https://wiki.koozali.org/api.php?action=feedcontributions&user=ReetP&feedformat=atomSME Server - User contributions [en]2024-03-29T13:25:16ZUser contributionsMediaWiki 1.35.5https://wiki.koozali.org/index.php?title=Sme11BuildQueue&diff=42872Sme11BuildQueue2024-03-27T19:40:03Z<p>ReetP: /* Bare install test */</p>
<hr />
<div>This page lists all the packages that SME Server needs to build for SME 11. The starting point is the smeos directory from SME 10. For each package it should be checked if it is still needed, or can we use an upstream package if one is available. <br />
see bug https://bugs.koozali.org/show_bug.cgi?id=12424<br />
<br />
== Package Build Steps ==<br />
things have changed between SME10 and SME11. we moved from cvs to git. We also need to change the name of a few old e-smith rpm to smeserver for better consistency, but without forgetting from where we are coming.<br />
git is available here : https://src.koozali.org<br />
<br />
TODO; write how to checkout and start a build<br />
<br />
TODO ; reference on how to configure a build environement.<br />
<br />
==Required dependencies==<br />
created from the work on SME10, and updated. <br />
<br />
you can use <nowiki>http://pkgs.org</nowiki> to fill the blank, reference where the rpm can be found (EPEL8,ROCKY8,REMI8,OPENFUSION8,RPMFUSION8,smedev,smetest) and the status (Build OK, NEED COPY,NOTABUG,WONTFIX,FIXED).<br />
<br />
fill bug before building a new package : https://bugs.contribs.org/enter_bug.cgi?product=SME%20Server%2011<nowiki/>.X&component=build<br />
{| class="wikitable sortable"<br />
!Package Requiring<br />
!Required Package<br />
!Possible sources<br />
!status<br />
!Reference<br />
|-<br />
|dar<br />
|par2cmdline<br />
|epel<br />
|<br />
|par2cmdline-0.8.0-3.el8.x86_64.rpm<br />
|-<br />
|smeserver-apache<br />
|mod_authnz_external<br />
|epel<br />
|<br />
|mod_authnz_external-3.3.3-3.el8.x86_64.rpm<br />
|-<br />
|smeserver-base<br />
|pv<br />
|epel<br />
|<br />
|pv-1.6.6-7.el8.x86_64.rpm<br />
|-<br />
|smeserver-email<br />
|perl(Net::Server::Fork)<br />
|Rocky Linux AppStream<br />
|<br />
|perl-Net-Server-2.009-3.el8.noarch.rpm<br />
|-<br />
|smeserver-email<br />
|perl(Net::Server) >= 0.85<br />
|Rocky Linux AppStream<br />
|<br />
|perl-Net-Server-2.009-3.el8.noarch.rpm<br />
|-<br />
|smeserver-grub<br />
|grub2<br />
|Rocky Linux BaseOS <br />
|<br />
|grub2-pc-2.02-150.el8.rocky.0.1.x86_64.rpm<br />
|-<br />
|smeserver-horde<br />
|php-pear(HTTP)<br />
|<br />
|<br />
|'''none'''<br />
|-<br />
|smeserver-horde<br />
|php-pear(Date)<br />
|epel / remi<br />
|<br />
|php-pear-Date-1.4.7-22.el8.noarch.rpm <br />
<br />
php-pear-Date-1.4.7-20.el8.remi.noarch.rpm<br />
|-<br />
|smeserver-horde<br />
|php-pear(Services_Weather)<br />
|<br />
|<br />
|'''none'''<br />
|-<br />
|smeserver-horde<br />
|php-pear(File)<br />
|<br />
|<br />
|'''none'''<br />
|-<br />
|smeserver-horde<br />
|php-pear(Log)<br />
|remi<br />
|<br />
|php-pear-Log-1.14.1-1.el8.remi.noarch.rpm<br />
|-<br />
|smeserver-horde<br />
|php-pear(HTTP_Request)<br />
|epel / remi<br />
|<br />
|php-pear-HTTP-Request-1.4.4-18.el8.noarch.rpm<br />
<br />
php-pear-HTTP-Request-1.4.4-16.el8.remi.noarch.rpm <br />
|-<br />
|smeserver-ldap<br />
|libdb4-utils<br />
|<br />
|<br />
|raven third party... <br />
<br />
https://pkgs.dyn.su/el8/base/SRPMS/libdb4-4.8.30-30.el8.src.rpm<br />
|-<br />
|smeserver-devtools<br />
|perl-Pod-Tests<br />
|epel<br />
|<br />
|perl-Pod-Tests-1.20-6.el8.noarch.rpm<br />
|-<br />
|smeserver-lib<br />
|perl(Authen::PAM)<br />
|epel <br />
|<br />
|perl-Authen-PAM-0.16-37.el8.x86_64.rpm<br />
|-<br />
|smeserver-lib<br />
perl-Mojolicious<br />
|perl(Taint::Util)<br />
|epel<br />
|<br />
|perl-Taint-Util-0.08-22.el8.x86_64.rpm<br />
|-<br />
|smeserver-mysql<br />
|mariadb-server<br />
|Rocky Linux AppStream / mariadb<br />
|<br />
|mariadb-server-10.5.22-1.module<br />
|-<br />
|smeserver-nutUPS<br />
|nut<br />
|epel<br />
|<br />
|nut-2.8.0-3.el8.x86_64.rpm<br />
|-<br />
|smeserver-nutUPS<br />
|nut-client<br />
|epel<br />
|<br />
|<br />
|-<br />
|smeserver-proftpd<br />
|proftpd<br />
|epel<br />
|<br />
|proftpd-1.3.6e-6.el8.x86_64.rpm<br />
|-<br />
|smeserver-radiusd<br />
|radiusclient-ng >= 0.5.6<br />
|<br />
|<br />
|none, should migrate to freeradius-client . radius<br />
|-<br />
|mbuffer<br />
|libmhash.so.2()(64bit)<br />
|epel<br />
|<br />
|mhash-devel-0.9.9.9-20.el8.x86_64.rpm<br />
|-<br />
|smeserver-lib<br />
|perl(Text::Template)<br />
|Rocky Linux AppStream<br />
|<br />
|perl-Text-Template-1.51-1.el8.noarch.rpm (also module 1.58 and 1.47)<br />
|-<br />
|qpsmtpd<br />
|perl(Net::IP)<br />
|epel<br />
|<br />
|perl-Net-IP-1.26-20.el8.noarch.rpm<br />
|-<br />
|smeserver-qpsmtpd<br />
|perl-MIME-tools<br />
|epel<br />
|<br />
|perl-MIME-tools-5.509-9.el8.noarch.rpm<br />
|-<br />
|smeserver-qpsmtpd<br />
|perl-File-MMagic<br />
|Rocky Linux Devel<br />
|<br />
|perl-File-MMagic-1.30-16.el8.noarch.rpm<br />
|-<br />
|smeserver-qpsmtpd<br />
|perl-Convert-TNEF<br />
|epel<br />
|<br />
|perl-Convert-TNEF-0.18-17.el8.noarch.rpm<br />
|-<br />
|smeserver-spamassassin<br />
|perl-razor-agents<br />
|epel<br />
|add dep back to spec<br />
|perl-Razor-Agent-2.86-1.el8.x86_64.rpm<br />
|-<br />
|smeserver-spamassassin<br />
|pyzor<br />
|epel<br />
|<br />
|pyzor-1.0.0-28.20200530gitf46159b.el8.noarch.rpm<br />
|-<br />
|smeserver-horde<br />
|php-pear-Log<br />
|remi<br />
|<br />
|php-pear-Log-1.14.1-1.el8.remi.noarch.rpm<br />
|-<br />
|smeserver-horde<br />
|php-pecl-geoip<br />
|remi-modular<br />
|wait<br />
|is required by remi for php-horde-imp, php-horde-kronolith, php-horde-nag, php-horde-turba : available by modular only<br />
|-<br />
|smeserver-horde<br />
|php-imap<br />
|remi-modular<br />
|wait<br />
|is required by remi for php-horde-ingo, php-horde-mnemo : available by modular only<br />
|-<br />
|smeserver-horde<br />
|[https://src.koozali.org/smeserver/php-channel-horde php-channel-horde]<br />
php-channel(pear.horde.org)<br />
|remi<br />
|wait<br />
|remi php-channel-horde<br />
|-<br />
|smeserver-horde<br />
|[https://src.koozali.org/smeserver/php-horde-Horde-Role php-horde-Horde-Role]<br />
|remi<br />
|wait<br />
|remi php-horde-Horde-Role<br />
|}<br />
==RPM's from smeos directory==<br />
<br />
before attempting to buidl check if they are available and put them rather in the table above with source to copy from, with at least the version number we had on SME10.<br />
<br />
if you need to build check if a newer version is available. Sometime we might need to stick to an old version so document here when uping version in reference.<syntaxhighlight lang="bash"><br />
koji build dist-sme11-os git+https://src.koozali.org/smeserver/PACKAGE.git?#GITTAG<br />
</syntaxhighlight>where PACKAGE is listed under, and GITTAG should be found in https://src.koozali.org<br />
{| class="wikitable sortable"<br />
!Package<br />
!Builder<br />
!status<br />
!Reference<br />
|-<br />
|[https://src.koozali.org/smeserver/bglibs bglibs]<br />
|terryf<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=45<br />
|-<br />
|[https://src.koozali.org/smeserver/buffer buffer]-1.19-11<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=123<br />
|-<br />
|[https://src.koozali.org/smeserver/buildsys-macros buildsys-macros]<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=72<br />
|-<br />
|[https://src.koozali.org/smeserver/cpu cpu]-1.4.3-14<br />
|trevorb<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=16<br />
|-<br />
|[https://src.koozali.org/smeserver/checkpassword-pam checkpassword-pam]-0.99-1.3<br />
|trevorb<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=15<br />
|-<br />
|[https://src.koozali.org/smeserver/daemontools daemontools]-0.76-7<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=173<br />
|-<br />
|[https://src.koozali.org/smeserver/DCC DCC]-2.3.168-1<br />
|trevorb<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=12<br />
|-<br />
|[https://src.koozali.org/smeserver/diald diald]-1.0-5<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=125<br />
|-<br />
|[https://src.koozali.org/smeserver/dietlibc dietlibc]<br />
|terryf<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=50<br />
|-<br />
|[https://src.koozali.org/smeserver/djbdns djbdns]<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=181<br />
|-<br />
|[https://src.koozali.org/smeserver/dot-forward dot-forward]-0.71-5<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=128<br />
|-<br />
|[https://src.koozali.org/smeserver/fastforward fastforward]-0.51-5<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=143<br />
|-<br />
|[https://src.koozali.org/smeserver/flexbackup flexbackup]<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=129<br />
|-<br />
|[https://src.koozali.org/smeserver/headermatch headermatch]-0.0.1-4<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=144<br />
|-<br />
|[https://src.koozali.org/smeserver/ipsvd ipsvd]<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=180 ; do we still use it ? required by smeserver-qpsmtpd and <s>smeserver-tftp-server</s><br />
|-<br />
|[https://src.koozali.org/smeserver/libnetfilter_acct libnetfilter_acct]-1.0.3<br />
|terryf<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=126<br />
|-<br />
|[https://src.koozali.org/smeserverlibnetfilter_log libnetfilter_log]-devel-1.0.2-1<br />
[https://src.koozali.org/smeserverlibnetfilter_log libnetfilter_log]-1.0.2-1<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=159<br />
|-<br />
|[https://src.koozali.org/smeserver/LPRng LPRng]-3.8.35-7<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=156<br />
|-<br />
|[https://src.koozali.org/smeserver/mod_auth_tkt mod_auth_tkt]-2.3.99b1<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=37<br />
|-<br />
|[https://src.koozali.org/smeserver/perl-Algorithm-Dependency perl-Algorithm-Dependency]-1.112<br />
|trevorb<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=6<br />
|-<br />
|[https://src.koozali.org/smeserver/perl-Apache-AuthTkt perl-Apache-AuthTkt]-2.1-1<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=35<br />
|-<br />
|[https://src.koozali.org/smeserver/perl-CGI-FormMagick perl-CGI-FormMagick]-0.93-8<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=32<br />
|-<br />
|[https://src.koozali.org/smeserver/perl-CGI-Persistent perl-CGI-Persistent]-1.11-1<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=20 after perl-Object-Persistence<br />
|-<br />
|[https://src.koozali.org/smeserver/perl-ClamAV-Client perl-ClamAV-Client]-0.11-1<br />
|terryf<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=33 cpan latest<br />
|-<br />
|[https://src.koozali.org/smeserver/perl-Class-ParamParser perl-Class-ParamParser]-1.041-1<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=21<br />
|-<br />
|[https://src.koozali.org/smeserver/perl-File-chmod perl-File-chmod]-0.42<br />
|trevorb<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=4<br />
|-<br />
|[https://src.koozali.org/smeserver/perl-File-Flat perl-File-Flat]-1.07<br />
|trevorb<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=2<br />
|-<br />
|[https://src.koozali.org/smeserver/perl-HTML-Tabulate perl-HTML-Tabulate]-0.45-1<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=22 cpan latest <br />
'''openfusion perl-HTML-Tabulate-0.45-1.of.el8.noarch.rpm'''<br />
|-<br />
|[https://src.koozali.org/smeserver/perl-I18N-AcceptLanguage perl-I18N-AcceptLanguage]-1.04-1<br />
|terryf<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=31 cpan latest<br />
|-<br />
|[https://src.koozali.org/smeserver/perl-IP-Country perl-IP-Country]-2.28-1<br />
|terryf<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=34 cpan latest<br />
|-<br />
|[https://src.koozali.org/smeserver/perl-Mail-DMARC perl-Mail-DMARC]<br />
|terryf<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=36<br />
cpan has newer version https://metacpan.org/release/MSIMERSON/Mail-DMARC-1.20240214/source<br />
|-<br />
|[https://src.koozali.org/smeserver/perl-Net-DNS-Native perl-Net-DNS-Native] >= 0.15<br />
|terryf<br />
|build ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=39<br />
cpan newer version https://metacpan.org/dist/Net-DNS-Native 0.22<br />
https://github.com/olegwtf/p5-Net-DNS-Native/tags<br />
|-<br />
|[https://src.koozali.org/smeserver/perl-Net-Ident perl-Net-Ident]-1.25<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=40 cpan latest<br />
|-<br />
|[https://src.koozali.org/smeserver/perl-Object-Persistence perl-Object-Persistence]-0.92-8<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=30<br />
<br />
|-<br />
|[https://src.koozali.org/smeserver/perl-Passwd-Unix perl-Passwd-Unix]-1.09-1<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=157 cpan latest<br />
|-<br />
|[https://src.koozali.org/smeserver/perl-Quota perl-Quota]-1.8.2<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=41 cpan latest<br />
|-<br />
|[https://src.koozali.org/smeserver/perl-Session-Token perl-Session-Token]-1.503<br />
|terryf<br />
|builds ok<br />
|<br />
https://koji.koozali.org/koji/buildinfo?buildID=44 cpan latest<br />
|-<br />
|[https://src.koozali.org/smeserver/perl-Struct-Compare perl-Struct-Compare]-1.0.1-1<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=68 cpan latest<br />
|-<br />
|[https://src.koozali.org/smeserver/perl-Test-ClassAPI perl-Test-ClassAPI]-1.07<br />
|trevorb<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=3<br />
|-<br />
|[https://src.koozali.org/smeserver/perl-Test-Harness-Straps perl-Test-Harness-Straps]-0.30<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=69<br />
|-<br />
|[https://src.koozali.org/smeserver/perl-Test-Inline perl-Test-Inline]-2.214-2<br />
|trevorb<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=7<br />
|-<br />
|[https://src.koozali.org/smeserver/perl-Unix-ConfigFile perl-Unix-ConfigFile]-0.06<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=29<br />
|-<br />
|[https://src.koozali.org/smeserver/perl-WWW-Automate perl-WWW-Automate]-0.21<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=38<br />
<br />
cpan latest<br />
|-<br />
|[https://src.koozali.org/smeserver/Php-horde-Horde-ActiveSync.git php-horde-Horde-ActiveSync]-2.34.0<br />
|jpp<br />
|builds ok<br />
<br />
|https://koji.koozali.org/koji/buildinfo?buildID=118 <br />
will need v3 https://github.com/horde/ActiveSync/archive/refs/tags/v3.0.0alpha4.tar.gz<br />
|-<br />
|[https://src.koozali.org/smeserver/Php-horde-Horde-Service-Facebook.git php-horde-Horde-Service-Facebook]-2.0.9<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=141 <br />
will need v3 https://github.com/horde/Service_Facebook/archive/refs/tags/v3.0.0alpha1.tar.gz<br />
|-<br />
|[https://src.koozali.org/smeserver/Php-horde-Horde-Service-Twitter.git php-horde-Horde-Service-Twitter]-2.1.5<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=165<br />
will need v3 https://github.com/horde/Service_Twitter https://github.com/horde/Service_Twitter/archive/refs/tags/v3.0.0alpha1.tar.gz<br />
|-<br />
|[https://src.koozali.org/smeserver/Php-pear-Auth-SASL2.git php-pear-Auth-SASL2]-0.1.0<br />
|brianr<br />
|builds ok<br />
|https://koji.koozali.org/koji/taskinfo?taskID=16313<br />
|-<br />
|[https://src.koozali.org/smeserver/Php-pear-Console-GetoptPlus.git php-pear-Console-GetoptPlus]-1.0.0RC1<br />
|brianr<br />
|builds ok<br />
<br />
|https://koji.koozali.org/koji/buildinfo?buildID=117<br />
|-<br />
|[https://src.koozali.org/smeserver/php-pear-Date-Holidays-Australia.git php-pear-Date-Holidays-Australia]-0.2.2<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=122<br />
http://www.nosuchhost.net/~cheese/fedora/packages/epel-8/x86_64/php-pear-Date-Holidays-Australia.html<br />
|-<br />
|[https://src.koozali.org/smeserver/php-pear-Date-Holidays-Denmark.git php-pear-Date-Holidays-Denmark]-0.1.3<br />
|terryf<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=131<br />
http://www.nosuchhost.net/~cheese/fedora/packages/epel-8/x86_64/php-pear-Date-Holidays-Denmark.html<br />
|-<br />
|[https://src.koozali.org/smeserver/php-pear-Date-Holidays-France.git php-pear-Date-Holidays-France]-0.1.0<br />
|terryf<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=130<br />
http://www.nosuchhost.net/~cheese/fedora/packages/epel-8/x86_64/php-pear-Date-Holidays-France.html<br />
|-<br />
|[https://src.koozali.org/smeserver/php-pear-Date-Holidays-Germany.git php-pear-Date-Holidays-Germany]-0.1.2<br />
|terryf<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=132<br />
http://www.nosuchhost.net/~cheese/fedora/packages/epel-8/x86_64/php-pear-Date-Holidays-Germany.html<br />
|-<br />
|[https://src.koozali.org/smeserver/php-pear-Date-Holidays-Italy.git php-pear-Date-Holidays-Italy]-0.1.1<br />
|terryf<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=133<br />
http://www.nosuchhost.net/~cheese/fedora/packages/epel-8/x86_64/php-pear-Date-Holidays-Italy.html<br />
|-<br />
|[https://src.koozali.org/smeserver/php-pear-Date-Holidays-Netherlands php-pear-Date-Holidays-Netherlands]-0.1.4<br />
|terryf<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=134<br />
http://www.nosuchhost.net/~cheese/fedora/packages/epel-8/x86_64/php-pear-Date-Holidays-Netherlands.html<br />
|-<br />
|[https://src.koozali.org/smeserver/php-pear-Date-Holidays-Norway.git php-pear-Date-Holidays-Norway]-0.1.2<br />
|terryf<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=135<br />
http://www.nosuchhost.net/~cheese/fedora/packages/epel-8/x86_64/php-pear-Date-Holidays-Norway.html<br />
|-<br />
|[https://src.koozali.org/smeserver/php-pear-Date-Holidays-Portugal.git php-pear-Date-Holidays-Portugal]-0.1.1<br />
|terryf<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=136<br />
http://www.nosuchhost.net/~cheese/fedora/packages/epel-8/x86_64/php-pear-Date-Holidays-Portugal.html<br />
|-<br />
|[https://src.koozali.org/smeserver/php-pear-Date-Holidays-Russia.git php-pear-Date-Holidays-Russia]-0.1.0<br />
|terryf<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=137<br />
http://www.nosuchhost.net/~cheese/fedora/packages/epel-8/x86_64/php-pear-Date-Holidays-Russia.html<br />
|-<br />
|[https://src.koozali.org/smeserver/php-pear-Date-Holidays-Slovenia.git php-pear-Date-Holidays-Slovenia]-0.1.2<br />
|terryf<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=138<br />
http://www.nosuchhost.net/~cheese/fedora/packages/epel-8/x86_64/php-pear-Date-Holidays-Slovenia.html<br />
|-<br />
|[https://src.koozali.org/smeserver/php-pear-Date-Holidays-Sweden.git php-pear-Date-Holidays-Sweden]-0.1.3<br />
|terryf<br />
|builds oj<br />
|https://koji.koozali.org/koji/buildinfo?buildID=139<br />
http://www.nosuchhost.net/~cheese/fedora/packages/epel-8/x86_64/php-pear-Date-Holidays-Sweden.html<br />
|-<br />
|[https://src.koozali.org/smeserver/php-pear-Date-Holidays-Turkey.git php-pear-Date-Holidays-Turkey]-0.1.1<br />
|terryf<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=140<br />
http://www.nosuchhost.net/~cheese/fedora/packages/epel-8/x86_64/php-pear-Date-Holidays-Turkey.html<br />
|-<br />
|[https://src.koozali.org/smeserver/php-pear-HTTP&#x20;WebDAV&#x20;Server.git php-pear-HTTP_WebDAV_Server]-1.0.0RC8<br />
|brianr<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=116<br />
|-<br />
|[https://src.koozali.org/smeserver/php-pear-Math&#x20;BigInteger.git php-pear-Math_BigInteger]-1.0.3<br />
|brianr<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=115<br />
|-<br />
|[https://src.koozali.org/smeserver/php-pear-XML-Parser2.git php-pear-XML-Parser2]-0.1.0<br />
|brianr<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=114<br />
|-<br />
|[https://src.koozali.org/smeserver/qmail qmail]<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=179<br />
|-<br />
|[https://src.koozali.org/smeserver/qmailanalog qmailanalog]-0.70-9<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=145<br />
|-<br />
|[https://src.koozali.org/smeserver/qpsmtpd qpsmtpd]<br />
|terryf<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=111<br />
|-<br />
|[https://src.koozali.org/smeserver/qpsmtpd-plugins qpsmtpd-plugins]<br />
|brianr<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=124<br />
merge to smeserver-qpsmtpd?<br />
|-<br />
|[https://src.koozali.org/smeserver/runit runit]<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=178<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver smeserver]<br />
|trevorb<br />
|builds ok<br />
|http://koji.koozali.org/koji/taskinfo?taskID=15388<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-apache smeserver-apache]<br />
|trevor<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=47<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-audittools smeserver-audittools]<br />
|brianr<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=93<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-backup smeserver-backup]<br />
|terryf<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=48<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-base smeserver-base]-5.8.1-32<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=80<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-clamav smeserver-clamav]<br />
|brianr<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=94<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-devtools smeserver-devtools]-2.6.0-19<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=71<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-dnscache smeserver-dnscache]<br />
|terryf<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=49<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-domains smeserver-domains]<br />
|terryf<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=51<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-dovecot smeserver-dovecot]<br />
|brianr<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=95<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-email smeserver-email]<br />
|terryf<br />
|builds ok<br />
|https://koji.koozali.org/koji/taskinfo?taskID=15684<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-flexbackup smeserver-flexbackup]<br />
|terryf<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=53<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-formmagick smeserver-formmagick]<br />
|terryf<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=54<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-grub smeserver-grub]<br />
|terryf<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=55<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-horde smeserver-horde]<br />
|terryf<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=56<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-hosts smeserver-hosts]<br />
|terryf<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=57<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-ibays smeserver-ibays]<br />
|terryf<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=58<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-ldap smeserver-ldap]<br />
|terryf<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=59<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-lib smeserver-lib]-2.6.0-18<br />
|terryf<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=113<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-lib-compspec smeserver-lib-compspec]<br />
|brianr<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=61<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-locale smeserver-locale]<br />
|brianr<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=96<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-LPRng smeserver-LPRng]<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=64<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-manager smeserver-manager]<br />
|<br />
|<br />
|Will pull this across as "smeserver-manager-panels".<br />
|-<br />
|[http://src.koozali.org/smeserver/smeserver-manager-panels.git smeserver-manager-panels]<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=150<br />
|-<br />
|[https://src.koozali.org/smeserver/e-smith-manager e-smith-manager] -2.8.0-40<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=78<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-manager-locale smeserver-manager-locale]<br />
|brianr<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=26<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-manager-jsquery smeserver-manager-jsquery]<br />
|brianr<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=28<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-mock smeserver-mock]<br />
|<br />
|<br />
|<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-mysql smeserver-mysql]<br />
|brianr<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=63<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-ntp smeserver-ntp]<br />
|brianr<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=65<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-nutUPS smeserver-nutUPS]<br />
|brianr<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=66<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-oidentd smeserver-oidentd]<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=67<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-openssh smeserver-openssh]<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=73<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-packetfilter smeserver-packetfilter]<br />
|terryf<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=79<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-php smeserver-php]<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=74<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-portforwarding smeserver-portforwarding]<br />
|brianr<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=82<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-proftpd smeserver-proftpd]<br />
|brianr<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=83<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-proxy smeserver-proxy]<br />
|brianr<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=84<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-qmail smeserver-qmail]<br />
|brianr<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=85<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-qmailanalog smeserver-qmailanalog]<br />
|brianr<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=86<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-quota smeserver-quota]<br />
|brianr<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=87<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-qpsmtpd.git smeserver-qpsmtpd]<br />
|brianr<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=97<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-radiusd smeserver-radiusd]<br />
|brianr<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=89<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-release.git smeserver-release]<br />
|brianr<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=98<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-runit smeserver-runit]<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=149<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-samba smeserver-samba]<br />
|brianr<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=90<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-spamassassin.git smeserver-spamassassin]<br />
|brianr<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=99<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-support.git smeserver-support]<br />
|brianr<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=101<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-test smeserver-test]<br />
|brianr<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=91<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-tinydns smeserver-tinydns]<br />
|brianr<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=92<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-viewlogfiles smeserver-viewlogfiles]<br />
|terryf<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=77<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-yum.git smeserver-yum]<br />
|brianr<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=155<br />
<br />
|-<br />
|[https://src.koozali.org/smeserver/spamassassin.git spamassassin]<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=103 resubmitted after 'perl-IP-Country-DB_File' 'perl-Net-DNS-Nameserver'<br />
<br />
|-<br />
|[https://src.koozali.org/smeserver/tai64nunix.git tai64nunix]-0.70-6<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=175<br />
<br />
|-<br />
|[https://src.koozali.org/smeserver/timeobjects.git timeobjects]-2.1.2<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=162<br />
|-<br />
|[https://src.koozali.org/smeserver/ucspi-tcp.git ucspi-tcp]<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=176<br />
<br />
|-<br />
|[https://src.koozali.org/smeserver/ulogd.git ulogd]<br />
|jpp<br />
|builds ok<br />
<br />
|https://koji.koozali.org/koji/buildinfo?buildID=110<br />
|-<br />
|[https://src.koozali.org/smeserver/xlhtml.git xlhtml]-0.5<br />
|brianr<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=109<br />
not installed on SME10<br />
|-<br />
|[https://src.koozali.org/smeserver/vconfig vconfig]<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=163 need to check if really used<br />
|-<br />
|[https://src.koozali.org/smeserver/php-pear-HTTP php-pear-HTTP]<br />
|jpp<br />
|builds ok<br />
| https://koji.koozali.org/koji/buildinfo?buildID=169<br />
|-<br />
|[https://src.koozali.org/smeserver/php-pear-Services-Weather php-pear-Services-Weather]<br />
|jpp<br />
|builds ok<br />
| https://koji.koozali.org/koji/buildinfo?buildID=171<br />
|-<br />
|[https://src.koozali.org/smeserver/php-pear-File php-pear-File]<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=170<br />
|-<br />
|[https://src.koozali.org/smeserver/perl-Time-TAI64 perl-Time-TAI64]<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=164<br />
|-<br />
|[https://src.koozali.org/smeserver/perl-IP-Country-DB&#x20;File perl-IP-Country-DB_File]<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=160<br />
|-<br />
|[https://src.koozali.org/smeserver/perl-Net-DNS perl-Net-DNS-Nameserver]<br />
from perl-Net-DNS-1.15-1<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=161<br />
|-<br />
|[https://src.koozali.org/smeserver/perl-JSON-PP perl-JSON-PP]-4.04<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=166<br />
|-<br />
|[https://src.koozali.org/smeserver/perl-Net-IPv4Addr perl-Net-IPv4Addr] >= 0.10<br />
|jpp<br />
|builds ok<br />
| https://koji.koozali.org/koji/buildinfo?buildID=167<br />
|-<br />
|[https://src.koozali.org/smeserver/libdb4 libdb4-utils]<br />
from libdb4<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=168<br />
|-<br />
|[https://src.koozali.org/smeserver/perl-Mojo-JWT perl(Mojo::JWT)] >= 0.08-1<br />
|trevorb<br />
|builds ok<br />
|<br />
|-<br />
|[https://src.koozali.org/smeserver/perl-Mojolicious-Plugin-CSRFDefender perl(Mojolicious::Plugin::CSRFDefender)] >= 0.0.8<br />
|trevorb<br />
|builds ok<br />
|cvs smeserver<br />
|-<br />
|[https://src.koozali.org/smeserver/perl-Mojolicious-Plugin-I18N perl(Mojolicious::Plugin::I18N)] >= 1.6<br />
|trevorb<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=264<br />
|-<br />
|[https://src.koozali.org/smeserver/perl-Mojolicious-Plugin-RenderFile perl(Mojolicious::Plugin::RenderFile)] >= 0.12<br />
|trevorb<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=263<br />
|-<br />
|[https://src.koozali.org/smeserver/perl-Crypt-Password perl(Crypt::Password)]<br />
|trevorb<br />
|builds ok<br />
| https://koji.koozali.org/koji/buildinfo?buildID=262<br />
|-<br />
|[https://src.koozali.org/smeserver/perl-Tie-Array-CSV perl(Tie::Array::CSV)]<br />
|trevorb<br />
|builds ok<br />
| https://koji.koozali.org/koji/buildinfo?buildID=261<br />
|-<br />
|[https://src.koozali.org/smeserver/perl-File-MMagic perl-File-MMagic]<br />
|trevorb<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=259<br />
|-<br />
|[https://src.koozali.org/smeserver/php-pear-Crypt-Blowfish php-pear-Crypt-Blowfish]<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=271<br />
|-<br />
|[https://src.koozali.org/smeserver/php-pear-File-CSV php-pear-File-CSV]<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=272<br />
|-<br />
|[https://src.koozali.org/smeserver/php-pear-File-Util php-pear-File-Util]<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=273<br />
|-<br />
|[https://src.koozali.org/smeserver/php-pear-MDB2 php-pear-MDB2]<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=274<br />
|-<br />
|[https://src.koozali.org/smeserver/php-pear-Net-URL2 php-pear-Net-URL2]<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=275<br />
|-<br />
|[https://src.koozali.org/smeserver/php-pear-XML-RPC2 php-pear-XML-RPC2]<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=276<br />
|-<br />
|[https://src.koozali.org/smeserver/ntpsec ntpsec]<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=258<br />
|}<br />
<br />
=== Packages in git, but we will use upstream ===<br />
{| class="wikitable"<br />
|+<br />
in git but use the upstream version<br />
!Package<br />
!Builder<br />
!status<br />
!Reference<br />
|-<br />
|[https://src.koozali.org/smeserver/dar dar]<br />
|<br />
|X<br />
|'''epel: dar-2.7.6-2.el8.x86_64.rpm'''<br />
|-<br />
|[https://src.koozali.org/smeserver/geoipupdate geoipupdate]<br />
|<br />
|X<br />
|'''Rocky Linux AppStream : geoipupdate-2.5.0-3.el8.x86_64.rpm'''<br />
unless we see we have a local patch to use older app<br />
|-<br />
|[https://src.koozali.org/smeserver/maildrop maildrop]-2.8.4<br />
|<br />
|X<br />
|'''epel maildrop-3.0.8-1.el8.x86_64.rpm'''<br />
|-<br />
|[https://src.koozali.org/smeserver/mbuffer mbuffer]<br />
|<br />
|X<br />
|'''epel mbuffer-20190725-1.el8.x86_64.rpm'''<br />
|-<br />
|[https://src.koozali.org/smeserver/mod&#x20;perl mod_perl]<br />
|<br />
|X<br />
|'''epel mod_perl-2.0.12-1.el8.x86_64.rpm'''<br />
|-<br />
|[https://src.koozali.org/smeserver/oidentd oidentd] >= 2.0.6<br />
|<br />
|X<br />
|'''epel oidentd-2.5.0-1.el8.x86_64.rpm'''<br />
|-<br />
|[https://src.koozali.org/smeserver/perl-Crypt-Cracklib perl-Crypt-Cracklib]<br />
|<br />
|X<br />
|'''epel perl-Crypt-Cracklib-1.7-24.el8.x86_64.rpm'''<br />
|-<br />
|[https://src.koozali.org/smeserver/perl-Data-Validate-Domain perl-Data-Validate-Domain]<br />
|<br />
|X<br />
|'''epel perl-Data-Validate-Domain-0.15-7.el8.noarch.rpm''' <br />
'''openfusion perl-Data-Validate-Domain-0.14-1.of.el8.noarch.rpm'''<br />
|-<br />
|[https://src.koozali.org/smeserver/perl-IO-Socket-SSL perl-IO-Socket-SSL]<br />
|<br />
|X<br />
|'''Rocky Linux AppStream perl-IO-Socket-SSL-2.066-4.module'''<br />
|-<br />
|[https://src.koozali.org/smeserver/perl-Mail-RFC822-Address perl-Mail-RFC822-Address]<br />
|<br />
|X<br />
|'''epel perl-Mail-RFC822-Address-0.3-36.el8.noarch.rpm'''<br />
|-<br />
|[https://src.koozali.org/smeserver/perl-Net-IMAP-Simple perl-Net-IMAP-Simple]-1.1916<br />
|<br />
|X<br />
|'''openfusion perl-Net-IMAP-Simple-1.2212-1.of.el8.noarch.rpm'''<br />
|-<br />
|https://src.koozali.org/smeserver/perl-Mojolicious<br />
|<br />
|X<br />
|'''epel 8 perl-Mojolicious-8.42-1.el8.noarch.rpm'''<br />
|-<br />
|[https://src.koozali.org/smeserver/perl-RPM2 perl-RPM2]<br />
|<br />
|X<br />
|'''epel perl-RPM2-1.4-10.el8.x86_64.rpm'''<br />
|-<br />
|ppp<br />
|<br />
|X<br />
|'''Rocky Linux BaseOS ppp-2.4.7-26.el8_1.x86_64.rpm'''<br />
|-<br />
|[https://src.koozali.org/smeserver/pwauth pwauth]<br />
|<br />
|X<br />
|'''epel pwauth-2.3.10-25.el9.x86_64.rpm'''<br />
but might need a patch<br />
|}<br />
<br />
=== Packages to obsolete from git / not to build ===<br />
{| class="wikitable"<br />
|+<br />
in git but obsolete not to build.<br />
!Package<br />
!Builder<br />
!status<br />
!Reference<br />
|-<br />
|[https://src.koozali.org/smeserver/cvm cvm]<br />
|<br />
|<br />
|to drop!<br />
|-<br />
|[https://src.koozali.org/smeserver/pam&#x20;abl pam_abl]<br />
|<br />
|need git<br />
|https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/source/tree/Packages/p/pam_abl-0.6.0-25.fc40.src.rpm https://github.com/deksai/pam_abl https://github.com/deksai/pam_abl/archive/refs/tags/v0.9.0.tar.gz<br />
not installed on SME10<br />
|-<br />
|rssh<br />
|<br />
|to drop<br />
|unmaintianed and unsecure http://www.pizzashack.org/rssh/<br />
need to import - EL7: https://rhel.pkgs.org/7/epel-x86_64/rssh-2.3.4-16.el7.x86_64.rpm.html<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-cvm-unix-local smeserver-cvm-unix-local]<br />
|<br />
|<br />
|to drop!<br />
|-<br />
|smeserver-dynamicdns-dyndns<br />
|<br />
|<br />
|to drop?<br />
|-<br />
|smeserver-dynamicdns-dyndns.org<br />
|<br />
|<br />
|to drop?<br />
|-<br />
|smeserver-dynamicdns-tzo<br />
|<br />
|<br />
|to drop?<br />
|-<br />
|smeserver-dynamicdns-yi<br />
|<br />
|<br />
|to drop?<br />
|-<br />
|[https://src.koozali.org/smeserver/whiptail.git whiptail]<br />
|<br />
|<br />
|usage drop, references needs to be removed<br />
https://bugs.koozali.org/show_bug.cgi?id=8275<br />
|-<br />
|[https://src.koozali.org/smeserver/wv.git wv]-1.2.7<br />
|<br />
|<br />
|cc1: some warnings being treated as errors<br />
make[2]: <br />
<br />
warning: 'password' may be used uninitialized in this function [-Wmaybe-uninitialized]<br />
<br />
=> not installed on SME10 ; was needed by e-smith-horde, but not anymore<br />
<br />
new version and last version (2009) https://sourceforge.net/projects/wvware/files/wv2-0.4.2.tar.bz2/download<br />
|}<br />
<br />
==Bare install test==<br />
{{Warning box|WIP inspired from [[Sme10BuildQueue#Bare install test]]}}<br />
install minimal iso for rocky 8 https://download.rockylinux.org/pub/rocky/8/isos/x86_64/Rocky-8.9-x86_64-minimal.iso<br />
<br />
configure network access during installation with option to restore. Configure only root user.<br />
<br />
install EPEL8 repo.<br />
dnf install epel-release<br />
install remi 8 repos<br />
dnf install <nowiki>https://rpms.remirepo.net/enterprise/remi-release-8.rpm</nowiki><br />
<br />
update, and install those package, as the might get handy (nb iptraf is now iptraf-ng)<br />
dnf update -y<br />
dnf install mc htop iftop iptraf screen wget vim<br />
<br />
* disable SELinux<br />
<br />
SELinux is enabled by default. We want to disable it for there are a few services (e.g. httpd) that get blocked by SELinux. To check the status of SELinux you can enter the command:<br />
getenforce<br />
SELinux uses policies that conflict with some of the SME Server services ports like https. One can adjust the allowed ports, or remove the SELinux policies and disable SELinux by the following commands:<br />
setenforce 0<br />
sed -i -e 's/SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config<br />
dnf remove selinux-policy-targeted<br />
<br />
* SSH<br />
<br />
SSH is present and is enabled by default at this stage. To check issue:<br />
systemctl status sshd<br />
You may have a slow login to ssh, if needed :<br />
vi /etc/ssh/sshd_config<br />
You have to restart the ssh service , You might also want to wget your public keys in /root/.ssh/authorized_keys<br />
<br />
systemctl restart sshd<br />
update packages<br />
dnf update<br />
install SME11 repo<br />
vim /etc/yum.repos.d/smeserver11.repo<br />
and paste<br />
[smedev]<br />
enabled=0<br />
MirrorList=http://mirrorlist.contribs.org/mirrorlist/smedev-11<br />
name=SME Server - dev<br />
gpgcheck=1<br />
enablegroups=1<br />
[smetest]<br />
enabled=0<br />
MirrorList=http://mirrorlist.contribs.org/mirrorlist/smetest-11<br />
name=SME Server - dev<br />
gpgcheck=1<br />
enablegroups=1<br />
[smeos]<br />
enabled=0<br />
MirrorList=http://mirrorlist.contribs.org/mirrorlist/smeos-11<br />
name=SME Server - dev<br />
gpgcheck=1<br />
enablegroups=1<br />
[smeupdates]<br />
enabled=0<br />
MirrorList=http://mirrorlist.contribs.org/mirrorlist/smeupdates-11<br />
name=SME Server - dev<br />
gpgcheck=1<br />
enablegroups=1<br />
[koji-sme11]<br />
enabled=1<br />
name=koji-sme11<br />
baseurl=<nowiki>http://koji.koozali.org/kojifiles/repos/dist-sme11-os-build/latest/x86_64/</nowiki><br />
gpgcheck=0<br />
enablegroups=1<br />
<br />
install SME10 key<br />
wget <nowiki>http://mirror.koozali.org/releases/10/smeos/x86_64/RPM-GPG-KEY-koozali</nowiki><br />
rpm --import RPM-GPG-KEY-koozali<br />
<br />
<br />
install openfusion 8<br />
dnf install http://repo.openfusion.net/centos8-x86_64/openfusion-release-0.8-2<nowiki/>.of.el8.noarch.rpm<br />
then<br />
dnf --enablerepo=* clean all<br />
<br />
try installing SME11 packages, you might need to enable some repo using --enablerepo=smedev,epel,elrepo ... e.g.<br />
dnf module disable php:remi-8.2 -y<br />
dnf module enable php:remi-8.1 -y <br />
dnf module enable mariadb:10.5 -y<br />
dnf module enable python36:3.6 -y<br />
dnf module install php:remi-8.1<br />
dnf install smeserver-* --enablerepo=koji-sme11,epel,remi,remi-safe,of --exclude=smeserver-mariadb* <br />
a temp fix before smeserver-base-11.0.0-4.el8.sme<br />
dnf install network-scripts rsyslog<br />
<br />
et voilà, you have a non functional SME 11 over Rocky 8 minimal.<br />
<br />
<nowiki>##</nowiki> this needs safer to be done directly on tty, not via ssh:<br />
<br />
latter it will be good to also deactivate networkManager, to leave network service doing the job, but you also need to configure e-smith db for the server first.<br />
systemctl stop NetworkManager<br />
systemctl disable NetworkManager <br />
systemctl stop NetworkManager-wait-online.service<br />
systemctl disable NetworkManager-wait-online.service<br />
systemctl start networking<br />
then you could try, (you might have no network form there), unlink this to avoid root password locking<br />
<br />
unlink /etc/e-smith/events/post-install/S10init-passwords<br />
signal-event post-install<br />
if you want to avoid the reboot and configure loop for the moment you can do <br />
passwd admin<br />
/usr/bin/systemctl restart rsyslog<br />
/sbin/e-smith/db accounts setprop admin PasswordSet yes<br />
/sbin/e-smith/db configuration set PasswordSet yes<br />
/sbin/e-smith/db configuration setprop bootstrap-console Restore disabled<br />
then try to configure using console<br />
console<br />
then to be sure to get sshd back<br />
/sbin/e-smith/db configuration setprop sshd status enabled PermitRootLogin yes access public<br />
/sbin/e-smith/expand-template /etc/ssh/ssh_config<br />
/sbin/e-smith/expand-template /etc/ssh/sshd_config<br />
/usr/bin/systemctl restart sshd.service <br />
/sbin/e-smith/signal-event remoteaccess-update<br />
then you can <br />
signal-event post-upgrade; <br />
signal-event-reboot; <br />
or maybe<br />
<br />
signal-event bootstrap-console-save;<br />
signal-event-reboot<br />
<nowiki>##</nowiki> end of the part better on tty than on sshd<br />
<br />
you can also tidy a little<br />
dnf remove NetworkManager --noautoremove<br />
<br />
<br />
<br />
you might need to disable sme* repos from there as they are still yet to be created on mirrors. so to help you follow updates you should do <br />
<br />
vim /etc/yum.smerepos.d/koji.repo<br />
and paste:<br />
[koji-sme11]<br />
enabled=1<br />
name=koji-sme11<br />
baseurl=<nowiki>http://koji.koozali.org/kojifiles/repos/dist-sme11-os-build/latest/x86_64/</nowiki><br />
gpgcheck=0<br />
enablegroups=1<br />
<br />
<br />
<br />
from there if you are lucky something went up and you can try to test , report as bug or event create a patch<br />
<br />
== Notes ==<br />
we will have horde 6 in remi Horde 6 requires PHP 8.1 or PHP 8.2 versions. Support for PHP 8.3 is in development. https://wiki.horde.org/Doc/Dev/H6/Installation/PHP?referrer=Doc%2FDev%2FH6%2FInstallation<br />
<br />
Horde 6 has been tested with MariaDB 10.8 and MariaDB 10.9 - any MariaDB of the 10.x series should work.<br />
<br />
<nowiki>*</nowiki> ensure mariadb uses "innodb" as its default engine<br />
<br />
<nowiki>*</nowiki> ensure the PHP server can reach the database hostname and port<br />
<br />
<nowiki>*</nowiki> use utf8mb4 as default charset.<br />
<br />
<nowiki>*</nowiki> create a database schema. This documentation assumes the db name is "horde"<br />
<br />
https://wiki.horde.org/Doc/Dev/H6/Installation?version=10<br />
<br />
== References ==<br />
<br />
* https://dnf.readthedocs.io/en/latest/modularity.htm<br />
* https://docs.fedoraproject.org/en-US/modularity/using-modules/<br />
* https://dnf.readthedocs.io/en/latest/cli_vs_yum.html<br />
* https://man7.org/linux/man-pages/man5/dnf.conf.5.html<br />
* https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/considerations_in_adopting_rhel_8/software-management_considerations-in-adopting-rhel-8<br />
* https://fedoraproject.org/wiki/Features/YumMetalinks<br />
* https://www.tecmint.com/reset-forgotten-root-password-in-rocky-linux-almalinux/<br />
* <br />
<br />
[[Category:SME11-Development]]</div>ReetPhttps://wiki.koozali.org/index.php?title=Sme11BuildQueue&diff=42871Sme11BuildQueue2024-03-27T19:32:43Z<p>ReetP: /* Bare install test */</p>
<hr />
<div>This page lists all the packages that SME Server needs to build for SME 11. The starting point is the smeos directory from SME 10. For each package it should be checked if it is still needed, or can we use an upstream package if one is available. <br />
see bug https://bugs.koozali.org/show_bug.cgi?id=12424<br />
<br />
== Package Build Steps ==<br />
things have changed between SME10 and SME11. we moved from cvs to git. We also need to change the name of a few old e-smith rpm to smeserver for better consistency, but without forgetting from where we are coming.<br />
git is available here : https://src.koozali.org<br />
<br />
TODO; write how to checkout and start a build<br />
<br />
TODO ; reference on how to configure a build environement.<br />
<br />
==Required dependencies==<br />
created from the work on SME10, and updated. <br />
<br />
you can use <nowiki>http://pkgs.org</nowiki> to fill the blank, reference where the rpm can be found (EPEL8,ROCKY8,REMI8,OPENFUSION8,RPMFUSION8,smedev,smetest) and the status (Build OK, NEED COPY,NOTABUG,WONTFIX,FIXED).<br />
<br />
fill bug before building a new package : https://bugs.contribs.org/enter_bug.cgi?product=SME%20Server%2011<nowiki/>.X&component=build<br />
{| class="wikitable sortable"<br />
!Package Requiring<br />
!Required Package<br />
!Possible sources<br />
!status<br />
!Reference<br />
|-<br />
|dar<br />
|par2cmdline<br />
|epel<br />
|<br />
|par2cmdline-0.8.0-3.el8.x86_64.rpm<br />
|-<br />
|smeserver-apache<br />
|mod_authnz_external<br />
|epel<br />
|<br />
|mod_authnz_external-3.3.3-3.el8.x86_64.rpm<br />
|-<br />
|smeserver-base<br />
|pv<br />
|epel<br />
|<br />
|pv-1.6.6-7.el8.x86_64.rpm<br />
|-<br />
|smeserver-email<br />
|perl(Net::Server::Fork)<br />
|Rocky Linux AppStream<br />
|<br />
|perl-Net-Server-2.009-3.el8.noarch.rpm<br />
|-<br />
|smeserver-email<br />
|perl(Net::Server) >= 0.85<br />
|Rocky Linux AppStream<br />
|<br />
|perl-Net-Server-2.009-3.el8.noarch.rpm<br />
|-<br />
|smeserver-grub<br />
|grub2<br />
|Rocky Linux BaseOS <br />
|<br />
|grub2-pc-2.02-150.el8.rocky.0.1.x86_64.rpm<br />
|-<br />
|smeserver-horde<br />
|php-pear(HTTP)<br />
|<br />
|<br />
|'''none'''<br />
|-<br />
|smeserver-horde<br />
|php-pear(Date)<br />
|epel / remi<br />
|<br />
|php-pear-Date-1.4.7-22.el8.noarch.rpm <br />
<br />
php-pear-Date-1.4.7-20.el8.remi.noarch.rpm<br />
|-<br />
|smeserver-horde<br />
|php-pear(Services_Weather)<br />
|<br />
|<br />
|'''none'''<br />
|-<br />
|smeserver-horde<br />
|php-pear(File)<br />
|<br />
|<br />
|'''none'''<br />
|-<br />
|smeserver-horde<br />
|php-pear(Log)<br />
|remi<br />
|<br />
|php-pear-Log-1.14.1-1.el8.remi.noarch.rpm<br />
|-<br />
|smeserver-horde<br />
|php-pear(HTTP_Request)<br />
|epel / remi<br />
|<br />
|php-pear-HTTP-Request-1.4.4-18.el8.noarch.rpm<br />
<br />
php-pear-HTTP-Request-1.4.4-16.el8.remi.noarch.rpm <br />
|-<br />
|smeserver-ldap<br />
|libdb4-utils<br />
|<br />
|<br />
|raven third party... <br />
<br />
https://pkgs.dyn.su/el8/base/SRPMS/libdb4-4.8.30-30.el8.src.rpm<br />
|-<br />
|smeserver-devtools<br />
|perl-Pod-Tests<br />
|epel<br />
|<br />
|perl-Pod-Tests-1.20-6.el8.noarch.rpm<br />
|-<br />
|smeserver-lib<br />
|perl(Authen::PAM)<br />
|epel <br />
|<br />
|perl-Authen-PAM-0.16-37.el8.x86_64.rpm<br />
|-<br />
|smeserver-lib<br />
perl-Mojolicious<br />
|perl(Taint::Util)<br />
|epel<br />
|<br />
|perl-Taint-Util-0.08-22.el8.x86_64.rpm<br />
|-<br />
|smeserver-mysql<br />
|mariadb-server<br />
|Rocky Linux AppStream / mariadb<br />
|<br />
|mariadb-server-10.5.22-1.module<br />
|-<br />
|smeserver-nutUPS<br />
|nut<br />
|epel<br />
|<br />
|nut-2.8.0-3.el8.x86_64.rpm<br />
|-<br />
|smeserver-nutUPS<br />
|nut-client<br />
|epel<br />
|<br />
|<br />
|-<br />
|smeserver-proftpd<br />
|proftpd<br />
|epel<br />
|<br />
|proftpd-1.3.6e-6.el8.x86_64.rpm<br />
|-<br />
|smeserver-radiusd<br />
|radiusclient-ng >= 0.5.6<br />
|<br />
|<br />
|none, should migrate to freeradius-client . radius<br />
|-<br />
|mbuffer<br />
|libmhash.so.2()(64bit)<br />
|epel<br />
|<br />
|mhash-devel-0.9.9.9-20.el8.x86_64.rpm<br />
|-<br />
|smeserver-lib<br />
|perl(Text::Template)<br />
|Rocky Linux AppStream<br />
|<br />
|perl-Text-Template-1.51-1.el8.noarch.rpm (also module 1.58 and 1.47)<br />
|-<br />
|qpsmtpd<br />
|perl(Net::IP)<br />
|epel<br />
|<br />
|perl-Net-IP-1.26-20.el8.noarch.rpm<br />
|-<br />
|smeserver-qpsmtpd<br />
|perl-MIME-tools<br />
|epel<br />
|<br />
|perl-MIME-tools-5.509-9.el8.noarch.rpm<br />
|-<br />
|smeserver-qpsmtpd<br />
|perl-File-MMagic<br />
|Rocky Linux Devel<br />
|<br />
|perl-File-MMagic-1.30-16.el8.noarch.rpm<br />
|-<br />
|smeserver-qpsmtpd<br />
|perl-Convert-TNEF<br />
|epel<br />
|<br />
|perl-Convert-TNEF-0.18-17.el8.noarch.rpm<br />
|-<br />
|smeserver-spamassassin<br />
|perl-razor-agents<br />
|epel<br />
|add dep back to spec<br />
|perl-Razor-Agent-2.86-1.el8.x86_64.rpm<br />
|-<br />
|smeserver-spamassassin<br />
|pyzor<br />
|epel<br />
|<br />
|pyzor-1.0.0-28.20200530gitf46159b.el8.noarch.rpm<br />
|-<br />
|smeserver-horde<br />
|php-pear-Log<br />
|remi<br />
|<br />
|php-pear-Log-1.14.1-1.el8.remi.noarch.rpm<br />
|-<br />
|smeserver-horde<br />
|php-pecl-geoip<br />
|remi-modular<br />
|wait<br />
|is required by remi for php-horde-imp, php-horde-kronolith, php-horde-nag, php-horde-turba : available by modular only<br />
|-<br />
|smeserver-horde<br />
|php-imap<br />
|remi-modular<br />
|wait<br />
|is required by remi for php-horde-ingo, php-horde-mnemo : available by modular only<br />
|-<br />
|smeserver-horde<br />
|[https://src.koozali.org/smeserver/php-channel-horde php-channel-horde]<br />
php-channel(pear.horde.org)<br />
|remi<br />
|wait<br />
|remi php-channel-horde<br />
|-<br />
|smeserver-horde<br />
|[https://src.koozali.org/smeserver/php-horde-Horde-Role php-horde-Horde-Role]<br />
|remi<br />
|wait<br />
|remi php-horde-Horde-Role<br />
|}<br />
==RPM's from smeos directory==<br />
<br />
before attempting to buidl check if they are available and put them rather in the table above with source to copy from, with at least the version number we had on SME10.<br />
<br />
if you need to build check if a newer version is available. Sometime we might need to stick to an old version so document here when uping version in reference.<syntaxhighlight lang="bash"><br />
koji build dist-sme11-os git+https://src.koozali.org/smeserver/PACKAGE.git?#GITTAG<br />
</syntaxhighlight>where PACKAGE is listed under, and GITTAG should be found in https://src.koozali.org<br />
{| class="wikitable sortable"<br />
!Package<br />
!Builder<br />
!status<br />
!Reference<br />
|-<br />
|[https://src.koozali.org/smeserver/bglibs bglibs]<br />
|terryf<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=45<br />
|-<br />
|[https://src.koozali.org/smeserver/buffer buffer]-1.19-11<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=123<br />
|-<br />
|[https://src.koozali.org/smeserver/buildsys-macros buildsys-macros]<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=72<br />
|-<br />
|[https://src.koozali.org/smeserver/cpu cpu]-1.4.3-14<br />
|trevorb<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=16<br />
|-<br />
|[https://src.koozali.org/smeserver/checkpassword-pam checkpassword-pam]-0.99-1.3<br />
|trevorb<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=15<br />
|-<br />
|[https://src.koozali.org/smeserver/daemontools daemontools]-0.76-7<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=173<br />
|-<br />
|[https://src.koozali.org/smeserver/DCC DCC]-2.3.168-1<br />
|trevorb<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=12<br />
|-<br />
|[https://src.koozali.org/smeserver/diald diald]-1.0-5<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=125<br />
|-<br />
|[https://src.koozali.org/smeserver/dietlibc dietlibc]<br />
|terryf<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=50<br />
|-<br />
|[https://src.koozali.org/smeserver/djbdns djbdns]<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=181<br />
|-<br />
|[https://src.koozali.org/smeserver/dot-forward dot-forward]-0.71-5<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=128<br />
|-<br />
|[https://src.koozali.org/smeserver/fastforward fastforward]-0.51-5<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=143<br />
|-<br />
|[https://src.koozali.org/smeserver/flexbackup flexbackup]<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=129<br />
|-<br />
|[https://src.koozali.org/smeserver/headermatch headermatch]-0.0.1-4<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=144<br />
|-<br />
|[https://src.koozali.org/smeserver/ipsvd ipsvd]<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=180 ; do we still use it ? required by smeserver-qpsmtpd and <s>smeserver-tftp-server</s><br />
|-<br />
|[https://src.koozali.org/smeserver/libnetfilter_acct libnetfilter_acct]-1.0.3<br />
|terryf<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=126<br />
|-<br />
|[https://src.koozali.org/smeserverlibnetfilter_log libnetfilter_log]-devel-1.0.2-1<br />
[https://src.koozali.org/smeserverlibnetfilter_log libnetfilter_log]-1.0.2-1<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=159<br />
|-<br />
|[https://src.koozali.org/smeserver/LPRng LPRng]-3.8.35-7<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=156<br />
|-<br />
|[https://src.koozali.org/smeserver/mod_auth_tkt mod_auth_tkt]-2.3.99b1<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=37<br />
|-<br />
|[https://src.koozali.org/smeserver/perl-Algorithm-Dependency perl-Algorithm-Dependency]-1.112<br />
|trevorb<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=6<br />
|-<br />
|[https://src.koozali.org/smeserver/perl-Apache-AuthTkt perl-Apache-AuthTkt]-2.1-1<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=35<br />
|-<br />
|[https://src.koozali.org/smeserver/perl-CGI-FormMagick perl-CGI-FormMagick]-0.93-8<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=32<br />
|-<br />
|[https://src.koozali.org/smeserver/perl-CGI-Persistent perl-CGI-Persistent]-1.11-1<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=20 after perl-Object-Persistence<br />
|-<br />
|[https://src.koozali.org/smeserver/perl-ClamAV-Client perl-ClamAV-Client]-0.11-1<br />
|terryf<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=33 cpan latest<br />
|-<br />
|[https://src.koozali.org/smeserver/perl-Class-ParamParser perl-Class-ParamParser]-1.041-1<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=21<br />
|-<br />
|[https://src.koozali.org/smeserver/perl-File-chmod perl-File-chmod]-0.42<br />
|trevorb<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=4<br />
|-<br />
|[https://src.koozali.org/smeserver/perl-File-Flat perl-File-Flat]-1.07<br />
|trevorb<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=2<br />
|-<br />
|[https://src.koozali.org/smeserver/perl-HTML-Tabulate perl-HTML-Tabulate]-0.45-1<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=22 cpan latest <br />
'''openfusion perl-HTML-Tabulate-0.45-1.of.el8.noarch.rpm'''<br />
|-<br />
|[https://src.koozali.org/smeserver/perl-I18N-AcceptLanguage perl-I18N-AcceptLanguage]-1.04-1<br />
|terryf<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=31 cpan latest<br />
|-<br />
|[https://src.koozali.org/smeserver/perl-IP-Country perl-IP-Country]-2.28-1<br />
|terryf<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=34 cpan latest<br />
|-<br />
|[https://src.koozali.org/smeserver/perl-Mail-DMARC perl-Mail-DMARC]<br />
|terryf<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=36<br />
cpan has newer version https://metacpan.org/release/MSIMERSON/Mail-DMARC-1.20240214/source<br />
|-<br />
|[https://src.koozali.org/smeserver/perl-Net-DNS-Native perl-Net-DNS-Native] >= 0.15<br />
|terryf<br />
|build ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=39<br />
cpan newer version https://metacpan.org/dist/Net-DNS-Native 0.22<br />
https://github.com/olegwtf/p5-Net-DNS-Native/tags<br />
|-<br />
|[https://src.koozali.org/smeserver/perl-Net-Ident perl-Net-Ident]-1.25<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=40 cpan latest<br />
|-<br />
|[https://src.koozali.org/smeserver/perl-Object-Persistence perl-Object-Persistence]-0.92-8<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=30<br />
<br />
|-<br />
|[https://src.koozali.org/smeserver/perl-Passwd-Unix perl-Passwd-Unix]-1.09-1<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=157 cpan latest<br />
|-<br />
|[https://src.koozali.org/smeserver/perl-Quota perl-Quota]-1.8.2<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=41 cpan latest<br />
|-<br />
|[https://src.koozali.org/smeserver/perl-Session-Token perl-Session-Token]-1.503<br />
|terryf<br />
|builds ok<br />
|<br />
https://koji.koozali.org/koji/buildinfo?buildID=44 cpan latest<br />
|-<br />
|[https://src.koozali.org/smeserver/perl-Struct-Compare perl-Struct-Compare]-1.0.1-1<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=68 cpan latest<br />
|-<br />
|[https://src.koozali.org/smeserver/perl-Test-ClassAPI perl-Test-ClassAPI]-1.07<br />
|trevorb<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=3<br />
|-<br />
|[https://src.koozali.org/smeserver/perl-Test-Harness-Straps perl-Test-Harness-Straps]-0.30<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=69<br />
|-<br />
|[https://src.koozali.org/smeserver/perl-Test-Inline perl-Test-Inline]-2.214-2<br />
|trevorb<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=7<br />
|-<br />
|[https://src.koozali.org/smeserver/perl-Unix-ConfigFile perl-Unix-ConfigFile]-0.06<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=29<br />
|-<br />
|[https://src.koozali.org/smeserver/perl-WWW-Automate perl-WWW-Automate]-0.21<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=38<br />
<br />
cpan latest<br />
|-<br />
|[https://src.koozali.org/smeserver/Php-horde-Horde-ActiveSync.git php-horde-Horde-ActiveSync]-2.34.0<br />
|jpp<br />
|builds ok<br />
<br />
|https://koji.koozali.org/koji/buildinfo?buildID=118 <br />
will need v3 https://github.com/horde/ActiveSync/archive/refs/tags/v3.0.0alpha4.tar.gz<br />
|-<br />
|[https://src.koozali.org/smeserver/Php-horde-Horde-Service-Facebook.git php-horde-Horde-Service-Facebook]-2.0.9<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=141 <br />
will need v3 https://github.com/horde/Service_Facebook/archive/refs/tags/v3.0.0alpha1.tar.gz<br />
|-<br />
|[https://src.koozali.org/smeserver/Php-horde-Horde-Service-Twitter.git php-horde-Horde-Service-Twitter]-2.1.5<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=165<br />
will need v3 https://github.com/horde/Service_Twitter https://github.com/horde/Service_Twitter/archive/refs/tags/v3.0.0alpha1.tar.gz<br />
|-<br />
|[https://src.koozali.org/smeserver/Php-pear-Auth-SASL2.git php-pear-Auth-SASL2]-0.1.0<br />
|brianr<br />
|builds ok<br />
|https://koji.koozali.org/koji/taskinfo?taskID=16313<br />
|-<br />
|[https://src.koozali.org/smeserver/Php-pear-Console-GetoptPlus.git php-pear-Console-GetoptPlus]-1.0.0RC1<br />
|brianr<br />
|builds ok<br />
<br />
|https://koji.koozali.org/koji/buildinfo?buildID=117<br />
|-<br />
|[https://src.koozali.org/smeserver/php-pear-Date-Holidays-Australia.git php-pear-Date-Holidays-Australia]-0.2.2<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=122<br />
http://www.nosuchhost.net/~cheese/fedora/packages/epel-8/x86_64/php-pear-Date-Holidays-Australia.html<br />
|-<br />
|[https://src.koozali.org/smeserver/php-pear-Date-Holidays-Denmark.git php-pear-Date-Holidays-Denmark]-0.1.3<br />
|terryf<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=131<br />
http://www.nosuchhost.net/~cheese/fedora/packages/epel-8/x86_64/php-pear-Date-Holidays-Denmark.html<br />
|-<br />
|[https://src.koozali.org/smeserver/php-pear-Date-Holidays-France.git php-pear-Date-Holidays-France]-0.1.0<br />
|terryf<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=130<br />
http://www.nosuchhost.net/~cheese/fedora/packages/epel-8/x86_64/php-pear-Date-Holidays-France.html<br />
|-<br />
|[https://src.koozali.org/smeserver/php-pear-Date-Holidays-Germany.git php-pear-Date-Holidays-Germany]-0.1.2<br />
|terryf<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=132<br />
http://www.nosuchhost.net/~cheese/fedora/packages/epel-8/x86_64/php-pear-Date-Holidays-Germany.html<br />
|-<br />
|[https://src.koozali.org/smeserver/php-pear-Date-Holidays-Italy.git php-pear-Date-Holidays-Italy]-0.1.1<br />
|terryf<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=133<br />
http://www.nosuchhost.net/~cheese/fedora/packages/epel-8/x86_64/php-pear-Date-Holidays-Italy.html<br />
|-<br />
|[https://src.koozali.org/smeserver/php-pear-Date-Holidays-Netherlands php-pear-Date-Holidays-Netherlands]-0.1.4<br />
|terryf<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=134<br />
http://www.nosuchhost.net/~cheese/fedora/packages/epel-8/x86_64/php-pear-Date-Holidays-Netherlands.html<br />
|-<br />
|[https://src.koozali.org/smeserver/php-pear-Date-Holidays-Norway.git php-pear-Date-Holidays-Norway]-0.1.2<br />
|terryf<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=135<br />
http://www.nosuchhost.net/~cheese/fedora/packages/epel-8/x86_64/php-pear-Date-Holidays-Norway.html<br />
|-<br />
|[https://src.koozali.org/smeserver/php-pear-Date-Holidays-Portugal.git php-pear-Date-Holidays-Portugal]-0.1.1<br />
|terryf<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=136<br />
http://www.nosuchhost.net/~cheese/fedora/packages/epel-8/x86_64/php-pear-Date-Holidays-Portugal.html<br />
|-<br />
|[https://src.koozali.org/smeserver/php-pear-Date-Holidays-Russia.git php-pear-Date-Holidays-Russia]-0.1.0<br />
|terryf<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=137<br />
http://www.nosuchhost.net/~cheese/fedora/packages/epel-8/x86_64/php-pear-Date-Holidays-Russia.html<br />
|-<br />
|[https://src.koozali.org/smeserver/php-pear-Date-Holidays-Slovenia.git php-pear-Date-Holidays-Slovenia]-0.1.2<br />
|terryf<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=138<br />
http://www.nosuchhost.net/~cheese/fedora/packages/epel-8/x86_64/php-pear-Date-Holidays-Slovenia.html<br />
|-<br />
|[https://src.koozali.org/smeserver/php-pear-Date-Holidays-Sweden.git php-pear-Date-Holidays-Sweden]-0.1.3<br />
|terryf<br />
|builds oj<br />
|https://koji.koozali.org/koji/buildinfo?buildID=139<br />
http://www.nosuchhost.net/~cheese/fedora/packages/epel-8/x86_64/php-pear-Date-Holidays-Sweden.html<br />
|-<br />
|[https://src.koozali.org/smeserver/php-pear-Date-Holidays-Turkey.git php-pear-Date-Holidays-Turkey]-0.1.1<br />
|terryf<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=140<br />
http://www.nosuchhost.net/~cheese/fedora/packages/epel-8/x86_64/php-pear-Date-Holidays-Turkey.html<br />
|-<br />
|[https://src.koozali.org/smeserver/php-pear-HTTP&#x20;WebDAV&#x20;Server.git php-pear-HTTP_WebDAV_Server]-1.0.0RC8<br />
|brianr<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=116<br />
|-<br />
|[https://src.koozali.org/smeserver/php-pear-Math&#x20;BigInteger.git php-pear-Math_BigInteger]-1.0.3<br />
|brianr<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=115<br />
|-<br />
|[https://src.koozali.org/smeserver/php-pear-XML-Parser2.git php-pear-XML-Parser2]-0.1.0<br />
|brianr<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=114<br />
|-<br />
|[https://src.koozali.org/smeserver/qmail qmail]<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=179<br />
|-<br />
|[https://src.koozali.org/smeserver/qmailanalog qmailanalog]-0.70-9<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=145<br />
|-<br />
|[https://src.koozali.org/smeserver/qpsmtpd qpsmtpd]<br />
|terryf<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=111<br />
|-<br />
|[https://src.koozali.org/smeserver/qpsmtpd-plugins qpsmtpd-plugins]<br />
|brianr<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=124<br />
merge to smeserver-qpsmtpd?<br />
|-<br />
|[https://src.koozali.org/smeserver/runit runit]<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=178<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver smeserver]<br />
|trevorb<br />
|builds ok<br />
|http://koji.koozali.org/koji/taskinfo?taskID=15388<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-apache smeserver-apache]<br />
|trevor<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=47<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-audittools smeserver-audittools]<br />
|brianr<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=93<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-backup smeserver-backup]<br />
|terryf<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=48<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-base smeserver-base]-5.8.1-32<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=80<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-clamav smeserver-clamav]<br />
|brianr<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=94<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-devtools smeserver-devtools]-2.6.0-19<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=71<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-dnscache smeserver-dnscache]<br />
|terryf<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=49<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-domains smeserver-domains]<br />
|terryf<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=51<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-dovecot smeserver-dovecot]<br />
|brianr<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=95<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-email smeserver-email]<br />
|terryf<br />
|builds ok<br />
|https://koji.koozali.org/koji/taskinfo?taskID=15684<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-flexbackup smeserver-flexbackup]<br />
|terryf<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=53<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-formmagick smeserver-formmagick]<br />
|terryf<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=54<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-grub smeserver-grub]<br />
|terryf<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=55<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-horde smeserver-horde]<br />
|terryf<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=56<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-hosts smeserver-hosts]<br />
|terryf<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=57<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-ibays smeserver-ibays]<br />
|terryf<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=58<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-ldap smeserver-ldap]<br />
|terryf<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=59<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-lib smeserver-lib]-2.6.0-18<br />
|terryf<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=113<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-lib-compspec smeserver-lib-compspec]<br />
|brianr<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=61<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-locale smeserver-locale]<br />
|brianr<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=96<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-LPRng smeserver-LPRng]<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=64<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-manager smeserver-manager]<br />
|<br />
|<br />
|Will pull this across as "smeserver-manager-panels".<br />
|-<br />
|[http://src.koozali.org/smeserver/smeserver-manager-panels.git smeserver-manager-panels]<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=150<br />
|-<br />
|[https://src.koozali.org/smeserver/e-smith-manager e-smith-manager] -2.8.0-40<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=78<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-manager-locale smeserver-manager-locale]<br />
|brianr<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=26<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-manager-jsquery smeserver-manager-jsquery]<br />
|brianr<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=28<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-mock smeserver-mock]<br />
|<br />
|<br />
|<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-mysql smeserver-mysql]<br />
|brianr<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=63<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-ntp smeserver-ntp]<br />
|brianr<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=65<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-nutUPS smeserver-nutUPS]<br />
|brianr<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=66<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-oidentd smeserver-oidentd]<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=67<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-openssh smeserver-openssh]<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=73<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-packetfilter smeserver-packetfilter]<br />
|terryf<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=79<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-php smeserver-php]<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=74<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-portforwarding smeserver-portforwarding]<br />
|brianr<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=82<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-proftpd smeserver-proftpd]<br />
|brianr<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=83<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-proxy smeserver-proxy]<br />
|brianr<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=84<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-qmail smeserver-qmail]<br />
|brianr<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=85<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-qmailanalog smeserver-qmailanalog]<br />
|brianr<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=86<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-quota smeserver-quota]<br />
|brianr<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=87<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-qpsmtpd.git smeserver-qpsmtpd]<br />
|brianr<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=97<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-radiusd smeserver-radiusd]<br />
|brianr<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=89<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-release.git smeserver-release]<br />
|brianr<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=98<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-runit smeserver-runit]<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=149<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-samba smeserver-samba]<br />
|brianr<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=90<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-spamassassin.git smeserver-spamassassin]<br />
|brianr<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=99<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-support.git smeserver-support]<br />
|brianr<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=101<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-test smeserver-test]<br />
|brianr<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=91<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-tinydns smeserver-tinydns]<br />
|brianr<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=92<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-viewlogfiles smeserver-viewlogfiles]<br />
|terryf<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=77<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-yum.git smeserver-yum]<br />
|brianr<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=155<br />
<br />
|-<br />
|[https://src.koozali.org/smeserver/spamassassin.git spamassassin]<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=103 resubmitted after 'perl-IP-Country-DB_File' 'perl-Net-DNS-Nameserver'<br />
<br />
|-<br />
|[https://src.koozali.org/smeserver/tai64nunix.git tai64nunix]-0.70-6<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=175<br />
<br />
|-<br />
|[https://src.koozali.org/smeserver/timeobjects.git timeobjects]-2.1.2<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=162<br />
|-<br />
|[https://src.koozali.org/smeserver/ucspi-tcp.git ucspi-tcp]<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=176<br />
<br />
|-<br />
|[https://src.koozali.org/smeserver/ulogd.git ulogd]<br />
|jpp<br />
|builds ok<br />
<br />
|https://koji.koozali.org/koji/buildinfo?buildID=110<br />
|-<br />
|[https://src.koozali.org/smeserver/xlhtml.git xlhtml]-0.5<br />
|brianr<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=109<br />
not installed on SME10<br />
|-<br />
|[https://src.koozali.org/smeserver/vconfig vconfig]<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=163 need to check if really used<br />
|-<br />
|[https://src.koozali.org/smeserver/php-pear-HTTP php-pear-HTTP]<br />
|jpp<br />
|builds ok<br />
| https://koji.koozali.org/koji/buildinfo?buildID=169<br />
|-<br />
|[https://src.koozali.org/smeserver/php-pear-Services-Weather php-pear-Services-Weather]<br />
|jpp<br />
|builds ok<br />
| https://koji.koozali.org/koji/buildinfo?buildID=171<br />
|-<br />
|[https://src.koozali.org/smeserver/php-pear-File php-pear-File]<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=170<br />
|-<br />
|[https://src.koozali.org/smeserver/perl-Time-TAI64 perl-Time-TAI64]<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=164<br />
|-<br />
|[https://src.koozali.org/smeserver/perl-IP-Country-DB&#x20;File perl-IP-Country-DB_File]<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=160<br />
|-<br />
|[https://src.koozali.org/smeserver/perl-Net-DNS perl-Net-DNS-Nameserver]<br />
