NPM (Nginx Proxy Manager) - Configure Basic HTTP Authentication and Use Universal SSL Certificate from Cloudflare

Github project n.eko is a virtual browser based on the docker isolation environment, supports multiple types of browsers, Chrome and Firefox, tor, etc, and has built-in chat/simple user management functions. The UI design is also very bimpressive.

Latest project : https://github.com/m1k1o/neko 

(No further developing) Project address: https://github.com/nurdism/neko

The program requires a relatively high configuration, see here for details:https://n.eko.moe/#/quick-start

Here are recommended specs:

Resolution	Cores	Ram	Recommendation
1024×576@30	2	2gb	Not Recommended
1280x720@30	4	3gb	Good Performance
1280x720@30	6	4gb	Recommended
1280x720@30	8	4gb+	Best Performance

To run it in a low resource VPS, such as only 1GB RAM, 1vCPU, we will have to change SWAP size to make it more stable. 

Some other similar solutions:

• hyperbeam provides similar functions, but it has time limitation for free usage. 
• Apache Guacamole
• noVNC

Installation Pre-requirements

Free resources you might need to complete this docker project:

• Server: Oracle Free VPS, Azure Free VPS, Google Cloud Free VPS, and others
• Create a Free Tier Windows/Linux Azure VPS VM
• [Free VPS] GCP (Google Cloud Platform) Tips and Tricks (Free 16G RAM, 4 vCPU VPS)
• System: Cloud Vendor Ubuntu, Debian, or DD an original version
• SWAP size increase: wget https://raw.githubusercontent.com/51sec/swap/main/swap.sh && bash swap.sh
• Enable Password ssh login
• Enable BBR
• systemctl restart docker
• Domain: (Optional) EU.ORG to get a free one, free Cloudflare account to manage your domain
• Confirm port has not been used (you might need to install lsof using command : apt install lsof):
• lsof -i:8088

Pre-installed services:

• Docker, 
• apt update
• apt install docker.io
• apt install docker-compose
• apt upgrade docker.io
• mkdir /root/data/docker_data/<docker_name>
• Docker-Compose (Using Ubuntu OS for the commands)
• Docker-compose down
• Optional command : use following command to backup your Docker data. You might need to change your folder name based on your docker configuraiton
• cp -r /root/data/docker_data/<docker_name> /root/data/docker_data_backup/<docker_name>
• docker-compose pull
• docker-compose up -d
• docker image prune
• Portainer (Optional)
• docker volume create portainer_data
• docker run -d -p 9000:9000 --name portainer --restart always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ce:latest
• Install some applications: apt install wget curl sudo vim git (Optional)
• aapanel with Nginx (Optional)
• Nginx Proxy Manager (Optional)

Firewall Ports Open

Please make sure following two firewall rules created on your cloud VPS's firewall.

1. tcp 8080

2. udp 59000-59100

Testing udp port using NC commands:

To validate UDP connection the simplest way, run this on your server:

nc -ul 52101

And this on your local client:

nc -u [server ip] 52101

Change SWAP Size for Low Memory VPS (< 2GB)

Command (not support OpenVZ) from root user：

wget https://raw.githubusercontent.com/51sec/swap/main/swap.sh && bash swap.sh

When choose add swap, please enter number for size. Default metric is MB。

In screenshot, the priority is showing 0. Script in github has set to 100. 

Github: https://github.com/51sec/swap

———————————————————————————————————————
Linux VPS One Command Script to Set/Delete Swap 
1. Add swap
2. Delete swap
———————————————————————————————————————
Please Enter Option [1-2]:1
Please enter the size of your swap，recommend size should be double of your memory！
enter /swapfile's size (MB):2048
/swapfile not fund, creating swapfile
Setting up swapspace version 1, size = 2 GiB (2147479552 bytes)
no label, UUID=ab2c0605-631f-4697-bd64-0ff391553573
swapfile successful created, checking information：
Filename                                Type            Size            Used            Priority
/swapfile                               file            2097148         0               -2
SwapCached:            0 kB
SwapTotal:       2097148 kB
SwapFree:        2097148 kB
root@instance-1:~/data/docker_data/neko# htop

Install Docker and Docker-Compose

Install docker:

apt -y update
apt -y install curl
curl -sSL https://get.docker.com/ | sh
systemctl start docker
systemctl enable docker

Install docker-compose:

curl -L https://github.com/docker/compose/releases/download/1.27.4/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose

You also can create a symbolic link to /usr/bin folder:

ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose

Create docker-compose.yml and bring n.eko docker up

[Warning] Don't try this at https://labs.play-with-docker.com/. The instance will be deleted right away. 

Check https://github.com/m1k1o/neko for latest updates.

Create a new docker-compose project directory and edit docker-compose.yml.

cd ~
mkdir neko
cd neko
vi docker-compose.yml

Put following code into docker-compose.yml file based on the browser type.

