Install n.eko (A Self Hosted Virtual Browser Docker) in Low Memory VPS (1GB) - NETSEC

Latest

Learning, Sharing, Creating

Cybersecurity Memo

Wednesday, March 17, 2021

Install n.eko (A Self Hosted Virtual Browser Docker) in Low Memory VPS (1GB)

Github project n.eko is a virtual browser based on the docker isolation environment, supports two types of browsers, Chrome and Firefox, and has built-in chat/simple user management functions. The UI design is very beautiful.



Project address: https://github.com/nurdism/neko

The program requires a relatively high configuration, see here for details:https://n.eko.moe/#/quick-start

Here are recommended specs:

ResolutionCoresRamRecommendation
1024×576@3022gbNot Recommended
1280x720@3043gbGood Performance
1280x720@3064gbRecommended
1280x720@3084gb+Best Performance

To run it in a low resource VPS, such as only 1GB RAM, 1vCPU, we will have to change SWAP size to make it more stable. 



Installation Pre-requirements

Free resources you might need to complete this docker project:


Pre-installed services:

  • Docker, 
    • apt update
    • apt install docker.io
    • apt install docker-compose
    • apt upgrade docker.io
    • mkdir /root/data/docker_data/<docker_name>
  • Docker-Compose (Using Ubuntu OS for the commands)
    • Docker-compose down
    • Optional command : use following command to backup your Docker data. You might need to change your folder name based on your docker configuraiton
      • cp -r /root/data/docker_data/<docker_name> /root/data/docker_data_backup/<docker_name>
    • docker-compose pull
    • docker-compose up -d
    • docker image prune
  • Portainer (Optional)
    • docker volume create portainer_data
    • docker run -d -p 9000:9000 --name portainer --restart always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ce:latest
  • Install some applications: apt install wget curl sudo vim git (Optional)
  • aapanel with Nginx (Optional)
  • Nginx Proxy Manager (Optional)



Firewall Ports Open

Please make sure following two firewall rules created on your cloud VPS's firewall.
1. tcp 8080
2. udp 59000-59100


Change SWAP Size

Command (not support OpenVZ) from root user:
wget https://raw.githubusercontent.com/51sec/swap/main/swap.sh && bash swap.sh
When choose add swap, please enter number for size. Default metric is MB。

In screenshot, the priority is showing 0. Script in github has set to 100. 



———————————————————————————————————————
Linux VPS One Command Script to Set/Delete Swap 
1. Add swap
2. Delete swap
———————————————————————————————————————
Please Enter Option [1-2]:1
Please enter the size of your swap,recommend size should be double of your memory!
enter /swapfile's size (MB):2048
/swapfile not fund, creating swapfile
Setting up swapspace version 1, size = 2 GiB (2147479552 bytes)
no label, UUID=ab2c0605-631f-4697-bd64-0ff391553573
swapfile successful created, checking information:
Filename                                Type            Size            Used            Priority
/swapfile                               file            2097148         0               -2
SwapCached:            0 kB
SwapTotal:       2097148 kB
SwapFree:        2097148 kB
root@instance-1:~/data/docker_data/neko# htop


Install Docker and Docker-Compose

Install docker:
apt -y update
apt -y install curl
curl -sSL https://get.docker.com/ | sh
systemctl start docker
systemctl enable docker

Install docker-compose:

curl -L https://github.com/docker/compose/releases/download/1.27.4/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
You also can create a symbolic link to /usr/bin folder:
ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose

Create docker-compose.yml and bring n.eko docker up

[Warning] Don't try this at https://labs.play-with-docker.com/. The instance will be deleted right away. 

Create a new docker-compose project directory and edit docker-compose.yml.

cd ~
mkdir neko
cd neko
vi docker-compose.yml
Put following code into docker-compose.yml file based on the browser type.

Chrome Image:

version: '3.5'
services:
  neko:
    image: nurdism/neko:chromium
    restart: always
    cap_add:
      - SYS_ADMIN
    ports:
      - "8080:8080"
      - "59000-59100:59000-59100/udp"
    environment:
      DISPLAY: :99.0
      SCREEN_WIDTH: 1024
      SCREEN_HEIGHT: 576
      SCREEN_DEPTH: 24
      NEKO_PASSWORD: neko
      NEKO_ADMIN: admin
      NEKO_BIND: :8080

Firefox Image:

version: '3.5'
services:
  neko:
    image: nurdism/neko:firefox
    restart: always
    shm_size: "1gb"
    ports:
      - "8080:8080"
      - "59000-59100:59000-59100/udp"
    environment:
      DISPLAY: :99.0
      SCREEN_WIDTH: 1024
      SCREEN_HEIGHT: 576
      SCREEN_DEPTH: 24
      NEKO_PASSWORD: neko
      NEKO_ADMIN: admin
      NEKO_BIND: :8080


Notes:

SCREEN_DEPTH can be changed to 16 to save some resource usage on your host VPS. 

SCREEN_WIDTH=1280       // Display width
SCREEN_HEIGHT=720       // Display height
SCREEN_DEPTH=24         // Display bit depth
DISPLAY=:99.0           // Display number

NEKO_PASSWORD=neko      // Password
NEKO_ADMIN=neko         // Admin Password
NEKO_BIND=0.0.0.0:8080  // Bind
NEKO_KEY=               // (SSL)Key, needed for clipboard sync
NEKO_CERT=              // (SSL)Cert, needed for clipboard sync
docker-compose up -d
Now you should be able to browser to your n.eko's web interface with this url : http://<public ip>:8080

Fix Chinese Font Issue


Enter into docker:

docker exec -it root_neko_1 bash

Install fonts in docker:

apt -y update
apt -y install ttf-wqy-zenhei

exit and restart docker using docker-compose:

exit
docker-compose restart


HTTPS

If you have your own domain, you can using following steps to create https://<Sub Domain> this kind of access to n.eko project with Nginx's reverse proxy.
  • DNS sub domain created in your DNS provider, such as this sub domain, neko.51sec.org
  • Create your neko.51sec.org Nginx configuration. You can copy other Nginx web app's configuration then modify it.
  • run certbot --nginx to get LetsEncrypt certificate and modify neko.conf file to use those certificates.
  • test https://<Sub Domain>

Or you can use NPM to enable https and basic auth to your website.

Nginx Configuration

If you have Nginx installed on your same box, you can use following configuraiton to enable reverse proxy for your own domain. such as neko.51sec.org:

root@3a4767f0c009:/# cd /etc/nginx
root@3a4767f0c009:/etc/nginx# cd conf.d/
root@3a4767f0c009:/etc/nginx/conf.d# cat neko.conf 
server {
    listen       80;
    server_name  neko.51sec.org;

location / {
    proxy_pass       http://3.3.2.1:8080;
    proxy_redirect             off;
    proxy_http_version         1.1;
    proxy_set_header Upgrade   $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host      $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }


    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/neko.51sec.org/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/neko.51sec.org/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
root@3a4767f0c009:/etc/nginx/conf.d# 



Other projects who run Firefox in Cloud

From Replit:
  • https://replit.com/@BenisBest/Firefox?v=1&outputonly=1&lite=true#main.sh
  • https://replit.com/@cooleddie001/Firefox-Legacy?v=1
Novnc Docker project:




YouTube Video:





References







No comments:

Post a Comment