INSTALLATION

Below we describe how easy it is to install an FWCloud system and how we can have it fully operational in a matter of just a few minutes.

As we stated in the description section, FWCloud contains two main modules: the user interface (FWCloud-UI) and the REST API (FWCloud-API), which handles all the actions requested by the user.

As part of a standard installation there are two additional modules:

  • FWCloud-Websrv: Web server for downloading FWCloud-UI and proxy API requests to FWCloud-API.
  • FWCloud-Updater: Allows updating of the rest of the modules. The update requests are forwarded from the FWCloud-API to the FWCloud-Updater.

Normally when a user accesses a FWCloud server, the first thing he does is download the user interface (FWCloud-UI) using a web browser (Chrome, Firefox, etc.) and access the FWCloud access URL which can be, for example, https://ui.fwcloud.net:3030 (it does not have to be a domain name, it can also be an IP address). This URL will take us to FWCloud-Websrv web server from which the FWCloud-UI application will be downloaded to the user’s terminal.

Once the application has been downloaded to our web browser, it will start running, displaying the login screen. From this moment, any action that we perform on FWCloud-UI (for example, completing the login process) will be carried out using FWCloud-API, to which FWCloud-UI will access by means of two different ways.

FWCloud-Install-01
FWCloud-Install-02

API access in direct mode:

FWCloud-UI connects directly to the server in which the API’s Node server is running by means of the API URL, for example, https://api.fwcloud.net:3131

In this access mode it is very important to keep in mind that, once FWCloud-UI is running in our browser, it must have direct access to the API URL in order to work correctly. That is, from our user terminal, we have to have access to the API URL so that FWCloud-UI can work correctly.

As we will see later, this mode of operation has the drawback that we need valid TLS certificates so that the browser does not have problems when accessing the API from the FWCloud-UI application.

FWCloud-Install-03

API access in proxy mode:

In this API access mode the user interface doesn’t connect directly to the API, it makes it through the web server (FWCloud-Websrv) from which we have downloaded the FWCloud-UI. 

FWCloud-Websrv acts as a proxy forwarding all the URLs that begin with /api/ or /socket.io/ to FWCloud-API.

This access mode has the advantage that avoids the need of direct access to the API URL from the user terminal, only having access to the web server in which the FWCloud-UI is located is enough. 

It is the default installation option and the one implemented when using the FWCloud-Installer script to install a new FWCloud platform from scratch.

A FWCloud installation will have two main URLs:

  • FWCloud-UI access URL. We’ll use it to download and run the user interface application in our web browser.
  • FWCloud-API access URL. It’s used by FWCloud-UI to perform all the tasks provided by the FWCloud system, such as login, firewall management, VPN management and so forth. In the proxy access mode, if the API is being executed in the same web server (FWCloud-Websrv) used for FWCloud-UI download, you can use the https://localhost:3131 URL.

It’s not necessary that these URL are domain names, they can also be IP addresses using self-signed TLS certificates for encrypt the communications.

However, we must bear in mind that if we use self-signed certificates, the browser will display a warning message indicating that we are accessing an insecure site and, in addition, in Firefox, the FWCloud-UI communication with FWCloud-API in direct mode will not work because of the browser’s  security directives.

Therefore, in direct mode API access we recommend using for both URLs a couple of host names with their corresponding certificates, issued by a valid certificate authority, such as Let’s Encrypt.

Regarding the API access modes, we recommend using the proxy mode, it simplifies interaction with the user terminal and avoids problems with self-signed certificates like the one that we have already explained with Firefox web browser.

Once this is clear, we can now go on to explain in detail the installation process.

FWCloud-installer

Installation by means of FWCloud-Installer script.

FWCloud-Installer is a shell script that will simplify the entire installation process and allow us to have a fully operational FWCloud server in a matter of a few minutes.

These are the Linux distributions supported by FWCloud-Installer:

  • Ubuntu
  • Debian
  • Red Hat
  • CentOS
  • Fedora
  • OpenSuse

This script will install a FWCloud server with the next features:

  • The FWCloud-UI user interface will be accessible through FWCloud-Websrv web server.
  • API access in proxy mode.
  • Self-signed TLS certificates.
  • Acces to the FWCloud platform by means of https and 3030 port.
  • FWCloud-API URL: https://localhost:3131
  • FWCloud-API will communicate with FWCloud-Updater by means of the URL: https://localhost:3132

We are going to download FWCloud-Installer directly from GitHub using the curl command, therefore, we have to make sure that it is installed in our server. For example, for Linux Ubuntu and Debian distributions, this is the command that we have to use in order to install the curl command if we don’t already have it installed.

$ sudo apt install curl -y

Next we can run the following commands string to run FWCloud-Installer:

$ curl -k -s https://raw.githubusercontent.com/soltecsis/fwcloud-installer/main/fwcloud-installer.sh -o ./fwcloud-installer.sh && sudo bash ./fwcloud-installer.sh && rm -f ./fwcloud-installer.sh

FWCloud-Installer will start the installation process, during which it will carry out various checks to verify that our system meets all the requirements to install FWCloud, install the necessary packages, create the database, carry out the necessary configurations, generate self-signed TLS certificates, etc.

The script will ask us some questions in case we want to customize our installation. For example, if our sever is behind a web proxy, if we want to use TLS certificates, etc.

As a general rule, the default values for these questions are usually correct.

If we launch FWCloud-Installer on a server in which there is already an FWCloud installation, the script will try to update it. The update can be done from the user interface, therefore, it is not necessary to use the script for this task.

Once the installation process is successfully completed, we will be presented with a summary with the data we have to use to access our newly installed FWCloud server.

All we have to do is use our web browser to access the indicated URL using the default access data:

Customer code: 1
Username: fwcadmin
Password: fwcadmin

Once the installation is complete, we can use the systemctl command to stop, start or view the status of the different services that are part of a FWCloud platform: FWCloud-Websrv, FWCloud-API and FWCloud-Updater.

$ sudo systemctl status fwcloud-api
fwcloud-api.service – FWCloud-API
  Loaded: loaded (/etc/systemd/system/fwcloud-api.service; disabled; vendor preset: enabled)
  Active: active (running) since Fri 2019-06-07 14:58:01 UTC; 8s ago
Main PID: 14359 (node)
   Tasks: 11 (limit: 1109)
  CGroup: /system.slice/fwcloud-api.service
          └─14359 /usr/bin/node /opt/fwcloud-api/bin/www

Jun 07 14:58:01 fwcloud-vm systemd[1]: Started FWCloud-API.