Running Ravada in production¶
Ravada has two daemons that must run on the production server:
- rvd_back : must run as root and manages the virtual machines
- rvd_front : is the web frontend that sends requests to the backend
The frontend has a secret passphrase that should be changed. Cookies and user session rely on this. You can have many passphrases that get rotated to improve security even more.
Change the file /etc/rvd_front.conf line secrets like this:
, secrets => ['my secret 1', 'my secret 2' ]
Configuration for boot start¶
There are two services to start and stop the two ravada daemons:
After install or upgrade you may have to refresh the systemd service units:
$ sudo systemctl daemon-reload
Check the services are enabled to run at startup
$ sudo systemctl enable rvd_back $ sudo systemctl enable rvd_front
$ sudo systemctl start rvd_back $ sudo systemctl start rvd_front
You should check if the daemons started right the very first time with the status command. See troubleshooting frequently problems if it failed to start.
$ sudo systemctl status rvd_back $ sudo systemctl status rvd_front
$ sudo systemctl stop rvd_back $ sudo systemctl stop rvd_front
You can reach the Ravada frontend heading to http://your.server.ip:8081/. It is advised to run an Apache server or similar before the frontend.
In order to make ravada use apache, you must follow the steps explained on here.
iptables to restrict the access to the virtual machines.
These iptables rules grants acess to the admin workstation to all the
domains and disables the access to everyone else. When the users access
through the web broker they are allowed to the port of their virtual
machines. Ravada uses its own iptables chain called ‘ravada’ to do so:
-A INPUT -p tcp -m tcp -s ip.of.admin.workstation --dport 5900:7000 -j ACCEPT -A INPUT -p tcp -m tcp --dport 5900:7000 -j DROP