README.md completion

2023-10-17 17:16:34 +02:00 · 2023-10-17 17:16:34 +02:00 · a57f832084
parent bdf2c92951
commit a57f832084
1 changed files with 97 additions and 13 deletions
--- a/README.md
+++ b/README.md
@ -12,17 +12,24 @@ Server[Server] <----> LXC((LXC))



-## Install requirement
+## Install requirements

 1 - Update and Install packages :

 ```sh
 apt-get update -y -qq
-apt-get install lxc lxcfs lxc-templates qemu qemu-utils qemu-kvm virtinst bridge-utils virt-manager libvirt-daemon libvirt-daemon-system virt-viewer libvirt-clients libosinfo-bin websockify sqlite3 novnc
+apt-get install git lxc lxcfs lxc-templates qemu qemu-utils qemu-kvm virtinst bridge-utils virt-manager libvirt-daemon libvirt-daemon-system virt-viewer libvirt-clients libosinfo-bin websockify sqlite3 novnc
 apt-get install python3 python3-flask python3-flask-login python3-flask-sqlalchemy python3-requests python3-lxc python3-libvirt python3-psutil python3-werkzeug python3-websockify python3-novnc
 ```

-2 - Configure Libvirst to start on boot
+Clone the repository :
+
+```sh
+git clone https://git.nerkdesign.com/pporcheret/Hype-2.git
+cd Hype-2
+```
+
+2 - Configure Libvirt to start on boot

 ```sh
 systemctl --quiet enable --now libvirtd
@ -31,6 +38,8 @@ systemctl --quiet  start libvirtd

 3 - Create a bridge nework

+This bridge will allowed you to connect your Virtuals Servers and Containers to your local network in order to access them easely.
+
 ```sh
 cp ./bridged.xml /usr/share/libvirt/networks/
 virsh net-define bridged.xml
@ -40,8 +49,14 @@ virsh net-autostart bridged

 ## Database for users

-A default Database is provided in the git (db.db.admin_example), the default user is admin / admin.
-To use this database, just change the name from db.db.admin_example to db.db.
+A default Database is provided in the git (db.db.admin_example), the default user is admin@admin.com / admin.
+To use this database, just change the name from db.db.admin_example to db.db
+
+Once connected, you will be able to create/manage users directly on software.
+
+```sh
+cp db.db.admin_example db.db
+```

 If you want to create this database by yourself, you can :

@ -74,25 +89,91 @@ INSERT INTO user (id,username,email,password) VALUES (1,'<you_username>','<your_

 ## Configure Reverse Proxy to get access to Consoles

-```sh
-ProxyPass /websockify ws://<server_ip>:6080/websockify retry=3
-ProxyPassReverse /websockify ws://<server_ip>:6080/websockify retry=3
+In order to access to the consoles which are running websockets on other ports (6080 vor VNC and 5008 for Pyxterm),
+a Reverse proxy is needed.

-ProxyPass /socket.io ws://<server_ip>:5008/socket.io retry=3
-ProxyPassReverse /socket.io ws://<server_ip>:5008/socket.io retry=3
+Whitout this, you can still access to consoles using CLI for Serial access :
+
+lxc-attach <container>
+
+and using a tool such as :
+
+https://www.realvnc.com/en/connect/download/viewer/
+
+for VNC access (on port 6080).
+
+To set your Reverse proxy, you can use the examples bellow (adapt to your case of course).
+
+Example for nginx:
+```sh
+server {
+    listen 443 ssl;
+    server_name www.example.com;
+
+    ssl_certificate /path/to/your/cert.pem;
+    ssl_certificate_key /path/to/your/privkey.pem;
+    ssl_verify_client off;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers 'TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384';
+
+    location /websockify {
+        proxy_pass http://<your_ip>:6080/websockify;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+    }
+
+    location /socket.io {
+        proxy_pass http://<your_ip>:5008/socket.io;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+    }
+
+    location / {
+        proxy_pass https://<your_ip>:5007/;
+        proxy_set_header X-Forwarded-Proto https;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+    }
+}
+```
+
+Example for apache2 configuration :
+```sh
+<VirtualHost *:443>
+ServerName www.example.com
+RewriteEngine on
+SSLEngine On
+SSLCertificateFile /path/to/your/cert.pem
+SSLCertificateKeyFile /path/to/your/privkey.pem
+SSLProxyVerify none
+SSLProxyCheckPeerCN off
+SSLProxyEngine          On
+SSLProxyCheckPeerExpire off
+ProxyRequests     Off
+ProxyPreserveHost On
+RequestHeader set X-Forwarded-Proto "https"
+ProxyPass /websockify ws://<your_ip>:6080/websockify retry=3
+ProxyPassReverse /websockify ws://<your_ip>:6080/websockify retry=3
+ProxyPass /socket.io ws://<your_ip>:5008/socket.io retry=3
+ProxyPassReverse /socket.io ws://<your_ip>:5008/socket.io retry=3
+ProxyPass         / https://<your_ip>:5007/
+ProxyPassReverse  / https://<your_ip>:5007/
+</VirtualHost>
 ```

 ## Run and use
 ```sh
 python3 app

-and go to https://<server_ip>:5007 with your credentials (mail and normal password)
+and go to https://www.example.com (or https://<server_ip>:5007 without RP) with your credentials (mail and normal password or admin)

 ```

 ## Systemd

-You can manage hype using Systemd management:
+You can manage hype using Systemd management by creating a file *hype.service* :

 ```sh
 [Unit]
@ -107,8 +188,11 @@ WantedBy=multi-user.target

 ```

-put this file in /etc/systemd/system/ and you can then enable it for autostart on boot and/or start/stop the app.
+Move or copy this file in */etc/systemd/system/* and you can then enable/disable it from boot start, and/or start/stop the app.

+```sh
+systemctl start hype.service
+```
 ## Configuration

 You can also change some configuration in the file *configuration.py* such as flask port, storage location...use it at your own risk.