Overview This guide covers deploying Miku Miku Beam in production environments, including binary deployment, systemd services, reverse proxies, and security considerations.
Prerequisites
Go 1.21+ Required for building the Go server and CLI
Node.js 18+ Required for building the React web client
npm Node package manager for dependencies
Make Build automation tool (optional but recommended)
Building for Production
Clone the repository
git clone https://github.com/sammwyy/mikumikubeam.git cd mikumikubeam
Install dependencies
This runs:
go mod tidy - Downloads Go dependenciescd web-client && npm install - Installs Node.js dependencies
Build all components
This creates:
bin/mmb-server - Web server binarybin/mmb-cli - CLI tool binarybin/web-client/ - Built React frontend assets
Create required configuration files
mkdir -p data # Create proxy list cat > data/proxies.txt << EOF http://proxy1.example.com:8080 http://user:[email protected] :3128 EOF # Create user agent list cat > data/uas.txt << EOF Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 EOF
Binary Deployment Directory Structure Recommended production directory structure:
/opt/miku-miku-beam/ ├── bin/ │ ├── mmb-server │ ├── mmb-cli │ └── web-client/ │ ├── index.html │ ├── assets/ │ └── ... ├── data/ │ ├── proxies.txt │ └── uas.txt ├── config.toml (optional) └── logs/
Installation Steps
Create application directory
sudo mkdir -p /opt/miku-miku-beam sudo chown $USER : $USER /opt/miku-miku-beam
Copy built files
cp -r bin/ /opt/miku-miku-beam/ cp -r data/ /opt/miku-miku-beam/
Set proper permissions
chmod +x /opt/miku-miku-beam/bin/mmb-server chmod +x /opt/miku-miku-beam/bin/mmb-cli chmod 644 /opt/miku-miku-beam/data/ *
Create configuration (optional)
cat > /opt/miku-miku-beam/config.toml << EOF proxies_file = "data/proxies.txt" user_agents_file = "data/uas.txt" server_port = 3000 allowed_origin = "http://localhost:5173" EOF
Systemd Service Create a systemd service for automatic startup and management.
Create service file
sudo nano /etc/systemd/system/miku-miku-beam.service
Add the following configuration: [Unit] Description =Miku Miku Beam Network Stress Testing Server After =network.target [Service] Type =simple User =mmb Group =mmb WorkingDirectory =/opt/miku-miku-beam ExecStart =/opt/miku-miku-beam/bin/mmb-server Restart =always RestartSec =10 StandardOutput =append:/opt/miku-miku-beam/logs/mmb-server.log StandardError =append:/opt/miku-miku-beam/logs/mmb-server.log # Environment variables Environment = "LOG_FORMAT=json" Environment = "ALLOW_NO_PROXY=false" # Security settings NoNewPrivileges =true PrivateTmp =true ProtectSystem =strict ProtectHome =true ReadWritePaths =/opt/miku-miku-beam/data /opt/miku-miku-beam/logs [Install] WantedBy =multi-user.target
Create service user
sudo useradd -r -s /bin/ false -d /opt/miku-miku-beam mmb sudo chown -R mmb:mmb /opt/miku-miku-beam
Create log directory
sudo mkdir -p /opt/miku-miku-beam/logs sudo chown mmb:mmb /opt/miku-miku-beam/logs
Enable and start service
sudo systemctl daemon-reload sudo systemctl enable miku-miku-beam sudo systemctl start miku-miku-beam
Verify service status
sudo systemctl status miku-miku-beam sudo journalctl -u miku-miku-beam -f
Reverse Proxy Setup Nginx Configuration Recommended setup for production with SSL/TLS:
upstream miku_backend { server 127.0.0.1:3000; keepalive 64 ; } server { listen 80 ; server_name mmb.example.com; # Redirect HTTP to HTTPS return 301 https://$ server_name $ request_uri ; } server { listen 443 ssl http2; server_name mmb.example.com; # SSL configuration ssl_certificate /etc/ssl/certs/mmb.example.com.crt; ssl_certificate_key /etc/ssl/private/mmb.example.com.key; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on ; # Security headers add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Content-Type-Options "nosniff" always; add_header X-XSS-Protection "1; mode=block" always; # Logging access_log /var/log/nginx/mmb-access.log; error_log /var/log/nginx/mmb-error.log; # Max upload size client_max_body_size 10M ; # WebSocket/Socket.IO support location /socket.io/ { proxy_pass http://miku_backend; proxy_http_version 1.1 ; proxy_set_header Upgrade $ http_upgrade ; proxy_set_header Connection "upgrade" ; proxy_set_header Host $ host ; proxy_set_header X-Real-IP $ remote_addr ; proxy_set_header X-Forwarded-For $ proxy_add_x_forwarded_for ; proxy_set_header X-Forwarded-Proto $ scheme ; proxy_read_timeout 86400 ; } # API endpoints location /api/ { proxy_pass http://miku_backend; proxy_set_header Host $ host ; proxy_set_header X-Real-IP $ remote_addr ; proxy_set_header X-Forwarded-For $ proxy_add_x_forwarded_for ; proxy_set_header X-Forwarded-Proto $ scheme ; } # Attack management endpoints location ~ ^/(attacks|configuration)$ { proxy_pass http://miku_backend; proxy_set_header Host $ host ; proxy_set_header X-Real-IP $ remote_addr ; proxy_set_header X-Forwarded-For $ proxy_add_x_forwarded_for ; proxy_set_header X-Forwarded-Proto $ scheme ; } # Static files location / { proxy_pass http://miku_backend; proxy_set_header Host $ host ; proxy_set_header X-Real-IP $ remote_addr ; proxy_set_header X-Forwarded-For $ proxy_add_x_forwarded_for ; proxy_set_header X-Forwarded-Proto $ scheme ; # Caching for static assets location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ { proxy_pass http://miku_backend; expires 1y; add_header Cache-Control "public, immutable" ; } } }
Apache Configuration Alternative configuration for Apache2:
< VirtualHost *:80 > ServerName mmb.example.com Redirect permanent / https://mmb.example.com/ </ VirtualHost > < VirtualHost *:443 > ServerName mmb.example.com # SSL Configuration SSLEngine on SSLCertificateFile /etc/ssl/certs/mmb.example.com.crt SSLCertificateKeyFile /etc/ssl/private/mmb.example.com.key SSLProtocol all -SSLv3 -TLSv1 -TLSv1. 1 SSLCipherSuite HIGH:!aNULL:!MD5 # Enable required modules # a2enmod proxy proxy_http proxy_wstunnel rewrite headers # WebSocket/Socket.IO support RewriteEngine On RewriteCond %{HTTP:Upgrade} websocket [NC] RewriteCond %{HTTP:Connection} upgrade [NC] RewriteRule ^/socket.io/(.*) ws://127.0.0.1:3000/socket.io/$1 [P,L] # Proxy configuration ProxyPreserveHost On ProxyPass /socket.io/ http:// 127 . 0 . 0 . 1 : 3000 /socket.io/ ProxyPassReverse /socket.io/ http:// 127 . 0 . 0 . 1 : 3000 /socket.io/ ProxyPass / http:// 127 . 0 . 0 . 1 : 3000 / ProxyPassReverse / http:// 127 . 0 . 0 . 1 : 3000 / # Security headers Header always set X-Frame- Options "SAMEORIGIN" Header always set X-Content-Type- Options "nosniff" Header always set X-XSS-Protection " 1 ; mode=block" # Logging ErrorLog ${APACHE_LOG_DIR}/mmb-error.log CustomLog ${APACHE_LOG_DIR}/mmb-access.log combined </ VirtualHost >
Environment Configuration Configuration File (config.toml) # Path to proxies file (default: data/proxies.txt) proxies_file = "/opt/miku-miku-beam/data/proxies.txt" # Path to user agents file (default: data/uas.txt) user_agents_file = "/opt/miku-miku-beam/data/uas.txt" # Server port (default: 3000) server_port = 3000 # Allowed CORS origin for development (default: http://localhost:5173) allowed_origin = "https://mmb.example.com"
Environment Variables Set to json for structured JSON logging in production. Console format is human-readable with colors.
Set to true to allow running attacks without proxies. Required if data/proxies.txt is empty or missing.
Port Configuration The server listens on port 3000 by default (configurable via config.toml):
Port Protocol Purpose 3000 HTTP Web UI, API, and Socket.IO
Ensure port 3000 is open in your firewall if accessing directly, or configure reverse proxy.