from perl-Net-DNS-1.15-1<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=161<br />
|-<br />
|[https://src.koozali.org/smeserver/perl-JSON-PP perl-JSON-PP]-4.04<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=166<br />
|-<br />
|[https://src.koozali.org/smeserver/perl-Net-IPv4Addr perl-Net-IPv4Addr] >= 0.10<br />
|jpp<br />
|builds ok<br />
| https://koji.koozali.org/koji/buildinfo?buildID=167<br />
|-<br />
|[https://src.koozali.org/smeserver/libdb4 libdb4-utils]<br />
from libdb4<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=168<br />
|-<br />
|[https://src.koozali.org/smeserver/perl-Mojo-JWT perl(Mojo::JWT)] >= 0.08-1<br />
|trevorb<br />
|builds ok<br />
|<br />
|-<br />
|[https://src.koozali.org/smeserver/perl-Mojolicious-Plugin-CSRFDefender perl(Mojolicious::Plugin::CSRFDefender)] >= 0.0.8<br />
|trevorb<br />
|builds ok<br />
|cvs smeserver<br />
|-<br />
|[https://src.koozali.org/smeserver/perl-Mojolicious-Plugin-I18N perl(Mojolicious::Plugin::I18N)] >= 1.6<br />
|trevorb<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=264<br />
|-<br />
|[https://src.koozali.org/smeserver/perl-Mojolicious-Plugin-RenderFile perl(Mojolicious::Plugin::RenderFile)] >= 0.12<br />
|trevorb<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=263<br />
|-<br />
|[https://src.koozali.org/smeserver/perl-Crypt-Password perl(Crypt::Password)]<br />
|trevorb<br />
|builds ok<br />
| https://koji.koozali.org/koji/buildinfo?buildID=262<br />
|-<br />
|[https://src.koozali.org/smeserver/perl-Tie-Array-CSV perl(Tie::Array::CSV)]<br />
|trevorb<br />
|builds ok<br />
| https://koji.koozali.org/koji/buildinfo?buildID=261<br />
|-<br />
|[https://src.koozali.org/smeserver/perl-File-MMagic perl-File-MMagic]<br />
|trevorb<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=259<br />
|-<br />
|[https://src.koozali.org/smeserver/php-pear-Crypt-Blowfish php-pear-Crypt-Blowfish]<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=271<br />
|-<br />
|[https://src.koozali.org/smeserver/php-pear-File-CSV php-pear-File-CSV]<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=272<br />
|-<br />
|[https://src.koozali.org/smeserver/php-pear-File-Util php-pear-File-Util]<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=273<br />
|-<br />
|[https://src.koozali.org/smeserver/php-pear-MDB2 php-pear-MDB2]<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=274<br />
|-<br />
|[https://src.koozali.org/smeserver/php-pear-Net-URL2 php-pear-Net-URL2]<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=275<br />
|-<br />
|[https://src.koozali.org/smeserver/php-pear-XML-RPC2 php-pear-XML-RPC2]<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=276<br />
|-<br />
|[https://src.koozali.org/smeserver/ntpsec ntpsec]<br />
|jpp<br />
|builds ok<br />
|https://koji.koozali.org/koji/buildinfo?buildID=258<br />
|}<br />
<br />
=== Packages in git, but we will use upstream ===<br />
{| class="wikitable"<br />
|+<br />
in git but use the upstream version<br />
!Package<br />
!Builder<br />
!status<br />
!Reference<br />
|-<br />
|[https://src.koozali.org/smeserver/dar dar]<br />
|<br />
|X<br />
|'''epel: dar-2.7.6-2.el8.x86_64.rpm'''<br />
|-<br />
|[https://src.koozali.org/smeserver/geoipupdate geoipupdate]<br />
|<br />
|X<br />
|'''Rocky Linux AppStream : geoipupdate-2.5.0-3.el8.x86_64.rpm'''<br />
unless we see we have a local patch to use older app<br />
|-<br />
|[https://src.koozali.org/smeserver/maildrop maildrop]-2.8.4<br />
|<br />
|X<br />
|'''epel maildrop-3.0.8-1.el8.x86_64.rpm'''<br />
|-<br />
|[https://src.koozali.org/smeserver/mbuffer mbuffer]<br />
|<br />
|X<br />
|'''epel mbuffer-20190725-1.el8.x86_64.rpm'''<br />
|-<br />
|[https://src.koozali.org/smeserver/mod&#x20;perl mod_perl]<br />
|<br />
|X<br />
|'''epel mod_perl-2.0.12-1.el8.x86_64.rpm'''<br />
|-<br />
|[https://src.koozali.org/smeserver/oidentd oidentd] >= 2.0.6<br />
|<br />
|X<br />
|'''epel oidentd-2.5.0-1.el8.x86_64.rpm'''<br />
|-<br />
|[https://src.koozali.org/smeserver/perl-Crypt-Cracklib perl-Crypt-Cracklib]<br />
|<br />
|X<br />
|'''epel perl-Crypt-Cracklib-1.7-24.el8.x86_64.rpm'''<br />
|-<br />
|[https://src.koozali.org/smeserver/perl-Data-Validate-Domain perl-Data-Validate-Domain]<br />
|<br />
|X<br />
|'''epel perl-Data-Validate-Domain-0.15-7.el8.noarch.rpm''' <br />
'''openfusion perl-Data-Validate-Domain-0.14-1.of.el8.noarch.rpm'''<br />
|-<br />
|[https://src.koozali.org/smeserver/perl-IO-Socket-SSL perl-IO-Socket-SSL]<br />
|<br />
|X<br />
|'''Rocky Linux AppStream perl-IO-Socket-SSL-2.066-4.module'''<br />
|-<br />
|[https://src.koozali.org/smeserver/perl-Mail-RFC822-Address perl-Mail-RFC822-Address]<br />
|<br />
|X<br />
|'''epel perl-Mail-RFC822-Address-0.3-36.el8.noarch.rpm'''<br />
|-<br />
|[https://src.koozali.org/smeserver/perl-Net-IMAP-Simple perl-Net-IMAP-Simple]-1.1916<br />
|<br />
|X<br />
|'''openfusion perl-Net-IMAP-Simple-1.2212-1.of.el8.noarch.rpm'''<br />
|-<br />
|https://src.koozali.org/smeserver/perl-Mojolicious<br />
|<br />
|X<br />
|'''epel 8 perl-Mojolicious-8.42-1.el8.noarch.rpm'''<br />
|-<br />
|[https://src.koozali.org/smeserver/perl-RPM2 perl-RPM2]<br />
|<br />
|X<br />
|'''epel perl-RPM2-1.4-10.el8.x86_64.rpm'''<br />
|-<br />
|ppp<br />
|<br />
|X<br />
|'''Rocky Linux BaseOS ppp-2.4.7-26.el8_1.x86_64.rpm'''<br />
|-<br />
|[https://src.koozali.org/smeserver/pwauth pwauth]<br />
|<br />
|X<br />
|'''epel pwauth-2.3.10-25.el9.x86_64.rpm'''<br />
but might need a patch<br />
|}<br />
<br />
=== Packages to obsolete from git / not to build ===<br />
{| class="wikitable"<br />
|+<br />
in git but obsolete not to build.<br />
!Package<br />
!Builder<br />
!status<br />
!Reference<br />
|-<br />
|[https://src.koozali.org/smeserver/cvm cvm]<br />
|<br />
|<br />
|to drop!<br />
|-<br />
|[https://src.koozali.org/smeserver/pam&#x20;abl pam_abl]<br />
|<br />
|need git<br />
|https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/source/tree/Packages/p/pam_abl-0.6.0-25.fc40.src.rpm https://github.com/deksai/pam_abl https://github.com/deksai/pam_abl/archive/refs/tags/v0.9.0.tar.gz<br />
not installed on SME10<br />
|-<br />
|rssh<br />
|<br />
|to drop<br />
|unmaintianed and unsecure http://www.pizzashack.org/rssh/<br />
need to import - EL7: https://rhel.pkgs.org/7/epel-x86_64/rssh-2.3.4-16.el7.x86_64.rpm.html<br />
|-<br />
|[https://src.koozali.org/smeserver/smeserver-cvm-unix-local smeserver-cvm-unix-local]<br />
|<br />
|<br />
|to drop!<br />
|-<br />
|smeserver-dynamicdns-dyndns<br />
|<br />
|<br />
|to drop?<br />
|-<br />
|smeserver-dynamicdns-dyndns.org<br />
|<br />
|<br />
|to drop?<br />
|-<br />
|smeserver-dynamicdns-tzo<br />
|<br />
|<br />
|to drop?<br />
|-<br />
|smeserver-dynamicdns-yi<br />
|<br />
|<br />
|to drop?<br />
|-<br />
|[https://src.koozali.org/smeserver/whiptail.git whiptail]<br />
|<br />
|<br />
|usage drop, references needs to be removed<br />
https://bugs.koozali.org/show_bug.cgi?id=8275<br />
|-<br />
|[https://src.koozali.org/smeserver/wv.git wv]-1.2.7<br />
|<br />
|<br />
|cc1: some warnings being treated as errors<br />
make[2]: <br />
<br />
warning: 'password' may be used uninitialized in this function [-Wmaybe-uninitialized]<br />
<br />
=> not installed on SME10 ; was needed by e-smith-horde, but not anymore<br />
<br />
new version and last version (2009) https://sourceforge.net/projects/wvware/files/wv2-0.4.2.tar.bz2/download<br />
|}<br />
<br />
==Bare install test==<br />
{{Warning box|WIP inspired from [[Sme10BuildQueue#Bare install test]]}}<br />
install minimal iso for rocky 8 https://download.rockylinux.org/pub/rocky/8/isos/x86_64/Rocky-8.9-x86_64-minimal.iso<br />
<br />
configure network access during installation with option to restore. Configure only root user.<br />
<br />
install EPEL8 repo.<br />
dnf install epel-release<br />
install remi 8 repos<br />
dnf install <nowiki>https://rpms.remirepo.net/enterprise/remi-release-8.rpm</nowiki><br />
<br />
update, and install those package, as the might get handy (nb iptraf is now iptraf-ng)<br />
dnf update -y<br />
dnf install mc htop iftop iptraf screen wget vim<br />
<br />
* disable SELinux<br />
<br />
SELinux is enabled by default. We want to disable it for there are a few services (e.g. httpd) that get blocked by SELinux. To check the status of SELinux you can enter the command:<br />
getenforce<br />
SELinux uses policies that conflict with some of the SME Server services ports like https. One can adjust the allowed ports, or remove the SELinux policies and disable SELinux by the following commands:<br />
setenforce 0<br />
sed -i -e 's/SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config<br />
dnf remove selinux-policy-targeted<br />
<br />
* SSH<br />
<br />
SSH is present and is enabled by default at this stage. To check issue:<br />
systemctl status sshd<br />
You may have a slow login to ssh, if needed :<br />
vi /etc/ssh/sshd_config<br />
You have to restart the ssh service , You might also want to wget your public keys in /root/.ssh/authorized_keys<br />
<br />
systemctl restart sshd<br />
update packages<br />
dnf update<br />
install SME11 repo<br />
vim /etc/yum.repos.d/smeserver11.repo<br />
and paste<br />
[smedev]<br />
enabled=0<br />
MirrorList=http://mirrorlist.contribs.org/mirrorlist/smedev-11<br />
name=SME Server - dev<br />
gpgcheck=1<br />
enablegroups=1<br />
[smetest]<br />
enabled=0<br />
MirrorList=http://mirrorlist.contribs.org/mirrorlist/smetest-11<br />
name=SME Server - dev<br />
gpgcheck=1<br />
enablegroups=1<br />
[smeos]<br />
enabled=0<br />
MirrorList=http://mirrorlist.contribs.org/mirrorlist/smeos-11<br />
name=SME Server - dev<br />
gpgcheck=1<br />
enablegroups=1<br />
[smeupdates]<br />
enabled=0<br />
MirrorList=http://mirrorlist.contribs.org/mirrorlist/smeupdates-11<br />
name=SME Server - dev<br />
gpgcheck=1<br />
enablegroups=1<br />
[koji-sme11]<br />
enabled=1<br />
name=koji-sme11<br />
baseurl=<nowiki>http://koji.koozali.org/kojifiles/repos/dist-sme11-os-build/latest/x86_64/</nowiki><br />
gpgcheck=0<br />
enablegroups=1<br />
<br />
install SME10 key<br />
wget <nowiki>http://mirror.koozali.org/releases/10/smeos/x86_64/RPM-GPG-KEY-koozali</nowiki><br />
rpm --import RPM-GPG-KEY-koozali<br />
<br />
<br />
install openfusion 8<br />
dnf install http://repo.openfusion.net/centos8-x86_64/openfusion-release-0.8-2<nowiki/>.of.el8.noarch.rpm<br />
then<br />
dnf --enablerepo=* clean all<br />
<br />
try installing SME11 packages, you might need to enable some repo using --enablerepo=smedev,epel,elrepo ... e.g.<br />
dnf module disable php:remi-8.2 -y<br />
dnf module enable php:remi-8.1 -y <br />
dnf module enable mariadb:10.5 -y<br />
dnf module enable php:remi-8.1 -y<br />
dnf module enable python36:3.6 -y<br />
dnf module install php:remi-8.1<br />
dnf install smeserver-* --enablerepo=koji-sme11,epel,remi,remi-safe,of --exclude=smeserver-mariadb* <br />
a temp fix before smeserver-base-11.0.0-4.el8.sme<br />
dnf install network-scripts rsyslog<br />
<br />
et voilà, you have a non functional SME 11 over Rocky 8 minimal.<br />
<br />
<nowiki>##</nowiki> this needs safer to be done directly on tty, not via ssh:<br />
<br />
latter it will be good to also deactivate networkManager, to leave network service doing the job, but you also need to configure e-smith db for the server first.<br />
systemctl stop NetworkManager<br />
systemctl disable NetworkManager <br />
systemctl stop NetworkManager-wait-online.service<br />
systemctl disable NetworkManager-wait-online.service<br />
systemctl start networking<br />
then you could try, (you might have no network form there), unlink this to avoid root password locking<br />
<br />
unlink /etc/e-smith/events/post-install/S10init-passwords<br />
signal-event post-install<br />
if you want to avoid the reboot and configure loop for the moment you can do <br />
passwd admin<br />
/usr/bin/systemctl restart rsyslog<br />
/sbin/e-smith/db accounts setprop admin PasswordSet yes<br />
/sbin/e-smith/db configuration set PasswordSet yes<br />
/sbin/e-smith/db configuration setprop bootstrap-console Restore disabled<br />
then try to configure using console<br />
console<br />
then to be sure to get sshd back<br />
/sbin/e-smith/db configuration setprop sshd status enabled PermitRootLogin yes access public<br />
/sbin/e-smith/expand-template /etc/ssh/ssh_config<br />
/sbin/e-smith/expand-template /etc/ssh/sshd_config<br />
/usr/bin/systemctl restart sshd.service <br />
/sbin/e-smith/signal-event remoteaccess-update<br />
then you can <br />
signal-event post-upgrade; <br />
signal-event-reboot; <br />
or maybe<br />
<br />
signal-event bootstrap-console-save;<br />
signal-event-reboot<br />
<nowiki>##</nowiki> end of the part better on tty than on sshd<br />
<br />
you can also tidy a little<br />
dnf remove NetworkManager --noautoremove<br />
<br />
<br />
<br />
you might need to disable sme* repos from there as they are still yet to be created on mirrors. so to help you follow updates you should do <br />
<br />
vim /etc/yum.smerepos.d/koji.repo<br />
and paste:<br />
[koji-sme11]<br />
enabled=1<br />
name=koji-sme11<br />
baseurl=<nowiki>http://koji.koozali.org/kojifiles/repos/dist-sme11-os-build/latest/x86_64/</nowiki><br />
gpgcheck=0<br />
enablegroups=1<br />
<br />
<br />
<br />
from there if you are lucky something went up and you can try to test , report as bug or event create a patch<br />
<br />
== Notes ==<br />
we will have horde 6 in remi Horde 6 requires PHP 8.1 or PHP 8.2 versions. Support for PHP 8.3 is in development. https://wiki.horde.org/Doc/Dev/H6/Installation/PHP?referrer=Doc%2FDev%2FH6%2FInstallation<br />
<br />
Horde 6 has been tested with MariaDB 10.8 and MariaDB 10.9 - any MariaDB of the 10.x series should work.<br />
<br />
<nowiki>*</nowiki> ensure mariadb uses "innodb" as its default engine<br />
<br />
<nowiki>*</nowiki> ensure the PHP server can reach the database hostname and port<br />
<br />
<nowiki>*</nowiki> use utf8mb4 as default charset.<br />
<br />
<nowiki>*</nowiki> create a database schema. This documentation assumes the db name is "horde"<br />
<br />
https://wiki.horde.org/Doc/Dev/H6/Installation?version=10<br />
<br />
== References ==<br />
<br />
* https://dnf.readthedocs.io/en/latest/modularity.htm<br />
* https://docs.fedoraproject.org/en-US/modularity/using-modules/<br />
* https://dnf.readthedocs.io/en/latest/cli_vs_yum.html<br />
* https://man7.org/linux/man-pages/man5/dnf.conf.5.html<br />
* https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/considerations_in_adopting_rhel_8/software-management_considerations-in-adopting-rhel-8<br />
* https://fedoraproject.org/wiki/Features/YumMetalinks<br />
* https://www.tecmint.com/reset-forgotten-root-password-in-rocky-linux-almalinux/<br />
* <br />
<br />
[[Category:SME11-Development]]</div>ReetPhttps://wiki.koozali.org/index.php?title=Vnstat&diff=42839Vnstat2024-03-20T15:45:01Z<p>ReetP: </p>
<hr />
<div>{{Level|Medium}}<br />
===Description===<br />
vnStat is a network traffic monitor for Linux that keeps a log of daily network traffic for the selected interface(s). For more information have a look [http://humdi.net/vnstat/ here].<br />
<br />
Based on How to install vnstat and the the PHP frontent.<br><br />
[Original post http://forums.contribs.org/index.php?topic=42444]<br><br />
<br />
===Installation for Koozali SME v10 ===<br />
<br />
You need the EPEL repo<br />
yum install smeserver-extrarepositories-epel<br />
<br />
Now install vnstat:<br />
yum --enablerepo=epel install vnstat<br />
<br />
Next a configuration entry and unit file <br />
config set vnstat service status enabled access private<br />
mkdir -p /usr/lib/systemd/system/vnstat.service.d<br />
nano /usr/lib/systemd/system/vnstat.service.d/50koozali.conf<br />
<br />
Paste this and save/exit:<br />
<br />
[Unit]<br />
Description=Vnstat global service for Koozali SME Server<br />
<br />
[Install]<br />
WantedBy=<br />
WantedBy=sme-server.target<br />
<br />
Add service key:<br />
<br />
config set vnstat service status enabled access private<br />
<br />
And Upgrade/Reboot for good measure:<br />
signal-event post-upgrade<br />
signal-event reboot<br />
<br />
Are we running:<br />
<br />
systemctl status vnstat<br />
<br />
Lets look at the data:<br />
<br />
rx / tx / total / estimated<br />
eth0:<br />
Mar '24 4.36 MiB / 22.12 MiB / 26.48 MiB / 40.00 MiB<br />
today 4.36 MiB / 22.12 MiB / 26.48 MiB / 37 MiB<br />
<br />
vnstat --iflist<br />
vnstat -i eth0<br />
<br />
By hour/week/month<br />
<br />
vnstat -h/w/m -i eth0<br />
<br />
eg<br />
<br />
vnstat -w -i eth0<br />
<br />
Remove unwanted DBs and stop monitoring the interface<br />
vnstat -i dummy0 --delete --force<br />
<br />
This could be templated:<br />
cat /etc/vnstat.conf<br />
<br />
<br />
===Installation for Koozali SME v9 ===<br />
To install vnStat you will need to have the Dag repository configured on your system. If you do not have the repository installed follow this instruction, otherwise skip to the next section:<br />
<br />
====Configuring Dag repository====<br />
You need to activate the [[Dag]] reposity before installing this contrib.<br /><br />
<br />
see [[dag|dag repository]] <br /><br />
<br />
====Install vnStat====<br />
If you have configured the dag repository, installation is as simple as:<br />
yum install vnstat --enablerepo=dag<br />
signal-event post-upgrade<br />
signal-event reboot<br />
<br />
====Add the monitored Interfaces====<br />
Add the interfaces you would like to monitor:<br />
vnstat -u -i eth0<br />
vnstat -u -i eth1<br />
<br />
You should get an error about the database not existing but it will also say it created it. It is safe to ignore the error message.<br />
<br />
you also need to edit /etc/sysconfig/vnstat to add your iface to the update job<br />
<br />
vim /etc/sysconfig/vnstat<br />
<br />
VNSTAT_OPTIONS="-u"<br />
see http://forums.contribs.org/index.php/topic,45174.0.html<br />
<br />
===Install vnStat PHP FrontEnd===<br />
"...Since vnStat is console mode only I created this script to make a 'nice' report of the data collected by vnStat...." ([http://www.sqweek.com/sqweek/index.php?p=1 Read More)]<br />
<br />
There is no yum repo for this so you will need to go to: http://www.sqweek.com/sqweek/index.php?p=1 to find the latest. Determine the link to the latest release and replace the '''wget''' command (below) accordingly.<br />
<br />
The below instructions put the file into the Primary ibay, you can also put it in a dedicated ibay or in /opt as suits your needs and security requirements.<br />
<br />
Get the frontend and configure:<br />
cd /home/e-smith/files/ibays/Primary/html/<br />
wget http://www.sqweek.com/sqweek/files/vnstat_php_frontend-1.4.1.tar.gz<br />
tar -xvzf vnstat_php_frontend-1.4.1.tar.gz<br />
cd vnstat_php_frontend-1.4.1<br />
nano config.php:<br><br />
Edit the information about the interfaces you would like to graph:<br />
$iface_list = array('eth0', 'eth1');<br />
The optional names: <br />
$iface_title['eth0'] = 'Internal';<br />
$iface_title['eth1'] = 'Internet';<br />
Finnaly set application path:<br />
$vnstat_bin = 'vnstat';<br />
<br />
Wait and you should see the application working at http://yourserverIP/vnstat_php_frontend-1.4.1<br />
<br />
===Troubleshooting===<br />
<br />
It is advisable to make the following change (as per user advice here http://forums.contribs.org/index.php/topic,45174.msg218884.html#msg218884)<br />
<br />
Edit the vnstat cron file<br />
nano /etc/cron.d/vnstat<br />
<br />
Change the line<br />
*/5 * * * * nobody /usr/sbin/vnstat.cron<br />
to read<br />
*/5 * * * * root /usr/sbin/vnstat.cron<br />
<br />
Restart crond.<br />
service crond restart<br />
<br />
===References===<br />
<br />
http://forums.contribs.org/index.php/topic,45174.0.html<br />
<br />
http://forums.contribs.org/index.php/topic,48420.0.html<br />
<br />
http://forums.contribs.org/index.php/topic,48422.0.html<br />
<br />
http://humdi.net/vnstat/<br />
<br />
----<br />
[[Category: Howto]]<br />
[[Category: Administration:Monitoring]]</div>ReetPhttps://wiki.koozali.org/index.php?title=Vnstat&diff=42838Vnstat2024-03-20T15:42:04Z<p>ReetP: Update for Koozali SME v10 / systemdD</p>
<hr />
<div>{{Level|Medium}}<br />
===Description===<br />
vnStat is a network traffic monitor for Linux that keeps a log of daily network traffic for the selected interface(s). For more information have a look [http://humdi.net/vnstat/ here].<br />
<br />
Based on How to install vnstat and the the PHP frontent.<br><br />
[Original post http://forums.contribs.org/index.php?topic=42444]<br><br />
<br />
===Installation for Koozali SME v10 ===<br />
<br />
You need the EPEL repo<br />
yum install smeserver-extrarepositories-epel<br />
<br />
Now install vnstat:<br />
yum --enablerepo=epel install vnstat<br />
<br />
Next a configuration entry and unit file <br />
config set vnstat service status enabled access private<br />
mkdir -p /usr/lib/systemd/system/vnstat.service.d<br />
nano /usr/lib/systemd/system/vnstat.service.d/50koozali.conf<br />
<br />
Paste this and save/exit:<br />
<br />
[Unit]<br />
Description=Vnstat global service for Koozali SME Server<br />
<br />
[Install]<br />
WantedBy=<br />
WantedBy=sme-server.target<br />
<br />
And Upgrade/Reboot for good measure:<br />
signal-event post-upgrade<br />
signal-event reboot<br />
<br />
Are we running:<br />
<br />
systemctl status vnstat<br />
<br />
Lets look at the data:<br />
<br />
rx / tx / total / estimated<br />
eth0:<br />
Mar '24 4.36 MiB / 22.12 MiB / 26.48 MiB / 40.00 MiB<br />
today 4.36 MiB / 22.12 MiB / 26.48 MiB / 37 MiB<br />
<br />
vnstat --iflist<br />
vnstat -i eth0<br />
<br />
By hour/week/month<br />
<br />
vnstat -h/w/m -i eth0<br />
<br />
eg<br />
<br />
vnstat -w -i eth0<br />
<br />
Remove unwanted DBs and stop monitoring the interface<br />
vnstat -i dummy0 --delete --force<br />
<br />
This could be templated:<br />
cat /etc/vnstat.conf<br />
<br />
<br />
===Installation for Koozali SME v9 ===<br />
To install vnStat you will need to have the Dag repository configured on your system. If you do not have the repository installed follow this instruction, otherwise skip to the next section:<br />
<br />
====Configuring Dag repository====<br />
You need to activate the [[Dag]] reposity before installing this contrib.<br /><br />
<br />
see [[dag|dag repository]] <br /><br />
<br />
====Install vnStat====<br />
If you have configured the dag repository, installation is as simple as:<br />
yum install vnstat --enablerepo=dag<br />
signal-event post-upgrade<br />
signal-event reboot<br />
<br />
====Add the monitored Interfaces====<br />
Add the interfaces you would like to monitor:<br />
vnstat -u -i eth0<br />
vnstat -u -i eth1<br />
<br />
You should get an error about the database not existing but it will also say it created it. It is safe to ignore the error message.<br />
<br />
you also need to edit /etc/sysconfig/vnstat to add your iface to the update job<br />
<br />
vim /etc/sysconfig/vnstat<br />
<br />
VNSTAT_OPTIONS="-u"<br />
see http://forums.contribs.org/index.php/topic,45174.0.html<br />
<br />
===Install vnStat PHP FrontEnd===<br />
"...Since vnStat is console mode only I created this script to make a 'nice' report of the data collected by vnStat...." ([http://www.sqweek.com/sqweek/index.php?p=1 Read More)]<br />
<br />
There is no yum repo for this so you will need to go to: http://www.sqweek.com/sqweek/index.php?p=1 to find the latest. Determine the link to the latest release and replace the '''wget''' command (below) accordingly.<br />
<br />
The below instructions put the file into the Primary ibay, you can also put it in a dedicated ibay or in /opt as suits your needs and security requirements.<br />
<br />
Get the frontend and configure:<br />
cd /home/e-smith/files/ibays/Primary/html/<br />
wget http://www.sqweek.com/sqweek/files/vnstat_php_frontend-1.4.1.tar.gz<br />
tar -xvzf vnstat_php_frontend-1.4.1.tar.gz<br />
cd vnstat_php_frontend-1.4.1<br />
nano config.php:<br><br />
Edit the information about the interfaces you would like to graph:<br />
$iface_list = array('eth0', 'eth1');<br />
The optional names: <br />
$iface_title['eth0'] = 'Internal';<br />
$iface_title['eth1'] = 'Internet';<br />
Finnaly set application path:<br />
$vnstat_bin = 'vnstat';<br />
<br />
Wait and you should see the application working at http://yourserverIP/vnstat_php_frontend-1.4.1<br />
<br />
===Troubleshooting===<br />
<br />
It is advisable to make the following change (as per user advice here http://forums.contribs.org/index.php/topic,45174.msg218884.html#msg218884)<br />
<br />
Edit the vnstat cron file<br />
nano /etc/cron.d/vnstat<br />
<br />
Change the line<br />
*/5 * * * * nobody /usr/sbin/vnstat.cron<br />
to read<br />
*/5 * * * * root /usr/sbin/vnstat.cron<br />
<br />
Restart crond.<br />
service crond restart<br />
<br />
===References===<br />
<br />
http://forums.contribs.org/index.php/topic,45174.0.html<br />
<br />
http://forums.contribs.org/index.php/topic,48420.0.html<br />
<br />
http://forums.contribs.org/index.php/topic,48422.0.html<br />
<br />
http://humdi.net/vnstat/<br />
<br />
----<br />
[[Category: Howto]]<br />
[[Category: Administration:Monitoring]]</div>ReetPhttps://wiki.koozali.org/index.php?title=Gitea_install&diff=42545Gitea install2024-02-25T13:07:25Z<p>ReetP: </p>
<hr />
<div>====Installation====<br />
<tabs container=""><tab name="For SME10"><br />
<br />
Gitea is an open-source forge software package for hosting software development version control using Git as well as other collaborative features like bug tracking, wikis, and code review.<br />
<br />
This is how I installed the latest version of Gitea (https://gitea.io) on my smeserver build box (this is running smeserver v10.1 in serveronly)<br />
<br />
This will work for a Centos 7 build as well. <br />
<br />
{{Note box|There is a smeserver contrib for Git and gitweb, but I did not use these as they only provide older versions of git, whereas we wanted the latest versions for use with gitea}}<br />
<br />
First we need to install git (latest stable version at the time)<syntaxhighlight lang="bash"><br />
export GITVER=2.39.1-1<br />
wget http://opensource.wandisco.com/centos/7/git/x86_64/git-${GITVER}.WANdisco.x86_64.rpm<br />
wget http://opensource.wandisco.com/centos/7/git/x86_64/perl-Git-${GITVER}.WANdisco.noarch.rpm<br />
yum localinstall git-${GITVER}.WANdisco.x86_64.rpm perl-Git-${GITVER}.WANdisco.noarch.rpm <br />
<br />
</syntaxhighlight>Next we'll install gitea (latest stable version at the time)<syntaxhighlight lang="bash"><br />
export GITEAVER=1.18.5<br />
wget https://github.com/go-gitea/gitea/releases/download/v${GITEAVER}/gitea-${GITEAVER}-linux-amd64 -O /usr/local/bin/gitea<br />
chmod +x /usr/local/bin/gitea<br />
useradd git<br />
mkdir -p /etc/gitea /var/lib/gitea/{custom,data,indexers,public,log}<br />
chown git:git /var/lib/gitea/{data,indexers,log}<br />
chmod 750 /var/lib/gitea/{data,indexers,log}<br />
chown root:git /etc/gitea<br />
chmod 770 /etc/gitea<br />
</syntaxhighlight><br />
Now we want to set it up as a service and ensure that it will be restarted on reboot.<br />
<syntaxhighlight lang="bash"><br />
wget https://raw.githubusercontent.com/go-gitea/gitea/main/contrib/systemd/gitea.service -O /usr/lib/systemd/system/gitea.service<br />
</syntaxhighlight><br />
The following is ONLY needed on an smeserver build<br />
<syntaxhighlight lang="bash"><br />
mkdir /usr/lib/systemd/system/gitea.service.d<br />
cat <<EOT > /usr/lib/systemd/system/gitea.service.d/50koozali.conf<br />
[Install]<br />
WantedBy=sme-server.target<br />
EOT<br />
config set gitea service status enabled<br />
</syntaxhighlight><br />
Now we setup gitea on your server<br />
<syntaxhighlight lang="bash"><br />
systemctl enable --now gitea<br />
</syntaxhighlight><br />
Access the setup page via a browser http://<your-smeserver-IP>:3000<br />
<br />
I found it easiest to just use SQLite3 (built in to smeserver v10)<br />
<br />
Make sure that you set your Server Domain and Gitea Base URL to the correct values for your server.<br />
[[File:Screenshot 2023-03-19 at 6.12.10 pm.png|frame|alt=|none]]<br />
<br />
You will likely have to refresh the browser and then it will ask you to login.<br />
<br />
You can setup your users via the web interface.<br />
<br />
If you are having problems accessing gitea, check the app.ini file to ensure that the ROOT_URL is correct in<syntaxhighlight lang="bash"><br />
nano /etc/gitea/app.ini<br />
</syntaxhighlight>if you change it, you'll need to restart gitea<syntaxhighlight lang="bash"><br />
systemctl restart gitea<br />
</syntaxhighlight><br />
<br />
</tab><br />
<tab name="For Rocky 8"><br />
Gitea is an open-source forge software package for hosting software development version control using Git as well as other collaborative features like bug tracking, wikis, and code review.<br />
<br />
=====Prerequisites=====<br />
* Rocky Linux 8 installed<br />
* Full SSH root access.<br />
* Gitea supports the following databases.<br />
* SQLite<br />
* PostgreSQL<br />
* MySQL<br />
* MariaDB<br />
* TiDB<br />
* MSSQL<br />
<br />
In the guide below, we’ll use SQLite as the database for Gitea. You can pick any of the supported databases in your installation as needed, just need to create db, user and password and use same details when in setup for the gitea web interface.<br />
<br />
This is what I did on a bare Rocky 8 minimal install<br />
<br />
First we need to install git and any required pkgs<br />
<syntaxhighlight lang="bash"><br />
dnf install git git-lfs policycoreutils-python-utils wget nano<br />
useradd git<br />
</syntaxhighlight><br />
Next we'll install gitea ([https://dl.gitea.com/gitea/ latest stable version at the time])<br />
<syntaxhighlight lang="bash"><br />
export GITEAVER=1.20.5<br />
wget https://github.com/go-gitea/gitea/releases/download/v${GITEAVER}/gitea-${GITEAVER}-linux-amd64 -O /usr/local/bin/gitea<br />
chmod +x /usr/local/bin/gitea<br />
mkdir -p /etc/gitea /var/lib/gitea/{custom,data,indexers,public,log}<br />
chown git:git /var/lib/gitea/{data,indexers,log}<br />
chmod 750 /var/lib/gitea/{data,indexers,log}<br />
chown root:git /etc/gitea<br />
chmod 770 /etc/gitea<br />
</syntaxhighlight><br />
Now we want to set it up as a service and set security settings (selinux and firewall).<br />
<syntaxhighlight lang="bash"><br />
wget https://raw.githubusercontent.com/go-gitea/gitea/main/contrib/systemd/gitea.service -O /usr/lib/systemd/system/gitea.service<br />
semanage fcontext -a -t public_content_rw_t "/var/lib/gitea/data/gitea-repositories(/.*)?"<br />
restorecon -r -v /var/lib/gitea/data/gitea-repositories<br />
firewall-cmd --permanent --zone=public --add-port=3000/tcp<br />
firewall-cmd --reload<br />
</syntaxhighlight><br />
Now we setup gitea on your server<br />
{{Note box|Gitea will wait for you to run the web setup, but as we are starting this as a service, the service will timeout if you leave it. The service will auto-restart, so you can try to connect and setup again, or you can manually restart the gitea service.}}<br />
<syntaxhighlight lang="bash"><br />
systemctl enable --now gitea<br />
</syntaxhighlight><br />
Access the setup page via a browser http://<your-smeserver-IP>:3000<br />
<br />
I found it easiest to just use SQLite3 (already installed)<br />
<br />
Make sure that you set your Server Domain and Gitea Base URL to the correct values for your server.<br />
[[File:Screenshot 2023-03-19 at 6.12.10 pm.png|frame|alt=|none]]<br />
<br />
You will likely have to refresh the browser and then it will ask you to login.<br />
<br />
You can setup your users via the web interface.<br />
<br />
If you are having problems accessing gitea, check the app.ini file to ensure that the ROOT_URL is correct in<br />
<syntaxhighlight lang="bash"><br />
nano /etc/gitea/app.ini<br />
</syntaxhighlight><br />
if you change it, you'll need to restart gitea<br />
<syntaxhighlight lang="bash"><br />
systemctl restart gitea<br />
</syntaxhighlight><br />
<br />
</tab><br />
</tabs><br />
<br />
===Using Maria DB >= 10.4===<br />
<br />
From here:<br />
<br />
https://docs.gitea.com/installation/database-prep<br />
<br />
For local database:<br />
<br />
SET old_passwords=0;<br />
CREATE USER 'gitea'@'%' IDENTIFIED BY 'gitea';<br />
<br />
Create database with UTF-8 charset and collation. Make sure to use utf8mb4 charset instead of utf8 as the former supports all Unicode characters (including emojis) beyond Basic Multilingual Plane. Also, collation chosen depending on your expected content. When in doubt, use either unicode_ci or general_ci.<br />
<br />
CREATE DATABASE giteadb CHARACTER SET 'utf8mb4' COLLATE 'utf8mb4_unicode_ci';<br />
<br />
Grant all privileges on the database to database user created above.<br />
<br />
For local database:<br />
<br />
GRANT ALL PRIVILEGES ON giteadb.* TO 'gitea';<br />
FLUSH PRIVILEGES;<br />
<br />
Quit from database console using 'exit'<br />
<br />
Test your connection<br />
<br />
mysql -u gitea -p giteadb<br />
<br />
Now you can use the Database Type "Maria DB" in your setup.<br />
<br />
===LDAP settings===<br />
<br />
https://docs.gitea.com/features/authentication<br />
<br />
Under SME v10 we can authenticate users against the local LDAP server.<br />
<br />
On my server I had already set up a LDAP authentication user called 'auth' rather than using the admin account.<br />
I also set up a group called 'it_dept' for restricting user access.<br />
<br />
Site Administration, Authentication Sources<br />
<br />
Add Authentication Source<br />
<br />
==== Settings====<br />
Authentication Name : Choose a name<br />
Security Protocol: StartTLS<br />
Host: Your LDAP host<br />
Port: 389<br />
Bind DN: uid=auth,ou=Users,dc=yourdomain,dc=com<br />
Bind Password: "password of 'auth' user"<br />
User Search Base: ou=Users,dc=yourdomain,dc=com<br />
User Filter: (&(objectClass=posixAccount)(|(uid=%[1]s)(mail=%[1]s)))<br />
<br />
First Name Attribute: givenName<br />
Surname Attribute: sn<br />
Email Attribute: mail<br />
<br />
Enable LDAP Groups<br />
<br />
Group Search Base DN: ou=Groups,dc=yourdomain,dc=com<br />
Group Attribute Containing List Of Users :memberUID<br />
Verify group membership in LDAP: (cn=it_dept)<br />
<br />
Fetch Attributes in Bind DN Context: enabled<br />
This Authentication source is Activated: enabled<br />
<br />
Enable user synchronization: enabled (after you have checked your settings!)<br />
<br />
This option enables a periodic task that synchronizes the Gitea users with the LDAP server. The default period is every 24 hours but that can be changed in the app.ini file. See the cron.sync_external_users section in the sample app.ini for detailed comments about that section. The User Search Base and User Filter settings described above will limit which users can use Gitea and which users will be synchronized. When initially run the task will create all LDAP users that match the given settings so take care if working with large Enterprise LDAP directories.<br />
<br />
====Notes====<br />
<br />
Once this is enabled a user logging in will have a gitea account created and synced.<br />
<br />
You can also change the accounts between Local and LDAP <br />
<br />
Identity & Access, User Accounts<br />
<br />
Authentication Source: LDAP<br />
Authentication Sign-In Name: Match the LDAP name<br />
<br />
Update and test login.<br />
<br />
<br />
[[Category:Developer]]</div>ReetPhttps://wiki.koozali.org/index.php?title=AutoMysqlBackup&diff=42459AutoMysqlBackup2024-01-11T14:21:21Z<p>ReetP: /* Mailto */</p>
<hr />
<div>{{Languages|AutoMysqlBackup}}<br />
==Automysqlbackup==<br />
[http://sourceforge.net/projects/automysqlbackup/ AutoMySQLBackup] associates with DB configuration will create Daily, Weekly and Monthly backups of your MySQL databases. At least there is no panel in the server-manager but the configuration is quite simple with few commands listed above, handle by "config setprop automysqlbackup". I'm fairly sure that you do not have to modify huge options except the mail where logs and files are sent.<br />
With this contribs you save your mysql databases in a simple way.<br />
<br />
Other Features include:<br />
*Email notification of backups<br />
*Databases split and sent by mails<br />
*Backup Compression and Encryption<br />
*Configurable backup rotation (no db command yet, you have to do it manualy)<br />
*Incremental database backups (no db command yet, you have to do it manualy)<br />
<br />
=== Version ===<br />
{{ #smeversion: smeserver-automysqlbackup}}<br />
{{ #smeversion: automysqlbackup}}<br />
<br />
==Maintainer==<br />
[mailto:stephdl@de-labrusse.fr stephdl] Stéphane de Labrusse AKA [[User:stephdl|Stephdl]]<br /><br />
<br />
==Installation==<br />
====For SME8====<br />
This contrib is in the [[Stephdl|'''stephdl''']] repository, you have to enable it before to install the contrib<br />
<br />
</noinclude><br />
db yum_repositories set stephdl repository \<br />
BaseURL http://mirror.de-labrusse.fr/smeserver/\$releasever \<br />
EnableGroups no GPGCheck yes \<br />
Name "Mirror de Labrusse" \<br />
GPGKey http://mirror.de-labrusse.fr/RPM-GPG-KEY \<br />
Visible yes status disabled<br />
<br />
<br />
<noinclude><br />
After adding it to the database updating the configuration file is required:<br />
signal-event yum-modify<br />
<br />
yum install --enablerepo=stephdl smeserver-automysqlbackup<br />
config set UnsavedChanges no<br />
<br />
====For SME9 and SME10====<br />
<br />
yum install --enablerepo=smecontribs smeserver-automysqlbackup<br />
config set UnsavedChanges no<br />
<br />
You can also install pigz for multi CPU support which can speed up your backups and remove the warning from the status email:<br />
<br />
yum --enablerepo=epel install pigz<br />
<br />
==smeserver Panel==<br />
<br />
There is no panel for manage this contrib, you have to play with db configuration command but normally the options by default could be sufficient.<br />
<br />
==How to launch the backup==<br />
You can launch manually the database backup by a command line with automysqlbackup in a root terminal.<br />
automysqlbackup<br />
otherwise every night, a cron job start à 4h00 AM to save your databases.<br />
==DB command option==<br />
If you want to see the db configuration of automysqlbackup.<br />
config show automysqlbackup<br />
===Time===<br />
<br />
You can adjust the time when start the cronJob<br />
<br />
* Each 30 Minutes<br />
config setprop automysqlbackup Hour '*' Minute '*/30'<br />
signal-event automysqlbackup-update<br />
<br />
* Each Hour<br />
config setprop automysqlbackup Hour '*/1' Minute 1<br />
signal-event automysqlbackup-update<br />
<br />
* At 3 Hour Am<br />
config setprop automysqlbackup Hour 3 Minute 1<br />
signal-event automysqlbackup-update<br />
<br />
===Backup directory===<br />
It is the folder where you save you database backup '''(default is /root/backup/db)'''. This is the architecture of your backup folder.<br />
{{note box|keep in mind that the /root folder is saved with the e-smith-backup of your server-manager}} <br />
#ls /root/backup/db/<br />
daily fullschema latest monthly status tmp weekly<br />
<br />
If you want to save in another place, you have to do the command below.<br />
<br />
config setprop automysqlbackup Backupdir /path/to/other/folder<br />
you have to create manually your new backup directory<br />
mkdir -p /path/to/other/folder<br />
<br />
===Backup a local directory===<br />
the possibility is given to you to save a local directory by automysqlbackup. I suppose that you can not use it for large folder but for a web site with its database it could be useful. not activated by default<br />
config setprop automysqlbackup Backup_local_files /path/to/folder<br />
<br />
===Mysql53, Mysql55, Mysql57, MariaDB===<br />
<br />
With SCL on SME you may be running other database versions.<br />
<br />
You must make sure you have a backup user for the newer databases<br />
<br />
Creating backup user for default mysql53 database<br />
done<br />
*** If you add mysql55/mysql57 you must add a backup user ***<br />
You can use the password from config show automysqlbackup<br />
e.g.: <br />
mysql55 -e " GRANT EVENT,SELECT,LOCK TABLES ON *.* TO backupuser@'localhost' " <br />
mysql55 -u root -e "SET PASSWORD FOR backupuser@localhost = PASSWORD( ' -from config show automysqlbackup DbPassword- ' ) " <br />
<br />
We can now choose other databases to backup:<br />
<br />
mysql53, mysql55, mysql57, mariadb<br />
<br />
You can enable or disable as follows:<br />
<br />
config setprop automysqlbackup Mysql55 enabled<br />
signal-event automysqlbackup-update<br />
<br />
====For Koozali SME v10====<br />
<br />
The default Maria 5.5 is included. To add Maria 10.5 added via the contrib:<br />
<br />
config setprop automysqlbackup Mymaria105 enabled<br />
signal-event smeserver-automysqlbackup-update<br />
<br />
===Encryption===<br />
If you wish to encrypt your backups using openssl '''(no is default)'''<br />
config setprop automysqlbackup Encrypt yes<br />
you need to set a password '''(default is 01234567899876543210)'''<br />
config setprop automysqlbackup Dbencrypt_password your-password<br />
<br />
{{Note box| This option may be useful when you want to save your databases outside of your server by sending them by mails. keep in mind to change the default password}}<br />
<br />
===Decryption===<br />
To decrypt run :<br />
<br />
openssl enc -aes-256-cbc -d -in encrypted_file_name(ex: *.enc.gz) -out outputfilename.gz -pass pass:your-password<br />
<br />
example : <br />
<br />
openssl enc -aes-256-cbc -d -in daily_horde_2013-04-26_01h41m_Friday.sql.gz.enc -out daily_horde_2013-04-26_01h41m_Friday.sql.gz \<br />
-pass pass:01234567899876543210<br />
<br />
===Mailcontent===<br />
you can choose your type of mail send to the admin '''(log by default)'''<br />
config setprop automysqlbackup Mailcontent option<br />
option :<br />
*log : send only log file (default)<br />
*files : send log file and sql files as attachments<br />
*stdout : will simply output the log to the screen if run manually.<br />
*quiet : Only send logs if an error occurs to the MAILADDR.<br />
<br />
{{Tip box|Use the "'''files'''" option with the Mailcontent db to save your mysql databases in a mailbox outside of your server, moreover they are saved too in a local folder of your server (by default/root/backup/db)}}<br />
<br />
===Mailto===<br />
<br />
You can choose the mail account where you sent your mails '''(default is the mailbox admin of your server)'''.<br />
<br />
Note that this may not work to places like Gmail or Microsoft as it bypasses DKIM etc and their checking is extremely strict.<br />
<br />
config setprop automysqlbackup Mailto foo@foo.com<br />
<br />
===Sizemail===<br />
<br />
you can determine the size of mails sent '''(default is 8000 KB)'''.<br />
config setprop automysqlbackup Sizemail 8000<br />
{{note box|keep in mind that a lot of smtp server reject mail bigger than 10 000 KB or 10MB}}<br />
<br />
<br />
===Debug===<br />
<br />
This should enable some logging to be emailed when it runs:<br />
<br />
config setprop automysqlbackup debug enabled<br />
signal-event smeserver-automysqlbackup-update<br />
<br />
==Manual Settings==<br />
There are many options you can modify in automysqlbackup, so for a personal need you can adjust by hand the files below. make a copy before.<br />
<br />
cp /etc/automysqlbackup/myserver.conf /etc/automysqlbackup/myserver.conf-old<br />
nano /etc/automysqlbackup/myserver.conf<br />
<br />
==RESTORING==<br />
===restoring a .sql file===<br />
In a root terminal <br />
cd /root/backup/db/ <br />
and choose your backup<br />
gunzip file-name.sql.gz<br />
Next you will need to use the mysql client to restore the DB from the sql file.<br />
mysql database < /path/file.sql<br />
<br />
NOTE: Make sure you use < and not > in the above command because you are piping the file.sql to mysql and not the other way around<br />
<br />
If you want to play with another user or a remote mysql server you can use this command line<br />
<br />
mysql --user=username --pass=password --host=dbserver database < /path/file.sql<br />
<br />
===restoring databases sent by mail attachment===<br />
<br />
The attachments have been split into multiple files, use this command line to combine them :<br />
cat mail_attachment_2011-08-13_13h15m_* > mail_attachment_2011-08-13_13h15m.tar.bz2<br />
and do this to extract the content<br />
bunzip2 <mail_attachment_2011-08-13_13h15m.tar.bz2 | pax -rv<br />
<br />
==Known Issues==<br />
<br />
===Skip mysql.event===<br />
* Warning: Skipping the data of table mysql.event. Specify the --events option explicitly. SOLVED in [[bugzilla:8146]]<br />
See http://www.linuxbrigade.com/warning-skipping-data-table-mysql-event/#more-135<br />
See this discussion http://bugs.mysql.com/bug.php?id=68376<br />
<br />
=== Empty backupdir key===<br />
* Don't leave this key blank or you may get errors:<br />
<br />
config show automysqlbackup Backupdir <br />
<br />
The system will try and default to /root/backup/db but you may get issues if it is empty<br />
<br />
See bugs [[bugzilla:10655]] and [[bugzilla:10654]]<br />
<br />
===Backup databases===<br />
* Some solutions : <br />
<br />
if we want to backup databases<br />
mysqldump -uroot --events mysql > /tmp/mysql.sql<br />
or if we don't want to backup them<br />
mysqldump -uroot --events --ignore-table=mysql.event mysql > /tmp/mysql.sql<br />
<br />
==Bugs==<br />
<br />
Please raise bugs under the SME-Contribs section in {{BugzillaFileBug|product=|component=|title=bugzilla}}and select the smeserver-automysqlbackup component or use <br />
{{BugzillaFileBug|product=SME%20Contribs|component=smeserver-automysqlbackup |title=this link}}.<br />
<br />
<br />
{{#bugzilla:columns=id,product,version,status,summary |sort=id |order=desc |disablecache=1 |component=smeserver-automysqlbackup |noresultsmessage="No open bugs found."}}<br />
<br />
<br />
==Changelog==<br />
<br />
Only released version in smecontrib are listed here.<br />
<br />
{{ #smechangelog: smeserver-automysqlbackup }}<br />
<br />
<br />
[[Category: Contrib]]</div>ReetPhttps://wiki.koozali.org/index.php?title=AutoMysqlBackup&diff=42458AutoMysqlBackup2024-01-11T14:06:50Z<p>ReetP: /* Sizemail */</p>
<hr />
<div>{{Languages|AutoMysqlBackup}}<br />
==Automysqlbackup==<br />
[http://sourceforge.net/projects/automysqlbackup/ AutoMySQLBackup] associates with DB configuration will create Daily, Weekly and Monthly backups of your MySQL databases. At least there is no panel in the server-manager but the configuration is quite simple with few commands listed above, handle by "config setprop automysqlbackup". I'm fairly sure that you do not have to modify huge options except the mail where logs and files are sent.<br />
With this contribs you save your mysql databases in a simple way.<br />
<br />
Other Features include:<br />
*Email notification of backups<br />
*Databases split and sent by mails<br />
*Backup Compression and Encryption<br />
*Configurable backup rotation (no db command yet, you have to do it manualy)<br />
*Incremental database backups (no db command yet, you have to do it manualy)<br />
<br />
=== Version ===<br />
{{ #smeversion: smeserver-automysqlbackup}}<br />
{{ #smeversion: automysqlbackup}}<br />
<br />
==Maintainer==<br />
[mailto:stephdl@de-labrusse.fr stephdl] Stéphane de Labrusse AKA [[User:stephdl|Stephdl]]<br /><br />
<br />
==Installation==<br />
====For SME8====<br />
This contrib is in the [[Stephdl|'''stephdl''']] repository, you have to enable it before to install the contrib<br />
<br />
</noinclude><br />
db yum_repositories set stephdl repository \<br />
BaseURL http://mirror.de-labrusse.fr/smeserver/\$releasever \<br />
EnableGroups no GPGCheck yes \<br />
Name "Mirror de Labrusse" \<br />
GPGKey http://mirror.de-labrusse.fr/RPM-GPG-KEY \<br />
Visible yes status disabled<br />
<br />
<br />
<noinclude><br />
After adding it to the database updating the configuration file is required:<br />
signal-event yum-modify<br />
<br />
yum install --enablerepo=stephdl smeserver-automysqlbackup<br />
config set UnsavedChanges no<br />
<br />
====For SME9 and SME10====<br />
<br />
yum install --enablerepo=smecontribs smeserver-automysqlbackup<br />
config set UnsavedChanges no<br />
<br />
You can also install pigz for multi CPU support which can speed up your backups and remove the warning from the status email:<br />
<br />
yum --enablerepo=epel install pigz<br />
<br />
==smeserver Panel==<br />
<br />
There is no panel for manage this contrib, you have to play with db configuration command but normally the options by default could be sufficient.<br />
<br />
==How to launch the backup==<br />
You can launch manually the database backup by a command line with automysqlbackup in a root terminal.<br />
automysqlbackup<br />
otherwise every night, a cron job start à 4h00 AM to save your databases.<br />
==DB command option==<br />
If you want to see the db configuration of automysqlbackup.<br />
config show automysqlbackup<br />
===Time===<br />
<br />
You can adjust the time when start the cronJob<br />
<br />
* Each 30 Minutes<br />
config setprop automysqlbackup Hour '*' Minute '*/30'<br />
signal-event automysqlbackup-update<br />
<br />
* Each Hour<br />
config setprop automysqlbackup Hour '*/1' Minute 1<br />
signal-event automysqlbackup-update<br />
<br />
* At 3 Hour Am<br />
config setprop automysqlbackup Hour 3 Minute 1<br />
signal-event automysqlbackup-update<br />
<br />
===Backup directory===<br />
It is the folder where you save you database backup '''(default is /root/backup/db)'''. This is the architecture of your backup folder.<br />
{{note box|keep in mind that the /root folder is saved with the e-smith-backup of your server-manager}} <br />
#ls /root/backup/db/<br />
daily fullschema latest monthly status tmp weekly<br />
<br />
If you want to save in another place, you have to do the command below.<br />
<br />
config setprop automysqlbackup Backupdir /path/to/other/folder<br />
you have to create manually your new backup directory<br />
mkdir -p /path/to/other/folder<br />
<br />
===Backup a local directory===<br />
the possibility is given to you to save a local directory by automysqlbackup. I suppose that you can not use it for large folder but for a web site with its database it could be useful. not activated by default<br />
config setprop automysqlbackup Backup_local_files /path/to/folder<br />
<br />
===Mysql53, Mysql55, Mysql57, MariaDB===<br />
<br />
With SCL on SME you may be running other database versions.<br />
<br />
You must make sure you have a backup user for the newer databases<br />
<br />
Creating backup user for default mysql53 database<br />
done<br />
*** If you add mysql55/mysql57 you must add a backup user ***<br />
You can use the password from config show automysqlbackup<br />
e.g.: <br />
mysql55 -e " GRANT EVENT,SELECT,LOCK TABLES ON *.* TO backupuser@'localhost' " <br />
mysql55 -u root -e "SET PASSWORD FOR backupuser@localhost = PASSWORD( ' -from config show automysqlbackup DbPassword- ' ) " <br />
<br />
We can now choose other databases to backup:<br />
<br />
mysql53, mysql55, mysql57, mariadb<br />
<br />
You can enable or disable as follows:<br />
<br />
config setprop automysqlbackup Mysql55 enabled<br />
signal-event automysqlbackup-update<br />
<br />
====For Koozali SME v10====<br />
<br />
The default Maria 5.5 is included. To add Maria 10.5 added via the contrib:<br />
<br />
config setprop automysqlbackup Mymaria105 enabled<br />
signal-event smeserver-automysqlbackup-update<br />
<br />
===Encryption===<br />
If you wish to encrypt your backups using openssl '''(no is default)'''<br />
config setprop automysqlbackup Encrypt yes<br />
you need to set a password '''(default is 01234567899876543210)'''<br />
config setprop automysqlbackup Dbencrypt_password your-password<br />
<br />
{{Note box| This option may be useful when you want to save your databases outside of your server by sending them by mails. keep in mind to change the default password}}<br />
<br />
===Decryption===<br />
To decrypt run :<br />
<br />
openssl enc -aes-256-cbc -d -in encrypted_file_name(ex: *.enc.gz) -out outputfilename.gz -pass pass:your-password<br />
<br />
example : <br />
<br />
openssl enc -aes-256-cbc -d -in daily_horde_2013-04-26_01h41m_Friday.sql.gz.enc -out daily_horde_2013-04-26_01h41m_Friday.sql.gz \<br />
-pass pass:01234567899876543210<br />
<br />
===Mailcontent===<br />
you can choose your type of mail send to the admin '''(log by default)'''<br />
config setprop automysqlbackup Mailcontent option<br />
option :<br />
*log : send only log file (default)<br />
*files : send log file and sql files as attachments<br />
*stdout : will simply output the log to the screen if run manually.<br />
*quiet : Only send logs if an error occurs to the MAILADDR.<br />
<br />
{{Tip box|Use the "'''files'''" option with the Mailcontent db to save your mysql databases in a mailbox outside of your server, moreover they are saved too in a local folder of your server (by default/root/backup/db)}}<br />
<br />
===Mailto===<br />
you can choose the mail account where you sent your mails '''(default is the mailbox admin of your server)'''.<br />
<br />
config setprop automysqlbackup Mailto foo@foo.com<br />
<br />
===Sizemail===<br />
<br />
you can determine the size of mails sent '''(default is 8000 KB)'''.<br />
config setprop automysqlbackup Sizemail 8000<br />
{{note box|keep in mind that a lot of smtp server reject mail bigger than 10 000 KB or 10MB}}<br />
<br />
<br />
===Debug===<br />
<br />
This should enable some logging to be emailed when it runs:<br />
<br />
config setprop automysqlbackup debug enabled<br />
signal-event smeserver-automysqlbackup-update<br />
<br />
==Manual Settings==<br />
There are many options you can modify in automysqlbackup, so for a personal need you can adjust by hand the files below. make a copy before.<br />
<br />
cp /etc/automysqlbackup/myserver.conf /etc/automysqlbackup/myserver.conf-old<br />
nano /etc/automysqlbackup/myserver.conf<br />
<br />
==RESTORING==<br />
===restoring a .sql file===<br />
In a root terminal <br />
cd /root/backup/db/ <br />
and choose your backup<br />
gunzip file-name.sql.gz<br />
Next you will need to use the mysql client to restore the DB from the sql file.<br />
mysql database < /path/file.sql<br />
<br />
NOTE: Make sure you use < and not > in the above command because you are piping the file.sql to mysql and not the other way around<br />
<br />
If you want to play with another user or a remote mysql server you can use this command line<br />
<br />
mysql --user=username --pass=password --host=dbserver database < /path/file.sql<br />
<br />
===restoring databases sent by mail attachment===<br />
<br />
The attachments have been split into multiple files, use this command line to combine them :<br />
cat mail_attachment_2011-08-13_13h15m_* > mail_attachment_2011-08-13_13h15m.tar.bz2<br />
and do this to extract the content<br />
bunzip2 <mail_attachment_2011-08-13_13h15m.tar.bz2 | pax -rv<br />
<br />
==Known Issues==<br />
<br />
===Skip mysql.event===<br />
* Warning: Skipping the data of table mysql.event. Specify the --events option explicitly. SOLVED in [[bugzilla:8146]]<br />
See http://www.linuxbrigade.com/warning-skipping-data-table-mysql-event/#more-135<br />
See this discussion http://bugs.mysql.com/bug.php?id=68376<br />
<br />
=== Empty backupdir key===<br />
* Don't leave this key blank or you may get errors:<br />
<br />
config show automysqlbackup Backupdir <br />
<br />
The system will try and default to /root/backup/db but you may get issues if it is empty<br />
<br />
See bugs [[bugzilla:10655]] and [[bugzilla:10654]]<br />
<br />
===Backup databases===<br />
* Some solutions : <br />
<br />
if we want to backup databases<br />
mysqldump -uroot --events mysql > /tmp/mysql.sql<br />
or if we don't want to backup them<br />
mysqldump -uroot --events --ignore-table=mysql.event mysql > /tmp/mysql.sql<br />
<br />
==Bugs==<br />
<br />
Please raise bugs under the SME-Contribs section in {{BugzillaFileBug|product=|component=|title=bugzilla}}and select the smeserver-automysqlbackup component or use <br />
{{BugzillaFileBug|product=SME%20Contribs|component=smeserver-automysqlbackup |title=this link}}.<br />
<br />
<br />
{{#bugzilla:columns=id,product,version,status,summary |sort=id |order=desc |disablecache=1 |component=smeserver-automysqlbackup |noresultsmessage="No open bugs found."}}<br />
<br />
<br />
==Changelog==<br />
<br />
Only released version in smecontrib are listed here.<br />
<br />
{{ #smechangelog: smeserver-automysqlbackup }}<br />
<br />
<br />
[[Category: Contrib]]</div>ReetPhttps://wiki.koozali.org/index.php?title=Ftp&diff=42457Ftp2024-01-09T13:31:07Z<p>ReetP: </p>
<hr />
<div>{{WIP box|}}<br />
<br />
SME Server offers a ftp server, which is Proftpd. If enabled it allows you to access to the Primary ibay files folder with anonymous access, and to any content your user is allowed, if authenticated, inside /home/e-smith/files.<br />
<br />
Prior to SME 10 ftp was using cleat text communication ('''FTP'''), allowing one to listen to your password and files exchanged on the network. Now TLS is enforced by default ('''FTPs'''), and it is suggested that you keep it enabled.<br />
<br />
While you may be used to the traditional port 21 for file transfer protocol ('''FTP'''), this page is here to help you have steady access to your ftp server, by understanding it, and enabling the extra needed ports.<br />
<br />
Your server is using <br />
<br />
Do not confuse '''sFTP''', which is part of ssh protocol and uses port 22, with '''FTPs''' which is the regular ftp protocol over port 21 using a layer of SSL/TLS encryption.<br />
<br />
== FTP connection modes : active versus passive ==<br />
SME by default offers both active and passive mode when you are on LAN. However, as soon as you try to access from a remote location you will have some difficulties depending on the situation.<br />
<br />
By default, for passive connection, Proftpd will use ports from 1024 and up, which means that you must forward ''all'' ports 1024-65535 from the NAT to the FTP server! And you have to allow many (possibly) dangerous ports in your fire-walling rules! Not a good situation.<br />
<br />
==== The Modes ====<br />
<br />
===== active =====<br />
From the server-side firewall's standpoint, to support active mode FTP the following communication channels need to be opened (http://slacksite.com/other/ftp.html):<br />
<br />
* FTP server's port 21 from anywhere (Client initiates connection)<br />
* FTP server's port 21 to ports > 1024 (Server responds to client's control port)<br />
* FTP server's port 20 to ports > 1024 (Server initiates data connection to client's data port)<br />
* FTP server's port 20 from ports > 1024 (Client sends ACKs to server's data port)<br />
<br />
===== passive =====<br />
From the server-side firewall's standpoint, to support passive mode FTP the following communication channels need to be opened (http://slacksite.com/other/ftp.html):<br />
<br />
* FTP server's port 21 from anywhere (Client initiates connection)<br />
* FTP server's port 21 to ports > 1024 (Server responds to client's control port)<br />
* FTP server's ports > 1024 from anywhere (Client initiates data connection to random port specified by server)<br />
* FTP server's ports > 1024 to remote ports > 1024 (Server sends ACKs (and data) to client's data port)<br />
<br />
==== Examples ====<br />
<br />
===== SME is server-gateway connected to Internet - Client is remote behind a NAT =====<br />
Active mode will not work because the NAT will mostly hide the client port.<br />
<br />
Passive mode will need to use the <code>PassivePorts</code> directive in your <code>proftpd.conf</code> to control what ports <code>proftpd</code> will use for its passive data transfers, and you will need to open those port in your SME firewall.<br />
<br />
===== SME is server-gateway behind a firewall / NAT to Internet - Client is remote behind a NAT =====<br />
Active mode will not work because the NAT will mostly hide the client port.<br />
<br />
Passive mode will need to use the <code>PassivePorts</code> directive in your <code>proftpd.conf</code> to control what ports <code>proftpd</code> will use for its passive data transfers, and you will need to open those port in your SME firewall and in your firewall between you SME and Internet. You will also need a template custom to add MasqueradeAddress (http://www.proftpd.org/docs/modules/mod_core.html#MasqueradeAddress).<br />
<br />
===== SME is server-gateway connected to Internet - Client is remote directly connected to the Internet =====<br />
Active mode will not work because the NAT will mostly hide the client port.<br />
<br />
Passive mode will need to use the <code>PassivePorts</code> directive in your <code>proftpd.conf</code> to control what ports <code>proftpd</code> will use for its passive data transfers, and you will need to open those port in your SME firewall.<br />
<br />
== SSL mode: Explicit SSL versus Implicit SSL ==<br />
'''SME 10 and above uses explicit SSL mode for FTPs''' over port 21 only and does not need port 990. <u>The client must explicitly request for SSL/TLS to be able to go on</u>.<br />
<br />
FTPS (FTP over TLS) is served up in two incompatible modes. If using explicit FTPS, the client connects to the normal FTP port and explicitly switches into secure (TLS) mode with "AUTH TLS", whereas implicit FTPS is an older style service that assumes TLS mode right from the start of the connection (and normally listens on TCP port 990, rather than 21). In a FileZilla client this means prefixing the host with "FTPES://" to connect an "explicit" FTPS server, or "FTPS://" for the legacy "implicit" server (for which you will likely also need to set the port to 990).<br />
<br />
== FTP configuration options in SME ==<br />
{| class="wikitable"<br />
|+configuration db<br />
!key<br />
!Property<br />
!default<br />
|-<br />
| rowspan="9" |ftp<br />
|access<br />
|private<br />
|-<br />
|TCPPort<br />
|21<br />
|-<br />
|ChrootDir<br />
|<br />
|-<br />
|TLSEnable<br />
|on<br />
|-<br />
|TLSRequired<br />
|on<br />
|-<br />
|TLSVerifyClient<br />
|off<br />
|-<br />
|LoginAccess<br />
|private<br />
|-<br />
|DisableAnonymous<br />
|no<br />
|-<br />
|status<br />
|disabled<br />
|}<br />
{| class="wikitable"<br />
|+account db for ibay type<br />
!Property<br />
!default<br />
|-<br />
|PublicAccess<br />
|none<br />
|-<br />
|DisableAnonymous<br />
|no<br />
|}<br />
<br />
== TODO ==<br />
<br />
[https://bugs.koozali.org/show_bug.cgi?id=12454 PassivePorts support bug]<br />
<br />
* template to use PassivePort 44900:44950<br />
* template to add those ports in the the SME Firewall<br />
* template to add port 20<br />
* http://www.proftpd.org/docs/modules/mod_core.html#MasqueradeAddress Virtualhost vs Class see http://www.proftpd.org/docs/howto/NAT.html<br />
* http://www.proftpd.org/docs/howto/FXP.html<br />
<br />
===Bug report===<br />
Proftpd is listed in the [https://bugs.koozali.org/enter_bug.cgi?product=SME%20Server%2010.X bugtracker server] section.<br />
<br />
Please report all bugs, new feature requests and documentation issues there.<br />
<br />
Current bugs:<br />
<br />
https://bugs.koozali.org/buglist.cgi?bug_status=UNCONFIRMED&bug_status=CONFIRMED&bug_status=NEEDINFO&bug_status=IN_PROGRESS&bug_status=RESOLVED&f1=cf_package&list_id=102854&o1=equals&query_format=advanced&resolution=---&v1=e-smith-proftpd<br />
<br />
<br />
== Sources ==<br />
<br />
* https://wiki.filezilla-project.org/FTP_over_TLS#Explicit_vs_Implicit_FTPS<br />
* http://www.proftpd.org/docs/howto/TLS.html<br />
* https://hstechdocs.helpsystems.com/manuals/globalscape/archive/secureserver3/Explicit_versus_Implicit_SSL.htm<br />
* https://winscp.net/eng/docs/ftp_modes<br />
* http://www.proftpd.org/docs/howto/NAT.html<br />
* http://slacksite.com/other/ftp.html<br />
<br />
[[Category:Howto]]</div>ReetPhttps://wiki.koozali.org/index.php?title=Rocket_Chat:Contrib&diff=42399Rocket Chat:Contrib2023-11-15T14:49:08Z<p>ReetP: /* Usage */</p>
<hr />
<div>'''[[Rocket_Chat#smeserver-rocketchat_contrib|Contrib]]''': [mailto:jcrisp@safeandsound.co.uk][[User:ReetP|John Crisp]]<br />
{{Note box|Please note that there is also a howto on manually installing Rocket.Chat [[Rocket_Chat|'''here''' This is largely obsolete.]]}}<br />
<br />
Later versions will need my newer smeserver-rocketchat-0.4.x contrib which uses docker.<br />
<br />
==smeserver-rocketchat contrib==<br />
{{WIP box}}<br />
<br />
===Version===<br />
{{ #smeversion: smeserver-rocketchat }}<br />
<br />
<br />
==Required repos==<br />
<br />
Add repos:<br />
<br />
* [[epel]]<br />
* [[mongoDB]]<br />
* [[Docker]]<br />
* [[User:ReetP|reetp]] <br />
<br />
===Installation===<br />
<br />
There is now a smeserver-rocketchat contrib to install Rocket.Chat with docker.<br />
<br />
Install Mongo DB natively as per the wiki page https://wiki.koozali.org/MongoDB<br />
<br />
Currently it is suggested to use Mongo 4.4<br />
<br />
Mongo 5+ requires additional instructions in the CPU that older CPUs may not have. See teh wiki page for more.<br />
<br />
Do not go further than initiating the replicaset. Users are not required.<br />
<br />
Next install smeserver-docker following the wiki page https://wiki.koozali.org/Docker<br />
<br />
<br />
<br />
Settings<br />
<br />
config set rocketchat service TCPPort 3000 mailPort 25 mailURL localhost access private status enabled SSLProxy yes Version 5.4.9 rootURL chat.domain.com<br />
<br />
<br />
signal-event post-upgrade;signal-event reboot<br />
<br />
<br />
System ➔ startup<br />
+----------------------------------------------------+<br />
| SERVER RUNNING |<br />
+----------------------------------------------------+<br />
| |<br />
| Version: 0.xx.x |<br />
| Process Port: 3000 |<br />
| Site URL: <nowiki>http://rocketchat.local.net:3000</nowiki> |<br />
| OpLog: Disabled |<br />
| |<br />
+----------------------------------------------------+<br />
<br />
You should now be able to connect to your Rocket.Chat instance <br />
<br />
http://rocketchat.local.net:3000<br />
<br />
===Registering a new account===<br />
<br />
Because the SME mail server is fussy you may find it easier to force some settings in the Rocket.Chat DB before trying to register:<br />
<br />
You can set your SMTP host as localhost or mail.yourdomain.com<br />
<br />
mongo<br />
use rocketchat<br />
db.rocketchat_settings.update({"_id" : "SMTP_Host"}, {$set: {"value":"mail.yourdomain.com"}})<br />
db.rocketchat_settings.update({"_id": "From_Email"}, {$set: {"value":"admin@yourdomain.com"}})<br />
exit<<br />
<br />
<br />
===Reverse proxy===<br />
<br />
Now we need to setup our subdomain for the reverse proxy<br />
<br />
db domains set chat.mycompany.local domain Description RocketChat Nameservers internet \<br />
TemplatePath ProxyPassVirtualRocketchat ProxyPassTarget http://localhost:3000/<br />
<br />
It should look like this:<br />
chat.mycompany.local=domain<br />
Nameservers=internet (can be localhost)<br />
ProxyPassTarget=http://127.0.0.1:3000/<br />
TemplatePath=ProxyPassVirtualRocketchat<br />
letsencryptSSLcert=enabled (with letsencrypt support)<br />
<br />
We need to set Rocket.Chat to listen on localhost now:<br />
<br />
config setprop rocketchat rootURL chat.mycompany.domain SSLProxy yes<br />
signal-event smeserver-rocketchat-update<br />
<br />
Now start the docker container (always run compose from the docker directory)<br />
<br />
cd /home/e-smith/files/docker/configs<br />
docker-compose up -d rocketchat<br />
docker logs -f rocketchat<br />
<br />
db accounts setprop Primary SSL enabled<br />
signal-event ibay-modify Primary<br />
<br />
<br />
==Bugs==<br />
<br />
Please raise bugs under the SME-Contribs section in {{BugzillaFileBug|product=|component=|title=bugzilla}}and select the smeserver-rocketchat component or use <br />
{{BugzillaFileBug|product=SME%20Contribs|component=smeserver-rocketchat |title=this link}}.<br />
<br />
<br />
{{#bugzilla:columns=id,product,version,status,summary |sort=id |order=desc |disablecache=1 |component=smeserver-rocketchat |noresultsmessage="No open bugs found."}}<br />
<br />
<br />
==Mongo DB examples==<br />
<br />
===Usage===<br />
<br />
Example using mongo itself:<br />
<br />
mongo<br />
<br />
use rocketchat<br />
<br />
Show all collections in DB<br />
show collections<br />
<br />
Show all entries in a collection<br />
db.rocketchat_avatars.chunks.find()<br />
<br />
db.rocketchat_settings.find({"_id" : "SMTP_Host"})<br />
db.rocketchat_settings.find({"_id" : "From_Email"})<br />
<br />
db.getCollection("rocketchat_settings").find({"name":"Joe Blogs"})<br />
<br />
db.getCollection("rocketchat_settings").find({"_id":{$regex:"^LDAP"}})<br />
<br />
db.rocketchat_settings.findOne({_id : "From_Email"}, {_id:0, value: 1})<br />
db.rocketchat_settings.findOne({_id : "SMTP_Host"}, {_id:0, value: 1})<br />
<br />
db.rocketchat_settings.update({"_id":"From_Email"}, {$set: {"value":"admin@yourdomain.com"}})<br />
db.rocketchat_settings.update({"_id":"SMTP_Host"}, {$set: {"value":"mail.yourdomain.com"}})<br />
<br />
<br />
Remove all entries in a collection (CAREFUL!!!!!!)<br />
db.rocketchat_avatars.chunks.remove({})<br />
<br />
Help<br />
help<br />
<br />
Some more mongo commands for reference<br />
<br />
https://github.com/RocketChat/Rocket.Chat/issues/15880#issuecomment-570070433<br />
<br />
Directly check a specific user ID from bash:<br />
mongo rocketchat --eval "db.users.find({'username':'usernamehere'}).forEach( function(u) { print(u._id + \" ; \" + u.username); } )"<br />
<br />
Log into rocketchat database:<br />
mongo rocketchat<br />
<br />
Check out all the user IDs in the database: <br />
db.users.find().forEach( function(u) { print(u._id + ";" + u.username); } ) <br />
<br />
Or just a specific user's ID:<br />
db.users.find({'username':'usernamehere'}).forEach( function(u) { print(u._id + \" ; \" + u.username); } )<br />
<br />
Replace specific user ID's password in the database:<br />
db.users.update( {'_id': 'useridhere'}, {$set: {'services.password.bcrypt': 'bcryptedpasswordhere'}}, {multi:true} )<br />
<br />
My only issue with above (only time I needed it for recovery purposes), was that I didn't know which tool to use to generate a bcrypted password. So in the hurry I copied the hash from one account I already knew (my own). If someone knows a good command for creating one directly in bash, I assume it would do.<br />
<br />
There are bcrypt password generators online, and various libraries you can use<br />
<br />
For listing out any passwords in the database I used:<br />
<br />
db.users.find().forEach( function(u) { print(u.services.password.bcrypt + " ; " + u.username); } ) <br />
<br />
If you have deactivated users it may fail so use this for individual accounts.<br />
<br />
However, you can get it for an individual user with:<br />
<br />
db.users.find({'username':'SomeUserName'}).forEach( function(u) { print(u.services.password.bcrypt + " ; " + u.username); } ) <br />
<br />
Set a user config item:<br />
<br />
db.users.update( {'username': 'SomeUserName'}, {$set: {'settings.preferences.showMessageInMainThread': 'true'}} )<br />
<br />
Find a single user:<br />
<br />
db.getCollection('users').find( {'username':'SomeUserName'} )<br />
<br />
Get limited information:<br />
<br />
db.getCollection('users').find({}, {"username":1, "settings.preferences.showMessageInMainThread":1})<br />
<br />
Reset 2FA nonsense:<br />
<br />
db.users.update({'username': 'SomeUserName'}, {$unset: {'services.totp': 1}});<br />
db.users.update({'username': 'SomeUserName'}, {$unset: {'services.email2fa': 1}});<br />
<br />
===Database Backup===<br />
<br />
You can dump the tables to a directory of your choice:<br />
<br />
mongodump --dumpDbUsersAndRoles -d rocketchat -o /root/rocketchatmongo<br />
<br />
===Database Restore===<br />
<br />
You can restore you database as follows:<br />
<br />
mongorestore --restoreDbUsersAndRoles -d rocketchat -dir /root/rocketchatmongo/rocketchat --quiet<br />
<br />
===Database Fix tables===<br />
<br />
To remove user data file links a variation on this link<br />
https://github.com/RocketChat/feature-requests/issues/718<br />
<br />
mongo<br />
use rocketchat<br />
db.rocketchat_user_data_files.remove( { } )<br />
db.runCommand({ compact: 'rocketchat_user_data_files', force: true });<br />
quit;<br />
<br />
==Node usage==<br />
<br />
* This should go to a new Node page for reference<br />
<br />
Use n, an extremely simple Node version manager that can be installed via npm (See http://stackoverflow.com/questions/7718313/how-to-change-to-an-older-version-of-node-js)<br />
<br />
Say you want Node.js v0.10.x to build Atom.<br />
<br />
npm install -g n # Install n globally<br />
n 0.10.33 # Install and use v0.10.33 local only<br />
<br />
Usage:<br />
n # Output versions installed<br />
n latest # Install or activate the latest node release<br />
n stable # Install or activate the latest stable node release<br />
n <version> # Install node <version><br />
n use <version> [args ...] # Execute node <version> with [args ...]<br />
n bin <version> # Output bin path for <version><br />
n rm <version ...> # Remove the given version(s)<br />
n --latest # Output the latest node version available<br />
n --stable # Output the latest stable node version available<br />
n ls # Output the versions of node available<br />
<br />
<br />
==NPM Usage==<br />
<br />
To update your version of npm run the following<br />
<br />
npm install -g npm<br />
<br />
Or for a specific version:<br />
<br />
npm install -g npm@3.10.9<br />
<br />
==DB settings==<br />
<br />
Typical standard setup:<br />
rocketchat=service<br />
TCPPort=3000<br />
access=public<br />
mailPort=25<br />
mailURL=localhost<br />
status=enabled<br />
<br />
Typical proxy subdomain setup:<br />
rocketchat=service<br />
SSLProxy=yes<br />
TCPPort=3000<br />
access=private<br />
mailPort=25<br />
mailURL=localhost<br />
rootURL=chat.mydomain.co.uk<br />
status=enabled<br />
<br />
<br />
<br />
==Koozali SME v10==<br />
<br />
I am starting to look at running this under docker on v10<br />
<br />
Some quick notes.<br />
<br />
You will need<br />
<br />
Docker<br />
https://wiki.contribs.org/Docker<br />
<br />
Docker Compose (because it makes it easier to template)<br />
https://github.com/docker/compose/releases<br />
<br />
Docker environment settings to disable 2FA<br />
<br />
- OVERWRITE_SETTING_Accounts_TwoFactorAuthentication_Enforce_Password_Fallback=false<br />
