On Thursday, March 8, 2018 at 2:04:26 PM UTC+1, brandonm...@gmail.com wrote: > Hi all, > > Thanks so much for your responses. > > So a bit more background as requested I run Qubes 3.2 basically Vagrant > allows me to create hyper-vised environments for WordPress to run locally > pulling from https//:github.com/Varying-Vagrant-Vagrants/ this creates the > server environments etc. > > I then run Variable VV which automates WordPress site creation this can be > found here: > > https://github.com/bradp/vv > > I have never been able to get this to work on qubes essentially I want to > create a VM where I can hold all my sites locally. Automate WordPress > creation and then deploy to a staging or live site.
This should be all down to the Qubes firewall rules. The default firewall is essentially acting like a router hardware firewall, blocking all incoming signals, unless you yourself initiated it (similar to the general Linux firewall as well). So what you need to do is to pass the rules to allow your server to get through. But here on forward, nothing is official, you need to be careful and thnik carefully in order not to open up new security holes. Ask more people who have better insight in Qubes security for second opinions, etc. You could quicly test it by making a clone of your server, and try tie it directly to your sys-net instead of sys-firewall. This is however very dodgy and never do it on something important or something you plan to keep afterwards, since it essentially has no firewall in that period of time. But try make a clone of your Qubes server, and tie the clone to your sys-net, are you able to see the server now? Don't let it run too long either, just in case it can be used to attack other parts of Qubes (here is where you especially need a second opinion of a more knowledgeable person in Qubes security). If it works, then you now saw first hand that it's sys-firewall blocking you. I once did something similar for some Syncthing connections when I first started learning Qubes, this made me succesfully open up Syncthing networking without changing the sys-firewall rules. Delete your testing clone once you confirmed it works. Now you need to find out how to do this in a secure way, so that you don't open a can of worms down the road. I haven't seen this discussed before, but my thoughts are a second firewall here. Otherwise it might just be down to editing the existing sys-firewall. For that, you're in luck, there are a very detailed guide available for it; https://www.qubes-os.org/doc/firewall/ which also covers inter-VM connections, as well as server connections (who different things of course). To me an ideal solution would be a second firewall in Qubes, similar to how DMZ isolation zones are made in highly secure networks. So in a way, you'd be DMZ'ing Qubes, which I think, would make perfect sense for something you want to do here. If you got a server, then that server should be kept under a different firewall altogether, albeit still on the same machine/Qubes. While DMZ'ing Qubes seems to make good sense first, remember, I have never had this confirmed anywhere. It's critical you have a second opinion by someone skilled in Qubes security before you consider to take my advice here head on. In practice though, I believe it should work pretty well. It's mostly the security thing I'm wondering about. It's been a while I read that long guide in the lnik though, maybe they made edits in it to include some of these thoughts? I'd have to read it again my self at some point. Maybe you'll find info in there to help answer some of these questions. Also try check this out; https://github.com/Rudd-O/qubes-network-server You might not need to use any of these installs/tools to cover your needs, but it might be a helpful read still to see alternative solutions. Remember that second opinion of a skilled security person. That above guide is by no means Qubes official either, even though it looks quite interesting I gotta admit. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/fc3f2f12-6e68-4937-8c98-4af16483eb20%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
