ALWAYS follow these instructions first. Only search for additional information or run bash commands when the information below is incomplete or found to be in error.
This repository contains configuration and automation scripts for managing a Proxmox-based LXC container hosting environment with automated DNS, NGINX reverse proxy, LDAP authentication, and security monitoring via Wazuh.
container creation/- LXC container lifecycle management scriptsgateway/- Network routing, iptables management, and daily cleanup scriptsnginx reverse proxy/- NGINX configuration with JavaScript modules for dynamic backend resolutiondnsmasq service/- DNS/DHCP services with wildcard routingLDAP/- Authentication infrastructure (contains git submodules)Wazuh/- Security monitoring with Node.js management scriptsci-cd automation/- Contains Proxmox-Launchpad GitHub Action submodule
LDAP/LDAPServer- Node.js LDAP gateway serverLDAP/pown- LDAP client automation with Terraform/AWS testingci-cd automation/Proxmox-Launchpad- GitHub Action for container deployment
-
Initialize submodules:
git submodule update --init --recursive- Takes ~30 seconds. NEVER CANCEL.
- Set timeout to 60+ seconds.
-
Build Wazuh component:
cd Wazuh npm install- Takes ~1 second. Builds successfully.
-
Build LDAPServer component:
cd "LDAP/LDAPServer/src" npm install
- Takes ~12 seconds. NEVER CANCEL. Set timeout to 30+ seconds.
- Expect deprecation warnings - these are normal and build succeeds.
CRITICAL: Always run these validation steps before committing changes:
-
Syntax check all shell scripts:
find . -name "*.sh" -exec bash -n {} \;
- Takes <1 second. Must complete without errors.
-
Syntax check all JavaScript files:
find . -name "*.js" -exec node -c {} \;
- Takes <1 second. Must complete without errors.
-
Verify Node.js applications can start (they will fail to connect to external services, which is expected):
# Test Wazuh runner (should run without errors) cd Wazuh && node runner.js getAgents 2>/dev/null && echo "Wazuh runner OK" # Test LDAPServer (will fail with config errors, which is expected) cd "LDAP/LDAPServer/src" && timeout 5 node index.js 2>/dev/null || echo "LDAPServer needs config (expected)"
ALWAYS test infrastructure changes with these scenarios:
Most container scripts require Proxmox infrastructure, but you can:
- Syntax validate: All scripts in
container creation/passbash -nchecks - Check dependencies: Scripts source from
/var/lib/vz/snippets/(will be missing in sandbox) - Verify logic: Review script flow in
container creation/create-container.sh(220 lines)
- Test syntax: All scripts in
gateway/are syntactically valid - Review cleanup logic:
gateway/prune_iptables.shandgateway/prune_temp_files.sh - Check fingerprint extraction:
gateway/extract-fingerprint.sh
- Environment setup: Copy
.env.exampleto.envinLDAP/LDAPServer/src/before testing - Client automation: Review
LDAP/pown/pown.shfor LDAP client setup logic - Test framework:
LDAP/pown/tests/test.shrequires AWS credentials (not available in sandbox)
- Required Node.js version: >=18.0.0, npm >=9.0.0 (available in environment)
- Wazuh dependencies: axios, dotenv (lightweight, builds quickly)
- LDAPServer dependencies: ldapjs, mongodb, mysql2, winston (complex, longer build time)
- Bash scripts: All use
#!/bin/bashwithset -efor error handling - Dependencies: Expect Proxmox
pctcommands, LDAP utilities, iptables - External services: Scripts reference Wazuh server, LDAP servers, database connections
- Proxmox VE: Required for container management commands
- External services: LDAP authentication, Wazuh manager, database servers
- Network infrastructure: DNS, NGINX reverse proxy, iptables rules
- Full repository setup: ~45 seconds (submodules + npm installs)
- Wazuh build: <1 second
- LDAPServer build: ~12 seconds
- Syntax validation: <1 second for all scripts
- Always initialize submodules first if working from fresh clone
- Run syntax validation after any script changes
- Test Node.js builds after package.json modifications
- Review configuration files (.env.example, ossec.conf, etc.) for external service requirements
- Check script dependencies - most require Proxmox/LDAP infrastructure not available in sandbox
- LDAPServer deprecation warnings: Normal, build still succeeds
- Missing /var/lib/vz/snippets/: Expected in sandbox - scripts source Proxmox-specific paths
- LDAP connection errors: Expected - requires actual LDAP server configuration
- Wazuh API failures: Expected - requires Wazuh manager with authentication
- Permission denied: Scripts expect to run on Proxmox host with root/sudo access
- Command not found (pct, pvesh): Proxmox utilities not available in sandbox
- Network connectivity: External services (Wazuh, LDAP) not accessible from sandbox
- Missing .env files: Copy from .env.example templates when available
- SSL/TLS errors: Scripts expect certificate content in environment variables
- Database connections: MySQL/MongoDB connection strings required for LDAPServer
- Running container creation scripts: Requires Proxmox VE host
- LDAP server connections: Requires configured LDAP infrastructure
- Wazuh agent registration: Requires Wazuh manager with API access
- Network configuration changes: Requires iptables and DNS management permissions
- AWS/Terraform tests:
LDAP/pown/tests/requires AWS credentials
container creation/create-container.sh- Main container lifecycle scriptgateway/prune_iptables.sh- Network cleanup automationWazuh/runner.js- Wazuh agent management interface
LDAP/LDAPServer/src/.env.example- LDAP server configurationWazuh/ossec.conf- Wazuh agent configurationnginx reverse proxy/- Web server configuration files
Wazuh/package.json- Security monitoring dependenciesLDAP/LDAPServer/src/package.json- LDAP gateway dependencies
Always reference README.md files in individual directories for component-specific details.