Giter Site home page Giter Site logo

eve-on-gcp's Introduction

EVE-on-GCP

A short guide how to install EVE-NG on the Google Cloud Platform. Based on the description @ eve-ng.net

Setting up your VM on Google Cloud Platform

Go to https://console.cloud.google.com/getting-started and sign in or create a new account.

At the time of writing, you get $300 to spend in 12 months for signing up (which I used to set up my EVE-NG instance).

Google will have created a default Project for you (aptly named "My-first-project") - you can use this project. or create a new one.

In the top bar, select the project you want to use.

For easier access later on, either activate OS Login or add your SSH-key(s) like explained HERE

Open the Google Cloud Shell and enter the following comand to create an Ubuntu 16.04 Image with nested virtualization activated:

gcloud compute images create nested-ubuntu-xenial --source-image-family=ubuntu-1604-lts --source-image-project=ubuntu-os-cloud --licenses https://www.googleapis.com/compute/v1/projects/vm-options/global/licenses/enable-vmx

Now go on to actually create the VM instance: Navigate to Menu/Compute Engine/VM Instances and click "create".

Edit your settings, you might want to use a region and zone close to your geographical location.

IMPORTANT: choose a machine type that lets you choose the processor-family! for KVM to work, you need at least Haswell. E2 (automatic assignment) won't work!

I chose a N1 standard machine with 16 vCPUs and 104GB RAM.

IMPORTANT: "Deploy a Container Image" must be UNCHECKED

Change the boot disk to your previously created image ("Change" -> "Custom Images") and set an appropriate size (I chose 100GB)

Make sure you allow acces through HTTPS (and, if you want to use LetsEncrypt, HTTP for the initial setup).

Installing EVE CE on the VM

Open a shell to the newly created VM (through the google cloud console or however you like).

Become root:

sudo -i

Download and run the install script:

wget -O - https://www.eve-ng.net/repo/install-eve.sh | bash -i

Update & Upgrade all Packages:

apt update && apt upgrade -y

Afterwards, reboot the VM. You will obviously lose connection to the shell, just reconnect after some time (when you think the VM has rebooted).

When you reconnect to the shell, you will be greeted by the IP wizard which lets you set up network connectivity.

IMPORTANT: Set the IP to DHCP!

When installation is complete, drop root access with exit.

You can now access your instance through the public IP, but it has no certs yet for HTTPS.

We want to enable LetsEncrypt to fix that.

Setting up LetsEncrypt

Install Certbot:

cd /usr/local/sbin
sudo wget https://dl.eff.org/certbot-auto
sudo chmod a+x /usr/local/sbin/certbot-auto

Enable the SSL module and create a new request:

sudo a2enmod ssl

sudo openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /etc/ssl/private/apache-selfsigned.key -out /etc/ssl/certs/apache-selfsigned.crt

Create the default config file:

cat << EOF > /etc/apache2/sites-enabled/default-ssl.conf
<IfModule mod_ssl.c>
    <VirtualHost _default_:443>
        ServerAdmin webmaster@localhost
        DocumentRoot /opt/unetlab/html/
        ErrorLog /opt/unetlab/data/Logs/ssl-error.log
        CustomLog /opt/unetlab/data/Logs/ssl-access.log combined
        Alias /Exports /opt/unetlab/data/Exports
        Alias /Logs /opt/unetlab/data/Logs
        SSLEngine on
        SSLCertificateFile    /etc/ssl/certs/apache-selfsigned.crt
        SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key
        <FilesMatch "\.(cgi|shtml|phtml|php)$">
                SSLOptions +StdEnvVars
        </FilesMatch>
        <Directory /usr/lib/cgi-bin>
                SSLOptions +StdEnvVars
        </Directory>
        <Location /html5/>
                Order allow,deny
                Allow from all
                ProxyPass http://127.0.0.1:8080/guacamole/ flushpackets=on
                ProxyPassReverse http://127.0.0.1:8080/guacamole/
        </Location>

        <Location /html5/websocket-tunnel>
                Order allow,deny
                Allow from all
                ProxyPass ws://127.0.0.1:8080/guacamole/websocket-tunnel
                ProxyPassReverse ws://127.0.0.1:8080/guacamole/websocket-tunnel
        </Location>
    </VirtualHost>
</IfModule>
EOF

Create the LetsEncrypt certificate:

certbot-auto --apache -d eve.example.com

Restart the Apache server:

/etc/init.d/apache2 restart

Create a cronjob for auto-renewal of the certificate (This can run once a week since the renewal process is only started if the expiration date is in the next 30 or fewer days).

Open the crontab in edit mode:

crontab -e

add the following line (or customise to your preferences):

37 7 * * 1 /usr/local/sbin/certbot-auto renew >> /var/log/le-renew.log

Set up Apache2 for access via FQDN

Add the Domain:

sudo mkdir /var/www/eve.example.com
sudo chown -R www-data:www-data /var/www/eve.example.com

Create Apache Virtual Host:

sudo nano /etc/apache2/sites-available/eve.example.com.conf


<VirtualHost *:443>
    ServerAdmin [email protected]
    ServerName eve.example.com
    ServerAlias www.eve.example.com
    DocumentRoot /opt/unetlab/html/
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
    SSLEngine on
    SSLCertificateFile /etc/letsencrypt/live/eve.example.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/eve.example.com/privkey.pem
</VirtualHost>
<Directory /var/www/eve.example.com/>
    AllowOverride All
</Directory>

Now we need to activate the new site and reload the config for Apache2:

sudo a2ensite eve.example.com.conf
sudo service apache2 reload

You should now be able to access your EVE-Instance through the public IP or via its FQDN (if you have set the DNS records, of course).

The default credentials are admin/eve, you have to change them manually after first login!

eve-on-gcp's People

Contributors

paketb0te avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.