- OVERWRITE_SETTING_Accounts_TwoFactorAuthentication_Enabled=false<br />
<br />
Mongo (I prefer to run a full instance rather than a docker one)<br />
https://wiki.contribs.org/MongoDB<br />
<br />
Make sure you add replicaset support in Mongo and set it up:<br />
<br />
mongo --eval "printjson(rs.initiate())"<br />
<br />
<br />
I'll add more later, and try and make a full contrib in due course<br />
<br />
FAQ<br />
<br />
https://handbook.rocket.chat/company/tools/rocket.chat<br />
<br />
==Bugs==<br />
<br />
Please raise bugs under the SME-Contribs section in {{BugzillaFileBug|product=|component=|title=bugzilla}}and select the smeserver-rocketchat component or use <br />
{{BugzillaFileBug|product=SME%20Contribs|component=smeserver-rocketchat |title=this link}}.<br />
<br />
<br />
{{#bugzilla:columns=id,product,version,status,summary |sort=id |order=desc |disablecache=1 |component=smeserver-rocketchat |noresultsmessage="No open bugs found."}}</div>ReetPhttps://wiki.koozali.org/index.php?title=PHP&diff=42339PHP2023-10-26T13:59:08Z<p>ReetP: /* Installation of Composer */</p>
<hr />
<div>{{Languages|PHP}}<br />
Starting with SME 10, the '''php''' module is no longer used for httpd. Instead we rely on '''php-fpm''' which can enable every available version of php. <br />
<br />
By default we provide the following versions: <br />
<br />
*54 (maintained by Red-Hat up to CentOS 7 EOL: 30 Jun 2024).<br />
*55,56,70,71,72 (Note: unsupported!).<br />
*73 (supported up to 6 Dec 2021).<br />
*74 (supported up to 28 Nov 2022).<br />
*80 (supported up to 26 Nov 2023).<br />
<br />
<br /><br />
===db keys available to control php configuration and services===<br />
First you need to decide if you want to alter the php behaviour for an ibay or for a specific php version, of for all php versions.<br />
{| class="wikitable"<br />
|+db configuration properties<br />
!keys<br />
!role<br />
!<br />
|-<br />
|php<br />
|customization of /etc/php.ini<br />
|for php54<br />
|-<br />
|php55<br />
|customization of /opt/remi/php55/root/etc/php.ini<br />
| rowspan="8" |if no properties defined, will use php keys properties<br />
|-<br />
|php56<br />
|customization of /opt/remi/php56/root/etc/php.ini<br />
|-<br />
|php70<br />
|customization of /etc/opt/remi/php70/php.ini<br />
|-<br />
|php71<br />
|customization of /etc/opt/remi/php71/php.ini<br />
|-<br />
|php72<br />
|customization of /etc/opt/remi/php72/php.ini<br />
|-<br />
|php73<br />
|customization of /etc/opt/remi/php73/php.ini<br />
|-<br />
|php74<br />
|customization of /etc/opt/remi/php74/php.ini<br />
|-<br />
|php80<br />
|customization of /etc/opt/remi/php80/php.ini<br />
|}<br />
Every version of php has its own php-fpm service running, the related configuration db entry is (as shown in the Table above) php-fpm for php (ie php54), php55-php-fpm for php55 and so on.<br />
<br />
If you really want to disable one version of php, shown below is what you need to do for php55, as an example:<br />
config setprop php55-php-fpm status disabled<br />
signal-event webapps-update<br />
<br />
===Available properties===<br />
Here is a list of available properties to configure php. You have to choose at which level you want to handle the change. <br />
<br />
*Do you want the change for the whole server? -- then probably choose to change it for key php): db configuration setprop php ...<br />
*Do you want the change for a specific version of php? -- then you should probably do it against a specific php key e.g. : db configuration setprop php74 ...<br />
*Do you want to apply the change for a specific ibay? -- this is what we suggest you to do in most cases: db accounts setprop myibay ..<br />
<br />
{| class="wikitable"<br />
|+<br />
!php setting<br />
!ibay property<br />
!php.ini property<br />
!default<br />
!note<br />
|-<br />
| -<br />
|PHPVersion<br />
| -<br />
|74<br />
|can vary upon update if left empty<br />
|-<br />
|allow_url_fopen<br />
|AllowUrlFopen<br />
|AllowUrlFopen<br />
|off<br />
|unsecure keep to off<br />
|-<br />
|allow_url_include<br />
| -<br />
| -<br />
|off<br />
|<br />
|-<br />
|auto_prepend_file<br />
|AutoPrependFile<br />
| -<br />
|enabled<br />
|/usr/share/php/auth_translation.php unless disabled<br />
|-<br />
|disable_functions<br />
|DisableFunctions<br />
| -<br />
|system,show_source, symlink,exec,dl,shell_exec,passthru,phpinfo,escapeshellarg,escapeshellcmd<br />
|<br />
|-<br />
|display_errors<br />
|DisplayErrors<br />
| -<br />
|off<br />
|<br />
|-<br />
|error_log<br />
| -<br />
| -<br />
|/var/log/php/$key/error.log<br />
|<br />
|-<br />
|error_reporting<br />
|ErrorReporting<br />
| -<br />
|E_ALL & ~E_NOTICE & ~E_DEPRECATED & ~E_STRICT<br />
|<br />
|-<br />
|expose_php<br />
| -<br />
|ExposePHP<br />
|Off<br />
|<br />
|-<br />
|file_upload<br />
|FileUpload<br />
| -<br />
|Off<br />
|<br />
|-<br />
|mail.add_x_header<br />
| -<br />
|MailAddXHeader<br />
|disabled<br />
|only global, not per php version<br />
|-<br />
|mail.force_extra_parameters<br />
|MailForceSender<br />
|MailForceSender<br />
|root@$DomainName<br />
|ibayname@$DomainName for ibays<br />
|-<br />
|mail.log<br />
| -<br />
|MailLog<br />
|disabled<br />
|<br />
|-<br />
|max_execution_time<br />
|MaxExecutionTime<br />
|MaxExecutionTime<br />
|30<br />
|<br />
|-<br />
|max_file_uploads<br />
| -<br />
|MaxFileUpload<br />
|20<br />
|<br />
|-<br />
|max_input_time<br />
|MaxInputTime<br />
|MaxInputTime<br />
|60<br />
|<br />
|-<br />
|memory_limit<br />
|MemoryLimit<br />
|MemoryLimit<br />
|128M<br />
|<br />
|-<br />
|open_basedir<br />
|PHPBaseDir<br />
| -<br />
|/home/e-smith/files/ibays/IBAYNAME/:/var/lib/php/IBAYNAME/:/usr/share/php/:/usr/share/pear/:/opt/remi/php$version/root/usr/share/pear/:/opt/remi/php$version/root/usr/share/php/<br />
|<br />
|-<br />
|post_max_size<br />
|PostMaxSize<br />
|PostMaxSize<br />
|20M<br />
|<br />
|-<br />
|security.limit_extensions<br />
|AllowPHTML<br />
|<br />
|disabled<br />
|allow php to interprete more file (.php .htm .html .phar .phtml .xml)<br />
|-<br />
|sendmail_from<br />
| -<br />
|MailForceSender<br />
|root@$DomainName<br />
|<br />
|-<br />
|sendmail_path<br />
| -<br />
|SendmailPath<br />
|/usr/sbin/sendmail -t -i<br />
|<br />
|-<br />
|short_open_tag<br />
| -<br />
|ShortOpenTag<br />
|On<br />
|<br />
|-<br />
|upload_max_filesize<br />
|UploadMaxFilesize<br />
|UploadMaxFilesize<br />
|10M<br />
|<br />
|}<br />
if you want to set a specific value for an ibay, here we show how to use php80 for ibay MYIBAY and avoid having any disabled function:<br />
db accounts setprop MYIBAY disable_functions none PHPVersion 80<br />
signal-event webapps-update<br />
{{Note box|It is strongly suggested that you install the smeserver-webhosting contrib enabling you to set your ibay php values from the server-manager. Everything is available and it prevents you from making a mistake in the settings.}}<br />
<br />
===Display Error Messages===<br />
<br />
By default PHP does not display error messages on screen. Sometimes you get a blank page when executing PHP scripts. Usually some sort of error has occurred, but this error text will '''not''' be displayed as SME Server is configured to not display them. Instead the error messages are reported to the log files of the webserver and the general logfile of the server. <br />
<br />
Try to analyze your logfiles:<br />
/var/log/httpd/error_log and /var/log/httpd/access_log and perhaps also /var/log/messages.<br />
<br />
{{Warning box|It is strongly advised that you disable "display errors" after you have tracked and solved the problem, as the displayed error message might provide information (like filesystem layout) that only should be known to the system administrators and not to users, let alone people with bad intentions. Thus it is a potential SECURITY RISK. After debugging, disable it again.}}<br />
<br />
====Enable changes for all php versions====<br />
If you (for debugging purposes for instance) would like to enable it you can do it with the instructions found below:<br />
<br />
mkdir -p /etc/e-smith/templates-custom/etc/php.ini<br />
cp /etc/e-smith/templates/etc/php.ini/30ErrorHandling /etc/e-smith/templates-custom/etc/php.ini<br />
<br />
After that:<br />
<br />
sed -i /etc/e-smith/templates-custom/etc/php.ini/30ErrorHandling -e 's/display_errors.*/display_errors = On/g' <br />
<br />
After that issue the following commands:<br />
<br />
signal-event webapps-updates<br />
<br />
<br />
Now access your page again and see what the error is. <br />
<br />
====Undo Changes====<br />
If everything works you remove the 30ErrorHandling file from the /etc/e-smith/templates-custom/etc/php.ini folder and issue the last two lines again:<br />
<br />
signal-event webapps-update <br />
<br />
====Enable changes for a specific ibay====<br />
Starting SME10 and smeserver-php-3.0.0-39<br />
db accounts setprop MYIBAY DisplayErrors enabled <br />
signal-event webapps-update<br />
===Open basedir restriction===<br />
SME Server has a security measure in place which is called 'open basedir restriction'. This measure prevents PHP from executing or invoking other PHP scripts outside the scope of its own tree; in other words it creates a 'sandbox' or 'jail'.<br />
<br />
Overall configuration is defined in the php.ini file but you can add an override on a per ibay basis.<br />
<br />
====Error message====<br />
The PHP open basedir restriction is usually presented to the user like this in the /var/log/messages file:<br />
<br />
Aug 12 17:27:42 homer httpd: PHP Warning: main(): open_basedir restriction in effect. File(/tmp/test.php) is not within the allowed path(s): (/home/e-smith/files/ibays/Primary/html/) in /home/e-smith/files/ibays/Primary/html/test.php on line 2<br />
<br />
In general you will find this message in the log files only as by default PHP is configured to prevent the display of error messages to the end users. This can be changed as per [[PHP#Display_Error_Messages|this HowTo]].<br />
<br />
====Modifying the PHPBaseDir setting for an ibay====<br />
<ol><br />
(Please also see: [http://wiki.contribs.org/Useful_Commands#PHP_Related_Commands these] instructions on the [http://wiki.contribs.org/Useful_Commands Useful_Commands] page.)<br />
<!--Please do not remove the following closing tag as a fromatting/rendering bug will kick in, for more details see: http://bugzilla.wikimedia.org/show_bug.cgi?id=10893--><li>Open a SME Server shell as root user and document the current setting of the PHPBaseDir directive by writing down the output of the following command:<br />
db accounts getprop ibayname PHPBaseDir <br />
Be careful to write it down to the letter as we need it in the next step.<br />
For the Primary ibay the ouptut of above command would normally look like this:<br />
/home/e-smith/files/ibays/Primary/html/<br />
</li><li>Decide on what directory you would like to add and issue the following:<br />
db accounts setprop ibayname PHPBaseDir value<br />
Replace ibayname with the name of the ibay and value with the old value for the PHPBaseDir directive you have written down and a colon (:) followed by the full path to the directory you would like to add with a tailing slash (/), e.g.<br />
db accounts setprop Primary PHPBaseDir /home/e-smith/files/ibays/Primary/html/:/opt/gallery2/<br />
Above command would allow for invocation of scripts in the /opt/gallery2 path from the Primary ibay html folder by PHP.<br />
To allow uploading of files to via http to a ibay name wiki:<br />
db accounts setprop wiki PHPBaseDir /home/e-smith/files/ibays/wiki/:/tmp/<br />
<br />
</li><li>After defining the new setting we need to reflect the change in the configuration file of the web server and have the web server reload it's configuration file. This is done by issuing the following command:<br />
signal-event ibay-modify ibayname<br />
<br />
Be sure to replace ibayname with the name of the ibay you have just modified.<br />
</li></ol><br />
===Upload_tmp_dir===<br />
upload_tmp_dir<br />
<br />
From SME Server V8 up to and including SME Server V9, you could sometimes have an error thrown by PHP and would then need to specify a temporary directory (e.g. upload_tmp_dir) which is not set in php.ini. see [[bugzilla:6650]] and [[bugzilla:7652]]. Many php applications need this setting, the best-known culprits are Wordpress, Roundcube, eGroupWare, and there are others. The symptoms observed are that you can't upload contents to the PHP application.<br />
<br />
An easy resolution is to make a Custom Template to resolve this issue. See [[Uploadtmpdir]].<br />
<br />
=== Advanced use of the php-fpm pools ===<br />
<br />
==== For the ibays with php-fpm.d/ibays.conf ====<br />
For the ibays better option is to simply use the contrib [[Webhosting]].<br />
<br />
==== For the contrib sharefolders with php-fpm.d/shares.conf ====<br />
Similar to ibays.<br />
<br />
==== For the contribs with php-fpm.d/www.conf ====<br />
Please read [[Building Your Contrib]].<br />
<br />
==== For your custom needs with php-fpm.d/custom.conf ====<br />
You can build your own pool to use in any place on your server, even in a subfolder of an ibay or in place of the regular ibay php-pool (property PHPCustomPool).<br />
<br />
There are two ways in doing that:<br />
<br />
===== using db php =====<br />
Using the default template : /etc/e-smith/templates/etc/php-fpm.d/custom.conf , you can set your own pool doing:<br />
db php set MYPOOLNAME pool Version 81 status enabled<br />
here are the accepted supplementary properties, as always missing or empty means using default.<br />
{| class="wikitable"<br />
!property<br />
!default<br />
!values<br />
!information<br />
|-<br />
|status<br />
|enabled<br />
|enabled,disabled<br />
|-<br />
|Version<br />
|<br />
|<br />
|php version to use eg 80 for php 8.0<br />
|-<br />
|MemoryLimit<br />
|128M<br />
|<br />
|-<br />
|MaxExecutionTime<br />
|30<br />
|<br />
|-<br />
|MaxInputTime<br />
|60<br />
|<br />
|-<br />
|AllowUrlFopen<br />
|off<br />
|<br />
|-<br />
|MaxChildren<br />
|15<br />
|<br />
|-<br />
|PostMaxSize<br />
|10M<br />
|<br />
|-<br />
|UploadMaxFilesize<br />
|10M<br />
|<br />
|-<br />
|FileUpload<br />
|enabled<br />
|<br />
|-<br />
|BaseDir<br />
|<br />
|<br />
|-<br />
|DisabledFunctions<br />
|system,show_source,symlink,exec,dl,shell_exec,passthru,phpinfo,escapeshellarg,escapeshellcmd<br />
|<br />
|-<br />
|User<br />
|www<br />
|<br />
|-<br />
|Group<br />
|www<br />
|<br />
|-<br />
|DisplayErrors<br />
|disabled<br />
|<br />
|-<br />
|LogErrors<br />
|disabled<br />
|<br />
|-<br />
|MaxChildren<br />
|15<br />
|<br />
|-<br />
|AutoPrependFile<br />
|enabled<br />
|<br />
|will use the autoprepend file<br />
|-<br />
|MailForceSender<br />
|php\@$DomainName<br />
|<br />
|<br />
|}<br />
You will then need two httpd.conf custom template fragment to use your pool. You will need to change '''MYPOOL''' to what you want<br />
mkdir -p /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/<br />
vim /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/98mypoolusage<br />
<br />
<Directory /home/e-smith/files/ibays/test/html/mysubfolder><br />
SSLRequireSSL<br />
Options None<br />
Options +Indexes<br />
Options +FollowSymLinks<br />
DirectoryIndex index.php index.shtml index.htm index.html<br />
<FilesMatch \.php$><br />
SetHandler "proxy:unix:/var/run/php-fpm/php80-MYPOOLNAME.sock|fcgi://localhost"<br />
</FilesMatch><br />
AllowOverride All<br />
order deny,allow<br />
deny from all<br />
allow from all<br />
</Directory><br />
Then just do:<br />
signal-event webapps-update<br />
<br />
===== using a templates-custom =====<br />
You can write your own fragment in /etc/e-smith/templates-custom/etc/php-fpm.d/custom.conf/ e.g. /etc/e-smith/templates-custom/etc/php-fpm.d/custom.conf/15mypool<br />
<br />
You will also need to write a httpd fragment similarly to what shown just above.<br />
<br />
Here is an example if you want a custom pool for your ibay, in /etc/e-smith/templates-custom/etc/php-fpm.d/ibays.conf/15MYIBAY<syntaxhighlight lang="perl"><br />
{<br />
<br />
use esmith::AccountsDB;<br />
use esmith::php;<br />
my $a = esmith::AccountsDB->open_ro || die "Couldn't open the accounts database";<br />
my $ibay = $a->get("MYIBAY");<br />
my $version = PhpFpmVersionToUse($ibay);<br />
my $dynamic = $ibay->prop('CgiBin') || 'disabled';<br />
my $custom = $ibay->prop('CustomPool') || undef;<br />
next unless ($dynamic eq 'enabled' && $version eq $PHP_VERSION && $custom);<br />
my $key = $ibay->key;<br />
my $name = lc $key;<br />
my $pool_name = 'php' . $version . '-' . $name;<br />
$OUT .=<<"_EOF" if ($version eq $PHP_VERSION);<br />
<br />
[$pool_name]<br />
user = www<br />
group = www<br />
listen.owner = root<br />
listen.group = www<br />
listen.mode = 0660<br />
listen = /var/run/php-fpm/$pool_name.sock<br />
;<br />
;<br />
;put whatever you need there<br />
;<br />
;<br />
_EOF<br />
}<br />
<br />
</syntaxhighlight><br />
<br />
You have then to force the ibay to use it by doing :<syntaxhighlight lang="bash"><br />
db accounts MYIBAY setprop CustomPool enabled<br />
</syntaxhighlight>This will prevent the generation of the default ibay pool in ibays.conf , and let you use /var/run/php-fpm/php$version-$name.sock socket from your template-custom... or from the db php using the same key as the name of the ibay.<br />
<br />
===Installation of Composer===<br />
<br />
This is made tricky as we do not have the PHP CLI configured.<br />
<br />
But we can install it as follows with command line arguments. This is using php74.<br />
<br />
Download:<br />
php74 -d allow_url_fopen=on -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"<br />
<br />
Hash check:<br />
php74 -r "if (hash_file('sha384', 'composer-setup.php') === 'e21205b207c3ff031906575712edab6f13eb0b361f2085f1f1237b7126d785e826a450292b6cfd1d64d92e6563bbde02') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"<br />
<br />
Install:<br />
php74 -d allow_url_fopen=on ./composer-setup.php<br />
<br />
=== Bugs ===<br />
Please raise bugs under the SME-Server 10.X section in [http://bugs.contribs.org/enter_bug.cgi Bugzilla] and select the smeserver-php component or use {{BugzillaFileBug|product=SME%20Server%2010.X|component=e-smith-*%20and%20smeserver-*&20packages|title=this link}}.<br />
<br />
Below is an overview of the current issues for this package:<br />
{{#bugzilla:columns=id,product,version,status,summary |sort=id|order=desc |component=smeserver-php|noresultsmessage="No open bugs found."}}<br />
----<br />
<br />
[[Category: Howto]]<br />
[[Category: Webapps]]</div>ReetPhttps://wiki.koozali.org/index.php?title=PHPki&diff=42335PHPki2023-10-24T14:54:16Z<p>ReetP: /* Bugs */</p>
<hr />
<div>{{Languages|PHPki}}<br />
<br />
{{Note box| For v10 we have created a new update version of PHPKi called PHPKi-ng with fixes and higher security defaults. If you used the previous version you will need to create a new CA and certificates. We have imported the original version to contribs if you really need to use it, but it is not recommended, and will not be generally released.}}<br />
<br />
===Maintainer===<br />
Previous:<br />
[mailto:daniel@firewall-services.com][[User:VIP-ire|Daniel B.]] from [http://www.firewall-services.com Firewall Services]<br />
<br />
Now maintained by Koozali SME<br />
<br />
=== Version ===<br />
Old version prior SME10:smeserver-phpki and phpki <br />
<br />
New Version:<br />
<br />
{{#smeversion: smeserver-phpki-ng }}<br />
{{#smeversion: phpki-ng }}<br />
<br />
Please follow the installation instructions below. The installation instructions will satisfy all dependencies and the latest versions of the above 2 RPMs will be installed automatically.<br />
<br />
=== Description ===<br />
<br />
[http://sourceforge.net/projects/phpki/ PHPki] is an Open Source Web application for managing a multi-agency PKI for HIPAA compliance. With it, you may create and centrally manage X.509 certificates for use with S/MIME enabled e-mail clients, SSL servers, and VPN applications. PHPki is now used to manage certificates with the latest release of the [[OpenVPN_Bridge|SME Server OpenVPN Bridge contrib]].<br />
<br />
You can see a demo installation [http://phpki.sourceforge.net/phpki/ here.]<br />
<br />
=== Requirements ===<br />
{{Warning box|This version of PHPki is a slightly modified version, so it can be used with certificates generated with previous release of smeserver-openvpn-bridge, plus some others minor modifications.<br />
Starting phpki-ng-0.84, default_md has been upgraded to sha512 (previous was sha1). You can keep your existing CA working, but we strongly advise you to upgrade to a new instance, as the weak sha1 hash is a security issue. <br />
}}<br />
<br />
=== Installation ===<br />
<br />
{{Warning box| If openvpn is not detected PHPKi cannot generate a TA Key and it should advise you during install. To generate a TA Key once you have openvpn installed do this (assuming this is the correct directory)<br />
openvpn --genkey --secret /opt/phpki/phpki-store/CA/private/takey.pem <br />
chown phpki:phpki /opt/phpki/phpki-store/CA/private/takey.pem}}<br />
<br />
<tabs container><tab name="SME 10"><br />
*install the rpms<br />
yum --enablerepo=smecontribs install smeserver-phpki-ng<br />
<br />
go to the server-manager to the manage certificate menu and start creating your CA certificate<br />
<br />
Warning click only once and wait for the page to update it can be very long to create the 4096 certificate...<br />
<br />
</tab><br />
<tab name="SME 9"><br />
you have to enable the [[epel]] repository<br />
*install the rpms<br />
yum --enablerepo=smecontribs,epel install smeserver-phpki<br />
<br />
*and start/restart needed services:<br />
expand-template /etc/httpd/conf/httpd.conf<br />
expand-template /etc/httpd/pki-conf/httpd.conf<br />
sv t /service/httpd-e-smith<br />
sv u /service/httpd-pki<br />
<br />
* alternatively issue the following :<br />
signal-event post-upgrade; signal-event reboot<br />
<br />
on update you can issue <br />
expand-template /etc/httpd/conf/httpd.conf<br />
expand-template /etc/httpd/pki-conf/httpd.conf<br />
sv t /service/httpd-e-smith<br />
sv t /service/httpd-pki<br />
<br />
<br />
</tab><br />
<tab name="SME 8"><br />
For sme8<br />
*install the rpms<br />
yum --enablerepo=smecontribs install smeserver-phpki<br />
<br />
*and start/restart needed services:<br />
expand-template /etc/httpd/conf/httpd.conf<br />
expand-template /etc/httpd/pki-conf/httpd.conf<br />
sv t /service/httpd-e-smith<br />
sv u /service/httpd-pki<br />
<br />
* alternatively issue the following :<br />
signal-event post-upgrade; signal-event reboot<br />
</tab><br />
</tabs><br />
<br />
=== Configure your new PKI ===<br />
<br />
Go in the server-manager, you'll find a new "Manage Certificates" menu (or you can use the URL https://server.domain.tld/phpki/ca)<br />
Here you have to enter the following informations:<br />
<br />
**Organisation<br />
**Department<br />
**Common Name of the Master CA<br />
**E-mail (technical contact)<br />
**City<br />
**State<br />
**Country Code<br />
**Password (to protect the private key of the Master CA)<br />
**Validity of the CA<br />
**Keys size<br />
**URL of your PKI (https://my.domain.tld/phpki)<br />
<br />
These two screenshots illustrate the first (and the most important) part of this configuration page:<br />
<br />
[[File:PHPki_CA_initial_setup_data_part_1.png|768px|thumb|center|First part of the initiale configuration page (above)]]<br />
<br />
[[File:PHPki_CA_initial_setup_data_part_2.png|768px|thumb|center|First part of the initiale configuration page (low)]]<br />
<br />
The second part is like this:<br />
<br />
[[File:PHPki_CA_initial_setup_options.png|768px|thumb|center|Second part of the initiale configuration page]]<br />
<br />
The default settings should be OK for most installations. You may just want to change the "Help Document Contact Info" part.<br />
<br />
Once you have submitted this form (which can take several minutes, '''be patient''', as generating dh parameters can take a long time), you should have something like this:<br />
<br />
<br />
[[File:Phpki_init_finish.png|768px|thumb|center|Second part of the initiale configuration page]]<br />
<br />
Now you'll be able to start using PHPki. It's quite easy to use.<br />
<br />
The administrative interface is available on the server-manager or directly https://my.domain.tld/phpki/ca<br />
<br />
There's also a public interface, available only from the local networks, but without password at https://my.domain.tld/phpki.<br />
Here, users can download the Master CA certificate, the CRL, or search for certificates of other users (public part only of course).<br />
<br />
{{Note box|If you just installed the [[OpenVPN_Bridge]] contrib and are installing PHPki as suggested by the wiki page, or you just want to use [[PHPki]] without [[OpenVPN_Bridge]] contrib, then you are done here, and you don't have to migrate any certificates}}<br />
{{Note box|starting phpki-ng-0.84-14 new URL are available to access your CRL and request for certificate status <br />
<br />
http://www.somewhere.com/phpki/ns_revoke_query.php?<br />
<br />
http://www.somewhere.com/phpki/dl_crl.php}}<br />
<br />
=== Add another admin ===<br />
if you happen to need to delegate certificate generation, you can use user-panel to add access to the panel, but you will also need to add the user manually to phpki config <br />
<br />
edit /opt/phpki/phpki-store/config/config.php<syntaxhighlight lang="php"><br />
#$PHPki_admins = Array(md5('admin'));<br />
$PHPki_admins = Array(md5('admin'),md5('user2'));<br />
<br />
</syntaxhighlight><br />
<br />
=== Uninstall ===<br />
To uninstall the contrib from your server, just run the following commands:<br />
yum remove smeserver-phpki-ng phpki-ng<br />
expand-template /etc/httpd/conf/httpd.conf<br />
systemctl restart /service/httpd-e-smith<br />
<br />
{{Note box|As with many other rpms, removing phpki won't remove everything from your server. Especially certificates will be kept, and some php files. PHPKi-ng will attempt to backup any old certificates.<br />
}}<br />
<br />
Certificates and PKI configuration are stored in /opt/phpki/phpki-store, php files are in /opt/phpki/html<br />
{{Warning box|To start from scratch after uninstallation you need to get rid of the html and pkpki-store directories before reinstalling. <br />
The files in phpki-store can be very important, so my recommendation is to let them remain here. If you really want to remove them, just backup them before:<br />
cd /opt/phpki<br />
tar cvzf ~/phpki-backup.tar.gz ./<br />
Now you can remove the entire /opt/phpki directory<br />
rm /opt/phpki/{html,phpki-store} -rf<br />
}}<br />
<br />
=== Re-install ===<br />
<br />
==== before phpki-ng 0.84-14 ====<br />
If you have removed the contrib, and want to re-install it keeping your previous CA (assuming you restored /opt/phpki), you'll need to follow these steps after you have installed the rpms:<br />
<br />
cd /opt/phpki/html/<br />
rm -f index.php <br />
rm -f setup.php<br />
ln -s main.php index.php<br />
cat config.php.rpmsave > config.php<br />
cd ca<br />
rm -f index.php<br />
ln -s main.php index.php<br />
cd /opt/phpki/<br />
chown phpki:phpki -R phpki-store <br />
chown root:phpki -R html/config.php<br />
<br />
=== Bugs ===<br />
Please raise bugs under the SME-Contribs section in [http://bugs.contribs.org/enter_bug.cgi bugzilla]<br />
<br />
====smeserver-phpki-ng====<br />
<br />
For the new smeserver-phpki-ng select the smeserver-phpki-ng component or use {{BugzillaFileBug|product=SME%20Contribs|component=smeserver-phpki-ng|title=this link}}<br />
<br />
{{#bugzilla:columns=id,product,version,status,summary |sort=id |order=desc |component=smeserver-phpki-ng|noresultsmessage="No open bugs found."}}<br />
<br />
<br />
====phpki-ng====<br />
<br />
For the new phpki-ng itself select the phpki-ng component or use {{BugzillaFileBug|product=SME%20Contribs|component=phpki-ng|title=this link}}<br />
<br />
{{#bugzilla:columns=id,product,version,status,summary |sort=id |order=desc |component=phpki-ng|noresultsmessage="No open bugs found."}}<br />
<br />
=== Changelog ===<br />
Only released version in smecontrib are listed here.<br />
<br />
{{#smechangelog:smeserver-phpki-ng}}<br />
{{#smechangelog:phpki-ng}}<br />
----<br />
[[Category:Contrib]]<br />
[[Category:Administration:Certificates]]</div>ReetPhttps://wiki.koozali.org/index.php?title=Mod_Deflate&diff=42329Mod Deflate2023-09-20T17:11:38Z<p>ReetP: </p>
<hr />
<div>==Mod_Deflate for SME Server 7.x, 8.x, 9.x, 10.x==<br />
===Maintainer===<br />
<br />
Michel Van hees<br/><br />
----<br />
<br />
===Versions ===<br />
Activate mod_deflate on smeserver<br />
{{#smeversion:smeserver-mod_deflate}}<br />
<br />
===Description===<br />
<br />
This contribution mod_deflate for smeserver is an optional module for the Apache HTTP Server, Apache v2 only. Based on Deflate lossless data compression algorithm that uses a combination of the LZ77 algorithm and Huffman coding. This module provides the DEFLATE output filter that allows output from Apache HTTP server to be compressed before being sent to the client over the network.<br />
<br />
[http://httpd.apache.org/docs/2.0/mod/mod_deflate.html ModDeflate]<br />
<br />
===Install===<br />
<br />
Install with the following command and it will install all of the required packages for you.<br />
<br />
<tabs container><tab name="For SME 10"><br />
yum --enablerepo=smecontribs install smeserver-mod_deflate<br />
</tab><tab name="For SME 9 , 8, 7"><br />
<br />
yum --enablerepo=smecontribs install smeserver-mod_deflate<br />
/sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf<br />
/etc/rc.d/init.d/httpd-e-smith sigusr1<br />
</tab><br />
</tabs><br />
<br />
===Configuration===<br />
<br />
After that you can change the db parameter in a root terminal<br />
config show modDeflate <br />
modDeflate=service<br />
level=9<br />
status=enabled<br />
The value must between 1 (less compression) and 9 (more compression).<br />
X=(1 to 9)<br />
config setprop modDeflate level X <br />
config setprop modDeflate status enabled/disabled<br />
<br />
=== Uninstall ===<br />
yum remove smeserver-mod_deflate<br />
<br />
===Bug===<br />
<br />
Please raise bugs under the SME-Contribs section in {{BugzillaFileBug|product=|component=|title=bugzilla}}and select the smeserver-mod_deflate component or use {{BugzillaFileBug|product=SME%20Contribs|component=smeserver-mod_deflate|title=this link}}.<br />
{{#bugzilla:columns=id,product,version,status,summary |sort=id |order=desc |component=smeserver-mod_deflate |noresultsmessage="No open bugs found."}}<br />
<br />
----<br />
[[Category: Contrib]]</div>ReetPhttps://wiki.koozali.org/index.php?title=Dansguardian&diff=42328Dansguardian2023-09-19T08:46:19Z<p>ReetP: </p>
<hr />
<div>{{Languages}}<br />
== Dansguardian web content filtering ==<br />
{{Level|Medium}}<br />
<br />
{{Warning box| Dansguardian is deprecated and not available on Koozali SME v10.<br />
There is a fork called e2guardian http://e2guardian.org/cms/index.php and https://github.com/e2guardian }}<br />
<br />
=== Version ===<br />
{{ #smeversion: dansguardian}}<br />
{{ #smeversion: smeserver-dansguardian}}<br />
<br />
Also see:<br />
https://wiki.koozali.org/index.php?title=Dansguardian-panel<br />
{{ #smeversion: smeserver-dansguardian-panel}}<br />
<br />
=== Description ===<br />
<br />
Dansguardian is a web content filter, which analyses the actual content of web pages based on many criteria including phrase matching, PICS filtering, URL filtering and lists of banned sites. Each content type is given a score, and when the threshold score is exceeded, access to the web site is blocked. For additional information see http://dansguardian.org<br />
<br />
This HOWTO requires command line control to edit configuration files & restart the dansguardian service after configuration changes.<br />
<br />
There is a commercial implementation of Dansguardian for sme server which adds a server manager panel to allow GUI control of all Dansguardian functionality & settings, see http://dungog.net/wiki/Dungog-dansguardian<br />
<br />
<br />
<br />
===Information===<br />
<br />
To have a proper understanding of how Dansguardian works and the importance of certain configuration settings you should read the detailed installation notes and Manual at the Dansguardian web site http://dansguardian.org<br />
<br />
An old version 2.4 installation notes are here: http://dansguardian.org/downloads/detailedinstallation2.4.html#further<br />
<br />
The FAQ is here: http://sourceforge.net/docman/display_doc.php?docid=27215&group_id=131757<br />
<br />
Information about group configuration is here: http://contentfilter.futuragts.com/wiki/index.php?title=Group_Configuration<br />
<br />
Mailing list is here: http://tech.groups.yahoo.com/group/dansguardian/<br />
<br />
The information on the Dansguardian website and other websites referred to, is of a generic nature and some of it is NOT applicable to sme server installations, refer to the instructions in this HOWTO in preference.<br />
<br />
===Installation instructions===<br />
<br />
Install dansguardian and it's dependencies from the smecontribs repository<br />
yum --enablerepo=smecontribs install smeserver-dansguardian <br />
<br />
Optional, download and install a set of blacklists from http://urlblacklist.com/<br />
alternatively you can choose ftp://ftp.ut-capitole.fr/pub/reseau/cache/squidguard_contrib/blacklists.tar.gz from http://dsi.ut-capitole.fr/blacklists/<br />
<br />
{{Note box|It is not sufficient to simply install the package, the appropriate manual configuration is an integral part of getting Dansguardian working on your system. A minimal installation requires all the configuration steps listed below to be carried out, ie from the "Modifying Firewall and Proxy" section up to "Filter Groups and Auth login". Filter Group configuration is only required if you wish to control access on a per user basis.}}<br />
<br />
{{Tip box|If you would like to have a graphical and web based overview of what dansguardian has analyzed then take a look at http://wiki.contribs.org/Dansguardian-stats}} <br />
<br />
====Upgrading====<br />
There are substantial changes between dansguardian v2.9 over previous v2.8 (or earlier) installations. The recommendation from dansguardian.org is to edit the new configuration files/lists rather than try to edit your old ones.<br />
<br />
Upgrading from 2.9 versions creates .rpmnew config files under /etc/dansguardian. This preserves your existing config files, but there is a chance that dansguardian won't start if parameters in the config file have changed.<br />
<br />
Clamav libraries can cause problems when updating. If while updating you see something like<br />
Error: Missing Dependency: libclamav.so.3 is needed by package dansguardian<br />
Update with<br />
yum update --enablerepo=smecontribs dansguardian clamav <br />
then<br />
yum update<br />
<br />
===Modifying Firewall and Proxy===<br />
<br />
====Configuring your system to force Dansguardian usage & prevent bypassing====<br />
<br />
These instructions assume that the sme server is running in server gateway mode and acting as the gateway for your network, and the squid proxy is running on the same machine that Dansguardian is running on.<br />
<br />
If your server is configured in server only mode, then you will need to point your browser at that machine to find the squid proxy rather than the default gateway.<br />
<br />
Dansguardian uses port 8080 for web proxy requests. If your browser does not use port 8080 then Dansguardian filtering will be bypassed. To force this usage & prevent users bypassing filtering you should do ALL the following steps:<br />
<br />
'''1) Configure your SME Server to use Transparent Proxy port 8080 and to block direct access to the squid proxy port 3128 & redirect port 80 to port 8080'''<br />
<br />
Note the functionality to create the required custom firewall rules using iptables is built in to the smeserver-dansguardian and is configured with the following commands. The Transparent proxy must also be enabled (which is the sme default) to prevent users bypassing Dansguardian filtering.<br />
<br />
config setprop squid TransparentPort 8080<br />
config setprop squid Transparent yes<br />
config setprop dansguardian portblocking yes<br />
signal-event post-upgrade; signal-event reboot<br />
<br />
To return Transparent Proxy port to default value and to disable portblocking and to enable the Transparent proxy (which is the sme default)<br />
<br />
config setprop squid TransparentPort 3128<br />
config setprop squid Transparent yes <br />
config delprop dansguardian portblocking<br />
signal-event post-upgrade; signal-event reboot <br />
<br />
{{Note box|If you disable the Transparent Proxy feature of SME Server, Dansguardian can be bypassed at will by your users. You should keep the Transparent Proxy enabled (configured as above) for filtering to work.}}<br />
<br />
'''2) Configure your workstation web browser to auto detect proxy port'''<br />
<br />
Go to your workstation and open your browser eg Internet Explorer or Firefox or your preferred browser<br />
<br />
Change the settings for Connections to LAN<br />
<br />
Select Auto detect proxy<br />
<br />
Or alternatively use the server IP 192.168.1.1 (or whatever yours is) and use a port of 8080<br />
<br />
====Bypass Proxy====<br />
Allow individual PC's or selected sites to bypass the proxy (and dansguardian) entirely see [[Firewall#Bypass_Proxy]].<br />
<br />
====Workstation IP allocation====<br />
Control of workstation access to the web (when using dansguardian), is implemented by nominating the workstation IP in the various dansguardian configuration files (ie the local LAN IP address). To apply consistent filtering rules or allow proxy bypass (see section above), the workstation IP must remain the same throughout restarts & DHCP IP refreshes or allocations. Configuring your workstations to have a consistent IP is a fundamental & important step when configuring your whole computer system. <br />
<br />
This can be achieved by manually specifying a fixed IP address when each workstation is configured, but requires every workstation to be setup individually. Alternatively the workstation can be configured for auto allocation of an IP, and the Hostnames and Addresses panel in server manager can then be used to force the allocation of a specified IP by the SME DHCP server, based on the workstation NIC mac address. See the SME Manual for further details at http://wiki.contribs.org/SME_Server:Documentation:Administration_Manual:Chapter13#Reserving_IP_Addresses_Through_DHCP<br />
The basic steps are to determine the mac address of your workstation NIC and then create a hostname eg station5 and enter the mac address and the required "forced or fixed" IP eg 192.168.1.5 <br />
<br />
Any reference to the filtering of station5 then uses the IP 192.168.1.5, which will always stay the same, unless the NIC is changed. Remember to re-enter the mac address details into server manager, in the event the workstation NIC or motherboard is changed.<br />
<br />
====Configuring Proxy to use Auth login====<br />
<br />
Dansguardian supports different types of auth login ie ncsa, pam & ident, and allows control of web site access based on user name. For more details regarding the various auth login methods & other configuration requirements, see http://dansguardian.org or Google.<br />
<br />
Enable this functionality using the appropriate command, depending on your requirements. Most users of sme will probably use pam auth as that will authorise access against sme users and passwords.<br />
<br />
Choose one of the following<br />
config setprop squid RequireAuth pam<br />
config setprop squid RequireAuth ncsa<br />
config setprop squid RequireAuth ident<br />
<br />
To disable Auth login<br />
config delprop squid RequireAuth<br />
<br />
To enable any of the above setting changes you must follow the command with<br />
expand-template /etc/squid/squid.conf<br />
sv t /service/squid<br />
<br />
====Using NCSA Auth login====<br />
If you are using ncsa auth, create the user & password authentication list (you don't require users to be valid sme users)<br />
<br />
touch /etc/proxyusers<br />
<br />
Enter user names & password combinations one by one using this command<br />
<br />
htpasswd -b /etc/proxyusers username password<br />
<br />
You can test the authentication list using the following command<br />
<br />
/usr/lib/squid/ncsa_auth /etc/proxyusers<br />
<br />
Then enter the username & password when asked<br />
<br />
You will see a ERR or OK response<br />
<br />
====Using Ident login====<br />
If you are using ident auth, you will require a ident client on your workstation. One windows ident client is available from:<br />
<br />
https://sourceforge.net/projects/retinascan<br />
<br />
In some cases, the Windows firewall blocks access to the ident client and you will have to add an exception in your firewall rules as follows:<br />
<br />
'''Control Panel''' >> '''Windows Firewall''' >> '''Exceptions''' >> '''Add Port'''<br />
<br />
* Name: '''auth'''<br />
* Port number: '''113'''<br />
* '''TCP'''<br />
<br />
===Modifying Dansguardian Configuration Files===<br />
<br />
====Modifying Dansguardian dansguardian.conf & dansguardianf1.conf files====<br />
<br />
You need to manually modify various configuration files.<br />
As a minimum the following basic changes need to be made:<br />
<br />
pico -w /etc/dansguardian/dansguardian.conf<br />
<br />
You will initially need to change:<br />
accessdeniedaddress = 'http://YOURSERVER.YOURDOMAIN/cgi-bin/dansguardian.pl'<br />
for example to<br />
accessdeniedaddress = 'http://www.mydomain.com/cgi-bin/dansguardian.pl'<br />
<br />
Make any other required changes to suit your situation by carefully reviewing the other setting possibilities<br />
<br />
To save & exit<br />
Ctrl o<br />
Ctrl x<br />
<br />
<br />
pico -w /etc/dansguardian/dansguardianf1.conf<br />
<br />
You may initially need to change (to suit adult level of protection)<br />
naughtynesslimit = 50<br />
to<br />
naughtynesslimit = 160 <br />
(or even 250 or 300 depending on your sensitivity/tolerance requirements)<br />
<br />
Make any other required changes to suit your situation by carefully reviewing the other setting possibilities<br />
<br />
Save & exit<br />
Ctrl o<br />
Ctrl x<br />
<br />
Additional Options can be found here, http://wiki.contribs.org/Dansguardian/ConfigFiles under the topic dansguardian.conf & dansguardianf1.conf<br />
<br />
If you have additional filter groups, then additional configuration files will need to be created and modified. See section on "Filter Groups and Auth login" below.<br />
<br />
====Modifying other Dansguardian configuration files====<br />
<br />
You will need to change other config files to suit your site requirements:<br />
<br />
You can read information in the beginning of each config file that explains usage & syntax<br />
<br />
These are located in <br />
/etc/dansguardian/lists... <br />
/etc/dansguardian/lists/f2/... <br />
& so on and subfolders <br />
<br />
eg<br />
pico -w /etc/dansguardian/lists/f2/bannedextensionlist<br />
make the required changes<br />
Ctrl o<br />
Ctrl x<br />
<br />
Most users will need to change these 4 files as a minimum<br />
bannedextensionlist<br />
bannedsitelist<br />
bannedurllist<br />
exceptionsitelist<br />
<br />
You should review ALL the dansguardian config files in /etc/dansguardian/lists and subfolders as part of your initial Dansguardian setup. <br />
<br />
Some of the default settings in these files will prevent access to certain web sites and file types, which may conflict with your site requirements. <br />
<br />
For many more details and descriptions on the configuration files see [[:Dansguardian/ConfigFiles]] page of this Howto or at http://dansguardian.org<br />
<br />
====Modifying the default html error message page====<br />
<br />
You may also want to tailor the html template for the error message displayed when Dansguardian blocks a site, see<br />
/etc/dansguardian/languages/(languagename)/template.html<br />
or in some newer versions<br />
/usr/share/dansguardian/languages/(languagename)/template.html<br />
<br />
e.g.<br />
pico -w /etc/dansguardian/languages/ukenglish/template.html<br />
After you make any changes to the template.html you will need to run the command, <br />
/etc/init.d/dansguardian restart <br />
for the changes to take effect.<br />
<br />
====Filter Groups and Auth login====<br />
<br />
Dansguardian supports filter groups, which allow web access control of users based on filter group membership. Different users can have different access rights, and to achieve this each filter groups configuration files are configured with different access rights. Users are made members of the required filter group by editing /etc/dansguardian/lists/filtergroupslist<br />
<br />
When you open a web browser you get asked to login with a username & password.<br />
Depending on the users group membership they get filtered or unfiltered access. <br />
<br />
For additional information on filtering users access rights based on group membership (in conjunction with Auth login), see http:/dansguardian.org<br />
<br />
In order to use filter groups, you must be using one of the Auth login methods.<br />
<br />
If you wish to authenticate users when opening a browser using pam auth method, then you will need to disable Transparent Proxy as it is not compatible with this method.<br />
<br />
Issue the following command<br />
config setprop squid Transparent no <br />
expand-template /etc/squid/squid.conf<br />
sv t /service/squid<br />
<br />
Doing the above will also require you to manually specify the proxy settings in your browser, so you will need to add the server IP eg 192.168.1.1 and port 8080 for the proxy setting<br />
<br />
You cannot have pam auth enabled and Transparent Proxy set to yes.<br />
<br />
Issue one of the following commands to enable the type of Auth login required, which will then permit the configuration & use of Filter Groups<br />
config setprop squid RequireAuth pam<br />
config setprop squid RequireAuth ncsa<br />
config setprop squid RequireAuth ident<br />
<br />
To enable any of the above settings do<br />
expand-template /etc/squid/squid.conf<br />
sv t /service/squid<br />
<br />
<br />
When using Filter Groups, a typical situation may have:<br />
Filter Group 1 - blocked users (no access) - See [http://contentfilter.futuragts.com/wiki/index.php?title=Group_Configuration#Typically_Set_Default_Group_.28f1.29_To_No_Web_Access_At_All]<br />
Filter Group 2 - standard users (standard access rights)<br />
Filter Group 3 - guest users (limited access rights)<br />
Filter Group 4 - power users (more generous access & file download rights)<br />
Filter Group 5 - admin users (unlimited access)<br />
<br />
<br />
To create the additional filter group configuration files and folders do<br />
cp /etc/dansguardian/dansguardianf1.conf /etc/dansguardian/dansguardianf2.conf<br />
cp /etc/dansguardian/dansguardianf1.conf /etc/dansguardian/dansguardianf3.conf<br />
cp /etc/dansguardian/dansguardianf1.conf /etc/dansguardian/dansguardianf4.conf<br />
cp /etc/dansguardian/dansguardianf1.conf /etc/dansguardian/dansguardianf5.conf<br />
<br />
Because the Filter Group 1 (default) uses the configuration files located at the root of "/lists" directory, it is only necessary to create the rest of the directories f2, f3, f4 and f5 to host the configuration files for each Filter Group.<br />
<br />
Each filter directory (f2, f3, etc.) will house all the configuration files located at the root of "/lists" directory unless filtergroupslist, bannediplist and exceptioniplist, because they are not used for filtering because only they are called (logically) from the general configuration file dansguardian.conf.<br />
<br />
Because the configuration files are modified, is a smart idea to create a "virgin" copy of the files and then use it to create new filters directory. This directory will named "virgin" or something similar.<br />
<br />
mkdir -p /etc/dansguardian/lists/virgin<br />
cp /etc/dansguardian/lists/* /etc/dansguardian/lists/virgin<br />
rm -f /etc/dansguardian/lists/virgin/filtergroupslist<br />
rm -f /etc/dansguardian/lists/virgin/bannediplist<br />
rm -f /etc/dansguardian/lists/virgin/exceptioniplist<br />
cp -R /etc/dansguardian/lists/virgin /etc/dansguardian/lists/f2<br />
cp -R /etc/dansguardian/lists/virgin /etc/dansguardian/lists/f3<br />
cp -R /etc/dansguardian/lists/virgin /etc/dansguardian/lists/f4<br />
cp -R /etc/dansguardian/lists/virgin /etc/dansguardian/lists/f5<br />
(which will include all subfolders and files)<br />
<br />
Then edit & save the various main configuration files<br />
pico -w /etc/dansguardian/dansguardianf2.conf<br />
and change all instances of /lists/ to /lists/f2/ in filename locations<br />
<br />
<br />
pico -w /etc/dansguardian/dansguardianf3.conf<br />
and change all instances of /lists/ to /lists/f3/ in filename locations<br />
<br />
<br />
pico -w /etc/dansguardian/dansguardianf4.conf<br />
and change all instances of /lists/ to /lists/f4/ in filename locations<br />
<br />
<br />
pico -w /etc/dansguardian/dansguardianf5.conf<br />
and change all instances of /lists/ to /lists/f5/ in filename locations<br />
<br />
<br />
Edit & save the main dansguardian configuration file to setup filter groups<br />
pico -w /etc/dansguardian/dansguardian.conf<br />
<br />
Configure the following settings as shown<br />
#Filter group options<br />
filtergroups = 5<br />
(or however many filter groups you want to have)<br />
<br />
#Auth plugins<br />
authplugin = '/etc/dansguardian/authplugins/proxy-basic.conf'<br />
(leave other possibilities with # at start of line)<br />
<br />
<br />
Edit Filter Group 1 main configuration file<br />
pico -w /etc/dansguardian/dansguardianf1.conf<br />
<br />
Configure the following settings as shown<br />
#Filter group mode<br />
groupmode = 0<br />
<br />
#Filter group name<br />
groupname = 'Blocked Users'<br />
<br />
<br />
Edit & save Filter Group 2 main configuration file<br />
pico -w /etc/dansguardian/dansguardianf2.conf<br />
<br />
Configure the following settings as shown <br />
#Filter group mode<br />
groupmode = 1<br />
<br />
#Filter group name<br />
groupname = 'Standard Users'<br />
<br />
<br />
Edit & save Filter Group 3 main configuration file<br />
pico -w /etc/dansguardian/dansguardianf3.conf<br />
<br />
Configure the following settings as shown <br />
#Filter group mode<br />
groupmode = 1<br />
<br />
#Filter group name<br />
groupname = 'Guest Users'<br />
<br />
<br />
Edit & save Filter Group 4 main configuration file<br />
pico -w /etc/dansguardian/dansguardianf4.conf<br />
<br />
Configure the following settings as shown<br />
#Filter group mode<br />
groupmode = 1<br />
<br />
#Filter group name<br />
groupname = 'Power Users'<br />
<br />
<br />
Edit & save Filter Group 5 main configuration file<br />
pico -w /etc/dansguardian/dansguardianf5.conf<br />
<br />
Configure the following settings as shown<br />
#Filter group mode<br />
groupmode = 2<br />
<br />
#Filter group name<br />
groupname = 'Admin Users'<br />
<br />
<br />
Edit & save the Filter Groups List file to add details of users and their group membership<br />
All users are automatically members of Filter Group 1, so you only need to add details of users who are in other groups.<br />
pico -w /etc/dansguardian/lists/filtergroupslist<br />
add entries for users who are members of other filter groups, use this format<br />
username=filtergroupnumber<br />
for example<br />
ray=filter2<br />
george=filter3<br />
mary=filter4<br />
peter=filter5<br />
and so on.<br />
<br />
Filter group 2,3,4 & 5 settings override filter group 1 settings.<br />
<br />
Restart dansguardian for changes to take effect<br />
/etc/init.d/dansguardian restart<br />
<br />
You can create as many groups as you want, using similar steps as above.<br />
<br />
Each group can have different levels of filtering eg different exceptionlists and naughtyness limits etc.<br />
<br />
<br />
edit the exception and banned lists in<br />
pico -w /etc/dansguardian/lists/f2/exceptionsitelist<br />
etc etc<br />
<br />
and in each other group list structure eg f3, f4 & f5<br />
<br />
Where f2 is a blocked group then setting changes to exception & other lists for that group will have no effect.<br />
Where f5 is a unfiltered group then setting changes to exception & other lists for that group will have no effect.<br />
<br />
====ClamAV support====<br />
<br />
If you want to use DansGuardian with SME antivirus, edit /etc/dansguardian/dansguardian.conf and uncomment following line:<br />
contentscanner = '/etc/dansguardian/contentscanners/clamdscan.conf'<br />
Now at the end of the file, add following lines:<br />
# OPTION: virusscanexceptions<br />
# If off, antivirus scanner will ignore exception sites and urls.<br />
virusscanexceptions = on<br />
<br />
also edit /etc/dansguardian/contentscanners/clamdscan.conf and uncomment<br />
+ clamdudsfile = '/var/clamav/clamd.socket'<br />
- #clamdudsfile = '/var/run/clamav/clamd.socket'<br />
<br />
If you also want to be warned each time a bad page is blocked, edit /etc/dansguardian/dansguardianf1.conf and modify default settings:<br />
usesmtp = on<br />
mailfrom = 'dansguardian'<br />
avadmin = 'admin'<br />
contentadmin = 'admin'<br />
notifyav = on <= virus mail alert<br />
notifycontent = on <= content mail alert<br />
<br />
Restart dansguardian and try to [http://securite-informatique.info/virus/eicar/download/eicar.zip download eicar test virus ]<br />
<br />
DansGuardian should block the download!<br />
<br />
=====ClamAV & Dansguardian on SME 9+=====<br />
The path to clamd.socket changed with SME 9, and [https://forums.contribs.org/index.php/topic,52519.msg269937.html#msg269937 users report] file access rights issues between dansguardian and clamav.<br />
<br />
After installing DansGuardian and completing the clamav setup instructions above, there are 3 extra steps to take on SME9:<br />
<br />
1. The path to clamd.socket must match the path given in /etc/clamd.conf<br />
* edit <span style="color:blue;">/etc/dansguardian/contentscanners/clamdscan.conf</span> and set clamdudsfile to:<br />
clamdudsfile = '/var/clamav/clamd.socket'<br />
<br />
2. Dansguardian and Clamav must run as the same user for clamav scanning to work. Set Dansguardian to run as 'clamav' as follows:<br />
* edit <span style="color:blue;">/etc/dansguardian/dansguardian.conf</span><br />
** uncomment 'daemonuser' and 'daemongroup'<br />
** set 'daemonuser' to 'clamav':<br />
daemonuser = 'clamav'<br />
daemongroup = 'dansguardian<br />
<br />
3. Correct the ownership on existing files and folders that belong to the original dansguardian user account.<br />
* Execute the commands below<br />
chown clamav /var/log/dansguardian/access.log<br />
'rm' -rf /tmp/.dguardianipc<br />
'rm' -rf /tmp/.dguardianurlipc<br />
<br />
<br />
Restart dansguardian and test<br />
/etc/init.d/dansguardian restart<br />
<br />
====Other Dansguardian Config Files====<br />
<br />
There are many other config files, including but not limited to the ones in this appendix<br />
<br />
See [[:Dansguardian/ConfigFiles]]<br />
<br />
===Starting Dansguardian===<br />
<br />
After install & initial configuration you must manually start Dansguardian to enable web content filtering<br />
<br />
(Note that suitable links to start Dansguardian at startup/reboot are setup when the rpm is installed)<br />
<br />
/etc/init.d/dansguardian start<br />
<br />
'''Stopping Dansguardian'''<br />
<br />
If you need to stop Dansguardian (ie to disable filtering or test your system without Dansguardian running)<br />
<br />
/etc/init.d/dansguardian stop<br />
<br />
'''Restarting Dansguardian'''<br />
<br />
You will need to restart Dansguardian after making any configuration changes (so they can take effect)<br />
<br />
/etc/init.d/dansguardian restart<br />
<br />
'''Status check of Dansguardian'''<br />
<br />
If you need to check that Dansguardian is running<br />
<br />
/etc/init.d/dansguardian status<br />
<br />
<br />
<br />
===Testing access===<br />
<br />
From a workstation web browser go to the site of www.sex.com or www.sex.com.au<br />
<br />
You should receive a message advising the site is blocked. Try browsing to other sites with inappropriate content or a site on your banned site list and you should receive a site blocked message.<br />
<br />
Remember that access to sites is controlled by settings in the config files.<br />
<br />
=== Using Group Policy Editor to force proxy port setting on workstations ===<br />
<br />
If you are using Windows & Internet Explorer you can use Group Policy Editor (gpedit.msc) to configure your workstation settings, to force all users of the workstation to use preset proxy port settings.<br />
<br />
Refer to this forum thread for additional details<br />
<br />
http://forums.contribs.org/index.php?topic=38284.0<br />
<br />
Some users report that this method does not seem to work for them.<br />
<br />
An alternative approach (which is known to work OK), is to use gpedit.msc to remove the IE menu option for changing connection settings. Do this using the following brief steps.<br />
<br />
Run gpedit.msc<br />
<br />
Select Local Computer Policy<br />
<br />
Select User Configuration<br />
<br />
Select Administrative Templates<br />
<br />
Select Windows Components<br />
<br />
Select Internet Explorer<br />
<br />
Select Disable changing connection settings<br />
<br />
Select Enabled then click OK<br />
<br />
This will disable the Internet Explorer menu Tools/Internet Options/Connections, so ensure you have made the correct desired settings first.<br />
<br />
<br />
Note that if TransparentPort = 8080 and portblocking = yes and you are not using Group Filtering, workstations can be set to "Auto detect proxy port" and will be forced to use Dansguardian.<br />
<br />
Note that if Transparent = no and you are using Group Filtering with user login authentication, then your browsers proxy port will need to be set to port 8080 (for all users). If you are using Windows & Internet Explorer, then using gpedit.msc can simplify configuration for all users of workstations.<br />
<br />
=== Bugs ===<br />
Please raise bugs under the SME-Contribs section in {{BugzillaFileBug|product=|component=|title=bugzilla}}and select the smeserver-dansguardian component or use {{BugzillaFileBug|product=SME%20Contribs|component=smeserver-dansguardian|title=this link}}.<br />
<br />
{{#bugzilla:columns=id,product,version,status,summary |sort=id |order=desc |component=smeserver-dansguardian|noresultsmessage="No open bugs found."}}<br />
<br />
<br />
===Changelog===<br />
Only versions released in smecontrib are listed here.<br />
<br />
{{ #smechangelog: smeserver-dansguardian}}<br />
<br />
<br />
<br />
----<br />
[[Category:Contrib]]<br />
[[Category:Dungog]]<br />
[[Category:Administration:Content Spam Virus Blocking]]<br />
[[Category:Security]]<br />
[[Category:Contrib:webfiltering]]</div>ReetPhttps://wiki.koozali.org/index.php?title=Dansguardian-panel&diff=42327Dansguardian-panel2023-09-19T08:46:14Z<p>ReetP: </p>
<hr />
<div>{{Languages}}<br />
== Dansguardian web content filtering ==<br />
{{Level|Medium}}<br />
<br />
{{Warning box| Dansguardian is deprecated and not available on Koozali SME v10.<br />
There is a fork called e2guardian http://e2guardian.org/cms/index.php and https://github.com/e2guardian }}<br />
<br />
=== Version ===<br />
{{ #smeversion: smeserver-dansguardian-panel}}<br />
<br />
Also see:<br />
<br />
https://wiki.koozali.org/index.php?title=Dansguardian<br />
<br />
{{ #smeversion: dansguardian}}<br />
{{ #smeversion: smeserver-dansguardian}}<br />
<br />
=== Foreword ===<br />
Thank you to Stephen Noble for releasing his work.<br />
The original documentation is found here: http://dungog.net/wiki/index.php?title=Dungog-dansguardian<br />
<br />
==Dansguardian, Web Content Filter==<br />
<br />
Users on your LAN can have their web browsing filtered, to block objectionable sites,<br />
to perform realtime virus scanning of browsing, or to satisfy a regulatory requirement.<br />
Filtering of web content is performed by the DansGuardian program. <br />
<br />
A word from the Dan behind DansGuardian, Please read http://dansguardian.org/?page=copyright2 and register and/or pay and/or donate for DansGuardian as you feel appropriate.<br />
<br />
===Translations=== <br />
The dansguardian panel is now translated into most SME languages, refer to [[:Translations]]<br />
<br />
===ClamAV and Updates=== <br />
Previous to dansguardian-2.10.0.3-4, when ClamAV was upgraded library versions could get out of sync, eg libclamav.so.2 to libclamav.so.3 gave yum update errors.<br />
<br />
To solve this upgrade dansguardian to at least dansguardian-2.10.0.3-4<br />
<br />
yum update --enablerepo=smecontribs dansguardian <br />
<br />
:http://bugs.contribs.org/show_bug.cgi?id=5111<br />
<br />
===smeserver-dansguardian=== <br />
This provides all the SME intergration to get dansguardian running,<br><br />
you will need to hand edit the configuration files in /etc/dansguardian to suit.<br />
Documentation here http://wiki.contribs.org/Dansguardian should help.<br />
<br />
yum install dansguardian smeserver-dansguardian<br />
<br />
Alternatively you can purchase smeserver-dansguardian-panel<br />
<br />
===smeserver-dansguardian-panel===<br />
Provides a server-manager panel to help in the ongoing configuration.<br />
You can use existing or make new SME groups to give users different levels of Filtering. <br />
<br />
Other Features include<br><br />
Filter Groups are setout logically with each config file presented clearly<br><br />
A special ''everybody'' group exist to save time enter the same site for each group<br><br />
Enhanced denied access page alternatives are preconfigured for you<br><br />
Enhanced regexp checks are given as check box options<br><br />
Settings are saved in a SME Database to preserve changes during upgrades <br />
<br />
yum install smeserver-dansguardian-panel [& optionally dungog-blacklists]<br />
<br />
Access at \server-manager > dungog.net > Web Content Filter<br />
<br />
====Overview====<br />
<br />
[[Image:DansOverview2.png]]<br />
<br />
=====Global Settings=====<br />
[[Image:DansGlobal.png]]<br />
<br />
=====Proxy Settings=====<br />
[[Image:DansProxy.png]]<br />
<br />
====Filter Group====<br />
<br />
When the proxy access method is set to Authenticate, a user is required to enter<br />
their user password before they can have access to the internet.<br />
Or you can use Ident to authenticate your users which does away with the need to login,<br />
NB. Ident can be misled by multiple logins on the same PC<br />
<br />
With authenticated users you can filters users differently,<br />
This is set by creating SME groups.<br />
Select your SME groups on the server-manager dansguardian panel<br />
(with ncsa use the proxy-user panel)<br />
You can also make PC's banned or unfiltered by adding their IP address to the panel.<br />
<br />
Users are part of the default filter group, until you create a 2nd filter group by selecting a group from the list of pre arranged SME groups.<br />
<br />
To keep your setup uncomplicated you could use two groups.<br />
One group can be more restrictive and the other less restrictive.<br />
<br />
An example of a restrictive group is one that has a blanket ban on all sites,<br />
then a white or grey list of allowed sites<br />
<br />
A less restrictive group may have a high weighted phrase limit, and just blacklist<br />
sites with ads, porn and warez<br />
<br />
Each filter group can have their own [[:smeserver-dansguardian-panel#Custom_Access_Denied_Page|custom denied access page]]<br />
=====Settings=====<br />
[[Image:DansFilterGroup1.png]]<br />
<br />
=====Lists=====<br />
[[Image:DansFilterGroup2.png]]<br />
<br />
====Lists====<br />
=====Phraselists=====<br />
<br />
Phrase lists are installed by default by DansGuardian<br />
<br />
They are the brains behind dansguardian. These contain the<br />
phrases that are checked on each web page page. A large selection of lists are available but you have to enable them for each filter group, select modify next to each<br />
filtergroup, select phraselists from the table, and check the lists you wish to use.<br />
<br />
You are encouraged to send feedback and forward any changes and additions that have general use to the [http://contentfilter.futuragts.com/phraselists Phraselist maintainer], he has a later set of phrases that you can manually install over the release version.<br />
<br />
You can add separate phrases in the weighted/allow/deny records or create you own lists.<br />
Create your own lists by making a new directory<br />
mkdir /etc/dansguardian/lists/phraselists/mylist<br />
Three files can be used, but weighted must exist for the group the be recognised.<br />
weighted contains phrases that are scored and count towards the Weighted phrase limit<br />
banned contains phrases that cause the page to be denied<br />
exception contains phrases that allow the page to pass<br />
now add this list to the internal database, from the command line<br />
db phraselist set mylist list <br />
where mylist is the name of your list & use your own description<br />
<br />
There are over 30 lists, below is just the top of the page<br />
[[Image:DansPhraselist2.png]]<br />
<br />
=====Blacklists=====<br />
<br />
You can if you wish install blacklists from mesd.k12.or.us or many other sources, including commercial lists like those available from [http://www.squidblacklist.org Squidblacklist.org - Blacklists For Squid Proxy & More.]<br />
You can download a rpm from dungog.net/sme or<br />
this can be updated or installed with rsync, run from the command line<br />
or add /usr/bin/rsync-sgbl to cron, weekly or monthly. (sgbl=squidguard blacklist)<br />
There is alternate commercial blacklist from URLBlacklist.com<br />
You select which individual black/white/greylists to use for each filter group.<br />
<br />
Although this is called a blacklist, the categories can be used as white or grey lists also. Being listed does not infer that the site is bad - these are just lists of sites.<br />
<br />
If you choose to use or trial the lists from blacklist .com, download the tgz file,<br />
uncompress and move to the /etc/dansguardian/blacklists directory.<br />
<br />
You can create your own lists by making a new directory<br />
mkdir /etc/dansguardian/blacklists/mylist<br />
two files are used<br />
domains contains whole sites eg mysite.com<br />
urls contains parts of sites eg mysite/part<br />
now add this list to the internal database<br />
db blacklist set mylist list <br />
where mylist is the name of your list & use your own description<br />
<br />
[[Image:DansBlacklist2.png]]<br />
<br />
=====General Lists=====<br />
[[Image:DansLists2.png]]<br />
<br />
Also see http://wiki.contribs.org/Dansguardian/ConfigFiles<br />
<br />
*Banned, Exception and Grey Lists<br />
These lists can override other settings such as weighted phrase or blacklists. They either allow or deny a page depending on the settings. The grey lists override the banned lists. The exception lists override the banned lists also. The difference is that the exception lists completely switch off *all* other filtering for the match. Grey lists only stop the URL filtering and allow the normal filtering to work.<br />
<br />
You add records to the default lists in the ''Lists Configuration'' page.<br />
If you have a lot records to add you can prepare a file and insert it into the template directory.<br />
You are prompted with the file name on each page.<br />
<br />
You can use symbolic links to expose the site config file into an ibay for easier access, you must be sure that anyone who edits the file knows to use a unix file format.<br />
<br />
*Exceptionsitelist, Bannedsitelist, Greysitelist<br />
Affects the hostname part of a URL eg yahoo.com or for finer control mail.yahoo.com<br />
You can affect everything from the .us domain with .us or allow all things australian<br />
by using just using .au<br />
<br />
*ExceptionURLlist, BannedURLlist, GreyURLlist<br />
Affects the parts of a domain eg abc.net.au/children or bbc.co.uk/cricket will affect<br />
the childrens and cricket sections of the domains<br />
<br />
*Exceptionphraselist, Bannedphraselist, Weightedphraselist <br />
While checking the contents of a page will block or allow if these phrases are found.<br />
This is slightly different to weighted phrases which scores the contents and won't<br />
have an affect until enough the set limit is reached.<br />
<br />
A word or phrase is enclosed by < sex> angle brackets, a leading or trailing space<br />
inside the angle brackets is significant. eg [space]sex will not find middlesex<br />
<br />
*Exceptioniplist, Bannediplist<br />
Affects a PC on the local network with that IP address, Note. SMEserver can assign<br />
a static IP based on a network card's MAC address via the hostname and addresses panel<br />
<br />
*Exceptionuserlist, Banneduserlist<br />
Affects a user when the proxy access method is set to Pam Auth, see the next<br />
section for details, This is set by selecting a SME group.<br />
<br />
*Exceptionvirusmimetype, Exceptionvirusextension, Exceptionvirussitelist, Exceptionvirusurllist<br />
When virus scanning of browsing is enabled these files or sites are not scanned<br />
<br />
*Bannedregexpurllist<br />
Affects a URL that contains a pattern that is matched by a unix regular expression.<br />
This is very powerful but also difficult to understand and get right if you don't<br />
know your regular expression rules.<br />
<br />
*Bannedfileextlist<br />
Common catagories of files have been grouped so you only need to check a box<br />
on the filter group page. You can ban other file types not included in that list.<br />
<br />
*Bannedmimetypelist<br />
Affects files of a defined mime type<br />
<br />
*Greyurllist, Greysitelist<br />
An example of grey list use is when in Blanket Block (whitelist) mode and you want to allow some sites but still filter as normal on their content. Another example of grey list use is when you ban a site but want to allow part of it. <br><br />
The greyurllist is for partly unblocking PART of a site<br><br />
The greysitelist is for partly unblocking ALL of a site<br><br />
<br />
====Access Denied====<br />
When a page is blocked the denied usage screen is displayed.<br />
The details of why the page was blocked can be brief or detailed depending on the settings.<br />
<br />
The override bypass link is shown if the user is authenticated, the reporting level is set to report details and the bypass link is enabled in the filtergroup<br />
<br />
Each filter group can have their own denied access page<br />
<br />
[[Image:DansDenied.png]]<br />
<br />
The denied access page can be stripped down to the bare minimum, x (blocked) + (bypass)<br />
<br />
This version is available in the next release 2.9.9.1 with<br />
db dungog setprop dansguardian deniedurl yourserver.net/cgi-bin/denied.pl <br />
[[Image:DansDenied2.png]]<br />
<br />
====Proxy Access and Browser Setup====<br />
=====ldap=====<br />
Authenticate against an LDAP server<br />
<br />
BETA, from smeserver-dansguardian-panel-2.9-19<br />
<br />
Tested with ldap on SME, may need refinement with MS Active Directory<br />
<br />
This isn't 'Single Sign On'. The user is prompted for their LDAP/AD username and password. If users tick remember and save password this is only a small inconvenience.<br />
<br />
Two tests need to be run to verify your LDAP settings and two db settings saved.<br />
<br />
The settings are your ldap server hostname.domainname, just an IP will do <br />
config setprop squid host ldap://k8.232.net<br />
<br />
And your ldap server Distinguised Name<br />
config setprop squid dn dc=232,dc=net<br />
<br />
Test these are correct with<br />
<br />
1. Authenticate against LDAP<br />
/usr/lib/squid/squid_ldap_auth -b dc=232,dc=net -f uid=%s -h ldap://k8.232.net<br />
<br />
the server waits for you to enter a username, then a space then the password, success with an OK<br />
<br />
sam SamSam987^%$<br />
OK<br />
<br />
2. Retrieve filter group members, eg. for the group students, where the attribute of the users is memberUid<br />
yum install openldap-clients<br />
<br />
ldapsearch -x -LLL -H ldap://k8.232.net -b dc=232,dc=net cn=students memberUid<br />
dn: cn=students,ou=Groups,dc=232,dc=net<br />
memberUid: bernard<br />
memberUid: stephen<br />
<br />
Let us know if you need to change the command to connect, and we can add to smeserver-dansguardian-panel<br />
<br />
see also <br />
man squid_ldap_auth<br />
man ldapsearch<br />
<br />
eg if the LDAP server requires authentication, for squid_ldap_auth add something like -D cn=root,dc=232,dc=net -W /etc/ldap.pwd<br />
<br />
<br />
set the browser to use <nowiki>http://proxy/proxy.pac</nowiki>, users are required to have valid accounts on the LDAP server and must enter their username/password to access the proxy.<br />
<br />
=====pam=====<br />
set the browser to use <nowiki>http://proxy/proxy.pac</nowiki>, users are required to have valid accounts on the server and must enter their username/password to access the proxy. <br />
<br />
=====ncsa=====<br />
set the browser to use <nowiki>http://proxy/proxy.pac</nowiki>, users are NOT required to have valid accounts on the server users must enter their username/password to access the proxy. Create a user password file and assign users to groups.<br />
<br />
To add users to the NCSA database /home/e-smith/db/proxyusers<br />
<br />
we have a panel [[:Dungog-proxyusers|dungog-proxyusers]]<br />
yum install dungog-proxyusers<br />
<br />
or ...<br />
<br />
db proxyusers set stephen user password 6ecreT group staff<br />
db proxyusers set jimmy user password wiggles group students<br />
<br />
where groups staff and students are enabled in the dansguardian panel<br />
as 2nd or 3rd filter group, bypass, banned or unfiltered<br />
<br />
you can edit passwords and groups by<br />
db proxyusers setprop password fruit5ly group students<br />
<br />
after adding users<br />
signal-event proxy-passwd<br />
<br />
you may create or import a file in this format<br />
<br />
stephen=user|password|6ecreT|group|staff<br />
jimmy=user|password|lItt6kk|group|students<br />
then<br />
chmod 640 /home/e-smith/db/proxyusers<br />
chown root.admin /home/e-smith/db/proxyusers<br />
<br />
=====ident=====<br />
