While the full Linux-based server image can be installed on a virtual machine, it is not specifically designed for that purpose. Installations that run Blocks in a virtualized environment often have different priorities than those using a stand-alone server. Many of the features included in the full server Linux image are typically managed by other parts of the infrastructure in a virtualized environment.

This is an advanced guide. If you don't feel at home in a linux server terminal window, you should probably not follow it.

The full Linux-based server runs an enhanced desktop version of Ubuntu, including a user friendly window-and-mouse based desktop environment. Thats suitable for users that prefer such a desktop environment for managing their server. This virtual server image runs on Debian, which is essentially the same operating system core, but a pure server-version, without any desktop environment. Thus, all system management and maintenance must be done from the command line.

The user-friendly, web-based webmin frontend is not included. While you may install webmin also on a virtual server, the assumption is that you likely prefer configuring the server directly, using the various configuration files traditionally used by server administrators.

There's no pre-configured DHCP server. When used as part of a virtualized server infrastructure, you likely already have a DHCP server in your system, and don't want the Blocks server to act as one.

The same applies for the DNS server. While the software is included also in the virtualized server image, it has not been pre-configured and is not enabled.

This image is designed to be used in a virtualized environment. It is distributed as a OVA file, compatible with most virtual hosts.

• OVA image based on Debian 10. A complete virtual machine "image", containing the operating system (Debian 10), Java runtime, Blocks server software, and associated components.
• VirtualBox 6 or later. A free virtual machine available for most operating systems
• VMWare provides a wide variety of virtual environments, including the free "Workstation Player" and the popular "VMWare Fusion" program.

User name root, with password pixi is the root user of the system, and can do anything without restrictions. Be careful. Use for system software installation, upgrades, etc requiring super-user privileges. The password can be changed using the passwd command.

User name blocks, with password PixiServer! is the account under which the Blocks server is run. This user has limited rights, and can not use the sudo command to escalate its privileges. The password can be changed by the root user using the passwd blocks command.

On the Host computer, running VirtualBox (or other preferred virtualizer), add a Bridged adapter as the primary one.

Find the name and verify connectivity of the network interface.

• Use the command ip addr to see all network interfaces with their names. Ignore the lo loopback interface.
• The name is typically something like enp0s3.
• If the interface is already UP, and you have internet access, you're done
• Verify internet access by using the command ping 1.1.1.1, that should show the turn-around time in mS repeatedly if OK.

Specified by a file in /etc/network/interface.d Name the file primary (although the actual file name isn't important). Enter the following data into the file. You can do so using the simple terminal text editor nano.

auto enp0s3
allow-hotplug enp0s3
iface enp0s3 inet dhcp

Use the actual name of your interface in the file instead of enp0s3, if different. These settings result in a dynamic address, suitable for testing purposes. Since the interface is bridged, the virtual machine will get a network address from your local network, assuming there's a DHCP server. For real server purposes, you should change this file to assign a static address instead (see below).

Do not use a wifi network interface, since that will typically not provide a dynamic address to the virtual machine.

Alternatively, to use a fixed IP address instead, set the file primary to:

 
auto enp0s3
allow-hotplug enp0s3
iface enp0s3 inet static
    address 192.168.0.31/24
    gateway 192.168.0.1
    dns-nameservers 1.1.1.1 8.8.8.8

After making changes, restart the virtual machine using reboot now or restart the networking stack by systemctl restart networking.

Blocks server software requires a license key to be operational. This license key connects to a USB port. It can be accessed either directly from that USB port or over a network connection.

This method provides access to the license key over the network. Assuming both the guest and host operating systems are on the same network (which they will be when using a network adapter in bridge mode), the license key can be accessed remotely. Thus, the physical USB key can be connected to the host computer and will be automatically found by Blocks.

• Open the CodeMeter Control Center.
• Click the WebAdmin button, and wait for the web UI to appear.
• Select Configuration > Server.
• Under Network Server, select Enable.
• Click Apply.

The CodeMeter software has been pre-installed, and configured to look for the license key on the network. To verify availability:

• Start the virtual machine.
• Once up, use the command cmu –list-server –list-content.
• This should show your network server's IP address and license information. Look for the text "102977"

In the example above, the license key is physically connected to the host computer, and then accessed over the network. If you can't connect the license key to the host computer for some reason, you can connect it to another computer on the same subnet, and it will be found automatically by Blocks.

It's also possible to access the license key attached to a computer on another network, assuming that computer can be reached by name or IP address. Contact PIXILAB for more information on this option, should you need it.

If you have physical access to the computer running the virtualizer, you may prefer to connect the license key directly to this computer, and make the USB port accessible to the guest OS.

• Connect the license key. The key must be physically connected to a USB port on the host computer.
• Do NOT install the CodeMeter driver/software (or disable it if already installed).

The host computer must NOT run the CodeMeter software, since only one driver may access the physical key at a time, and in this case this is the driver inside the virtual machine.

• Select your guest OS in the list on the left hand side
• Select its Details settings pane
• Click USB
• Make sure "Enable USB Controller" is selected
• Add a "USB Device Filter" using the + button to the right
• Select your CodeMeter device

To verify license key availability:

• Start the virtual machine.
• Once up, use the command cmu -x.
• This should show the details of your license key. Look for the text "102977".

There's no configuration file included for Blocks in the VM image. This means that Blocks runs only on port 8080 with the HTTP protocol. Add such a file for to adjust Blocks' configuration if desired. Note that since Blocks runs under a limited user account, ports below 1024 (thus including the default HTTP port 80) can't be specified in the configuration file.

This section lists a number of optional enhancements and considerations. You don't need to do any of this to get a functioning Blocks system.

Secure Shell is not enabled in the VM image. SSH may be useful for many system configuration and remote access purposes. If desired, enable SSH in the VM's console window using the command systemctl enable ssh under the root account. Before enabling SSH, set a strong password for the blocks user account. The root account is not enabled for SSH access. This can be changed in the file /etc/ssh/sshd_config.

The firewall is not enabled in the VM image. Very few services are enabled, so you may not need a firewall since only the required ports are exposed. Feel free to configure and enable the included iptables firewall if desired. Alternatively, use an external firewall.

HTTPS is not enabled by default. If your server is exposed to the Internet, you're strongly advised to use and enforce HTTPS. Enable HTTPS in Blocks' configuration file or using a reverse proxy in front of Blocks.

Regardless of how you implement HTTPS, you'll need a certificate, provided by an official Certificate Authority. Either buy a certificate from such a company, or get one for free from https://letsencrypt.org. The certificate can either be used directly by the Blocks server (then specified in Blocks' configuration file), or by a reverse proxy (see below).

You may enable the built-in iptables firewall, and use it to re-map the ports exposed by the Blocks server (e.g., port 8080) to other port numbers (e.g. port 80 for HTTP). Alternatively, such re-mapping can be used by an external router, or by a reverse proxy.

A reverse proxy, such as NGINX, can be placed in front of Blocks, serving multiple purposes.

Configuration of NGINX or other reverse proxy software (e.g., Apache) is not supported by PIXILAB.

The reverse proxy can re-map port numbers as the traffic flows through it, thereby exposing HTTP on the default port 80 for the outside world, and passing it on to Blocks on port 8080. The same for HTTPS on port 443.

The reverse proxy can terminate the TLS connection, thus offloading the work of encryption and decryption from Blocks

The reverse proxy can be configured to serve all static files (those under /public) by itself, rather than passing those requests on to Blocks. Offloading static files as well as TLS processing leaves more headroom in Blocks for dealing with more advanced functions.