Chrome Image：

version: '3.5'
services:
  neko:
    image: nurdism/neko:chromium
    restart: always
    cap_add:
      - SYS_ADMIN
    ports:
      - "8080:8080"
      - "59000-59100:59000-59100/udp"
    environment:
      DISPLAY: :99.0
      SCREEN_WIDTH: 1024
      SCREEN_HEIGHT: 576
      SCREEN_DEPTH: 24
      NEKO_PASSWORD: neko
      NEKO_ADMIN: admin
      NEKO_BIND: :8080

Firefox Image：

version: '3.5'
services:
  neko:
    image: nurdism/neko:firefox
    restart: always
    shm_size: "1gb"
    ports:
      - "8080:8080"
      - "59000-59100:59000-59100/udp"
    environment:
      DISPLAY: :99.0
      SCREEN_WIDTH: 1024
      SCREEN_HEIGHT: 576
      SCREEN_DEPTH: 24
      NEKO_PASSWORD: neko
      NEKO_ADMIN: admin
      NEKO_BIND: :8080

Notes:

SCREEN_DEPTH can be changed to 16 to save some resource usage on your host VPS. 

SCREEN_WIDTH=1280       // Display width
SCREEN_HEIGHT=720       // Display height
SCREEN_DEPTH=24         // Display bit depth
DISPLAY=:99.0           // Display number

NEKO_PASSWORD=neko      // Password
NEKO_ADMIN=neko         // Admin Password
NEKO_BIND=0.0.0.0:8080  // Bind
NEKO_KEY=               // (SSL)Key, needed for clipboard sync
NEKO_CERT=              // (SSL)Cert, needed for clipboard sync

docker-compose up -d

Now you should be able to browser to your n.eko's web interface with this url : http://<public ip>:8080

Note: 

https://github.com/m1k1o/neko/

ARM

https://hub.docker.com/r/m1k1o/neko

For ARM-based devices (like Raspberry Pi, with GPU hardware acceleration):

• m1k1o/neko:arm-firefox - for Firefox.
• m1k1o/neko:arm-chromium - for Chromium.
• m1k1o/neko:arm-base - for custom arm based.

version: "3.4"

services:

  neko:

    image: "m1k1o/neko:arm-firefox"

    restart: "unless-stopped"

    shm_size: "2gb"

    ports:

      - "8888:8080"

      - "52000-52100:52000-52100/udp"

    environment:

      NEKO_SCREEN: 1024x576@10

      NEKO_PASSWORD: neko

      NEKO_PASSWORD_ADMIN: admin

      NEKO_EPR: 52000-52100

      NEKO_ICELITE: 1

Fix Chinese Font Issue

Enter into docker：

docker exec -it root_neko_1 bash

Install fonts in docker：

apt -y update
apt -y install ttf-wqy-zenhei

exit and restart docker using docker-compose：

exit
docker-compose restart

HTTPS

If you have your own domain, you can using following steps to create https://<Sub Domain> this kind of access to n.eko project with Nginx's reverse proxy.

• DNS sub domain created in your DNS provider, such as this sub domain, neko.51sec.org
• Create your neko.51sec.org Nginx configuration. You can copy other Nginx web app's configuration then modify it.
• run certbot --nginx to get LetsEncrypt certificate and modify neko.conf file to use those certificates.
• test https://<Sub Domain>

Or you can use NPM to enable https and basic auth to your website.

• NPM (Nginx Proxy Manager) - Configure Basic HTTP Authentication and Use Universal SSL Certificate from Cloudflare

• Deploy Docker, Docker-Compose, Portainer and NPM (Nginx Proxy Manager)

Nginx Configuration

If you have Nginx installed on your same box, you can use following configuraiton to enable reverse proxy for your own domain. such as neko.51sec.org:

root@3a4767f0c009:/# cd /etc/nginx
root@3a4767f0c009:/etc/nginx# cd conf.d/
root@3a4767f0c009:/etc/nginx/conf.d# cat neko.conf 
server {
    listen       80;
    server_name  neko.51sec.org;

location / {
    proxy_pass       http://3.3.2.1:8080;
    proxy_redirect             off;
    proxy_http_version         1.1;
    proxy_set_header Upgrade   $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host      $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }


    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/neko.51sec.org/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/neko.51sec.org/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
root@3a4767f0c009:/etc/nginx/conf.d# 

Other projects who run Firefox in Cloud

From Replit:

• https://replit.com/@BenisBest/Firefox?v=1&outputonly=1&lite=true#main.sh
• https://replit.com/@cooleddie001/Firefox-Legacy?v=1

Novnc Docker project:

• https://novnc.51sec.eu.org/  (Post1 Post2 )

YouTube Video:

References

• n.eko getting-started 
• 在docker中运行的自托管虚拟浏览器
• hyperbeam.