In this part of tutorial we will show how to install and configure Mixeway.
Requirements
- Docker and docker-compose
- HashiCorp Vault (Optional)
Preparation
Clone GitHub repo
git clone https://github.com/mixeway/mixewayhub
cd mixewayhubPrepare environments with script:
gs:mixewayhub gs$ ./setup.sh
Enable integration with Hashicorp Vault? (without it passwords to Vulnerability Scanners will be stored in clear text) [Y/N] N
Generating Key pair..
Generating PKCS12..
Generating environments..
Verifying created configuration ..
Verification successfull.
You can now run --- docker-compose up ---In case You would like to enable Vault integration, You need to provide informations such as vault address and token:
gs:mixewayhub gs$ ./setup.sh
Enable integration with Hashicorp Vault? (without it passwords to Vulnerability Scanners will be stored in clear text) [Y/N] Y
Enter Vault host [127.0.0.1]:
Enter Vault port [8200]:
Enter Vault http scheme http/https [http]:
Enter Vault Application name [mixeway]:
Enter Vault token:
Generating Key pair..
Generating PKCS12..
Generating environments..
Verifying created configuration ..
Verification successfull.
You can now run --- docker-compose up ---Result for such operation is generated environments file:
gs:mixewayhub gs$ cat environments
VAULT_HOST=127.0.0.1
VAULT_PORT=8200
VAULT_SCHEME=http
VAULT_APP_NAME=mixeway
VAULT_TOKEN=
KEYALIAS=localhost
TRUSTPASS=changeit
P12PASS=changeit
PROFILE=prod
CERTIFICATE=/pki/cert.crt
PRIVATEKEY=/pki/private.keywhere certificates are self-signed and not trusted in any browser. You can skip running setup script and set those values on Your own in this case remember that:
- You have to create
pkidirectory under mixewayhub - You have to create
#PKCS12file containing TLS Certificate and Private key inpkidirectory. This file has to be named:certificate.p12 - You have to create
JKSas a trust store (set of root CA which will be treated as trusted one) it can be cacerts from JDK. Place this JKS inpkidirectory with name:trust.jks
Running
If environments and certificates are set just run
gs:mixewayhub gs$ docker-compose up
Pulling MixerBackend (mixeway/backend:latest)...
latest: Pulling from mixeway/backend
e7c96db7181b: Already exists
f910a506b6cb: Already exists
b6abafe80f63: Already exists
8016d8b8a8cc: Pull complete
00c0d0872914: Pull complete
Digest: sha256:c1ae8b43f2bb9482dc9e73ed1e769b2888eb4850cc20d3d10658fdc5d09f7253
Status: Downloaded newer image for mixeway/backend:latest
Pulling MixerFrontend (mixeway/frontend:latest)...
latest: Pulling from mixeway/frontend
Status: Downloaded newer image for mixeway/frontend:latest
Recreating MixerDB ... done
Creating MixewayVulnAuditor ... done
Recreating MixerBackend ... done
Recreating MixerFrontend ... done
Attaching to MixerDB, MixewayVulnAuditor, MixerBackend, MixerFrontendthen just go to browser and use : https://localhost, default port Mixeway is using is 443
Warrnings
If You decide to use Mixeway without configuring HashiCorp Vault, You will be warned with few exceptions and:
MixerBackend | #################################################################################################################### MixerBackend | # WARRNING! # MixerBackend | # Vault Configuration is not set # MixerBackend | # Scanner passwords will be stored # MixerBackend | # in clear text. It is recommended # MixerBackend | # To use vault. # MixerBackend | # Read Mixeway docummentation # MixerBackend | ####################################################################################################################
We strongly advise against such configuration in the production environment. Without Vault which used as a secure key-value store, passwords needed to be used in order to login to vulnerability scanners will be stored in plain text.
Configuration
Initial configuration is called upon first login into Mixeway
After entering password You will be asked to pass it once again for ‘admin’ user
You are ready to go!
Comments are closed