# Introduction
# What is FWCloud
FWCloud is a web application that allows the centralized and secure administration of firewalls based on IPTables. It is an application in the cloud, which is essential to be able to use it from anywhere, at any time and with any device, but always with simple and secure access.
The application allows you to create logical groups of firewalls and firewall clusters together with their IP objects and VPN connections. You can, for example, use one of these groups for each of your clients, or group all the firewalls at your company headquarters in them. We call these groups FWClouds and they are the reason for the application's name.
FWCloud arose from the need to accelerate an important task of our daily work at SOLTECSIS, the administration of Linux-based firewalls.
FWCloud uses the latest technologies, is accessible through a web interface and includes our most needed functionalities such as VPN connection management, QoS, routing and more.
FWCloud is an open source project under the GNU Affero General Public License v3.
FWCloud is our contribution to the OpenSource community, from which we have drawn so much and for which we have much to be thankful for.
# Architecture
FWCloud consist mainly of two modules, the user interface (FWCloud-UI) and the REST API (FWCloud-API), which handles all the actions requested by the user.
# Modules
# FWCloud-UI (The Front-end)
FWCloud-UI is the user interface that allows the user to manage the firewall clouds. It is a web interface accessible through browsers such as Chrome or Firefox, developed using the Angular framework thanks to which it has a desktop application behavior, even if it's ran within your web browser.
It is a fairly simple and intuitive application to manage for users accustomed to working with firewalls based on IPTables.
# FWCloud-API (The Back-end)
FWCloud-API allows us to become independent of the user interface, FWCloud-UI, to perform its tasks. Its REST API provides the means to carry out all the actions allowed by FWCloud, such as managing firewalls, rules and IP objects, compiling/installing policies, managing VPNs, etc. Also, any action performed using the API will be reflected immediately in the user interface.
The REST API is developed in Node.JS, a server side Javascript environment based on events that executes code asynchronously, performing all the actions allowed by the application. It's possible to access the API directly without using FWCloud-UI to carry out automatic actions, such as blocking an IP address.
# Other modules
Other modules that make up FWCloud are:
FWCloud-Websrv
Web server for downloading FWCloud-UI and proxy API requests to FWCloud-API.
FWCloud-Updater
Its main purpose is allow the updating of the FWCloud-UI and FWCloud-API modules through FWCloud-UI. The update requests are forwarded from the FWCloud-API to the FWCloud-Updater
FWCloud-Installer
Script to install FWCloud in a simple and guided way. It allows you to install a complete FWCloud system in a matter of a few minutes.
# Access modes
The user accesses the FWCloud server by means of the URL, that was obtained during installation, through his web browser. At that time, the FWCloud-UI user interface starts downloading automatically.
Once the application is downloaded in the web browser, it begins to run, displaying the login screen. From this point on, any action that is performed in FWCloud-UI (for example, completing the login process) will be performed through the FWCloud-API which is accessed by FWCloud-UI.
FWCloud-UI can access FWCloud-API by means of two different ways: direct and proxy mode.
# FWCloud-API Direct Mode Access
When using the direct mode the FWCloud-UI application connects to the node server where the API is running using the API URL, for example https://api.fwcloud.net:3131
FWCloud-UI is running in our browser, therefore it must have direct access to the API URL.
This mode of operation has the drawback that we need valid TLS certificates so that the browser can safely access the API from the FWCloud-UI application.
# FWCloud-API Proxy Mode Access
In this access mode, the user interface does not connect directly to the API, but rather through the web server, FWCloud-Websrv, from which we have downloaded the FWCloud-UI application.
FWCloud-Websrv acts as a proxy by forwarding all URLs that start with /api/ or /socket.io/ to FWCloud-API.
This has the advantage that it avoids the need for direct access to the API URL from the user terminal, it is only necessary to have access to the web server where FWCloud-UI is located.
It is the default installation option and the one implemented when using the FWCloud-Installer script to install a new FWCloud platform from scratch.
# Installation
FWCloud is an OpenSource project under the GNU Affero General Public License v3.
You can install it in your own servers, or alternatively, you can contact us to use our cloud service FWCloud.net to manage your firewall clouds.
Currently the are two way to install FWCloud:
- Using FWCloud-Installer script (the traditional method)
- Using a Docker image
In the next subseccion we explain these two methods.
