Hype-2/README.md

199 lines
5.0 KiB
Markdown
Raw Normal View History

2023-10-17 08:03:51 +00:00
# Hype²
```mermaid
graph LR
Webpage[Web page] <--Flask--> Server[Server]
Server[Server] <----> Qemu((Qemu))
Server[Server] <----> LXC((LXC))
```
2023-10-17 15:16:34 +00:00
## Install requirements
2023-10-17 08:03:51 +00:00
1 - Update and Install packages :
```sh
apt-get update -y -qq
2023-10-17 15:16:34 +00:00
apt-get install git lxc lxcfs lxc-templates qemu qemu-utils qemu-kvm virtinst bridge-utils virt-manager libvirt-daemon libvirt-daemon-system virt-viewer libvirt-clients libosinfo-bin websockify sqlite3 novnc
2023-10-17 08:03:51 +00:00
apt-get install python3 python3-flask python3-flask-login python3-flask-sqlalchemy python3-requests python3-lxc python3-libvirt python3-psutil python3-werkzeug python3-websockify python3-novnc
```
2023-10-17 15:16:34 +00:00
Clone the repository :
```sh
git clone https://git.nerkdesign.com/pporcheret/Hype-2.git
cd Hype-2
```
2 - Configure Libvirt to start on boot
2023-10-17 08:03:51 +00:00
```sh
systemctl --quiet enable --now libvirtd
systemctl --quiet start libvirtd
```
3 - Create a bridge nework
2023-10-17 15:16:34 +00:00
This bridge will allowed you to connect your Virtuals Servers and Containers to your local network in order to access them easely.
2023-10-17 08:03:51 +00:00
```sh
cp ./bridged.xml /usr/share/libvirt/networks/
virsh net-define bridged.xml
virsh net-start bridged
virsh net-autostart bridged
```
2023-10-17 12:44:18 +00:00
## Database for users
2023-10-17 15:16:34 +00:00
A default Database is provided in the git (db.db.admin_example), the default user is admin@admin.com / admin.
To use this database, just change the name from db.db.admin_example to db.db
Once connected, you will be able to create/manage users directly on software.
```sh
cp db.db.admin_example db.db
```
2023-10-17 12:44:18 +00:00
If you want to create this database by yourself, you can :
### Create Database for users
2023-10-17 08:03:51 +00:00
```sh
sqlite3 db.db
2023-10-17 12:44:18 +00:00
CREATE TABLE user (id INTEGER PRIMARY KEY AUTOINCREMENT, username NVARCHAR(200) NULL, email NVARCHAR(200) NULL, password NVARCHAR(200) NULL);
2023-10-17 08:03:51 +00:00
```
2023-10-17 12:44:18 +00:00
### Create first user
2023-10-17 08:03:51 +00:00
1 - Generate encrypted password :
```sh
python3
import app
app.encrypt('Password')
```
2 - Fill Database with user info :
```sh
sqlite3 db.db
INSERT INTO user (id,username,email,password) VALUES (1,'<you_username>','<your_email>','<your_previous_encrypted_password');
```
## Configure Reverse Proxy to get access to Consoles
2023-10-17 15:16:34 +00:00
In order to access to the consoles which are running websockets on other ports (6080 vor VNC and 5008 for Pyxterm),
a Reverse proxy is needed.
Whitout this, you can still access to consoles using CLI for Serial access :
lxc-attach <container>
and using a tool such as :
https://www.realvnc.com/en/connect/download/viewer/
for VNC access (on port 6080).
To set your Reverse proxy, you can use the examples bellow (adapt to your case of course).
Example for nginx:
2023-10-17 08:03:51 +00:00
```sh
2023-10-17 15:16:34 +00:00
server {
listen 443 ssl;
server_name www.example.com;
ssl_certificate /path/to/your/cert.pem;
ssl_certificate_key /path/to/your/privkey.pem;
ssl_verify_client off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384';
location /websockify {
proxy_pass http://<your_ip>:6080/websockify;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /socket.io {
proxy_pass http://<your_ip>:5008/socket.io;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location / {
proxy_pass https://<your_ip>:5007/;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
}
```
2023-10-17 08:03:51 +00:00
2023-10-17 15:16:34 +00:00
Example for apache2 configuration :
```sh
<VirtualHost *:443>
ServerName www.example.com
RewriteEngine on
SSLEngine On
SSLCertificateFile /path/to/your/cert.pem
SSLCertificateKeyFile /path/to/your/privkey.pem
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyEngine On
SSLProxyCheckPeerExpire off
ProxyRequests Off
ProxyPreserveHost On
RequestHeader set X-Forwarded-Proto "https"
ProxyPass /websockify ws://<your_ip>:6080/websockify retry=3
ProxyPassReverse /websockify ws://<your_ip>:6080/websockify retry=3
ProxyPass /socket.io ws://<your_ip>:5008/socket.io retry=3
ProxyPassReverse /socket.io ws://<your_ip>:5008/socket.io retry=3
ProxyPass / https://<your_ip>:5007/
ProxyPassReverse / https://<your_ip>:5007/
</VirtualHost>
2023-10-17 08:03:51 +00:00
```
## Run and use
```sh
python3 app
2023-10-17 15:16:34 +00:00
and go to https://www.example.com (or https://<server_ip>:5007 without RP) with your credentials (mail and normal password or admin)
2023-10-17 08:03:51 +00:00
```
## Systemd
2023-10-17 15:16:34 +00:00
You can manage hype using Systemd management by creating a file *hype.service* :
2023-10-17 08:03:51 +00:00
```sh
[Unit]
Description= Hype2 service
After=multi-user.target
[Service]
Type=simple
Restart=always
ExecStart=/usr/bin/python3 <path_to_change>/app.py
[Install]
WantedBy=multi-user.target
```
2023-10-17 15:16:34 +00:00
Move or copy this file in */etc/systemd/system/* and you can then enable/disable it from boot start, and/or start/stop the app.
2023-10-17 08:03:51 +00:00
2023-10-17 15:16:34 +00:00
```sh
systemctl start hype.service
```
2023-10-17 08:03:51 +00:00
## Configuration
You can also change some configuration in the file *configuration.py* such as flask port, storage location...use it at your own risk.