Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
blocks:server:virtualized [2022-10-19 12:13] admin Updated for Blocks 6 and nginx |
blocks:server:virtualized [2023-03-27 10:05] (current) mattias [Connecting the USB License Key to Another Computer] |
||
---|---|---|---|
Line 19: | Line 19: | ||
This image is designed to be used in a virtualized environment. It is distributed as an [[https:// | This image is designed to be used in a virtualized environment. It is distributed as an [[https:// | ||
- | * Oracle VirtualBox – a free virtual machine available for most operating systems | + | * Oracle |
* VMWare' | * VMWare' | ||
Line 42: | Line 42: | ||
If you didn't automatically get network access, you need to configure networking inside the virtual Blocks server. Settings are specified in the **/ | If you didn't automatically get network access, you need to configure networking inside the virtual Blocks server. Settings are specified in the **/ | ||
If required, add a file there and name it //primary// (although the actual file name isn't important). Enter the following data into the file. You can do so using the simple terminal text editor //nano//. | If required, add a file there and name it //primary// (although the actual file name isn't important). Enter the following data into the file. You can do so using the simple terminal text editor //nano//. | ||
- | |||
< | < | ||
auto enp0s3 | auto enp0s3 | ||
Line 55: | Line 54: | ||
Alternatively, | Alternatively, | ||
- | |||
< | < | ||
auto enp0s3 | auto enp0s3 | ||
Line 71: | Line 69: | ||
Blocks server software requires a license to be operational. Either connect a physical license key to a USB port or request a cloud-based license (requires internet access). A physical license key can be accessed either directly from a USB port attached to the virtual machine or over the local network. | Blocks server software requires a license to be operational. Either connect a physical license key to a USB port or request a cloud-based license (requires internet access). A physical license key can be accessed either directly from a USB port attached to the virtual machine or over the local network. | ||
- | ====Network Access from Host Computer==== | + | [[blocks: |
- | This method provides access to the license key over the network. Assuming both the guest and host operating systems are on the same network (which they will be when using a network adapter in bridge mode), | + | |
- | === Host operating system === | ||
- | Verify or adjust the following license key settings in your host computer | ||
- | * Open the CodeMeter Control Center. | ||
- | * Click the WebAdmin button, and wait for the web UI to appear. | ||
- | * Select Configuration > Server. | ||
- | * Under Network Server, select Enable. | ||
- | * Click Apply. | ||
- | |||
- | === Guest operating system === | ||
- | The CodeMeter software has been pre-installed, | ||
- | * Start the virtual machine. | ||
- | * Once up, use the command //cmu --list-server --list-content// | ||
- | * This should show your server' | ||
- | ==== Connecting the USB License Key to Another Computer ==== | ||
- | In the example above, the license key is physically connected to the host computer, and then accessed over the (host-computer internal) " | ||
- | |||
- | ====Direct USB Access==== | ||
- | If you have physical access to the computer running the virtualizer, | ||
- | |||
- | === Host computer === | ||
- | |||
- | * Connect the license key. The key must be physically connected to a USB port on the host computer. | ||
- | * Do NOT install the CodeMeter driver/ | ||
- | |||
- | :!: The host computer must NOT run the CodeMeter software, since only one driver may access the physical key at a time, and in this case that's is the driver inside the virtual machine. | ||
- | |||
- | ===VirtualBox settings === | ||
- | * Select your guest OS in the list on the left hand side | ||
- | * Select its Details settings pane | ||
- | * Click USB | ||
- | * Make sure " | ||
- | * Add a "USB Device Filter" | ||
- | * Select your CodeMeter device | ||
- | |||
- | To verify license key accesibility: | ||
- | * Start the virtual machine. | ||
- | * Once up, use the command //cmu -x//. | ||
- | * This should show the details of your license key. Look for the text " | ||
=====Blocks Configuration===== | =====Blocks Configuration===== | ||
- | There' | + | There' |
- | =====Reverse Proxy Configuration===== | + | =====Starting and Stopping |
- | + | Assuming that the license key is accessible, Blocks | |
- | The server image includes [[http:// | + | |
- | + | ||
