Ranger installation

Create a ranger directory and copy the following configuration files into it.

Lines marked with #change me require user input for deputy to access their local services and certificates.

ranger
├── deputy
|   └── configuration.toml
├── handler-configs
|   ├── ranger-redis-config.conf 
|   ├── ranger-vmware-machiner.yml
|   ├── ranger-vmware-switcher.yml
|   ├── ranger-vmware-templater.yml
|   └── ranger-vmware-executor.yml
|   └── ranger-vmware-general.yml
├── docker-compose.yml
├── config.yml
└── nginx.conf

Ranger directory

The docker-compose.yml file defines the services and their configurations for Ranger. It directs the deployment of Ranger Server, specific Ranger components for VMware-related tasks, Nginx as a reverse proxy, custom Redis image and MariaDB as a database. Nginx acts as a reverse proxy, forwarding requests to other services based on the configuration in nginx.conf. Ranger server offers a REST-like API for virtualization platform agnostic management of cyber exercises; machiner, switcher, templater, executor services each run a specific Ranger component tailored for VMware-related functionalities, Redis server is run for caching purposes and MariaDB for the backend database.

docker-compose.yml

version: '3'

services:
  nginx-proxy:
    image: nginx:latest
    restart: always
    ports:
      - "443:443"
      - "80:80"
    container_name: nginx-proxy
    volumes:
      - ./nginx.conf:/etc/nginx/conf.d/default.conf
      - /etc/letsencrypt/:/etc/letsencrypt/
      - web-app:/var/www/html

  ranger:
    image: docker.opencyberrange.ee/ranger-server:latest
    volumes:
      - ./config.yml:/etc/opt/ranger/ranger/config.yml
      - web-app:/etc/opt/ranger/ranger-app
    depends_on:
      - "mariadb"
      - "ranger-vmware-machiner"
      - "ranger-vmware-switcher"
      - "ranger-vmware-templater"
      - "ranger-vmware-executor"
    restart: unless-stopped

  ranger-vmware-machiner:
    image: docker.opencyberrange.ee/ranger-vmware-machiner:latest #change me
    volumes:
      - ./handler-configs/ranger-vmware-machiner.yml:/etc/opt/ranger/ranger-vmware-machiner/config.yml
    restart: unless-stopped

  ranger-vmware-switcher:
    image: docker.opencyberrange.ee/ranger-vmware-switcher:latest #change me
    volumes:
      - ./handler-configs/ranger-vmware-switcher.yml:/etc/opt/ranger/ranger-vmware-switcher/config.yml
    restart: unless-stopped

  ranger-vmware-templater:
    image: docker.opencyberrange.ee/ranger-vmware-templater:latest #change me
    volumes:
      - ./handler-configs/ranger-vmware-templater.yml:/etc/opt/ranger/ranger-vmware-templater/config.yml
      - ./deputy:/root/.deputy
    restart: unless-stopped

  ranger-vmware-executor:
    image: docker.opencyberrange.ee/ranger-vmware-executor:latest #change me
    volumes:
      - ./handler-configs/ranger-vmware-executor.yml:/etc/opt/ranger/ranger-vmware-executor/config.yml
      - ./deputy:/root/.deputy
    restart: unless-stopped

  ranger-redis-server:
    image: docker.opencyberrange.ee/featurer-redis-server #change me
    restart: always
    command: [ "redis-server", "/etc/redis/redis.conf" ]
    volumes:
      - ./handler-configs/ranger-redis-config.conf:/etc/redis/redis.conf

  mariadb:
    image: mariadb:10.7
    volumes:
      - ./mariadb:/var/lib/mysql
    environment:
      - MYSQL_ROOT_PASSWORD=mysql_root
      - MYSQL_PASSWORD=mysql_pass
      - MYSQL_USER=mysql_user
      - MYSQL_DATABASE=ranger
    restart: unless-stopped

volumes:
  web-app:

Image: specifies the Docker image to be used for the service
Ports: defines the ports on which Nginx will listen for incoming traffic
Environment: sets environment variables that configure the behaviour of the services
Restart: configures the restart behaviour
Container name: sets the name of the Nginx container
Volumes: defines persistent storage locations for containerized applications
Depends on: sets dependencies on other services

Nginx.conf

nginx.conf

server {
    listen 80;
    listen [::]:80;
    return 301 https://ranger_subdomain$request_uri; #change me
}
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    ssl_certificate      /ranger_subdomain/fullchain.pem; #change me
    ssl_certificate_key  /ranger_subdomain/privkey.pem; #change me

    client_max_body_size 0;

    location /api/ {
      proxy_pass http://ranger:8085/api/;
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "Upgrade";
    }
    location / {
      root /var/www/html;
      try_files $uri /index.html;
    }
}

The file redirects HTTP requests to the specified Deputy subdomain over HTTPS, configures the server to listen on port 443 (HTTPS) and specifies the SSL certificate paths. Nginx is configured to act as a reverse proxy for the Ranger Server API.

This NGINX configuration provides redirection, SSL termination, and proxying to the Ranger API server and static files. Users should customize paths and settings based on their deployment requirements.

Config.yml

The config.yml file contains configuration settings for the Ranger Server and is documented on ranger server page.

Deputy subdirectory

configuration.toml

[registries]
main-registry = { api = "deputy_subdomain" } #change me

[package]
download_path = "package_download_path" #change me

Handler-configs subdirectory

Handlers are documented on VMWare handlers page.

Startup and shutdown

Go into your ranger folder and run docker compose up -d, this will start your ranger service
To check if your ranger service is running run docker ps
To turn your ranger service off run docker compose down

Ranger installation

Ranger directory​

Nginx.conf​

Config.yml​

Deputy subdirectory​

Handler-configs subdirectory​

Startup and shutdown​