set the browser to use <nowiki>http://proxy/proxy.pac</nowiki>, If you are using ident auth, you will require a ident client on your workstation. One windows ident client is available from: https://sourceforge.net/projects/retinascan.<br />
<br />
In some cases, the Windows firewall blocks access to the ident client and you will have to add an exception in your firewall rules as follows: <br><br />
Control Panel > Windows Firewall > Exceptions > Add Port <br><br />
Name: ''auth'' > Port number: ''113'' > ''TCP''<br />
<br />
=====transparent proxy=====<br />
no browser setup is needed. will filter on 8080 or the port you nominate. Note, this can be bypassed by the user entering 3128 in their browser.<br />
<br />
=====disable dansguardian=====<br />
resets transparent proxy to 3128, remember to untick port blocking if you enabled it. <br />
<br />
Your Operating system may allow you to lock down your browser proxy settings,<br />
an alternative is to use the tick box in the panel to block ports 3128 to stop the filter being bypassed.<br />
<br />
====Help====<br />
<br />
=====Restarting Dansguardian=====<br />
With a 'save & restart' Squid is restarted, Squid must restart before dansguardian, if it hasn't try 'save & reload' which doesn't restart squid or drop to command line and check. You can check if dansguardian is running with: <br />
ps ax |grep dans<br />
to start or stop from the command line see<br />
dansguardian -h<br />
<br />
Restarting dansguardian from the panel affects users differently depending on the button<br />
the options are:<br />
<br />
Restart<br />
-Q kill any running copy AND start a new one with current options.<br />
<br />
Reload<br />
-r closes all connections and reloads config files by issuing a HUP, <br />
but this does not reset the maxchildren option.<br />
<br />
=====Custom Access Denied Page=====<br />
*CGI<br />
To create/edit a custom .pl you have two options <br><br />
create a new .pl file, dansguardianfN.pl and edit to suit <br><br />
cp /home/e-smith/files/ibays/Primary/cgi-bin/dansguardian.pl <br><br />
to /home/e-smith/files/ibays/Primary/cgi-bin/dansguardianfN.pl <br><br />
where N is the filtergroup number<br />
<br />
or set a db value deniedurl which overrules the above method, see db section below<br />
<br />
*HTML<br />
to create/edit a custom .html <br><br />
You can edit a html template in /etc/dansguardian/languages / LANGUAGE / template.html <br><br />
LANGUAGE defaults to ukenglish but you can set with a DB command<br />
<br />
make a copy relative to your filter level eg templatef2.html in your language directory<br />
<br />
you can edit the default but it will be overwritten when you upgrade the Dansguardian rpm, so make a copy as templatef0.html which will be used if it exists<br />
<br />
html template doesn't include a bypass link<br />
<br />
=====DB settings=====<br />
Not all settings can be set from the panel, <br />
you can set these settings with db commands,<br />
activate db settings with<br />
signal-event dansguardian-reload<br />
<br />
<br />
*Language support, see options in /etc/dansguardian/languages, default is ukenglish<br />
db dungog setprop dansguardian language danish<br />
<br />
*Set an alternate page denied url, eg. for filter group 2<br />
db dungog setprop dansguardianf2 deniedurl 2321.net/cgi-bin/deniedf2.pl<br />
then select and save this value in the filtergroup panel<br />
<br />
*change default denied page<br />
db dungog setprop dansguardian deniedurl 2321.net/cgi-bin/denied.pl<br />
<br />
*to just change from the Primary domain to another of your domains<br />
db dungog setprop dansguardian wsn 4545.org<br />
<br />
*POST protection, eg. uploads, forms etc. <br><br />
Maximum Size of file allowed to be uploaded <br><br />
default is -1 (no restrictions) <br><br />
or enter a size in kb's eg. <br><br />
0 = complete block <br><br />
500 = 500 kb <br><br />
5000 = 5 mb <br><br />
db dungog setprop dansguardian maxuploadsize -1<br />
<br />
*A shortcut to entering a set of banned extensions, where fX is the filtergroup f1-f5<br />
db dungog setprop dansguardian bannedextfX exe on (executable)<br />
db dungog setprop dansguardian bannedextfX macro on (macros and viruses)<br />
db dungog setprop dansguardian bannedextfX arc on (archives)<br />
db dungog setprop dansguardian bannedextfX time on (bandwidth wasting)<br />
<br />
<br />
=====Time base restrictions=====<br />
An alternative or additional method of control is to use a script to change db settings with cron, <br />
<br />
see /usr/bin/dproxy for an example. <br />
<br />
This would allow you to ban access to the internet for a group or to give unfiltered access. Make a copy of your altered script so it isn't overwritten by the next rpm update, and enable the changes with a cron job.<br />
<br />
say your copy is /usr/bin/kidproxy<br><br />
give access at 17:00 with /usr/bin/kidproxy open<br><br />
then shutdown at 19:00 with /usr/bin/kidproxy close<br />
<br />
=====MSN=====<br />
To block MSN Messanger add the following to [mime types - Deny]<br />
<br />
application/x-msn-messenger<br />
<br />
=====Troubleshooting=====<br />
<br />
*Switch off or modify firewalls which block port 8080 on the client PC<br />
<br />
*A few users have had problems with transparent proxying, and we cant work out why, it's probably network issues. If this happens, which is uncommon, the best we can suggest is to use ident and set 8080 in your browser. Without adding an ident client you are assumed to be in the default filter group.<br />
<br />
*If the 'denied access' page comes up as follows, it is a problem with the syntax of your edited denied page or denied page url.<br />
DansGuardian - 400 Bad Request<br />
<br />
* Bypassing the proxy selectively<br />
<br />
You have Transparent Proxy enabled but want to allow this to be selectively bypassed. <br><br />
or you have devices eg TiVo that you want to bypass squid <br><br />
http://wiki.contribs.org/Firewall#Bypass_Proxy<br />
<br />
the smeserver-adv-masq rpm in dungogMembers contains these fragments, and the db entries can be added in the <br><br />
''Modify status and proxy values.'' sub-panel<br />
<br />
* Trusted sites that you want unauthenticated access to can be added to the 'Common' exceptionsitelist<br />
<br />
ie Common > modify > a site > allow <br><br />
this will bypass dansguardian and squid authentication.<br />
<br />
* Email if problems continue after running through these steps<br />
<br />
check yum at the command line<br />
yum update<br />
and<br />
yum update --enablerepo=smecontribs<br />
<br />
check logs<br />
<br />
/var/log/messages<br />
/var/log/squid/access.log<br />
/var/log/dansguardian/access.log<br />
<br />
check if dansguardian is running<br />
ps ax<br />
<br />
what error does if give trying to start<br />
<br />
make sure it is stopped<br />
dansguardian -q<br />
<br />
start it<br />
dansguardian<br />
<br />
<br />
check templates are expanded and restarted<br />
signal-event dansguardian-save<br />
wait for squid to restart<br />
signal-event dansguardian-reload<br />
<br />
<br />
<br />
=== Bugs ===<br />
Please raise bugs under the SME-Contribs section in {{BugzillaFileBug|product=|component=|title=bugzilla}}and select the smeserver-dansguardian-panel component or use {{BugzillaFileBug|product=SME%20Contribs|component=smeserver-dansguardian-panel|title=this link}}.<br />
<br />
{{#bugzilla:columns=id,product,version,status,summary |sort=id |order=desc |component=smeserver-dansguardian-panel|noresultsmessage="No open bugs found."}}<br />
<br />
<br />
===Changelog===<br />
Only versions released in smecontrib are listed here.<br />
<br />
{{ #smechangelog: smeserver-dansguardian-panel}}<br />
----<br />
[[Category:Contrib]]<br />
[[Category:Dungog]]<br />
[[Category:Administration:Content Spam Virus Blocking]]<br />
[[Category:Security]]<br />
[[Category:Contrib:webfiltering]]</div>ReetPhttps://wiki.koozali.org/index.php?title=PHPki&diff=42285PHPki2023-09-05T00:54:23Z<p>ReetP: </p>
<hr />
<div>{{Languages|PHPki}}<br />
<br />
{{Note box| For v10 we have created a new update version of PHPKi called PHPKi-ng with fixes and higher security defaults. If you used the previous version you will need to create a new CA and certificates. We have imported the original version to contribs if you really need to use it, but it is not recommended, and will not be generally released.}}<br />
<br />
===Maintainer===<br />
Previous:<br />
[mailto:daniel@firewall-services.com][[User:VIP-ire|Daniel B.]] from [http://www.firewall-services.com Firewall Services]<br />
<br />
Now maintained by Koozali SME<br />
<br />
=== Version ===<br />
Old version prior SME10:smeserver-phpki and phpki <br />
<br />
New Version:<br />
<br />
{{#smeversion: smeserver-phpki-ng }}<br />
{{#smeversion: phpki-ng }}<br />
<br />
Please follow the installation instructions below. The installation instructions will satisfy all dependencies and the latest versions of the above 2 RPMs will be installed automatically.<br />
<br />
=== Description ===<br />
<br />
[http://sourceforge.net/projects/phpki/ PHPki] is an Open Source Web application for managing a multi-agency PKI for HIPAA compliance. With it, you may create and centrally manage X.509 certificates for use with S/MIME enabled e-mail clients, SSL servers, and VPN applications. PHPki is now used to manage certificates with the latest release of the [[OpenVPN_Bridge|SME Server OpenVPN Bridge contrib]].<br />
<br />
You can see a demo installation [http://phpki.sourceforge.net/phpki/ here.]<br />
<br />
=== Requirements ===<br />
{{Warning box|This version of PHPki is a slightly modified version, so it can be used with certificates generated with previous release of smeserver-openvpn-bridge, plus some others minor modifications.<br />
Starting phpki-ng-0.84, default_md has been upgraded to sha512 (previous was sha1). You can keep your existing CA working, but we strongly advise you to upgrade to a new instance, as the weak sha1 hash is a security issue. <br />
}}<br />
<br />
=== Installation ===<br />
<br />
{{Warning box| If openvpn is not detected PHPKi cannot generate a TA Key and it should advise you during install. To generate a TA Key once you have openvpn installed do this (assuming this is the correct directory)<br />
openvpn --genkey --secret /opt/phpki/phpki-store/CA/private/takey.pem <br />
chown phpki:phpki /opt/phpki/phpki-store/CA/private/takey.pem}}<br />
<br />
<tabs container><tab name="SME 10"><br />
*install the rpms<br />
yum --enablerepo=smecontribs install smeserver-phpki-ng<br />
<br />
go to the server-manager to the manage certificate menu and start creating your CA certificate<br />
<br />
Warning click only once and wait for the page to update it can be very long to create the 4096 certificate...<br />
<br />
</tab><br />
<tab name="SME 9"><br />
you have to enable the [[epel]] repository<br />
*install the rpms<br />
yum --enablerepo=smecontribs,epel install smeserver-phpki<br />
<br />
*and start/restart needed services:<br />
expand-template /etc/httpd/conf/httpd.conf<br />
expand-template /etc/httpd/pki-conf/httpd.conf<br />
sv t /service/httpd-e-smith<br />
sv u /service/httpd-pki<br />
<br />
* alternatively issue the following :<br />
signal-event post-upgrade; signal-event reboot<br />
<br />
on update you can issue <br />
expand-template /etc/httpd/conf/httpd.conf<br />
expand-template /etc/httpd/pki-conf/httpd.conf<br />
sv t /service/httpd-e-smith<br />
sv t /service/httpd-pki<br />
<br />
<br />
</tab><br />
<tab name="SME 8"><br />
For sme8<br />
*install the rpms<br />
yum --enablerepo=smecontribs install smeserver-phpki<br />
<br />
*and start/restart needed services:<br />
expand-template /etc/httpd/conf/httpd.conf<br />
expand-template /etc/httpd/pki-conf/httpd.conf<br />
sv t /service/httpd-e-smith<br />
sv u /service/httpd-pki<br />
<br />
* alternatively issue the following :<br />
signal-event post-upgrade; signal-event reboot<br />
</tab><br />
</tabs><br />
<br />
=== Configure your new PKI ===<br />
<br />
Go in the server-manager, you'll find a new "Manage Certificates" menu (or you can use the URL https://server.domain.tld/phpki/ca)<br />
Here you have to enter the following informations:<br />
<br />
**Organisation<br />
**Department<br />
**Common Name of the Master CA<br />
**E-mail (technical contact)<br />
**City<br />
**State<br />
**Country Code<br />
**Password (to protect the private key of the Master CA)<br />
**Validity of the CA<br />
**Keys size<br />
**URL of your PKI (https://my.domain.tld/phpki)<br />
<br />
These two screenshots illustrate the first (and the most important) part of this configuration page:<br />
<br />
[[File:PHPki_CA_initial_setup_data_part_1.png|768px|thumb|center|First part of the initiale configuration page (above)]]<br />
<br />
[[File:PHPki_CA_initial_setup_data_part_2.png|768px|thumb|center|First part of the initiale configuration page (low)]]<br />
<br />
The second part is like this:<br />
<br />
[[File:PHPki_CA_initial_setup_options.png|768px|thumb|center|Second part of the initiale configuration page]]<br />
<br />
The default settings should be OK for most installations. You may just want to change the "Help Document Contact Info" part.<br />
<br />
Once you have submitted this form (which can take several minutes, '''be patient''', as generating dh parameters can take a long time), you should have something like this:<br />
<br />
<br />
[[File:Phpki_init_finish.png|768px|thumb|center|Second part of the initiale configuration page]]<br />
<br />
Now you'll be able to start using PHPki. It's quite easy to use.<br />
<br />
The administrative interface is available on the server-manager or directly https://my.domain.tld/phpki/ca<br />
<br />
There's also a public interface, available only from the local networks, but without password at https://my.domain.tld/phpki.<br />
Here, users can download the Master CA certificate, the CRL, or search for certificates of other users (public part only of course).<br />
<br />
{{Note box|If you just installed the [[OpenVPN_Bridge]] contrib and are installing PHPki as suggested by the wiki page, or you just want to use [[PHPki]] without [[OpenVPN_Bridge]] contrib, then you are done here, and you don't have to migrate any certificates}}<br />
{{Note box|starting phpki-ng-0.84-14 new URL are available to access your CRL and request for certificate status <br />
<br />
http://www.somewhere.com/phpki/ns_revoke_query.php?<br />
<br />
http://www.somewhere.com/phpki/dl_crl.php}}<br />
<br />
=== Add another admin ===<br />
if you happen to need to delegate certificate generation, you can use user-panel to add access to the panel, but you will also need to add the user manually to phpki config <br />
<br />
edit /opt/phpki/phpki-store/config/config.php<syntaxhighlight lang="php"><br />
#$PHPki_admins = Array(md5('admin'));<br />
$PHPki_admins = Array(md5('admin'),md5('user2'));<br />
<br />
</syntaxhighlight><br />
<br />
=== Uninstall ===<br />
To uninstall the contrib from your server, just run the following commands:<br />
yum remove smeserver-phpki-ng phpki-ng<br />
expand-template /etc/httpd/conf/httpd.conf<br />
systemctl restart /service/httpd-e-smith<br />
<br />
{{Note box|As with many other rpms, removing phpki won't remove everything from your server. Especially certificates will be kept, and some php files. PHPKi-ng will attempt to backup any old certificates.<br />
}}<br />
<br />
Certificates and PKI configuration are stored in /opt/phpki/phpki-store, php files are in /opt/phpki/html<br />
{{Warning box|To start from scratch after uninstallation you need to get rid of the html and pkpki-store directories before reinstalling. <br />
The files in phpki-store can be very important, so my recommendation is to let them remain here. If you really want to remove them, just backup them before:<br />
cd /opt/phpki<br />
tar cvzf ~/phpki-backup.tar.gz ./<br />
Now you can remove the entire /opt/phpki directory<br />
rm /opt/phpki/{html,phpki-store} -rf<br />
}}<br />
<br />
=== Re-install ===<br />
<br />
==== before phpki-ng 0.84-14 ====<br />
If you have removed the contrib, and want to re-install it keeping your previous CA (assuming you restored /opt/phpki), you'll need to follow these steps after you have installed the rpms:<br />
<br />
cd /opt/phpki/html/<br />
rm -f index.php <br />
rm -f setup.php<br />
ln -s main.php index.php<br />
cat config.php.rpmsave > config.php<br />
cd ca<br />
rm -f index.php<br />
ln -s main.php index.php<br />
cd /opt/phpki/<br />
chown phpki:phpki -R phpki-store <br />
chown root:phpki -R html/config.php<br />
<br />
=== Bugs ===<br />
Please raise bugs under the SME-Contribs section in [http://bugs.contribs.org/enter_bug.cgi bugzilla]<br />
<br />
For the new smeserver-phpki-ng select the smeserver-phpki-ng component or use {{BugzillaFileBug|product=SME%20Contribs|component=smeserver-phpki-ng|title=this link}}<br />
<br />
{{#bugzilla:columns=id,product,version,status,summary |sort=id |order=desc |component=smeserver-phpki-ng|noresultsmessage="No open bugs found."}}<br />
<br />
Use this for bugs phpki-ng itself {{BugzillaFileBug|product=SME%20Contribs|component=phpki-ng|title=this link}}<br />
<br />
{{#bugzilla:columns=id,product,version,status,summary |sort=id |order=desc |component=phpki-ng|noresultsmessage="No open bugs found."}}<br />
<br />
=== Changelog ===<br />
Only released version in smecontrib are listed here.<br />
<br />
{{#smechangelog:smeserver-phpki-ng}}<br />
{{#smechangelog:phpki-ng}}<br />
----<br />
[[Category:Contrib]]<br />
[[Category:Administration:Certificates]]</div>ReetPhttps://wiki.koozali.org/index.php?title=PHP&diff=42238PHP2023-08-25T10:55:50Z<p>ReetP: </p>
<hr />
<div>Starting with SME 10, the '''php''' module is no longer used for httpd. Instead we rely on '''php-fpm''' which can enable every available version of php. <br />
<br />
By default we provide the following versions: <br />
<br />
*54 (maintained by Red-Hat up to CentOS 7 EOL: 30 Jun 2024).<br />
*55,56,70,71,72 (Note: unsupported!).<br />
*73 (supported up to 6 Dec 2021).<br />
*74 (supported up to 28 Nov 2022).<br />
*80 (supported up to 26 Nov 2023).<br />
<br />
<br /><br />
===db keys available to control php configuration and services===<br />
First you need to decide if you want to alter the php behaviour for an ibay or for a specific php version, of for all php versions.<br />
{| class="wikitable"<br />
|+db configuration properties<br />
!keys<br />
!role<br />
!<br />
|-<br />
|php<br />
|customization of /etc/php.ini<br />
|for php54<br />
|-<br />
|php55<br />
|customization of /opt/remi/php55/root/etc/php.ini<br />
| rowspan="8" |if no properties defined, will use php keys properties<br />
|-<br />
|php56<br />
|customization of /opt/remi/php56/root/etc/php.ini<br />
|-<br />
|php70<br />
|customization of /etc/opt/remi/php70/php.ini<br />
|-<br />
|php71<br />
|customization of /etc/opt/remi/php71/php.ini<br />
|-<br />
|php72<br />
|customization of /etc/opt/remi/php72/php.ini<br />
|-<br />
|php73<br />
|customization of /etc/opt/remi/php73/php.ini<br />
|-<br />
|php74<br />
|customization of /etc/opt/remi/php74/php.ini<br />
|-<br />
|php80<br />
|customization of /etc/opt/remi/php80/php.ini<br />
|}<br />
Every version of php has its own php-fpm service running, the related configuration db entry is (as shown in the Table above) php-fpm for php (ie php54), php55-php-fpm for php55 and so on.<br />
<br />
If you really want to disable one version of php, shown below is what you need to do for php55, as an example:<br />
config setprop php55-php-fpm status disabled<br />
signal-event webapps-update<br />
<br />
===Available properties===<br />
Here is a list of available properties to configure php. You have to choose at which level you want to handle the change. <br />
<br />
*Do you want the change for the whole server? -- then probably choose to change it for key php): db configuration setprop php ...<br />
*Do you want the change for a specific version of php? -- then you should probably do it against a specific php key e.g. : db configuration setprop php74 ...<br />
*Do you want to apply the change for a specific ibay? -- this is what we suggest you to do in most cases: db accounts setprop myibay ..<br />
<br />
{| class="wikitable"<br />
|+<br />
!php setting<br />
!ibay property<br />
!php.ini property<br />
!default<br />
!note<br />
|-<br />
| -<br />
|PHPVersion<br />
| -<br />
|74<br />
|can vary upon update if left empty<br />
|-<br />
|allow_url_fopen<br />
|AllowUrlFopen<br />
|AllowUrlFopen<br />
|off<br />
|unsecure keep to off<br />
|-<br />
|allow_url_include<br />
| -<br />
| -<br />
|off<br />
|<br />
|-<br />
|auto_prepend_file<br />
|AutoPrependFile<br />
| -<br />
|enabled<br />
|/usr/share/php/auth_translation.php unless disabled<br />
|-<br />
|disable_functions<br />
|DisableFunctions<br />
| -<br />
|system,show_source, symlink,exec,dl,shell_exec,passthru,phpinfo,escapeshellarg,escapeshellcmd<br />
|<br />
|-<br />
|display_errors<br />
|DisplayErrors<br />
| -<br />
|off<br />
|<br />
|-<br />
|error_log<br />
| -<br />
| -<br />
|/var/log/php/$key/error.log<br />
|<br />
|-<br />
|error_reporting<br />
|ErrorReporting<br />
| -<br />
|E_ALL & ~E_NOTICE & ~E_DEPRECATED & ~E_STRICT<br />
|<br />
|-<br />
|expose_php<br />
| -<br />
|ExposePHP<br />
|Off<br />
|<br />
|-<br />
|file_upload<br />
|FileUpload<br />
| -<br />
|Off<br />
|<br />
|-<br />
|mail.add_x_header<br />
| -<br />
|MailAddXHeader<br />
|disabled<br />
|only global, not per php version<br />
|-<br />
|mail.force_extra_parameters<br />
|MailForceSender<br />
|MailForceSender<br />
|root@$DomainName<br />
|ibayname@$DomainName for ibays<br />
|-<br />
|mail.log<br />
| -<br />
|MailLog<br />
|disabled<br />
|<br />
|-<br />
|max_execution_time<br />
|MaxExecutionTime<br />
|MaxExecutionTime<br />
|30<br />
|<br />
|-<br />
|max_file_uploads<br />
| -<br />
|MaxFileUpload<br />
|20<br />
|<br />
|-<br />
|max_input_time<br />
|MaxInputTime<br />
|MaxInputTime<br />
|60<br />
|<br />
|-<br />
|memory_limit<br />
|MemoryLimit<br />
|MemoryLimit<br />
|128M<br />
|<br />
|-<br />
|open_basedir<br />
|PHPBaseDir<br />
| -<br />
|/home/e-smith/files/ibays/IBAYNAME/:/var/lib/php/IBAYNAME/:/usr/share/php/:/usr/share/pear/:/opt/remi/php$version/root/usr/share/pear/:/opt/remi/php$version/root/usr/share/php/<br />
|<br />
|-<br />
|post_max_size<br />
|PostMaxSize<br />
|PostMaxSize<br />
|20M<br />
|<br />
|-<br />
|security.limit_extensions<br />
|AllowPHTML<br />
|<br />
|disabled<br />
|allow php to interprete more file (.php .htm .html .phar .phtml .xml)<br />
|-<br />
|sendmail_from<br />
| -<br />
|MailForceSender<br />
|root@$DomainName<br />
|<br />
|-<br />
|sendmail_path<br />
| -<br />
|SendmailPath<br />
|/usr/sbin/sendmail -t -i<br />
|<br />
|-<br />
|short_open_tag<br />
| -<br />
|ShortOpenTag<br />
|On<br />
|<br />
|-<br />
|upload_max_filesize<br />
|UploadMaxFilesize<br />
|UploadMaxFilesize<br />
|10M<br />
|<br />
|}<br />
if you want to set a specific value for an ibay, here we show how to use php80 for ibay MYIBAY and avoid having any disabled function:<br />
db accounts setprop MYIBAY disable_functions none PHPVersion 80<br />
signal-event webapps-update<br />
{{Note box|It is strongly suggested that you install the smeserver-webhosting contrib enabling you to set your ibay php values from the server-manager. Everything is available and it prevents you from making a mistake in the settings.}}<br />
<br />
===Display Error Messages===<br />
<br />
By default PHP does not display error messages on screen. Sometimes you get a blank page when executing PHP scripts. Usually some sort of error has occurred, but this error text will '''not''' be displayed as SME Server is configured to not display them. Instead the error messages are reported to the log files of the webserver and the general logfile of the server. <br />
<br />
Try to analyze your logfiles:<br />
/var/log/httpd/error_log and /var/log/httpd/access_log and perhaps also /var/log/messages.<br />
<br />
{{Warning box|It is strongly advised that you disable "display errors" after you have tracked and solved the problem, as the displayed error message might provide information (like filesystem layout) that only should be known to the system administrators and not to users, let alone people with bad intentions. Thus it is a potential SECURITY RISK. After debugging, disable it again.}}<br />
<br />
====Enable changes for all php versions====<br />
If you (for debugging purposes for instance) would like to enable it you can do it with the instructions found below:<br />
<br />
mkdir -p /etc/e-smith/templates-custom/etc/php.ini<br />
cp /etc/e-smith/templates/etc/php.ini/30ErrorHandling /etc/e-smith/templates-custom/etc/php.ini<br />
<br />
After that:<br />
<br />
sed -i /etc/e-smith/templates-custom/etc/php.ini/30ErrorHandling -e 's/display_errors.*/display_errors = On/g' <br />
<br />
After that issue the following commands:<br />
<br />
signal-event webapps-updates<br />
<br />
<br />
Now access your page again and see what the error is. <br />
<br />
====Undo Changes====<br />
If everything works you remove the 30ErrorHandling file from the /etc/e-smith/templates-custom/etc/php.ini folder and issue the last two lines again:<br />
<br />
signal-event webapps-update <br />
<br />
====Enable changes for a specific ibay====<br />
Starting SME10 and smeserver-php-3.0.0-39<br />
db accounts setprop MYIBAY DisplayErrors enabled <br />
signal-event webapps-update<br />
===Open basedir restriction===<br />
SME Server has a security measure in place which is called 'open basedir restriction'. This measure prevents PHP from executing or invoking other PHP scripts outside the scope of its own tree; in other words it creates a 'sandbox' or 'jail'.<br />
<br />
Overall configuration is defined in the php.ini file but you can add an override on a per ibay basis.<br />
<br />
====Error message====<br />
The PHP open basedir restriction is usually presented to the user like this in the /var/log/messages file:<br />
<br />
Aug 12 17:27:42 homer httpd: PHP Warning: main(): open_basedir restriction in effect. File(/tmp/test.php) is not within the allowed path(s): (/home/e-smith/files/ibays/Primary/html/) in /home/e-smith/files/ibays/Primary/html/test.php on line 2<br />
<br />
In general you will find this message in the log files only as by default PHP is configured to prevent the display of error messages to the end users. This can be changed as per [[PHP#Display_Error_Messages|this HowTo]].<br />
<br />
====Modifying the PHPBaseDir setting for an ibay====<br />
<ol><br />
(Please also see: [http://wiki.contribs.org/Useful_Commands#PHP_Related_Commands these] instructions on the [http://wiki.contribs.org/Useful_Commands Useful_Commands] page.)<br />
<!--Please do not remove the following closing tag as a fromatting/rendering bug will kick in, for more details see: http://bugzilla.wikimedia.org/show_bug.cgi?id=10893--><li>Open a SME Server shell as root user and document the current setting of the PHPBaseDir directive by writing down the output of the following command:<br />
db accounts getprop ibayname PHPBaseDir <br />
Be careful to write it down to the letter as we need it in the next step<br />
For the Primary ibay the ouptut of above command would normally look like this:<br />
/home/e-smith/files/ibays/Primary/html/<br />
</li><li>Decide on what directory you would like to add and issue the following:<br />
db accounts setprop ibayname PHPBaseDir value<br />
Replace ibayname with the name of the ibay and value with the old value for the PHPBaseDir directive you have written down and a colon (:) followed by the full path to the directory you would like to add with a tailing slash (/), e.g.<br />
db accounts setprop Primary PHPBaseDir /home/e-smith/files/ibays/Primary/html/:/opt/gallery2/<br />
Above command would allow for invocation of scripts in the /opt/gallery2 path from the Primary ibay html folder by PHP.<br />
To allow uploading of files to via http to a ibay name wiki<br />
db accounts setprop wiki PHPBaseDir /home/e-smith/files/ibays/wiki/:/tmp/<br />
<br />
</li><li>After defining the new setting we need to reflect the change in the configuration file of the web server and have the web server reload it's configuration file. This is done by issuing the following command:<br />
signal-event ibay-modify ibayname<br />
<br />
Be sure to replace ibayname with the name of the ibay you have just modified.<br />
</li></ol><br />
===Upload_tmp_dir===<br />
upload_tmp_dir<br />
<br />
From SME Server V8 up to and including SME Server V9, you could sometimes have an error thrown by PHP and would then need to specify a temporary directory (e.g. upload_tmp_dir) which is not set in php.ini. see [[bugzilla:6650]] and [[bugzilla:7652]]. Many php applications need this setting, the best-known culprits are Wordpress, Roundcube, eGroupWare, and there are others. ther symptoms observed are that you can't upload contents to the PHP application.<br />
<br />
An easy resolution is to make a Custom Template to resolve this issue. see [[Uploadtmpdir]]<br />
<br />
=== Advanced use of the php-fpm pools ===<br />
<br />
==== For the ibays with with php-fpm.d/ibays.conf ====<br />
for the ibays better option is to simply use the contrib [[Webhosting]]<br />
<br />
==== For the contrib sharefolders with php-fpm.d/shares.conf ====<br />
similar to ibays<br />
<br />
==== For the contribs with php-fpm.d/www.conf ====<br />
please read [[Building Your Contrib]]<br />
<br />
==== For your custom needs with php-fpm.d/custom.conf ====<br />
you can build your own pool to use in any place on your server, even in a subfolder of an ibay or in place of the regular ibay php-pool (property PHPCustomPool)<br />
<br />
There are two ways in doing that <br />
<br />
===== using db php =====<br />
using the default template : /etc/e-smith/templates/etc/php-fpm.d/custom.conf , you can set your own pool doing:<br />
db php set MYPOOLNAME pool Version 81 status enabled<br />
here are the accepted supplementary properties, as always missing or empty means using default.<br />
{| class="wikitable"<br />
!property<br />
!default<br />
!values<br />
!information<br />
|-<br />
|status<br />
|enabled<br />
|enabled,disabled<br />
|-<br />
|Version<br />
|<br />
|<br />
|php version to use eg 80 for php 8.0<br />
|-<br />
|MemoryLimit<br />
|128M<br />
|<br />
|-<br />
|MaxExecutionTime<br />
|30<br />
|<br />
|-<br />
|MaxInputTime<br />
|60<br />
|<br />
|-<br />
|AllowUrlFopen<br />
|off<br />
|<br />
|-<br />
|MaxChildren<br />
|15<br />
|<br />
|-<br />
|PostMaxSize<br />
|10M<br />
|<br />
|-<br />
|UploadMaxFilesize<br />
|10M<br />
|<br />
|-<br />
|FileUpload<br />
|enabled<br />
|<br />
|-<br />
|BaseDir<br />
|<br />
|<br />
|-<br />
|DisabledFunctions<br />
|system,show_source,symlink,exec,dl,shell_exec,passthru,phpinfo,escapeshellarg,escapeshellcmd<br />
|<br />
|-<br />
|User<br />
|www<br />
|<br />
|-<br />
|Group<br />
|www<br />
|<br />
|-<br />
|DisplayErrors<br />
|disabled<br />
|<br />
|-<br />
|LogErrors<br />
|disabled<br />
|<br />
|-<br />
|MaxChildren<br />
|15<br />
|<br />
|-<br />
|AutoPrependFile<br />
|enabled<br />
|<br />
|will use the autoprepend file<br />
|-<br />
|MailForceSender<br />
|php\@$DomainName<br />
|<br />
|<br />
|}<br />
you will then need two httpd.conf custom template fragment to use your pool. You will need to change '''MYPOOL''' to what you want<br />
mkdir -p /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/<br />
vim /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/98mypoolusage<br />
<br />
<Directory /home/e-smith/files/ibays/test/html/mysubfolder><br />
SSLRequireSSL<br />
Options None<br />
Options +Indexes<br />
Options +FollowSymLinks<br />
DirectoryIndex index.php index.shtml index.htm index.html<br />
<FilesMatch \.php$><br />
SetHandler "proxy:unix:/var/run/php-fpm/php80-MYPOOLNAME.sock|fcgi://localhost"<br />
</FilesMatch><br />
AllowOverride All<br />
order deny,allow<br />
deny from all<br />
allow from all<br />
</Directory><br />
then just do signal-event webapps-update<br />
<br />
===== using a templates-custom =====<br />
You can write your own fragment in /etc/e-smith/templates-custom/etc/php-fpm.d/custom.conf/ e.g. /etc/e-smith/templates-custom/etc/php-fpm.d/custom.conf/15mypool<br />
<br />
You will also need to write a httpd fragment similarly to what shown just above.<br />
<br />
Here is an example if you want a custom pool for your ibay, in /etc/e-smith/templates-custom/etc/php-fpm.d/ibays.conf/15MYIBAY<syntaxhighlight lang="perl"><br />
{<br />
<br />
use esmith::AccountsDB;<br />
use esmith::php;<br />
my $a = esmith::AccountsDB->open_ro || die "Couldn't open the accounts database";<br />
my $ibay = $a->get("MYIBAY");<br />
my $version = PhpFpmVersionToUse($ibay);<br />
my $dynamic = $ibay->prop('CgiBin') || 'disabled';<br />
my $custom = $ibay->prop('CustomPool') || undef;<br />
next unless ($dynamic eq 'enabled' && $version eq $PHP_VERSION && $custom);<br />
my $key = $ibay->key;<br />
my $name = lc $key;<br />
my $pool_name = 'php' . $version . '-' . $name;<br />
$OUT .=<<"_EOF" if ($version eq $PHP_VERSION);<br />
<br />
[$pool_name]<br />
user = www<br />
group = www<br />
listen.owner = root<br />
listen.group = www<br />
listen.mode = 0660<br />
listen = /var/run/php-fpm/$pool_name.sock<br />
;<br />
;<br />
;put whatever you need there<br />
;<br />
;<br />
_EOF<br />
}<br />
<br />
</syntaxhighlight><br />
<br />
You have then to force the ibay to use it by doing :<syntaxhighlight lang="bash"><br />
db accounts MYIBAY setprop CustomPool enabled<br />
</syntaxhighlight>This will prevent the generation of the default ibay pool in ibays.conf , and let you use /var/run/php-fpm/php$version-$name.sock socket from your template-custom... or from the db php using the same key as the name of the ibay.<br />
<br />
===Installation of composer===<br />
<br />
This is made tricky as we do not have the PHP CLI configured.<br />
<br />
But we can install it as follows with command line arguments. This is using php74<br />
<br />
Download:<br />
php74 -d allow_url_fopen=on -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"<br />
<br />
Install:<br />
php74 -d allow_url_fopen=on ./composer-setup.php <br />
<br />
=== Bugs ===<br />
Please raise bugs under the SME-Server 10.X section in [http://bugs.contribs.org/enter_bug.cgi Bugzilla] and select the smeserver-php component or use {{BugzillaFileBug|product=SME%20Server%2010.X|component=e-smith-*%20and%20smeserver-*&20packages|title=this link}}.<br />
<br />
Below is an overview of the current issues for this package:<br />
{{#bugzilla:columns=id,product,version,status,summary |sort=id|order=desc |component=smeserver-php|noresultsmessage="No open bugs found."}}<br />
----<br />
<br />
[[Category: Howto]]</div>ReetPhttps://wiki.koozali.org/index.php?title=User:ReetP&diff=42171User:ReetP2023-08-08T12:25:19Z<p>ReetP: /* Repos */</p>
<hr />
<div>Just me. ReetP aka John Crisp<br />
<br />
===Repos===<br />
After adding repo data to the database update the configuration file:<br />
signal-event yum-modify<br />
<br />
2020/10 Note Koozali SME v10 currently needs Priority 10 set<br />
<br />
ReetP repo<br />
<noinclude><br />
db yum_repositories set reetp repository \<br />
BaseURL https://www.reetspetit.com/smeserver/\$releasever \<br />
EnableGroups no \<br />
GPGCheck no \<br />
Name "ReetP Repo" \<br />
GPGKey https://www.reetspetit.com/RPM-GPG-KEY \<br />
Visible yes \<br />
status disabled<br />
</noinclude><br />
<br />
ReetP testing repo - here be Dragons. Not for production use.<br />
<br />
<noinclude><br />
db yum_repositories set reetpTest repository \<br />
BaseURL https://www.reetspetit.com/smetest/\$releasever \<br />
EnableGroups no \<br />
GPGCheck no \<br />
Name "ReetP Repo" \<br />
GPGKey https://www.reetspetit.com/RPM-GPG-KEY \<br />
Visible yes \<br />
status disabled<br />
</noinclude><br />
<br />
ReetP samba testing repo - here be Dragons. Not for production use.<br />
<br />
<noinclude><br />
db yum_repositories set reetpSambaTest repository \<br />
BaseURL https://www.reetspetit.com/smesambatest/\$releasever \<br />
EnableGroups no \<br />
GPGCheck no \<br />
Name "ReetP Repo" \<br />
GPGKey https://www.reetspetit.com/RPM-GPG-KEY \<br />
Visible yes \<br />
status disabled<br />
</noinclude><br />
<br />
Libreswan repo<br />
<br />
<noinclude><br />
db yum_repositories set libreswan repository \<br />
BaseURL https://download.libreswan.org/binaries/rhel/\$releasever/x86_64/ \<br />
EnableGroups no \<br />
GPGCheck yes \<br />
GPGKey https://download.libreswan.org/binaries/RPM-GPG-KEY-libreswan \<br />
Name LibreSwan \<br />
Visible yes \<br />
status disabled <br />
</noinclude><br />
<br />
v10<br />
<noinclude><br />
db yum_repositories set libreswan repository \<br />
BaseURL https://download.libreswan.org/binaries/rhel/7/x86_64/ \<br />
EnableGroups no \<br />
GPGCheck yes \<br />
GPGKey https://download.libreswan.org/binaries/RPM-GPG-KEY-libreswan \<br />
Name LibreSwan \<br />
Visible yes \<br />
Priority 10 \<br />
status disabled <br />
</noinclude><br />
<br />
MC repo<br />
v9<br />
<noinclude><br />
db yum_repositories set mc repository \<br />
BaseURL http://download.opensuse.org/repositories/home:/laurentwandrebeck:/mc/CentOS_6/ \<br />
Name mc \<br />
Visible yes \<br />
status enabled <br />
</noinclude><br />
<br />
v10<br />
<noinclude><br />
db yum_repositories set mc repository \<br />
BaseURL http://download.opensuse.org/repositories/home:/laurentwandrebeck:/mc/CentOS_7/ \<br />
Name mc \<br />
Visible yes \<br />
Priority 10 \<br />
status enabled <br />
</noinclude><br />
<br />
NodeJS repo (latest is 10)<br />
<noinclude><br />
db yum_repositories set nodejs10 \<br />
repository Name 'Node JS 10' \<br />
BaseURL https://rpm.nodesource.com/pub_10.x/el/\$releasever/\$basearch \<br />
EnableGroups no \<br />
GPGCheck no \<br />
Visible yes \<br />
status disabled<br />
</noinclude><br />
<br />
Mongo DB 4.2<br />
<noinclude><br />
db yum_repositories set mongodb42 \<br />
repository Name 'Mongo DB 4.2' \<br />
BaseURL https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/4.2/x86_64/ \<br />
EnableGroups no \<br />
GPGCheck yes \<br />
GPGKey https://www.mongodb.org/static/pgp/server-4.2.asc \<br />
Visible no \<br />
status disabled<br />
</noinclude><br />
<br />
Maria DB 10.3<br />
<br />
<noinclude><br />
db yum_repositories set mariadb10 \<br />
repository Name 'MariaDB10' \<br />
BaseURL http://yum.mariadb.org/10.3/centos73-amd64/ \<br />
GPGKey https://yum.mariadb.org/RPM-GPG-KEY-MariaDB \<br />
GPGCheck yes \<br />
Visible no \<br />
status disabled<br />
</noinclude><br />
<br />
El repo from the el repo rpm<br />
<noinclude><br />
db yum_repositories set elrepo-kernel<br />
BaseUrl http://elrepo.org/linux/kernel/el7/\$basearch/ \<br />
MirrorList http://mirrors.elrepo.org/mirrors-elrepo-kernel.el7<br />
gpgcheck yes\<br />
gpgkey file:///etc/pki/rpm-gpg/RPM-GPG-KEY-elrepo.org \<br />
Visible no \<br />
status disabled<br />
</noinclude><br />
<br />
===SRPM import===<br />
<br />
My src RPM import notes<br />
<br />
Importing a srpm/contrib.<br />
<br />
Big note. If you are importing a server package then you need the common dir from an existing server package and not a contrib - they are different<br />
<br />
It helps to have a dir with some common CVS files in.<br />
<br />
<br />
<br />
On your local build server (could be on your koozali shell)<br />
<br />
mkdir -p ~/smecontribs/rpms/NewPackage/contribs10<br />
cd ~/smecontribs/rpms<br />
<br />
Only required to add to CVS if it is totally new:<br />
cvs add NewPackage <br />
cd NewPackage<br />
<br />
Then:<br />
cvs add contribs10<br />
cd contribs10<br />
<br />
<br />
We need to get a common directory & Makefile there - note this is for a contrib, not server package<br />
<br />
cp -R ~/rpms/{another package}/contribs10/common ~/rpms/NewPackage/contribs10<br />
cp -R ~/rpms/{another package}/contribs10/Makefile ~/rpms/NewPackage/contribs10<br />
<br />
Alternatively I already have a directory with these files in that I can re-use<br />
<br />
cp -r ~/CVS_files/* ~/smecontribs/rpms/NewPackage/contribs10/<br />
<br />
<br />
Update the name in the Makefile:<br />
<br />
perl -p -i -e 's/{another package}/NewPackage/g' Makefile<br />
<br />
./common/cvs-import.sh -b contribs10 -m 'Initial import' NewPackage.src.rpm<br />
<br />
make new-sources FILES="v-x.x.x.tar.gz"<br />
<br />
cvs commit -m "Add updated sources file NewPackage"<br />
<br />
Now, at this juncture it refused to mockbuild properly.<br />
<br />
In the end I removed ALL the files in the NewPackage contribs10 dir and then did:<br />
<br />
~/smecontribs/rpms/NewPackage/contribs10/<br />
rm -rf *<br />
cvs update -dPA<br />
<br />
Then I did:<br />
<br />
make clean;make prep; make mockbuild and it built<br />
<br />
I then just did <br />
<br />
make build<br />
<br />
Note<br />
<br />
To get the name of the distribution in the filename you need something like this in the spec file.<br />
<br />
Note the Release version format<br />
<br />
<noinclude><br />
%define name phpki<br />
%define version 0.82<br />
%define release 23<br />
Summary: Phpki is a simple certificate management suite<br />
Name: %{name}<br />
Version: %{version}<br />
Release: %{release}%{?dist}<br />
License: GNU GPL version 2<br />
URL: http://sourceforge.net/projects/phpki/<br />
Group: SMEserver/addon<br />
#wget http://www.fooweb.com/downloads/foo-3.6.431.tar.gz<br />
Source: phpki-0.82.tar.gz<br />
</noinclude></div>ReetPhttps://wiki.koozali.org/index.php?title=Rocket_Chat:Contrib&diff=42169Rocket Chat:Contrib2023-07-27T14:44:42Z<p>ReetP: </p>
<hr />
<div>'''[[Rocket_Chat#smeserver-rocketchat_contrib|Contrib]]''': [mailto:jcrisp@safeandsound.co.uk][[User:ReetP|John Crisp]]<br />
{{Note box|Please note that there is also a howto on manually installing Rocket.Chat [[Rocket_Chat|'''here''' This is largely obsolete.]]}}<br />
<br />
Later versions will need my newer smeserver-rocketchat-0.4.x contrib which uses docker.<br />
<br />
==smeserver-rocketchat contrib==<br />
{{WIP box}}<br />
<br />
===Version===<br />
{{ #smeversion: smeserver-rocketchat }}<br />
<br />
<br />
==Required repos==<br />
<br />
Add repos:<br />
<br />
* [[epel]]<br />
* [[mongoDB]]<br />
* [[Docker]]<br />
* [[User:ReetP|reetp]] <br />
<br />
===Installation===<br />
<br />
There is now a smeserver-rocketchat contrib to install Rocket.Chat with docker.<br />
<br />
Install Mongo DB natively as per the wiki page https://wiki.koozali.org/MongoDB<br />
<br />
Currently it is suggested to use Mongo 4.4<br />
<br />
Mongo 5+ requires additional instructions in the CPU that older CPUs may not have. See teh wiki page for more.<br />
<br />
Do not go further than initiating the replicaset. Users are not required.<br />
<br />
Next install smeserver-docker following the wiki page https://wiki.koozali.org/Docker<br />
<br />
<br />
<br />
Settings<br />
<br />
config set rocketchat service TCPPort 3000 mailPort 25 mailURL localhost access private status enabled SSLProxy yes Version 5.4.9 rootURL chat.domain.com<br />
<br />
<br />
signal-event post-upgrade;signal-event reboot<br />
<br />
<br />
System ➔ startup<br />
+----------------------------------------------------+<br />
| SERVER RUNNING |<br />
+----------------------------------------------------+<br />
| |<br />
| Version: 0.xx.x |<br />
| Process Port: 3000 |<br />
| Site URL: <nowiki>http://rocketchat.local.net:3000</nowiki> |<br />
| OpLog: Disabled |<br />
| |<br />
+----------------------------------------------------+<br />
<br />
You should now be able to connect to your Rocket.Chat instance <br />
<br />
http://rocketchat.local.net:3000<br />
<br />
===Registering a new account===<br />
<br />
Because the SME mail server is fussy you may find it easier to force some settings in the Rocket.Chat DB before trying to register:<br />
<br />
You can set your SMTP host as localhost or mail.yourdomain.com<br />
<br />
mongo<br />
use rocketchat<br />
db.rocketchat_settings.update({"_id" : "SMTP_Host"}, {$set: {"value":"mail.yourdomain.com"}})<br />
db.rocketchat_settings.update({"_id": "From_Email"}, {$set: {"value":"admin@yourdomain.com"}})<br />
exit<<br />
<br />
<br />
===Reverse proxy===<br />
<br />
Now we need to setup our subdomain for the reverse proxy<br />
<br />
db domains set chat.mycompany.local domain Description RocketChat Nameservers internet \<br />
TemplatePath ProxyPassVirtualRocketchat ProxyPassTarget http://localhost:3000/<br />
<br />
It should look like this:<br />
chat.mycompany.local=domain<br />
Nameservers=internet (can be localhost)<br />
ProxyPassTarget=http://127.0.0.1:3000/<br />
TemplatePath=ProxyPassVirtualRocketchat<br />
letsencryptSSLcert=enabled (with letsencrypt support)<br />
<br />
We need to set Rocket.Chat to listen on localhost now:<br />
<br />
config setprop rocketchat rootURL chat.mycompany.domain SSLProxy yes<br />
signal-event smeserver-rocketchat-update<br />
<br />
Now start the docker container (always run compose from the docker directory)<br />
<br />
cd /home/e-smith/files/docker/configs<br />
docker-compose up -d rocketchat<br />
docker logs -f rocketchat<br />
<br />
db accounts setprop Primary SSL enabled<br />
signal-event ibay-modify Primary<br />
<br />
<br />
==Bugs==<br />
<br />
Please raise bugs under the SME-Contribs section in {{BugzillaFileBug|product=|component=|title=bugzilla}}and select the smeserver-rocketchat component or use <br />
{{BugzillaFileBug|product=SME%20Contribs|component=smeserver-rocketchat |title=this link}}.<br />
<br />
<br />
{{#bugzilla:columns=id,product,version,status,summary |sort=id |order=desc |disablecache=1 |component=smeserver-rocketchat |noresultsmessage="No open bugs found."}}<br />
<br />
<br />
==Mongo DB examples==<br />
<br />
===Usage===<br />
<br />
Example using mongo itself:<br />
<br />
mongo<br />
<br />
use rocketchat<br />
<br />
Show all collections in DB<br />
show collections<br />
<br />
Show all entries in a collection<br />
db.rocketchat_avatars.chunks.find()<br />
<br />
db.rocketchat_settings.find({"_id" : "SMTP_Host"})<br />
db.rocketchat_settings.find({"_id" : "From_Email"})<br />
<br />
db.rocketchat_settings.findOne({_id : "From_Email"}, {_id:0, value: 1})<br />
db.rocketchat_settings.findOne({_id : "SMTP_Host"}, {_id:0, value: 1})<br />
<br />
db.rocketchat_settings.update({"_id":"From_Email"}, {$set: {"value":"admin@yourdomain.com"}})<br />
db.rocketchat_settings.update({"_id":"SMTP_Host"}, {$set: {"value":"mail.yourdomain.com"}})<br />
<br />
<br />
Remove all entries in a collection (CAREFUL!!!!!!)<br />
db.rocketchat_avatars.chunks.remove({})<br />
<br />
Help<br />
help<br />
<br />
Some more mongo commands for reference<br />
<br />
https://github.com/RocketChat/Rocket.Chat/issues/15880#issuecomment-570070433<br />
<br />
Directly check a specific user ID from bash:<br />
mongo rocketchat --eval "db.users.find({'username':'usernamehere'}).forEach( function(u) { print(u._id + \" ; \" + u.username); } )"<br />
<br />
Log into rocketchat database:<br />
mongo rocketchat<br />
<br />
Check out all the user IDs in the database: <br />
db.users.find().forEach( function(u) { print(u._id + ";" + u.username); } ) <br />
<br />
Or just a specific user's ID:<br />
db.users.find({'username':'usernamehere'}).forEach( function(u) { print(u._id + \" ; \" + u.username); } )<br />
<br />
Replace specific user ID's password in the database:<br />
db.users.update( {'_id': 'useridhere'}, {$set: {'services.password.bcrypt': 'bcryptedpasswordhere'}}, {multi:true} )<br />
<br />
My only issue with above (only time I needed it for recovery purposes), was that I didn't know which tool to use to generate a bcrypted password. So in the hurry I copied the hash from one account I already knew (my own). If someone knows a good command for creating one directly in bash, I assume it would do.<br />
<br />
There are bcrypt password generators online, and various libraries you can use<br />
<br />
For listing out any passwords in the database I used:<br />
<br />
db.users.find().forEach( function(u) { print(u.services.password.bcrypt + " ; " + u.username); } ) <br />
<br />
If you have deactivated users it may fail so use this for individual accounts.<br />
<br />
However, you can get it for an individual user with:<br />
<br />
db.users.find({'username':'SomeUserName'}).forEach( function(u) { print(u.services.password.bcrypt + " ; " + u.username); } ) <br />
<br />
Set a user config item:<br />
<br />
db.users.update( {'username': 'SomeUserName'}, {$set: {'settings.preferences.showMessageInMainThread': 'true'}} )<br />
<br />
Find a single user:<br />
<br />
db.getCollection('users').find( {'username':'SomeUserName'} )<br />
<br />
Get limited information:<br />
<br />
db.getCollection('users').find({}, {"username":1, "settings.preferences.showMessageInMainThread":1})<br />
<br />
Reset 2FA nonsense:<br />
<br />
db.users.update({'username': 'SomeUserName'}, {$unset: {'services.totp': 1}});<br />
db.users.update({'username': 'SomeUserName'}, {$unset: {'services.email2fa': 1}});<br />
<br />
===Database Backup===<br />
<br />
You can dump the tables to a directory of your choice:<br />
<br />
mongodump --dumpDbUsersAndRoles -d rocketchat -o /root/rocketchatmongo<br />
<br />
===Database Restore===<br />
<br />
You can restore you database as follows:<br />
<br />
mongorestore --restoreDbUsersAndRoles -d rocketchat -dir /root/rocketchatmongo/rocketchat --quiet<br />
<br />
===Database Fix tables===<br />
<br />
To remove user data file links a variation on this link<br />
https://github.com/RocketChat/feature-requests/issues/718<br />
<br />
mongo<br />
use rocketchat<br />
db.rocketchat_user_data_files.remove( { } )<br />
db.runCommand({ compact: 'rocketchat_user_data_files', force: true });<br />
quit;<br />
<br />
==Node usage==<br />
<br />
* This should go to a new Node page for reference<br />
<br />
Use n, an extremely simple Node version manager that can be installed via npm (See http://stackoverflow.com/questions/7718313/how-to-change-to-an-older-version-of-node-js)<br />
<br />
Say you want Node.js v0.10.x to build Atom.<br />
<br />
npm install -g n # Install n globally<br />
n 0.10.33 # Install and use v0.10.33 local only<br />
<br />
Usage:<br />
n # Output versions installed<br />
n latest # Install or activate the latest node release<br />
n stable # Install or activate the latest stable node release<br />
n <version> # Install node <version><br />
n use <version> [args ...] # Execute node <version> with [args ...]<br />
n bin <version> # Output bin path for <version><br />
n rm <version ...> # Remove the given version(s)<br />
n --latest # Output the latest node version available<br />
n --stable # Output the latest stable node version available<br />
n ls # Output the versions of node available<br />
<br />
<br />
==NPM Usage==<br />
<br />
To update your version of npm run the following<br />
<br />
npm install -g npm<br />
<br />
Or for a specific version:<br />
<br />
npm install -g npm@3.10.9<br />
<br />
==DB settings==<br />
<br />
Typical standard setup:<br />
rocketchat=service<br />
TCPPort=3000<br />
access=public<br />
mailPort=25<br />
mailURL=localhost<br />
status=enabled<br />
<br />
Typical proxy subdomain setup:<br />
rocketchat=service<br />
SSLProxy=yes<br />
TCPPort=3000<br />
access=private<br />
mailPort=25<br />
mailURL=localhost<br />
rootURL=chat.mydomain.co.uk<br />
status=enabled<br />
<br />
<br />
<br />
==Koozali SME v10==<br />
<br />
I am starting to look at running this under docker on v10<br />
<br />
Some quick notes.<br />
<br />
You will need<br />
<br />
Docker<br />
https://wiki.contribs.org/Docker<br />
<br />
Docker Compose (because it makes it easier to template)<br />
https://github.com/docker/compose/releases<br />
<br />
Docker environment settings to disable 2FA<br />
<br />
- OVERWRITE_SETTING_Accounts_TwoFactorAuthentication_Enforce_Password_Fallback=false<br />
- OVERWRITE_SETTING_Accounts_TwoFactorAuthentication_Enabled=false<br />
<br />
Mongo (I prefer to run a full instance rather than a docker one)<br />
https://wiki.contribs.org/MongoDB<br />
<br />
Make sure you add replicaset support in Mongo and set it up:<br />
<br />
mongo --eval "printjson(rs.initiate())"<br />
<br />
<br />
I'll add more later, and try and make a full contrib in due course<br />
<br />
FAQ<br />
<br />
https://handbook.rocket.chat/company/tools/rocket.chat</div>ReetPhttps://wiki.koozali.org/index.php?title=Rocket_Chat:Contrib&diff=42168Rocket Chat:Contrib2023-07-27T14:44:20Z<p>ReetP: </p>
<hr />
<div>'''[[Rocket_Chat#smeserver-rocketchat_contrib|Contrib]]''': [mailto:jcrisp@safeandsound.co.uk][[User:ReetP|John Crisp]]<br />
{{Note box|Please note that there is also a howto on manually installing Rocket.Chat [[Rocket_Chat|'''here''' This is largely obsolete.]]<br />
<br />
Later versions will need my newer smeserver-rocketchat-0.4.x contrib which uses docker.<br />
<br />
==smeserver-rocketchat contrib==<br />
{{WIP box}}<br />
<br />
===Version===<br />
{{ #smeversion: smeserver-rocketchat }}<br />
<br />
<br />
==Required repos==<br />
<br />
Add repos:<br />
<br />
* [[epel]]<br />
* [[mongoDB]]<br />
* [[Docker]]<br />
* [[User:ReetP|reetp]] <br />
<br />
===Installation===<br />
<br />
There is now a smeserver-rocketchat contrib to install Rocket.Chat with docker.<br />
<br />
Install Mongo DB natively as per the wiki page https://wiki.koozali.org/MongoDB<br />
<br />
Currently it is suggested to use Mongo 4.4<br />
<br />
Mongo 5+ requires additional instructions in the CPU that older CPUs may not have. See teh wiki page for more.<br />
<br />
Do not go further than initiating the replicaset. Users are not required.<br />
<br />
Next install smeserver-docker following the wiki page https://wiki.koozali.org/Docker<br />
<br />
<br />
<br />
Settings<br />
<br />
config set rocketchat service TCPPort 3000 mailPort 25 mailURL localhost access private status enabled SSLProxy yes Version 5.4.9 rootURL chat.domain.com<br />
<br />
<br />
signal-event post-upgrade;signal-event reboot<br />
<br />
<br />
System ➔ startup<br />
+----------------------------------------------------+<br />
| SERVER RUNNING |<br />
+----------------------------------------------------+<br />
| |<br />
| Version: 0.xx.x |<br />
| Process Port: 3000 |<br />
| Site URL: <nowiki>http://rocketchat.local.net:3000</nowiki> |<br />
| OpLog: Disabled |<br />
| |<br />
+----------------------------------------------------+<br />
<br />
You should now be able to connect to your Rocket.Chat instance <br />
<br />
http://rocketchat.local.net:3000<br />
<br />
===Registering a new account===<br />
<br />
Because the SME mail server is fussy you may find it easier to force some settings in the Rocket.Chat DB before trying to register:<br />
<br />
You can set your SMTP host as localhost or mail.yourdomain.com<br />
<br />
mongo<br />
use rocketchat<br />
db.rocketchat_settings.update({"_id" : "SMTP_Host"}, {$set: {"value":"mail.yourdomain.com"}})<br />
db.rocketchat_settings.update({"_id": "From_Email"}, {$set: {"value":"admin@yourdomain.com"}})<br />
exit<<br />
<br />
<br />
===Reverse proxy===<br />
<br />
Now we need to setup our subdomain for the reverse proxy<br />
<br />
db domains set chat.mycompany.local domain Description RocketChat Nameservers internet \<br />
TemplatePath ProxyPassVirtualRocketchat ProxyPassTarget http://localhost:3000/<br />
<br />
It should look like this:<br />
chat.mycompany.local=domain<br />
Nameservers=internet (can be localhost)<br />
ProxyPassTarget=http://127.0.0.1:3000/<br />
TemplatePath=ProxyPassVirtualRocketchat<br />
letsencryptSSLcert=enabled (with letsencrypt support)<br />
<br />
We need to set Rocket.Chat to listen on localhost now:<br />
<br />
config setprop rocketchat rootURL chat.mycompany.domain SSLProxy yes<br />
signal-event smeserver-rocketchat-update<br />
<br />
Now start the docker container (always run compose from the docker directory)<br />
<br />
cd /home/e-smith/files/docker/configs<br />
docker-compose up -d rocketchat<br />
docker logs -f rocketchat<br />
<br />
db accounts setprop Primary SSL enabled<br />
signal-event ibay-modify Primary<br />
<br />
<br />
==Bugs==<br />
<br />
Please raise bugs under the SME-Contribs section in {{BugzillaFileBug|product=|component=|title=bugzilla}}and select the smeserver-rocketchat component or use <br />
{{BugzillaFileBug|product=SME%20Contribs|component=smeserver-rocketchat |title=this link}}.<br />
<br />
<br />
{{#bugzilla:columns=id,product,version,status,summary |sort=id |order=desc |disablecache=1 |component=smeserver-rocketchat |noresultsmessage="No open bugs found."}}<br />
<br />
<br />
==Mongo DB examples==<br />
<br />
===Usage===<br />
<br />
Example using mongo itself:<br />
<br />
mongo<br />
<br />
use rocketchat<br />
<br />
Show all collections in DB<br />
show collections<br />
<br />
Show all entries in a collection<br />
db.rocketchat_avatars.chunks.find()<br />
<br />
db.rocketchat_settings.find({"_id" : "SMTP_Host"})<br />
db.rocketchat_settings.find({"_id" : "From_Email"})<br />
<br />
db.rocketchat_settings.findOne({_id : "From_Email"}, {_id:0, value: 1})<br />
db.rocketchat_settings.findOne({_id : "SMTP_Host"}, {_id:0, value: 1})<br />
<br />
db.rocketchat_settings.update({"_id":"From_Email"}, {$set: {"value":"admin@yourdomain.com"}})<br />
db.rocketchat_settings.update({"_id":"SMTP_Host"}, {$set: {"value":"mail.yourdomain.com"}})<br />
<br />
<br />
Remove all entries in a collection (CAREFUL!!!!!!)<br />
db.rocketchat_avatars.chunks.remove({})<br />
<br />
Help<br />
help<br />
<br />
Some more mongo commands for reference<br />
<br />
https://github.com/RocketChat/Rocket.Chat/issues/15880#issuecomment-570070433<br />
<br />
Directly check a specific user ID from bash:<br />
mongo rocketchat --eval "db.users.find({'username':'usernamehere'}).forEach( function(u) { print(u._id + \" ; \" + u.username); } )"<br />
<br />
Log into rocketchat database:<br />
mongo rocketchat<br />
<br />
Check out all the user IDs in the database: <br />
db.users.find().forEach( function(u) { print(u._id + ";" + u.username); } ) <br />
<br />
Or just a specific user's ID:<br />
db.users.find({'username':'usernamehere'}).forEach( function(u) { print(u._id + \" ; \" + u.username); } )<br />
<br />
Replace specific user ID's password in the database:<br />
db.users.update( {'_id': 'useridhere'}, {$set: {'services.password.bcrypt': 'bcryptedpasswordhere'}}, {multi:true} )<br />
<br />
My only issue with above (only time I needed it for recovery purposes), was that I didn't know which tool to use to generate a bcrypted password. So in the hurry I copied the hash from one account I already knew (my own). If someone knows a good command for creating one directly in bash, I assume it would do.<br />
<br />
There are bcrypt password generators online, and various libraries you can use<br />
<br />
For listing out any passwords in the database I used:<br />
<br />
db.users.find().forEach( function(u) { print(u.services.password.bcrypt + " ; " + u.username); } ) <br />
<br />
If you have deactivated users it may fail so use this for individual accounts.<br />
<br />
However, you can get it for an individual user with:<br />
<br />
db.users.find({'username':'SomeUserName'}).forEach( function(u) { print(u.services.password.bcrypt + " ; " + u.username); } ) <br />
<br />
Set a user config item:<br />
<br />
db.users.update( {'username': 'SomeUserName'}, {$set: {'settings.preferences.showMessageInMainThread': 'true'}} )<br />
<br />
Find a single user:<br />
<br />
db.getCollection('users').find( {'username':'SomeUserName'} )<br />
<br />
Get limited information:<br />
<br />
db.getCollection('users').find({}, {"username":1, "settings.preferences.showMessageInMainThread":1})<br />
<br />
Reset 2FA nonsense:<br />
<br />
db.users.update({'username': 'SomeUserName'}, {$unset: {'services.totp': 1}});<br />
db.users.update({'username': 'SomeUserName'}, {$unset: {'services.email2fa': 1}});<br />
<br />
===Database Backup===<br />
<br />
You can dump the tables to a directory of your choice:<br />
<br />
mongodump --dumpDbUsersAndRoles -d rocketchat -o /root/rocketchatmongo<br />
<br />
===Database Restore===<br />
<br />
You can restore you database as follows:<br />
<br />
mongorestore --restoreDbUsersAndRoles -d rocketchat -dir /root/rocketchatmongo/rocketchat --quiet<br />
<br />
===Database Fix tables===<br />
<br />
To remove user data file links a variation on this link<br />
https://github.com/RocketChat/feature-requests/issues/718<br />
<br />
mongo<br />
use rocketchat<br />
db.rocketchat_user_data_files.remove( { } )<br />
db.runCommand({ compact: 'rocketchat_user_data_files', force: true });<br />
quit;<br />
<br />
==Node usage==<br />
<br />
* This should go to a new Node page for reference<br />
<br />
Use n, an extremely simple Node version manager that can be installed via npm (See http://stackoverflow.com/questions/7718313/how-to-change-to-an-older-version-of-node-js)<br />
<br />
Say you want Node.js v0.10.x to build Atom.<br />
<br />
npm install -g n # Install n globally<br />
n 0.10.33 # Install and use v0.10.33 local only<br />
<br />
Usage:<br />
n # Output versions installed<br />
n latest # Install or activate the latest node release<br />
n stable # Install or activate the latest stable node release<br />
n <version> # Install node <version><br />
n use <version> [args ...] # Execute node <version> with [args ...]<br />
n bin <version> # Output bin path for <version><br />
n rm <version ...> # Remove the given version(s)<br />
n --latest # Output the latest node version available<br />
n --stable # Output the latest stable node version available<br />
n ls # Output the versions of node available<br />
<br />
<br />
==NPM Usage==<br />
<br />
To update your version of npm run the following<br />
<br />
npm install -g npm<br />
<br />
Or for a specific version:<br />
<br />
npm install -g npm@3.10.9<br />
<br />
==DB settings==<br />
<br />
Typical standard setup:<br />
rocketchat=service<br />
TCPPort=3000<br />
access=public<br />
mailPort=25<br />
mailURL=localhost<br />
status=enabled<br />
<br />
Typical proxy subdomain setup:<br />
rocketchat=service<br />
SSLProxy=yes<br />
TCPPort=3000<br />
access=private<br />
mailPort=25<br />
mailURL=localhost<br />
rootURL=chat.mydomain.co.uk<br />
status=enabled<br />
<br />
<br />
<br />
==Koozali SME v10==<br />
<br />
I am starting to look at running this under docker on v10<br />
<br />
Some quick notes.<br />
<br />
You will need<br />
<br />
Docker<br />
https://wiki.contribs.org/Docker<br />
<br />
Docker Compose (because it makes it easier to template)<br />
https://github.com/docker/compose/releases<br />
<br />
Docker environment settings to disable 2FA<br />
<br />
- OVERWRITE_SETTING_Accounts_TwoFactorAuthentication_Enforce_Password_Fallback=false<br />
- OVERWRITE_SETTING_Accounts_TwoFactorAuthentication_Enabled=false<br />
<br />
Mongo (I prefer to run a full instance rather than a docker one)<br />
https://wiki.contribs.org/MongoDB<br />
<br />
Make sure you add replicaset support in Mongo and set it up:<br />
<br />
mongo --eval "printjson(rs.initiate())"<br />
<br />
<br />
I'll add more later, and try and make a full contrib in due course<br />
<br />
FAQ<br />
<br />
https://handbook.rocket.chat/company/tools/rocket.chat</div>ReetPhttps://wiki.koozali.org/index.php?title=Rocket_Chat&diff=42167Rocket Chat2023-07-27T14:35:52Z<p>ReetP: </p>
<hr />
<div>{{Level|Advanced}}<br />
<blockquote style="float: right;"><br />
[[File:Rocket-dot-chat-logo.png|200px]]<br />
</blockquote><br />
{{Warning box| Due to the changes in Rockets requirements noted below please see the [[Rocket_Chat:Contrib|Rocket Chat Contrib]] This will run Rocket in a docker container}}<br />
{{Warning box| Most of the following is obsolete but here for posterity and reference}}<br />
<br />
===Maintainer===<br />
'''Maintainer:''' [mailto:RequestedDeletion@gmail.com[[User:RequestedDeletion|RequestedDeletion]]]<br />
<br />
==About==<br />
"[https://rocket.chat/ Rocket.Chat,] the ultimate webchat platform. From group messages and video/audio calls all the way to helpdesk killer features. Our goal is to become the number one cross-platform open source chat solution"<br />
* '''Messaging''' Direct and group messages, public or private.<br />
* '''Video Conference''' Chat with your colleagues and friends face-to-face over audio and video. [https://github.com/RocketChat/Rocket.Chat/pull/989 '''See details'''.] Test your device [https://test.webrtc.org/ here].<br />
* '''Helpdesk chat''' Have your website visitors contact you in real-time and increase conversions.<br />
* '''File sharing''' Drag-and-drop files or select them from your computer or mobile device.<br />
* '''Screen sharing''' Select any window to share with your audience.<br />
* '''Voice messages''' Record and transmit voice messages to a channel, group or private conversation.<br />
* '''Link preview''' Post a link and immediately view its content. YouTube, Twitter, Gifs!<br />
* '''API''' Integrate your chat to multiple services: GitHub, GitLab, JIRA, Confluence and others.<br />
* '''Extendability''' Want a killer new feature? Add a new package. It's as simple as that.<br />
* '''Native applications''' Native client applications available for download on Linux, Windows and OSX.<br />
* '''Mobile applications''' Mobile client applications available for iOS and Android on their respective stores.<br />
<br />
<br />
In short, a [https://slack.com/ Slack], [https://www.hipchat.com/ HipChat], Jabber (XMMP), IRC or even a [https://skype.com Skype] alternative, completely and '''securely self hosted and controlled'''. Great for closed (company/family/friends/community) teams.<br />
<br />
{{Note box|Rocket.Chat is a young project and therefore under very active development. Very regularly they release new (minor) versions. Your mileage may vary! Please see their [https://github.com/RocketChat/Rocket.Chat development] on [https://github.com/RocketChat/Rocket.Chat GitHub] for the activities and Rocket.Chat developments.}}<br />
<br />
==Obsolete Notes==<br />
<br />
<br />
This how-to can be discussed on the forums [https://forums.contribs.org/index.php/topic,52405.0.html '''here''']<br />
Latest Rocket.Chat version tested: '''0.39''' (please see the change log [https://github.com/RocketChat/Rocket.Chat/releases here]).<br />
<br />
==Requirements==<br />
{{Warning box|Please be aware that for now only Rocket.Chat up to version '''0.39''' can be installed due to dependencies on the Nodejs version available via software collections.}} <br />
Rocket.Chat requires several higher versions of applications and frameworks than provided by Koozali SME Server by default. Therefore we need to install some '''[[Software Collections]]''' Packages and enable some addition repo's.<br />
<br />
# You must have '''SME Server 9.x 64-bit'''<br />
# You must install the '''[[epel]]''' repository<br />
# You must install the '''[[centos-sclo-rh]]''' repository<br />
# You must install the '''[[Software Collections]]''' tool<br />
<br />
After having installed the above repo's and installing Software Collections, you can install the required collections by:<br />
yum install rh-python34-python rh-mongodb32-mongodb rh-mongodb32-mongodb-server nodejs010 GraphicsMagick --enablerepo=centos-sclo-rh,epel<br />
<br />
After installing the Software Collections we need to update some packages using NodeJS package manager NPM:<br />
scl enable nodejs010 'npm install -g npm ws inherits n forever forever-service'<br />
scl enable nodejs010 'n 0.10.40'<br />
<br />
== Installation of Rocket.Chat==<br />
First we need to create the SME Server services:<br />
<br />
For Rocket.Chat:<br />
ln -s /etc/rc.d/init.d/e-smith-service /etc/rc.d/rc7.d/S99rocketchat<br />
config set rocketchat service status enabled TCPPort 3000 access public<br />
<br />
For MongoDB (please note the usage of mongod and NOT mongod'''b'''):<br />
ln -s /etc/rc.d/init.d/e-smith-service /etc/rc.d/rc7.d/S99rh-mongodb32-mongod<br />
config set rh-mongodb32-mongod service status enabled access private TCPPort 27017<br />
<br />
And to update the ports:<br />
signal-event remoteaccess-update<br />
<br />
Now we can download and install the latest Rocket.Chat version from their [https://rocket.chat/releases/ downloads] repository:<br />
cd /root<br />
curl -L https://rocket.chat/releases/0.39.0/download -o rocket.chat.tgz<br />
tar zxvf rocket.chat.tgz<br />
mv bundle /opt/Rocket.Chat<br />
<br />
Once Rocket.Chat has been downloaded and unpacked, we need to 'register' Rocket.Chat with NodeJS with NPM:<br />
cd /opt/Rocket.Chat/programs/server<br />
scl enable nodejs010 'npm install'<br />
<br />
Rocket.Chat has now been installed and you can test-drive you installation.<br />
<br />
First we need to set some environment variables manually (Please use your own correct settings):<br />
export ROOT_URL=http://yourserver.com/<br />
export MONGO_URL=mongodb://localhost:27017/rocketchat<br />
export PORT=3000<br />
export MAIL_URL=smtp://localhost:25<br />
<br />
and then we can start Rocket.Chat manually (with CTL-C you can quit Rocket.Chat):<br />
cd /opt/Rocket.Chat<br />
node main.js<br />
<br />
Browse to http://yourserver:3000 and create the first admin user.<br />
<br />
{{Note box|This FIRST user will be the 'master administrator' even if you use [[Rocket_Chat#LDAP_Authentication|'''LDAP authentication''']] for your users. So if even if you use LDAP, this user will still be able to login and grant Rocket.Chat admin rights to [[Rocket_Chat#LDAP_Authentication|LDAP]] accounts.}}<br />
<br />
==Auto start Rocket.Chat at boot==<br />
Since SME Server has put it's name in /etc/system-release, the (NodeJS) forever utility will not be able to detect the main distribution name (e.g. CentOS) and will exit with an error. To add 'SME Server' to the list of recognised distributions so that the forever-service tool will run properly, is to execute the following command (don't be disturbed by the Oracle mentioning, it's just to locate the correct position):<br />
sed -i -e 's/(Oracle Linux)/(Oracle Linux)|(SME Server)/' \<br />
/opt/rh/nodejs010/root/usr/lib/node_modules/forever-service/templates/sysvinit/installer.js<br />
<br />
Generate the init script 'rocketchat' that will automatically be placed into /etc/rc.d/init.d:<br />
cd /opt/Rocket.Chat<br />
forever-service install -s main.js -e "ROOT_URL=https://chat.mycompany.local/ \<br />
MONGO_URL=mongodb://localhost:27017/rocketchat PORT=3000 MAIL_URL=smtp://mycompany.local:25" \<br />
-p "/opt/rh/nodejs010/root/usr/lib/node_modules/forever/bin" rocketchat<br />
Please use the correct values in the command above from your specific setup.<br />
<br />
The created init script '/etc/rc.d/init.d/rocketchat' is not aware that we use [[Software Collections]], so we have to add directives to the init script that we do:<br />
sed -i '26 a source /opt/rh/nodejs010/enable' /etc/rc.d/init.d/rocketchat<br />
sed -i '27 a source /opt/rh/rh-mongodb26/enable' /etc/rc.d/init.d/rocketchat<br />
sed -i '28 a source /opt/rh/rh-python34/enable' /etc/rc.d/init.d/rocketchat<br />
sed -i '29 a source /opt/rh/rh-java-common/enable' /etc/rc.d/init.d/rocketchat<br />
<br />
<br />
{{Note box|Please note that if you change anything on your Rocket.Chat environment such as URL's, subdomain name(s), ports or mail server, you have to run the above again to reflect your new environment. If so, please remove /etc/rc.d/init.d/rocketchat first. (rm /etc/rc.d/init.d/rocketchat).}}<br />
<br />
Rocket.Chat will now start at boot time or manually:<br />
service rocketchat start|stop|status|restart<br />
<br />
<br />
Please note that it may take a little while, up to a minute, for Rocket.Chat to become available. In the mean time you can be shown a HTTP error 503. Please try again in a minute or a bit longer. Why this is? No Idea for now, other that it may be related to MongoDB processes.<br />
<br />
==Make Rocket.Chat available on a sub domain==<br />
Install the '''[[Webapps-common]]''' contrib.<br />
<br />
To create your sub domain (e.g. https://chat.yourserver.com)<br />
db domains set chat.yourserver.local domain Description "RocketChat" Nameservers internet \<br />
TemplatePath WebAppVirtualHost RequireSSL enabled ProxyPassTarget http://localhost:3000/ ProxyPreserveHost yes<br />
The 'ProxyPassTarget' property could also point to another host (IP) that has Rocket.Chat installed, e.g. a virtual SME Server on the same LAN. In that case, also LDAP and open/close ports have to be taken into consideration.<br />
To expand and activate:<br />
signal-event webapps-update<br />
<br />
If your servers' default FQDN is already chat.yourserver.com, there is no need to create a new subdomain. Instead of the above command, you can enter the following:<br />
db domains setprop chat.yourserver.com TemplatePath WebAppVirtualHost RequireSSL enabled ProxyPassTarget http://localhost:3000/ ProxyPreserveHost yes<br />
<br />
To disable the default access on port 3000, for we now access our chat platform via the subdomain, and for security we change the default access method from public to private.<br />
config setprop rocketchat access private<br />
signal-event remoteaccess-update<br />
<br />
You can now visit Rocket.Chat at https://chat.yourserver.com. Rocket.Chat will notice that the URL that is being used to access Rocket.Chat has been changed, and will propose to change it to the new URL.<br />
<br />
==WebRTC configuration==<br />
{{Note box|Please note that WebRTC connections on the chromium engines based browsers '''require''' secure connections (http'''s'''). Normal http connections will be refused. Please see the '''[[letsencrypt]]''' wiki page for more info on how to obtain a valid certificate for your Koozali SME Server(s) and domains. Please see [https://sites.google.com/a/chromium.org/dev/Home/chromium-security/deprecating-powerful-features-on-insecure-origins '''this'''] article on why. How other browsers such as Firefox and IE manage this is not known, if you do, please add a note.}}<br />
Rocket.Chat uses WebRTC to make voice/video calls. This requires the additional Apache module proxy_wstunnel. This is available from the '''[[fws]]''' repository.<br />
yum install mod_proxy_wstunnel --enablerepo=fws<br />
<br />
A custom template is required to load the proxy_wstunnel module by default and in the correct order:<br />
mkdir -p /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf<br />
nano -w /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/20LoadModule60<br />