- | ===Port Remapping=== | + | |
- | The reverse proxy re-maps ports as the traffic flows through it, thereby exposing HTTP to the outside world on the standard port 80, internally passing it on to Blocks | + | |
- | + | ||
- | ===Serving of Static Files=== | + | |
- | It serves all static files (those under /public), rather than passing those requests on to Blocks. Offloading such work leaves more headroom in Blocks for dealing with its more advanced functions. | + | |
- | + | ||
- | ====HTTPS, Domain name and Certificate==== | + | |
- | The nginx reverse proxy can also manage a secure HTTPS connection, thus offloading also the work of encryption and decryption from Blocks. HTTPS is increasingly a requirement for many advanced web features. This applies also to Blocks, which is entirely web based. For instance, the Camera, QR Scanner | + | |
- | + | ||
- | In order to use HTTPS to access Blocks, you need a number of additional things: | + | |
- | + | ||
- | * A //domain name// of your own. | + | |
- | * A // | + | |
- | * A //DNS provider//, making your domain name available on the internet. | + | |
- | * A HTTPS // | + | |
- | + | ||
- | Furthermore, | + | |
- | + | ||
- | ===Obtaining a Certificate=== | + | |
- | You must obtain a HTTPS certificate from an accredited // | + | |
- | + | ||
- | - Edit the nginx configuration file to specify your domain name, and restart nginx. | + | |
- | - Run Let's Encrypt' | + | |
- | + | ||
- | To edit the nginx configuration file, do as follows: | + | |
- | + | ||
- | * Start the virtual Blocks image. | + | |
- | * Log in as the root user (either | + | |
- | * Open the editor using the command **nano | + | |
- | + | ||
- | The // | + | |
< | < | ||
- | include / | + | systemctl |
- | + | ||
- | server { | + | |
- | server_name _; | + | |
</ | </ | ||
- | Replace the underscore character after // | + | If Blocks is currently active, you should see the text " |
< | < | ||
- | include / | + | systemctl |
- | + | ||
- | server { | + | |
- | server_name mydomain.com; | + | |
</ | </ | ||
- | Make sure to keep the space after // | + | To stop and disable Blocks: |
- | + | ||
- | In the same way, edit the file at **/ | + | |
< | < | ||
- | # This file is included inside the main server directive, in the main nginx.con$ | + | systemctl |
- | + | ||
- | # Allow large uploads (e.g., huge video files) through the proxy | + | |
- | client_max_body_size 0; | + | |
- | + | ||
- | # Add our own mime type for our JSON-like serialization files | + | |
- | types { | + | |
- | application/ | + | |
- | } | + | |
- | + | ||
- | # Redirect ALL http request to https | + | |
- | server { | + | |
- | listen 80 default_server; | + | |
- | server_name _; | + | |
- | return 301 https:// | + | |
- | } | + | |
</ | </ | ||
- | Save and exit //nano// again. | + | Note that //systemd// differentiates between // |
- | Make sure you've set good, strong passwords on all your Blocks | + | If you run into trouble launching |
< | < | ||
- | / | + | journalctl |
- | systemctl restart nginx | + | |
- | certbot | + | |
</ | </ | ||
- | The first of these commands check your new nginx configuration for errors. Pay close attention to any error messages that may appear. If the test is successful, then run the second command which restarts | + | This will show the 20 most recent |
- | + | ||
- | < | + | |
- | https://mydomain.com/edit | + | |
- | </code> | + | |
- | + | ||
- | If you get stuck, and need more details, follow the official //certbot// guide found [[https:// | + | |
- | + | ||
- | ===Using Local Wifi=== | + | |
- | + | ||
- | While you may use a local wifi network instead of making your Blocks server internet accessible, this adds more complexity for visitors | + | |
- | + | ||
- | If you do opt for a local wifi network, your method for setting up HTTPS also becomes a bit more complicated: | + | |
- | - You must provide internet access to your visitors through your local wifi. This is required both to expedite the wifi connection (many phones will refuse to connect to a wifi that doesn' | + | =====Using |
- | - Your DNS entry must point to the intranet Blocks server IP address, now (hopefully) accessible through your wifi. That means that any attempts to access it from the internet will fail. This is required since many smartphones and browsers use some form of " | + | |
- | - You can't use the automatic " | + | |
+ | The server image includes [[http:// | ||
=====Security Considerations===== | =====Security Considerations===== | ||
- | This section | + | This section |
===Secure Shell Remote Access (SSH)=== | ===Secure Shell Remote Access (SSH)=== |