Skip to main content

Advanced Setup & Makefile Reference

If you want more control over your LongHaul C2 deployment or just want to know exactly what's happening under the hood, this page is for you.

A Makefile handles the heavy lifting for both development and production deployments.


Development vs Production

There are two distinct installation paths:

ModeCommandDescription
Developmentmake dev_installLocal venv, Docker containers, live reloads. Run directly with Python.
Productionsudo make deployInstalls as systemd services under a restricted longhaul user.

Development Setup

git clone https://github.com/LongHaulC2/LongHaulC2
cd LongHaulC2

# Install dependencies, create venv, spin up Docker containers, create .env
make dev_install

# Activate the venv
source venv/bin/activate

# Run the server
PYTHONPATH=. python -m server.main

# Run the client (separate terminal)
PYTHONPATH=. python -m client.main

Development Makefile Commands

CommandWhat it does
make dev_installInstalls apt deps, creates venv, installs Python deps, creates .env, creates workspace dirs at /var/lib/longhaulc2, pulls and starts Docker containers.
make dev_uninstallStops and removes Docker containers, removes venv and .env, wipes workspace and log dirs.
make dev_reinstallRuns dev_uninstall then dev_install — clean slate for dev.

Production Deployment

sudo make deploy

This installs everything to /opt/longhaulc2 and runs both services under the longhaul system user.

# Check service status after deploy
sudo systemctl status longhaulc2-server
sudo systemctl status longhaulc2-web

Production Makefile Commands

CommandWhat it does
sudo make deployFull production install: apt deps, system user, directory structure, venv, systemd services, Docker containers, TLS certs.
sudo make undeployFull removal: stops services, removes systemd units, Docker containers, install dirs, workspace, logs, and system user.
sudo make redeployRuns undeploy then deploy. Use when upgrading.

Customizing Credentials

Pass variables directly to any make command to override defaults.

Security: Never use the default credentials in production or on an internet-facing machine.

sudo make deploy \
MYSQL_ROOT_PASSWORD=MySuperSecretPassword \
REDIS_PASSWORD=AnotherSecret \
NEO4J_PASSWORD=YetAnotherSecret \
JWT_SECRET_KEY=MyJWTSecret \
INIT_API_USER=operator \
INIT_API_PASS=MyOperatorPass

All Configurable Variables

VariableDefaultDescription
MYSQL_ROOT_PASSWORDP@ssw0rd1!MySQL root user password
MYSQL_ROOT_USERrootMySQL root username
REDIS_PASSWORDP@ssw0rd1!Redis password
REDIS_USERdefaultRedis username
NEO4J_USERneo4jNeo4j username
NEO4J_PASSWORDP@ssw0rd1!Neo4j password
JWT_SECRET_KEYP@ssw0rd1!Secret key for signing JWT tokens
INIT_API_USERlonghaulUsername for the initial operator account
INIT_API_PASSP@ssw0rd1!Password for the initial operator account
MYSQL_HOSTlocalhostMySQL host
MYSQL_PORT3306MySQL port
REDIS_HOSTlocalhostRedis host
REDIS_PORT6379Redis port

Docker Utilities

CommandWhat it does
make pull_docker_imagesPulls mysql:latest, redis/redis-stack:latest, and neo4j:latest.
make start_docker_imagesStarts C2_mysql, C2_redis-stack, and C2_neo4j-stack containers.
make create_docker_imagesBuilds the cross-compilation Docker images from setup/docker_images/ (e.g., win_x64). Adds your user to the docker group.

Infrastructure Summary

Service Ports

ServicePort(s)Notes
LongHaulC2 API (Server)0.0.0.0:45045Flask REST API
LongHaulC2 UI (Client)0.0.0.0:8083NiceGUI web interface
MySQL0.0.0.0:3306, 127.0.0.1:33060C2 database — bind to localhost in prod
Redis127.0.0.1:6379Task queue
Redis Insight (Web GUI)0.0.0.0:8001Redis management UI — exposed globally by default, lock this down in prod
Neo4j (Web UI / Browser)0.0.0.0:7474Graph database web UI
Neo4j (Bolt)0.0.0.0:7687Neo4j driver connection

Docker Containers

ContainerImagePurpose
C2_mysqlmysql:latestLong-term storage (tasks, payloads, users, files)
C2_redis-stackredis/redis-stack:latestTask queue and response inbox per implant
C2_neo4j-stackneo4j:latestGraph state (implant topology, host/network relationships)

Filesystem Layout (Production)

PathPurpose
/opt/longhaulc2/server/Server application code + venv
/opt/longhaulc2/client/Client application code + venv
/var/lib/longhaulc2/Workspace: implant templates, user scripts
/var/lib/longhaulc2/implant_templates/C++ implant source used by the build system
/var/log/longhaulc2/Application logs
/etc/ssl/certs/longhaulc2_api_cert.pemTLS certificate (auto-generated on deploy)

TLS Certificates

make deploy automatically generates a self-signed TLS certificate (4096-bit RSA, 365-day validity) and places it in /etc/ssl/certs/. The server uses this for HTTPS.

To regenerate:

sudo make clean-certs
sudo make certs

Linting & Pre-Push Checklist

# Lint & format (runs ruff check + ruff format via pre-commit)
pre-commit run --all-files

# Full pre-push prep: lint, freeze deps, clean .pyc files, dry-run install
make prep_for_push

Testing

TargetRequiresDescription
make web_testsNothingUI smoke tests — pages render, auth guards fire
make server_testsServer + Docker containersAPI tests — all endpoints, CRUD, auth
make local_testsServer + Docker containersBoth of the above
make integration_testFull stack + live Windows implantFull E2E with real implant (CI only)
make no_fail_testFull stackIntegration tests, exits 0 on failure

For full prerequisites, per-test-file coverage, and common failure causes, see Testing Overview.