Home

Awesome

Foreman

A NodeJS server that acts as an iOS firmware keybag database a.k.a. as a "keystore", serving Grandmaster formatted keysets.

API Reference

Installation

Tested on a VPS running Ubuntu 18.04.

Install NodeJS

Start by updating apt, installing the prerequisites, and adding the sources to apt.

sudo apt update
sudo apt -y install curl dirmngr apt-transport-https lsb-release ca-certificates gcc g++ make
curl -sL https://deb.nodesource.com/setup_10.x | sudo bash

Now, update apt again and install nodejs.

sudo apt update
sudo apt -y install nodejs

PM2 Usage Notice

Foreman leverages pm2.io for live runtime montioring and providing live metrics for specific endpoints. Foreman allows clients to act with autonomy, anonymously. As such, no PM2 metric will collect any identifier that may link back to a client making requests.

Install mongodb

Simply run the following.

sudo apt install -y mongodb

Install Nginx

To install Nginx simply run the following.

sudo apt update
sudo apt install nginx

and allow Nginx with ufw.

ufw allow "Nginx Full"

Install certbot

To install certbot, using the following commands.

sudo add-apt-repository ppa:certbot/certbot
sudo apt update
sudo apt-get install certbot

Generate a certificate to use with Foreman by executing the following. Take note of where it stores your privkey.pem and fullchain.pem files.

certbot certonly --standalone --keep-until-expiring --agree-tos -d your_hostname_com

Configure Nginx

Create a new file named foreman-server in /etc/nginx/sites-available/ and fill it with the following configuration.

Be sure to modify the server_name, ssl_certificate, and ssl_certificate_key specifiers.

server {
    listen 80 default_server;
    server_name _;
    return 301 https://$host$request_uri;
}

server {
        listen 443 ssl;
        server_name your_hostname_com;

        ssl_certificate path_to_fullchain.pem;
        ssl_certificate_key path_to_privkey.pem;

        location / {
        proxy_pass https://localhost:4141;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }
}

To enable this config, make a symbolic this config in /etc/nginx/sites-enabled/ and then run systemctl restart nginx.

Install Foreman

Move your cd to somewhere you'd like foreman to live in and then execute the following.

git clone https://github.com/GuardianFirewall/foreman.git
cd foreman
npm i

Foreman's prerequisites should now be installed. Create a .env file in the foreman directory and fill it in with the following replacing values as needed.

FOREMAN_PORT=4141
FOREMAN_SSL_KEY=path_to_privkey.pem
FOREMAN_SSL_CERT=path_to_fullchain.pem
FOREMAN_ADMIN_DIGEST=SHA512_PASSPHRASE_DIGEST

FOREMAN_DIGEST is a SHA512 digest of the passphrase you'd like to give the root "foreman" account for the /admin interface.

Running Foreman

Execute node app.js to start the Foreman server.