Security Considerations
Always deploy behind Nginx or Apache in production for:
SSL/TLS termination
Rate limiting
DDoS protection
Better logging and monitoring
Restrict file permissions
chmod 600 /opt/miku-miku-beam/data/proxies.txt chmod 600 /opt/miku-miku-beam/data/uas.txt chmod 644 /opt/miku-miku-beam/config.toml chown mmb:mmb /opt/miku-miku-beam/data/ *
Use systemd security features
The provided systemd service includes:
NoNewPrivileges=true - Prevents privilege escalationPrivateTmp=true - Isolated /tmp directoryProtectSystem=strict - Read-only system directoriesProtectHome=true - No access to home directories
Consider adding authentication middleware for production deployments. MMB doesn’t include built-in auth, so implement it at the reverse proxy level: # Basic Auth example location / { auth_basic "Restricted Access" ; auth_basic_user_file /etc/nginx/.htpasswd; proxy_pass http://miku_backend; }
Monitoring and Logging Log Management View systemd logs
View file logs
# Follow logs in real-time sudo journalctl -u miku-miku-beam -f # View last 100 lines sudo journalctl -u miku-miku-beam -n 100 # View logs since boot sudo journalctl -u miku-miku-beam -b # View logs for specific date sudo journalctl -u miku-miku-beam --since "2026-03-01" --until "2026-03-02"
Log Rotation Create a logrotate configuration:
sudo nano /etc/logrotate.d/miku-miku-beam
Add:
/opt/miku-miku-beam/logs/*.log { daily rotate 14 compress delaycompress notifempty missingok copytruncate postrotate systemctl reload miku-miku-beam > /dev/null 2>&1 || true endscript }
System Limits Increase file descriptor limits for high-concurrency attacks:
# Edit /etc/security/limits.conf mmb soft nofile 65536 mmb hard nofile 65536
Or in systemd service:
[Service] LimitNOFILE =65536
Go Runtime Settings Control Go runtime behavior via environment variables:
[Service] Environment = "GOMAXPROCS=4" Environment = "GOGC=100" Environment = "GOMEMLIMIT=2GiB"
Upgrading
Stop the service
sudo systemctl stop miku-miku-beam
Backup configuration
cp -r /opt/miku-miku-beam/data /opt/miku-miku-beam/data.backup cp /opt/miku-miku-beam/config.toml /opt/miku-miku-beam/config.toml.backup
Build new version
cd ~/mikumikubeam git pull make prepare make all
Deploy new binaries
sudo cp -r bin/ * /opt/miku-miku-beam/bin/ sudo chown -R mmb:mmb /opt/miku-miku-beam/bin/
Restart service
sudo systemctl start miku-miku-beam sudo systemctl status miku-miku-beam
Troubleshooting
Check service status and logs: sudo systemctl status miku-miku-beam sudo journalctl -u miku-miku-beam -n 50
Common issues:
Port 3000 already in use
Missing data files (proxies.txt, uas.txt)
Incorrect file permissions
Invalid configuration
Verify web client files exist: ls -la /opt/miku-miku-beam/bin/web-client/
If empty, rebuild with make all and ensure the web-client build completes successfully.
No proxies available error
Check proxy file: cat /opt/miku-miku-beam/data/proxies.txt
Options:
Add valid proxies to the file
Set ALLOW_NO_PROXY=true in systemd service
Use --no-proxy flag with CLI
Socket.IO connection fails
Ensure WebSocket support in reverse proxy: Nginx: Check for proxy_set_header Upgrade and Connection "upgrade"Apache: Enable proxy_wstunnel module and configure RewriteRule for WebSocket upgrade
Reduce concurrent threads or limit memory: [Service] Environment = "GOMEMLIMIT=1GiB" MemoryLimit =2G
CLI Deployment The CLI tool can be deployed separately for remote attack execution:
# Copy CLI binary to /usr/local/bin sudo cp bin/mmb-cli /usr/local/bin/ sudo chmod +x /usr/local/bin/mmb-cli # Run from anywhere mmb-cli attack http_flood http://example.com \ --duration 120 \ --threads 8 \ --verbose
Next Steps
Docker Deployment Deploy using Docker containers
Server Configuration Configure server settings and parameters
Attack Methods Learn about available attack methods
CLI Usage Use the command-line interface