EVE-NG Labs over the internet
Moderator: mike
- 
				monotok
- Posts: 3
- Joined: Mon May 08, 2017 12:46 pm
EVE-NG Labs over the internet
Hi All,
I have tested EVE-NG at home and works fine with Windows servers and a few routers. I have deployed the VM to my ESXi server and I would like to access the labs from the internet.
I have a NGINX reverse proxy VM that secures many VM's using SSL; eg nextcloud and wordpress. I secure a server block for eve-ng and i can successully login to eve-ng over the internet with SSL.
However the html 5 client doesn't seem to work, it says "connected to guacamole" but times out. I did briefly see a VNC screen but it was frozen and timed out. I noticed that the apache2 config is using apache2 to reverse proxy to localhost:8080. Maybe I need to configure NGINX to reverse proxy directly to that? I did try using the same settings as in apache2 but it didn't make a difference.
Anyone got a recommended way of doing this?
Thanks!
			
									
									
						I have tested EVE-NG at home and works fine with Windows servers and a few routers. I have deployed the VM to my ESXi server and I would like to access the labs from the internet.
I have a NGINX reverse proxy VM that secures many VM's using SSL; eg nextcloud and wordpress. I secure a server block for eve-ng and i can successully login to eve-ng over the internet with SSL.
However the html 5 client doesn't seem to work, it says "connected to guacamole" but times out. I did briefly see a VNC screen but it was frozen and timed out. I noticed that the apache2 config is using apache2 to reverse proxy to localhost:8080. Maybe I need to configure NGINX to reverse proxy directly to that? I did try using the same settings as in apache2 but it didn't make a difference.
Anyone got a recommended way of doing this?
Thanks!
- 
				ecze
- Posts: 534
- Joined: Wed Mar 15, 2017 1:54 pm
Re: EVE-NG Labs over the internet
Not sure it will work
Guacamole use websocket tunnels
Other way is to enable https on Eve-ng and just use a nat forward from your firewall to EVE
E.
			
									
									
						Guacamole use websocket tunnels
Other way is to enable https on Eve-ng and just use a nat forward from your firewall to EVE
E.
- 
				monotok
- Posts: 3
- Joined: Mon May 08, 2017 12:46 pm
Re: EVE-NG Labs over the internet
Hi,
I have been looking at this a little further and seem to have got it working. I will share the config here.
Firstly on the reverse proxy server install nodejs and npm (only a few dependencies). I am using CentOS 7 for the reverse proxy. Please note you might not have to install this but I used it to test a websocket connection with:
Then install the ws program.
Next create a new server config (The SSL certs etc are defined in other configs, you can see this on my blog). 
Now save this file and restart NGINX. Next SSH into your EVE appliance (I have deployed the EVE-NG Ubuntu VM on ESXi).
Now edit the tomcat server.xml to allow connects to port 8080 from another host.
Find the connector section and change the address="127.0.0.1" to "0.0.0.0" to listen on any address.
Save the file and exit. 
Restart both apache2 and tomcat8.
You should be able to access at https://labs.example.com. Don't forget to update the DNS to point at the reverse proxy!
This seems to work fine, I noticed that if I have two VNC devices loaded in a lab and click on one, it opens the VNC connection in a new tab. If I then click on another it opens in the same tab. Is this known behaviour or something to do with the way I have proxied it?
Hope this helps others! Thanks for all the hardwork, EVE-NG is really cool!! Going to be using it as a VMWARE lab!
			
													I have been looking at this a little further and seem to have got it working. I will share the config here.
Firstly on the reverse proxy server install nodejs and npm (only a few dependencies). I am using CentOS 7 for the reverse proxy. Please note you might not have to install this but I used it to test a websocket connection with:
Code: Select all
wscat --connect ws://192.168.20.20:8080Code: Select all
yum install nodejs npmCode: Select all
npm install -g wsCode: Select all
nano -c /etc/nginx/conf.d/reverseproxyLABS.confCode: Select all
  upstream websocket {
    server 192.168.20.20:8080;
}
server  {
  listen  443 ssl;   # Example config for EVE-NG, browsable at https://labs.example.com
  server_name  labs.example.com;
  client_max_body_size  0;
  add_header Strict-Transport-Security "max-age=31536000" always;
  ssl  on;
  location /.well-known {
    root /usr/share/nginx/html/;
  }
  location /html5/ {
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header X-Forwarded-Host $host:$server_port;
    proxy_set_header X-Forwarded-Server $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_pass  http://websocket/guacamole/;
  }
  location /html5/websocket-tunnel {
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header X-Forwarded-Host $host:$server_port;
    proxy_set_header X-Forwarded-Server $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_pass http://websocket/guacamole/websocket-tunnel;
  }
  location  / {
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-Server $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Host $host;
    proxy_pass  http://192.168.20.20/;
  }
}Now edit the tomcat server.xml to allow connects to port 8080 from another host.
Code: Select all
nano /var/lib/tomcat8/conf/server.xmlCode: Select all
<Connector port="8080" protocol="HTTP/1.1"
      address="0.0.0.0"
      connectionTimeout="20000"
      URIEncoding="UTF-8"
      redirectPort="8443" />Restart both apache2 and tomcat8.
Code: Select all
systemctl restart tomcat8
systemctl restart apache2This seems to work fine, I noticed that if I have two VNC devices loaded in a lab and click on one, it opens the VNC connection in a new tab. If I then click on another it opens in the same tab. Is this known behaviour or something to do with the way I have proxied it?
Hope this helps others! Thanks for all the hardwork, EVE-NG is really cool!! Going to be using it as a VMWARE lab!
					Last edited by monotok on Tue May 09, 2017 6:44 pm, edited 1 time in total.
									
