After quite a bit of playing around this setup for The Lounge (My first production-deployed jail!), I think I've got something fairly solid built up! Here's a little guide to reproduce what I've done:
Install sysutils/ezjail on your target host machine, if you haven't already and go through the generic setup:
Setup the secondary loopback interface for your jails:
Enable and start ezjail:
Create your basejail:
Copy your host machine's /etc/resolv.conf to the newjail template, assuming your host has a working dns configuration you'd like you use:
Create a jail for The Lounge:
(Replace "ue0" with your external network interface, which you can find with
Start and enter the jail:
Bootstrap pkg, and update the package database:
(If this hangs for awhile, internet probably isn't working properly in the jail!)
Install yarn and node:
Create a user for The Lounge:
Make the configuration directory for The Lounge:
Install The Lounge from the npm package:
(Not sure for other architectures, but on arm64, the sqlite package fails to build, however it's not vital so don't worry!)
Run The Lounge as lounger, making sure to set the "THELOUNGE_HOME" enviroment variable, which ensures our configuration ends up in our desired directory:
This will initialize all it's configuration files, press Ctrl+C after it stops printing output
Create a The Lounge user, which is the account you'll use to connect:
Create an rc script for the lounge, which lets your control it via service:
Insert the following script:
Save and exit vi, and mark the file as executable:
Enable the service:
Start the service:
At this point, the lounge should be in a pretty solid state, but for the optimal configuration, we should reverse proxy to it from our host!
Run ifconfig, and take note of the ip on our jail's external interface:
In this case, it's "192.168.1.50" under ue0
Exit from the jail to the host:
Install nginx, if you haven't already:
Configure Nginx as your reverse proxy (If you know what you're doing, you can configure this yourself, otherwise, you should delete the contents of the file and insert this config:
Enable and start nginx:
And now, if you had any luck, if you visit 192.168.1.50 in your web browser, you should get the The Lounge! It's a pretty dang sweet piece of kit, so hope this may have helped anyone out there
BONUS CLIENT SCRIPT!!!!!:
If you'd like to run The Lounge in it's own window, www/surf makes for the perfect tool!
On your desktop, create the following script:
And a nifty .desktop file!
Then, you should be able to launch it from something like dmenu, or rofi, or your start menu, I don't know yer desktop
Install sysutils/ezjail on your target host machine, if you haven't already and go through the generic setup:
Setup the secondary loopback interface for your jails:
sysrc cloned_interfaces="lo1"
service netif cloneup
Enable and start ezjail:
sysrc ezjail_enable="YES"
service ezjail start
Create your basejail:
ezjail-admin install -p
Copy your host machine's /etc/resolv.conf to the newjail template, assuming your host has a working dns configuration you'd like you use:
cp /etc/resolv.conf /usr/jails/newjail/etc/resolv.conf
Create a jail for The Lounge:
(Replace "ue0" with your external network interface, which you can find with
ifconfig
) ezjail-admin create thelounge 'lo1|127.0.1.1,ue0|192.168.1.50'
Start and enter the jail:
ezjail-admin start thelounge
ezjail-admin console thelounge
Bootstrap pkg, and update the package database:
(If this hangs for awhile, internet probably isn't working properly in the jail!)
pkg update
Install yarn and node:
pkg install yarn node
Create a user for The Lounge:
pw adduser lounger -d /nonexistent -s /usr/sbin/nologin -c "The Lounge User"
Make the configuration directory for The Lounge:
mkdir /usr/local/etc/thelounge
chown lounger /usr/local/etc/thelounge
Install The Lounge from the npm package:
(Not sure for other architectures, but on arm64, the sqlite package fails to build, however it's not vital so don't worry!)
