pporcheret
/
Hype-2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity
Hype-2/README.md

5.0 KiB
Raw Blame History

Hype²

graph LR
Webpage[Web page] <--Flask--> Server[Server]
Server[Server] <----> Qemu((Qemu))
Server[Server] <----> LXC((LXC))

Install requirements

1 - Update and Install packages :

apt-get update -y -qq
apt-get install git lxc lxcfs lxc-templates qemu qemu-utils qemu-kvm virtinst bridge-utils virt-manager libvirt-daemon libvirt-daemon-system virt-viewer libvirt-clients libosinfo-bin websockify sqlite3 novnc
apt-get install python3 python3-flask python3-flask-login python3-flask-sqlalchemy python3-requests python3-lxc python3-libvirt python3-psutil python3-werkzeug python3-websockify python3-novnc

Clone the repository :

git clone https://git.nerkdesign.com/pporcheret/Hype-2.git
cd Hype-2

2 - Configure Libvirt to start on boot

systemctl --quiet enable --now libvirtd
systemctl --quiet  start libvirtd

3 - Create a bridge nework

This bridge will allowed you to connect your Virtuals Servers and Containers to your local network in order to access them easely.

cp ./bridged.xml /usr/share/libvirt/networks/
virsh net-define bridged.xml
virsh net-start bridged
virsh net-autostart bridged

Database for users

A default Database is provided in the git (db.db.admin_example), the default user is admin@admin.com / admin. To use this database, just change the name from db.db.admin_example to db.db

Once connected, you will be able to create/manage users directly on software.

cp db.db.admin_example db.db

If you want to create this database by yourself, you can :

Create Database for users

sqlite3 db.db

CREATE TABLE user (id INTEGER PRIMARY KEY AUTOINCREMENT, username NVARCHAR(200) NULL, email NVARCHAR(200) NULL, password NVARCHAR(200) NULL);

Create first user

1 - Generate encrypted password :

python3
import app
app.encrypt('Password')

2 - Fill Database with user info :

sqlite3 db.db

INSERT INTO user (id,username,email,password) VALUES (1,'<you_username>','<your_email>','<your_previous_encrypted_password');

Configure Reverse Proxy to get access to Consoles

In order to access to the consoles which are running websockets on other ports (6080 vor VNC and 5008 for Pyxterm), a Reverse proxy is needed.

Whitout this, you can still access to consoles using CLI for Serial access :

lxc-attach

and using a tool such as :

https://www.realvnc.com/en/connect/download/viewer/

for VNC access (on port 6080).

To set your Reverse proxy, you can use the examples bellow (adapt to your case of course).

Example for nginx:

server {
    listen 443 ssl;
    server_name www.example.com;

    ssl_certificate /path/to/your/cert.pem;
    ssl_certificate_key /path/to/your/privkey.pem;
    ssl_verify_client off;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers 'TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384';

    location /websockify {
        proxy_pass http://<your_ip>:6080/websockify;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }

    location /socket.io {
        proxy_pass http://<your_ip>:5008/socket.io;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }

    location / {
        proxy_pass https://<your_ip>:5007/;
        proxy_set_header X-Forwarded-Proto https;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
    }
}

Example for apache2 configuration :

<VirtualHost *:443>
ServerName www.example.com
RewriteEngine on
SSLEngine On
SSLCertificateFile /path/to/your/cert.pem
SSLCertificateKeyFile /path/to/your/privkey.pem
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyEngine          On
SSLProxyCheckPeerExpire off
ProxyRequests     Off
ProxyPreserveHost On
RequestHeader set X-Forwarded-Proto "https"
ProxyPass /websockify ws://<your_ip>:6080/websockify retry=3
ProxyPassReverse /websockify ws://<your_ip>:6080/websockify retry=3
ProxyPass /socket.io ws://<your_ip>:5008/socket.io retry=3
ProxyPassReverse /socket.io ws://<your_ip>:5008/socket.io retry=3
ProxyPass         / https://<your_ip>:5007/
ProxyPassReverse  / https://<your_ip>:5007/
</VirtualHost>

Run and use

python3 app

and go to https://www.example.com (or https://<server_ip>:5007 without RP) with your credentials (mail and normal password or admin)

Systemd

You can manage hype using Systemd management by creating a file hype.service :

[Unit]
Description= Hype2 service
After=multi-user.target
[Service]
Type=simple
Restart=always
ExecStart=/usr/bin/python3 <path_to_change>/app.py
[Install]
WantedBy=multi-user.target

Move or copy this file in /etc/systemd/system/ and you can then enable/disable it from boot start, and/or start/stop the app.

systemctl start hype.service

Configuration

You can also change some configuration in the file configuration.py such as flask port, storage location...use it at your own risk.