INSTALLATION

Below we describe how easy it is to install an FWCloud system and how we can have it fully operational in a matter of just a few minutes.

As we stated in the description section, FWCloud contains two main modules: the user interface (FWCloud-UI) and the REST API (FWCloud-API), which handles all the actions requested by the user.

Normally when a user accesses a FWCloud server, the first thing he does is download the user interface using a web browser (Chrome, Firefox, etc.) and access the access URL which can be, for example, https: //ui.fwcloud.net (it does not have to be a domain name, it can also be an IP address). This URL will take us to a web server (Node.js, Nginx, Apache, etc.) from which the FWCloud-UI application will be downloaded to the user's terminal.

Once the application has been downloaded to our web browser, it will start running, displaying the login screen. From this moment, any action that we perform on FWCloud-UI (for example, completing the login process) will be carried out using FWCloud-API, to which FWCloud-UI will access by means of two different ways.

API access in direct mode:

FWCloud-UI connects directly to the server in which the API's Node server is running by means of the API URL, for example, https://api.fwcloud.net:3000

In this access mode it is very important to keep in mind that, once FWCloud-UI is running in our browser, it must have direct access to the API URL in order to work correctly. That is, from our user terminal, we have to have access to the API URL so that FWCloud-UI can work correctly.

API access in proxy mode:

In this API access mode the user interface doesn't connect directly to the API, it makes it through the same server from which we have downloaded the FWCloud-UI. 

For this we have to setup the web server in order that it forwards all the URLs that begin with /api/ or /socket.io/ to the server in which the API is running.

This access mode has the advantage that avoids the need of direct access to the API URL from the user terminal, only having access to the web server in which the FWCloud-UI is located is enough. 

A FWCloud installation will have two URLs:

  • FWCloud-UI access URL. We'll use it to download and run the user interface application in our web browser.
  • FWCloud-API access URL. It's used by FWCloud-UI to perform all the tasks provided by the FWCloud system, such as login, firewall management, VPN management and so forth. In the proxy access mode, if the API is being executed in the same server used for FWCloud-UI download, you can use the https://localhost:300 URL.

It's not necessary that these URL are domain names, they can also be IP addresses using self-signed TLS certificates for encrypt the communications.

However, we must bear in mind that if we use self-signed certificates, the browser will display a warning message indicating that we are accessing an insecure site and, in addition, in Firefox, the FWCloud-UI communication with FWCloud-API in direct mode will not work because of the browser's  security directives.

Therefore, in direct mode API access we recommend using for both URLs a couple of host names with their corresponding certificates, issued by a valid certificate authority, such as Let's Encrypt.

Regarding the API access modes, we recommend using the proxy mode, it simplifies interaction with the user terminal and avoids problems with self-signed certificates like the one that we have already explained with Firefox web browser.

We also have to keep in mind that we can have the two main components FWCloud-UI and FWCloud-API on different servers, they do not need to be installed on the same one.

Once this is clear, we can now go on to explain in detail the installation process.

FWCloud-installer

Installation by means of FWCloud-Installer script.

FWCloud-Installer is a shell script that will simplify the entire installation process and allow us to have a fully operational FWCloud server in a matter of a few minutes.

These are the Linux distributions supported by FWCloud-Installer:

  • Ubuntu
  • Debian
  • Red Hat
  • CentOS
  • Fedora
  • OpenSuse

This script will install a FWCloud server with the following features:

  • The FWCloud-UI user interface will be accessible through the same Node.js server that is used for the FWCloud-API.
  • API access in proxy mode.
  • Self-signed TLS certificates.

We are going to download FWCloud-Installer directly from GitHub using the curl command, therefore, we have to make sure that it is installed in our server. For example, for Linux Ubuntu and Debian distributions, this is the command that we have to use in order to install the curl command if we don't already have it installed.

$ sudo apt install curl

Next we can run the following commands string to run FWCloud-Installer:

$ curl -k -s https://raw.githubusercontent.com/soltecsis/fwcloud-installer/master/fwcloud-installer.sh -o ./fwcloud-installer.sh && sudo bash ./fwcloud-installer.sh && rm -f ./fwcloud-installer.sh

FWCloud-Installer will start the installation process, during which it will carry out various checks to verify that our system meets all the requirements to install FWCloud, install the necessary packages, create the database, carry out the necessary configurations, generate self-signed TLS certificates, etc.

The script will ask us some questions in case we want to customize our installation. For example, if it does not already exist, the database engine to install (MySQL or MariaDB), the installation directory, etc.

As a general rule, the default values for these questions are usually correct.

Once the installation process is successfully completed, we will be presented with a summary with the data we have to use to access our newly installed FWCloud server.

All we have to do is use our web browser to access the indicated URL using the default access data:

Customer code: 1
Username: fwcadmin
Password: fwcadmin

Once the installation is complete we can use the systemctl command to stop, start or see the status of our FWCloud server.

$ sudo systemctl status fwcloud-api
fwcloud-api.service - FWCloud-API
  Loaded: loaded (/etc/systemd/system/fwcloud-api.service; disabled; vendor preset: enabled)
  Active: active (running) since Fri 2019-06-07 14:58:01 UTC; 8s ago
Main PID: 14359 (node)
   Tasks: 11 (limit: 1109)
  CGroup: /system.slice/fwcloud-api.service
          └─14359 /usr/bin/node /opt/fwcloud-api/bin/www

Jun 07 14:58:01 fwcloud-vm systemd[1]: Started FWCloud-API.