In case that you don’t want to start installing FWCloud from scratch, you can download FWCloud-VM, an standard OVA virtual machine with a fully functional FWCloud installation.
An OVA file is a virtual appliance used by virtualization applications such as VMware Workstation and Oracle VM Virtualbox. It is a package that contains files used to describe a virtual machine, which includes an .OVF descriptor file, optional manifest (.MF) and certificate files, and other related files.
This virtual machine has a fixed pre-configured IP address 10.9.8.7/24. To connect to it you’ll have to configure any of your PC’s network interfaces to be inside this range.
There are two users to access through SSH:
The URL to access to FWCloud-UI is https://10.9.8.7 and it is not necessary URL for API access because the FWCloud-UI uses the proxy mode for access it.
Self-signed TLS certificates are used, so do take into account that when you access FWCloud-UI URL your browser will display a warning message stating that we’re navigating to an insecure website. To avoid this hassle, it’s recommended to use SSL certificates issued by a valid Certificate Authority such as Let’s Encrypt, as it’s explained in the section below, that talks about FWCloud-VM configuration
In this section we’ll explain all the steps needed for changing our FWCloud-VM virtual machine configuration, to allow it to connect to our network as well as to use TLS certificates issued by a valid certificate authority such as Let’s Encrypt.
As an example, we’ll use the access following URL: https://ui.fwcloud.net
The first thing that we need to do is to change the virtual machine network configuration to match the network where it will be connected. We have to connect to the VM using SSH to its default IP (10.9.8.7) or, alternatively, using the console. We need administrative privileges, so we’ll login as user soltecsis.
$ ssh email@example.com
Once that we’ve logged in, we need to create the host name ui.fwcloud.net with the same IP address that we’ve assigned to our server.
The next step is to replace the self-signed TLS certificates by others signed by a valid certificate authority such as Let’s Encrypt.
For the API, we have to update the files fwcloud-api.key and fwcloud-api.crt inside folder /opt/fwcloud-api/config/tls/ with the respective files of the new certificate.
$ sudo vi /opt/fwcloud-api/config/tls/fwcloud-api.crt
$ sudo vi /opt/fwcloud-api/config/tls/fwcloud-api.key
For the web server, running on Nginx, we’ll need to update the files fwcloud-ui.key and fwcloud-ui.crt inside folder /etc/ssl/certs with the respective files of the new certificate.
$ sudo vi /etc/ssl/certs/fwcloud-ui.crt
$ sudo vi /etc/ssl/certs/fwcloud-ui.key
Next, we have to change the Nginx web server configuration to change the default listening IP 10.9.8.7 to the DNS name ui.fwcloud.net. To do this, the best way is to edit the settings file using vi editor and run the following commands:
$ sudo vi /etc/nginx/conf.d/fwcloud-ui.conf
We have to change the API configuration by editing the file /opt/fwcloud-api/.env and changing the value of the variable CORS_WHITELIST by the new user interface URL. Following our example, this will be the result:
$ sudo vi /opt/fwcloud-api/.env
We have to take into account that, since we are starting from a virtual machine that exists publicly on the Internet, it is convenient to improve the security of this so that we should modify the passwords of the soltecsis and fwcloud system users.
$ sudo passwd soltecsis
$ sudo passwd fwcloud
It is also appropriate to modify the encryption keys used by the API by modifying the configuration variables indicated below in the file /opt/fwcloud-api/.env. We can use the pwgen command to generate new random keys.
$ pwgen 64 1 -s
$ pwgen 64 1 -s
$ vi /opt/fwcloud-api/.env
# Secret used for session cookies and CSRF (Cros-Site Rquest Forgery) tockens.
# Secret used for data encryption.
$ pwgen 24 1 -s
$ sudo mysql -u root
mysql> ALTER USER ‘fwcdbusr’@’localhost’ IDENTIFIED BY ‘NZzghh0DXTFYy2ggn4Ndh2De‘;
Query OK, 0 rows affected (0.06 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
$ vi /opt/fwcloud-api/.env
$ sudo /bin/rm -f /etc/ssh/ssh_host_*
$ sudo dpkg-reconfigure openssh-server
$ sudo systemctl restart fwcloud-api
$ sudo systemctl restart nginx