terminate the accounts of users of its services who may be repeat infringers. If you believe that your work has been copied in a way that constitutes copyright infringement, please provide American Cloud (in the manner described below) the following information: 1. A physical or electronic signature of a person authorized to act on behalf of the owner of an exclusive right that is allegedly infringed. 2. Identification of the copyrighted work claimed to have been infringed, or, if multiple copyrighted works at a single online site are covered by a single notification, a representative list of such works at that site. 3. Identification of the material that is claimed to be infringing or to be the subject of infringing activity and that is to be removed or access to which is to be disabled, and information reasonably sufficient to permit American Cloud to locate the material. 4. Information reasonably sufficient to permit American Cloud to contact the complaining party, such as an address, telephone number, and, if available, an electronic mail address at which the complaining party may be contacted. 5. A statement that the complaining party has a good faith belief that use of the material in the manner complained of is not authorized by the copyright owner, its agent, or the law. 6. A statement that the information in the notification is accurate, and under penalty of perjury, that the complaining party is authorized to act on behalf of the owner of an exclusive right that is allegedly infringed. American Cloud's agent for notice of claims of copyright infringement can be reached as follows: **BY CERTIFIED MAIL:** Copyright Agent American Cloud LLC 300 Delaware Ave Ste 210 #535 Wilmington, DE 19801 **(312) 909-1879** **legal@americancloud.io** American Cloud can accept submissions via email to legal@americancloud.io, however, due to the nature of email, we cannot guarantee that email will be delivered. Thus, if you submit via email and do not hear back from us confirming receipt within 72 business hours, please submit your notice again via certified mail as noted above. Last updated: Oct 17, 2022. ## Service Level Agreement Subject to the terms and conditions of the American Cloud Services Agreement (the "Agreement") to which this Service Level Agreement ("SLA") is connected, American Cloud will provide Customer with a level of service consistent with the principles expressed below. To the extent that American Cloud does not provide the Services at the levels set forth in this SLA, and Customer is in compliance with all terms and conditions of the Agreement (including the American Cloud Community Policies), American Cloud will credit Customer's account in an amount as provided in this SLA, reflecting percentages of the monthly Fees for the affected Services (each an "SLA Credit"). ## Definitions **"Core Networking Equipment"** means equipment owned or operated by American Cloud, used to provide the Services, including but not limited to servers, switches and routers, as well as any customer equipment that customer has specifically contracted with American Cloud to manage. **"Downtime"** is defined as failure of Core Networking Equipment, and such failure being verifiable by documentation provided by Customer. However, "Downtime" does not include any of the following: - Scheduled Maintenance or Emergency Maintenance (as defined below). - Outages not reported, or falsely reported. - Problems with the Customer's internet connectivity or problems with other internet providers' connectivity outside of American Cloud's control. - Issues with e-mail or webmail connectivity. - Issues with access arising from technologies not under American Cloud control, including FTP, POP, IMAP, or SMTP. - Problems with Customer's or any Third Party's hardware, software, or access to the internet, including, but not limited to, Third Party DNS issues. - Use of the Services by any person: (a) in violation of applicable law, (b) in breach of this Agreement (including the American Cloud Community Policies), (c) in conjunction with custom scripting or coding (e.g., CGI, Perl, HTML, ASP, Ruby, PHP, Python, etc.), or (d) by means of any negligent act or omission. - Unavailability of the Services due to Customer's suspension or termination in accordance with the Agreement. Issues relating to Customer Data. - Any force majeure event under the Agreement. - Problems caused by Customer's use of the Services or any Customer End User's use of the Customer Offering after American Cloud advised Customer or any Customer End User to modify such use, if Customer or any Customer End User did not modify its use as advised. **"Emergency Maintenance"** means those instances in which American Cloud or its Third Party service providers: (a) identify situations which, in American Cloud's reasonable discretion, have threatened or may threaten the integrity of the Services or the systems used to provide the Services, and (b) take reasonably necessary measures designed to prevent the situation from progressing into unavailability of the Services, or to otherwise resolve the situation. **"Outage End Time"** is the time at which American Cloud restores the Services to be back online and accessible. **"Outage Start Time"** is the time at which documentation provided by Customer and confirmed by American Cloud shows the Services are experiencing Downtime. **"Scheduled Maintenance"** is that amount of time in which American Cloud or its Third Party service providers: (a) perform updates and upgrades, enhancements and routine maintenance activities that are announced through American Cloud.com at least 24 hours advance notice, and (b) perform Emergency Maintenance, upon reasonable notice in the circumstances provided through American Cloud.com or via electronic communications directed to Customer. **"Uptime"** refers to all time during the term of the Agreement except Downtime. Uptime will be calculated in reference to the number of minutes in each calendar month, measured by American Cloud's