FWCloud-vm

DESCRIPTION

In case that you don't want to start installing FWCloud from scratch, you can download FWCloud-VM, an standard OVA virtual machine with a fully functional FWCloud installation.

An OVA file is a virtual appliance used by virtualization applications such as VMware Workstation and Oracle VM Virtualbox. It is a package that contains files used to describe a virtual machine, which includes an .OVF descriptor file, optional manifest (.MF) and certificate files, and other related files.

This virtual machine has a fixed pre-configured IP address 10.9.8.7/24. To connect to it you'll have to configure any of your PC's network interfaces to be inside this range.

There are two users to access through SSH:

  • User soltecsis with password soltecsis and administrator privileges.
  • User fwcloud with password fwcloud used for running the API.

The URL to access to FWCloud-UI is https://10.9.8.7, and the FWCloud-API endpoint is https://10.9.8.7:3000.

Self-signed TLS certificates are used for these URLs, so do take into account that when you access FWCloud-UI URL your browser will display a warning message stating that we're navigating to an insecure website. Moreover, it won't work on Firefox, because its security policy will allow us to download FWCloud-UI, but not connect to FWCloud-API. As we've mentioned in the installation section, when using self-signed certificates, it's recommended to use Chrome browser.

To avoid this hassle, it's recommended to use SSL certificates  issued by a valid Certificate Authority such as Let's Encrypt, as it's explained in the section below, that talks about FWCloud-VM configuration.

CONFIGURATION

In this section we'll explain all the steps needed for changing our FWCloud-VM virtual machine configuration, to allow it to connect to our network as well as to use TLS certificates issued by a valid certificate authority such as Let's Encrypt.

As an example, we'll use the following URLs:

  • For the user interface: https://ui.fwcloud.net
  • For the API: https://api.fwcloud.net:3000

The first thing that we need to do is to change the virtual machine network configuration to match the network where it will be connected. We have to connect to the VM using SSH to its default IP (10.9.8.7) or, alternatively, using the console. We need administrative privileges, so we'll login as user soltecsis.

$ ssh soltecsis@10.9.8.7

Password:

Once that we've logged in, we need to create the host names  ui.fwcloud.net and api.fwcloud.net, having the same IP address that we've assigned to our server.

The next step is to replace the self-signed TLS certificates by others signed by a valid certificate authority such as Let's Encrypt. We can use a wild card certificate like *.fwcloud.net, which will cover the user interface access URL as well as the API URL.

 For the API, we have to update the files fwcloud-api.key and fwcloud-api.crt inside folder /opt/fwcloud-api/config/tls/ with the respective files of the new certificate.

$ sudo vi /opt/fwcloud-api/config/tls/fwcloud-api.crt

$ sudo vi /opt/fwcloud-api/config/tls/fwcloud-api.key

For the web server, running on Nginx, we'll need to update the files  fwcloud-ui.key and fwcloud-ui.crt inside folder /etc/ssl/certs with the respective files of the new certificate.

$ sudo vi /etc/ssl/certs/fwcloud-ui.crt

$ sudo vi /etc/ssl/certs/fwcloud-ui.key

Next, we have to change the Nginx web server configuration to change the default listening IP 10.9.8.7 to the DNS names ui.fwcloud.net and api.fwcloud.net. To do this, the best way is to edit the settings file using vi editor and run the following commands:

$ sudo vi /etc/nginx/conf.d/fwcloud-ui.conf

:1,$s/10.9.8.7:3000/api.fwcloud.net:3000/g

:1,$s/10.9.8.7/ui.fwcloud.net/g

:wq

We have to change the API configuration by editing the file /opt/fwcloud-api/.env and changing the value of the variable  CORS_WHITELIST by the new user interface URL. Following our example, this will be the result:

$ sudo vi /opt/fwcloud-api/.env

CORS_WHITELIST="https://ui.fwcloud.net"

Also, we need to change the user interface configuration to point to the new API access URL. According to our example, this will be the resulting file:

$ sudo vi /opt/fwcloud-ui/dist/assets/config/config.json

{

  "fwcAppURL" : "https://api.fwcloud.net:3000",

  "fwcConsoleLogs" : false

}

Lastly, we have to restart both the API and web server to load the new settings.

$ sudo systemctl restart fwcloud-api

$ sudo systemctl restart nginx

If everything went fine, we should be able to navigate to https://ui.fwcloud.net using your web browser and start using FWCloud from the FWCloud-VM virtual machine that we just set up.