and paste the following content and save:<br />
{<br />
$OUT .= load_modules(qw(<br />
proxy_wstunnel<br />
));<br />
}<br />
Then expand httpd.conf and restart Apache:<br />
expand-template /etc/httpd/conf/httpd.conf<br />
service httpd-e-smith restart<br />
<br />
To show if the module is correctly loaded:<br />
apachectl -M |grep wstunnel<br />
it should be listed as '''proxy_wstunnel_module (shared)'''<br />
<br />
To be able to redirect websocket requets to the Rocket.Chat engine, the following must be present in httpd.conf under the virtualhost sub-domain:<br />
ProxyPass /.well-known/acme-challenge/ !<br />
ProxyPreserveHost On<br />
ProxyPassMatch ^/sockjs/(.*)/websocket ws://localhost:3000/sockjs/$1/websocket<br />
ProxyPass / http://localhost:3000/<br />
ProxyPassReverse / http://localhost:3000/<br />
<br />
==LDAP Authentication==<br />
As the Rocket.Chat admin go into administration -> LDAP, and use the following settings (please use your server details):<br />
Enable: True<br />
Host: 127.0.0.1<br />
Port: 389<br />
Domain base: ou=Users,dc=mycompany,dc=local<br />
Domain search user: uid=admin,ou=Users,dc=mycompany,dc=local<br />
Domain search password: admin password of your server<br />
Doamin search user ID: uid<br />
Sync data: True<br />
Default domain: chat.yourserver.com (as per the subdomain)<br />
Save the settings and use the test button to test the connection to the LDAP directory. Then 'Sync users'. For more specific details on Rocket.Chat and LDAP user authentication please see [https://rocket.chat/docs/administrator-guides/authentication/ldap '''their documentation'''].<br />
<br />
==Maintenance==<br />
====Upgrade Rocket.Chat====<br />
Interestingly there is not much information on upgrading your Rocket.Chat version. It does not help either that the Rocket.Chat team closed their wiki and took it off-line in favour of a new doc system which is not populated with info as much.<br />
<br />
The preferred way as it seems is completely remove /opt/Rocket.Chat...<br />
service rocketchat stop<br />
rm -rf /opt/Rocket.Chat<br />
and then repeat the download, unpack and move as descibed above. Then start Rocket.Chat:<br />
service rocketchat start<br />
Please note it can take a bit for the Rocket.Chat service to become available for the MongoDB structure version is being checked and automatically updated according to the Rocket.Chat version.<br />
<br />
====Backup Rocket.Chat====<br />
{{Note box|Please note that this section is experimental. Somebody with more extensive knowledge of MongoDB may help here. This section is not finished yet, so please do NOT use on production servers, just test VM's. The default storage location of MongoDB is '/var/opt/rh/rh-mongodb26/lib/mongodb' (as set in '/etc/opt/rh/rh-mongodb26/mongod.conf'.) We might want to change this to /home/e-smith/files/mongodb' or '/var/lib/mongodb' and run a script to be included in the pre-backup event, just like MySQL, to hold transactions and make a backup.}}<br />
<br />
To be able to backup Rocket.Chat data with the default SME Server backup mechanisms, the data should be available within the backup paths. In this case we will place the Rocket.Chat backup data in /home/e-smith/files.<br />
<br />
To dump the Rocket.Chat data:<br />
mongodump --dumpDbUsersAndRoles -d rocketchat -o /home/e-smith/files<br />
([https://docs.mongodb.org/v2.6/reference/program/mongodump/ Documentation])<br />
and to restore the Rocket.Chat data:<br />
mongorestore --restoreDbUsersAndRoles -d rocketchat -dir /home/e-smith/files/rocketchat --quiet<br />
<br />
You may want to automate the execution of the above mongodump command by means of a cron job. For easy management of this, you could use the excellent [[Crontab_Manager|'''Crontab Manager''']] contrib.<br />
<br />
====Remove Rocket.Chat====<br />
TBA<br />
<br />
==Rocket.Chat clients==<br />
Next to your browser, you can use Rocket.Chat desktop clients for Linux, Windows and Mac. Please see https://github.com/RocketChat/Rocket.Chat.Electron/releases<br />
<br />
Obviously there are mobile clients for both Android and iOS. Please search for 'Rocket chat' in either app store.<br />
<br />
==TO DO==<br />
* Backup and how to manage Rocket.Chat data (e.g. mongodb and FS options)<br />
* Include the push server config for both Android and iOS<br />
* Remove Rocket.Chat<br />
* Watch developments such as using PostgreSQL/MariaDB opposed to MongoDB<br />
* Test, test, test<br />
* Showcase SME Server, contribs and software collections.<br />
<br />
==Tips & Tricks==<br />
* Nice website for 'Cartoonish' avatars that can be used to replace your initials in all your Rocket.Chat conversations. [http://pickaface.net/ '''Pick a face''']<br />
* Test/troubleshoot your device for WebRTC capabilities [https://test.webrtc.org/ '''WebRTC Troubleshooter''']<br />
<br />
[[Category:Howto]]<br />
[[Category: Webapps]]</div>ReetPhttps://wiki.koozali.org/index.php?title=Docker&diff=42166Docker2023-07-27T10:57:27Z<p>ReetP: /* config entries */</p>
<hr />
<div>{{WIP box}}<br />
Placeholder for anything to do with Docker (https://docker.com)<br />
{{Note box| The contrib has been built from the original notes and I use it to permanently run Rocketchat }}<br />
<br />
=== Version ===<br />
{{ #smeversion: smeserver-docker }}<br />
<br />
'''You can discuss all things related to this page on the forums [http://forums.contribs.org/index.php/topic,51181.0.html here]'''<br />
<br />
'''There is a separate page that addresses the design of a Docker contrib [http://wiki.contribs.org/Docker_design_concept here]''' <br />
<br />
'''There is also a page to discuss on how to create a Docker image of SME [https://wiki.contribs.org/Docker_Image_of_SME here]'''<br />
<br />
==About==<br />
[[File:Docker_logo.png]]<br />
<br />
Docker is an open-source project that automates the deployment of applications inside software containers, providing that way an additional layer of abstraction and automatization of operating system–level virtualization on Linux. Docker uses resource isolation features of the Linux kernel such as cgroups and kernel namespaces to allow independent "containers" to run within a single Linux instance, avoiding the overhead of starting virtual machines.<br />
<br />
<br />
===Why Docker on SME Server?===<br />
Docker containers hold one or more applications (and all it's dependencies) and can be started and stopped at will. The containers, when activated, use the Linux kernel namespaces and are operating isolated from the rest of your server, except for storage/mount points and networking, depending on the configuration of the container. Some applications require special PHP versions or other modifications to your server settings that are not desirable and may effect yum updates and upgrades. Docker containers is a way to have such an application packed with all it's dependencies and run it isolated. You can have multiple containers running, depending on your server hardware capacity.<br />
<br />
Examples:<br />
* ownCloud running in a container with a higher version of PHP then SME Server provides<br />
* A postgres application running in a container without having to install Postgres on SME Server<br />
* Service on demand, you can start/start (even scripted) a container when you need the service within the container<br />
* Move containers from one SME Server to another (Back-up or production) without installing the application itself<br />
* Time based service e.g. cron jobs. Only have an application running when you need it.<br />
* Keep SME Server's stock stability, security and flexibility, yet run exotic applications<br />
<br />
<br />
==Considerations==<br />
* Storage of image library (local/NAS)<br />
* Storage of Docker application data (local/NAS)<br />
* Networking e.g. bridged with host, new bridge with host or port mapping<br />
* Stand alone all-in-on docker or linked containers<br />
* Security<br />
* Only use TRUSTED repo's with images. Who build the image, what's in it?<br />
* Naming convention of images to identify source(person or repo), SME version, application and version. e.g.:<br />
owncloud-7.0.1-smeserver-9.0-john<br />
wordpress-3.9.1-smeserver-8.1-mary<br />
ehour-1.4.1-smeserver-9.0-richard<br />
sharedfolders-2.1.1-smeserver-9.0-fws<br />
frontaccounting-3.2.1-smeserver-8.1-contribsorg<br />
<br />
Why the SME Server version in the naming convention if it's all inside the container? Well, it could well be that the application inside the container will use some of SME Server specifics such as the db, templates or perl interaction. In that case we need to make sure that we know for which SME Server the image was build.<br />
<br />
<br />
* Verification (checksum) of available images<br />
* Setting up trusted docker repo's<br />
* disable docker repo's enabled by default at installation and come up with a command that enables them a la Yum<br />
<br />
<br />
==Installation==<br />
<br />
===Contrib===<br />
yum --enablerepo=extras install epel-release.<br />
yum install smeserver-extrarepositories-docker-ce<br />
signal-event yum-modify<br />
yum --enablerepo=smecontribs,extras,epel install smeserver-docker<br />
signal-event post-upgrade;signal-event reboot<br />
<br />
(Note the contrib is still in smetest)<br />
<br />
====Avoiding conflicts====<br />
<br />
docker-compose templates used:<br />
<br />
smeserver-docker<br />
01version<br />
10HelloWorldTest<br />
<br />
smeserver-rocketchat<br />
20rocketchat<br />
<br />
====config entries====<br />
<br />
config setprop docker iptables false/true - default false<br />
<br />
config setprop docker DNS [192,168.10.1,8.8.8.8] - defaults to LocalIP<br />
<br />
config setprop docker DockerNetwork [IP range eg 192.168.100.0/24] - defaults to dockers own choice. Range is not yet checked for validity.<br />
<br />
There is an action to update the core files:<br />
<br />
smeserver-docker-update <br />
<br />
{{Note box| Note to self - probably needs quotes around "false" for iptables}}<br />
<br />
config show docker <br />
status enabled/disabled - enabled by default<br />
iptables true/false - false by default to prevent docker manipulating iptables<br />
<br />
config show containerd<br />
status enabled/disabled - enabled by default - called and used by docker<br />
<br />
See if it works:<br />
<br />
systemctl status docker<br />
<br />
====Testing====<br />
<br />
We can run docker directly but the preferred method is to use compose<br />
<br />
curl -L https://github.com/docker/compose/releases/download/1.29.2/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose<br />
chmod +x /usr/local/bin/docker-compose<br />
chgrp docker /usr/local/bin/docker-compose<br />
<br />
A test compose file is installed.<br />
<br />
cd /home/e-smith/files/docker/configs<br />
docker-compose up -d hello_world<br />
<br />
Add your own templates to:<br />
<br />
/etc/e-smith/templates/home/e-smith/files/docker/configs/docker-compose.yml<br />
<br />
or:<br />
<br />
/etc/e-smith/templates-custom/home/e-smith/files/docker/configs/docker-compose.yml<br />
<br />
To expand the template:<br />
<br />
signal-event smeserver-docker-compose-update<br />
cd /home/e-smith/files/docker/configs<br />
docker-compose up -d my_hello<br />
<br />
Using plain docker:<br />
<br />
docker run hello-world<br />
<br />
Other commands:<br />
<br />
docker ps -a<br />
docker rm <id><br />
<br />
docker images<br />
docker rmi <id><br />
<br />
==Things to do==<br />
<br />
Plenty<br />
<br />
===Challenges===<br />
* How to interact with localhost PAM or LDAP from within a container?<br />
<br />
I think that you can access localhost services by adding:<br />
<br />
--net="host" to docker run<br />
<br />
This means any services on the docker container are equally valid 'localhost' services accessible from the server itself so you need to ensure the server is properly firewalled. See Issues below.<br />
<br />
* Many more...<br />
<br />
<br />
==Notes==<br />
<br />
<br />
====Networking====<br />
<br />
{{WIP box | This is still a work in progress. the following are notes for reference only}}<br />
<br />
Docker attempts to guess what network to use and sets a bridged interface for it.<br />
<br />
Access to the container.<br />
<br />
This allows access to any local services, and any ports in the container will appear locally<br />
<br />
v1 format<br />
--net="host" <br />
<br />
v2 + format<br />
<br />
Docker<br />
--network host<br />
<br />
Compose<br />
network_mode: host<br />
<br />
This maps container port 80 to host port 8088<br />
<br />
# container:host<br />
ports:<br />
- 8080:8080<br />
<br />
So if you ran an Apache container service on port 80, you can connect to it from the host using <br />
<br />
container.ip.add:8088<br />
<br />
Using --network host means it is easier to connect to the container using the local IP address. Simple port forwarding/opening will suffice.<br />
<br />
However, it exposes all ports on the container locally, and there may also be conflicts with local ports.<br />
<br />
Using a port mapping is preferred, but your SME server will then block access container access to local services such as DNS.<br />
<br />
The answer is probably to statically set the Docker network, and then add the network to 'Local Network'. You can then expose ports via the docker config entry eg:<br />
<br />
docker=service<br />
status=enabled<br />
UPDPort=1234<br />
TCPPort=8088<br />
<br />
I am working on this currently but the LocalNetworking approach doesn't work. It probably need manipulation of the firewall with templates.<br />
<br />
=== Login to container===<br />
<br />
If permitted, most containers can be logged into using this:<br />
<br />
docker exec -t -i -u root <container_name> /bin/bash<br />
<br />
===SME Server specifics===<br />
By default Docker will store all images, containers and other data in:<br />
/var/lib/docker<br />
<br />
For SME Server this is not ideal for we would like to incorporate all Docker data into the pre-defined backup procedure(s) that come with SME Server. The preferred location for Docker data would be:<br />
'''/home/e-smith/files/docker'''<br />
<br />
===File permissions===<br />
<br />
You may have issues writing to local filesystems from Docker images.<br />
<br />
First add something like this to your compose file<br />
<br />
volumes:<br />
- /opt/uploads/:/opt/uploads/<br />
<br />
You may need to find out what permissions are required.<br />
<br />
<br />
In RocketChat I had to add a dummy user and group like this<br />
<br />
mkdir -p /opt/uploads<br />
chmod 0777 /opt/uploads<br />
<br />
I then could upload and check the ID that docker users. I thins case it was 65533<br />
<br />
So I then did:<br />
groupadd -g 65553 rocketchat<br />
useradd -s /sbin/nologin -u 65533 -d /dev/null -g rocketchat rocketchat<br />
chmod 0744 /opt/uploads<br />
<br />
And then test again.<br />
<br />
===Using a Docker image===<br />
<br />
You should generally be prefer to use docker-compose for images.<br />
<br />
<br />
==Building your own images==<br />
* Notes<br />
Manual, or..<br />
https://github.com/docker/fig<br />
<br />
<br />
==Related articles of interest==<br />
* [http://jpetazzo.github.io/2014/01/29/docker-device-mapper-resize/ Container storage and (re)size]<br />
<br />
===Setting up a (Private) Docker repository===<br />
TBA<br />
<br />
* https://blog.codecentric.de/en/2014/02/docker-registry-run-private-docker-image-repository/<br />
<br />
<br />
<br />
==='Proposal test image:'===<br />
An application that requires Java, PHP, Apache, MySQL and LDAP. The localhost MySQL and localhost LDAP should be used by the application. The application should be publicly available either on a subdomain or specific port on the FQDN. The application should only be available between 08:00AM until 19:00PM.<br />
All application data should be incorporated by the default SME Sever backup mechanisms, including the image itself.<br />
<br />
* Building the image based on centos6<br />
* Configure networking, bridges and ports<br />
* Start/restart and stop syntax of the application<br />
* Configure cron<br />
<br />
==General old notes==<br />
The following methods and notes are left for reference.<br />
<br />
By default, there are pre-built images available from the official [https://registry.hub.docker.com/ Docker Hub]. In our examples we will use the pre-built centos7 image.<br />
<br />
To get a list of all available Centos images you can use:<br />
docker search centos<br />
You will be flooded with available images from the Docker hub. This is because everyone can have a free account on Docker hub and create one repository for him/herself. We limit our testing to the official Centos repo. With all the other images, you are on your own and usage is at your own risk.<br />
<br />
===Downloading a docker image===<br />
To download the centos7 image to your local server, issue the following command as root:<br />
docker pull centos:centos7<br />
where the syntax is 'centos' as the main repository and 'centos7' the specific version. Would you issue only 'docker pull centos', then all centos versions will be downloaded. So be specific.<br />
<br />
Once the image has been downloaded, you can check your local images by issuing:<br />
docker images<br />
<br />
The listing included the Image ID and Name. These are important to run additional commands when the container is running.<br />
<br />
<br />
===Running a docker container===<br />
Now that we have downloaded the centos7 image it's time to give it a spin. To start the cento6 container we can issue the following command:<br />
docker run -t -i --net="host" centos:centos7 bash<br />
This will tell docker to run the centos6 container interactively from the local centos repo, use the host network interface and start bash. After a few seconds you will be presented with the bash prompt inside the centos7 container:<br />
bash-4.1#<br />
and to check if we are really inside the centos6 container we can display the release version:<br />
cat /etc/redhat-release<br />
which will result in:<br />
CentOS release 7.8 (Final)<br />
From here you can use the normal commands like yum etc.<br />
<br />
To exit the container you give the normal 'exit' command, which will stop the centos6 container and bring you back to the prompt of your local server.<br />
<br />
To run a container in the background, you need to issue to docker run command with the -d flag instead of the -i flag<br />
<br />
<br />
===Copy docker images===<br />
Docker images are stored on your local server. If you want to run the image on another machine you first have to take the image out of your local image repository and save the image in a transferable format. For this the ''save'' the image in .tar format. To get a listing of all available images on your local server:<br />
<br />
docker images<br />
<br />
will result in (example):<br />
<br />
[root@sme9 ~]# docker images<br />
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE<br />
sme9 6.5 55db4355a2de 46 minutes ago 854.7 MB<br />
leszekk/centos_minimalcd 6.5 bc56fa8f1204 8 months ago 452.6 MB<br />
<br />
To create a copy of our sme9 image and save it as 'copyofsme9 you need to enter the following command:<br />
docker save sme9:6.5 > /tmp/copyofsme9.tar<br />
<br />
which will result in a copyofsme9.tar file in your /tmp directory of your local server. You can now copy/move this file to another server or simply archive it for later usage.<br />
<br />
To use the copyofsme9.tar file on another server and use it on that server with Docker, we can load it into the repository of the new server:<br />
docker load -i < /downloads/copyofsme9.tar<br />
<br />
After Docker has loaded the file, you can check it's availability by executing: docker images and you can use it just like any other image on your new server. You can use the ''save'' and ''load'' commands to clean up your local repository and share copies of your image.<br />
<br />
===Docker networking===<br />
<br />
some thoughts to share on docker networking<br />
<br />
* Network port mapping<br />
http://docs.docker.com/userguide/dockerlinks/<br />
* Network Configuration<br />
http://docs.docker.com/articles/networking/<br />
<br />
'''Note:''' Could we use FWS webapps to create an apache sub domain where the docker web application can be reached and 'masquerade' an unusual http port? e.g.<br />
owncloud.mydomain.com vs mydomain.com:8000<br />
Using<br />
mydomain.com/owncloud<br />
would require ibay checking <br />
<br />
<br />
===Docker Name resolution===<br />
<br />
<br />
Other DNS can be added to the unit file or daemon.json - see further below for details.<br />
<br />
Or you could add directly from the command line<br />
docker run -i -t -dns 208.67.220.220 -dns 208.67.220.222 sme9_real:6.5 /bin/bash<br />
<br />
===Docker Compose===<br />
<br />
https://github.com/docker/compose/releases/tag/1.29.2<br />
<br />
curl -L https://github.com/docker/compose/releases/download/1.29.2/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose<br />
chmod +x /usr/local/bin/docker-compose<br />
<br />
===Shipyard web GUI===<br />
Deprecated<br />
There is a separate page on how to install Shipyard, the Docker web GUI [http://wiki.contribs.org/Shipyard here]<br />
<br />
<br />
===Issues===<br />
<br />
This was a v9 issue. Leaving for reference.<br />
<br />
You will find that if you use 'host' networking docker will set /sys as Read Only and you will get an error with the raid_check as per this bug<br />
<br />
https://bugs.contribs.org/show_bug.cgi?id=10660<br />
<br />
If you don't use host networking, you use the internal IP address set with docker, but this address is unknown as a local network to SME and it will block any queries emanating from the container. I am looking at this with the contrib.<br />
<br />
<br />
===Repo setup===<br />
<br />
db yum_repositories set docker-ce-stable repository \<br />
BaseURL 'https://download.docker.com/linux/centos/7/$basearch/stable' \<br />
EnableGroups no \<br />
GPGCheck yes \<br />
GPGKey https://download.docker.com/linux/centos/gpg \<br />
Name 'Docker Stable' \<br />
Visible yes \<br />
status enabled<br />
<br />
signal-event yum-modify<br />
<br />
yum --enablerepo=extras,docker-ce-stable install docker-ce docker-ce-cli<br />
<br />
or to try with the smeserver-docker contrib - still modifying this<br />
<br />
yum --enablerepo=extras,smetest install smeserver-docker<br />
<br />
<br />
So we get a service in /etc/systemd/system-preset/49-koozali.preset<br />
<br />
config set docker service status enabled<br />
config set containerd service status enabled<br />
mkdir -p /home/e-smith/files/docker<br />
mkdir -p /home/e-smith/files/docker/configs<br />
<br />
<br />
Startup options<br />
<br />
The big issue is getting this to work correctly with the firewall.<br />
<br />
https://docs.docker.com/compose/compose-file/compose-file-v3<br />
<br />
Host mode where the container has the same IP as the server and the service runs the same as any other host service, and can talk to other local host services easily, but exposes the container more.<br />
<br />
Bridge mode where the container is on it's own internal docker network that is bridged to the local machine, but then queries emanating from the container will have the internal docker IP and can be refused by real 'local' services eg AD/MySQL etc. unless the firewall or other services can be adjusted.<br />
<br />
<br />
https://docs.docker.com/compose/compose-file/compose-file-v3/#network_mode<br />
<br />
network_mode: "bridge"<br />
network_mode: "host"<br />
network_mode: "none"<br />
network_mode: "service:[service name]"<br />
network_mode: "container:[container name/id]"<br />
<br />
<br />
https://docs.docker.com/compose/compose-file/compose-file-v3/#ports<br />
<br />
Port mapping is incompatible with network_mode: host<br />
<br />
https://docs.docker.com/engine/reference/commandline/dockerd/#daemon-configuration-file<br />
<br />
We can add startup options via /etc/docker/daemon.json<br />
<br />
===Files to modify?===<br />
<br />
For now I have created a hardcoded file with the content from below<br />
<br />
mkdir -p /usr/lib/systemd/system/docker.service.d<br />
<br />
/usr/lib/systemd/system/docker.service.d/50koozali.conf<br />
<br />
If we template then we would use two fragments like this:<br />
<br />
/etc/e-smith/templates/usr/lib/systemd/system/docker.service.d/50koozali.conf/40service<br />
<br />
[Service]<br />
Type=notify<br />
# the default is not to use systemd for cgroups because the delegate issues still<br />
# exists and systemd currently does not support the cgroup feature set required<br />
# for containers run by docker<br />
# docker home set to /home/e-smith/files/docker<br />
ExecStart=<br />
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock -g /home/e-smith/files/docker/data<br />
ExecReload=/bin/kill -s HUP $MAINPID<br />
TimeoutSec=0<br />
RestartSec=2<br />
Restart=always<br />
<br />
/etc/e-smith/templates/usr/lib/systemd/system/docker.service.d/50koozali.conf/80install<br />
<br />
[Install]<br />
WantedBy=sme-server.target<br />
<br />
expand-template /usr/lib/systemd/system/docker.service.d/50koozali.conf<br />
<br />
<br />
But now we can use /etc/docker/daemon.json<br />
<br />
This can be templated. Key point to avoid is a conflict between the docker internal network and out own.<br />
We also want to know what is happening with IPTables rules<br />
<br />
eg<br />
<br />
{<br />
"bip": "192.168.100.1/24", << Set our own choice of internal network<br />
"data-root": "/home/e-smith/files/docker/data", << set our own data directory<br />
"dns": ["127.0.0.1", "192.168.10.212"] << set our own DNS<br />
}<br />
<br />
===Docker Networking===<br />
<br />
Docker now does it's own thing with IPTables and it is hard to disable - we need to be careful here<br />
<br />
https://docs.docker.com/network/iptables/<br />
<br />
How do we check conflicts?<br />
<br />
ip addr show docker0<br />
<br />
docker network ls<br />
<br />
docker network inspect bridge<br />
<br />
https://www.baeldung.com/ops/docker-network-information<br />
<br />
docker network inspect -f '{{range .IPAM.Config}}{{.Subnet}}{{end}}' bridge<br />
172.17.0.0/16<br />
<br />
So one way is to add it to the daemon.json file (see above)<br />
<br />
{<br />
"iptables": false<br />
}<br />
<br />
And note:<br />
<br />
Restart the Docker daemon and voila: your containers will not be exposed to every possible interface but you will need to explicitly manipulate your iptables rules if you want the traffic to pass through, e.g.: this is needed to NAT your containers:<br />
<br />
<br />
-A POSTROUTING -s 172.17.0.0/24 -o eth0 -j MASQUERADE<br />
<br />
An alternative which I use on RocketChat is to proxy calls using mod_proxy_tunnel.so<br />
<br />
/etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/20LoadModule98ExtraMod<br />
<br />
{<br />
# Load wstunnel if available<br />
if ( -e '/usr/lib64/httpd/modules/mod_proxy_wstunnel.so' ||<br />
-e '/usr/lib/httpd/modules/mod_proxy_wstunnel.so') {<br />
$OUT .= "LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so\n";<br />
}<br />
}<br />
<br />
You can then use some custom httpd templates to create a proxy pass virtual host.<br />
<br />
===Docker Compose===<br />
<br />
https://docs.docker.com/compose/install/<br />
<br />
Check the latest release:<br />
<br />
https://github.com/docker/compose/releases/<br />
<br />
curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose<br />
chmod 0700 /usr/local/bin/docker-compose<br />
chgrp docker /usr/local/bin/docker-compose<br />
<br />
Add template fragments here to make your compose file:<br />
<br />
/etc/e-smith/templates/home/e-smith/files/docker/configs/docker-compose.yml<br />
<br />
Note that there is now Compose format.<br />
<br />
https://github.com/docker/compose#where-to-get-docker-compose<br />
<br />
https://github.com/docker/compose-switch<br />
<br />
=== Old Unit file ===<br />
Previous unit file for ref<br />
<br />
[Unit]<br />
Description=Docker Application Container Engine<br />
Documentation=https://docs.docker.com<br />
BindsTo=containerd.service<br />
After=network-online.target firewalld.service containerd.service<br />
Wants=network-online.target<br />
Requires=docker.socket<br />
<br />
[Service]<br />
Type=notify<br />
# the default is not to use systemd for cgroups because the delegate issues still<br />
# exists and systemd currently does not support the cgroup feature set required<br />
# for containers run by docker<br />
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock -g /home/e-smith/files/docker<br />
ExecReload=/bin/kill -s HUP $MAINPID<br />
TimeoutSec=0<br />
RestartSec=2<br />
Restart=always<br />
<br />
# Note that StartLimit* options were moved from "Service" to "Unit" in systemd 229.<br />
# Both the old, and new location are accepted by systemd 229 and up, so using the old location<br />
# to make them work for either version of systemd.<br />
StartLimitBurst=3<br />
<br />
# Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230.<br />
# Both the old, and new name are accepted by systemd 230 and up, so using the old name to make<br />
# this option work for either version of systemd.<br />
StartLimitInterval=60s<br />
<br />
# Having non-zero Limit*s causes performance problems due to accounting overhead<br />
# in the kernel. We recommend using cgroups to do container-local accounting.<br />
LimitNOFILE=infinity<br />
LimitNPROC=infinity<br />
LimitCORE=infinity<br />
<br />
# Comment TasksMax if your systemd version does not support it.<br />
# Only systemd 226 and above support this option.<br />
TasksMax=infinity<br />
<br />
# set delegate yes so that systemd does not reset the cgroups of docker containers<br />
Delegate=yes<br />
<br />
# kill only the docker process, not all processes in the cgroup<br />
KillMode=process<br />
<br />
[Install]<br />
WantedBy=multi-user.target<br />
<br />
<br />
==Bugs==<br />
<br />
Please raise bugs under the SME-Contribs section in {{BugzillaFileBug|product=|component=|title=bugzilla}}and select the smeserver-docker component or use <br />
{{BugzillaFileBug|product=SME%20Contribs|component=smeserver-docker |title=this link}}.<br />
<br />
<br />
{{#bugzilla:columns=id,product,version,status,summary |sort=id |order=desc |disablecache=1 |component=smeserver-docker |noresultsmessage="No open bugs found."}}<br />
<br />
<br />
==Changelog==<br />
<br />
Only released version in smecontrib are listed here.<br />
<br />
{{ #smechangelog: smeserver-docker }}<br />
<br />
<br />
<br />
[[Category:Containers]]<br />
[[Category:Contrib]]<br />
[[Category:Containers:Docker]]</div>ReetPhttps://wiki.koozali.org/index.php?title=Docker&diff=42165Docker2023-07-27T10:57:07Z<p>ReetP: /* Testing= */</p>
<hr />
<div>{{WIP box}}<br />
Placeholder for anything to do with Docker (https://docker.com)<br />
{{Note box| The contrib has been built from the original notes and I use it to permanently run Rocketchat }}<br />
<br />
=== Version ===<br />
{{ #smeversion: smeserver-docker }}<br />
<br />
'''You can discuss all things related to this page on the forums [http://forums.contribs.org/index.php/topic,51181.0.html here]'''<br />
<br />
'''There is a separate page that addresses the design of a Docker contrib [http://wiki.contribs.org/Docker_design_concept here]''' <br />
<br />
'''There is also a page to discuss on how to create a Docker image of SME [https://wiki.contribs.org/Docker_Image_of_SME here]'''<br />
<br />
==About==<br />
[[File:Docker_logo.png]]<br />
<br />
Docker is an open-source project that automates the deployment of applications inside software containers, providing that way an additional layer of abstraction and automatization of operating system–level virtualization on Linux. Docker uses resource isolation features of the Linux kernel such as cgroups and kernel namespaces to allow independent "containers" to run within a single Linux instance, avoiding the overhead of starting virtual machines.<br />
<br />
<br />
===Why Docker on SME Server?===<br />
Docker containers hold one or more applications (and all it's dependencies) and can be started and stopped at will. The containers, when activated, use the Linux kernel namespaces and are operating isolated from the rest of your server, except for storage/mount points and networking, depending on the configuration of the container. Some applications require special PHP versions or other modifications to your server settings that are not desirable and may effect yum updates and upgrades. Docker containers is a way to have such an application packed with all it's dependencies and run it isolated. You can have multiple containers running, depending on your server hardware capacity.<br />
<br />
Examples:<br />
* ownCloud running in a container with a higher version of PHP then SME Server provides<br />
* A postgres application running in a container without having to install Postgres on SME Server<br />
* Service on demand, you can start/start (even scripted) a container when you need the service within the container<br />
* Move containers from one SME Server to another (Back-up or production) without installing the application itself<br />
* Time based service e.g. cron jobs. Only have an application running when you need it.<br />
* Keep SME Server's stock stability, security and flexibility, yet run exotic applications<br />
<br />
<br />
==Considerations==<br />
* Storage of image library (local/NAS)<br />
* Storage of Docker application data (local/NAS)<br />
* Networking e.g. bridged with host, new bridge with host or port mapping<br />
* Stand alone all-in-on docker or linked containers<br />
* Security<br />
* Only use TRUSTED repo's with images. Who build the image, what's in it?<br />
* Naming convention of images to identify source(person or repo), SME version, application and version. e.g.:<br />
owncloud-7.0.1-smeserver-9.0-john<br />
wordpress-3.9.1-smeserver-8.1-mary<br />
ehour-1.4.1-smeserver-9.0-richard<br />
sharedfolders-2.1.1-smeserver-9.0-fws<br />
frontaccounting-3.2.1-smeserver-8.1-contribsorg<br />
<br />
Why the SME Server version in the naming convention if it's all inside the container? Well, it could well be that the application inside the container will use some of SME Server specifics such as the db, templates or perl interaction. In that case we need to make sure that we know for which SME Server the image was build.<br />
<br />
<br />
* Verification (checksum) of available images<br />
* Setting up trusted docker repo's<br />
* disable docker repo's enabled by default at installation and come up with a command that enables them a la Yum<br />
<br />
<br />
==Installation==<br />
<br />
===Contrib===<br />
yum --enablerepo=extras install epel-release.<br />
yum install smeserver-extrarepositories-docker-ce<br />
signal-event yum-modify<br />
yum --enablerepo=smecontribs,extras,epel install smeserver-docker<br />
signal-event post-upgrade;signal-event reboot<br />
<br />
(Note the contrib is still in smetest)<br />
<br />
====Avoiding conflicts====<br />
<br />
docker-compose templates used:<br />
<br />
smeserver-docker<br />
01version<br />
10HelloWorldTest<br />
<br />
smeserver-rocketchat<br />
20rocketchat<br />
<br />
====config entries====<br />
<br />
config setprop docker iptables false/true - default false<br />
<br />
config setprop docker DNS [192,168.10.1,8.8.8.8] - defaults to LocalIP<br />
<br />
config setprop docker DockerNetwork [IP range eg 192.168.100.0/24] - defaults to dockers own choice. Range is not yet checked for validity.<br />
<br />
There is an action to update the core files:<br />
**** this is missing from /events/actions<br />
smeserver-docker-update <br />
<br />
{{Note box| Note to self - probably needs quotes around "false" for iptables}}<br />
<br />
config show docker <br />
status enabled/disabled - enabled by default<br />
iptables true/false - false by default to prevent docker manipulating iptables<br />
<br />
config show containerd<br />
status enabled/disabled - enabled by default - called and used by docker<br />
<br />
See if it works:<br />
<br />
systemctl status docker<br />
<br />
====Testing====<br />
<br />
We can run docker directly but the preferred method is to use compose<br />
<br />
curl -L https://github.com/docker/compose/releases/download/1.29.2/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose<br />
chmod +x /usr/local/bin/docker-compose<br />
chgrp docker /usr/local/bin/docker-compose<br />
<br />
A test compose file is installed.<br />
<br />
cd /home/e-smith/files/docker/configs<br />
docker-compose up -d hello_world<br />
<br />
Add your own templates to:<br />
<br />
/etc/e-smith/templates/home/e-smith/files/docker/configs/docker-compose.yml<br />
<br />
or:<br />
<br />
/etc/e-smith/templates-custom/home/e-smith/files/docker/configs/docker-compose.yml<br />
<br />
To expand the template:<br />
<br />
signal-event smeserver-docker-compose-update<br />
cd /home/e-smith/files/docker/configs<br />
docker-compose up -d my_hello<br />
<br />
Using plain docker:<br />
<br />
docker run hello-world<br />
<br />
Other commands:<br />
<br />
docker ps -a<br />
docker rm <id><br />
<br />
docker images<br />
docker rmi <id><br />
<br />
==Things to do==<br />
<br />
Plenty<br />
<br />
===Challenges===<br />
* How to interact with localhost PAM or LDAP from within a container?<br />
<br />
I think that you can access localhost services by adding:<br />
<br />
--net="host" to docker run<br />
<br />
This means any services on the docker container are equally valid 'localhost' services accessible from the server itself so you need to ensure the server is properly firewalled. See Issues below.<br />
<br />
* Many more...<br />
<br />
<br />
==Notes==<br />
<br />
<br />
====Networking====<br />
<br />
{{WIP box | This is still a work in progress. the following are notes for reference only}}<br />
<br />
Docker attempts to guess what network to use and sets a bridged interface for it.<br />
<br />
Access to the container.<br />
<br />
This allows access to any local services, and any ports in the container will appear locally<br />
<br />
v1 format<br />
--net="host" <br />
<br />
v2 + format<br />
<br />
Docker<br />
--network host<br />
<br />
Compose<br />
network_mode: host<br />
<br />
This maps container port 80 to host port 8088<br />
<br />
# container:host<br />
ports:<br />
- 8080:8080<br />
<br />
So if you ran an Apache container service on port 80, you can connect to it from the host using <br />
<br />
container.ip.add:8088<br />
<br />
Using --network host means it is easier to connect to the container using the local IP address. Simple port forwarding/opening will suffice.<br />
<br />
However, it exposes all ports on the container locally, and there may also be conflicts with local ports.<br />
<br />
Using a port mapping is preferred, but your SME server will then block access container access to local services such as DNS.<br />
<br />
The answer is probably to statically set the Docker network, and then add the network to 'Local Network'. You can then expose ports via the docker config entry eg:<br />
<br />
docker=service<br />
status=enabled<br />
UPDPort=1234<br />
TCPPort=8088<br />
<br />
I am working on this currently but the LocalNetworking approach doesn't work. It probably need manipulation of the firewall with templates.<br />
<br />
=== Login to container===<br />
<br />
If permitted, most containers can be logged into using this:<br />
<br />
docker exec -t -i -u root <container_name> /bin/bash<br />
<br />
===SME Server specifics===<br />
By default Docker will store all images, containers and other data in:<br />
/var/lib/docker<br />
<br />
For SME Server this is not ideal for we would like to incorporate all Docker data into the pre-defined backup procedure(s) that come with SME Server. The preferred location for Docker data would be:<br />
'''/home/e-smith/files/docker'''<br />
<br />
===File permissions===<br />
<br />
You may have issues writing to local filesystems from Docker images.<br />
<br />
First add something like this to your compose file<br />
<br />
volumes:<br />
- /opt/uploads/:/opt/uploads/<br />
<br />
You may need to find out what permissions are required.<br />
<br />
<br />
In RocketChat I had to add a dummy user and group like this<br />
<br />
mkdir -p /opt/uploads<br />
chmod 0777 /opt/uploads<br />
<br />
I then could upload and check the ID that docker users. I thins case it was 65533<br />
<br />
So I then did:<br />
groupadd -g 65553 rocketchat<br />
useradd -s /sbin/nologin -u 65533 -d /dev/null -g rocketchat rocketchat<br />
chmod 0744 /opt/uploads<br />
<br />
And then test again.<br />
<br />
===Using a Docker image===<br />
<br />
You should generally be prefer to use docker-compose for images.<br />
<br />
<br />
==Building your own images==<br />
* Notes<br />
Manual, or..<br />
https://github.com/docker/fig<br />
<br />
<br />
==Related articles of interest==<br />
* [http://jpetazzo.github.io/2014/01/29/docker-device-mapper-resize/ Container storage and (re)size]<br />
<br />
===Setting up a (Private) Docker repository===<br />
TBA<br />
<br />
* https://blog.codecentric.de/en/2014/02/docker-registry-run-private-docker-image-repository/<br />
<br />
<br />
<br />
==='Proposal test image:'===<br />
An application that requires Java, PHP, Apache, MySQL and LDAP. The localhost MySQL and localhost LDAP should be used by the application. The application should be publicly available either on a subdomain or specific port on the FQDN. The application should only be available between 08:00AM until 19:00PM.<br />
All application data should be incorporated by the default SME Sever backup mechanisms, including the image itself.<br />
<br />
* Building the image based on centos6<br />
* Configure networking, bridges and ports<br />
* Start/restart and stop syntax of the application<br />
* Configure cron<br />
<br />
==General old notes==<br />
The following methods and notes are left for reference.<br />
<br />
By default, there are pre-built images available from the official [https://registry.hub.docker.com/ Docker Hub]. In our examples we will use the pre-built centos7 image.<br />
<br />
To get a list of all available Centos images you can use:<br />
docker search centos<br />
You will be flooded with available images from the Docker hub. This is because everyone can have a free account on Docker hub and create one repository for him/herself. We limit our testing to the official Centos repo. With all the other images, you are on your own and usage is at your own risk.<br />
<br />
===Downloading a docker image===<br />
To download the centos7 image to your local server, issue the following command as root:<br />
docker pull centos:centos7<br />
where the syntax is 'centos' as the main repository and 'centos7' the specific version. Would you issue only 'docker pull centos', then all centos versions will be downloaded. So be specific.<br />
<br />
Once the image has been downloaded, you can check your local images by issuing:<br />
docker images<br />
<br />
The listing included the Image ID and Name. These are important to run additional commands when the container is running.<br />
<br />
<br />
===Running a docker container===<br />
Now that we have downloaded the centos7 image it's time to give it a spin. To start the cento6 container we can issue the following command:<br />
docker run -t -i --net="host" centos:centos7 bash<br />
This will tell docker to run the centos6 container interactively from the local centos repo, use the host network interface and start bash. After a few seconds you will be presented with the bash prompt inside the centos7 container:<br />
bash-4.1#<br />
and to check if we are really inside the centos6 container we can display the release version:<br />
cat /etc/redhat-release<br />
which will result in:<br />
CentOS release 7.8 (Final)<br />
From here you can use the normal commands like yum etc.<br />
<br />
To exit the container you give the normal 'exit' command, which will stop the centos6 container and bring you back to the prompt of your local server.<br />
<br />
To run a container in the background, you need to issue to docker run command with the -d flag instead of the -i flag<br />
<br />
<br />
===Copy docker images===<br />
Docker images are stored on your local server. If you want to run the image on another machine you first have to take the image out of your local image repository and save the image in a transferable format. For this the ''save'' the image in .tar format. To get a listing of all available images on your local server:<br />
<br />
docker images<br />
<br />
will result in (example):<br />
<br />
[root@sme9 ~]# docker images<br />
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE<br />
sme9 6.5 55db4355a2de 46 minutes ago 854.7 MB<br />
leszekk/centos_minimalcd 6.5 bc56fa8f1204 8 months ago 452.6 MB<br />
<br />
To create a copy of our sme9 image and save it as 'copyofsme9 you need to enter the following command:<br />
docker save sme9:6.5 > /tmp/copyofsme9.tar<br />
<br />
which will result in a copyofsme9.tar file in your /tmp directory of your local server. You can now copy/move this file to another server or simply archive it for later usage.<br />
<br />
To use the copyofsme9.tar file on another server and use it on that server with Docker, we can load it into the repository of the new server:<br />
docker load -i < /downloads/copyofsme9.tar<br />
<br />
After Docker has loaded the file, you can check it's availability by executing: docker images and you can use it just like any other image on your new server. You can use the ''save'' and ''load'' commands to clean up your local repository and share copies of your image.<br />
<br />
===Docker networking===<br />
<br />
some thoughts to share on docker networking<br />
<br />
* Network port mapping<br />
http://docs.docker.com/userguide/dockerlinks/<br />
* Network Configuration<br />
http://docs.docker.com/articles/networking/<br />
<br />
'''Note:''' Could we use FWS webapps to create an apache sub domain where the docker web application can be reached and 'masquerade' an unusual http port? e.g.<br />
owncloud.mydomain.com vs mydomain.com:8000<br />
Using<br />
mydomain.com/owncloud<br />
would require ibay checking <br />
<br />
<br />
===Docker Name resolution===<br />
<br />
<br />
Other DNS can be added to the unit file or daemon.json - see further below for details.<br />
<br />
Or you could add directly from the command line<br />
docker run -i -t -dns 208.67.220.220 -dns 208.67.220.222 sme9_real:6.5 /bin/bash<br />
<br />
===Docker Compose===<br />
<br />
https://github.com/docker/compose/releases/tag/1.29.2<br />
<br />
curl -L https://github.com/docker/compose/releases/download/1.29.2/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose<br />
chmod +x /usr/local/bin/docker-compose<br />
<br />
===Shipyard web GUI===<br />
Deprecated<br />
There is a separate page on how to install Shipyard, the Docker web GUI [http://wiki.contribs.org/Shipyard here]<br />
<br />
<br />
===Issues===<br />
<br />
This was a v9 issue. Leaving for reference.<br />
<br />
You will find that if you use 'host' networking docker will set /sys as Read Only and you will get an error with the raid_check as per this bug<br />
<br />
https://bugs.contribs.org/show_bug.cgi?id=10660<br />
<br />
If you don't use host networking, you use the internal IP address set with docker, but this address is unknown as a local network to SME and it will block any queries emanating from the container. I am looking at this with the contrib.<br />
<br />
<br />
===Repo setup===<br />
<br />
db yum_repositories set docker-ce-stable repository \<br />
BaseURL 'https://download.docker.com/linux/centos/7/$basearch/stable' \<br />
EnableGroups no \<br />
GPGCheck yes \<br />
GPGKey https://download.docker.com/linux/centos/gpg \<br />
Name 'Docker Stable' \<br />
Visible yes \<br />
status enabled<br />
<br />
signal-event yum-modify<br />
<br />
yum --enablerepo=extras,docker-ce-stable install docker-ce docker-ce-cli<br />
<br />
or to try with the smeserver-docker contrib - still modifying this<br />
<br />
yum --enablerepo=extras,smetest install smeserver-docker<br />
<br />
<br />
So we get a service in /etc/systemd/system-preset/49-koozali.preset<br />
<br />
config set docker service status enabled<br />
config set containerd service status enabled<br />
mkdir -p /home/e-smith/files/docker<br />
mkdir -p /home/e-smith/files/docker/configs<br />
<br />
<br />
Startup options<br />
<br />
The big issue is getting this to work correctly with the firewall.<br />
<br />
https://docs.docker.com/compose/compose-file/compose-file-v3<br />
<br />
Host mode where the container has the same IP as the server and the service runs the same as any other host service, and can talk to other local host services easily, but exposes the container more.<br />
<br />
Bridge mode where the container is on it's own internal docker network that is bridged to the local machine, but then queries emanating from the container will have the internal docker IP and can be refused by real 'local' services eg AD/MySQL etc. unless the firewall or other services can be adjusted.<br />
<br />
<br />
https://docs.docker.com/compose/compose-file/compose-file-v3/#network_mode<br />
<br />
network_mode: "bridge"<br />
network_mode: "host"<br />
network_mode: "none"<br />
network_mode: "service:[service name]"<br />
network_mode: "container:[container name/id]"<br />
<br />
<br />
https://docs.docker.com/compose/compose-file/compose-file-v3/#ports<br />
<br />
Port mapping is incompatible with network_mode: host<br />
<br />
https://docs.docker.com/engine/reference/commandline/dockerd/#daemon-configuration-file<br />
<br />
We can add startup options via /etc/docker/daemon.json<br />
<br />
===Files to modify?===<br />
<br />
For now I have created a hardcoded file with the content from below<br />
<br />
mkdir -p /usr/lib/systemd/system/docker.service.d<br />
<br />
/usr/lib/systemd/system/docker.service.d/50koozali.conf<br />
<br />
If we template then we would use two fragments like this:<br />
<br />
/etc/e-smith/templates/usr/lib/systemd/system/docker.service.d/50koozali.conf/40service<br />
<br />
[Service]<br />
Type=notify<br />
# the default is not to use systemd for cgroups because the delegate issues still<br />
# exists and systemd currently does not support the cgroup feature set required<br />
# for containers run by docker<br />
# docker home set to /home/e-smith/files/docker<br />
ExecStart=<br />
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock -g /home/e-smith/files/docker/data<br />
ExecReload=/bin/kill -s HUP $MAINPID<br />
TimeoutSec=0<br />
RestartSec=2<br />
Restart=always<br />
<br />
/etc/e-smith/templates/usr/lib/systemd/system/docker.service.d/50koozali.conf/80install<br />
<br />
[Install]<br />
WantedBy=sme-server.target<br />
<br />
expand-template /usr/lib/systemd/system/docker.service.d/50koozali.conf<br />
<br />
<br />
But now we can use /etc/docker/daemon.json<br />
<br />
This can be templated. Key point to avoid is a conflict between the docker internal network and out own.<br />
We also want to know what is happening with IPTables rules<br />
<br />
eg<br />
<br />
{<br />
"bip": "192.168.100.1/24", << Set our own choice of internal network<br />
"data-root": "/home/e-smith/files/docker/data", << set our own data directory<br />
"dns": ["127.0.0.1", "192.168.10.212"] << set our own DNS<br />
}<br />
<br />
===Docker Networking===<br />
<br />
Docker now does it's own thing with IPTables and it is hard to disable - we need to be careful here<br />
<br />
https://docs.docker.com/network/iptables/<br />
<br />
How do we check conflicts?<br />
<br />
ip addr show docker0<br />
<br />
docker network ls<br />
<br />
docker network inspect bridge<br />
<br />
https://www.baeldung.com/ops/docker-network-information<br />
<br />
docker network inspect -f '{{range .IPAM.Config}}{{.Subnet}}{{end}}' bridge<br />
172.17.0.0/16<br />
<br />
So one way is to add it to the daemon.json file (see above)<br />
<br />
{<br />
"iptables": false<br />
}<br />
<br />
And note:<br />
<br />
Restart the Docker daemon and voila: your containers will not be exposed to every possible interface but you will need to explicitly manipulate your iptables rules if you want the traffic to pass through, e.g.: this is needed to NAT your containers:<br />
<br />
<br />
-A POSTROUTING -s 172.17.0.0/24 -o eth0 -j MASQUERADE<br />
<br />
An alternative which I use on RocketChat is to proxy calls using mod_proxy_tunnel.so<br />
<br />
/etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/20LoadModule98ExtraMod<br />
<br />
{<br />
# Load wstunnel if available<br />
if ( -e '/usr/lib64/httpd/modules/mod_proxy_wstunnel.so' ||<br />
-e '/usr/lib/httpd/modules/mod_proxy_wstunnel.so') {<br />
$OUT .= "LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so\n";<br />
}<br />
}<br />
<br />
You can then use some custom httpd templates to create a proxy pass virtual host.<br />
<br />
===Docker Compose===<br />
<br />
https://docs.docker.com/compose/install/<br />
<br />
Check the latest release:<br />
<br />
https://github.com/docker/compose/releases/<br />
<br />
curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose<br />
chmod 0700 /usr/local/bin/docker-compose<br />
chgrp docker /usr/local/bin/docker-compose<br />
<br />
Add template fragments here to make your compose file:<br />
<br />
/etc/e-smith/templates/home/e-smith/files/docker/configs/docker-compose.yml<br />
<br />
Note that there is now Compose format.<br />
<br />
https://github.com/docker/compose#where-to-get-docker-compose<br />
<br />
https://github.com/docker/compose-switch<br />
<br />
=== Old Unit file ===<br />
Previous unit file for ref<br />
<br />
[Unit]<br />
Description=Docker Application Container Engine<br />
Documentation=https://docs.docker.com<br />
BindsTo=containerd.service<br />
After=network-online.target firewalld.service containerd.service<br />
Wants=network-online.target<br />
Requires=docker.socket<br />
<br />
[Service]<br />
Type=notify<br />
# the default is not to use systemd for cgroups because the delegate issues still<br />
# exists and systemd currently does not support the cgroup feature set required<br />
# for containers run by docker<br />
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock -g /home/e-smith/files/docker<br />
ExecReload=/bin/kill -s HUP $MAINPID<br />
TimeoutSec=0<br />
RestartSec=2<br />
Restart=always<br />
<br />
# Note that StartLimit* options were moved from "Service" to "Unit" in systemd 229.<br />
# Both the old, and new location are accepted by systemd 229 and up, so using the old location<br />
# to make them work for either version of systemd.<br />
StartLimitBurst=3<br />
<br />
# Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230.<br />
# Both the old, and new name are accepted by systemd 230 and up, so using the old name to make<br />
# this option work for either version of systemd.<br />
StartLimitInterval=60s<br />
<br />
# Having non-zero Limit*s causes performance problems due to accounting overhead<br />
# in the kernel. We recommend using cgroups to do container-local accounting.<br />
LimitNOFILE=infinity<br />
LimitNPROC=infinity<br />
LimitCORE=infinity<br />
<br />
# Comment TasksMax if your systemd version does not support it.<br />
# Only systemd 226 and above support this option.<br />
TasksMax=infinity<br />
<br />
# set delegate yes so that systemd does not reset the cgroups of docker containers<br />
Delegate=yes<br />
<br />
# kill only the docker process, not all processes in the cgroup<br />
KillMode=process<br />
<br />
[Install]<br />
WantedBy=multi-user.target<br />
<br />
<br />
==Bugs==<br />
<br />
Please raise bugs under the SME-Contribs section in {{BugzillaFileBug|product=|component=|title=bugzilla}}and select the smeserver-docker component or use <br />
{{BugzillaFileBug|product=SME%20Contribs|component=smeserver-docker |title=this link}}.<br />
<br />
<br />
{{#bugzilla:columns=id,product,version,status,summary |sort=id |order=desc |disablecache=1 |component=smeserver-docker |noresultsmessage="No open bugs found."}}<br />
<br />
<br />
==Changelog==<br />
<br />
Only released version in smecontrib are listed here.<br />
<br />
{{ #smechangelog: smeserver-docker }}<br />
<br />
<br />
<br />
[[Category:Containers]]<br />
[[Category:Contrib]]<br />
[[Category:Containers:Docker]]</div>ReetPhttps://wiki.koozali.org/index.php?title=Docker&diff=42164Docker2023-07-27T10:55:16Z<p>ReetP: /* Contrib */</p>
<hr />
<div>{{WIP box}}<br />
Placeholder for anything to do with Docker (https://docker.com)<br />
{{Note box| The contrib has been built from the original notes and I use it to permanently run Rocketchat }}<br />
<br />
=== Version ===<br />
{{ #smeversion: smeserver-docker }}<br />
<br />
'''You can discuss all things related to this page on the forums [http://forums.contribs.org/index.php/topic,51181.0.html here]'''<br />
<br />
'''There is a separate page that addresses the design of a Docker contrib [http://wiki.contribs.org/Docker_design_concept here]''' <br />
<br />
'''There is also a page to discuss on how to create a Docker image of SME [https://wiki.contribs.org/Docker_Image_of_SME here]'''<br />
<br />
==About==<br />
[[File:Docker_logo.png]]<br />
<br />
Docker is an open-source project that automates the deployment of applications inside software containers, providing that way an additional layer of abstraction and automatization of operating system–level virtualization on Linux. Docker uses resource isolation features of the Linux kernel such as cgroups and kernel namespaces to allow independent "containers" to run within a single Linux instance, avoiding the overhead of starting virtual machines.<br />
<br />
<br />
===Why Docker on SME Server?===<br />
Docker containers hold one or more applications (and all it's dependencies) and can be started and stopped at will. The containers, when activated, use the Linux kernel namespaces and are operating isolated from the rest of your server, except for storage/mount points and networking, depending on the configuration of the container. Some applications require special PHP versions or other modifications to your server settings that are not desirable and may effect yum updates and upgrades. Docker containers is a way to have such an application packed with all it's dependencies and run it isolated. You can have multiple containers running, depending on your server hardware capacity.<br />
<br />
Examples:<br />
* ownCloud running in a container with a higher version of PHP then SME Server provides<br />
* A postgres application running in a container without having to install Postgres on SME Server<br />
* Service on demand, you can start/start (even scripted) a container when you need the service within the container<br />
* Move containers from one SME Server to another (Back-up or production) without installing the application itself<br />
* Time based service e.g. cron jobs. Only have an application running when you need it.<br />
* Keep SME Server's stock stability, security and flexibility, yet run exotic applications<br />
<br />
<br />
==Considerations==<br />
* Storage of image library (local/NAS)<br />
* Storage of Docker application data (local/NAS)<br />
* Networking e.g. bridged with host, new bridge with host or port mapping<br />
* Stand alone all-in-on docker or linked containers<br />
* Security<br />
* Only use TRUSTED repo's with images. Who build the image, what's in it?<br />
* Naming convention of images to identify source(person or repo), SME version, application and version. e.g.:<br />
owncloud-7.0.1-smeserver-9.0-john<br />
wordpress-3.9.1-smeserver-8.1-mary<br />
ehour-1.4.1-smeserver-9.0-richard<br />
sharedfolders-2.1.1-smeserver-9.0-fws<br />
frontaccounting-3.2.1-smeserver-8.1-contribsorg<br />
<br />
Why the SME Server version in the naming convention if it's all inside the container? Well, it could well be that the application inside the container will use some of SME Server specifics such as the db, templates or perl interaction. In that case we need to make sure that we know for which SME Server the image was build.<br />
<br />
<br />
* Verification (checksum) of available images<br />
* Setting up trusted docker repo's<br />
* disable docker repo's enabled by default at installation and come up with a command that enables them a la Yum<br />
<br />
<br />
==Installation==<br />
<br />
===Contrib===<br />
yum --enablerepo=extras install epel-release.<br />
yum install smeserver-extrarepositories-docker-ce<br />
signal-event yum-modify<br />
yum --enablerepo=smecontribs,extras,epel install smeserver-docker<br />
signal-event post-upgrade;signal-event reboot<br />
<br />
(Note the contrib is still in smetest)<br />
<br />
====Avoiding conflicts====<br />
<br />
docker-compose templates used:<br />
<br />
smeserver-docker<br />
01version<br />
10HelloWorldTest<br />
<br />
smeserver-rocketchat<br />
20rocketchat<br />
<br />
====config entries====<br />
<br />
config setprop docker iptables false/true - default false<br />
<br />
config setprop docker DNS [192,168.10.1,8.8.8.8] - defaults to LocalIP<br />
<br />
config setprop docker DockerNetwork [IP range eg 192.168.100.0/24] - defaults to dockers own choice. Range is not yet checked for validity.<br />
<br />
There is an action to update the core files:<br />
**** this is missing from /events/actions<br />
smeserver-docker-update <br />
<br />
{{Note box| Note to self - probably needs quotes around "false" for iptables}}<br />
<br />
config show docker <br />
status enabled/disabled - enabled by default<br />
iptables true/false - false by default to prevent docker manipulating iptables<br />
<br />
config show containerd<br />
status enabled/disabled - enabled by default - called and used by docker<br />
<br />
See if it works:<br />
<br />
systemctl status docker<br />
<br />
===Testing====<br />
<br />
We can run docker directly but the preferred method is to use compose<br />
<br />
curl -L https://github.com/docker/compose/releases/download/1.29.2/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose<br />
chmod +x /usr/local/bin/docker-compose<br />
chgrp docker /usr/local/bin/docker-compose<br />
<br />
A test compose file is installed.<br />
<br />
cd /home/e-smith/files/docker/configs<br />
docker-compose up -d hello_world<br />
<br />
Add your own templates to:<br />
<br />
/etc/e-smith/templates/home/e-smith/files/docker/configs/docker-compose.yml<br />
<br />
or:<br />
<br />
/etc/e-smith/templates-custom/home/e-smith/files/docker/configs/docker-compose.yml<br />
<br />
signal-event smeserver-docker-compose-update<br />
cd /home/e-smith/files/docker/configs<br />
docker-compose up -d my_hello<br />
<br />
Using plain docker:<br />
<br />
docker run hello-world<br />
<br />
Other commands:<br />
<br />
docker ps -a<br />
docker rm <id><br />
<br />
docker images<br />
docker rmi <id><br />
<br />
==Things to do==<br />
<br />
Plenty<br />
<br />
===Challenges===<br />
* How to interact with localhost PAM or LDAP from within a container?<br />
<br />
I think that you can access localhost services by adding:<br />
<br />
--net="host" to docker run<br />
<br />
This means any services on the docker container are equally valid 'localhost' services accessible from the server itself so you need to ensure the server is properly firewalled. See Issues below.<br />
<br />
* Many more...<br />
<br />
<br />
==Notes==<br />
<br />
<br />
====Networking====<br />
<br />
{{WIP box | This is still a work in progress. the following are notes for reference only}}<br />
<br />
Docker attempts to guess what network to use and sets a bridged interface for it.<br />
<br />
Access to the container.<br />
<br />
This allows access to any local services, and any ports in the container will appear locally<br />
<br />
v1 format<br />
--net="host" <br />
<br />
v2 + format<br />
<br />
Docker<br />
--network host<br />
<br />
Compose<br />
network_mode: host<br />
<br />
This maps container port 80 to host port 8088<br />
<br />
# container:host<br />
ports:<br />
- 8080:8080<br />
<br />
So if you ran an Apache container service on port 80, you can connect to it from the host using <br />
<br />
container.ip.add:8088<br />
<br />
Using --network host means it is easier to connect to the container using the local IP address. Simple port forwarding/opening will suffice.<br />
<br />
However, it exposes all ports on the container locally, and there may also be conflicts with local ports.<br />
<br />
Using a port mapping is preferred, but your SME server will then block access container access to local services such as DNS.<br />
<br />
The answer is probably to statically set the Docker network, and then add the network to 'Local Network'. You can then expose ports via the docker config entry eg:<br />
<br />
docker=service<br />
status=enabled<br />
UPDPort=1234<br />
TCPPort=8088<br />
<br />
I am working on this currently but the LocalNetworking approach doesn't work. It probably need manipulation of the firewall with templates.<br />
<br />
=== Login to container===<br />
<br />
If permitted, most containers can be logged into using this:<br />
<br />
docker exec -t -i -u root <container_name> /bin/bash<br />
<br />
===SME Server specifics===<br />
By default Docker will store all images, containers and other data in:<br />
/var/lib/docker<br />
<br />
For SME Server this is not ideal for we would like to incorporate all Docker data into the pre-defined backup procedure(s) that come with SME Server. The preferred location for Docker data would be:<br />
'''/home/e-smith/files/docker'''<br />
<br />
===File permissions===<br />
<br />
You may have issues writing to local filesystems from Docker images.<br />
<br />
First add something like this to your compose file<br />
<br />
volumes:<br />
- /opt/uploads/:/opt/uploads/<br />
<br />
You may need to find out what permissions are required.<br />
<br />
<br />
In RocketChat I had to add a dummy user and group like this<br />
<br />
mkdir -p /opt/uploads<br />
chmod 0777 /opt/uploads<br />
<br />
I then could upload and check the ID that docker users. I thins case it was 65533<br />
<br />
So I then did:<br />
groupadd -g 65553 rocketchat<br />
useradd -s /sbin/nologin -u 65533 -d /dev/null -g rocketchat rocketchat<br />
chmod 0744 /opt/uploads<br />
<br />
And then test again.<br />
<br />
===Using a Docker image===<br />
<br />
You should generally be prefer to use docker-compose for images.<br />
<br />
<br />
==Building your own images==<br />
* Notes<br />
Manual, or..<br />
https://github.com/docker/fig<br />
<br />
<br />
==Related articles of interest==<br />
* [http://jpetazzo.github.io/2014/01/29/docker-device-mapper-resize/ Container storage and (re)size]<br />
<br />
===Setting up a (Private) Docker repository===<br />
TBA<br />
<br />
* https://blog.codecentric.de/en/2014/02/docker-registry-run-private-docker-image-repository/<br />
<br />
<br />
<br />
==='Proposal test image:'===<br />
An application that requires Java, PHP, Apache, MySQL and LDAP. The localhost MySQL and localhost LDAP should be used by the application. The application should be publicly available either on a subdomain or specific port on the FQDN. The application should only be available between 08:00AM until 19:00PM.<br />
All application data should be incorporated by the default SME Sever backup mechanisms, including the image itself.<br />
<br />
* Building the image based on centos6<br />
* Configure networking, bridges and ports<br />
* Start/restart and stop syntax of the application<br />
* Configure cron<br />
<br />
==General old notes==<br />
The following methods and notes are left for reference.<br />
<br />
By default, there are pre-built images available from the official [https://registry.hub.docker.com/ Docker Hub]. In our examples we will use the pre-built centos7 image.<br />
<br />
To get a list of all available Centos images you can use:<br />
docker search centos<br />
You will be flooded with available images from the Docker hub. This is because everyone can have a free account on Docker hub and create one repository for him/herself. We limit our testing to the official Centos repo. With all the other images, you are on your own and usage is at your own risk.<br />
<br />
===Downloading a docker image===<br />
To download the centos7 image to your local server, issue the following command as root:<br />
docker pull centos:centos7<br />
where the syntax is 'centos' as the main repository and 'centos7' the specific version. Would you issue only 'docker pull centos', then all centos versions will be downloaded. So be specific.<br />
<br />
Once the image has been downloaded, you can check your local images by issuing:<br />
docker images<br />
<br />
The listing included the Image ID and Name. These are important to run additional commands when the container is running.<br />
<br />
<br />
===Running a docker container===<br />
Now that we have downloaded the centos7 image it's time to give it a spin. To start the cento6 container we can issue the following command:<br />
docker run -t -i --net="host" centos:centos7 bash<br />
This will tell docker to run the centos6 container interactively from the local centos repo, use the host network interface and start bash. After a few seconds you will be presented with the bash prompt inside the centos7 container:<br />
bash-4.1#<br />
and to check if we are really inside the centos6 container we can display the release version:<br />
cat /etc/redhat-release<br />
which will result in:<br />
CentOS release 7.8 (Final)<br />
From here you can use the normal commands like yum etc.<br />
<br />
To exit the container you give the normal 'exit' command, which will stop the centos6 container and bring you back to the prompt of your local server.<br />
<br />
To run a container in the background, you need to issue to docker run command with the -d flag instead of the -i flag<br />
<br />
<br />
===Copy docker images===<br />
Docker images are stored on your local server. If you want to run the image on another machine you first have to take the image out of your local image repository and save the image in a transferable format. For this the ''save'' the image in .tar format. To get a listing of all available images on your local server:<br />
<br />
docker images<br />
<br />
will result in (example):<br />
<br />
[root@sme9 ~]# docker images<br />
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE<br />
sme9 6.5 55db4355a2de 46 minutes ago 854.7 MB<br />
leszekk/centos_minimalcd 6.5 bc56fa8f1204 8 months ago 452.6 MB<br />
<br />
To create a copy of our sme9 image and save it as 'copyofsme9 you need to enter the following command:<br />
docker save sme9:6.5 > /tmp/copyofsme9.tar<br />
<br />
which will result in a copyofsme9.tar file in your /tmp directory of your local server. You can now copy/move this file to another server or simply archive it for later usage.<br />
<br />
To use the copyofsme9.tar file on another server and use it on that server with Docker, we can load it into the repository of the new server:<br />
docker load -i < /downloads/copyofsme9.tar<br />
<br />
After Docker has loaded the file, you can check it's availability by executing: docker images and you can use it just like any other image on your new server. You can use the ''save'' and ''load'' commands to clean up your local repository and share copies of your image.<br />
<br />
===Docker networking===<br />
<br />
some thoughts to share on docker networking<br />
<br />
* Network port mapping<br />
http://docs.docker.com/userguide/dockerlinks/<br />
* Network Configuration<br />
http://docs.docker.com/articles/networking/<br />
<br />
'''Note:''' Could we use FWS webapps to create an apache sub domain where the docker web application can be reached and 'masquerade' an unusual http port? e.g.<br />
owncloud.mydomain.com vs mydomain.com:8000<br />
Using<br />
mydomain.com/owncloud<br />
would require ibay checking <br />
<br />
<br />
===Docker Name resolution===<br />
<br />
<br />
Other DNS can be added to the unit file or daemon.json - see further below for details.<br />
<br />
Or you could add directly from the command line<br />
docker run -i -t -dns 208.67.220.220 -dns 208.67.220.222 sme9_real:6.5 /bin/bash<br />
<br />
===Docker Compose===<br />
<br />
https://github.com/docker/compose/releases/tag/1.29.2<br />
<br />
curl -L https://github.com/docker/compose/releases/download/1.29.2/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose<br />
chmod +x /usr/local/bin/docker-compose<br />
<br />
===Shipyard web GUI===<br />
Deprecated<br />
There is a separate page on how to install Shipyard, the Docker web GUI [http://wiki.contribs.org/Shipyard here]<br />
<br />
<br />
===Issues===<br />
<br />
This was a v9 issue. Leaving for reference.<br />
<br />
You will find that if you use 'host' networking docker will set /sys as Read Only and you will get an error with the raid_check as per this bug<br />
<br />
https://bugs.contribs.org/show_bug.cgi?id=10660<br />
<br />
If you don't use host networking, you use the internal IP address set with docker, but this address is unknown as a local network to SME and it will block any queries emanating from the container. I am looking at this with the contrib.<br />
<br />
<br />
===Repo setup===<br />
<br />
db yum_repositories set docker-ce-stable repository \<br />
BaseURL 'https://download.docker.com/linux/centos/7/$basearch/stable' \<br />
EnableGroups no \<br />
GPGCheck yes \<br />
GPGKey https://download.docker.com/linux/centos/gpg \<br />
Name 'Docker Stable' \<br />
Visible yes \<br />
status enabled<br />
<br />
signal-event yum-modify<br />
<br />
yum --enablerepo=extras,docker-ce-stable install docker-ce docker-ce-cli<br />
<br />
or to try with the smeserver-docker contrib - still modifying this<br />
<br />
yum --enablerepo=extras,smetest install smeserver-docker<br />
<br />
<br />
So we get a service in /etc/systemd/system-preset/49-koozali.preset<br />
<br />
config set docker service status enabled<br />
config set containerd service status enabled<br />
mkdir -p /home/e-smith/files/docker<br />
mkdir -p /home/e-smith/files/docker/configs<br />
<br />
<br />
Startup options<br />
<br />
The big issue is getting this to work correctly with the firewall.<br />
<br />
https://docs.docker.com/compose/compose-file/compose-file-v3<br />
<br />
Host mode where the container has the same IP as the server and the service runs the same as any other host service, and can talk to other local host services easily, but exposes the container more.<br />