yarn global add thelounge
Run The Lounge as lounger, making sure to set the "THELOUNGE_HOME" enviroment variable, which ensures our configuration ends up in our desired directory:
su -m lounger -c "setenv THELOUNGE_HOME /usr/local/etc/thelounge; /usr/local/bin/thelounge start
This will initialize all it's configuration files, press Ctrl+C after it stops printing output
Create a The Lounge user, which is the account you'll use to connect:
su -m lounger -c "setenv THELOUNGE_HOME /usr/local/etc/thelounge; /usr/local/bin/thelounge add myuser
Create an rc script for the lounge, which lets your control it via service:
mkdir -p /usr/local/etc/rc.d && vi /usr/local/etc/rc.d/thelounge
Insert the following script:
Bash:
#!/bin/sh
. /etc/rc.subr
name="thelounge"
rcvar=thelounge_enable
load_rc_config ${name}
command=/usr/local/bin/thelounge
start_cmd="${name}_start"
stop_cmd="${name}_stop"
status_cmd="${name}_status"
: ${thelounge_enable="NO"}
: ${thelounge_user="lounger"}
: ${thelounge_home="/usr/local/etc/thelounge"}
thelounge_start(){
cmd="${command} start"
if thelounge_running; then
echo "The Lounge is already running!"
else
su -m ${thelounge_user} -c "setenv THELOUNGE_HOME ${thelounge_home}; ${cmd} &" > /dev
/null 2>&1
fi
}
thelounge_stop(){
# pretty bad way to do this, but it'll work lol
if thelounge_running; then
pgrep -u ${thelounge_user} | xargs -I _ kill -s SIGINT _
else
echo "The Lounge isn't currently running!"
fi
}
thelounge_status(){
if thelounge_running; then
echo "The Lounge is up and running!"
else
echo "The Lounge isn't currently running! Aww!"
fi
}
thelounge_running(){
pids=$(pgrep -u ${thelounge_user})
[ ! -z "$pids" ] && return 0 || return 1
}
run_rc_command "$1"
Save and exit vi, and mark the file as executable:
chmod +x /usr/local/etc/rc.d/thelounge
Enable the service:
sysrc thelounge_enable="YES"
Start the service:
service thelounge start
At this point, the lounge should be in a pretty solid state, but for the optimal configuration, we should reverse proxy to it from our host!
Run ifconfig, and take note of the ip on our jail's external interface:
ifconfig
Code:
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
groups: lo
lo1: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
inet 127.0.1.1 netmask 0xffffffff
groups: lo
ue0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=80000<LINKSTATE>
ether b8:27:eb:4b:85:33
inet 192.168.1.50 netmask 0xffffffff broadcast 192.168.1.50
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
In this case, it's "192.168.1.50" under ue0
Exit from the jail to the host:
exit
Install nginx, if you haven't already:
pkg install nginx
Configure Nginx as your reverse proxy (If you know what you're doing, you can configure this yourself, otherwise, you should delete the contents of the file and insert this config:
vi /usr/local/etc/nginx/nginx.conf
C-like:
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
server_name 192.168.1.50; # optionally set this to the domain you want The Lounge on
listen 80;
client_max_body_size 10m;
location / {
proxy_pass http://192.168.1.50:9000/; # your jail ip at port 9000 (the default port for The Lounge
proxy_http_version 1.1;
proxy_set_header Connection "upgrade";
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
}
Enable and start nginx:
sysrc nginx_enable="YES"
service nginx start
And now, if you had any luck, if you visit 192.168.1.50 in your web browser, you should get the The Lounge! It's a pretty dang sweet piece of kit, so hope this may have helped anyone out there
BONUS CLIENT SCRIPT!!!!!:
If you'd like to run The Lounge in it's own window, www/surf makes for the perfect tool!
On your desktop, create the following script:
vi /usr/local/bin/thelounge
Bash:
surf "192.168.1.50" # again, set to your configured server name
chmod +x /usr/local/bin/thelounge
And a nifty .desktop file!
mkdir -p ~/.local/share/applications && vi ~/.local/share/applications/thelounge.desktop
Code:
[Desktop Entry]
Comment=The comfiest place to lounge!
Exec=/usr/local/bin/thelounge
Icon=/home/youruser/.icons/thelounge.svg
Categories=Chat;IRC;Instant Messaging;
Name=The Lounge
StartupNotify=false
Terminal=false
Type=Application
mkdir -p ~/.icons && fetch https://files.catbox.moe/390dtv.svg -o ~/.icons/thelounge.svg
Then, you should be able to launch it from something like dmenu, or rofi, or your start menu, I don't know yer desktop