Quickstart

This guide will get you all set up and ready to use Netgoat in Reverse Proxy mode or DNS Mode

Choose your mode

Before you can start using Netgoat CE (Community Edition), you will need to select a mode of operations, which is either Reverse Proxy mode or DNS Mode. Each mode has its own setup and configuration steps. Depending on resources and usage type it will vary if you plan to use with cloudflare go for reverse proxy for standalone and more features go with DNS Mode.

Running Netgoat CE/BE

After picking your mode, you can install Netgoat CE (Community Edition) or BE (Business Edition) using the following methods:

  • Docker: If you prefer containerization, you can run Netgoat using Docker. This is the recommended way to run Netgoat.
  • Install Script: You can use the provided install script to set up Netgoat on your system. This is a straightforward method that automates the installation process.
  • Manual Install: You can follow the manual installation guide to set up Netgoat on your system. This method gives you more control over the installation process and allows for customization.
Read the docs for Manual Installation

Docker images are not avaliable yet!

Docker

To run Netgoat using Docker, you need to following pre-requisites:

  • Docker installed on your system.
  • Docker Compose installed on your system.
  • Ports 80, 443, 1933, 3000, 3010, 2222 open on your firewall and avaliable on the IP you plan to run the services on.
  • Instances of LogDB and CentralMonServer, MongoDB (you'd only need 1 of these for several netgoat instances)

Run CentralMonServer first with docker via

docker volume create centralmonitoring_data
docker run -d 
  --name centralmonitoringservice 
  -p 1933:1933 
  -v centralmonitoring_data:/app/data 
  -e NODE_ENV=production
  -e MANAGEMENT_USERNAME="admin"
  -e MANAGEMENT_PASSWORD="your_password_here"
  -e MONGODB_URI="mongodb://" 
  -e SHARED_JWT_SECRET="your_shared_jwt_secret_here" 
  -e DYNAMIC_SECRET_KEY_JWT_SECRET="your_dynamic_secret_here" 
  -e PORT=1933 
  cloudable-dev/centralmonitoringservice:latest

Then run LogDB with docker via

docker volume create logdb_data
docker run -d 
  --name logdb 
  -p 3010:3010 
  -v logdb_data:/app/database/DomainLogs 
  cloudable-dev/logdb:latest

After you've confirmed those two services are running, you can run Netgoat CE with docker

 docker run -d 
  --name netgoat 
  -p 80:80 
  -p 443:443 
  -p 3333:3333 
  -e NODE_ENV=production 
  -e NODE_ID="DO_NOT_USE" 
  -e SHARD_MANAGER_URL="DO_NOT_USE" 
  -e JWT_SECRET="DO_NOT_USE" 
  -e REGISTER_KEY="DO_NOT_USE" 
  -e regionID="MM1" 
  -e mongodb="mongodb://localhost/netgoat" 
  -e NS="" 
  -e host="" 
  -e Central_server="http://localhost:1933" 
  -e Central_JWT="" 
  -e SHARED_JWT_SECRET="your_shared_jwt_secret_with_CentralMonitoringService" 
  cloudable-dev/netgoat:latest

Time to start up the NextJS Frontend

docker run -d \
  --name netgoat-frontend \
  -p 3000:3000 \
  -e NODE_ENV=production \
  cloudable-dev/netgoat-frontend:latest

After that you have some more setup to do... if you want NS Mode you need two or more Netgoat CE instances but only 1 of centralmonitoring service and logdb. If you want to run in Reverse Proxy mode you can just run one instance of Netgoat CE and CentralMonitoringService and LogDB.

# SSH Into CentralMonitoringService's management console at port 2222
ssh -p 2222 admin@localhost
# Enter the password you set in the docker run command for CentralMonitoringService (MANAGEMENT_PASSWORD)
# After successfully logging in, you can run the following commands to set up your Netgoat CE instance

devicelist 
# +------------------+--------------------------------------+--------------+----------------+
# | device name      | device_key                           | IP           | operation mode |
# +------------------+--------------------------------------+--------------+----------------+
# | NetGoat_CE_1234  | 550e8400-e29b-41d4-a716-446655440000 | 192.168.0.1  | Standalone     |
# | NetGoat_CE_5678  | 9f8c2b5e-6d5a-4c9a-8d4b-3a2f1d7e8c9b | 192.168.0.2  | Standalone     |
# +------------------+--------------------------------------+--------------+----------------+

device op_mode NetGoat_CE_1234 NS1.cloudable.dev HA_1
device op_mode NetGoat_CE_5678 NS2.cloudable.dev HA_1 
#                   ^ Device Name    ^ Group      ^ Node Name In Group
# In my case its gonna be round robin cname NS
# NS1.cloudable.dev will have for example 5 netgoate CE instances behind it
# Each instance will have its own device key and IP address
# They will be identified in their group via eg, HA_1, HA_2, HA_3, etc.
# They can be any name you want, group name too, it can be anything you want

# So it would be like this
# A ns1.cloudable.dev server_1.homelab.com
# A ns1.cloudable.dev server_2.homelab.com
# A ns1.cloudable.dev server_3.homelab.com
# A ns1.cloudable.dev server_4.homelab.com
# A ns1.cloudable.dev server_5.homelab.com

After thats all done, you can access the Netgoat CE web interface by navigating to http://localhost:3000 in your web browser.

Was this page helpful?