<br />
Bridge mode where the container is on it's own internal docker network that is bridged to the local machine, but then queries emanating from the container will have the internal docker IP and can be refused by real 'local' services eg AD/MySQL etc. unless the firewall or other services can be adjusted.<br />
<br />
<br />
https://docs.docker.com/compose/compose-file/compose-file-v3/#network_mode<br />
<br />
network_mode: "bridge"<br />
network_mode: "host"<br />
network_mode: "none"<br />
network_mode: "service:[service name]"<br />
network_mode: "container:[container name/id]"<br />
<br />
<br />
https://docs.docker.com/compose/compose-file/compose-file-v3/#ports<br />
<br />
Port mapping is incompatible with network_mode: host<br />
<br />
https://docs.docker.com/engine/reference/commandline/dockerd/#daemon-configuration-file<br />
<br />
We can add startup options via /etc/docker/daemon.json<br />
<br />
===Files to modify?===<br />
<br />
For now I have created a hardcoded file with the content from below<br />
<br />
mkdir -p /usr/lib/systemd/system/docker.service.d<br />
<br />
/usr/lib/systemd/system/docker.service.d/50koozali.conf<br />
<br />
If we template then we would use two fragments like this:<br />
<br />
/etc/e-smith/templates/usr/lib/systemd/system/docker.service.d/50koozali.conf/40service<br />
<br />
[Service]<br />
Type=notify<br />
# the default is not to use systemd for cgroups because the delegate issues still<br />
# exists and systemd currently does not support the cgroup feature set required<br />
# for containers run by docker<br />
# docker home set to /home/e-smith/files/docker<br />
ExecStart=<br />
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock -g /home/e-smith/files/docker/data<br />
ExecReload=/bin/kill -s HUP $MAINPID<br />
TimeoutSec=0<br />
RestartSec=2<br />
Restart=always<br />
<br />
/etc/e-smith/templates/usr/lib/systemd/system/docker.service.d/50koozali.conf/80install<br />
<br />
[Install]<br />
WantedBy=sme-server.target<br />
<br />
expand-template /usr/lib/systemd/system/docker.service.d/50koozali.conf<br />
<br />
<br />
But now we can use /etc/docker/daemon.json<br />
<br />
This can be templated. Key point to avoid is a conflict between the docker internal network and out own.<br />
We also want to know what is happening with IPTables rules<br />
<br />
eg<br />
<br />
{<br />
"bip": "192.168.100.1/24", << Set our own choice of internal network<br />
"data-root": "/home/e-smith/files/docker/data", << set our own data directory<br />
"dns": ["127.0.0.1", "192.168.10.212"] << set our own DNS<br />
}<br />
<br />
===Docker Networking===<br />
<br />
Docker now does it's own thing with IPTables and it is hard to disable - we need to be careful here<br />
<br />
https://docs.docker.com/network/iptables/<br />
<br />
How do we check conflicts?<br />
<br />
ip addr show docker0<br />
<br />
docker network ls<br />
<br />
docker network inspect bridge<br />
<br />
https://www.baeldung.com/ops/docker-network-information<br />
<br />
docker network inspect -f '{{range .IPAM.Config}}{{.Subnet}}{{end}}' bridge<br />
172.17.0.0/16<br />
<br />
So one way is to add it to the daemon.json file (see above)<br />
<br />
{<br />
"iptables": false<br />
}<br />
<br />
And note:<br />
<br />
Restart the Docker daemon and voila: your containers will not be exposed to every possible interface but you will need to explicitly manipulate your iptables rules if you want the traffic to pass through, e.g.: this is needed to NAT your containers:<br />
<br />
<br />
-A POSTROUTING -s 172.17.0.0/24 -o eth0 -j MASQUERADE<br />
<br />
An alternative which I use on RocketChat is to proxy calls using mod_proxy_tunnel.so<br />
<br />
/etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/20LoadModule98ExtraMod<br />
<br />
{<br />
# Load wstunnel if available<br />
if ( -e '/usr/lib64/httpd/modules/mod_proxy_wstunnel.so' ||<br />
-e '/usr/lib/httpd/modules/mod_proxy_wstunnel.so') {<br />
$OUT .= "LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so\n";<br />
}<br />
}<br />
<br />
You can then use some custom httpd templates to create a proxy pass virtual host.<br />
<br />
===Docker Compose===<br />
<br />
https://docs.docker.com/compose/install/<br />
<br />
Check the latest release:<br />
<br />
https://github.com/docker/compose/releases/<br />
<br />
curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose<br />
chmod 0700 /usr/local/bin/docker-compose<br />
chgrp docker /usr/local/bin/docker-compose<br />
<br />
Add template fragments here to make your compose file:<br />
<br />
/etc/e-smith/templates/home/e-smith/files/docker/configs/docker-compose.yml<br />
<br />
Note that there is now Compose format.<br />
<br />
https://github.com/docker/compose#where-to-get-docker-compose<br />
<br />
https://github.com/docker/compose-switch<br />
<br />
=== Old Unit file ===<br />
Previous unit file for ref<br />
<br />
[Unit]<br />
Description=Docker Application Container Engine<br />
Documentation=https://docs.docker.com<br />
BindsTo=containerd.service<br />
After=network-online.target firewalld.service containerd.service<br />
Wants=network-online.target<br />
Requires=docker.socket<br />
<br />
[Service]<br />
Type=notify<br />
# the default is not to use systemd for cgroups because the delegate issues still<br />
# exists and systemd currently does not support the cgroup feature set required<br />
# for containers run by docker<br />
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock -g /home/e-smith/files/docker<br />
ExecReload=/bin/kill -s HUP $MAINPID<br />
TimeoutSec=0<br />
RestartSec=2<br />
Restart=always<br />
<br />
# Note that StartLimit* options were moved from "Service" to "Unit" in systemd 229.<br />
# Both the old, and new location are accepted by systemd 229 and up, so using the old location<br />
# to make them work for either version of systemd.<br />
StartLimitBurst=3<br />
<br />
# Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230.<br />
# Both the old, and new name are accepted by systemd 230 and up, so using the old name to make<br />
# this option work for either version of systemd.<br />
StartLimitInterval=60s<br />
<br />
# Having non-zero Limit*s causes performance problems due to accounting overhead<br />
# in the kernel. We recommend using cgroups to do container-local accounting.<br />
LimitNOFILE=infinity<br />
LimitNPROC=infinity<br />
LimitCORE=infinity<br />
<br />
# Comment TasksMax if your systemd version does not support it.<br />
# Only systemd 226 and above support this option.<br />
TasksMax=infinity<br />
<br />
# set delegate yes so that systemd does not reset the cgroups of docker containers<br />
Delegate=yes<br />
<br />
# kill only the docker process, not all processes in the cgroup<br />
KillMode=process<br />
<br />
[Install]<br />
WantedBy=multi-user.target<br />
<br />
<br />
==Bugs==<br />
<br />
Please raise bugs under the SME-Contribs section in {{BugzillaFileBug|product=|component=|title=bugzilla}}and select the smeserver-docker component or use <br />
{{BugzillaFileBug|product=SME%20Contribs|component=smeserver-docker |title=this link}}.<br />
<br />
<br />
{{#bugzilla:columns=id,product,version,status,summary |sort=id |order=desc |disablecache=1 |component=smeserver-docker |noresultsmessage="No open bugs found."}}<br />
<br />
<br />
==Changelog==<br />
<br />
Only released version in smecontrib are listed here.<br />
<br />
{{ #smechangelog: smeserver-docker }}<br />
<br />
<br />
<br />
[[Category:Containers]]<br />
[[Category:Contrib]]<br />
[[Category:Containers:Docker]]</div>ReetPhttps://wiki.koozali.org/index.php?title=MongoDB&diff=42163MongoDB2023-07-26T15:57:54Z<p>ReetP: </p>
<hr />
<div>==How to install MongoDB==<br />
<br />
{{Note box| Manual configuration required}}<br />
<br />
MongoDB 5.0+ requires the AVX CPU instruction set<br />
<br />
lscpu |grep avx<br />
<br />
===Install Official Repository===<br />
<br />
Use ExtraRepositories from here<br />
<br />
https://wiki.koozali.org/Extrarepositories<br />
<br />
Note that versions are available from 4.0/1/2/3/4 -> 5.0 -> 6.0<br />
<br />
Please check which versions are deprecated - they should not be used.<br />
<br />
https://www.mongodb.com/support-policy/lifecycles<br />
<br />
As of July 2022 the oldest supported version is 4.2 until April 2023<br />
<br />
yum install smeserver-extrarepositories-mongodb<br />
<br />
signal-event yum-modify<br />
<br />
Install your chosen version:<br />
<br />
yum --enablerepo=mongodb4.2 install mongodb-org <br />
<br />
If refuses to install because of no GPG Key you can change '''GPGCheck''' above from '''Yes''' to '''No''' and try '''yum install...''' again or<br />
<br />
rpm --import https://www.mongodb.org/static/pgp/server-4.0.asc<br />
<br />
Or<br />
<br />
yum --enablerepo=mongodb4.2 install mongodb-org --nogpgcheck<br />
<br />
===Starting Mongo===<br />
<br />
{{Warning box|Please check additional notes below before trying this section}}<br />
{{Warning box| Complete work in progress - here be Dragons!}}<br />
<br />
We need a db config entry for SME to recognise it:<br />
<br />
config set mongod service status enabled access private<br />
<br />
We will need a file <br />
<br />
mkdir -p /usr/lib/systemd/system/mongod.service.d<br />
<br />
nano /usr/lib/systemd/system/mongod.service.d/50koozali.conf<br />
<br />
Something like:<br />
<br />
[Unit]<br />
After=network.target network.service wan.service<br />
[Install]<br />
WantedBy=sme-server.target<br />
<br />
===Configuration File===<br />
<br />
Minimal config I use for Rocket.Chat<br />
<br />
<nowiki>grep '^[[:blank:]]*[^[:blank:]#;]' /etc/mongod.conf</nowiki><br />
<br />
systemLog:<br />
verbosity: 0<br />
destination: file<br />
logAppend: true<br />
path: /var/log/mongodb/mongod.log<br />
storage:<br />
dbPath: /var/lib/mongo<br />
journal:<br />
enabled: true<br />
processManagement:<br />
fork: true # fork and run in background<br />
pidFilePath: /var/run/mongodb/mongod.pid # location of pidfile<br />
timeZoneInfo: /usr/share/zoneinfo<br />
net:<br />
port: 27017<br />
bindIp: 127.0.0.1 # Enter 0.0.0.0,:: to bind to all IPv4 and IPv6 addresses or, alternatively, use the net.bindIpAll setting.<br />
# Enable replication for Rocket.Chat<br />
replication:<br />
replSetName: rs0<br />
<br />
<br />
Once started you need to initialise the replicaset. Make sure to exit from the mongo instance and run from the cli:<br />
<br />
mongo --eval "printjson(rs.initiate())"<br />
<br />
You should now have a working mongoDB good enough to use with Rocket.Chat<br />
<br />
<br />
===Other settings===<br />
<br />
nano /etc/security/limits.conf<br />
<br />
These settings are automatically added during installation<br />
<br />
@mongod soft nproc unlimited<br />
@mongod hard nproc unlimited<br />
@mongod soft nofile 64000<br />
@mongod hard nofile 64000<br />
<br />
Adding a user<br />
<br />
https://www.linode.com/docs/guides/install-mongodb-on-centos-7/<br />
<br />
use admin<br />
<br />
db.createUser(<br />
{<br />
user: "admin",<br />
pwd: "admin123",<br />
roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]<br />
}<br />
)<br />
<br />
show users<br />
<br />
We can then set Mongo to force authentication when connecting.<br />
<br />
nano /usr/lib/systemd/system/mongod.service.d/50koozali.conf<br />
<br />
Add:<br />
<br />
[Service]<br />
Environment="OPTIONS=--auth -f /etc/mongod.conf"<br />
<br />
Restart Mongo<br />
<br />
systemctl restart mongod <br />
<br />
You should now need a password to login.<br />
<br />
===Templating mongod.conf===<br />
<br />
This is possible but we need to create a new file so we do not overwrite the original - otherwise yum/rpm will complain.<br />
<br />
Something like /etc/mongod/mongod.conf<br />
<br />
Template fragments in <br />
<br />
/etc/e-smith/templates/etc/mongod/mongod.conf<br />
<br />
We can then amend the systemd overrride<br />
<br />
nano /usr/lib/systemd/system/mongod.service.d/50koozali.conf<br />
<br />
Add this:<br />
<br />
[Service]<br />
Environment="OPTIONS=-f /etc/mongod/mongod.conf"<br />
<br />
===Dump and restore===<br />
<br />
Samples - YMMV.<br />
<br />
Quick little script to dump the Rocket.Chat collection:<br />
<br />
#!bin/bash<br />
echo "Dump with Users/Roles"<br />
mongodump --dumpDbUsersAndRoles -d rocketchat -o /root/backup/rocketchatmongo<br />
echo "dump all"<br />
mongodump -d rocketchat -o /root/backup/rocketchatmongo-all<br />
<br />
<br />
{{Warning box| Do not restore between versions!!}}<br />
<br />
If you export from a version eg 4.0 then restore to that version. Do not try and restore 4.0 to 4.2 or higher.<br />
<br />
Then change your repo, and then upgrade mongo.<br />
<br />
To restore:<br />
<br />
mongorestore /root/backup/rocketchatmongo-all<br />
<br />
===Backup with system===<br />
<br />
With credit to Daniel Berteaud<br />
<br />
Action script to dump the mongo DB on pre-backup event<br />
<br />
mkdir -p /home/e-smith/db/mongo<br />
<br />
cat <<_EOF > /etc/e-smith/events/actions/mongodb-dump<br />
#!/bin/bash -e<br />
/usr/bin/mongodump --quiet --out /home/e-smith/db/mongo/<br />
_EOF<br />
<br />
chmod +x /etc/e-smith/events/actions/mongodb-dump<br />
cd /etc/e-smith/events/pre-backup<br />
ln -s ../actions/mongodb-dump ./S60mongodb-dump<br />
<br />
===Vaporise or reinitialise the database===<br />
<br />
{{Warning box| This will totally and utterly vaporise your data. Got a backup?? You have been warned}}<br />
<br />
Remove the directory contents:<br />
<br />
rm -rf /var/lib/mongo/*<br />
<br />
Or remove the entire directory and recreate it with the correct ownership:<br />
<br />
rm -rf /var/lib/mongo<br />
mkdir -p /var/lib/mongo<br />
chown -R mongod:mongod /var/lib/mongo<br />
<br />
If you have a replicaset set in /etc/mongod.conf make sure you initiate it:<br />
<br />
mongo --eval "printjson(rs.initiate())"<br />
<br />
----<br />
[[Category:Howto]]<br />
[[Category:Administration]]<br />
[[Category:Database]]</div>ReetPhttps://wiki.koozali.org/index.php?title=VirtualBox&diff=42131VirtualBox2023-07-12T14:31:05Z<p>ReetP: </p>
<hr />
<div>{{Level|Advanced}}<br />
{{warning box|This how to is *out of date* and refers to SME7. You probably need to install smeserver-phpvirtualbox and smeserver-virtualbox contribs for Koozali SME10 : [[Phpvirtualbox]]}}<br />
=== Maintainer ===<br />
Kevin Schneider<br />
<br />
=== Description ===<br />
This contribution for smeserver adds Sun VirtualBox 3.0.10 for Headless operation (ie creates a virtual machine on your server that can be access via an RDP client such as 'Remote Desktop Connection' on Windows. This allows you to have a virtual Windows machine running at a remote location to perform various administrative tasks. You can run network applications as if you were in the remote office and will not tying up a physical machine.<br />
<br />
For instruction on how to install [[VirtualBox 4.0 on SME Server v8 beta 6]], check this [http://wiki.contribs.org/index.php?title=VirtualBox_4.0_on_SME_Server_v8_beta_6 wiki] page.<br />
<br />
=== Requirements ===<br />
You will need SME Server 7.4, kernel 2.6.9-78.0.22.EL or 2.6.9-78.0.22.ELsmp <br />
check your current kernel using <br />
uname -r<br />
<br />
You will also need to download the VirtualBox rpm file<br />
wget http://download.virtualbox.org/virtualbox/3.0.10/VirtualBox-3.0.10_54097_rhel4-1.i386.rpm<br />
<br />
You will also need the precompiled kernel modules<br />
<br />
'''For 2.6.9-78.0.22.EL'''<br />
wget http://kevinps2003.tripod.com/VirtualBox3.0.10_Modules_2.6.9-78.EL.tar.gz<br />
'''For 2.6.9-78.0.22.ELsmp'''<br />
wget http://kevinps2003.tripod.com/VirtualBox3.0.10_Modules_2.6.9-78.ELsmp.tar.gz<br />
<br />
=== Installation ===<br />
<br />
1. Download the files to your folder on your server (it is a good idea to keep these file around if you ever need to rebuild a server)<br />
<br />
----<br />
<br />
2. Install the dependencies for VirtualBox (this will install the alsa-lib and SDL)<br />
yum install SDL<br />
You may need to run the following commands to complete the installation<br />
signal-event post-upgrade<br />
signal-event reboot<br />
<br />
----<br />
<br />
3. Create a new group ‘vboxusers’ in the server manager and assign the appropriate users.<br />
<br />
----<br />
<br />
4. Create a new ibay for the VirtualBox settings and hard drive files. Set the Group to ‘vboxusers’ and User Access to ‘read=group, write=group’.<br />
<br />
----<br />
<br />
5. Install VirtualBox using the following command<br />
rpm -Uvh VirtualBox-3.0.10_54097_rhel4-1.i386.rpm<br />
<br />
Note - You will get the following error message, which you can ignore, we will manually copy and install the precompiled modules<br />
Creating group 'vboxusers'. VM users must be member of that group!<br />
<br />
No precompiled module for this kernel found -- trying to build one. Messages<br />
emitted during module compilation will be logged to /var/log/vbox-install.log. <br />
<br />
Compilation of the kernel module FAILED! VirtualBox will not start until this<br />
problem is fixed. Please consult /var/log/vbox-install.log to find out why the<br />
kernel module does not compile. Most probably the kernel sources are not found.<br />
Install them and execute<br />
<br />
/etc/init.d/vboxdrv setup<br />
<br />
as root.<br />
<br />
----<br />
<br />
6. Extract files from VirtualBox3.0.10_Modules_2.6.9-78.EL*.tar.gz<br />
tar -zxvf VirtualBox3.0.10_Modules_2.6.9-78.EL*.tar.gz<br />
<br />
----<br />
<br />
7. Copy precompiled VirtualBox drivers to the appropriate lib/modules/… folder<br />
<br />
'''For 2.6.9-78.0.22.EL'''<br />
cp vboxdrv.ko /lib/modules/2.6.9-78.0.22.EL/<br />
cp vboxnetflt.ko /lib/modules/2.6.9-78.0.22.EL/<br />
cp vboxnetadp.ko /lib/modules/2.6.9-78.0.22.EL/<br />
'''For 2.6.9-78.0.22.ELsmp'''<br />
cp vboxdrv.ko /lib/modules/2.6.9-78.0.22.ELsmp/<br />
cp vboxnetflt.ko /lib/modules/2.6.9-78.0.22.ELsmp/<br />
cp vboxnetadp.ko /lib/modules/2.6.9-78.0.22.ELsmp/<br />
----<br />
<br />
8. Change module permissions and owner using the following commands (this step might not be required)<br />
<br />
'''For 2.6.9-78.0.22.EL'''<br />
chown root:root /lib/modules/2.6.9-78.0.22.EL/vboxdrv.ko<br />
chown root:root /lib/modules/2.6.9-78.0.22.EL/vboxnetflt.ko<br />
chown root:root /lib/modules/2.6.9-78.0.22.EL/vboxnetadp.ko<br />
chmod 644 /lib/modules/2.6.9-78.0.22.EL/vboxdrv.ko<br />
chmod 644 /lib/modules/2.6.9-78.0.22.EL/vboxnetflt.ko<br />
chmod 644 /lib/modules/2.6.9-78.0.22.EL/vboxnetadp.ko<br />
'''For 2.6.9-78.0.22.ELsmp'''<br />
chown root:root /lib/modules/2.6.9-78.0.22.ELsmp/vboxdrv.ko<br />
chown root:root /lib/modules/2.6.9-78.0.22.ELsmp/vboxnetflt.ko<br />
chown root:root /lib/modules/2.6.9-78.0.22.ELsmp/vboxnetadp.ko<br />
chmod 644 /lib/modules/2.6.9-78.0.22.ELsmp/vboxdrv.ko<br />
chmod 644 /lib/modules/2.6.9-78.0.22.ELsmp/vboxnetflt.ko<br />
chmod 644 /lib/modules/2.6.9-78.0.22.ELsmp/vboxnetadp.ko<br />
<br />
----<br />
<br />
9. Test the kernel module, if there are no error messages, you can keep going, if not, you may have to compile the modules for yourself.<br />
<br />
'''For 2.6.9-78.0.22.EL'''<br />
insmod /lib/modules/2.6.9-78.0.22.EL/vboxdrv.ko<br />
insmod /lib/modules/2.6.9-78.0.22.EL/vboxnetflt.ko<br />
insmod /lib/modules/2.6.9-78.0.22.EL/vboxnetadp.ko<br />
'''For 2.6.9-78.0.22.ELsmp'''<br />
insmod /lib/modules/2.6.9-78.0.22.ELsmp/vboxdrv.ko<br />
insmod /lib/modules/2.6.9-78.0.22.ELsmp/vboxnetflt.ko<br />
insmod /lib/modules/2.6.9-78.0.22.ELsmp/vboxnetadp.ko<br />
<br />
----<br />
<br />
10. Verify the kernel modules are loaded<br />
lsmod | grep vbox<br />
Should result in<br />
vboxnetadp 73576 0<br />
vboxnetflt 80776 0<br />
vboxdrv 106920 1 vboxnetflt<br />
<br />
----<br />
<br />
11. Unload the kernel modules<br />
rmmod vboxnetflt<br />
rmmod vboxnetadp<br />
rmmod vboxdrv<br />
<br />
----<br />
<br />
12. Run depmod to determine module dependancies <br />
'''For 2.6.9-78.0.22.EL'''<br />
depmod -a /lib/modules/2.6.9-78.0.22.EL/vboxnetflt.ko<br />
depmod -a /lib/modules/2.6.9-78.0.22.EL/vboxnetadp.ko<br />
'''For 2.6.9-78.0.22.ELsmp'''<br />
depmod -a /lib/modules/2.6.9-78.0.22.ELsmp/vboxnetflt.ko<br />
depmod -a /lib/modules/2.6.9-78.0.22.ELsmp/vboxnetadp.ko<br />
<br />
Note - if you have get a few lines containing the following <br />
WARNING: Can't read module /lib/modules/2.6.9-78.0.22.EL<br />
You will need to update your server (See comment #6, [http://bugs.contribs.org/show_bug.cgi?id=5334 Bug #5334], not recommended for a production server), or manually edit the modules.dep file.<br />
<br />
'''For 2.6.9-78.0.22.EL'''<br />
pico /lib/modules/2.6.9-78.0.22.EL/modules.dep <br />
Add the following lines<br />
/lib/modules/2.6.9-78.0.22.EL/vboxdrv.ko:<br />
/lib/modules/2.6.9-78.0.22.EL/vboxnetadp.ko:<br />
/lib/modules/2.6.9-78.0.22.EL/vboxnetflt.ko: /lib/modules/2.6.9-78.0.22.EL/vboxdrv.ko<br />
<br />
'''For 2.6.9-78.0.22.ELsmp'''<br />
pico /lib/modules/2.6.9-78.0.22.ELsmp/modules.dep <br />
Add the following lines<br />
/lib/modules/2.6.9-78.0.22.ELsmp/vboxdrv.ko:<br />
/lib/modules/2.6.9-78.0.22.ELsmp/vboxnetadp.ko:<br />
/lib/modules/2.6.9-78.0.22.ELsmp/vboxnetflt.ko: /lib/modules/2.6.9-78.0.22.ELsmp/vboxdrv.ko<br />
<br />
----<br />
<br />
13. Test that the kernel modules load properly with the following command<br />
modprobe vboxnetflt<br />
modprobe vboxnetadp<br />
<br />
----<br />
<br />
14. Verify the kernel modules are loaded<br />
lsmod | grep vbox<br />
Should result in<br />
vboxnetadp 73576 0<br />
vboxnetflt 80776 0<br />
vboxdrv 106920 1 vboxnetflt<br />
<br />
----<br />
<br />
15. Create/edit the /etc/rc.modules file to load vboxdrv and vboxnetflt at boot time<br />
pico /etc/rc.modules<br />
Add the following lines and save<br />
modprobe vboxnetflt <br />
modprobe vboxnetadp <br />
<br />
Run the following command to make the script executable.<br />
chmod +x /etc/rc.modules<br />
<br />
----<br />
<br />
16. Remove the file that flags vboxdrv and vboxnetflt module as not being installed properly<br />
rm /etc/vbox/module_not_compiled<br />
<br />
----<br />
<br />
17. Set Environment Variable (replace 'vbox_files' with the ibay you created)<br />
export VBOX_USER_HOME=/home/e-smith/files/ibays/vbox_files/files/.VirtualBox<br />
<br />
----<br />
<br />
18. Permanently set Environment Variable<br />
pico /etc/profile.d/vboxpath.sh<br />
Add the two lines below (replace 'vbox_files' with the ibay you created)<br />
# /etc/profile.d/vboxpath.sh - Set Virtual Box Settings Location<br />
export VBOX_USER_HOME=/home/e-smith/files/ibays/vbox_files/files/.VirtualBox<br />
<br />
Change the permissions on the script to make it executable<br />
chmod 755 /etc/profile.d/vboxpath.sh<br />
<br />
----<br />
<br />
19. Verify the environment variable is set<br />
echo $VBOX_USER_HOME<br />
Should result in (where 'vbox_files' is the ibay you created)<br />
/home/e-smith/files/ibays/vbox_files/files/.VirtualBox<br />
<br />
----<br />
<br />
20. You can now create and run your own virtual machines using VBoxManage and VBoxHeadless (located in /usr/bin/). <br />
<br />
=== Usage - VBoxManage ===<br />
<br />
To create a virtual machine, use the following command, replace "WinXP" with the name of your new virtual machine.<br />
VBoxManage createvm -name "WinXP" –register<br />
<br />
----<br />
<br />
Set the amount of RAM for your virtual machine<br />
VBoxManage modifyvm "WinXP" -memory "128MB"<br />
When modifying your virtual machine, you will need to pay close attention to the amount of physical ram in your server. Use the following command to check the amount of free memory in your server<br />
free -m<br />
<br />
----<br />
<br />
Enables 'ACPI' for your virtual machine in VirtualBox <br />
VBoxManage modifyvm "WinXP" -acpi on <br />
<br />
----<br />
<br />
Creates a new virtual hard disk file (VDI). Note, size is in MB. The file will be saved to /home/e-smith/files/ibays/vbox_files/files/.VirtualBox/HardDisks/WinXP.vdi<br />
VBoxManage createvdi -filename "WinXP.vdi" -size 20000 -register<br />
<br />
----<br />
<br />
Assign the hard disk file to your new virtual machine<br />
VBoxManage modifyvm "WinXP" -hda "WinXP.vdi"<br />
<br />
----<br />
<br />
Sets the first boot device for your virtual machine to dvd (ie installing OS)<br />
VBoxManage modifyvm "WinXP" -boot1 dvd <br />
<br />
----<br />
<br />
Adds a CD/DVD image (located on your server) to VirtualBox media manager (note, replace the path below with the path to your installation media)<br />
VBoxManage registerimage dvd /home/e-smith/files/ibays/iso_images/files/WinXP.iso<br />
<br />
----<br />
<br />
Assigns the CD/DVD image to your virtual machine<br />
VBoxManage modifyvm "WinXP" -dvd /home/e-smith/files/ibays/iso_images/files/WinXP.iso<br />
<br />
----<br />
<br />
Remove the CD/DVD image from your virtual machine<br />
VBoxManage modifyvm "WinXP" -dvd none<br />
<br />
----<br />
<br />
Sets the Virtual NIC to the VirtualBox 'nat' (can't communicate with other computers on lan, but has internet access via your server)<br />
VBoxManage modifyvm "WinXP" -nic1 nat<br />
<br />
----<br />
<br />
To give your virtual machine an IP Address from your local network (ie DHCP provided by another machine), use the following commands to change the Virtual NIC to use your LAN connection. If your server is configured as a gateway, make sure that 'eth0' is the LAN port not the WAN otherwise your virtual machine will be exposed to the internet without a firewall.<br />
VBoxManage modifyvm "WinXP" -nic1 bridged<br />
VBoxManage modifyvm "WinXP" -bridgeadapter1 eth0<br />
<br />
----<br />
<br />
The commands above were based on this guide. [http://vmetc.com/wp-content/uploads/2008/07/headless-vm-creation-in-virtualbox-creating-an-ubuntu-804-server-vm.pdf]<br />
<br />
=== Usage - VBoxHeadless ===<br />
<br />
To start your virtual machine use the following command<br />
VBoxHeadless -s "WinXP"<br />
<br />
To access your virtual machine, you will need to connect via an RDP client. On Windows you can use the built in 'Remote Desktop Connection' to access your virtual machine. Open your RDP client and input the IP address/Name of your SME Server into the box and press Connect. <br />
<br />
[[File:RDP_Connection.jpg]]<br />
<br />
Note there is no authentication when connecting by default, consult the VirtualBox documentation for instructions on implementing authentication.<br />
<br />
----<br />
<br />
To start your virtual machine on a different port (ie 12345), use the following command<br />
VBoxHeadless -s "WinXP" -p 12345<br />
<br />
Then enter 'IPaddress:port' into your RDP client. For Windows Remote Desktop Connection use<br />
192.168.1.1:12345 <br />
<br />
=== Uninstall ===<br />
rpm -e VirtualBox<br />
<br />
Remove the kernel modules from the /lib/modules/... folder<br />
<br />
'''For 2.6.9-78.0.22.EL'''<br />
rm /lib/modules/2.6.9-78.0.22.EL/vbox*.ko<br />
'''For 2.6.9-78.0.22.ELsmp'''<br />
rm /lib/modules/2.6.9-78.0.22.ELsmp/vbox*.ko<br />
<br />
Remove the Environment Variable Script<br />
rm /etc/profile.d/vboxpath.sh<br />
<br />
----<br />
<noinclude>[[Category: Howto]]<br />
[[Category:Virtualisation]]</noinclude></div>ReetPhttps://wiki.koozali.org/index.php?title=AutoMysqlBackup&diff=42110AutoMysqlBackup2023-06-13T12:34:18Z<p>ReetP: /* Mysql53, Mysql55, Mysql57, MariaDB */</p>
<hr />
<div>{{Languages|AutoMysqlBackup}}<br />
==Automysqlbackup==<br />
[http://sourceforge.net/projects/automysqlbackup/ AutoMySQLBackup] associates with DB configuration will create Daily, Weekly and Monthly backups of your MySQL databases. At least there is no panel in the server-manager but the configuration is quite simple with few commands listed above, handle by "config setprop automysqlbackup". I'm fairly sure that you do not have to modify huge options except the mail where logs and files are sent.<br />
With this contribs you save your mysql databases in a simple way.<br />
<br />
Other Features include:<br />
*Email notification of backups<br />
*Databases split and sent by mails<br />
*Backup Compression and Encryption<br />
*Configurable backup rotation (no db command yet, you have to do it manualy)<br />
*Incremental database backups (no db command yet, you have to do it manualy)<br />
<br />
=== Version ===<br />
{{ #smeversion: smeserver-automysqlbackup}}<br />
{{ #smeversion: automysqlbackup}}<br />
<br />
==Maintainer==<br />
[mailto:stephdl@de-labrusse.fr stephdl] Stéphane de Labrusse AKA [[User:stephdl|Stephdl]]<br /><br />
<br />
==Installation==<br />
====For SME8====<br />
This contrib is in the [[Stephdl|'''stephdl''']], you have to enable it before to install the contrib<br />
<br />
</noinclude><br />
db yum_repositories set stephdl repository \<br />
BaseURL http://mirror.de-labrusse.fr/smeserver/\$releasever \<br />
EnableGroups no GPGCheck yes \<br />
Name "Mirror de Labrusse" \<br />
GPGKey http://mirror.de-labrusse.fr/RPM-GPG-KEY \<br />
Visible yes status disabled<br />
<br />
<br />
<noinclude><br />
After adding it to the database updating the configuration file is required:<br />
signal-event yum-modify<br />
<br />
yum install --enablerepo=stephdl smeserver-automysqlbackup<br />
config set UnsavedChanges no<br />
<br />
====For SME9 and SME10====<br />
<br />
yum install --enablerepo=smecontribs smeserver-automysqlbackup<br />
config set UnsavedChanges no<br />
<br />
You can also install pigz for multi CPU support which can speed up your backups and remove the warning from the status email:<br />
<br />
yum --enablerepo=epel install pigz<br />
<br />
==smeserver Panel==<br />
<br />
There is no panel for manage this contrib, you have to play with db configuration command but normally the options by default could be sufficient.<br />
<br />
==How to launch the backup==<br />
You can launch manually the database backup by a command line with automysqlbackup in a root terminal.<br />
automysqlbackup<br />
otherwise every night, a cron job start à 4h00 AM to save your databases.<br />
==DB command option==<br />
If you want to see the db configuration of automysqlbackup.<br />
config show automysqlbackup<br />
===Time===<br />
<br />
You can adjust the time when start the cronJob<br />
<br />
* Each 30 Minutes<br />
config setprop automysqlbackup Hour '*' Minute '*/30'<br />
signal-event automysqlbackup-update<br />
<br />
* Each Hour<br />
config setprop automysqlbackup Hour '*/1' Minute 1<br />
signal-event automysqlbackup-update<br />
<br />
* At 3 Hour Am<br />
config setprop automysqlbackup Hour 3 Minute 1<br />
signal-event automysqlbackup-update<br />
<br />
===Backup directory===<br />
It is the folder where you save you database backup '''(default is /root/backup/db)'''. This is the architecture of your backup folder.<br />
{{note box|keep in mind that the /root folder is saved with the e-smith-backup of your server-manager}} <br />
#ls /root/backup/db/<br />
daily fullschema latest monthly status tmp weekly<br />
<br />
If you want to save in another place, you have to do the command below.<br />
<br />
config setprop automysqlbackup Backupdir /path/to/other/folder<br />
you have to create manually your new backup directory<br />
mkdir -p /path/to/other/folder<br />
<br />
===Backup a local directory===<br />
the possibility is given to you to save a local directory by automysqlbackup. I suppose that you can not use it for large folder but for a web site with its database it could be useful. not activated by default<br />
config setprop automysqlbackup Backup_local_files /path/to/folder<br />
<br />
===Mysql53, Mysql55, Mysql57, MariaDB===<br />
<br />
With SCL on SME you may be running other database versions.<br />
<br />
You must make sure you have a backup user for the newer databases<br />
<br />
Creating backup user for default mysql53 database<br />
done<br />
*** If you add mysql55/mysql57 you must add a backup user ***<br />
You can use the password from config show automysqlbackup<br />
e.g.: <br />
mysql55 -e " GRANT EVENT,SELECT,LOCK TABLES ON *.* TO backupuser@'localhost' " <br />
mysql55 -u root -e "SET PASSWORD FOR backupuser@localhost = PASSWORD( ' -from config show automysqlbackup DbPassword- ' ) " <br />
<br />
We can now choose other databases to backup:<br />
<br />
mysql53, mysql55, mysql57, mariadb<br />
<br />
You can enable or disable as follows:<br />
<br />
config setprop automysqlbackup Mysql55 enabled<br />
signal-event automysqlbackup-update<br />
<br />
====For Koozali SME v10====<br />
<br />
The default Maria 5.5 is included. To add Maria 10.5 added via the contrib:<br />
<br />
config setprop automysqlbackup Mymaria105 enabled<br />
signal-event smeserver-automysqlbackup-update<br />
<br />
===Encryption===<br />
If you wish to encrypt your backups using openssl '''(no is default)'''<br />
config setprop automysqlbackup Encrypt yes<br />
you need to set a password '''(default is 01234567899876543210)'''<br />
config setprop automysqlbackup Dbencrypt_password your-password<br />
<br />
{{Note box| This option may be useful when you want to save your databases outside of your server by sending them by mails. keep in mind to change the default password}}<br />
<br />
===Decryption===<br />
To decrypt run :<br />
<br />
openssl enc -aes-256-cbc -d -in encrypted_file_name(ex: *.enc.gz) -out outputfilename.gz -pass pass:your-password<br />
<br />
example : <br />
<br />
openssl enc -aes-256-cbc -d -in daily_horde_2013-04-26_01h41m_Friday.sql.gz.enc -out daily_horde_2013-04-26_01h41m_Friday.sql.gz \<br />
-pass pass:01234567899876543210<br />
<br />
===Mailcontent===<br />
you can choose your type of mail send to the admin '''(log by default)'''<br />
config setprop automysqlbackup Mailcontent option<br />
option :<br />
*log : send only log file (default)<br />
*files : send log file and sql files as attachments<br />
*stdout : will simply output the log to the screen if run manually.<br />
*quiet : Only send logs if an error occurs to the MAILADDR.<br />
<br />
{{Tip box|Use the "'''files'''" option with the Mailcontent db to save your mysql databases in a mailbox outside of your server, moreover they are saved too in a local folder of your server (by default/root/backup/db)}}<br />
<br />
===Mailto===<br />
you can choose the mail account where you sent your mails '''(default is the mailbox admin of your server)'''.<br />
<br />
config setprop automysqlbackup Mailto foo@foo.com<br />
<br />
===Sizemail===<br />
<br />
you can determine the size of mails sent '''(default is 8000 KB)'''.<br />
config setprop automysqlbackup Sizemail 8000<br />
{{note box|keep in mind that a lot of smtp server reject mail bigger than 10 000 KB or 10MB}}<br />
<br />
==Manual Settings==<br />
There are many options you can modify in automysqlbackup, so for a personal need you can adjust by hand the files below. make a copy before.<br />
<br />
cp /etc/automysqlbackup/myserver.conf /etc/automysqlbackup/myserver.conf-old<br />
nano /etc/automysqlbackup/myserver.conf<br />
<br />
==RESTORING==<br />
===restoring a .sql file===<br />
In a root terminal <br />
cd /root/backup/db/ <br />
and choose your backup<br />
gunzip file-name.sql.gz<br />
Next you will need to use the mysql client to restore the DB from the sql file.<br />
mysql database < /path/file.sql<br />
<br />
NOTE: Make sure you use < and not > in the above command because you are piping the file.sql to mysql and not the other way around<br />
<br />
If you want to play with another user or a remote mysql server you can use this command line<br />
<br />
mysql --user=username --pass=password --host=dbserver database < /path/file.sql<br />
<br />
===restoring databases sent by mail attachment===<br />
<br />
The attachments have been split into multiple files, use this command line to combine them :<br />
cat mail_attachment_2011-08-13_13h15m_* > mail_attachment_2011-08-13_13h15m.tar.bz2<br />
and do this to extract the content<br />
bunzip2 <mail_attachment_2011-08-13_13h15m.tar.bz2 | pax -rv<br />
<br />
==Known Issues==<br />
<br />
===Skip mysql.event===<br />
* Warning: Skipping the data of table mysql.event. Specify the --events option explicitly. SOLVED in [[bugzilla:8146]]<br />
See http://www.linuxbrigade.com/warning-skipping-data-table-mysql-event/#more-135<br />
See this discussion http://bugs.mysql.com/bug.php?id=68376<br />
<br />
=== Empty backupdir key===<br />
* Don't leave this key blank or you may get errors:<br />
<br />
config show automysqlbackup Backupdir <br />
<br />
The system will try and default to /root/backup/db but you may get issues if it is empty<br />
<br />
See bugs [[bugzilla:10655]] and [[bugzilla:10654]]<br />
<br />
===Backup databases===<br />
* Some solutions : <br />
<br />
if we want to backup databases<br />
mysqldump -uroot --events mysql > /tmp/mysql.sql<br />
or if we don't want to backup them<br />
mysqldump -uroot --events --ignore-table=mysql.event mysql > /tmp/mysql.sql<br />
<br />
==Bugs==<br />
<br />
Please raise bugs under the SME-Contribs section in {{BugzillaFileBug|product=|component=|title=bugzilla}}and select the smeserver-automysqlbackup component or use <br />
{{BugzillaFileBug|product=SME%20Contribs|component=smeserver-automysqlbackup |title=this link}}.<br />
<br />
<br />
{{#bugzilla:columns=id,product,version,status,summary |sort=id |order=desc |disablecache=1 |component=smeserver-automysqlbackup |noresultsmessage="No open bugs found."}}<br />
<br />
<br />
==Changelog==<br />
<br />
Only released version in smecontrib are listed here.<br />
<br />
{{ #smechangelog: smeserver-automysqlbackup }}<br />
<br />
<br />
[[Category: Contrib]]</div>ReetPhttps://wiki.koozali.org/index.php?title=Raid:Growing&diff=42104Raid:Growing2023-06-05T10:36:27Z<p>ReetP: </p>
<hr />
<div>{{level|Advanced}}<br />
Source of this page is the [https://raid.wiki.kernel.org/index.php/Growing raid wiki]. This is the [http://forums.contribs.org/index.php/topic,50311.0 initial forum post] which gives the need to write the the howto<br />
<br />
The purpose of this HOWTO is to add a new drive to an existing Raid5 with LVM, LVM is the standard installation of SME Server. Please backup your data before starting this HOWTO, '''or you may loose the lot'''.<br />
==Growing an existing Array==<br />
<br />
{{Note box|due to a bug in kernel 2.6.18 which is the default kernel of Centos 5 and SME Server 8.0, you can not grow a RAID6}}<br />
<br />
When new disks are added, existing raid partitions can be grown to use the new disks. After the new disk has been partitioned, the RAID array 1/4/5 may be grown. Assuming that before growing, it contains four drives in Raid5 and therefore an array of 3 drives (3*10G) and 1 spare drive(10G). See this [[Raid#Hard_Drives_.E2.80.93_Raid|HowTo]] for understanding the automatic raid construction of SME Server<br />
<br />
This is how your array should look before changing.<br />
<br />
[root@smeraid5 ~]# cat /proc/mdstat<br />
Personalities : [raid6] [raid5] [raid4] [raid1] <br />
md1 : '''active raid1''' sda1[0] sdb1[1] sdc1[2] sdd1[3]<br />
104320 blocks [4/4] [UUUU]<br />
<br />
md2 : '''active raid5''' sdd2[8](S) sdc2[2] sdb2[1] sda2[0]<br />
72644096 blocks level 5, 256k chunk, algorithm 2 [8/8] [UUU]<br />
<br />
===Partition the new drive===<br />
<br />
for example using this command to partition the new drive<br />
<br />
sfdisk -d /dev/sda > sfdisk_sda.output<br />
sfdisk -f /dev/sde < sfdisk_sda.output<br />
<br />
If you have errors using the sfdisk command, you can clean the drive with the dd command.<br />
{{Warning box|Be aware that dd is called data-destroyer, be certaing of the partition you want zeroed.}}<br />
#dd if=/dev/zero of=/dev/sdX bs=512 count=1<br />
<br />
===Adding partitions===<br />
{{Note box|msg=The process can take many hours or even days. There is a critical section at start, which cannot be backed up. To allow recovery after unexpected power failure, an additional option <code>--backup-file=</code> can be specified. Make sure this file is on a different disk or it defeats the purpose.<br />
<br />
mdadm --grow --raid-devices=5 --backup-file=/root/grow_md1.bak /dev/md1<br />
mdadm --grow --raid-devices=4 --backup-file=/root/grow_md2.bak /dev/md2}}<br />
<br />
Now we need to add the first partition /dev/sde1 to /dev/md1<br />
<br />
[root@smeraid5 ~]# mdadm --add /dev/md1 /dev/sde1<br />
mdadm: added /dev/sde1<br />
[root@smeraid5 ~]# mdadm --grow --raid-devices='''5''' /dev/md1<br />
<br />
Here we use the option --raid-devices='''5''' because raid1 uses all drives. You can see how the array looks by:<br />
{{Warning box|During the raid growing step you DO not shutdown your computer, or experienced an electrical failure, these issues can let your computer in a badly status and you can loose your data}}<br />
[root@smeraid5 ~]# mdadm --detail /dev/md1<br />
/dev/md1:<br />
Version : 0.90<br />
Creation Time : Tue Oct 29 21:04:15 2013<br />
Raid Level : raid1<br />
Array Size : 104320 (101.89 MiB 106.82 MB)<br />
Used Dev Size : 104320 (101.89 MiB 106.82 MB)<br />
Raid Devices : 5<br />
Total Devices : 5<br />
Preferred Minor : 1<br />
Persistence : Superblock is persistent<br />
<br />
Update Time : Tue Oct 29 21:39:00 2013<br />
State : clean<br />
Active Devices : 5<br />
Working Devices : 5<br />
Failed Devices : 0<br />
Spare Devices : 0<br />
<br />
UUID : 15eb70b1:3d0293bb:f3c49d70:6fc5aa4d<br />
Events : 0.4<br />
<br />
Number Major Minor RaidDevice State<br />
0 8 1 0 active sync /dev/sda1<br />
1 8 17 1 active sync /dev/sdb1<br />
2 8 33 2 active sync /dev/sdc1<br />
3 8 49 3 active sync /dev/sdd1<br />
4 8 65 4 active sync /dev/sde1<br />
<br />
After that we have to do the same thing with the md2 which is a raid5 array.<br />
<br />
[root@smeraid5 ~]# mdadm --add /dev/md2 /dev/sde2<br />
mdadm: added /dev/sde2<br />
<br />
[root@smeraid5 ~]# mdadm --grow --raid-devices='''4''' /dev/md2<br />
mdadm: Need to backup 14336K of critical section..<br />
mdadm: ... critical section passed.<br />
<br />
{{tip box|msg=You need to keep --raid-devices='''4''' if you want to have an array of 4 drives+1spare, However if you do not want a spare drive, you should set --raid-devices='''5'''. This command can be used to grow an array of raid on the spare drive, just say to mdadm that you want to use all disks connected to the computer.}}<br />
<br />
{{Warning box|During the raid growing step you DO not shutdown your computer, or experienced an electrical failure, these issues can let your computer in a badly status and you can loose your data}}<br />
<br />
we can take a look to the md2 array<br />
<br />
[root@smeraid5 ~]# mdadm --detail /dev/md2<br />
/dev/md2:<br />
Version : 0.90<br />
Creation Time : Tue Oct 29 21:04:28 2013<br />
Raid Level : raid5<br />
Array Size : 32644096 (30.28 GiB 31.39 GB)<br />
Used Dev Size : 7377728 (7.90 GiB 9.63 GB)<br />
Raid Devices : 4<br />
Total Devices : 5<br />
Preferred Minor : 2<br />
Persistence : Superblock is persistent<br />
<br />
Update Time : Tue Oct 29 21:39:29 2013<br />
State : clean<br />
Active Devices : 4<br />
Working Devices : 5<br />
Failed Devices : 0<br />
Spare Devices : 1<br />
<br />
Layout : left-symmetric<br />
Chunk Size : 256K<br />
<br />
UUID : d2c26bed:b5251648:509041c5:fab64ab4<br />
Events : 0.462<br />
<br />
Number Major Minor RaidDevice State<br />
0 8 2 0 active sync /dev/sda2<br />
1 8 18 1 active sync /dev/sdb2<br />
3 8 34 2 active sync /dev/sdc2<br />
4 8 50 3 active sync /dev/sde2<br />
<br />
2 8 114 - spare /dev/sdd2<br />
<br />
===LVM: Growing the PV===<br />
<br />
{{Note box|Once the construction is complete, we have to set the LVM to use the whole space}}<br />
<br />
* In a root terminal, issue the following command lines<br />
<br />
[root@smeraid5 ~]# pvresize /dev/md2<br />
Physical volume "/dev/md2" changed<br />
1 physical volume(s) resized / 0 physical volume(s) not resized<br />
<br />
* after that we can resize the LVM<br />
<br />
[root@smeraid5 ~]# lvresize -l +100%FREE /dev/main/root<br />
Extending logical volume root to 30,25 GB<br />
Logical volume root successfully resized<br />
<br />
{{tip box|/dev/main/root is the default name, but if you have changed this you can find it by typing the command : lvdisplay}}<br />
<br />
[root@smeraid5 ~]# resize2fs /dev/main/root<br />
resize2fs 1.39 (29-May-2006)<br />
Filesystem at /dev/main/root is mounted on /; on-line resizing required<br />
Performing an on-line resize of /dev/main/root to 19726336 (4k) blocks.<br />
<br />
* You should verify that your LVM use the whole drive space with the command <br />
<br />
On Koozali SME v10 you should use xfs_growfs instead of resize2fs<br />
<br />
[root@smev10~]# xfs_growfs /dev/main/root<br />
meta-data=/dev/mapper/main-root isize=512 agcount=4, agsize=1854976 blks<br />
= sectsz=512 attr=2, projid32bit=1<br />
= crc=1 finobt=0 spinodes=0<br />
data = bsize=4096 blocks=7419904, imaxpct=25<br />
= sunit=0 swidth=0 blks<br />
naming =version 2 bsize=4096 ascii-ci=0 ftype=1<br />
log =internal bsize=4096 blocks=3623, version=2<br />
= sectsz=512 sunit=0 blks, lazy-count=1<br />
realtime =none extsz=4096 blocks=0, rtextents=0<br />
data blocks changed from 7419904 to 11615232<br />
<br />
<br />
<br />
[root@smeraid5 ~]# pvdisplay<br />
--- Physical volume ---<br />
PV Name /dev/md2<br />
VG Name main<br />
PV Size 30.25 GB / not usable 8,81 MB<br />
Allocatable yes (but full)<br />
PE Size (KByte) 32768<br />
Total PE 1533<br />
'''Free PE 0'''<br />
Allocated PE 1533<br />
PV UUID a31UBW-2SN6-CXFk-qLOZ-qrsQ-BIYo-nZexXo<br />
<br />
if you can see that you have no more '''FREE PE''' you are the king of raid. But you can see also with the command <br />
<br />
[root@smeraid5 ~]# lvdisplay<br />
<noinclude>[[Category:Howto]][[Category:Administration:Storage]]</noinclude></div>ReetPhttps://wiki.koozali.org/index.php?title=FreePBX&diff=42084FreePBX2023-05-31T13:13:11Z<p>ReetP: /* Known issues */</p>
<hr />
<div>{{Languages}}<br />
{{Warning box| when installing smeserver-freepbx, your default php cli will change to php56 by default instead of php54, unless you specifically point to the binary. This is because Fpbx 14 does not support anymore php54 and php5, and neither php70 and higher. Upon upgrade to Fpbx 15 and Fpbx 16 this default will be updated to php74 to allow cli php script to run smoothly.}}<br />
===Maintainer===<br />
original contributor: [mailto:daniel@firewall-services.com][[User:VIP-ire|Daniel B.]] from [http://www.firewall-services.com Firewall Services]<br />
<br />
last maintainer: [mailto:tests@pialasse.com][[User:Unnilennium|JP Pialasse]]<br />
<br />
=== Version ===<br />
{{#smeversion:smeserver-freepbx }}<br />
<br><br />
{{#smeversion:freepbx-src }}<br />
<br><br />
<br />
{| class="wikitable"<br />
|+PHP compatibility<br />
!Freepbx<br />
!php56<br />
!php70<br />
!php72<br />
!php74<br />
!php80+<br />
|-<br />
|14<br />
|yes<br />
|no<br />
|no<br />
|no<br />
|no<br />
|-<br />
|15<br />
|yes<br />
|yes<br />
|yes<br />
|limited<br />
|no<br />
|-<br />
|16<br />
|no<br />
|no<br />
|no<br />
|yes<br />
|no<br />
|}<br />
<br />
=== Description ===<br />
<br />
[http://freepbx.org FreePBX] is a full-featured PBX web application. If you’ve looked into Asterisk, you know that it doesn’t come with any "built in" programming. You can’t plug a phone into it and make it work without editing configuration files, writing dialplans, and various messing about.<br />
<br />
FreePBX simplifies this by giving you pre-programmed functionality accessible by a user-friendly web interfaces that allows you to have a fully functional PBX pretty much straight away with no programming required. Some of the features that FreePBX supports out of the box are:<br />
<br />
*Unlimited number of Voicemail boxes<br />
*"Follow Me" functionality<br />
*Ring Groups with calls confirmation (so if, eg, a cellphone is out of range and diverts to voicemail, all the other phones keep ringing)<br />
*Unlimited number of Conferences (limited by available CPU power - about 300 simultaneous users in conferences on a P4 3ghz - 600 with a dual core!)<br />
*Paging and Intercom functionality for man SIP phones that support it.<br />
*Music on Hold (via MP3s, or streamed off the internet)<br />
*Call Queues<br />
*And many other features<br />
<br />
=== Optional ===<br />
*You may want some hardware cards if you don't want your installation to be IP only. I've tested successfully the TDM400P, TDM410P and b410P (misdn) from Digium, but any card supported by DAHDI (should be anything working with zaptel) should work.<br />
<br />
=== Installation ===<br />
<br />
<tabs container><tab name="SME 10"><br />
Install needed repo and configure:<br />
yum install smeserver-extrarepositories-asterisk smeserver-extrarepositories-node smeserver-extrarepositories-rpmfusion -y<br />
db yum_repositories setprop node10 status enabled<br />
db yum_repositories setprop asterisk-common status enabled<br />
db yum_repositories setprop asterisk-13 status enabled<br />
signal-event yum-modify<br />
<br />
yum install yum-plugin-versionlock -y<br />
yum versionlock add freepbx-src-15.* --enablerepo=smetest,smecontribs<br />
<br />
install<br />
yum install smeserver-freepbx --enablerepo=smecontribs,asterisk-common,asterisk-13,node10,smetest<br />
<br />
<br />
{{note box| Be prepared to wait a bit as temp event is installing and configuring asterisk, freepbx and compilling UCP.}}<br />
<br />
if you want also to install localization sounds<br />
yum install asterisk-sounds-core-fr-alaw asterisk-sounds-core-fr-g722 asterisk-sounds-core-fr-g729 asterisk-sounds-core-fr-gsm asterisk-sounds-core-fr-siren14 asterisk-sounds-core-fr-siren7 asterisk-sounds-core-fr-sln16 asterisk-sounds-core-fr-ulaw asterisk-sounds-core-fr-wav<br />
<br />
yum install asterisk-sounds-core-it-alaw asterisk-sounds-core-it-g722 asterisk-sounds-core-it-g729 asterisk-sounds-core-it-gsm asterisk-sounds-core-it-siren14 asterisk-sounds-core-it-siren7 asterisk-sounds-core-it-sln16 asterisk-sounds-core-it-ulaw asterisk-sounds-core-it-wav<br />
<br />
yum install asterisk-sounds-core-es-alaw asterisk-sounds-core-es-g722 asterisk-sounds-core-es-g729 asterisk-sounds-core-es-gsm asterisk-sounds-core-es-siren14 asterisk-sounds-core-es-siren7 asterisk-sounds-core-es-sln16 asterisk-sounds-core-es-ulaw asterisk-sounds-core-es-wav<br />
<br />
You will still miss the asterisk-sounds-extra-*-* that are not available as rpm, but freepbx will be able to download them with soundLang module.<br />
<br />
<br />
source : https://computingforgeeks.com/how-to-install-freepbx-15-on-centos-7/ https://wiki.freepbx.org/display/FOP/Installing+FreePBX+15+on+Debian+9.6<br />
</tab><br />
<tab name="SME 9"><br />
1. First, <u>increase the php memory limit to at least 128M '''BEFORE the installation'''</u>, '''or it will fail''' in the middle leaving it in an unstable state ( half mysql db installed, no modules activated).<br />
db configuration setprop php MemoryLimit 128M<br />
expand-template /etc/php.ini<br />
service httpd-e-smith restart<br />
<br />
2. Install the 4 yum repos necessary (asterisk-13,asterisk-current,digium-current,digium-13):<syntaxhighlight lang="bash"><br />
yum install smeserver-extrarepositories-asterisk -y<br />
signal-event yum-modify<br />
</syntaxhighlight><br />
signal-event yum-modify<br />
<br />
3. Then the actual installation :<br />
<br />
yum install smeserver-freepbx --enablerepo=smecontribs,asterisk-13,asterisk-current,digium-current,digium-13<br />
<br />
4. By default en language with ulaw are added. If you want voicemail to work you wil need to add what is needed for your language there. You may want to add some extra format and languages. (you might choose codec {alaw,ulaw,g722,gsm} you want and language {en,en_AU,fr,es}, see http://packages.asterisk.org/centos/6/current/i386/RPMS/). <br />
<br />
Formerly, You could also manually download them latter through the Freepbx interface (first install Freepbx Sound Languages module,then go to Admin/Sound Languages). But this seems broken as per 2019/01/11, the xml list for the module to work are empty. See known issues if you need to install multiple langauge pack easily manually<br />
<br />
yum install asterisk-sounds-core-fr-* asterisk-sounds-extra-en-* --enablerepo=asterisk-current<br />
<br />
5. This is the important step of the installation, the actual configuration and installation of files:<br />
signal-event freepbx-update<br />
<br />
6. Then you can start to configure and upgrade trough the interface in the server-manager<br />
it might also be necessary to reboot or relaunch asterisk to allow all modules to be launch:<br />
<br />
signal-event post-upgrade; signal-event reboot<br />
<br />
<br />
</tab><br />
<tab name="SME 8"><br />
<br />
You may need to first install the [[ATrpms]] repository.<br />
<br />
yum --enablerepo=smecontribs --enablerepo=atrpms install smeserver-freepbx dahdi-linux-kmdl-$(uname -r)<br />
signal-event freepbx-update <br />
signal-event post-upgrade; signal-event reboot<br />
<br />
source : http://forums.contribs.org/index.php?topic=48143.0<br />
</tab><br />
</tabs><br />
<br />
= Components =<br />
<br />
FreePBX is composed of 4 main parts: the main FreePBX interface, Recordings, Asterisk-Stats and Flash Operator Panel<br />
<br />
==== FreePBX ====<br />
This is the main web interface for asterisk configuration. This interface is available at https://server.domain.tld/freepbx/admin, or in the server-manager, under FreePBX menu.<br />
You'll need to login as admin (password of your admin's SME account) to access this part.<br />
You can grant the access to any user of the system using the userpanel contrib (just grant the user or the group the permission to access freepbx panel)<br />
<br />
<br />
==== Recordings ====<br />
Recordings, is a web based portal for users. You may configure some features of your phone here (followme, call forward, call waiting etc...), check you call history, or download/listen to your voicemail. This interface is available at https://server.domain.tld/recordings.<br />
The login here is your phone (extension) number and your voicemail password.<br />
There's also a special admin account. The admin account can access all call logs and recordings. The login is admin, the password is randomly generated, you can find it in /opt/freepbx/recordings/includes/main.conf.php<br />
<br />
==== Backup ====<br />
Starting SME9 we started to integrate the FreePPX backup in the SME Server backup system. The first backup of FreePBX module is now reserved to SME usage. SME will trigger at least once a month a bakcup of your whole PBX and store it in /home/e-smith/files/freepbx/Default_backup/. Up to 2 version will be kept there. Also, every time you trigger the event pre-backup (i.e., before console backup, or workstation backup from server-manager) a backup will be done without you worrying about it (unless FreePBX is disabled). <br />
To restore your PBX after migrating to a new SME or after a disaster, just restore your SME as usual, install the smeserver-freepbx contrib and open you server-manager to access to the FreePBX interface. GO to the backup module, choose restore and navigate to /home/e-smith/files/freepbx/Default_backup/ and choose the backup to use. Et voilà !<br />
<br />
=== DB parameters ===<br />
<br />
Here's the list of DB parameters:<br />
<br />
This contrib add 3 entries in the configuration db: freepbx, dahdi and fop. Here's a description of available parameters for each entry<br />
<br />
*'''freepbx'''<br />
**'''CdrDbName''': the name of the database for CDR. The default is asteriskcdrdb. You should let this unless you know what you're doing.<br />
**'''DbName''': the name of the database for FreePBX. The default is freepbxdb. You should let this unless you know what you're doing.<br />
**'''DbPassword''': the password to access FreePBX database. A random value is generated at install time.<br />
**'''DbUser''': the username to access both databases. Default is freepbxuser.<br />
**'''DeviceAndUser''': (enabled|disabled) You can enable the 'deviceanduser' display view of FreePBX. DeviceAndUser is enabled, Devices and Users will be administered separately, and Users will be able to "login" to (ad hoc) devices. If disabled Devices and Users will me administered in a single screen. '''Removed since SME9. Use FPBX GUI to handle this.'''<br />
**'''ManagerPassword''': This is the asterisk manager password used by FreePBX (the login is 'admin'). The default one is randomly generated at install time.<br />
**'''UDPPorts''': Lists of ports used by asterisk. This settings is only useful if you want to open asterisk on the public interface (you can also restrict it with AllowHost parameter).<br />
**'''access''': (private|public). if you want to open asterisk on the public interface, you can set this to public.<br />
**'''status''': (enabled|disabled). Should asterisk (with FreePBX provided helper script) should be started automatically.<br />
<br />
*'''dahdi'''<br />
**'''status''': (enabled|disabled) You should let this to enabled, even if you don't have any hardware card because some functions (like meetme) requires the dahdi_dummy driver to be loaded.<br />
{{Note box|dahdi_dummy is no longer required as a 'timing' device (since Asterisk 1.6) . This has been solved by using other timing mechanisms automatically. So setting dahdi to disabled does no harm to meetme.}}<br />
<br />
===Related pages===<br />
You may be interested in the following how-to:<br />
*How-to configure your card using [[FreePBX/DAHDI|DAHDI]]<br />
*How-to configure your card using [[FreePBX/mISDN|mISDN]]<br />
<br />
=== Update Freepbx ===<br />
Simply go to the Module Admin section and update from the gui.<br />
<br />
=== Upgrade Freepbx Major Version ===<br />
<br />
To update your freepbx installation simply follow the procedure inside freepbx web interface. <br />
<br />
In case of issue, the GUI might suggest to run module upgrade from CLI, then do <br />
fwconsole ma upgrade framework<br />
fwconsole ma upgradeall<br />
<br />
After every version update (from 14 to 15, etc.) you should run a<br />
signal-event freepbx-update<br />
<br />
in order to update file ownership according to SME and FreePBX specifications.<br />
<br />
The way the contrib is designed, updating freepbx-src (i.e. from 2.5 to 2.7) won't update your working freepbx installation.<br />
<br />
{{ Note box| With SME 10 we provide Asterisk 13 and FreePBX 14 as a start, so you can easily migrate you previous SME 9 FreePBX installation. You can then easily migrate to FreePBX 15. Then you will need to wait we upgrade the contrib to allow to update the php version to 74 to be able to migrate to FreePBX 16, that is the only missing reuqirement. The reason we limited to php56 is that FreePBX 14 is only able to handle php56 and fails with anything lower or higher.}}<br />
=== v15 to v16 ===<br />
v15.0.24 does not work well with php74, v16 requires it. GUI update will fail. You need to prepare it this way:<br />
<br />
As soon as you switch to php74, v15 will have some unexpected behaviour, some elements will work other will fail.<br />
<br />
config setprop freepbx PHPVersion 74<br />
expand-template /etc/opt/remi/php74/php-fpm.d/www.conf<br />
expand-template /etc/httpd/fpbx-conf/httpd.conf<br />
expand-template /opt/remi/php56/root/etc/php-fpm.d/www.conf<br />
systemctl restart php56-php-fpm <br />
systemctl restart php74-php-fpm<br />
systemctl restart httpd-fpbx<br />
<br />
actual upgrade:<br />
fwconsole versionupgrade --check<br />
fwconsole versionupgrade --upgrade<br />
# this one needs old php56 or you will not be able to update to 16:<br />
/bin/php56 /var/lib/asterisk/bin/fwconsole ma upgrade framework<br />
fwconsole ma upgradeall<br />
signal-event freepbx-update<br />
<br />
=== Upgrade Asterisk Major Version ===<br />
{{Warning box|This is not fully tested}}<br />
<br />
https://wiki.asterisk.org/wiki/display/AST/Asterisk+Versions<br />
<br />
"Long Term Support (LTS) release will be fully supported for 4 years, with one additional year of maintenance for security fixes"<br />
<br />
Asterisk 13.x is LTS released 2014-10-24 is EOL as of 2021-10-24<br />
<br />
Asterisk 16.x is LTS released 2018-10-09 is in Security fixes only and EOL 2023-10-09<br />
<br />
Asterisk 18.x is LTS released 2020-10-20 with Security fixes from 2024-10-20 and EOL 2025-10-20<br />
<br />
Asterisk 20.x is latest LTS<br />
<br />
See:<br />
<br />
https://bugs.koozali.org/show_bug.cgi?id=12363<br />
<br />
====Asterisk 13-16====<br />
<br />
This should upgrade from 13 to 16<br />
<br />
db yum_repositories setprop asterisk-13 status disabled<br />
db yum_repositories setprop asterisk-16 status enabled<br />
signal-event yum-modify<br />
yum --enablerepo=asterisk-16,epel update<br />
signal-event post-upgrade;signal-event reboot<br />
<br />
====Asterisk 16-18====<br />
<br />
{{Warning box|This is not operational and requires further work}}<br />
<br />
This will require an update to the smeserver-freepbx spec file.<br />
<br />
This is how you would do it in principle, but there are conflicts as asterisk voicemail-plain has been replaced by asterisk-voicemail-imap and asterisk-voicemail-odbc <br />
<br />
db yum_repositories setprop asterisk-16 status disabled<br />
db yum_repositories setprop asterisk-18 status enabled<br />
signal-event yum-modify<br />
yum --enablerepo=asterisk-18,epel update<br />
signal-event post-upgrade;signal-event reboot<br />
<br />
=== Uninstall ===<br />
yum remove smeserver-freepbx freepbx-src asterisk*<br />
<br />
If you want to cleanup everything (MySQL databases, DB, etc...), you can use this script:<br />
<br />
<br />
#!/bin/bash<br />
<br />
clear<br />
echo "----------------------------"<br />
echo "!!!!! WARNING !!!!!"<br />
echo "----------------------------"<br />
echo ""<br />
echo "This script will remove from your server:"<br />
echo " - freepbx and asterisk cdr MySQL databases"<br />
echo " - freepbx MySQL User"<br />
echo " - freepbx DB entries (freepbx, httpd-fpbx and dahdi)"<br />
echo " - /opt/freepbx"<br />
echo " - /etc/freepbx.conf"<br />
echo " - /etc/amportal.conf"<br />
echo " - /var/lib/asterisk/bin/*"<br />
echo " - /usr/share/asterisk/bin/*"<br />
echo ""<br />
echo -n "Are you sure you want to remove FreePBX permanentlye? (y/n) [n] "<br />
read confirm<br />
if [ "$confirm" = "y" -o "$confirm" = "Y" ]; then<br />
echo "removing rpms"<br />
yum remove -y smeserver-freepbx freepbx-src asterisk* -y <br />
echo "Droping MySQL databases..."<br />
DBNAME=$(/sbin/e-smith/db configuration getprop freepbx DbName)<br />
CDRDBNAME=$(/sbin/e-smith/db configuration getprop freepbx CdrDbName)<br />
mysql -e "DROP DATABASE $DBNAME"<br />
mysql -e "DROP DATABASE $CDRDBNAME"<br />
echo "Deleting MySQL User..."<br />
DBUSER=$(/sbin/e-smith/db configuration getprop freepbx DbUser)<br />
mysql -u root -e "REVOKE ALL PRIVILEGES ON *.* FROM '$DBUSER'@'localhost';"<br />
mysql -u root -e "DROP USER '$DBUSER'@'localhost';" > /dev/null 2>&1<br />
echo "Removing SME DB entries..."<br />
/sbin/e-smith/db configuration delete freepbx<br />
/sbin/e-smith/db configuration delete httpd-fpbx<br />
/sbin/e-smith/db configuration delete dahdi<br />
echo "Removing /opt/freepbx ..."<br />
rm -rf /opt/freepbx<br />
echo "Removing /etc/freepbx.conf ..."<br />
rm -rf /etc/freepbx.conf<br />
echo "Removing /etc/amportal.conf ..."<br />
rm -rf /etc/amportal.conf <br />
echo "Removing /var/lib/asterisk/bin/* ..."<br />
rm -rf /var/lib/asterisk/bin/* <br />
echo "Removing /usr/share/asterisk/bin/* ..."<br />
rm -rf /usr/share/asterisk/bin/*<br />
echo "Removing associated asterisk confs ..."<br />
rm -rf /etc/asterisk<br />
rm -rf /home/e-smith/files/freepbx<br />
rm -rf /var/lib/asterisk<br />
rm -rf /var/lib/php/fpbx-session<br />
rm -rf /var/log/httpd-fpbx<br />
rm -rf /var/service/httpd-fpbx<br />
echo "removing the crontab entry for asterisk"<br />
crontab -u asterisk -r<br />
echo "Done!"<br />
fi<br />
<br />
=== Reinstall ===<br />
If you need to re-install everything, you should completely remove the previous installation (remove the rpms '''and''' run the cleanup script.)<br />
<br />
= Known issues=<br />
===SME10: no voicemail in UCP / yum update issue===<br />
starting release 14-7 we use asterisk-voicemail-plain to store voicemails as regular old plain files, as UCP doe snot handle correctly the odbc storage and misconfiguration of odbc could lead to lost messages.<br />
<br />
If you had a priori installation, you might encounter an error with yum and need to issue this to solve it <syntaxhighlight lang="bash"><br />
rpm -e --nodeps asterisk-voicemail-odbc<br />
yum install asterisk-voicemail-plain --enablerepo=asterisk-13<br />
# this one is mandatory to force asterisk to forget about previous app_voicemail_odbc.so module<br />
systemctl restart freepbx<br />
yum update smeserver-freepbx<br />
</syntaxhighlight><br />
<br />
===SME10: UCP deamon not running===<br />
This is only for FreePBX distro and improve commercial module integration, just ignore the message.<br />
<br />
===SME10: Security issue, System update has changed===<br />
This is because FreePBX is not isntalled on its own distro and is not able to handle the system update itself, you can safely ignore the message as soon as you visit the Admin /update page it will fade away.<br />
<br />
<br />
===CDR logging not enabled by default===<br />
CDR logging is not enabled by default. To enable one must manually load the ''cdr_mysql.so'' module:<br />
Admin -> Asterisk Modules -> Manually loaded Modules -> Add module and enter the module name ''cdr_mysql.so''<br />
<br />
===freepbx modules===<br />
if you need to install the digium addons from freepbx, you will first need to install the following RPM:<br />
yum install php-digium_register --enablerepo-digium-current<br />
<br />
Firewall addons does not work on SME, it requires Sysadmin RPM only in the FreePBX distro.<br />
<br />
You may need to manually install the manager module. It should be a default module but I could not find it installed, and nothing appeared in the Module Admin.<br />
<br />
fwconsole moduleadmin listonline<br />
<br />
fwconsole ma downloadinstall manager<br />
<br />
=== Log errors ===<br />
<br />
<br />
You may see various log errors.<br />
<br />
<br />
[2023-05-31 14:42:10] [freepbx.INFO]: Deprecated way to add Console commands for module backup, adding console commands this way can have negative performance impacts. Please use module.xml. See: <nowiki>https://wiki.freepbx.org/display/FOP/Adding+fwconsole+commands</nowiki> [] []<br />
<br />
[2023-05-31 14:42:10] [freepbx.INFO]: Deprecated way to add Console commands for module voicemail, adding console commands this way can have negative performance impacts. Please use module.xml. See: <nowiki>https://wiki.freepbx.org/display/FOP/Adding+fwconsole+commands</nowiki> [] []<br />
<br />
This is a known upstream error:<br />
<br />
https://issues.freepbx.org/browse/FREEPBX-21969<br />
<br />
<br />
2023-05-31 13:35:35] WARNING[2798] pbx.c: Context 'from-internal-xfer' tries to include nonexistent context 'from-internal-custom'<br />
<br />
[2023-05-31 13:35:35] WARNING[2798] pbx.c: Context 'from-internal-noxfer' tries to include nonexistent context 'from-internal-noxfer-custom'<br />
<br />
[2023-05-31 13:35:35] WARNING[2798] pbx.c: Context 'from-pstn' tries to include nonexistent context 'from-pstn-custom'<br />
<br />
[2023-05-31 13:35:35] WARNING[2798] pbx.c: Context 'from-internal-noxfer-additional' tries to include nonexistent context 'from-internal-noxfer-additional-custom'<br />
<br />
[2023-05-31 13:35:35] WARNING[2798] pbx.c: Context 'from-internal-additional' tries to include nonexistent context 'from-internal-additional-custom'<br />
<br />
[2023-05-31 13:35:35] WARNING[2798] pbx.c: Context 'macro-parked-call' tries to include nonexistent context 'macro-parked-call-custom'<br />
<br />
[2023-05-31 13:35:35] WARNING[2798] pbx.c: Context 'dialparties-setrvol' tries to include nonexistent context 'dialparties-setrvol-custom'<br />
<br />
[2023-05-31 13:35:35] WARNING[2798] pbx.c: Context 'dialparties-finalbuild' tries to include nonexistent context 'dialparties-finalbuild-custom'<br />
<br />
<br />
This can be disabled via:<br />
<br />
Settings -> Advanced Setting -> Disable -custom Context Includes<br />
<br />
<br />
[2023-05-31 11:00:38] [freepbx.INFO]: Depreciated Function ringgroups_list detected in /opt/freepbx/admin/modules/ringgroups/functions.inc.php on line 75 [] []<br />
<br />
[2023-05-31 11:00:38] [freepbx.INFO]: Depreciated Function module_getinfo detected in /opt/freepbx/admin/modules/core/functions.inc.php on line 1078 [] []<br />
<br />
[2023-05-31 11:00:38] [freepbx.INFO]: Depreciated Function ringgroups_list detected in /opt/freepbx/admin/modules/core/functions.inc.php on line 1306 [] []<br />
<br />
<br />
https://github.com/FreePBX/ringgroups/blob/release/15.0/functions.inc.php<br />
<br />
These can be ignored. They are a warning to developers who may still be using these functions.<br />
<br />
===Migration from earlier versions===<br />
<br />
==== 13 to 15+ ====<br />
If you want to restore from 13 to 15 this is possible follow this post for some advice on how to do to make it more efficient (only your Full Config and Voicemail, excluding your CDR DB and Recordings initially, and restore just that initial config/VM backup file first. Then you can scp huge amount of sound files to the correct location, and see if CDR is correctly importing as this is what could cause the most issue): https://community.freepbx.org/t/trying-backup-and-restore-freepbx-13-to-15-for-first-time/70109/2<br />
<br />
==== 13 to 14 ====<br />
'''eg: Migration from SME9/FPBX13 to SME10/FPBX14''' <br />
<br />
Best approach would be :<br />
<br />
if your database has been restored before installing smeserver-freepbx, the /etc/e-smith/events/actions/freepbx-checkinstall script should just run the installation from there if you left the /opt/freepbx empty<br />
The install script does a mysql db upgrade to the current version and then install the scripts. It should then download install and active all needed modules, in case it was not done because you added some particulare module you might need to use the '''fwconsole ma''' cli utility to list, then listonline, downloadinstall all missing modules if the GUI does not let you enter.<br />
<br />
sources:<br />
# https://community.freepbx.org/t/import-freepbx13-backup-into-freepbx14/43955/9<br />
# https://community.freepbx.org/t/freepbx-14-restore-backup-taken-in-freepbx-13/49092/4<br />
<br />
==== prior 13====<br />
There is no upgrade path between versions before 14. Backup/Restore will most likely not work.<br />
<br />
In the meantime some notes on manually upgrading. This was based on moving from asterisk 1.8.x and an old version of FreepBX.<br />
<br />
First, make sure you backup ABSOLUTELY everything. In different ways and in different places.<br />
<br />
A straight copy of /etc/asterisk and /opt/freepbx plus a complete database dump at least.<br />
<br />
It will be better if you have a completely clean install, preferably on a VM where you can snapshot the basic install and go back if you need to.<br />
<br />
I took a copy of the freepbx DB and imported it completely into a different server. I could then do a side by side comparison of tables and data.<br />
<br />
Here are some basic tables that you will need, though they may not all be required depending on your configuration<br />
<br />
General<br />
<br />
modules (for reference as to what you already have installed)<br />
sip (most entries required, but manual checking required)<br />
sipsettings (for reference - do not INSERT)<br />
freepbxsettings (for reference - do not INSERT)<br />
<br />
Trunks and Routes<br />
trunks<br />
trunk_dialpatterns<br />
incoming<br />
outbound_routes<br />
outbound_route_patterns<br />
outbound_routes_sequence<br />
outbound_route_trunk<br />
<br />
Other<br />
ringgroups<br />
queueprio<br />
queues_config<br />
queues_details<br />
<br />
Device and User mode<br />
devices<br />
users<br />
<br />
Extension mode<br />
extensions<br />
<br />
freepbx_users - does not exist in v13<br />
<br />
I exported each table and a table from the new install to compare, particularly items like field lengths, and KEYS. Some old tables did not have Primary keys set.<br />
<br />
I then copied the 'INSERT INTO' section into phpmyadmin/sql section on the new server.<br />
<br />
If you swap from Extension to Device and User mode I found that once I had inserted the data I had to go into FreePBX, open each record, and Submit, finally followed by Apply Config. This seemed to update the DB.<br />
<br />
= Security =<br />
Please see http://www.voipbl.org/ to adapt [[fail2ban]] to use blacklisted IP's worldwide.<br />
<br />
= Bugs =<br />
Please raise bugs under the SME-Contribs section in [http://bugs.contribs.org/enter_bug.cgi bugzilla]<br />
and select the smeserver-freepbx component or use {{BugzillaFileBug|product=SME%20Contribs|component=smeserver-freepbx|title=this link.}}<br />
<br />
{{#bugzilla:columns=id,product,version,status,summary |sort=id |order=desc |component=smeserver-freepbx |disablecache=1|noresultsmessage="No open bugs found."}}<br />
<br />
= Changelog =<br />
Only released version in smecontrib are listed here.<br />
<br />
{{#smechangelog:smeserver-freepbx}}<br />
<br />
----<br />
[[Category:Contrib]]<br />
[[Category: Asterisk]]</div>ReetPhttps://wiki.koozali.org/index.php?title=FreePBX&diff=42083FreePBX2023-05-31T12:40:46Z<p>ReetP: /* Upgrade Asterisk Major Version */</p>
<hr />
<div>{{Languages}}<br />
{{Warning box| when installing smeserver-freepbx, your default php cli will change to php56 by default instead of php54, unless you specifically point to the binary. This is because Fpbx 14 does not support anymore php54 and php5, and neither php70 and higher. Upon upgrade to Fpbx 15 and Fpbx 16 this default will be updated to php74 to allow cli php script to run smoothly.}}<br />
===Maintainer===<br />
original contributor: [mailto:daniel@firewall-services.com][[User:VIP-ire|Daniel B.]] from [http://www.firewall-services.com Firewall Services]<br />
<br />
last maintainer: [mailto:tests@pialasse.com][[User:Unnilennium|JP Pialasse]]<br />
<br />
=== Version ===<br />
{{#smeversion:smeserver-freepbx }}<br />
<br><br />
{{#smeversion:freepbx-src }}<br />
<br><br />
<br />
{| class="wikitable"<br />
|+PHP compatibility<br />
!Freepbx<br />
!php56<br />
!php70<br />
!php72<br />
!php74<br />
!php80+<br />
|-<br />
|14<br />
|yes<br />
|no<br />
|no<br />
|no<br />
|no<br />
|-<br />
|15<br />
|yes<br />
|yes<br />
|yes<br />
|limited<br />
|no<br />
|-<br />