			
									
						- 
				Primaltech
- Posts: 2
- Joined: Thu Apr 27, 2017 5:01 pm
Re: EVE-NG Labs over the internet
another easy solution is to just  set up an openvpn server and then just vpn into your home network.
			
									
									
						- 
				monotok
- Posts: 3
- Joined: Mon May 08, 2017 12:46 pm
Re: EVE-NG Labs over the internet
Yes, VPN is ideal but you don't always have access to VPN 
			
									
									
						
- 
				ecze
- Posts: 534
- Joined: Wed Mar 15, 2017 1:54 pm
Re: EVE-NG Labs over the internet
use different node name to get different tabs ....monotok wrote: ↑Mon May 08, 2017 9:18 pmHi,
I have been looking at this a little further and seem to have got it working. I will share the config here.
Firstly on the reverse proxy server install nodejs and npm (only a few dependencies). I am using CentOS 7 for the reverse proxy. Please note you might not have to install this but I used it to test a websocket connection with:
Code: Select all
wscat --connect ws://192.168.20.20:8080Then install the ws program.Code: Select all
yum install nodejs npm
Next create a new server config (The SSL certs etc are defined in other configs, you can see this on my blog).Code: Select all
npm install -g ws
Code: Select all
nano -c /etc/nginx/conf.d/reverseproxyLABS.confNow save this file and restart NGINX. Next SSH into your EVE appliance (I have deployed the EVE-NG Ubuntu VM on ESXi).Code: Select all
upstream websocket { server 192.168.20.20:8080; } server { listen 443 ssl; # Example config for EVE-NG, browsable at https://labs.example.com server_name labs.example.com; client_max_body_size 0; add_header Strict-Transport-Security "max-age=31536000" always; ssl on; location /.well-known { root /usr/share/nginx/html/; } location /html5/ { proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header X-Forwarded-Host $host:$server_port; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://websocket/guacamole/; } location /html5/websocket-tunnel { proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header X-Forwarded-Host $host:$server_port; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://websocket/guacamole/websocket-tunnel; } location / { proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_pass http://192.168.20.20/; } }
Now edit the tomcat server.xml to allow connects to port 8080 from another host.
Find the connector section and change the address="127.0.0.1" to "0.0.0.0" to listen on any address.Code: Select all
nano /var/lib/tomcat8/conf/server.xml
Save the file and exit. Now open the apache2 vhost config file and comment out the reverse proxy section.Code: Select all
<Connector port="8080" protocol="HTTP/1.1" address="0.0.0.0" connectionTimeout="20000" URIEncoding="UTF-8" redirectPort="8443" />Code: Select all
nano /etc/apache2/sites-enabled/unetlab.confRestart both apache2 and tomcat8.Code: Select all
# <Location /html5/> # Order allow,deny # Allow from all # ProxyPass http://127.0.0.1:8080/guacamole/ flushpackets=on # ProxyPassReverse http://127.0.0.1:8080/guacamole/ # </Location> # # <Location /html5/websocket-tunnel> # Order allow,deny # Allow from all # ProxyPass ws://127.0.0.1:8080/guacamole/websocket-tunnel # ProxyPassReverse ws://127.0.0.1:8080/guacamole/websocket-tunnel # </Location>
You should be able to access at https://labs.example.com. Don't forget to update the DNS to point at the reverse proxy!Code: Select all
systemctl restart tomcat8 systemctl restart apache2
This seems to work fine, I noticed that if I have two VNC devices loaded in a lab and click on one, it opens the VNC connection in a new tab. If I then click on another it opens in the same tab. Is this known behaviour or something to do with the way I have proxied it?
Hope this helps others! Thanks for all the hardwork, EVE-NG is really cool!! Going to be using it as a VMWARE lab!