internal monitoring systems. For the purpose of the SLA, outages are measured in full minutes and will be rounded, as appropriate, up or down to the nearest full minute (i.e., for portions of minutes less than or equal to thirty seconds, the minute measurement will be rounded down, and for portions of minutes greater than or equal to thirty one seconds, the minute measurement will be rounded up). ## Service Level Commitment American Cloud seeks to provide 99.9% network Uptime, as measured by American Cloud's internal monitoring systems, for each calendar month during the term of the Agreement. Subject to the terms and conditions of this SLA, American Cloud will provide to Customer an SLA Credit of 5% of the Fees for the affected Service for each entire 30 minutes of Downtime in a calendar month. For the purpose of calculating Downtime, all times will be rounded, as appropriate, up or down to the nearest full minute (i.e., for portions of minutes less than thirty seconds, the minute measurement will be rounded down, and for portions of minutes greater than thirty seconds, the minute measurement will be rounded up). Uptime is calculated by dividing the number of minutes of network and power related Downtime, as calculated above, and dividing into it the total number of minutes in the calendar month and then subtracting the product from 100%. ## General Terms Applicable to This SLA ### Requesting and Receiving SLA Credits American Cloud will have no obligation to issue any SLA Credit unless requested to do so by Customer in accordance with the terms and conditions of this SLA. Customer must submit all requests for SLA Credit by sending an email message to contact@americancloud.com. Each e-mail request must include, as applicable, the service, product and domain affected in the "Subject" line, and the body of the email must contain a written itemized description of the issue, the affected Service(s), and date and time (with time zone) of the incident. This itemization must be in sufficient detail for American Cloud to identify the issue and must be received by American Cloud within twenty-four (24) hours after the incident. Approved SLA Credits will be applied within two billing cycles after American Cloud's receipt of a valid request. ### Limits on SLA Credit The SLA Credits to Customer in a particular month under this SLA will not exceed the total amount of Fees paid by Customer for such month for the affected Services. To be eligible for any SLA Credits, Customer must not be in default of any provision of the Agreement, including but not limited to the payment of Fees. Additionally, in the event that American Cloud recommends to Customer certain hardware, software or other configurations or technologies in order to meet Customer's then-current specifications, and Customer declines to adopt such recommendation, SLA Credits will not be available for any Downtime that would not have occurred had the recommendation been implemented. Credits are available only toward future payment of Fees and will not be applied to past due balances. SLA Credits will not be applied to any applicable taxes charged to Customer or collected by American Cloud and are Customer's sole and exclusive remedy with respect to any failure by American Cloud to provide the Services. SLA Credit will not be applied to any portion of the Fees allocable to the payment of software licensing or other fees payable by American Cloud to any Third Party, such fees being due from Customer notwithstanding any instance that would give rise to SLA Credit under this SLA. ### Affected Services Only SLA Credits are calculated only for the impacted portion of the Services (e.g., the exact server(s), cloud instances or tickets that experienced the issue). SLA Credits will not be calculated against the Fees for an entire account unless all portions of the Services under that account are impacted. ### Additional Documentation and Limitations American Cloud may require, in its sole discretion, and as a condition for the issuance of SLA Credits, that Customer provide documentation that reasonably supports and demonstrates all actual losses sustained by Customer due to a violation by American Cloud of this SLA. Customer agrees that in the event its actual direct losses do not exceed the value of SLA Credits to which Customer may be entitled under this Agreement, American Cloud may, at its option, provide credit to Customer in the amount of Customer's actual direct losses caused by violation of this SLA. ### Eligibility Not Cumulative Customer's eligibility to receive SLA Credits is not cumulative, but is limited to one SLA Credit per incident. By way of example, if there is more than one cause for an incident of Downtime, Customer will be eligible for only one SLA Credit, corresponding to the length of time of the incident (not two SLA Credits). American Cloud will apply SLA Credits based on the predominant issue with the problem, as determined in American Cloud's reasonable discretion, and will issue the larger of two credits should two equally important issues occur in the same incident. ### Minimum Credits Customer must accrue a minimum amount of $5.00 in SLA Credits before American Cloud will apply such credits. All SLA Credits will be tracked with Customer's account, and American Cloud will apply the SLA Credit when the above-stated minimum is met. No SLA Credits will be applied to any terminated Customer account. ### Maximum Credits Customer's maximum combined SLA Credits for any calendar month for any affected Services shall not exceed the total amount that Customer was charged for those affected Services during the applicable calendar month. Last updated: Oct 17, 2022. ## Open Source ## Open Source Software Used - **Cloudstack** — [Link to Project](https://github.com/apache/cloudstack) - **PDNS** — [Link to Project](https://github.com/PowerDNS/pdns) - **KubeBlocks** — [Link to Project](https://github.com/apecloud/kubeblocks) - **Ceph** — [Link to Project](https://github.com/ceph/ceph)