|16<br />
|no<br />
|no<br />
|no<br />
|yes<br />
|no<br />
|}<br />
<br />
=== Description ===<br />
<br />
[http://freepbx.org FreePBX] is a full-featured PBX web application. If you’ve looked into Asterisk, you know that it doesn’t come with any "built in" programming. You can’t plug a phone into it and make it work without editing configuration files, writing dialplans, and various messing about.<br />
<br />
FreePBX simplifies this by giving you pre-programmed functionality accessible by a user-friendly web interfaces that allows you to have a fully functional PBX pretty much straight away with no programming required. Some of the features that FreePBX supports out of the box are:<br />
<br />
*Unlimited number of Voicemail boxes<br />
*"Follow Me" functionality<br />
*Ring Groups with calls confirmation (so if, eg, a cellphone is out of range and diverts to voicemail, all the other phones keep ringing)<br />
*Unlimited number of Conferences (limited by available CPU power - about 300 simultaneous users in conferences on a P4 3ghz - 600 with a dual core!)<br />
*Paging and Intercom functionality for man SIP phones that support it.<br />
*Music on Hold (via MP3s, or streamed off the internet)<br />
*Call Queues<br />
*And many other features<br />
<br />
=== Optional ===<br />
*You may want some hardware cards if you don't want your installation to be IP only. I've tested successfully the TDM400P, TDM410P and b410P (misdn) from Digium, but any card supported by DAHDI (should be anything working with zaptel) should work.<br />
<br />
=== Installation ===<br />
<br />
<tabs container><tab name="SME 10"><br />
Install needed repo and configure:<br />
yum install smeserver-extrarepositories-asterisk smeserver-extrarepositories-node smeserver-extrarepositories-rpmfusion -y<br />
db yum_repositories setprop node10 status enabled<br />
db yum_repositories setprop asterisk-common status enabled<br />
db yum_repositories setprop asterisk-13 status enabled<br />
signal-event yum-modify<br />
<br />
yum install yum-plugin-versionlock -y<br />
yum versionlock add freepbx-src-15.* --enablerepo=smetest,smecontribs<br />
<br />
install<br />
yum install smeserver-freepbx --enablerepo=smecontribs,asterisk-common,asterisk-13,node10,smetest<br />
<br />
<br />
{{note box| Be prepared to wait a bit as temp event is installing and configuring asterisk, freepbx and compilling UCP.}}<br />
<br />
if you want also to install localization sounds<br />
yum install asterisk-sounds-core-fr-alaw asterisk-sounds-core-fr-g722 asterisk-sounds-core-fr-g729 asterisk-sounds-core-fr-gsm asterisk-sounds-core-fr-siren14 asterisk-sounds-core-fr-siren7 asterisk-sounds-core-fr-sln16 asterisk-sounds-core-fr-ulaw asterisk-sounds-core-fr-wav<br />
<br />
yum install asterisk-sounds-core-it-alaw asterisk-sounds-core-it-g722 asterisk-sounds-core-it-g729 asterisk-sounds-core-it-gsm asterisk-sounds-core-it-siren14 asterisk-sounds-core-it-siren7 asterisk-sounds-core-it-sln16 asterisk-sounds-core-it-ulaw asterisk-sounds-core-it-wav<br />
<br />
yum install asterisk-sounds-core-es-alaw asterisk-sounds-core-es-g722 asterisk-sounds-core-es-g729 asterisk-sounds-core-es-gsm asterisk-sounds-core-es-siren14 asterisk-sounds-core-es-siren7 asterisk-sounds-core-es-sln16 asterisk-sounds-core-es-ulaw asterisk-sounds-core-es-wav<br />
<br />
You will still miss the asterisk-sounds-extra-*-* that are not available as rpm, but freepbx will be able to download them with soundLang module.<br />
<br />
<br />
source : https://computingforgeeks.com/how-to-install-freepbx-15-on-centos-7/ https://wiki.freepbx.org/display/FOP/Installing+FreePBX+15+on+Debian+9.6<br />
</tab><br />
<tab name="SME 9"><br />
1. First, <u>increase the php memory limit to at least 128M '''BEFORE the installation'''</u>, '''or it will fail''' in the middle leaving it in an unstable state ( half mysql db installed, no modules activated).<br />
db configuration setprop php MemoryLimit 128M<br />
expand-template /etc/php.ini<br />
service httpd-e-smith restart<br />
<br />
2. Install the 4 yum repos necessary (asterisk-13,asterisk-current,digium-current,digium-13):<syntaxhighlight lang="bash"><br />
yum install smeserver-extrarepositories-asterisk -y<br />
signal-event yum-modify<br />
</syntaxhighlight><br />
signal-event yum-modify<br />
<br />
3. Then the actual installation :<br />
<br />
yum install smeserver-freepbx --enablerepo=smecontribs,asterisk-13,asterisk-current,digium-current,digium-13<br />
<br />
4. By default en language with ulaw are added. If you want voicemail to work you wil need to add what is needed for your language there. You may want to add some extra format and languages. (you might choose codec {alaw,ulaw,g722,gsm} you want and language {en,en_AU,fr,es}, see http://packages.asterisk.org/centos/6/current/i386/RPMS/). <br />
<br />
Formerly, You could also manually download them latter through the Freepbx interface (first install Freepbx Sound Languages module,then go to Admin/Sound Languages). But this seems broken as per 2019/01/11, the xml list for the module to work are empty. See known issues if you need to install multiple langauge pack easily manually<br />
<br />
yum install asterisk-sounds-core-fr-* asterisk-sounds-extra-en-* --enablerepo=asterisk-current<br />
<br />
5. This is the important step of the installation, the actual configuration and installation of files:<br />
signal-event freepbx-update<br />
<br />
6. Then you can start to configure and upgrade trough the interface in the server-manager<br />
it might also be necessary to reboot or relaunch asterisk to allow all modules to be launch:<br />
<br />
signal-event post-upgrade; signal-event reboot<br />
<br />
<br />
</tab><br />
<tab name="SME 8"><br />
<br />
You may need to first install the [[ATrpms]] repository.<br />
<br />
yum --enablerepo=smecontribs --enablerepo=atrpms install smeserver-freepbx dahdi-linux-kmdl-$(uname -r)<br />
signal-event freepbx-update <br />
signal-event post-upgrade; signal-event reboot<br />
<br />
source : http://forums.contribs.org/index.php?topic=48143.0<br />
</tab><br />
</tabs><br />
<br />
= Components =<br />
<br />
FreePBX is composed of 4 main parts: the main FreePBX interface, Recordings, Asterisk-Stats and Flash Operator Panel<br />
<br />
==== FreePBX ====<br />
This is the main web interface for asterisk configuration. This interface is available at https://server.domain.tld/freepbx/admin, or in the server-manager, under FreePBX menu.<br />
You'll need to login as admin (password of your admin's SME account) to access this part.<br />
You can grant the access to any user of the system using the userpanel contrib (just grant the user or the group the permission to access freepbx panel)<br />
<br />
<br />
==== Recordings ====<br />
Recordings, is a web based portal for users. You may configure some features of your phone here (followme, call forward, call waiting etc...), check you call history, or download/listen to your voicemail. This interface is available at https://server.domain.tld/recordings.<br />
The login here is your phone (extension) number and your voicemail password.<br />
There's also a special admin account. The admin account can access all call logs and recordings. The login is admin, the password is randomly generated, you can find it in /opt/freepbx/recordings/includes/main.conf.php<br />
<br />
==== Backup ====<br />
Starting SME9 we started to integrate the FreePPX backup in the SME Server backup system. The first backup of FreePBX module is now reserved to SME usage. SME will trigger at least once a month a bakcup of your whole PBX and store it in /home/e-smith/files/freepbx/Default_backup/. Up to 2 version will be kept there. Also, every time you trigger the event pre-backup (i.e., before console backup, or workstation backup from server-manager) a backup will be done without you worrying about it (unless FreePBX is disabled). <br />
To restore your PBX after migrating to a new SME or after a disaster, just restore your SME as usual, install the smeserver-freepbx contrib and open you server-manager to access to the FreePBX interface. GO to the backup module, choose restore and navigate to /home/e-smith/files/freepbx/Default_backup/ and choose the backup to use. Et voilà !<br />
<br />
=== DB parameters ===<br />
<br />
Here's the list of DB parameters:<br />
<br />
This contrib add 3 entries in the configuration db: freepbx, dahdi and fop. Here's a description of available parameters for each entry<br />
<br />
*'''freepbx'''<br />
**'''CdrDbName''': the name of the database for CDR. The default is asteriskcdrdb. You should let this unless you know what you're doing.<br />
**'''DbName''': the name of the database for FreePBX. The default is freepbxdb. You should let this unless you know what you're doing.<br />
**'''DbPassword''': the password to access FreePBX database. A random value is generated at install time.<br />
**'''DbUser''': the username to access both databases. Default is freepbxuser.<br />
**'''DeviceAndUser''': (enabled|disabled) You can enable the 'deviceanduser' display view of FreePBX. DeviceAndUser is enabled, Devices and Users will be administered separately, and Users will be able to "login" to (ad hoc) devices. If disabled Devices and Users will me administered in a single screen. '''Removed since SME9. Use FPBX GUI to handle this.'''<br />
**'''ManagerPassword''': This is the asterisk manager password used by FreePBX (the login is 'admin'). The default one is randomly generated at install time.<br />
**'''UDPPorts''': Lists of ports used by asterisk. This settings is only useful if you want to open asterisk on the public interface (you can also restrict it with AllowHost parameter).<br />
**'''access''': (private|public). if you want to open asterisk on the public interface, you can set this to public.<br />
**'''status''': (enabled|disabled). Should asterisk (with FreePBX provided helper script) should be started automatically.<br />
<br />
*'''dahdi'''<br />
**'''status''': (enabled|disabled) You should let this to enabled, even if you don't have any hardware card because some functions (like meetme) requires the dahdi_dummy driver to be loaded.<br />
{{Note box|dahdi_dummy is no longer required as a 'timing' device (since Asterisk 1.6) . This has been solved by using other timing mechanisms automatically. So setting dahdi to disabled does no harm to meetme.}}<br />
<br />
===Related pages===<br />
You may be interested in the following how-to:<br />
*How-to configure your card using [[FreePBX/DAHDI|DAHDI]]<br />
*How-to configure your card using [[FreePBX/mISDN|mISDN]]<br />
<br />
=== Update Freepbx ===<br />
Simply go to the Module Admin section and update from the gui.<br />
<br />
=== Upgrade Freepbx Major Version ===<br />
<br />
To update your freepbx installation simply follow the procedure inside freepbx web interface. <br />
<br />
In case of issue, the GUI might suggest to run module upgrade from CLI, then do <br />
fwconsole ma upgrade framework<br />
fwconsole ma upgradeall<br />
<br />
After every version update (from 14 to 15, etc.) you should run a<br />
signal-event freepbx-update<br />
<br />
in order to update file ownership according to SME and FreePBX specifications.<br />
<br />
The way the contrib is designed, updating freepbx-src (i.e. from 2.5 to 2.7) won't update your working freepbx installation.<br />
<br />
{{ Note box| With SME 10 we provide Asterisk 13 and FreePBX 14 as a start, so you can easily migrate you previous SME 9 FreePBX installation. You can then easily migrate to FreePBX 15. Then you will need to wait we upgrade the contrib to allow to update the php version to 74 to be able to migrate to FreePBX 16, that is the only missing reuqirement. The reason we limited to php56 is that FreePBX 14 is only able to handle php56 and fails with anything lower or higher.}}<br />
=== v15 to v16 ===<br />
v15.0.24 does not work well with php74, v16 requires it. GUI update will fail. You need to prepare it this way:<br />
<br />
As soon as you switch to php74, v15 will have some unexpected behaviour, some elements will work other will fail.<br />
<br />
config setprop freepbx PHPVersion 74<br />
expand-template /etc/opt/remi/php74/php-fpm.d/www.conf<br />
expand-template /etc/httpd/fpbx-conf/httpd.conf<br />
expand-template /opt/remi/php56/root/etc/php-fpm.d/www.conf<br />
systemctl restart php56-php-fpm <br />
systemctl restart php74-php-fpm<br />
systemctl restart httpd-fpbx<br />
<br />
actual upgrade:<br />
fwconsole versionupgrade --check<br />
fwconsole versionupgrade --upgrade<br />
# this one needs old php56 or you will not be able to update to 16:<br />
/bin/php56 /var/lib/asterisk/bin/fwconsole ma upgrade framework<br />
fwconsole ma upgradeall<br />
signal-event freepbx-update<br />
<br />
=== Upgrade Asterisk Major Version ===<br />
{{Warning box|This is not fully tested}}<br />
<br />
https://wiki.asterisk.org/wiki/display/AST/Asterisk+Versions<br />
<br />
"Long Term Support (LTS) release will be fully supported for 4 years, with one additional year of maintenance for security fixes"<br />
<br />
Asterisk 13.x is LTS released 2014-10-24 is EOL as of 2021-10-24<br />
<br />
Asterisk 16.x is LTS released 2018-10-09 is in Security fixes only and EOL 2023-10-09<br />
<br />
Asterisk 18.x is LTS released 2020-10-20 with Security fixes from 2024-10-20 and EOL 2025-10-20<br />
<br />
Asterisk 20.x is latest LTS<br />
<br />
See:<br />
<br />
https://bugs.koozali.org/show_bug.cgi?id=12363<br />
<br />
====Asterisk 13-16====<br />
<br />
This should upgrade from 13 to 16<br />
<br />
db yum_repositories setprop asterisk-13 status disabled<br />
db yum_repositories setprop asterisk-16 status enabled<br />
signal-event yum-modify<br />
yum --enablerepo=asterisk-16,epel update<br />
signal-event post-upgrade;signal-event reboot<br />
<br />
====Asterisk 16-18====<br />
<br />
{{Warning box|This is not operational and requires further work}}<br />
<br />
This will require an update to the smeserver-freepbx spec file.<br />
<br />
This is how you would do it in principle, but there are conflicts as asterisk voicemail-plain has been replaced by asterisk-voicemail-imap and asterisk-voicemail-odbc <br />
<br />
db yum_repositories setprop asterisk-16 status disabled<br />
db yum_repositories setprop asterisk-18 status enabled<br />
signal-event yum-modify<br />
yum --enablerepo=asterisk-18,epel update<br />
signal-event post-upgrade;signal-event reboot<br />
<br />
=== Uninstall ===<br />
yum remove smeserver-freepbx freepbx-src asterisk*<br />
<br />
If you want to cleanup everything (MySQL databases, DB, etc...), you can use this script:<br />
<br />
<br />
#!/bin/bash<br />
<br />
clear<br />
echo "----------------------------"<br />
echo "!!!!! WARNING !!!!!"<br />
echo "----------------------------"<br />
echo ""<br />
echo "This script will remove from your server:"<br />
echo " - freepbx and asterisk cdr MySQL databases"<br />
echo " - freepbx MySQL User"<br />
echo " - freepbx DB entries (freepbx, httpd-fpbx and dahdi)"<br />
echo " - /opt/freepbx"<br />
echo " - /etc/freepbx.conf"<br />
echo " - /etc/amportal.conf"<br />
echo " - /var/lib/asterisk/bin/*"<br />
echo " - /usr/share/asterisk/bin/*"<br />
echo ""<br />
echo -n "Are you sure you want to remove FreePBX permanentlye? (y/n) [n] "<br />
read confirm<br />
if [ "$confirm" = "y" -o "$confirm" = "Y" ]; then<br />
echo "removing rpms"<br />
yum remove -y smeserver-freepbx freepbx-src asterisk* -y <br />
echo "Droping MySQL databases..."<br />
DBNAME=$(/sbin/e-smith/db configuration getprop freepbx DbName)<br />
CDRDBNAME=$(/sbin/e-smith/db configuration getprop freepbx CdrDbName)<br />
mysql -e "DROP DATABASE $DBNAME"<br />
mysql -e "DROP DATABASE $CDRDBNAME"<br />
echo "Deleting MySQL User..."<br />
DBUSER=$(/sbin/e-smith/db configuration getprop freepbx DbUser)<br />
mysql -u root -e "REVOKE ALL PRIVILEGES ON *.* FROM '$DBUSER'@'localhost';"<br />
mysql -u root -e "DROP USER '$DBUSER'@'localhost';" > /dev/null 2>&1<br />
echo "Removing SME DB entries..."<br />
/sbin/e-smith/db configuration delete freepbx<br />
/sbin/e-smith/db configuration delete httpd-fpbx<br />
/sbin/e-smith/db configuration delete dahdi<br />
echo "Removing /opt/freepbx ..."<br />
rm -rf /opt/freepbx<br />
echo "Removing /etc/freepbx.conf ..."<br />
rm -rf /etc/freepbx.conf<br />
echo "Removing /etc/amportal.conf ..."<br />
rm -rf /etc/amportal.conf <br />
echo "Removing /var/lib/asterisk/bin/* ..."<br />
rm -rf /var/lib/asterisk/bin/* <br />
echo "Removing /usr/share/asterisk/bin/* ..."<br />
rm -rf /usr/share/asterisk/bin/*<br />
echo "Removing associated asterisk confs ..."<br />
rm -rf /etc/asterisk<br />
rm -rf /home/e-smith/files/freepbx<br />
rm -rf /var/lib/asterisk<br />
rm -rf /var/lib/php/fpbx-session<br />
rm -rf /var/log/httpd-fpbx<br />
rm -rf /var/service/httpd-fpbx<br />
echo "removing the crontab entry for asterisk"<br />
crontab -u asterisk -r<br />
echo "Done!"<br />
fi<br />
<br />
=== Reinstall ===<br />
If you need to re-install everything, you should completely remove the previous installation (remove the rpms '''and''' run the cleanup script.)<br />
<br />
= Known issues=<br />
===SME10: no voicemail in UCP / yum update issue===<br />
starting release 14-7 we use asterisk-voicemail-plain to store voicemails as regular old plain files, as UCP doe snot handle correctly the odbc storage and misconfiguration of odbc could lead to lost messages.<br />
<br />
If you had a priori installation, you might encounter an error with yum and need to issue this to solve it <syntaxhighlight lang="bash"><br />
rpm -e --nodeps asterisk-voicemail-odbc<br />
yum install asterisk-voicemail-plain --enablerepo=asterisk-13<br />
# this one is mandatory to force asterisk to forget about previous app_voicemail_odbc.so module<br />
systemctl restart freepbx<br />
yum update smeserver-freepbx<br />
</syntaxhighlight><br />
<br />
===SME10: UCP deamon not running===<br />
This is only for FreePBX distro and improve commercial module integration, just ignore the message.<br />
<br />
===SME10: Security issue, System update has changed===<br />
This is because FreePBX is not isntalled on its own distro and is not able to handle the system update itself, you can safely ignore the message as soon as you visit the Admin /update page it will fade away.<br />
<br />
<br />
===CDR logging not enabled by default===<br />
CDR logging is not enabled by default. To enable one must manually load the ''cdr_mysql.so'' module:<br />
Admin -> Asterisk Modules -> Manually loaded Modules -> Add module and enter the module name ''cdr_mysql.so''<br />
<br />
===freepbx modules===<br />
if you need to install the digium addons from freepbx, you will first need to install the following RPM:<br />
yum install php-digium_register --enablerepo-digium-current<br />
<br />
Firewall addons does not work on SME, it requires Sysadmin RPM only in the FreePBX distro.<br />
<br />
You may need to manually install the manager module. It should be a default module but I could not find it installed, and nothing appeared in the Module Admin.<br />
<br />
fwconsole moduleadmin listonline<br />
<br />
fwconsole ma downloadinstall manager<br />
<br />
===Migration from earlier versions===<br />
<br />
==== 13 to 15+ ====<br />
If you want to restore from 13 to 15 this is possible follow this post for some advice on how to do to make it more efficient (only your Full Config and Voicemail, excluding your CDR DB and Recordings initially, and restore just that initial config/VM backup file first. Then you can scp huge amount of sound files to the correct location, and see if CDR is correctly importing as this is what could cause the most issue): https://community.freepbx.org/t/trying-backup-and-restore-freepbx-13-to-15-for-first-time/70109/2<br />
<br />
==== 13 to 14 ====<br />
'''eg: Migration from SME9/FPBX13 to SME10/FPBX14''' <br />
<br />
Best approach would be :<br />
<br />
if your database has been restored before installing smeserver-freepbx, the /etc/e-smith/events/actions/freepbx-checkinstall script should just run the installation from there if you left the /opt/freepbx empty<br />
The install script does a mysql db upgrade to the current version and then install the scripts. It should then download install and active all needed modules, in case it was not done because you added some particulare module you might need to use the '''fwconsole ma''' cli utility to list, then listonline, downloadinstall all missing modules if the GUI does not let you enter.<br />
<br />
sources:<br />
# https://community.freepbx.org/t/import-freepbx13-backup-into-freepbx14/43955/9<br />
# https://community.freepbx.org/t/freepbx-14-restore-backup-taken-in-freepbx-13/49092/4<br />
<br />
==== prior 13====<br />
There is no upgrade path between versions before 14. Backup/Restore will most likely not work.<br />
<br />
In the meantime some notes on manually upgrading. This was based on moving from asterisk 1.8.x and an old version of FreepBX.<br />
<br />
First, make sure you backup ABSOLUTELY everything. In different ways and in different places.<br />
<br />
A straight copy of /etc/asterisk and /opt/freepbx plus a complete database dump at least.<br />
<br />
It will be better if you have a completely clean install, preferably on a VM where you can snapshot the basic install and go back if you need to.<br />
<br />
I took a copy of the freepbx DB and imported it completely into a different server. I could then do a side by side comparison of tables and data.<br />
<br />
Here are some basic tables that you will need, though they may not all be required depending on your configuration<br />
<br />
General<br />
<br />
modules (for reference as to what you already have installed)<br />
sip (most entries required, but manual checking required)<br />
sipsettings (for reference - do not INSERT)<br />
freepbxsettings (for reference - do not INSERT)<br />
<br />
Trunks and Routes<br />
trunks<br />
trunk_dialpatterns<br />
incoming<br />
outbound_routes<br />
outbound_route_patterns<br />
outbound_routes_sequence<br />
outbound_route_trunk<br />
<br />
Other<br />
ringgroups<br />
queueprio<br />
queues_config<br />
queues_details<br />
<br />
Device and User mode<br />
devices<br />
users<br />
<br />
Extension mode<br />
extensions<br />
<br />
freepbx_users - does not exist in v13<br />
<br />
I exported each table and a table from the new install to compare, particularly items like field lengths, and KEYS. Some old tables did not have Primary keys set.<br />
<br />
I then copied the 'INSERT INTO' section into phpmyadmin/sql section on the new server.<br />
<br />
If you swap from Extension to Device and User mode I found that once I had inserted the data I had to go into FreePBX, open each record, and Submit, finally followed by Apply Config. This seemed to update the DB.<br />
<br />
= Security =<br />
Please see http://www.voipbl.org/ to adapt [[fail2ban]] to use blacklisted IP's worldwide.<br />
<br />
= Bugs =<br />
Please raise bugs under the SME-Contribs section in [http://bugs.contribs.org/enter_bug.cgi bugzilla]<br />
and select the smeserver-freepbx component or use {{BugzillaFileBug|product=SME%20Contribs|component=smeserver-freepbx|title=this link.}}<br />
<br />
{{#bugzilla:columns=id,product,version,status,summary |sort=id |order=desc |component=smeserver-freepbx |disablecache=1|noresultsmessage="No open bugs found."}}<br />
<br />
= Changelog =<br />
Only released version in smecontrib are listed here.<br />
<br />
{{#smechangelog:smeserver-freepbx}}<br />
<br />
----<br />
[[Category:Contrib]]<br />
[[Category: Asterisk]]</div>ReetPhttps://wiki.koozali.org/index.php?title=How_to_report_a_problem&diff=42075How to report a problem2023-05-26T15:18:01Z<p>ReetP: </p>
<hr />
<div>==Contents==<br />
<br />
===How to debug===<br />
<br />
I wrote this many moons ago. It has many links that are worth reading.<br />
<br />
https://gist.github.com/reetp/a66149d5f060f260643a353ca7067a98<br />
<br />
The XY Info problem<br />
<br />
http://xyproblem.info/<br />
<br />
Tell us about the problem you were originally trying to solve, not the problem that you are experiencing right now. <br />
<br />
Frequently the one you are experiencing now is the result of not understanding or being able to fix the original issue.<br />
<br />
To report the issue make sure you are prepared. Supply the basic information required below under History. It saves a lot of time and effort.<br />
<br />
Remember, if you phoned the garage about a problem with your car and you just said 'it runs funny sometimes' what would they ask you? Make, model, age... etc.<br />
<br />
This is no different.<br />
<br />
Be honest about the history even, if you are embarrassed. Two reasons:<br />
<br />
1. It will make it far quicker and easier to give you a solution<br />
2. The people you are asking are likely to work out what you did eventually<br />
<br />
Remember that the people who are likely to help you are all volunteers. They do not ask questions just for fun, or to make you angry.<br />
<br />
Remember that you are the one with the problem, not them. You are asking them because you don't know or understand in the hop that they do. Don't abuse that position. You may find that you suddenly run out of help.<br />
<br />
They also might tell you something that you do not want to hear. That does not make them wrong.<br />
<br />
More reading:<br />
<br />
How to Report Bugs Effectively<br />
https://www.chiark.greenend.org.uk/~sgtatham/bugs.html<br />
<br />
Asking smart questions<br />
http://www.catb.org/esr/faqs/smart-questions.html<br />
<br />
A good bug reporting example<br />
https://github.com/RocketChat/Rocket.Chat/issues/13069<br />
<br />
<br />
===History===<br />
<br />
Tell us about your server history - upgrades/updates and what you have installed, and then some debugging output.<br />
<br />
===Debug output===<br />
<br />
Run these commands in a terminal:<br />
<br />
/sbin/e-smith/audittools/newrpms<br />
/sbin/e-smith/audittools/repositories<br />
/sbin/e-smith/audittools/templates<br />
<br />
db configuration show<br />
<br />
Or go to server-manager, Miscellaneous, Report a bug, Create Configuration report.<br />
<br />
[[Warning box|Remove anything sensitive like passwords and public IPs!!]]<br />
<br />
You might want to put this on somewhere like pastebin as it will likely be long.<br />
<br />
===Searching logs for errors===<br />
<br />
You can also look in your logs for errors:<br />
<br />
https://wiki.koozali.org/Log_Files<br />
<br />
You can see how to search here:<br />
<br />
https://wiki.koozali.org/Useful_Commands#Parse_Log_files_to_search_for_errors<br />
<br />
When you want to test the SME Product it can be useful to see what it occurs. This CL can help you, but you should read the entire log<br />
<br />
grep -iE "uninitialized|WARNING|ERROR" /var/log/messages<br />
<br />
Or if you want to parse all logs<br />
<br />
grep -iE "uninitialized|WARNING|ERROR" /var/log/*<br />
<br />
===Opening Bugs===<br />
<br />
General rules for bugs.<br />
<br />
Don't just open a bug because you have a problem.<br />
<br />
The bug tracker is for fixing errors in the code, not a general help forum. That's what the forums are for!<br />
<br />
If you ask in the forums then a developer or more experienced user will usually advise you whether to open a bug or not.<br />
<br />
Can repeat the issue or not?<br />
<br />
If you can repeat it then so can developers, and if they can repeat it they can find and try and fix it.<br />
<br />
Have a good read on the interwebs first. Koozali SME does not supply every package - many come from upstream and we can't specifically fix them. A bug has to be lodged in the right place.<br />
<br />
Make sure you have done your homework first and prepared all the debug data. It makes it far easier to repeat and fix.<br />
<br />
Be prepared to help the developer with a fix, and test it.<br />
<br />
Be patient.<br />
<br />
<br />
Reference.<br />
<br />
https://forums.koozali.org/index.php/topic,54724.0.html<br />
<br />
----<br />
[[Category:Howto]]</div>ReetPhttps://wiki.koozali.org/index.php?title=How_to_report_a_problem&diff=42074How to report a problem2023-05-24T13:44:33Z<p>ReetP: </p>
<hr />
<div>==Contents==<br />
<br />
===How to debug===<br />
<br />
I wrote this many moons ago. It has many links that are worth reading.<br />
<br />
https://gist.github.com/reetp/a66149d5f060f260643a353ca7067a98<br />
<br />
The XY Info problem<br />
<br />
http://xyproblem.info/<br />
<br />
Tell us about the problem you were originally trying to solve, not the problem that you are experiencing right now. <br />
<br />
Frequently the one you are experiencing now is the result of not understanding or being able to fix the original issue.<br />
<br />
To report the issue make sure you are prepared. Supply the basic information required below under History. It saves a lot of time and effort.<br />
<br />
Remember, if you phoned the garage about a problem with your car and you just said 'it runs funny sometimes' what would they ask you? Make, model, age... etc.<br />
<br />
This is no different.<br />
<br />
Be honest about the history even, if you are embarrassed. Two reasons:<br />
<br />
1. It will make it far quicker and easier to give you a solution<br />
2. The people you are asking are likely to work out what you did eventually<br />
<br />
Remember that the people who are likely to help you are all volunteers. They do not ask questions just for fun, or to make you angry.<br />
<br />
Remember that you are the one with the problem, not them. You are asking them because you don't know or understand in the hop that they do. Don't abuse that position. You may find that you suddenly run out of help.<br />
<br />
They also might tell you something that you do not want to hear. That does not make them wrong.<br />
<br />
More reading:<br />
<br />
How to Report Bugs Effectively<br />
https://www.chiark.greenend.org.uk/~sgtatham/bugs.html<br />
<br />
Asking smart questions<br />
http://www.catb.org/esr/faqs/smart-questions.html<br />
<br />
A good bug reporting example<br />
https://github.com/RocketChat/Rocket.Chat/issues/13069<br />
<br />
<br />
===History===<br />
<br />
Tell us about your server history - upgrades/updates and what you have installed, and then some debugging output.<br />
<br />
===Debug output===<br />
<br />
Run these commands in a terminal:<br />
<br />
/sbin/e-smith/audittools/newrpms<br />
/sbin/e-smith/audittools/repositories<br />
/sbin/e-smith/audittools/templates<br />
<br />
db configuration show<br />
<br />
Or go to server-manager, Miscellaneous, Report a bug, Create Configuration report.<br />
<br />
[[Warning box|Remove anything sensitive like passwords and public IPs!!]]<br />
<br />
You might want to put this on somewhere like pastebin as it will likely be long.<br />
<br />
===Searching logs for errors===<br />
<br />
You can also look in your logs for errors:<br />
<br />
https://wiki.koozali.org/Log_Files<br />
<br />
You can see how to search here:<br />
<br />
https://wiki.koozali.org/Useful_Commands#Parse_Log_files_to_search_for_errors<br />
<br />
When you want to test the SME Product it can be useful to see what it occurs. This CL can help you, but you should read the entire log<br />
<br />
grep -iE "uninitialized|WARNING|ERROR" /var/log/messages<br />
<br />
Or if you want to parse all logs<br />
<br />
grep -iE "uninitialized|WARNING|ERROR" /var/log/*<br />
<br />
===Opening Bugs===<br />
<br />
General rules for bugs.<br />
<br />
Don't just open a bug because you have a problem.<br />
<br />
The bug tracker is for fixing errors in the code, not a general help forum. That's what the forums are for!<br />
<br />
If you ask in the forums then a developer or more experienced user will usually advise you whether to open a bug or not.<br />
<br />
Can repeat the issue or not?<br />
<br />
If you can repeat it then so can developers, and if they can repeat it they can find and try and fix it.<br />
<br />
Have a good read on the interwebs first. Koozali SME does not supply every package - many come from upstream and we can't specifically fix them. A bug has to be lodged in the right place.<br />
<br />
Make sure you have done your homework first and prepared all the debug data. It makes it far easier to repeat and fix.<br />
<br />
Be prepared to help the developer with a fix, and test it.<br />
<br />
Be patient.<br />
<br />
----<br />
[[Category:Howto]]</div>ReetPhttps://wiki.koozali.org/index.php?title=How_to_report_a_problem&diff=42073How to report a problem2023-05-24T12:28:47Z<p>ReetP: How to report a problem</p>
<hr />
<div>==Contents==<br />
<br />
===How to debug===<br />
<br />
I wrote this many moons ago. It has many links that are worth reading.<br />
<br />
https://gist.github.com/reetp/a66149d5f060f260643a353ca7067a98<br />
<br />
How to Report Bugs Effectively<br />
https://www.chiark.greenend.org.uk/~sgtatham/bugs.html<br />
<br />
Asking mart questions<br />
http://www.catb.org/esr/faqs/smart-questions.html<br />
<br />
A good bug reporting example<br />
https://github.com/RocketChat/Rocket.Chat/issues/13069<br />
<br />
<br />
===History===<br />
Tell us about your server history - upgrades/updates and what you have installed, and then some debugging output.<br />
<br />
===Debug output===<br />
<br />
Run these commands in a terminal:<br />
<br />
/sbin/e-smith/audittools/newrpms<br />
/sbin/e-smith/audittools/repositories<br />
/sbin/e-smith/audittools/templates<br />
<br />
db configuration show<br />
<br />
Or go to server-manager, Miscellaneous, Report a bug, Create Configuration report.<br />
<br />
[[Warning box|Remove anything sensitive like passwords and public IPs!!]]<br />
<br />
You might want to put this on somewhere like pastebin as it will likely be long.<br />
<br />
===Searching logs for errors===<br />
<br />
You can also look in your logs for errors:<br />
<br />
https://wiki.koozali.org/Log_Files<br />
<br />
You can see how to search here:<br />
<br />
https://wiki.koozali.org/Useful_Commands#Parse_Log_files_to_search_for_errors<br />
<br />
When you want to test the SME Product it can be useful to see what it occurs. This CL can help you, but you should read the entire log<br />
<br />
grep -iE "uninitialized|WARNING|ERROR" /var/log/messages<br />
<br />
Or if you want to parse all logs<br />
<br />
grep -iE "uninitialized|WARNING|ERROR" /var/log/*<br />
<br />
===Old how to===<br />
<br />
----<br />
[[Category:Howto]]</div>ReetPhttps://wiki.koozali.org/index.php?title=Koozali_SME_Server_Debugging&diff=42041Koozali SME Server Debugging2023-04-17T11:37:53Z<p>ReetP: /* Perl with Visual Studio */</p>
<hr />
<div>===Server debugging===<br />
<br />
One issue that is often found to be problematic by new developers is debugging perl code on your SME server.<br />
<br />
There are several ways to do this, both locally and remotely.<br />
<br />
===Enable template debugging===<br />
<br />
I happened to stumble over this in the templates.pm file<br />
<br />
config set processtemplate Debug yes<br />
<br />
This will add some debugging lines to /var/log/messages showing you the progress of the template expansion.<br />
<br />
To disable either set the key to no or delete it.<br />
<br />
===Builtin Db routines===<br />
<br />
You can also use a couple of routines from db.pm<br />
<br />
=item B<db_print><br />
db_print(\%config);<br />
db_print(\%config, $key);<br />
Prints out keys and raw values in the %config database. If $key is<br />
given it prints the $key and its raw value. If no $key is given it<br />
prints out all the keys and their raw values.<br />
<br />
=item B<db_show><br />
db_show(\%config);<br />
db_show(\%config, $key);<br />
Prints out keys and their values in a human readable format.<br />
If $key is given it prints out the $key, type and properties of that<br />
$key. Otherwise it prints out the key, type and properties for all<br />
keys.<br />
<br />
=item B<db_print_type><br />
db_print_type(\%config);<br />
db_print_type(\%config, $key);<br />
Prints out keys and their types in the %config database.<br />
If $key is given, it prints out just that $key and its type.<br />
Otherwise it prints out all the keys and their types.<br />
<br />
=item B<db_print_prop><br />
db_print_prop(\%config, $key);<br />
db_print_prop(\%config, $key, $property);<br />
Prints out the properties (or a single $property) of the given $key in<br />
the %config.<br />
<br />
<br />
===Locally using perl -d===<br />
<br />
There are a number of tutorials online.<br />
<br />
To start you use:<br />
<br />
perl -d myFile.pl<br />
<br />
There are then a number of options you can use to control the debugger:<br />
<br />
l 10 - list line 10<br />
l get_pattern - find lines matching 'pattern'<br />
b 22 - set breakpoint at line 22<br />
s - step forward a line including all subroutines<br />
n - step forward a line but jump through subroutines<br />
c - continue to next break point<br />
c 47 - continue to line 47<br />
p $variable - print variable<br />
q - quit<br />
<br />
===Remote debugging using an IDE===<br />
<br />
I have been using Komodo IDE courtesy of an Open Source Developers licence from [http://komodoide.com/ Activestate]<br />
<br />
You can now get the app for free here but need a free account to use it:<br />
<br />
https://www.activestate.com/products/komodo-ide/download-ide/<br />
<br />
The simplest mode to use with Komodo IDE is to just use the IDE as a debugger to step through code. Code on the remote server can be edited if you have sufficient permissions.<br />
<br />
https://docs.activestate.com/komodo/12/manual/debugger.html<br />
<br />
This will enable us to work with one desktop and one server. See the section on debug proxy for multiple connections.<br />
<br />
====Server setup====<br />
<br />
From your installed Komodo directory we need to copy a set of files to the server.<br />
<br />
I actually copied the entire dbgp directory as there are other files in there that are useful including the debug proxy.<br />
<br />
scp -r ~/komdoeditDirectory/lib/support/dbgp root@some.server://opt/<br />
<br />
We should now have /opt/dbgp on the server<br />
<br />
We now need to set some paths on the server:<br />
<br />
export PERL5LIB=/opt/dbgp/perllib:$PERL5LIB<br />
export PERLDB_OPTS=RemotePort=your.desktop.i.p:9020 async=1<br />
<br />
If required you can also add a user identifier:<br />
<br />
export DBGP_IDEKEY=jdoe<br />
<br />
Note: As with local debugging, the Break Now function is disabled by default. Setting async=1 breaks at the first line - see the docs for more information<br />
<br />
====Single machine setup====<br />
<br />
On your desktop we need to set up the Listener for Komodo.<br />
<br />
Edit/Preferences/Debugger/Connection<br />
Set a specific port to 9020 (match the port above)<br />
Set a user name as above<br />
<br />
Now we need to start a program on the server. The debug code will then call Komodo.<br />
<br />
The following forms should work<br />
<br />
perl -d myFile.pl<br />
<br />
Add -d to the header of your file e.g.<br />
<br />
#!/usr/bin/perl -w -d<br />
<br />
Then do<br />
<br />
perl myFile.pl<br />
<br />
Add -d to /sbin/e-smith/signal-event<br />
<br />
Then do<br />
<br />
signal-event some-event<br />
<br />
You should get a popup from Komodo stating that a remote application has requested a debugger session. When you click yes you will get a second box stating that a mapping could not be opened. If we are just going to use Komodo as a debugger then we can answer no and you are then in debug mode allowing you to step through the code and view variables.<br />
<br />
====Mapping for editing====<br />
<br />
Should you wish to actually edit code as well you will need to set up some form of file mapping between the URI that the debugger sends and your 'Server' setup in Komodo<br />
<br />
Note that without some of the esmith libraries installed locally you will get some warnings about being unable to locate certain files but these can safely be ignored.<br />
<br />
In Komodo preferences you need to setup a Server/Remote Account for the remote server. e.g.<br />
<br />
Remote Account : Test_v10<br />
Type: SCP<br />
Port: 2222<br />
Username: root<br />
Pass: somepass (or alternatively use SSH keys)<br />
<br />
You can then set up a mapping similar to this:<br />
<br />
URI : file://v9-test/<br />
Maps To : scp://Test_v9/<br />
<br />
Or<br />
<br />
URI : file://v9-test/etc/e-smith<br />
Maps To : scp://Test_v9/etc/e-smith<br />
<br />
You could be more specific about the directories should you require. Remember that you inherit the server permissions - you cannot save a file that is Read Only on the server !<br />
<br />
====Local file mapping====<br />
<br />
I seemed to have managed this using sshfs:<br />
<br />
shfs -p 2222 root@192.168.10.199:/ ~/Mounts/somedirectory<br />
<br />
You can then access the files normally and it is easy to map the remote to the 'local' files.<br />
<br />
====Tidying up afterwards====<br />
<br />
Either reboot the server or use the following:<br />
<br />
export PERL5LIB=/usr/local/lib64/perl5:/usr/local/share/perl5:/usr/lib64/perl5/vendor_perl:/usr/share/perl5/vendor_perl<br />
export PERLDB_OPTS=<br />
export DBGP_IDEKEY=jdoe<br />
<br />
==== Perl CGI Debugging====<br />
<br />
[[Debugging CGI programs on live production servers can seriously impair performance. You have been warned !!]]<br />
<br />
Please see here for further details:<br />
<br />
http://docs.komodoide.com/Manual/debugperl#debugging-perl-komodo-ide-only_configuring-perl-for-cgi-debugging<br />
<br />
You would need a custom httpd.conf fragment. I used 46PerlDebug with these options (configure to suit)<br />
<br />
SetEnv PERL5LIB "/opt/dbgp/perllib:$PERL5LIB"<br />
SetEnv PERLDB_OPTS "RemotePort=192.168.x.x async=1"<br />
SetEnv DBGP_IDEKEY "user"<br />
<br />
You should now be able access your cgi-script and debug accordingly.<br />
<br />
However, having tried it you cannot use this on server-manager panels because perl is setuid.<br />
<br />
It could be used in other scenarios, but not server-manager.<br />
<br />
===Multiple machine debug proxy===<br />
<br />
TBA<br />
<br />
Notes are here:<br />
http://docs.komodoide.com/Manual/debugger#debugging-programs-komodo-ide-only_remote-debugging_debugger-proxy<br />
<br />
===Perl with Visual Studio===<br />
<br />
Still working on this but we need Perl Language Server<br />
<br />
yum --enablerepo=* install gcc gcc-c++ perl-App-cpanminus perl-AnyEvent-AIO perl-Coro<br />
<br />
cpanm Class::Refresh<br />
cpanm ExtUtils::CBuilder<br />
cpanm Compiler::Lexer<br />
cpanm Hash::SafeKeys<br />
cpanm Perl::LanguageServer<br />
<br />
====PHP remote debugging====<br />
<br />
You can debug on your local workstation but it is extremely useful to be able to debug direct on the server environment.<br />
You may have one PHP version installed on your desktop but be running a different one on the server, and you may have a different server setup.<br />
<br />
First you need to install the xdebug packages eg:<br />
<br />
{{Note box|Xdebug 3 is not available for PHP versions less than 7.2 You will need php54-php-pecl-xdebug}}<br />
<br />
yum install php74-php-pecl-xdebug3<br />
yum install php80-php-pecl-xdebug3<br />
<br />
Or <br />
<br />
yum install php*php-pecl-xdebug3<br />
<br />
Next you need a small template fragment to enable remote debugging.<br />
<br />
=====Xdebug 2=====<br />
<br />
mkdir -p /etc/e-smith/templates-custom/etc/php.ini<br />
nano /etc/e-smith/templates-custom/etc/php.ini/90XdebugSettings <br />
<br />
Add this:<br />
<br />
[Debugger]<br />
; /etc/e-smith/templates-custom/etc/php.ini<br />
xdebug.remote_enable = true<br />
xdebug.remote_host = 127.0.0.1<br />
xdebug.remote_port = 9001<br />
xdebug.remote_handler = dbgp<br />
xdebug.remote_log = /var/log/xdebug.log<br />
xdebug.remote_mode = req<br />
xdebug.max_nesting_level = 5000<br />
<br />
<br />
=====Xdebug 3 =====<br />
<br />
New syntax.<br />
<br />
https://xdebug.org/docs/upgrade_guide<br />
https://xdebug.org/docs/all_settings<br />
<br />
nano /etc/e-smith/templates-custom/etc/php.ini/90XdebugSettings<br />
<br />
[Debugger]<br />
xdebug.start_with_request = yes<br />
xdebug.discover_client_host = true<br />
xdebug.client_host = localhost<br />
xdebug.client_port = 9003<br />
xdebug.idekey = users<br />
xdebug.mode = debug<br />
xdebug.log = /var/log/xdebug.log<br />
<br />
<br />
Expand templates and restart services:<br />
<br />
signal-event webapps-update<br />
<br />
We should see Xdebug here<br />
<br />
php74 -v<br />
PHP 7.4.28 (cli) (built: Feb 15 2022 13:23:10) ( NTS )<br />
Copyright (c) The PHP Group<br />
Zend Engine v3.4.0, Copyright (c) Zend Technologies<br />
with Zend OPcache v7.4.28, Copyright (c), by Zend Technologies<br />
with Xdebug v2.9.8, Copyright (c) 2002-2020, by Derick Rethans<br />
<br />
Or like this:<br />
<br />
php80 -v<br />
PHP 8.0.19 (cli) (built: May 10 2022 08:07:35) ( NTS gcc x86_64 )<br />
Copyright (c) The PHP Group<br />
Zend Engine v4.0.19, Copyright (c) Zend Technologies<br />
with Zend OPcache v8.0.19, Copyright (c), by Zend Technologies<br />
with Xdebug v3.1.5, Copyright (c) 2002-2022, by Derick Rethans<br />
<br />
====Komodo IDE====<br />
<br />
We can obtain the debug proxy from the installation, and move it to the server and then execute from there:<br />
<br />
python /root/dbgp/bin/pydbgpproxy -d 127.0.0.1:9001 -i 192.168.10.1:9003<br />
<br />
Or alternatively grab the lastest xdebug client here:<br />
<br />
mkdir /root/xdbg-proxy<br />
cd /root/xdbg-proxy<br />
curl https://xdebug.org/files/binaries/dbgpProxy -o dbgpProxy<br />
chmod 0700 dbgpProxy<br />
./dbgpProxy -s 127.0.0.1:9001 -i 192.168.10.1:9003<br />
<br />
In Komodo Go to Preferences, Debugger, Connections<br />
<br />
Komodo should listen on:<br />
System provide port<br />
<br />
Check 'I am running a debugger proxy'<br />
Listener address: IP.of.your.server:9003<br />
Proxy key: individual key name for this desktop<br />
<br />
Save and check that it connected to the debugger.<br />
<br />
Now to debug a file:<br />
<br />
https://your.server.ip/index.php?XDEBUG_SESSION_START=mydesktopkey<br />
<br />
Or <br />
<br />
https://your.server.ip/index.php?somevalue=3&XDEBUG_SESSION_START=mydesktopkey<br />
<br />
====Visual Studio/VS Codium ====<br />
<br />
Sample launch.json<br />
<br />
Note for newer versions of Xdebug the default port is now 9003<br />
Pay careful attention to the path mapping,. This has to be absolutely correct or it will not work.<br />
<br />
{<br />
// Use IntelliSense to learn about possible attributes.<br />
// Hover to view descriptions of existing attributes.<br />
// For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387<br />
"version": "0.2.0",<br />
"configurations": [<br />
{<br />
"name" : "vscphpdebug",<br />
"type" : "php",<br />
"request" : "launch",<br />
"stopOnEntry" : false,<br />
"proxy": {<br />
"enable" : true,<br />
"host" : "my.server.ip",<br />
"key" : "users", // As set in the server above<br />
"port": 9003,<br />
"allowMultipleSessions" : true<br />
},<br />
"pathMappings": {<br />
"/home/e-smith/files/ibays/testbay/html/phptestcode": "${workspaceFolder}"<br />
},<br />
},<br />
]<br />
}<br />
<br />
Now you can run start the PHP debugger in Codium so it connects the to the debug server, and then trigger it with a URL like this:<br />
<br />
https://my.SME.Server/testbay/phptestcode/myTestPhpFile.php?XDEBUG_SESSION_START=mycodiumkey<br />
<br />
===Editors and IDEs===<br />
<br />
Some Open Source Editors/IDEs<br />
<br />
These all allow remote debugging.<br />
<br />
Komodo-IDE https://www.activestate.com/products/komodo-ide<br />
<br />
Komodo Debug tools: https://code.activestate.com/komodo/remotedebugging/<br />
<br />
Eclipse https://www.eclipse.org/<br />
<br />
Netbeans https://netbeans.org/<br />
<br />
Codium https://itsfoss.com/vscodium/ - Use PHP Debug - felixfbecker.php-debug<br />
<br><br />
For Codium I can't see a remote Perl debugger as yet.<br />
<br />
----<br />
[[Category:Howto]]<br />
[[Category:Developer]]<br />
[[Category:SME Server Development Framework]]<br />
[[Category:Development Tools]]</div>ReetPhttps://wiki.koozali.org/index.php?title=Koozali_SME_Server_Debugging&diff=42040Koozali SME Server Debugging2023-04-17T11:37:02Z<p>ReetP: </p>
<hr />
<div>===Server debugging===<br />
<br />
One issue that is often found to be problematic by new developers is debugging perl code on your SME server.<br />
<br />
There are several ways to do this, both locally and remotely.<br />
<br />
===Enable template debugging===<br />
<br />
I happened to stumble over this in the templates.pm file<br />
<br />
config set processtemplate Debug yes<br />
<br />
This will add some debugging lines to /var/log/messages showing you the progress of the template expansion.<br />
<br />
To disable either set the key to no or delete it.<br />
<br />
===Builtin Db routines===<br />
<br />
You can also use a couple of routines from db.pm<br />
<br />
=item B<db_print><br />
db_print(\%config);<br />
db_print(\%config, $key);<br />
Prints out keys and raw values in the %config database. If $key is<br />
given it prints the $key and its raw value. If no $key is given it<br />
prints out all the keys and their raw values.<br />
<br />
=item B<db_show><br />
db_show(\%config);<br />
db_show(\%config, $key);<br />
Prints out keys and their values in a human readable format.<br />
If $key is given it prints out the $key, type and properties of that<br />
$key. Otherwise it prints out the key, type and properties for all<br />
keys.<br />
<br />
=item B<db_print_type><br />
db_print_type(\%config);<br />
db_print_type(\%config, $key);<br />
Prints out keys and their types in the %config database.<br />
If $key is given, it prints out just that $key and its type.<br />
Otherwise it prints out all the keys and their types.<br />
<br />
=item B<db_print_prop><br />
db_print_prop(\%config, $key);<br />
db_print_prop(\%config, $key, $property);<br />
Prints out the properties (or a single $property) of the given $key in<br />
the %config.<br />
<br />
<br />
===Locally using perl -d===<br />
<br />
There are a number of tutorials online.<br />
<br />
To start you use:<br />
<br />
perl -d myFile.pl<br />
<br />
There are then a number of options you can use to control the debugger:<br />
<br />
l 10 - list line 10<br />
l get_pattern - find lines matching 'pattern'<br />
b 22 - set breakpoint at line 22<br />
s - step forward a line including all subroutines<br />
n - step forward a line but jump through subroutines<br />
c - continue to next break point<br />
c 47 - continue to line 47<br />
p $variable - print variable<br />
q - quit<br />
<br />
===Remote debugging using an IDE===<br />
<br />
I have been using Komodo IDE courtesy of an Open Source Developers licence from [http://komodoide.com/ Activestate]<br />
<br />
You can now get the app for free here but need a free account to use it:<br />
<br />
https://www.activestate.com/products/komodo-ide/download-ide/<br />
<br />
The simplest mode to use with Komodo IDE is to just use the IDE as a debugger to step through code. Code on the remote server can be edited if you have sufficient permissions.<br />
<br />
https://docs.activestate.com/komodo/12/manual/debugger.html<br />
<br />
This will enable us to work with one desktop and one server. See the section on debug proxy for multiple connections.<br />
<br />
====Server setup====<br />
<br />
From your installed Komodo directory we need to copy a set of files to the server.<br />
<br />
I actually copied the entire dbgp directory as there are other files in there that are useful including the debug proxy.<br />
<br />
scp -r ~/komdoeditDirectory/lib/support/dbgp root@some.server://opt/<br />
<br />
We should now have /opt/dbgp on the server<br />
<br />
We now need to set some paths on the server:<br />
<br />
export PERL5LIB=/opt/dbgp/perllib:$PERL5LIB<br />
export PERLDB_OPTS=RemotePort=your.desktop.i.p:9020 async=1<br />
<br />
If required you can also add a user identifier:<br />
<br />
export DBGP_IDEKEY=jdoe<br />
<br />
Note: As with local debugging, the Break Now function is disabled by default. Setting async=1 breaks at the first line - see the docs for more information<br />
<br />
====Single machine setup====<br />
<br />
On your desktop we need to set up the Listener for Komodo.<br />
<br />
Edit/Preferences/Debugger/Connection<br />
Set a specific port to 9020 (match the port above)<br />
Set a user name as above<br />
<br />
Now we need to start a program on the server. The debug code will then call Komodo.<br />
<br />
The following forms should work<br />
<br />
perl -d myFile.pl<br />
<br />
Add -d to the header of your file e.g.<br />
<br />
#!/usr/bin/perl -w -d<br />
<br />
Then do<br />
<br />
perl myFile.pl<br />
<br />
Add -d to /sbin/e-smith/signal-event<br />
<br />
Then do<br />
<br />
signal-event some-event<br />
<br />
You should get a popup from Komodo stating that a remote application has requested a debugger session. When you click yes you will get a second box stating that a mapping could not be opened. If we are just going to use Komodo as a debugger then we can answer no and you are then in debug mode allowing you to step through the code and view variables.<br />
<br />
====Mapping for editing====<br />
<br />
Should you wish to actually edit code as well you will need to set up some form of file mapping between the URI that the debugger sends and your 'Server' setup in Komodo<br />
<br />
Note that without some of the esmith libraries installed locally you will get some warnings about being unable to locate certain files but these can safely be ignored.<br />
<br />
In Komodo preferences you need to setup a Server/Remote Account for the remote server. e.g.<br />
<br />
Remote Account : Test_v10<br />
Type: SCP<br />
Port: 2222<br />
Username: root<br />
Pass: somepass (or alternatively use SSH keys)<br />
<br />
You can then set up a mapping similar to this:<br />
<br />
URI : file://v9-test/<br />
Maps To : scp://Test_v9/<br />
<br />
Or<br />
<br />
URI : file://v9-test/etc/e-smith<br />
Maps To : scp://Test_v9/etc/e-smith<br />
<br />
You could be more specific about the directories should you require. Remember that you inherit the server permissions - you cannot save a file that is Read Only on the server !<br />
<br />
====Local file mapping====<br />
<br />
I seemed to have managed this using sshfs:<br />
<br />
shfs -p 2222 root@192.168.10.199:/ ~/Mounts/somedirectory<br />
<br />
You can then access the files normally and it is easy to map the remote to the 'local' files.<br />
<br />
====Tidying up afterwards====<br />
<br />
Either reboot the server or use the following:<br />
<br />
export PERL5LIB=/usr/local/lib64/perl5:/usr/local/share/perl5:/usr/lib64/perl5/vendor_perl:/usr/share/perl5/vendor_perl<br />
export PERLDB_OPTS=<br />
export DBGP_IDEKEY=jdoe<br />
<br />
==== Perl CGI Debugging====<br />
<br />
[[Debugging CGI programs on live production servers can seriously impair performance. You have been warned !!]]<br />
<br />
Please see here for further details:<br />
<br />
http://docs.komodoide.com/Manual/debugperl#debugging-perl-komodo-ide-only_configuring-perl-for-cgi-debugging<br />
<br />
You would need a custom httpd.conf fragment. I used 46PerlDebug with these options (configure to suit)<br />
<br />
SetEnv PERL5LIB "/opt/dbgp/perllib:$PERL5LIB"<br />
SetEnv PERLDB_OPTS "RemotePort=192.168.x.x async=1"<br />
SetEnv DBGP_IDEKEY "user"<br />
<br />
You should now be able access your cgi-script and debug accordingly.<br />
<br />
However, having tried it you cannot use this on server-manager panels because perl is setuid.<br />
<br />
It could be used in other scenarios, but not server-manager.<br />
<br />
===Multiple machine debug proxy===<br />
<br />
TBA<br />
<br />
Notes are here:<br />
http://docs.komodoide.com/Manual/debugger#debugging-programs-komodo-ide-only_remote-debugging_debugger-proxy<br />
<br />
===Perl with Visual Studio===<br />
yum --enablerepo=* install gcc gcc-c++ perl-App-cpanminus perl-AnyEvent-AIO perl-Coro<br />
<br />
cpanm Class::Refresh<br />
<br />
cpanm ExtUtils::CBuilder<br />
<br />
cpanm Compiler::Lexer<br />
<br />
cpanm Hash::SafeKeys<br />
<br />
cpanm Perl::LanguageServer<br />
<br />
====PHP remote debugging====<br />
<br />
You can debug on your local workstation but it is extremely useful to be able to debug direct on the server environment.<br />
You may have one PHP version installed on your desktop but be running a different one on the server, and you may have a different server setup.<br />
<br />
First you need to install the xdebug packages eg:<br />
<br />
{{Note box|Xdebug 3 is not available for PHP versions less than 7.2 You will need php54-php-pecl-xdebug}}<br />
<br />
yum install php74-php-pecl-xdebug3<br />
yum install php80-php-pecl-xdebug3<br />
<br />
Or <br />
<br />
yum install php*php-pecl-xdebug3<br />
<br />
Next you need a small template fragment to enable remote debugging.<br />
<br />
=====Xdebug 2=====<br />
<br />
mkdir -p /etc/e-smith/templates-custom/etc/php.ini<br />
nano /etc/e-smith/templates-custom/etc/php.ini/90XdebugSettings <br />
<br />
Add this:<br />
<br />
[Debugger]<br />
; /etc/e-smith/templates-custom/etc/php.ini<br />
xdebug.remote_enable = true<br />
xdebug.remote_host = 127.0.0.1<br />
xdebug.remote_port = 9001<br />
xdebug.remote_handler = dbgp<br />
xdebug.remote_log = /var/log/xdebug.log<br />
xdebug.remote_mode = req<br />
xdebug.max_nesting_level = 5000<br />
<br />
<br />
=====Xdebug 3 =====<br />
<br />
New syntax.<br />
<br />
https://xdebug.org/docs/upgrade_guide<br />
https://xdebug.org/docs/all_settings<br />
<br />
nano /etc/e-smith/templates-custom/etc/php.ini/90XdebugSettings<br />
<br />
[Debugger]<br />
xdebug.start_with_request = yes<br />
xdebug.discover_client_host = true<br />
xdebug.client_host = localhost<br />
xdebug.client_port = 9003<br />
xdebug.idekey = users<br />
xdebug.mode = debug<br />
xdebug.log = /var/log/xdebug.log<br />
<br />
<br />
Expand templates and restart services:<br />
<br />
signal-event webapps-update<br />
<br />
We should see Xdebug here<br />
<br />
php74 -v<br />
PHP 7.4.28 (cli) (built: Feb 15 2022 13:23:10) ( NTS )<br />
Copyright (c) The PHP Group<br />
Zend Engine v3.4.0, Copyright (c) Zend Technologies<br />
with Zend OPcache v7.4.28, Copyright (c), by Zend Technologies<br />
with Xdebug v2.9.8, Copyright (c) 2002-2020, by Derick Rethans<br />
<br />
Or like this:<br />
<br />
php80 -v<br />
PHP 8.0.19 (cli) (built: May 10 2022 08:07:35) ( NTS gcc x86_64 )<br />
Copyright (c) The PHP Group<br />
Zend Engine v4.0.19, Copyright (c) Zend Technologies<br />
with Zend OPcache v8.0.19, Copyright (c), by Zend Technologies<br />
with Xdebug v3.1.5, Copyright (c) 2002-2022, by Derick Rethans<br />
<br />
====Komodo IDE====<br />
<br />
We can obtain the debug proxy from the installation, and move it to the server and then execute from there:<br />
<br />
python /root/dbgp/bin/pydbgpproxy -d 127.0.0.1:9001 -i 192.168.10.1:9003<br />
<br />
Or alternatively grab the lastest xdebug client here:<br />
<br />
mkdir /root/xdbg-proxy<br />
cd /root/xdbg-proxy<br />
curl https://xdebug.org/files/binaries/dbgpProxy -o dbgpProxy<br />
chmod 0700 dbgpProxy<br />
./dbgpProxy -s 127.0.0.1:9001 -i 192.168.10.1:9003<br />
<br />
In Komodo Go to Preferences, Debugger, Connections<br />
<br />
Komodo should listen on:<br />
System provide port<br />
<br />
Check 'I am running a debugger proxy'<br />
Listener address: IP.of.your.server:9003<br />
Proxy key: individual key name for this desktop<br />
<br />
Save and check that it connected to the debugger.<br />
<br />
Now to debug a file:<br />
<br />
https://your.server.ip/index.php?XDEBUG_SESSION_START=mydesktopkey<br />
<br />
Or <br />
<br />
https://your.server.ip/index.php?somevalue=3&XDEBUG_SESSION_START=mydesktopkey<br />
<br />
====Visual Studio/VS Codium ====<br />
<br />
Sample launch.json<br />
<br />
Note for newer versions of Xdebug the default port is now 9003<br />
Pay careful attention to the path mapping,. This has to be absolutely correct or it will not work.<br />
<br />
{<br />
// Use IntelliSense to learn about possible attributes.<br />
// Hover to view descriptions of existing attributes.<br />
// For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387<br />
"version": "0.2.0",<br />
"configurations": [<br />
{<br />
"name" : "vscphpdebug",<br />
"type" : "php",<br />
"request" : "launch",<br />
"stopOnEntry" : false,<br />
"proxy": {<br />
"enable" : true,<br />
"host" : "my.server.ip",<br />
"key" : "users", // As set in the server above<br />
"port": 9003,<br />
"allowMultipleSessions" : true<br />
},<br />
"pathMappings": {<br />
"/home/e-smith/files/ibays/testbay/html/phptestcode": "${workspaceFolder}"<br />
},<br />
},<br />
]<br />
}<br />
<br />
Now you can run start the PHP debugger in Codium so it connects the to the debug server, and then trigger it with a URL like this:<br />
<br />
https://my.SME.Server/testbay/phptestcode/myTestPhpFile.php?XDEBUG_SESSION_START=mycodiumkey<br />
<br />
===Editors and IDEs===<br />
<br />
Some Open Source Editors/IDEs<br />
<br />
These all allow remote debugging.<br />
<br />
Komodo-IDE https://www.activestate.com/products/komodo-ide<br />
<br />
Komodo Debug tools: https://code.activestate.com/komodo/remotedebugging/<br />
<br />
Eclipse https://www.eclipse.org/<br />
<br />
Netbeans https://netbeans.org/<br />
<br />
Codium https://itsfoss.com/vscodium/ - Use PHP Debug - felixfbecker.php-debug<br />
<br><br />
For Codium I can't see a remote Perl debugger as yet.<br />
<br />
----<br />
[[Category:Howto]]<br />
[[Category:Developer]]<br />
[[Category:SME Server Development Framework]]<br />
[[Category:Development Tools]]</div>ReetPhttps://wiki.koozali.org/index.php?title=Rocket_Chat:Contrib&diff=42039Rocket Chat:Contrib2023-03-31T09:59:59Z<p>ReetP: /* Database Restore */</p>
<hr />
<div>'''[[Rocket_Chat#smeserver-rocketchat_contrib|Contrib]]''': [mailto:jcrisp@safeandsound.co.uk][[User:ReetP|John Crisp]]<br />
{{Note box|Please note that there is also a howto on manually installing Rocket.Chat [[Rocket_Chat|'''here''']]<br />
However, due to dependencies a manual install will not work on SME}}Version up to 0.61.2 will work with this contrib.<br />
<br />
Later versions will need my newer smeserver-rocketchat-0.2.x contrib which uses docker.<br />
<br />
==smeserver-rocketchat contrib==<br />
{{WIP box}}<br />
<br />
There is no contrib for v10 as yet. I will work on it when I have time. These are just some notes for reference.<br />
<br />
==Current version==<br />
<br />
NA<br />
<br />
You may be able to install from source but chances are CentOS7 will be 'too old'<br />
<br />
Latest source is here:<br />
<br />
https://github.com/RocketChat/Rocket.Chat/tags<br />
<br />
==Required repos==<br />
<br />
Add repos:<br />
<br />
* [[epel]]<br />
* [[User:ReetP|reetp]] <br />
<br />
Settings<br />
<br />
config set rocketchat service TCPPort 3000 mailPort 25 mailURL localhost access public status enabled<br />
<br />
<br />
signal-event post-upgrade;signal-event reboot<br />
<br />
<br />
System ➔ startup<br />
+----------------------------------------------------+<br />
| SERVER RUNNING |<br />
+----------------------------------------------------+<br />
| |<br />
| Version: 0.xx.x |<br />
| Process Port: 3000 |<br />
| Site URL: <nowiki>http://rocketchat.local.net:3000</nowiki> |<br />
| OpLog: Disabled |<br />
| |<br />
+----------------------------------------------------+<br />
<br />
You should now be able to connect to your Rocket.Chat instance <br />
<br />
http://rocketchat.local.net:3000<br />
<br />
===Registering a new account===<br />
<br />
Because the SME mail server is fussy you may find it easier to force some settings in the Rocket.Chat DB before trying to register:<br />
<br />
You can set your SMTP host as localhost or mail.yourdomain.com<br />
<br />
mongo<br />
use rocketchat<br />
db.rocketchat_settings.update({"_id" : "SMTP_Host"}, {$set: {"value":"mail.yourdomain.com"}})<br />
db.rocketchat_settings.update({"_id": "From_Email"}, {$set: {"value":"admin@yourdomain.com"}})<br />
exit<<br />
<br />
<br />
===Errors===<br />
<br />
<br />
NA<br />
<br />
<br />
===Apache SSL with Proxypass===<br />
{{Note box|This is still experimental and there may be issues with SSL only for the Primary iBay and Letsencrypt. You will need a minimum version of smeserver-rocketchat-0.1-5 }}<br />
<br />
It is recommended to add Letsencrypt support as detailed below (see here for my contrib https://wiki.contribs.org/Letsencrypt)<br />
<br />
Make a copy of the ProxyPassVirtualHosts dir<br />
<br />
cp -e /etc/e-smith/templates/etc/httpd/conf/httpd.conf/ProxyPassVirtualHosts /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/ProxyPassVirtualRocketchat<br />
<br />
Edit this file:<br />
<br />
/etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/ProxyPassVirtualRocketchat/50Content<br />
<br />
Replace the existing code with this:<br />
<br />
ProxyPreserveHost on<br />
SetEnv proxy-nokeepalive 1<br />
ProxyPass /.well-known/acme-challenge/ !<br />
<br />
DocumentRoot /home/e-smith/files/ibays/Primary/html<br />
<br />
<IfModule mod_proxy_wstunnel.c><br />
ProxyPassMatch ^/sockjs/(.*)/websocket ws://localhost:3000/sockjs//websocket<br />
ProxyPass /websocket ws://localhost:3000/websocket<br />
</IfModule><br />
<br />
ProxyPass / http://localhost:3000/<br />
ProxyPassReverse / http://localhost:3000/<br />
<br />
<Location /><br />
Require all granted<br />
</Location><br />
<br />
<Location /.well-known/acme-challenge/><br />
Require all granted<br />
</Location><br />
<br />
<br />
Save, and then run<br />
<br />
signal-event webapps-update<br />
<br />
<br />
<br />
Now we need to setup our subdomain for the reverse proxy<br />
<br />
db domains set chat.mycompany.local domain Description RocketChat Nameservers internet \<br />
TemplatePath ProxyPassVirtualRocketchat ProxyPassTarget http://localhost:3000/<br />
<br />
It should look like this:<br />
chat.mycompany.local=domain<br />
Nameservers=internet (can be localhost)<br />
ProxyPassTarget=http://127.0.0.1:3000/<br />
TemplatePath=ProxyPassVirtualRocketchat<br />
letsencryptSSLcert=enabled (with letsencrypt support)<br />
<br />
We need to set Rocket.Chat to listen on localhost now:<br />
<br />
config setprop rocketchat rootURL chat.mycompany.domain SSLProxy yes<br />
signal-event remoteaccess-update<br />
service rocketchat restart<br />
<br />
If you can now successfully get to Rocketchat on your subdomain https://chat.mycompany.local you can disable default access on port 3000:<br />
<br />
config setprop rocketchat access private<br />
signal-event remoteaccess-update<br />
<br />
You may find you need to clear your browser cache before it works correctly on https://chat.mycompany.local rather than http://chat.mycompany.local:3000<br />
<br />
IF you have Letsencrypt support you can now set your main domain to SSL only:<br />
<br />
db accounts setprop Primary SSL enabled<br />
signal-event ibay-modify Primary<br />
<br />
===Upgrades===<br />
<br />
To upgrade rocketchat:<br />
<br />
yum --enablerepo=reetp install rocketchat<br />
<br />
To upgrade the rocketchat configurator:<br />
<br />
yum --enablerepo=reetp install smeserver-rocketchat<br />
<br />
===Bugs===<br />
<br />
Look for bugs :-) As the contrib is not in CVS please report them in the forum and I will try and keep an eye out.<br />
<br />
<br />
==Mongo DB examples==<br />
<br />
===Usage===<br />
<br />
Example using mongo itself:<br />
<br />
mongo<br />
<br />
use rocketchat<br />
<br />
Show all collections in DB<br />
show collections<br />
<br />
Show all entries in a collection<br />
db.rocketchat_avatars.chunks.find()<br />
<br />
db.rocketchat_settings.find({"_id" : "SMTP_Host"})<br />
db.rocketchat_settings.find({"_id" : "From_Email"})<br />
<br />
db.rocketchat_settings.findOne({_id : "From_Email"}, {_id:0, value: 1})<br />
db.rocketchat_settings.findOne({_id : "SMTP_Host"}, {_id:0, value: 1})<br />
<br />
db.rocketchat_settings.update({"_id":"From_Email"}, {$set: {"value":"admin@yourdomain.com"}})<br />
db.rocketchat_settings.update({"_id":"SMTP_Host"}, {$set: {"value":"mail.yourdomain.com"}})<br />
<br />
<br />
Remove all entries in a collection (CAREFUL!!!!!!)<br />
db.rocketchat_avatars.chunks.remove({})<br />
<br />
Help<br />
help<br />
<br />
Some more mongo commands for reference<br />
<br />
https://github.com/RocketChat/Rocket.Chat/issues/15880#issuecomment-570070433<br />
<br />
Directly check a specific user ID from bash:<br />
mongo rocketchat --eval "db.users.find({'username':'usernamehere'}).forEach( function(u) { print(u._id + \" ; \" + u.username); } )"<br />
<br />
Log into rocketchat database:<br />
mongo rocketchat<br />
<br />
Check out all the user IDs in the database: <br />
db.users.find().forEach( function(u) { print(u._id + ";" + u.username); } ) <br />
<br />
Or just a specific user's ID:<br />
db.users.find({'username':'usernamehere'}).forEach( function(u) { print(u._id + \" ; \" + u.username); } )<br />
<br />
Replace specific user ID's password in the database:<br />
db.users.update( {'_id': 'useridhere'}, {$set: {'services.password.bcrypt': 'bcryptedpasswordhere'}}, {multi:true} )<br />
<br />
My only issue with above (only time I needed it for recovery purposes), was that I didn't know which tool to use to generate a bcrypted password. So in the hurry I copied the hash from one account I already knew (my own). If someone knows a good command for creating one directly in bash, I assume it would do.<br />
<br />
There are bcrypt password generators online, and various libraries you can use<br />
<br />
For listing out any passwords in the database I used:<br />
<br />
db.users.find().forEach( function(u) { print(u.services.password.bcrypt + " ; " + u.username); } ) <br />
<br />
If you have deactivated users it may fail so use this for individual accounts.<br />
<br />
However, you can get it for an individual user with:<br />
<br />
db.users.find({'username':'SomeUserName'}).forEach( function(u) { print(u.services.password.bcrypt + " ; " + u.username); } ) <br />
<br />
Set a user config item:<br />
<br />
db.users.update( {'username': 'SomeUserName'}, {$set: {'settings.preferences.showMessageInMainThread': 'true'}} )<br />
<br />
Find a single user:<br />
<br />
db.getCollection('users').find( {'username':'SomeUserName'} )<br />
<br />
Get limited information:<br />
<br />
db.getCollection('users').find({}, {"username":1, "settings.preferences.showMessageInMainThread":1})<br />
<br />
Reset 2FA nonsense:<br />
<br />
db.users.update({'username': 'SomeUserName'}, {$unset: {'services.totp': 1}});<br />
db.users.update({'username': 'SomeUserName'}, {$unset: {'services.email2fa': 1}});<br />
<br />
===Database Backup===<br />
<br />
You can dump the tables to a directory of your choice:<br />
<br />
mongodump --dumpDbUsersAndRoles -d rocketchat -o /root/rocketchatmongo<br />
<br />
===Database Restore===<br />
<br />
You can restore you database as follows:<br />
<br />
mongorestore --restoreDbUsersAndRoles -d rocketchat -dir /root/rocketchatmongo/rocketchat --quiet<br />
<br />
===Database Fix tables===<br />
<br />
To remove user data file links a variation on this link<br />
https://github.com/RocketChat/feature-requests/issues/718<br />
<br />
mongo<br />
use rocketchat<br />
db.rocketchat_user_data_files.remove( { } )<br />
db.runCommand({ compact: 'rocketchat_user_data_files', force: true });<br />
quit;<br />
<br />
==Node usage==<br />
<br />
* This should go to a new Node page for reference<br />
<br />
Use n, an extremely simple Node version manager that can be installed via npm (See http://stackoverflow.com/questions/7718313/how-to-change-to-an-older-version-of-node-js)<br />
<br />
Say you want Node.js v0.10.x to build Atom.<br />
<br />
npm install -g n # Install n globally<br />
n 0.10.33 # Install and use v0.10.33 local only<br />
<br />
Usage:<br />
n # Output versions installed<br />
n latest # Install or activate the latest node release<br />
n stable # Install or activate the latest stable node release<br />
n <version> # Install node <version><br />
n use <version> [args ...] # Execute node <version> with [args ...]<br />
n bin <version> # Output bin path for <version><br />
n rm <version ...> # Remove the given version(s)<br />
n --latest # Output the latest node version available<br />
n --stable # Output the latest stable node version available<br />
n ls # Output the versions of node available<br />
<br />
<br />
==NPM Usage==<br />
<br />
To update your version of npm run the following<br />
<br />
npm install -g npm<br />
<br />
Or for a specific version:<br />
<br />
npm install -g npm@3.10.9<br />
<br />
==DB settings==<br />
<br />
Typical standard setup:<br />
rocketchat=service<br />
TCPPort=3000<br />
access=public<br />
mailPort=25<br />
mailURL=localhost<br />
status=enabled<br />
<br />
Typical proxy subdomain setup:<br />
rocketchat=service<br />
SSLProxy=yes<br />
TCPPort=3000<br />
access=private<br />
mailPort=25<br />
mailURL=localhost<br />
rootURL=chat.mydomain.co.uk<br />
status=enabled<br />
<br />
<br />
<br />
==Koozali SME v10==<br />
<br />
I am starting to look at running this under docker on v10<br />
<br />
Some quick notes.<br />
<br />
You will need<br />
<br />
Docker<br />
https://wiki.contribs.org/Docker<br />
<br />
Docker Compose (because it makes it easier to template)<br />
https://github.com/docker/compose/releases<br />
<br />
Docker environment settings to disable 2FA<br />
<br />
- OVERWRITE_SETTING_Accounts_TwoFactorAuthentication_Enforce_Password_Fallback=false<br />
- OVERWRITE_SETTING_Accounts_TwoFactorAuthentication_Enabled=false<br />
<br />
Mongo (I prefer to run a full instance rather than a docker one)<br />
https://wiki.contribs.org/MongoDB<br />
<br />
Make sure you add replicaset support in Mongo and set it up:<br />
<br />
mongo --eval "printjson(rs.initiate())"<br />
<br />
<br />
I'll add more later, and try and make a full contrib in due course<br />
<br />
FAQ<br />
<br />
https://handbook.rocket.chat/company/tools/rocket.chat</div>ReetPhttps://wiki.koozali.org/index.php?title=Matrix-server&diff=41997Matrix-server2023-02-16T14:20:09Z<p>ReetP: /* Apache */</p>
<hr />
<div>{{Languages}}<br />
<!-- here we define the contrib name variable --><br />
<!-- we get the page title, remove suffix for translated version; if needed you can define there with the value you want--><br />
{{#vardefine:contribname| {{lc: {{#titleparts: {{BASEPAGENAME}} |1}} }} }}<br />