# Installation by means of FWCloud-Installer script.
We provide an installation script that will guide you in the process.
You can download FWCloud installation script using curl. If it is not in your system, please install it.
$ sudo apt install curl -y
Next you can run the following commands to run FWCloud-Installer:
$ curl -k -s https://raw.githubusercontent.com/soltecsis/fwcloud-installer/main/fwcloud-installer.sh -o ./fwcloud-installer.sh
$ sudo bash ./fwcloud-installer.sh && rm -f ./fwcloud-installer.sh
FWCloud-Installer will start the installation process, during which it will perform various checks to verify that your system meets all the requirements to install FWCloud, and among other things it will install the necessary packages, create the database, perform the necessary configurations and also will generate the self-signed TLS certificates.
The script will ask you some questions in case we want to customize our installation. For example, if your sever is behind a web proxy or not, or if you want to use TLS certificates, etc.
As a general rule, the default values for these questions are usually correct.
WARNING
If you launch FWCloud-Installer on a server that already has a FWCloud installation, the script will try to update it. The update can be done from the user interface, therefore, it is not necessary to use the script for this task.
Once the installation process has been successfully completed, you will be presented with a summary with the data that we have to use to access your newly installed FWCloud server.
Once the installation is complete, we can use the systemctl command to stop, start or view the status of the different services that are part of a FWCloud platform: FWCloud-Websrv, FWCloud-API and FWCloud-Updater.
$ sudo systemctl status fwcloud-api
● fwcloud-api.service – FWCloud-API
Loaded: loaded (/etc/systemd/system/fwcloud-api.service; disabled; vendor preset: enabled)
Active: active (running) since Fri 2019-06-07 14:58:01 UTC; 8s ago
Main PID: 14359 (node)
Tasks: 11 (limit: 1109)
CGroup: /system.slice/fwcloud-api.service
└─14359 /usr/bin/node /opt/fwcloud-api/bin/www
Jun 07 14:58:01 fwcloud-vm systemd[1]: Started FWCloud-API.
All you have to do now is use your favorite web browser to access the indicated URL using the default access data:
| Customer code: | 1 |
|---|---|
| Username: | fwcadmin |
| Password: | fwcadmin |
# Installation by means of Docker Compose
Every time we publish a new version of the different modules that make up FWCloud, the corresponding Docker image is automatically generated within our DockerHub account.
This makes it very easy to run FWCloud as a Dockerized application. To facilitate the use of the Dockerized version of FWCloud we have created a Docker Compose file in our fwcloud-docker GitHub repository.
So if you have Docker and Docker Compose installed, just run the following script to start using FWCloud
$ curl -k -s https://raw.githubusercontent.com/soltecsis/fwcloud-docker/main/docker-compose.yml -o ./docker-compose.yml && docker-compose up
Also we have published a demo video for this installation proccess:
The installation creates the next directory sctructure (by default, all volumes created will be located in ./fwcloud-docker):
- ./fwcloud-docker/db: mariadb data volume.
- ./fwcloud-docker/api/DATA: fwcloud-api's DATA directory
- ./fwcloud-docker/api/sessions: fwcloud-api's open sessions. You can remove it in case you want to close sessions.
- ./fwcloud-docker/api/BACKUP: fwcloud-api's backups directory.
- ./fwcloud-docker/api/logs: fwcloud-api's logs directory.
- ./fwcloud-docker/api/config: fwcloud-api's .env file. Any change in .env file requires restart the fwcloud-api service.
- ./fwcloud-docker/websrv/logs: fwcloud-websrv's logs directory.
- ./fwcloud-docker/websrv/config: fwcloud-websrv's config directory.
To update Docker containers when new versions of FWCloud are available, we just have to use the following commands:
$ docker-compose down && docker-compose pull && docker-compose up
# Support / Documentation
Throughout this document we will give you full information about FWCloud-UI as well as references to video tutorial that will help you to understand how to use FWCloud and the most advisable use practices.
You can obtain more information visiting our web site
There you will find a documentation section that includes more information, the last version of this manual and the complete collection of Video Tutorials.
We invite you to subscribe to our YouTube channel, which we update as we add new features to FWCloud.
You can get help and place any questions or suggestions you have in our Forum
You are welcome to download the code and contribute to the FWCloud community from the Github repositories
Also if you require any information please contact us by e-mail 
or using our contact form:
