diff --git a/README.md b/README.md index 956e392..b6c2609 100644 --- a/README.md +++ b/README.md @@ -12,17 +12,24 @@ Server[Server] <----> LXC((LXC)) -## Install requirement +## Install requirements 1 - Update and Install packages : ```sh apt-get update -y -qq -apt-get install lxc lxcfs lxc-templates qemu qemu-utils qemu-kvm virtinst bridge-utils virt-manager libvirt-daemon libvirt-daemon-system virt-viewer libvirt-clients libosinfo-bin websockify sqlite3 novnc +apt-get install git lxc lxcfs lxc-templates qemu qemu-utils qemu-kvm virtinst bridge-utils virt-manager libvirt-daemon libvirt-daemon-system virt-viewer libvirt-clients libosinfo-bin websockify sqlite3 novnc apt-get install python3 python3-flask python3-flask-login python3-flask-sqlalchemy python3-requests python3-lxc python3-libvirt python3-psutil python3-werkzeug python3-websockify python3-novnc ``` -2 - Configure Libvirst to start on boot +Clone the repository : + +```sh +git clone https://git.nerkdesign.com/pporcheret/Hype-2.git +cd Hype-2 +``` + +2 - Configure Libvirt to start on boot ```sh systemctl --quiet enable --now libvirtd @@ -31,6 +38,8 @@ systemctl --quiet start libvirtd 3 - Create a bridge nework +This bridge will allowed you to connect your Virtuals Servers and Containers to your local network in order to access them easely. + ```sh cp ./bridged.xml /usr/share/libvirt/networks/ virsh net-define bridged.xml @@ -40,8 +49,14 @@ virsh net-autostart bridged ## Database for users -A default Database is provided in the git (db.db.admin_example), the default user is admin / admin. -To use this database, just change the name from db.db.admin_example to db.db. +A default Database is provided in the git (db.db.admin_example), the default user is admin@admin.com / admin. +To use this database, just change the name from db.db.admin_example to db.db + +Once connected, you will be able to create/manage users directly on software. + +```sh +cp db.db.admin_example db.db +``` If you want to create this database by yourself, you can : @@ -74,25 +89,91 @@ INSERT INTO user (id,username,email,password) VALUES (1,'',':6080/websockify retry=3 -ProxyPassReverse /websockify ws://:6080/websockify retry=3 +In order to access to the consoles which are running websockets on other ports (6080 vor VNC and 5008 for Pyxterm), +a Reverse proxy is needed. -ProxyPass /socket.io ws://:5008/socket.io retry=3 -ProxyPassReverse /socket.io ws://:5008/socket.io retry=3 +Whitout this, you can still access to consoles using CLI for Serial access : + +lxc-attach + +and using a tool such as : + +https://www.realvnc.com/en/connect/download/viewer/ + +for VNC access (on port 6080). + +To set your Reverse proxy, you can use the examples bellow (adapt to your case of course). + +Example for nginx: +```sh +server { + listen 443 ssl; + server_name www.example.com; + + ssl_certificate /path/to/your/cert.pem; + ssl_certificate_key /path/to/your/privkey.pem; + ssl_verify_client off; + ssl_protocols TLSv1.2 TLSv1.3; + ssl_ciphers 'TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384'; + + location /websockify { + proxy_pass http://:6080/websockify; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + } + + location /socket.io { + proxy_pass http://:5008/socket.io; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + } + + location / { + proxy_pass https://:5007/; + proxy_set_header X-Forwarded-Proto https; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + } +} +``` + +Example for apache2 configuration : +```sh + +ServerName www.example.com +RewriteEngine on +SSLEngine On +SSLCertificateFile /path/to/your/cert.pem +SSLCertificateKeyFile /path/to/your/privkey.pem +SSLProxyVerify none +SSLProxyCheckPeerCN off +SSLProxyEngine On +SSLProxyCheckPeerExpire off +ProxyRequests Off +ProxyPreserveHost On +RequestHeader set X-Forwarded-Proto "https" +ProxyPass /websockify ws://:6080/websockify retry=3 +ProxyPassReverse /websockify ws://:6080/websockify retry=3 +ProxyPass /socket.io ws://:5008/socket.io retry=3 +ProxyPassReverse /socket.io ws://:5008/socket.io retry=3 +ProxyPass / https://:5007/ +ProxyPassReverse / https://:5007/ + ``` ## Run and use ```sh python3 app -and go to https://:5007 with your credentials (mail and normal password) +and go to https://www.example.com (or https://:5007 without RP) with your credentials (mail and normal password or admin) ``` ## Systemd -You can manage hype using Systemd management: +You can manage hype using Systemd management by creating a file *hype.service* : ```sh [Unit] @@ -107,8 +188,11 @@ WantedBy=multi-user.target ``` -put this file in /etc/systemd/system/ and you can then enable it for autostart on boot and/or start/stop the app. +Move or copy this file in */etc/systemd/system/* and you can then enable/disable it from boot start, and/or start/stop the app. +```sh +systemctl start hype.service +``` ## Configuration You can also change some configuration in the file *configuration.py* such as flask port, storage location...use it at your own risk.