{{#vardefine:smecontribname| smeserver-{{lc: {{#titleparts: {{BASEPAGENAME}} |1}} }} }}<br />
<!-- we define the language --><br />
{{#vardefine:lang| {{lc: {{#titleparts: {{PAGENAME}} | | -1}} }} |en }}<br />
{{Infobox contribs<br />
|name={{#var:contribname}}<br />
|image={{#var:contribname}}.jpg<br />
|description_image= {{#var:contribname}} logo<br />
|maintainer= maintainer<br />
|licence= <br />
|url= https://wiki.koozali.org<br />
|category= Category you want<br />
|tags=File,this,with,a,list,of,tags<br />
}}<br />
<blockquote style="float: right;">[[File:Matrix logo.svg|250px]]</blockquote><br><br />
===Maintainer===<br />
[[User:reetp|John Crisp]] <br />
<br />
===Status===<br />
<br />
{{WIP box|}}<br />
23/02/2023 This is a work in progress and not yet complete<br />
<br />
=== Version ===<br />
<!-- keep this first element as is, you can add some if needed --><br />
{{#smeversion: {{#var:smecontribname}} }}<br />
{{#smeversion: {{#var:contribname}} }}<br />
<br />
=== Description ===<br />
An open network for secure, decentralized communication<br />
Matrix is an open source project that publishes the Matrix open standard for secure, decentralised, real-time communication, and its Apache licensed reference implementations.<br />
Maintained by the non-profit Matrix.org Foundation, we aim to create an open platform which is as independent, vibrant and evolving as the Web itself... but for communication.<br />
As of June 2019, Matrix is out of beta, and the protocol is fully suitable for production usage.<br />
<br />
=== Installation ===<br />
<tabs container style="display: inline-block;" ><tab name="For SME 10"><br />
yum --enablerepo=smecontribs install {{#var:smecontribname}}<br />
</tab></tabs><br />
<br />
This installation depends on docker<br />
<br />
https://wiki.koozali.org/Docker<br />
<br />
These are how I did it manually. <br />
<br />
mkdir -p /home/e-smith/files/docker/configs/data<br />
<br />
Needs a fix. Need to check what docker assigns as user:group id<br />
chmod 0777 /home/e-smith/files/docker/configs/data<br />
<br />
This will open the port for federation:<br />
config set matrix service access public status enabled TCPPort 8448<br />
<br />
Set up a domain.<br />
<br />
db domains set matrix.mydomain.net domain\<br />
Content Primary\<br />
Description Matrix\<br />
Nameservers localhost\<br />
TemplatePath ProxyPassVirtualMatrix\<br />
letsencryptSSLcert enabled<br />
<br />
===Apache===<br />
<br />
Note to self - this looks good inormation<br />
<br />
https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/examples/apache/matrix-synapse.conf<br />
<br />
mkdir -p /etc/e-smith/templates/etc/httpd/conf/httpd.conf/ProxyPassVirtualMatrix<br />
touch template-begin<br />
touch template-end<br />
nano ProxyPassContent<br />
<br />
Paste<br />
<br />
{<br />
if ($port eq "$httpPort") {<br />
$OUT .=<<_EVERYWHERE;<br />
<VirtualHost 0.0.0.0:80><br />
ServerName matrix.mydomain.net<br />
DocumentRoot /home/e-smith/files/ibays/Primary/html<br />
RewriteEngine on<br />
RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/.*<br />
RewriteRule ^/.well-known/acme-challenge(/.*|\$) https://%{HTTP_HOST}/.well-known/acme-challenge\$1 [L,R]<br />
RewriteRule ^/(.*|\$) https://%{HTTP_HOST}/\$1 [L,R]<br />
</VirtualHost><br />
_EVERYWHERE<br />
<br />
$OUT .=<<_THERE;<br />
Listen 8448<br />
<VirtualHost 0.0.0.0:8448><br />
SSLEngine on<br />
ServerName matrix.mydomain.net<br />
RequestHeader set "X-Forwarded-Proto" "https"<br />
AllowEncodedSlashes NoDecode<br />
ProxyPass /_matrix http://127.0.0.1:8008/_matrix nocanon<br />
ProxyPassReverse /_matrix http://127.0.0.1:8008/_matrix<br />
</VirtualHost><br />
_THERE<br />
}<br />
<br />
if ($port eq "$httpsPort"){ <br />
$OUT .=<<_HERE;<br />
<VirtualHost 0.0.0.0:443><br />
SSLEngine on<br />
ServerName matrix.mydomain.net<br />
ProxyPass /.well-known/acme-challenge/ !<br />
DocumentRoot /home/e-smith/files/ibays/Primary/html<br />
RequestHeader set "X-Forwarded-Proto" "https"<br />
AllowEncodedSlashes NoDecode<br />
ProxyPreserveHost on<br />
ProxyPass /_matrix http://127.0.0.1:8008/_matrix nocanon<br />
ProxyPassReverse /_matrix http://127.0.0.1:8008/_matrix<br />
ProxyPass /_synapse/client http://127.0.0.1:8008/_synapse/client nocanon<br />
ProxyPassReverse /_synapse/client http://127.0.0.1:8008/_synapse/client<br />
<Location /><br />
Require all granted<br />
</Location><br />
<Location /.well-known/acme-challenge/><br />
Require all granted<br />
</Location><br />
</VirtualHost><br />
_HERE<br />
}<br />
}<br />
<br />
Check you have access to .acme-challenge/well-known and get your letsencrypt certificate.<br />
<br />
nano /home/e-smith/files/docker/configs/docker-compose.yml<br />
<br />
Paste this:<br />
<br />
version: '2.3'<br />
services:<br />
# Hmmm - desktop app should not be run on the same server as matrix<br />
# https://hub.docker.com/r/vectorim/element-web/<br />
# element:<br />
# image: vectorim/element-web:latest<br />
# restart: unless-stopped<br />
# volumes:<br />
# - ./element-config.json:/app/config.json<br />
synapse:<br />
container_name: synapse<br />
image: matrixdotorg/synapse:latest<br />
restart: unless-stopped<br />
volumes:<br />
- ./data:/data<br />
environment:<br />
SYNAPSE_SERVER_NAME: "matrix.mydomain.net"<br />
SYNAPSE_REPORT_STATS: "yes"<br />
ports:<br />
- 8008:8008<br />
# This may vary - need to think abut this<br />
user: 991:991<br />
<br />
# Experimental<br />
# This<br />
# network_mode: "host"<br />
# Or<br />
# networks: ["server"]<br />
#networks:<br />
# server:<br />
# external: true<br />
# However it may fixing the internal docker network and adding to 'LocalNetworks'<br />
# to allow local DNS lookups etc<br />
<br />
nano /home/e-smith/files/docker/configs/element-config.json<br />
<br />
Paste this content:<br />
https://develop.element.io/config.json<br />
<br />
Remove "default_server_name": "matrix.org" from element-config.json<br />
<br />
Paste this at the top of the file using your server name:<br />
<br />
"default_server_config": {<br />
"m.homeserver": {<br />
"base_url": "https://matrix.example.com",<br />
"server_name": "matrix.example.com"<br />
},<br />
"m.identity_server": {<br />
"base_url": "https://vector.im"<br />
}<br />
},<br />
<br />
<br />
Generate synapse config:<br />
<br />
docker-compose run --rm synapse generate<br />
<br />
Do we need to edit the server name here? Check.<br />
<br />
nano /home/e-smith/files/docker/configs/data/homeserver.yaml<br />
<br />
=== Configuration ===<br />
you can list the available configuration with the following command :<br />
config show matrix<br />
<br />
Some of the properties are not shown, but are defaulted in a template or a script. Here a more comprehensive list with default and expected values :<br />
{| class="wikitable"<br />
!property<br />
!default<br />
!values<br />
!<br />
|-<br />
|DbName<br />
|matrix<br />
|string<br />
|for postgresql docker db<br />
|-<br />
|DbPassword<br />
|GENERATED<br />
|string<br />
|for mysql db<br />
|-<br />
|DbUser<br />
|none<br />
|string<br />
|for mysql db<br />
|-<br />
|access<br />
|private<br />
|private, public<br />
|<br />
|-<br />
|TCPPort<br />
|8448<br />
|variable<br />
|<br />
|-<br />
|status<br />
|enabled<br />
|enabled,disabled<br />
|}<br />
<br />
<br />
<br />
===Add Users===<br />
<br />
docker exec -it synapse bash<br />
register_new_matrix_user -c /data/homeserver.yaml http://localhost:8008<br />
<br />
For an admin user<br />
register_new_matrix_user -a -c /data/homeserver.yaml http://localhost:8008<br />
<br />
https://manpages.debian.org/testing/matrix-synapse/register_new_matrix_user.1.en.html<br />
<br />
Update user password with postgresql<br />
<br />
docker exec -it synapse /usr/local/bin/hash_password -c /data/homeserver.yaml<br />
UPDATE users SET password_hash = '<password-hash>' WHERE name = '@someone:server.com'<br />
<br />
where <password-hash> is the hash returned by the docker command above<br />
<br />
<br />
===Alternative compose file===<br />
<br />
https://cyberhost.uk/element-matrix-setup/<br />
<br />
docker network create --driver=bridge --subnet=10.10.10.0/24 --gateway=10.10.10.1 matrix_net<br />
<br />
version: '2.3'<br />
services:<br />
postgres:<br />
image: postgres:14<br />
restart: unless-stopped<br />
networks:<br />
default:<br />
ipv4_address: 10.10.10.2<br />
volumes:<br />
- ./postgresdata:/var/lib/postgresql/data<br />
<br />
# These will be used in homeserver.yaml later on<br />
environment:<br />
- POSTGRES_DB=synapse<br />
- POSTGRES_USER=synapse<br />
- POSTGRES_PASSWORD=STRONGPASSWORD<br />
<br />
element:<br />
image: vectorim/element-web:latest<br />
restart: unless-stopped<br />
volumes:<br />
- ./element-config.json:/app/config.json<br />
networks:<br />
default:<br />
ipv4_address: 10.10.10.3<br />
<br />
synapse:<br />
image: matrixdotorg/synapse:latest<br />
restart: unless-stopped<br />
networks:<br />
default:<br />
ipv4_address: 10.10.10.4<br />
volumes:<br />
- ./synapse:/data<br />
<br />
networks:<br />
default:<br />
external:<br />
name: matrix_net<br />
<br />
<br />
Generate synapse config:<br />
<br />
docker-compose run --rm synapse generate<br />
<br />
Comment homeserver.yaml<br />
<br />
#database:<br />
# name: sqlite3<br />
# args:<br />
# database: /data/homeserver.db<br />
<br />
Add postgresql<br />
<br />
database:<br />
name: psycopg2<br />
args:<br />
user: synapse<br />
password: STRONGPASSWORD<br />
database: synapse<br />
host: postgres<br />
cp_min: 5<br />
cp_max: 10<br />
<br />
<br />
docker-compose up -d<br />
<br />
=== Uninstall ===<br />
yum remove {{#var:smecontribname}} {{#var:contribname}}<br />
<br />
=== Bugs ===<br />
Please raise bugs under the SME-Contribs section in {{BugzillaFileBug|product=|component=|title= bugzilla}}<br />
and select the {{#var:smecontribname}} component or use {{BugzillaFileBug|product=SME%20Contribs|component={{#var:smecontribname}}|title=this link}}<br />
<br />
Below is an overview of the current issues for this contrib:{{#bugzilla:columns=id,product,version,status,summary|sort=id|order=desc|component={{#var:smecontribname}} |noresultsmessage=No open bugs found.}} <br />
<br />
===Changelog===<br />
Only released version in smecontrib are listed here.<br />
<br />
{{ #smechangelog: {{#var:smecontribname}} }}<br />
<br />
<br />
<!-- list of category you want to see this page in --><br />
[[Category: Contrib]]<br />
<br />
<!-- Please keep there the template revision number as is --><br />
[[contribtemplate::2| ]]<br />
[[contriblang:: {{#var:lang}} | ]]</div>ReetPhttps://wiki.koozali.org/index.php?title=Matrix-server&diff=41996Matrix-server2023-02-16T14:03:21Z<p>ReetP: /* Installation */</p>
<hr />
<div>{{Languages}}<br />
<!-- here we define the contrib name variable --><br />
<!-- we get the page title, remove suffix for translated version; if needed you can define there with the value you want--><br />
{{#vardefine:contribname| {{lc: {{#titleparts: {{BASEPAGENAME}} |1}} }} }}<br />
{{#vardefine:smecontribname| smeserver-{{lc: {{#titleparts: {{BASEPAGENAME}} |1}} }} }}<br />
<!-- we define the language --><br />
{{#vardefine:lang| {{lc: {{#titleparts: {{PAGENAME}} | | -1}} }} |en }}<br />
{{Infobox contribs<br />
|name={{#var:contribname}}<br />
|image={{#var:contribname}}.jpg<br />
|description_image= {{#var:contribname}} logo<br />
|maintainer= maintainer<br />
|licence= <br />
|url= https://wiki.koozali.org<br />
|category= Category you want<br />
|tags=File,this,with,a,list,of,tags<br />
}}<br />
<blockquote style="float: right;">[[File:Matrix logo.svg|250px]]</blockquote><br><br />
===Maintainer===<br />
[[User:reetp|John Crisp]] <br />
<br />
===Status===<br />
<br />
{{WIP box|}}<br />
23/02/2023 This is a work in progress and not yet complete<br />
<br />
=== Version ===<br />
<!-- keep this first element as is, you can add some if needed --><br />
{{#smeversion: {{#var:smecontribname}} }}<br />
{{#smeversion: {{#var:contribname}} }}<br />
<br />
=== Description ===<br />
An open network for secure, decentralized communication<br />
Matrix is an open source project that publishes the Matrix open standard for secure, decentralised, real-time communication, and its Apache licensed reference implementations.<br />
Maintained by the non-profit Matrix.org Foundation, we aim to create an open platform which is as independent, vibrant and evolving as the Web itself... but for communication.<br />
As of June 2019, Matrix is out of beta, and the protocol is fully suitable for production usage.<br />
<br />
=== Installation ===<br />
<tabs container style="display: inline-block;" ><tab name="For SME 10"><br />
yum --enablerepo=smecontribs install {{#var:smecontribname}}<br />
</tab></tabs><br />
<br />
This installation depends on docker<br />
<br />
https://wiki.koozali.org/Docker<br />
<br />
These are how I did it manually. <br />
<br />
mkdir -p /home/e-smith/files/docker/configs/data<br />
<br />
Needs a fix. Need to check what docker assigns as user:group id<br />
chmod 0777 /home/e-smith/files/docker/configs/data<br />
<br />
This will open the port for federation:<br />
config set matrix service access public status enabled TCPPort 8448<br />
<br />
Set up a domain.<br />
<br />
db domains set matrix.mydomain.net domain\<br />
Content Primary\<br />
Description Matrix\<br />
Nameservers localhost\<br />
TemplatePath ProxyPassVirtualMatrix\<br />
letsencryptSSLcert enabled<br />
<br />
===Apache===<br />
<br />
Note to self - this looks good inormation<br />
<br />
https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/examples/apache/matrix-synapse.conf<br />
<br />
mkdir -p /etc/e-smith/templates/etc/httpd/conf/httpd.conf/ProxyPassVirtualMatrix<br />
touch template-begin<br />
touch template-end<br />
nano ProxyPassContent<br />
<br />
Paste<br />
<br />
{<br />
if ($port eq "$httpPort") {<br />
$OUT .=<<_EVERYWHERE;<br />
<VirtualHost 0.0.0.0:80><br />
ServerName matrix.mydomain.net<br />
DocumentRoot /home/e-smith/files/ibays/Primary/html<br />
RewriteEngine on<br />
RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/.*<br />
RewriteRule ^/.well-known/acme-challenge(/.*|\$) https://%{HTTP_HOST}/.well-known/acme-challenge\$1 [L,R]<br />
RewriteRule ^/(.*|\$) https://%{HTTP_HOST}/\$1 [L,R]<br />
</VirtualHost><br />
_EVERYWHERE<br />
<br />
$OUT .=<<_THERE;<br />
Listen 8448<br />
<VirtualHost 0.0.0.0:8448><br />
SSLEngine on<br />
ServerName matrix.mydomain.net<br />
RequestHeader set "X-Forwarded-Proto" "https"<br />
AllowEncodedSlashes NoDecode<br />
ProxyPass /_matrix http://127.0.0.1:8008/_matrix nocanon<br />
ProxyPassReverse /_matrix http://127.0.0.1:8008/_matrix<br />
</VirtualHost><br />
_THERE<br />
}<br />
<br />
if ($port eq "$httpsPort"){ <br />
$OUT .=<<_HERE;<br />
<VirtualHost 0.0.0.0:443><br />
SSLEngine on<br />
ServerName matrix.mydomain.net<br />
ProxyPass /.well-known/acme-challenge/ !<br />
DocumentRoot /home/e-smith/files/ibays/Primary/html<br />
RequestHeader set "X-Forwarded-Proto" "https"<br />
AllowEncodedSlashes NoDecode<br />
ProxyPreserveHost on<br />
ProxyPass /_matrix http://127.0.0.1:8008/_matrix nocanon<br />
ProxyPassReverse /_matrix http://127.0.0.1:8008/_matrix<br />
ProxyPass /_synapse/client http://127.0.0.1:8008/_synapse/client nocanon<br />
ProxyPassReverse /_synapse/client http://127.0.0.1:8008/_synapse/client<br />
<Location /><br />
Require all granted<br />
</Location><br />
<Location /.well-known/acme-challenge/><br />
Require all granted<br />
</Location><br />
</VirtualHost><br />
_HERE<br />
}<br />
}<br />
<br />
Check you have access to .acme-challenge/well-known and get your letsencrypt certificate.<br />
<br />
nano /home/e-smith/files/docker/configs/docker-compose.yml<br />
<br />
Paste this:<br />
<br />
version: '2.3'<br />
services:<br />
element:<br />
image: vectorim/element-web:latest<br />
restart: unless-stopped<br />
volumes:<br />
- ./element-config.json:/app/config.json<br />
synapse:<br />
container_name: synapse<br />
image: matrixdotorg/synapse:latest<br />
restart: unless-stopped<br />
volumes:<br />
- ./data:/data<br />
environment:<br />
SYNAPSE_SERVER_NAME: "matrix.mydomain.net"<br />
SYNAPSE_REPORT_STATS: "yes"<br />
ports:<br />
- 8008:8008<br />
# This may vary - need to think abut this<br />
user: 991:991<br />
<br />
# Experimental<br />
# This<br />
# network_mode: "host"<br />
# Or<br />
# networks: ["server"]<br />
#networks:<br />
# server:<br />
# external: true<br />
# However it may fixing the internal docker network and adding to 'LocalNetworks'<br />
# to allow local DNS lookups etc<br />
<br />
nano /home/e-smith/files/docker/configs/element-config.json<br />
<br />
Paste this content:<br />
https://develop.element.io/config.json<br />
<br />
Remove "default_server_name": "matrix.org" from element-config.json<br />
<br />
Paste this at the top of the file using your server name:<br />
<br />
"default_server_config": {<br />
"m.homeserver": {<br />
"base_url": "https://matrix.example.com",<br />
"server_name": "matrix.example.com"<br />
},<br />
"m.identity_server": {<br />
"base_url": "https://vector.im"<br />
}<br />
},<br />
<br />
<br />
Generate synapse config:<br />
<br />
docker-compose run --rm synapse generate<br />
<br />
Do we need to edit the server name here? Check.<br />
<br />
nano /home/e-smith/files/docker/configs/data/homeserver.yaml<br />
<br />
=== Configuration ===<br />
you can list the available configuration with the following command :<br />
config show matrix<br />
<br />
Some of the properties are not shown, but are defaulted in a template or a script. Here a more comprehensive list with default and expected values :<br />
{| class="wikitable"<br />
!property<br />
!default<br />
!values<br />
!<br />
|-<br />
|DbName<br />
|matrix<br />
|string<br />
|for postgresql docker db<br />
|-<br />
|DbPassword<br />
|GENERATED<br />
|string<br />
|for mysql db<br />
|-<br />
|DbUser<br />
|none<br />
|string<br />
|for mysql db<br />
|-<br />
|access<br />
|private<br />
|private, public<br />
|<br />
|-<br />
|TCPPort<br />
|8448<br />
|variable<br />
|<br />
|-<br />
|status<br />
|enabled<br />
|enabled,disabled<br />
|}<br />
<br />
<br />
<br />
===Add Users===<br />
<br />
docker exec -it synapse bash<br />
register_new_matrix_user -c /data/homeserver.yaml http://localhost:8008<br />
<br />
For an admin user<br />
register_new_matrix_user -a -c /data/homeserver.yaml http://localhost:8008<br />
<br />
https://manpages.debian.org/testing/matrix-synapse/register_new_matrix_user.1.en.html<br />
<br />
Update user password with postgresql<br />
<br />
docker exec -it synapse /usr/local/bin/hash_password -c /data/homeserver.yaml<br />
UPDATE users SET password_hash = '<password-hash>' WHERE name = '@someone:server.com'<br />
<br />
where <password-hash> is the hash returned by the docker command above<br />
<br />
<br />
===Alternative compose file===<br />
<br />
https://cyberhost.uk/element-matrix-setup/<br />
<br />
docker network create --driver=bridge --subnet=10.10.10.0/24 --gateway=10.10.10.1 matrix_net<br />
<br />
version: '2.3'<br />
services:<br />
postgres:<br />
image: postgres:14<br />
restart: unless-stopped<br />
networks:<br />
default:<br />
ipv4_address: 10.10.10.2<br />
volumes:<br />
- ./postgresdata:/var/lib/postgresql/data<br />
<br />
# These will be used in homeserver.yaml later on<br />
environment:<br />
- POSTGRES_DB=synapse<br />
- POSTGRES_USER=synapse<br />
- POSTGRES_PASSWORD=STRONGPASSWORD<br />
<br />
element:<br />
image: vectorim/element-web:latest<br />
restart: unless-stopped<br />
volumes:<br />
- ./element-config.json:/app/config.json<br />
networks:<br />
default:<br />
ipv4_address: 10.10.10.3<br />
<br />
synapse:<br />
image: matrixdotorg/synapse:latest<br />
restart: unless-stopped<br />
networks:<br />
default:<br />
ipv4_address: 10.10.10.4<br />
volumes:<br />
- ./synapse:/data<br />
<br />
networks:<br />
default:<br />
external:<br />
name: matrix_net<br />
<br />
<br />
Generate synapse config:<br />
<br />
docker-compose run --rm synapse generate<br />
<br />
Comment homeserver.yaml<br />
<br />
#database:<br />
# name: sqlite3<br />
# args:<br />
# database: /data/homeserver.db<br />
<br />
Add postgresql<br />
<br />
database:<br />
name: psycopg2<br />
args:<br />
user: synapse<br />
password: STRONGPASSWORD<br />
database: synapse<br />
host: postgres<br />
cp_min: 5<br />
cp_max: 10<br />
<br />
<br />
docker-compose up -d<br />
<br />
=== Uninstall ===<br />
yum remove {{#var:smecontribname}} {{#var:contribname}}<br />
<br />
=== Bugs ===<br />
Please raise bugs under the SME-Contribs section in {{BugzillaFileBug|product=|component=|title= bugzilla}}<br />
and select the {{#var:smecontribname}} component or use {{BugzillaFileBug|product=SME%20Contribs|component={{#var:smecontribname}}|title=this link}}<br />
<br />
Below is an overview of the current issues for this contrib:{{#bugzilla:columns=id,product,version,status,summary|sort=id|order=desc|component={{#var:smecontribname}} |noresultsmessage=No open bugs found.}} <br />
<br />
===Changelog===<br />
Only released version in smecontrib are listed here.<br />
<br />
{{ #smechangelog: {{#var:smecontribname}} }}<br />
<br />
<br />
<!-- list of category you want to see this page in --><br />
[[Category: Contrib]]<br />
<br />
<!-- Please keep there the template revision number as is --><br />
[[contribtemplate::2| ]]<br />
[[contriblang:: {{#var:lang}} | ]]</div>ReetPhttps://wiki.koozali.org/index.php?title=Matrix-server&diff=41995Matrix-server2023-02-16T14:02:52Z<p>ReetP: /* Apache */</p>
<hr />
<div>{{Languages}}<br />
<!-- here we define the contrib name variable --><br />
<!-- we get the page title, remove suffix for translated version; if needed you can define there with the value you want--><br />
{{#vardefine:contribname| {{lc: {{#titleparts: {{BASEPAGENAME}} |1}} }} }}<br />
{{#vardefine:smecontribname| smeserver-{{lc: {{#titleparts: {{BASEPAGENAME}} |1}} }} }}<br />
<!-- we define the language --><br />
{{#vardefine:lang| {{lc: {{#titleparts: {{PAGENAME}} | | -1}} }} |en }}<br />
{{Infobox contribs<br />
|name={{#var:contribname}}<br />
|image={{#var:contribname}}.jpg<br />
|description_image= {{#var:contribname}} logo<br />
|maintainer= maintainer<br />
|licence= <br />
|url= https://wiki.koozali.org<br />
|category= Category you want<br />
|tags=File,this,with,a,list,of,tags<br />
}}<br />
<blockquote style="float: right;">[[File:Matrix logo.svg|250px]]</blockquote><br><br />
===Maintainer===<br />
[[User:reetp|John Crisp]] <br />
<br />
===Status===<br />
<br />
{{WIP box|}}<br />
23/02/2023 This is a work in progress and not yet complete<br />
<br />
=== Version ===<br />
<!-- keep this first element as is, you can add some if needed --><br />
{{#smeversion: {{#var:smecontribname}} }}<br />
{{#smeversion: {{#var:contribname}} }}<br />
<br />
=== Description ===<br />
An open network for secure, decentralized communication<br />
Matrix is an open source project that publishes the Matrix open standard for secure, decentralised, real-time communication, and its Apache licensed reference implementations.<br />
Maintained by the non-profit Matrix.org Foundation, we aim to create an open platform which is as independent, vibrant and evolving as the Web itself... but for communication.<br />
As of June 2019, Matrix is out of beta, and the protocol is fully suitable for production usage.<br />
<br />
=== Installation ===<br />
<tabs container style="display: inline-block;" ><tab name="For SME 10"><br />
yum --enablerepo=smecontribs install {{#var:smecontribname}}<br />
</tab></tabs><br />
<br />
This installation depends on docker<br />
<br />
https://wiki.koozali.org/Docker<br />
<br />
These are how I did it manually. <br />
<br />
mkdir -p /home/e-smith/files/docker/configs/data<br />
<br />
Needs a fix. Need to check what docker assigns as user:group id<br />
chmod 0777 /home/e-smith/files/docker/configs/data<br />
<br />
This will open the port for federation:<br />
config set matrix service access public status enabled TCPPort 8448<br />
<br />
Set up a domain.<br />
<br />
db domains set matrix.mydomain.com domain\<br />
Content Primary\<br />
Description Matrix\<br />
Nameservers localhost\<br />
TemplatePath ProxyPassVirtualMatrix\<br />
letsencryptSSLcert enabled<br />
<br />
===Apache===<br />
<br />
Note to self - this looks good inormation<br />
<br />
https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/examples/apache/matrix-synapse.conf<br />
<br />
mkdir -p /etc/e-smith/templates/etc/httpd/conf/httpd.conf/ProxyPassVirtualMatrix<br />
touch template-begin<br />
touch template-end<br />
nano ProxyPassContent<br />
<br />
Paste<br />
<br />
{<br />
if ($port eq "$httpPort") {<br />
$OUT .=<<_EVERYWHERE;<br />
<VirtualHost 0.0.0.0:80><br />
ServerName matrix.mydomain.net<br />
DocumentRoot /home/e-smith/files/ibays/Primary/html<br />
RewriteEngine on<br />
RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/.*<br />
RewriteRule ^/.well-known/acme-challenge(/.*|\$) https://%{HTTP_HOST}/.well-known/acme-challenge\$1 [L,R]<br />
RewriteRule ^/(.*|\$) https://%{HTTP_HOST}/\$1 [L,R]<br />
</VirtualHost><br />
_EVERYWHERE<br />
<br />
$OUT .=<<_THERE;<br />
Listen 8448<br />
<VirtualHost 0.0.0.0:8448><br />
SSLEngine on<br />
ServerName matrix.mydomain.net<br />
RequestHeader set "X-Forwarded-Proto" "https"<br />
AllowEncodedSlashes NoDecode<br />
ProxyPass /_matrix http://127.0.0.1:8008/_matrix nocanon<br />
ProxyPassReverse /_matrix http://127.0.0.1:8008/_matrix<br />
</VirtualHost><br />
_THERE<br />
}<br />
<br />
if ($port eq "$httpsPort"){ <br />
$OUT .=<<_HERE;<br />
<VirtualHost 0.0.0.0:443><br />
SSLEngine on<br />
ServerName matrix.mydomain.net<br />
ProxyPass /.well-known/acme-challenge/ !<br />
DocumentRoot /home/e-smith/files/ibays/Primary/html<br />
RequestHeader set "X-Forwarded-Proto" "https"<br />
AllowEncodedSlashes NoDecode<br />
ProxyPreserveHost on<br />
ProxyPass /_matrix http://127.0.0.1:8008/_matrix nocanon<br />
ProxyPassReverse /_matrix http://127.0.0.1:8008/_matrix<br />
ProxyPass /_synapse/client http://127.0.0.1:8008/_synapse/client nocanon<br />
ProxyPassReverse /_synapse/client http://127.0.0.1:8008/_synapse/client<br />
<Location /><br />
Require all granted<br />
</Location><br />
<Location /.well-known/acme-challenge/><br />
Require all granted<br />
</Location><br />
</VirtualHost><br />
_HERE<br />
}<br />
}<br />
<br />
Check you have access to .acme-challenge/well-known and get your letsencrypt certificate.<br />
<br />
nano /home/e-smith/files/docker/configs/docker-compose.yml<br />
<br />
Paste this:<br />
<br />
version: '2.3'<br />
services:<br />
element:<br />
image: vectorim/element-web:latest<br />
restart: unless-stopped<br />
volumes:<br />
- ./element-config.json:/app/config.json<br />
synapse:<br />
container_name: synapse<br />
image: matrixdotorg/synapse:latest<br />
restart: unless-stopped<br />
volumes:<br />
- ./data:/data<br />
environment:<br />
SYNAPSE_SERVER_NAME: "matrix.mydomain.net"<br />
SYNAPSE_REPORT_STATS: "yes"<br />
ports:<br />
- 8008:8008<br />
# This may vary - need to think abut this<br />
user: 991:991<br />
<br />
# Experimental<br />
# This<br />
# network_mode: "host"<br />
# Or<br />
# networks: ["server"]<br />
#networks:<br />
# server:<br />
# external: true<br />
# However it may fixing the internal docker network and adding to 'LocalNetworks'<br />
# to allow local DNS lookups etc<br />
<br />
nano /home/e-smith/files/docker/configs/element-config.json<br />
<br />
Paste this content:<br />
https://develop.element.io/config.json<br />
<br />
Remove "default_server_name": "matrix.org" from element-config.json<br />
<br />
Paste this at the top of the file using your server name:<br />
<br />
"default_server_config": {<br />
"m.homeserver": {<br />
"base_url": "https://matrix.example.com",<br />
"server_name": "matrix.example.com"<br />
},<br />
"m.identity_server": {<br />
"base_url": "https://vector.im"<br />
}<br />
},<br />
<br />
<br />
Generate synapse config:<br />
<br />
docker-compose run --rm synapse generate<br />
<br />
Do we need to edit the server name here? Check.<br />
<br />
nano /home/e-smith/files/docker/configs/data/homeserver.yaml<br />
<br />
=== Configuration ===<br />
you can list the available configuration with the following command :<br />
config show matrix<br />
<br />
Some of the properties are not shown, but are defaulted in a template or a script. Here a more comprehensive list with default and expected values :<br />
{| class="wikitable"<br />
!property<br />
!default<br />
!values<br />
!<br />
|-<br />
|DbName<br />
|matrix<br />
|string<br />
|for postgresql docker db<br />
|-<br />
|DbPassword<br />
|GENERATED<br />
|string<br />
|for mysql db<br />
|-<br />
|DbUser<br />
|none<br />
|string<br />
|for mysql db<br />
|-<br />
|access<br />
|private<br />
|private, public<br />
|<br />
|-<br />
|TCPPort<br />
|8448<br />
|variable<br />
|<br />
|-<br />
|status<br />
|enabled<br />
|enabled,disabled<br />
|}<br />
<br />
<br />
<br />
===Add Users===<br />
<br />
docker exec -it synapse bash<br />
register_new_matrix_user -c /data/homeserver.yaml http://localhost:8008<br />
<br />
For an admin user<br />
register_new_matrix_user -a -c /data/homeserver.yaml http://localhost:8008<br />
<br />
https://manpages.debian.org/testing/matrix-synapse/register_new_matrix_user.1.en.html<br />
<br />
Update user password with postgresql<br />
<br />
docker exec -it synapse /usr/local/bin/hash_password -c /data/homeserver.yaml<br />
UPDATE users SET password_hash = '<password-hash>' WHERE name = '@someone:server.com'<br />
<br />
where <password-hash> is the hash returned by the docker command above<br />
<br />
<br />
===Alternative compose file===<br />
<br />
https://cyberhost.uk/element-matrix-setup/<br />
<br />
docker network create --driver=bridge --subnet=10.10.10.0/24 --gateway=10.10.10.1 matrix_net<br />
<br />
version: '2.3'<br />
services:<br />
postgres:<br />
image: postgres:14<br />
restart: unless-stopped<br />
networks:<br />
default:<br />
ipv4_address: 10.10.10.2<br />
volumes:<br />
- ./postgresdata:/var/lib/postgresql/data<br />
<br />
# These will be used in homeserver.yaml later on<br />
environment:<br />
- POSTGRES_DB=synapse<br />
- POSTGRES_USER=synapse<br />
- POSTGRES_PASSWORD=STRONGPASSWORD<br />
<br />
element:<br />
image: vectorim/element-web:latest<br />
restart: unless-stopped<br />
volumes:<br />
- ./element-config.json:/app/config.json<br />
networks:<br />
default:<br />
ipv4_address: 10.10.10.3<br />
<br />
synapse:<br />
image: matrixdotorg/synapse:latest<br />
restart: unless-stopped<br />
networks:<br />
default:<br />
ipv4_address: 10.10.10.4<br />
volumes:<br />
- ./synapse:/data<br />
<br />
networks:<br />
default:<br />
external:<br />
name: matrix_net<br />
<br />
<br />
Generate synapse config:<br />
<br />
docker-compose run --rm synapse generate<br />
<br />
Comment homeserver.yaml<br />
<br />
#database:<br />
# name: sqlite3<br />
# args:<br />
# database: /data/homeserver.db<br />
<br />
Add postgresql<br />
<br />
database:<br />
name: psycopg2<br />
args:<br />
user: synapse<br />
password: STRONGPASSWORD<br />
database: synapse<br />
host: postgres<br />
cp_min: 5<br />
cp_max: 10<br />
<br />
<br />
docker-compose up -d<br />
<br />
=== Uninstall ===<br />
yum remove {{#var:smecontribname}} {{#var:contribname}}<br />
<br />
=== Bugs ===<br />
Please raise bugs under the SME-Contribs section in {{BugzillaFileBug|product=|component=|title= bugzilla}}<br />
and select the {{#var:smecontribname}} component or use {{BugzillaFileBug|product=SME%20Contribs|component={{#var:smecontribname}}|title=this link}}<br />
<br />
Below is an overview of the current issues for this contrib:{{#bugzilla:columns=id,product,version,status,summary|sort=id|order=desc|component={{#var:smecontribname}} |noresultsmessage=No open bugs found.}} <br />
<br />
===Changelog===<br />
Only released version in smecontrib are listed here.<br />
<br />
{{ #smechangelog: {{#var:smecontribname}} }}<br />
<br />
<br />
<!-- list of category you want to see this page in --><br />
[[Category: Contrib]]<br />
<br />
<!-- Please keep there the template revision number as is --><br />
[[contribtemplate::2| ]]<br />
[[contriblang:: {{#var:lang}} | ]]</div>ReetPhttps://wiki.koozali.org/index.php?title=Matrix-server&diff=41993Matrix-server2023-02-14T18:18:19Z<p>ReetP: /* Apache */</p>
<hr />
<div>{{Languages}}<br />
<!-- here we define the contrib name variable --><br />
<!-- we get the page title, remove suffix for translated version; if needed you can define there with the value you want--><br />
{{#vardefine:contribname| {{lc: {{#titleparts: {{BASEPAGENAME}} |1}} }} }}<br />
{{#vardefine:smecontribname| smeserver-{{lc: {{#titleparts: {{BASEPAGENAME}} |1}} }} }}<br />
<!-- we define the language --><br />
{{#vardefine:lang| {{lc: {{#titleparts: {{PAGENAME}} | | -1}} }} |en }}<br />
{{Infobox contribs<br />
|name={{#var:contribname}}<br />
|image={{#var:contribname}}.jpg<br />
|description_image= {{#var:contribname}} logo<br />
|maintainer= maintainer<br />
|licence= <br />
|url= https://wiki.koozali.org<br />
|category= Category you want<br />
|tags=File,this,with,a,list,of,tags<br />
}}<br />
<blockquote style="float: right;">[[File:Matrix logo.svg|250px]]</blockquote><br><br />
===Maintainer===<br />
[[User:reetp|John Crisp]] <br />
<br />
===Status===<br />
<br />
{{WIP box|}}<br />
23/02/2023 This is a work in progress and not yet complete<br />
<br />
=== Version ===<br />
<!-- keep this first element as is, you can add some if needed --><br />
{{#smeversion: {{#var:smecontribname}} }}<br />
{{#smeversion: {{#var:contribname}} }}<br />
<br />
=== Description ===<br />
An open network for secure, decentralized communication<br />
Matrix is an open source project that publishes the Matrix open standard for secure, decentralised, real-time communication, and its Apache licensed reference implementations.<br />
Maintained by the non-profit Matrix.org Foundation, we aim to create an open platform which is as independent, vibrant and evolving as the Web itself... but for communication.<br />
As of June 2019, Matrix is out of beta, and the protocol is fully suitable for production usage.<br />
<br />
=== Installation ===<br />
<tabs container style="display: inline-block;" ><tab name="For SME 10"><br />
yum --enablerepo=smecontribs install {{#var:smecontribname}}<br />
</tab></tabs><br />
<br />
This installation depends on docker<br />
<br />
https://wiki.koozali.org/Docker<br />
<br />
These are how I did it manually. <br />
<br />
mkdir -p /home/e-smith/files/docker/configs/data<br />
<br />
Needs a fix. Need to check what docker assigns as user:group id<br />
chmod 0777 /home/e-smith/files/docker/configs/data<br />
<br />
This will open the port for federation:<br />
config set matrix service access public status enabled TCPPort 8448<br />
<br />
Set up a domain.<br />
<br />
db domains set matrix.mydomain.com domain\<br />
Content Primary\<br />
Description Matrix\<br />
Nameservers localhost\<br />
TemplatePath ProxyPassVirtualMatrix\<br />
letsencryptSSLcert enabled<br />
<br />
===Apache===<br />
<br />
Note to self - this looks good inormation<br />
<br />
https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/examples/apache/matrix-synapse.conf<br />
<br />
mkdir -p /etc/e-smith/templates/etc/httpd/conf/httpd.conf/ProxyPassVirtualMatrix<br />
touch template-begin<br />
touch template-end<br />
nano ProxyPassContent<br />
<br />
Paste<br />
<br />
{<br />
if ($port eq "$httpPort") {<br />
$OUT .=<<_EVERYWHERE;<br />
<VirtualHost 0.0.0.0:80><br />
ServerName matrix.sovereigninsignia.com<br />
DocumentRoot /home/e-smith/files/ibays/Primary/html<br />
RewriteEngine on<br />
RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/.*<br />
RewriteRule ^/.well-known/acme-challenge(/.*|\$) https://%{HTTP_HOST}/.well-known/acme-challenge\$1 [L,R]<br />
RewriteRule ^/(.*|\$) https://%{HTTP_HOST}/\$1 [L,R]<br />
</VirtualHost><br />
_EVERYWHERE<br />
<br />
$OUT .=<<_THERE;<br />
Listen 8448<br />
<VirtualHost 0.0.0.0:8448><br />
SSLEngine on<br />
ServerName matrix.sovereigninsignia.com<br />
RequestHeader set "X-Forwarded-Proto" "https"<br />
AllowEncodedSlashes NoDecode<br />
ProxyPass /_matrix http://127.0.0.1:8008/_matrix nocanon<br />
ProxyPassReverse /_matrix http://127.0.0.1:8008/_matrix<br />
</VirtualHost><br />
_THERE<br />
}<br />
<br />
if ($port eq "$httpsPort"){ <br />
$OUT .=<<_HERE;<br />
<VirtualHost 0.0.0.0:443><br />
SSLEngine on<br />
ServerName matrix.sovereigninsignia.com<br />
ProxyPass /.well-known/acme-challenge/ !<br />
DocumentRoot /home/e-smith/files/ibays/Primary/html<br />
RequestHeader set "X-Forwarded-Proto" "https"<br />
AllowEncodedSlashes NoDecode<br />
ProxyPreserveHost on<br />
ProxyPass /_matrix http://127.0.0.1:8008/_matrix nocanon<br />
ProxyPassReverse /_matrix http://127.0.0.1:8008/_matrix<br />
ProxyPass /_synapse/client http://127.0.0.1:8008/_synapse/client nocanon<br />
ProxyPassReverse /_synapse/client http://127.0.0.1:8008/_synapse/client<br />
<Location /><br />
Require all granted<br />
</Location><br />
<Location /.well-known/acme-challenge/><br />
Require all granted<br />
</Location><br />
</VirtualHost><br />
_HERE<br />
}<br />
}<br />
<br />
Check you have access to .acme-challenge/well-known and get your letsencrypt certificate.<br />
<br />
nano /home/e-smith/files/docker/configs/docker-compose.yml<br />
<br />
Paste this:<br />
<br />
version: '2.3'<br />
services:<br />
element:<br />
image: vectorim/element-web:latest<br />
restart: unless-stopped<br />
volumes:<br />
- ./element-config.json:/app/config.json<br />
synapse:<br />
container_name: synapse<br />
image: matrixdotorg/synapse:latest<br />
restart: unless-stopped<br />
volumes:<br />
- ./data:/data<br />
environment:<br />
SYNAPSE_SERVER_NAME: "matrix.sovereigninsignia.com"<br />
SYNAPSE_REPORT_STATS: "yes"<br />
ports:<br />
- 8008:8008<br />
# This may vary - need to think abut this<br />
user: 991:991<br />
<br />
# Experimental<br />
# This<br />
# network_mode: "host"<br />
# Or<br />
# networks: ["server"]<br />
#networks:<br />
# server:<br />
# external: true<br />
# However it may fixing the internal docker network and adding to 'LocalNetworks'<br />
# to allow local DNS lookups etc<br />
<br />
nano /home/e-smith/files/docker/configs/element-config.json<br />
<br />
Paste this content:<br />
https://develop.element.io/config.json<br />
<br />
Remove "default_server_name": "matrix.org" from element-config.json<br />
<br />
Paste this at the top of the file using your server name:<br />
<br />
"default_server_config": {<br />
"m.homeserver": {<br />
"base_url": "https://matrix.example.com",<br />
"server_name": "matrix.example.com"<br />
},<br />
"m.identity_server": {<br />
"base_url": "https://vector.im"<br />
}<br />
},<br />
<br />
<br />
Generate synapse config:<br />
<br />
docker-compose run --rm synapse generate<br />
<br />
Do we need to edit the server name here? Check.<br />
<br />
nano /home/e-smith/files/docker/configs/data/homeserver.yaml<br />
<br />
=== Configuration ===<br />
you can list the available configuration with the following command :<br />
config show matrix<br />
<br />
Some of the properties are not shown, but are defaulted in a template or a script. Here a more comprehensive list with default and expected values :<br />
{| class="wikitable"<br />
!property<br />
!default<br />
!values<br />
!<br />
|-<br />
|DbName<br />
|matrix<br />
|string<br />
|for postgresql docker db<br />
|-<br />
|DbPassword<br />
|GENERATED<br />
|string<br />
|for mysql db<br />
|-<br />
|DbUser<br />
|none<br />
|string<br />
|for mysql db<br />
|-<br />
|access<br />
|private<br />
|private, public<br />
|<br />
|-<br />
|TCPPort<br />
|8448<br />
|variable<br />
|<br />
|-<br />
|status<br />
|enabled<br />
|enabled,disabled<br />
|}<br />
<br />
<br />
<br />
===Add Users===<br />
<br />
docker exec -it synapse bash<br />
register_new_matrix_user -c /data/homeserver.yaml http://localhost:8008<br />
<br />
For an admin user<br />
register_new_matrix_user -a -c /data/homeserver.yaml http://localhost:8008<br />
<br />
https://manpages.debian.org/testing/matrix-synapse/register_new_matrix_user.1.en.html<br />
<br />
Update user password with postgresql<br />
<br />
docker exec -it synapse /usr/local/bin/hash_password -c /data/homeserver.yaml<br />
UPDATE users SET password_hash = '<password-hash>' WHERE name = '@someone:server.com'<br />
<br />
where <password-hash> is the hash returned by the docker command above<br />
<br />
<br />
===Alternative compose file===<br />
<br />
https://cyberhost.uk/element-matrix-setup/<br />
<br />
docker network create --driver=bridge --subnet=10.10.10.0/24 --gateway=10.10.10.1 matrix_net<br />
<br />
version: '2.3'<br />
services:<br />
postgres:<br />
image: postgres:14<br />
restart: unless-stopped<br />
networks:<br />
default:<br />
ipv4_address: 10.10.10.2<br />
volumes:<br />
- ./postgresdata:/var/lib/postgresql/data<br />
<br />
# These will be used in homeserver.yaml later on<br />
environment:<br />
- POSTGRES_DB=synapse<br />
- POSTGRES_USER=synapse<br />
- POSTGRES_PASSWORD=STRONGPASSWORD<br />
<br />
element:<br />
image: vectorim/element-web:latest<br />
restart: unless-stopped<br />
volumes:<br />
- ./element-config.json:/app/config.json<br />
networks:<br />
default:<br />
ipv4_address: 10.10.10.3<br />
<br />
synapse:<br />
image: matrixdotorg/synapse:latest<br />
restart: unless-stopped<br />
networks:<br />
default:<br />
ipv4_address: 10.10.10.4<br />
volumes:<br />
- ./synapse:/data<br />
<br />
networks:<br />
default:<br />
external:<br />
name: matrix_net<br />
<br />
<br />
Generate synapse config:<br />
<br />
docker-compose run --rm synapse generate<br />
<br />
Comment homeserver.yaml<br />
<br />
#database:<br />
# name: sqlite3<br />
# args:<br />
# database: /data/homeserver.db<br />
<br />
Add postgresql<br />
<br />
database:<br />
name: psycopg2<br />
args:<br />
user: synapse<br />
password: STRONGPASSWORD<br />
database: synapse<br />
host: postgres<br />
cp_min: 5<br />
cp_max: 10<br />
<br />
<br />
docker-compose up -d<br />
<br />
=== Uninstall ===<br />
yum remove {{#var:smecontribname}} {{#var:contribname}}<br />
<br />
=== Bugs ===<br />
Please raise bugs under the SME-Contribs section in {{BugzillaFileBug|product=|component=|title= bugzilla}}<br />
and select the {{#var:smecontribname}} component or use {{BugzillaFileBug|product=SME%20Contribs|component={{#var:smecontribname}}|title=this link}}<br />
<br />
Below is an overview of the current issues for this contrib:{{#bugzilla:columns=id,product,version,status,summary|sort=id|order=desc|component={{#var:smecontribname}} |noresultsmessage=No open bugs found.}} <br />
<br />
===Changelog===<br />
Only released version in smecontrib are listed here.<br />
<br />
{{ #smechangelog: {{#var:smecontribname}} }}<br />
<br />
<br />
<!-- list of category you want to see this page in --><br />
[[Category: Contrib]]<br />
<br />
<!-- Please keep there the template revision number as is --><br />
[[contribtemplate::2| ]]<br />
[[contriblang:: {{#var:lang}} | ]]</div>ReetPhttps://wiki.koozali.org/index.php?title=Matrix-server&diff=41989Matrix-server2023-02-09T17:20:55Z<p>ReetP: /* Apache */</p>
<hr />
<div>{{Languages}}<br />
<!-- here we define the contrib name variable --><br />
<!-- we get the page title, remove suffix for translated version; if needed you can define there with the value you want--><br />
{{#vardefine:contribname| {{lc: {{#titleparts: {{BASEPAGENAME}} |1}} }} }}<br />
{{#vardefine:smecontribname| smeserver-{{lc: {{#titleparts: {{BASEPAGENAME}} |1}} }} }}<br />
<!-- we define the language --><br />
{{#vardefine:lang| {{lc: {{#titleparts: {{PAGENAME}} | | -1}} }} |en }}<br />
{{Infobox contribs<br />
|name={{#var:contribname}}<br />
|image={{#var:contribname}}.jpg<br />
|description_image= {{#var:contribname}} logo<br />
|maintainer= maintainer<br />
|licence= <br />
|url= https://wiki.koozali.org<br />
|category= Category you want<br />
|tags=File,this,with,a,list,of,tags<br />
}}<br />
<br />
===Maintainer===<br />
[[User:reetp|John Crisp]] <br />
<br />
===Status===<br />
<br />
{{WIP box|}}<br />
23/02/2023 This is a work in progress and not yet complete<br />
<br />
=== Version ===<br />
<!-- keep this first element as is, you can add some if needed --><br />
{{#smeversion: {{#var:smecontribname}} }}<br />
{{#smeversion: {{#var:contribname}} }}<br />
<br />
=== Description ===<br />
An open network for secure, decentralized communication<br />
Matrix is an open source project that publishes the Matrix open standard for secure, decentralised, real-time communication, and its Apache licensed reference implementations.<br />
Maintained by the non-profit Matrix.org Foundation, we aim to create an open platform which is as independent, vibrant and evolving as the Web itself... but for communication.<br />
As of June 2019, Matrix is out of beta, and the protocol is fully suitable for production usage.<br />
<br />
=== Installation ===<br />
<tabs container style="display: inline-block;" ><tab name="For SME 10"><br />
yum --enablerepo=smecontribs install {{#var:smecontribname}}<br />
</tab></tabs><br />
<br />
This installation depends on docker<br />
<br />
https://wiki.koozali.org/Docker<br />
<br />
These are how I did it manually. <br />
<br />
mkdir -p /home/e-smith/files/docker/configs/data<br />
<br />
Needs a fix. Need to check what docker assigns as user:group id<br />
chmod 0777 /home/e-smith/files/docker/configs/data<br />
<br />
This will open the port for federation:<br />
config set matrix service access public status enabled TCPPort 8448<br />
<br />
Set up a domain.<br />
<br />
db domains set matrix.mydomain.com domain\<br />
Content Primary\<br />
Description Matrix\<br />
Nameservers localhost\<br />
TemplatePath ProxyPassVirtualMatrix\<br />
letsencryptSSLcert enabled<br />
<br />
===Apache===<br />
<br />
mkdir -p /etc/e-smith/templates/etc/httpd/conf/httpd.conf/ProxyPassVirtualMatrix<br />
touch template-begin<br />
touch template-end<br />
nano ProxyPassContent<br />
<br />
Paste<br />
<br />
{<br />
if ($port eq "$httpPort") {<br />
$OUT .=<<_EVERYWHERE;<br />
<VirtualHost 0.0.0.0:80><br />
ServerName matrix.sovereigninsignia.com<br />
DocumentRoot /home/e-smith/files/ibays/Primary/html<br />
RewriteEngine on<br />
RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/.*<br />
RewriteRule ^/.well-known/acme-challenge(/.*|\$) https://%{HTTP_HOST}/.well-known/acme-challenge\$1 [L,R]<br />
RewriteRule ^/(.*|\$) https://%{HTTP_HOST}/\$1 [L,R]<br />
</VirtualHost><br />
_EVERYWHERE<br />
<br />
$OUT .=<<_THERE;<br />
<VirtualHost 0.0.0.0:8448><br />
SSLEngine on<br />
ServerName matrix.sovereigninsignia.com<br />
RequestHeader set "X-Forwarded-Proto" "https"<br />
AllowEncodedSlashes NoDecode<br />
ProxyPass /_matrix http://127.0.0.1:8008/_matrix nocanon<br />
ProxyPassReverse /_matrix http://127.0.0.1:8008/_matrix<br />
</VirtualHost><br />
_THERE<br />
}<br />
<br />
if ($port eq "$httpsPort"){ <br />
$OUT .=<<_HERE;<br />
<VirtualHost 0.0.0.0:443><br />
SSLEngine on<br />
ServerName matrix.sovereigninsignia.com<br />
ProxyPass /.well-known/acme-challenge/ !<br />
DocumentRoot /home/e-smith/files/ibays/Primary/html<br />
RequestHeader set "X-Forwarded-Proto" "https"<br />
AllowEncodedSlashes NoDecode<br />
ProxyPreserveHost on<br />
ProxyPass /_matrix http://127.0.0.1:8008/_matrix nocanon<br />
ProxyPassReverse /_matrix http://127.0.0.1:8008/_matrix<br />
ProxyPass /_synapse/client http://127.0.0.1:8008/_synapse/client nocanon<br />
ProxyPassReverse /_synapse/client http://127.0.0.1:8008/_synapse/client<br />
<Location /><br />
Require all granted<br />
</Location><br />
<Location /.well-known/acme-challenge/><br />
Require all granted<br />
</Location><br />
</VirtualHost><br />
_HERE<br />
}<br />
}<br />
<br />
Check you have access to .acme-challenge/well-known and get your letsencrypt certificate.<br />
<br />
nano /home/e-smith/files/docker/configs/docker-compose.yml<br />
<br />
Paste this:<br />
<br />
version: '2.3'<br />
services:<br />
element:<br />
image: vectorim/element-web:latest<br />
restart: unless-stopped<br />
volumes:<br />
- ./element-config.json:/app/config.json<br />
synapse:<br />
container_name: synapse<br />
image: matrixdotorg/synapse:latest<br />
restart: unless-stopped<br />
volumes:<br />
- ./data:/data<br />
environment:<br />
SYNAPSE_SERVER_NAME: "matrix.sovereigninsignia.com"<br />
SYNAPSE_REPORT_STATS: "yes"<br />
ports:<br />
- 8008:8008<br />
# This may vary - need to think abut this<br />
user: 991:991<br />
<br />
# Experimental<br />
# This<br />
# network_mode: "host"<br />
# Or<br />
# networks: ["server"]<br />
#networks:<br />
# server:<br />
# external: true<br />
# However it may fixing the internal docker network and adding to 'LocalNetworks'<br />
# to allow local DNS lookups etc<br />
<br />
nano /home/e-smith/files/docker/configs/element-config.json<br />
<br />
Paste this content:<br />
https://develop.element.io/config.json<br />
<br />
Remove "default_server_name": "matrix.org" from element-config.json<br />
<br />
Paste this at the top of the file using your server name:<br />
<br />
"default_server_config": {<br />
"m.homeserver": {<br />
"base_url": "https://matrix.example.com",<br />
"server_name": "matrix.example.com"<br />
},<br />
"m.identity_server": {<br />
"base_url": "https://vector.im"<br />
}<br />
},<br />
<br />
<br />
Generate synapse config:<br />
<br />
docker-compose run --rm synapse generate<br />
<br />
Do we need to edit the server name here? Check.<br />
<br />
nano /home/e-smith/files/docker/configs/data/homeserver.yaml<br />
<br />
=== Configuration ===<br />
you can list the available configuration with the following command :<br />
config show matrix<br />
<br />
Some of the properties are not shown, but are defaulted in a template or a script. Here a more comprehensive list with default and expected values :<br />
{| class="wikitable"<br />
!property<br />
!default<br />
!values<br />
!<br />
|-<br />
|DbName<br />
|matrix<br />
|string<br />
|for postgresql docker db<br />
|-<br />
|DbPassword<br />
|GENERATED<br />
|string<br />
|for mysql db<br />
|-<br />
|DbUser<br />
|none<br />
|string<br />
|for mysql db<br />
|-<br />
|access<br />
|private<br />
|private, public<br />
|<br />
|-<br />
|TCPPort<br />
|8448<br />
|variable<br />
|<br />
|-<br />
|status<br />
|enabled<br />
|enabled,disabled<br />
|}<br />
<br />
<br />
<br />
===Add Users===<br />
<br />
docker exec -it synapse bash<br />
register_new_matrix_user -c /data/homeserver.yaml http://localhost:8008<br />
<br />
For an admin user<br />
register_new_matrix_user -a -c /data/homeserver.yaml http://localhost:8008<br />
<br />
https://manpages.debian.org/testing/matrix-synapse/register_new_matrix_user.1.en.html<br />
<br />
Update user password with postgresql<br />
<br />
docker exec -it synapse /usr/local/bin/hash_password -c /data/homeserver.yaml<br />
UPDATE users SET password_hash = '<password-hash>' WHERE name = '@someone:server.com'<br />
<br />
where <password-hash> is the hash returned by the docker command above<br />
<br />
<br />
===Alternative compose file===<br />
<br />
https://cyberhost.uk/element-matrix-setup/<br />
<br />
docker network create --driver=bridge --subnet=10.10.10.0/24 --gateway=10.10.10.1 matrix_net<br />
<br />
version: '2.3'<br />
services:<br />
postgres:<br />
image: postgres:14<br />
restart: unless-stopped<br />
networks:<br />
default:<br />
ipv4_address: 10.10.10.2<br />
volumes:<br />
- ./postgresdata:/var/lib/postgresql/data<br />
<br />
# These will be used in homeserver.yaml later on<br />
environment:<br />
- POSTGRES_DB=synapse<br />
- POSTGRES_USER=synapse<br />
- POSTGRES_PASSWORD=STRONGPASSWORD<br />
<br />
element:<br />
image: vectorim/element-web:latest<br />
restart: unless-stopped<br />
volumes:<br />
- ./element-config.json:/app/config.json<br />
networks:<br />
default:<br />
ipv4_address: 10.10.10.3<br />
<br />
synapse:<br />
image: matrixdotorg/synapse:latest<br />
restart: unless-stopped<br />
networks:<br />
default:<br />
ipv4_address: 10.10.10.4<br />
volumes:<br />
- ./synapse:/data<br />
<br />
networks:<br />
default:<br />
external:<br />
name: matrix_net<br />
<br />
<br />
Generate synapse config:<br />
<br />
docker-compose run --rm synapse generate<br />
<br />
Comment homeserver.yaml<br />
<br />
#database:<br />
# name: sqlite3<br />
# args:<br />
# database: /data/homeserver.db<br />
<br />
Add postgresql<br />
<br />
database:<br />
name: psycopg2<br />
args:<br />
user: synapse<br />
password: STRONGPASSWORD<br />
database: synapse<br />
host: postgres<br />
cp_min: 5<br />
cp_max: 10<br />
<br />
<br />
docker-compose up -d<br />
<br />
=== Uninstall ===<br />
yum remove {{#var:smecontribname}} {{#var:contribname}}<br />
<br />
=== Bugs ===<br />
Please raise bugs under the SME-Contribs section in {{BugzillaFileBug|product=|component=|title= bugzilla}}<br />
and select the {{#var:smecontribname}} component or use {{BugzillaFileBug|product=SME%20Contribs|component={{#var:smecontribname}}|title=this link}}<br />
<br />
Below is an overview of the current issues for this contrib:{{#bugzilla:columns=id,product,version,status,summary|sort=id|order=desc|component={{#var:smecontribname}} |noresultsmessage=No open bugs found.}} <br />
<br />
===Changelog===<br />
Only released version in smecontrib are listed here.<br />
<br />
{{ #smechangelog: {{#var:smecontribname}} }}<br />
<br />
<br />
<!-- list of category you want to see this page in --><br />
[[Category: Contrib]]<br />
<br />
<!-- Please keep there the template revision number as is --><br />
[[contribtemplate::2| ]]<br />
[[contriblang:: {{#var:lang}} | ]]</div>ReetPhttps://wiki.koozali.org/index.php?title=Matrix-server&diff=41988Matrix-server2023-02-09T17:20:23Z<p>ReetP: /* Apache */</p>
<hr />
<div>{{Languages}}<br />
<!-- here we define the contrib name variable --><br />
<!-- we get the page title, remove suffix for translated version; if needed you can define there with the value you want--><br />
{{#vardefine:contribname| {{lc: {{#titleparts: {{BASEPAGENAME}} |1}} }} }}<br />
{{#vardefine:smecontribname| smeserver-{{lc: {{#titleparts: {{BASEPAGENAME}} |1}} }} }}<br />
<!-- we define the language --><br />
{{#vardefine:lang| {{lc: {{#titleparts: {{PAGENAME}} | | -1}} }} |en }}<br />
{{Infobox contribs<br />
|name={{#var:contribname}}<br />
|image={{#var:contribname}}.jpg<br />
|description_image= {{#var:contribname}} logo<br />
|maintainer= maintainer<br />
|licence= <br />
|url= https://wiki.koozali.org<br />
|category= Category you want<br />
|tags=File,this,with,a,list,of,tags<br />
}}<br />
<br />
===Maintainer===<br />
[[User:reetp|John Crisp]] <br />
<br />
===Status===<br />
<br />
{{WIP box|}}<br />
23/02/2023 This is a work in progress and not yet complete<br />
<br />
=== Version ===<br />
<!-- keep this first element as is, you can add some if needed --><br />
{{#smeversion: {{#var:smecontribname}} }}<br />
{{#smeversion: {{#var:contribname}} }}<br />
<br />
=== Description ===<br />
An open network for secure, decentralized communication<br />
Matrix is an open source project that publishes the Matrix open standard for secure, decentralised, real-time communication, and its Apache licensed reference implementations.<br />
Maintained by the non-profit Matrix.org Foundation, we aim to create an open platform which is as independent, vibrant and evolving as the Web itself... but for communication.<br />
As of June 2019, Matrix is out of beta, and the protocol is fully suitable for production usage.<br />
<br />
=== Installation ===<br />
<tabs container style="display: inline-block;" ><tab name="For SME 10"><br />
yum --enablerepo=smecontribs install {{#var:smecontribname}}<br />
</tab></tabs><br />
<br />
This installation depends on docker<br />
<br />
https://wiki.koozali.org/Docker<br />
<br />
These are how I did it manually. <br />
<br />
mkdir -p /home/e-smith/files/docker/configs/data<br />
<br />
Needs a fix. Need to check what docker assigns as user:group id<br />
chmod 0777 /home/e-smith/files/docker/configs/data<br />
<br />
This will open the port for federation:<br />
config set matrix service access public status enabled TCPPort 8448<br />
<br />
Set up a domain.<br />
<br />
db domains set matrix.mydomain.com domain\<br />
Content Primary\<br />
Description Matrix\<br />
Nameservers localhost\<br />
TemplatePath ProxyPassVirtualMatrix\<br />
letsencryptSSLcert enabled<br />
<br />
===Apache===<br />
<br />
mkdir -p /etc/e-smith/templates/etc/httpd/conf/httpd.conf/ProxyPassVirtualMatrix<br />
touch template-begin<br />
touch template-end<br />
nano ProxyPassContent<br />
<br />
Paste<br />
<br />
{<br />
if ($port eq "$httpPort") {<br />
$OUT .=<<_EVERYWHERE;<br />
<VirtualHost 0.0.0.0:80><br />
ServerName matrix.sovereigninsignia.com<br />
DocumentRoot /home/e-smith/files/ibays/Primary/html<br />
RewriteEngine on<br />
RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/.*<br />
RewriteRule ^/.well-known/acme-challenge(/.*|\$) https://%{HTTP_HOST}/.well-known/acme-challenge\$1 [L,R]<br />
RewriteRule ^/(.*|\$) https://%{HTTP_HOST}/\$1 [L,R]<br />
</VirtualHost><br />
_EVERYWHERE<br />
<br />
$OUT .=<<_THERE;<br />
<VirtualHost 0.0.0.0:8448><br />
SSLEngine on<br />
ServerName matrix.sovereigninsignia.com<br />
RequestHeader set "X-Forwarded-Proto" "https"<br />
AllowEncodedSlashes NoDecode<br />
ProxyPass /_matrix http://127.0.0.1:8008/_matrix nocanon<br />
ProxyPassReverse /_matrix http://127.0.0.1:8008/_matrix<br />
</VirtualHost><br />
_THERE<br />
}<br />
<br />
if ($port eq "$httpsPort"){ <br />
$OUT .=<<_HERE;<br />
<VirtualHost 0.0.0.0:443><br />
SSLEngine on<br />
ServerName matrix.sovereigninsignia.com<br />
ProxyPass /.well-known/acme-challenge/ !<br />
DocumentRoot /home/e-smith/files/ibays/Primary/html<br />
RequestHeader set "X-Forwarded-Proto" "https"<br />
AllowEncodedSlashes NoDecode<br />
ProxyPreserveHost on<br />
ProxyPass /_matrix http://127.0.0.1:8008/_matrix nocanon<br />
ProxyPassReverse /_matrix http://127.0.0.1:8008/_matrix<br />
ProxyPass /_synapse/client http://127.0.0.1:8008/_synapse/client nocanon<br />
ProxyPassReverse /_synapse/client http://127.0.0.1:8008/_synapse/client<br />
<Location /><br />
Require all granted<br />
</Location><br />
<Location /.well-known/acme-challenge/><br />
Require all granted<br />
</Location><br />
</VirtualHost><br />
_HERE<br />
}<br />
}<br />
<br />
Check you have access to .acme-challenge/well-known and get your letsencrypt certificate.<br />
<br />
nano /home/e-smith/files/docker/configs/docker-compose.yml<br />
<br />
version: '2.3'<br />
services:<br />
element:<br />
image: vectorim/element-web:latest<br />
restart: unless-stopped<br />
volumes:<br />
- ./element-config.json:/app/config.json<br />
synapse:<br />
container_name: synapse<br />
image: matrixdotorg/synapse:latest<br />
restart: unless-stopped<br />
volumes:<br />
- ./data:/data<br />
environment:<br />
SYNAPSE_SERVER_NAME: "matrix.sovereigninsignia.com"<br />
SYNAPSE_REPORT_STATS: "yes"<br />
ports:<br />
- 8008:8008<br />
# This may vary - need to think abut this<br />
user: 991:991<br />
<br />
# Experimental<br />
# This<br />
# network_mode: "host"<br />
# Or<br />
# networks: ["server"]<br />
#networks:<br />
# server:<br />
# external: true<br />
# However it may fixing the internal docker network and adding to 'LocalNetworks'<br />
# to allow local DNS lookups etc<br />
<br />
nano /home/e-smith/files/docker/configs/element-config.json<br />
<br />
Paste this content:<br />
https://develop.element.io/config.json<br />
<br />
Remove "default_server_name": "matrix.org" from element-config.json<br />
<br />
Paste this at the top of the file using your server name:<br />
<br />
"default_server_config": {<br />
"m.homeserver": {<br />
"base_url": "https://matrix.example.com",<br />
"server_name": "matrix.example.com"<br />
},<br />
"m.identity_server": {<br />
"base_url": "https://vector.im"<br />
}<br />
},<br />
<br />
<br />
Generate synapse config:<br />
<br />
docker-compose run --rm synapse generate<br />
<br />
Do we need to edit the server name here? Check.<br />
<br />
nano /home/e-smith/files/docker/configs/data/homeserver.yaml<br />
<br />
=== Configuration ===<br />
you can list the available configuration with the following command :<br />
config show matrix<br />
<br />
Some of the properties are not shown, but are defaulted in a template or a script. Here a more comprehensive list with default and expected values :<br />
{| class="wikitable"<br />
!property<br />
!default<br />
!values<br />
!<br />
|-<br />
|DbName<br />
|matrix<br />
|string<br />
|for postgresql docker db<br />
|-<br />
|DbPassword<br />
|GENERATED<br />
|string<br />
|for mysql db<br />
|-<br />
|DbUser<br />
|none<br />
|string<br />
|for mysql db<br />
|-<br />
|access<br />
|private<br />
|private, public<br />
|<br />
|-<br />
|TCPPort<br />
|8448<br />
|variable<br />
|<br />
|-<br />
|status<br />
|enabled<br />
|enabled,disabled<br />
|}<br />
<br />
<br />
<br />
===Add Users===<br />
<br />
docker exec -it synapse bash<br />
register_new_matrix_user -c /data/homeserver.yaml http://localhost:8008<br />
<br />
For an admin user<br />
register_new_matrix_user -a -c /data/homeserver.yaml http://localhost:8008<br />
<br />
https://manpages.debian.org/testing/matrix-synapse/register_new_matrix_user.1.en.html<br />
<br />
Update user password with postgresql<br />
<br />
docker exec -it synapse /usr/local/bin/hash_password -c /data/homeserver.yaml<br />
UPDATE users SET password_hash = '<password-hash>' WHERE name = '@someone:server.com'<br />
<br />
where <password-hash> is the hash returned by the docker command above<br />
<br />
<br />
===Alternative compose file===<br />
<br />
https://cyberhost.uk/element-matrix-setup/<br />
<br />
docker network create --driver=bridge --subnet=10.10.10.0/24 --gateway=10.10.10.1 matrix_net<br />
<br />
version: '2.3'<br />
services:<br />
postgres:<br />
image: postgres:14<br />
restart: unless-stopped<br />
networks:<br />
default:<br />
ipv4_address: 10.10.10.2<br />
volumes:<br />
- ./postgresdata:/var/lib/postgresql/data<br />
<br />
# These will be used in homeserver.yaml later on<br />
environment:<br />
- POSTGRES_DB=synapse<br />
- POSTGRES_USER=synapse<br />
- POSTGRES_PASSWORD=STRONGPASSWORD<br />
<br />
element:<br />
image: vectorim/element-web:latest<br />
restart: unless-stopped<br />
volumes:<br />
- ./element-config.json:/app/config.json<br />
networks:<br />
default:<br />
ipv4_address: 10.10.10.3<br />
<br />
synapse:<br />
image: matrixdotorg/synapse:latest<br />
restart: unless-stopped<br />
networks:<br />
default:<br />
ipv4_address: 10.10.10.4<br />
volumes:<br />
- ./synapse:/data<br />
<br />
networks:<br />
default:<br />
external:<br />
name: matrix_net<br />
<br />
<br />
Generate synapse config:<br />
<br />
docker-compose run --rm synapse generate<br />
<br />
Comment homeserver.yaml<br />
<br />
#database:<br />
# name: sqlite3<br />
# args:<br />
# database: /data/homeserver.db<br />
<br />
Add postgresql<br />
<br />
database:<br />
name: psycopg2<br />
args:<br />
user: synapse<br />
password: STRONGPASSWORD<br />
database: synapse<br />
host: postgres<br />
cp_min: 5<br />
cp_max: 10<br />
<br />
<br />
docker-compose up -d<br />
<br />
=== Uninstall ===<br />
yum remove {{#var:smecontribname}} {{#var:contribname}}<br />
<br />
=== Bugs ===<br />
Please raise bugs under the SME-Contribs section in {{BugzillaFileBug|product=|component=|title= bugzilla}}<br />
and select the {{#var:smecontribname}} component or use {{BugzillaFileBug|product=SME%20Contribs|component={{#var:smecontribname}}|title=this link}}<br />
<br />
Below is an overview of the current issues for this contrib:{{#bugzilla:columns=id,product,version,status,summary|sort=id|order=desc|component={{#var:smecontribname}} |noresultsmessage=No open bugs found.}} <br />
<br />
===Changelog===<br />
Only released version in smecontrib are listed here.<br />
<br />
{{ #smechangelog: {{#var:smecontribname}} }}<br />
<br />
<br />
<!-- list of category you want to see this page in --><br />
[[Category: Contrib]]<br />
<br />
<!-- Please keep there the template revision number as is --><br />
[[contribtemplate::2| ]]<br />
[[contriblang:: {{#var:lang}} | ]]</div>ReetPhttps://wiki.koozali.org/index.php?title=Matrix-server&diff=41987Matrix-server2023-02-09T17:19:24Z<p>ReetP: /* Installation */</p>
<hr />
<div>{{Languages}}<br />
<!-- here we define the contrib name variable --><br />
<!-- we get the page title, remove suffix for translated version; if needed you can define there with the value you want--><br />
{{#vardefine:contribname| {{lc: {{#titleparts: {{BASEPAGENAME}} |1}} }} }}<br />
{{#vardefine:smecontribname| smeserver-{{lc: {{#titleparts: {{BASEPAGENAME}} |1}} }} }}<br />
<!-- we define the language --><br />
{{#vardefine:lang| {{lc: {{#titleparts: {{PAGENAME}} | | -1}} }} |en }}<br />
{{Infobox contribs<br />
|name={{#var:contribname}}<br />
|image={{#var:contribname}}.jpg<br />
|description_image= {{#var:contribname}} logo<br />
|maintainer= maintainer<br />
|licence= <br />
|url= https://wiki.koozali.org<br />
|category= Category you want<br />
|tags=File,this,with,a,list,of,tags<br />
}}<br />
<br />
===Maintainer===<br />
[[User:reetp|John Crisp]] <br />
<br />
===Status===<br />
<br />
{{WIP box|}}<br />
23/02/2023 This is a work in progress and not yet complete<br />
<br />
=== Version ===<br />
<!-- keep this first element as is, you can add some if needed --><br />
{{#smeversion: {{#var:smecontribname}} }}<br />
{{#smeversion: {{#var:contribname}} }}<br />
<br />
=== Description ===<br />
An open network for secure, decentralized communication<br />
Matrix is an open source project that publishes the Matrix open standard for secure, decentralised, real-time communication, and its Apache licensed reference implementations.<br />
Maintained by the non-profit Matrix.org Foundation, we aim to create an open platform which is as independent, vibrant and evolving as the Web itself... but for communication.<br />
As of June 2019, Matrix is out of beta, and the protocol is fully suitable for production usage.<br />
<br />
=== Installation ===<br />
<tabs container style="display: inline-block;" ><tab name="For SME 10"><br />
yum --enablerepo=smecontribs install {{#var:smecontribname}}<br />
</tab></tabs><br />
<br />
This installation depends on docker<br />
<br />
https://wiki.koozali.org/Docker<br />
<br />
These are how I did it manually. <br />
<br />
mkdir -p /home/e-smith/files/docker/configs/data<br />
<br />
Needs a fix. Need to check what docker assigns as user:group id<br />
chmod 0777 /home/e-smith/files/docker/configs/data<br />
<br />
This will open the port for federation:<br />
config set matrix service access public status enabled TCPPort 8448<br />
<br />
Set up a domain.<br />
<br />
db domains set matrix.mydomain.com domain\<br />
Content Primary\<br />
Description Matrix\<br />
Nameservers localhost\<br />
TemplatePath ProxyPassVirtualMatrix\<br />
letsencryptSSLcert enabled<br />
<br />
===Apache===<br />
<br />
mkdir -p /etc/e-smith/templates/etc/httpd/conf/httpd.conf/ProxyPassVirtualMatrix<br />
touch template-begin<br />
touch template-end<br />
nano ProxyPassContent<br />
<br />
Paste<br />
<br />
{<br />
if ($port eq "$httpPort") {<br />
$OUT .=<<_EVERYWHERE;<br />
<VirtualHost 0.0.0.0:80><br />
ServerName matrix.sovereigninsignia.com<br />
DocumentRoot /home/e-smith/files/ibays/Primary/html<br />
RewriteEngine on<br />
RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/.*<br />
RewriteRule ^/.well-known/acme-challenge(/.*|\$) https://%{HTTP_HOST}/.well-known/acme-challenge\$1 [L,R]<br />
RewriteRule ^/(.*|\$) https://%{HTTP_HOST}/\$1 [L,R]<br />
</VirtualHost><br />
_EVERYWHERE<br />
<br />
$OUT .=<<_THERE;<br />
<VirtualHost 0.0.0.0:8448><br />
SSLEngine on<br />
ServerName matrix.sovereigninsignia.com<br />
RequestHeader set "X-Forwarded-Proto" "https"<br />
AllowEncodedSlashes NoDecode<br />
ProxyPass /_matrix http://127.0.0.1:8008/_matrix nocanon<br />
ProxyPassReverse /_matrix http://127.0.0.1:8008/_matrix<br />
</VirtualHost><br />
_THERE<br />
}<br />
<br />
if ($port eq "$httpsPort"){ <br />
$OUT .=<<_HERE;<br />
<VirtualHost 0.0.0.0:443><br />
SSLEngine on<br />
ServerName matrix.sovereigninsignia.com<br />
ProxyPass /.well-known/acme-challenge/ !<br />
DocumentRoot /home/e-smith/files/ibays/Primary/html<br />
RequestHeader set "X-Forwarded-Proto" "https"<br />
AllowEncodedSlashes NoDecode<br />
ProxyPreserveHost on<br />
ProxyPass /_matrix http://127.0.0.1:8008/_matrix nocanon<br />
ProxyPassReverse /_matrix http://127.0.0.1:8008/_matrix<br />
ProxyPass /_synapse/client http://127.0.0.1:8008/_synapse/client nocanon<br />
ProxyPassReverse /_synapse/client http://127.0.0.1:8008/_synapse/client<br />
<Location /><br />
Require all granted<br />
</Location><br />
<Location /.well-known/acme-challenge/><br />
Require all granted<br />
</Location><br />
</VirtualHost><br />
_HERE<br />
}<br />
}<br />
<br />
<br />
<br />
/home/e-smith/files/docker/configs/docker-compose.yml<br />
<br />
version: '2.3'<br />
services:<br />
element:<br />
image: vectorim/element-web:latest<br />
restart: unless-stopped<br />
volumes:<br />
- ./element-config.json:/app/config.json<br />
synapse:<br />
container_name: synapse<br />
image: matrixdotorg/synapse:latest<br />
restart: unless-stopped<br />
volumes:<br />
- ./data:/data<br />
environment:<br />
SYNAPSE_SERVER_NAME: "matrix.sovereigninsignia.com"<br />
SYNAPSE_REPORT_STATS: "yes"<br />
ports:<br />
- 8008:8008<br />
# This may vary - need to think abut this<br />
user: 991:991<br />
<br />
# Experimental<br />
# This<br />
# network_mode: "host"<br />
# Or<br />
# networks: ["server"]<br />
#networks:<br />
# server:<br />
# external: true<br />
# However it may fixing the internal docker network and adding to 'LocalNetworks'<br />
# to allow local DNS lookups etc<br />
<br />
nano /home/e-smith/files/docker/configs/element-config.json<br />
<br />
Paste this content:<br />
https://develop.element.io/config.json<br />
<br />
Remove "default_server_name": "matrix.org" from element-config.json<br />
<br />
Paste this at the top of the file using your server name:<br />
<br />
"default_server_config": {<br />
"m.homeserver": {<br />
"base_url": "https://matrix.example.com",<br />
"server_name": "matrix.example.com"<br />
},<br />
"m.identity_server": {<br />
"base_url": "https://vector.im"<br />
}<br />
},<br />
<br />
<br />
Generate synapse config:<br />
<br />
docker-compose run --rm synapse generate<br />
<br />
Do we need to edit the server name here? Check.<br />
<br />
nano /home/e-smith/files/docker/configs/data/homeserver.yaml<br />
<br />
<br />
=== Configuration ===<br />
you can list the available configuration with the following command :<br />
config show matrix<br />
<br />
Some of the properties are not shown, but are defaulted in a template or a script. Here a more comprehensive list with default and expected values :<br />
{| class="wikitable"<br />
!property<br />
!default<br />
!values<br />
!<br />
|-<br />
|DbName<br />
|matrix<br />
|string<br />
|for postgresql docker db<br />
|-<br />
|DbPassword<br />
|GENERATED<br />
|string<br />
|for mysql db<br />
|-<br />
|DbUser<br />
|none<br />
|string<br />
|for mysql db<br />
|-<br />
|access<br />
|private<br />
|private, public<br />
|<br />
|-<br />
|TCPPort<br />
|8448<br />
|variable<br />
|<br />
|-<br />
|status<br />
|enabled<br />
|enabled,disabled<br />
|}<br />
<br />
<br />
<br />
===Add Users===<br />
<br />
docker exec -it synapse bash<br />
register_new_matrix_user -c /data/homeserver.yaml http://localhost:8008<br />
<br />
For an admin user<br />
register_new_matrix_user -a -c /data/homeserver.yaml http://localhost:8008<br />
<br />
https://manpages.debian.org/testing/matrix-synapse/register_new_matrix_user.1.en.html<br />
<br />
Update user password with postgresql<br />
<br />
docker exec -it synapse /usr/local/bin/hash_password -c /data/homeserver.yaml<br />
UPDATE users SET password_hash = '<password-hash>' WHERE name = '@someone:server.com'<br />
<br />
where <password-hash> is the hash returned by the docker command above<br />
<br />
<br />
===Alternative compose file===<br />
<br />
https://cyberhost.uk/element-matrix-setup/<br />
<br />
docker network create --driver=bridge --subnet=10.10.10.0/24 --gateway=10.10.10.1 matrix_net<br />
<br />
version: '2.3'<br />
services:<br />
postgres:<br />
image: postgres:14<br />
restart: unless-stopped<br />
networks:<br />
default:<br />
ipv4_address: 10.10.10.2<br />
volumes:<br />
- ./postgresdata:/var/lib/postgresql/data<br />
<br />
# These will be used in homeserver.yaml later on<br />
environment:<br />
- POSTGRES_DB=synapse<br />
- POSTGRES_USER=synapse<br />
- POSTGRES_PASSWORD=STRONGPASSWORD<br />
<br />
element:<br />
image: vectorim/element-web:latest<br />
restart: unless-stopped<br />
volumes:<br />
- ./element-config.json:/app/config.json<br />
networks:<br />
default:<br />
ipv4_address: 10.10.10.3<br />
<br />
synapse:<br />
image: matrixdotorg/synapse:latest<br />
restart: unless-stopped<br />
networks:<br />
default:<br />
ipv4_address: 10.10.10.4<br />
volumes:<br />
- ./synapse:/data<br />
<br />
networks:<br />
default:<br />
external:<br />
name: matrix_net<br />
<br />
<br />
Generate synapse config:<br />
<br />
docker-compose run --rm synapse generate<br />
<br />
Comment homeserver.yaml<br />
<br />
#database:<br />
# name: sqlite3<br />
# args:<br />
# database: /data/homeserver.db<br />
<br />
Add postgresql<br />
<br />
database:<br />
name: psycopg2<br />
args:<br />
user: synapse<br />
password: STRONGPASSWORD<br />
database: synapse<br />
host: postgres<br />
cp_min: 5<br />
cp_max: 10<br />
<br />
<br />
docker-compose up -d<br />
<br />
=== Uninstall ===<br />
yum remove {{#var:smecontribname}} {{#var:contribname}}<br />
<br />
=== Bugs ===<br />
Please raise bugs under the SME-Contribs section in {{BugzillaFileBug|product=|component=|title= bugzilla}}<br />
and select the {{#var:smecontribname}} component or use {{BugzillaFileBug|product=SME%20Contribs|component={{#var:smecontribname}}|title=this link}}<br />
<br />
Below is an overview of the current issues for this contrib:{{#bugzilla:columns=id,product,version,status,summary|sort=id|order=desc|component={{#var:smecontribname}} |noresultsmessage=No open bugs found.}} <br />
<br />
===Changelog===<br />
Only released version in smecontrib are listed here.<br />
<br />
{{ #smechangelog: {{#var:smecontribname}} }}<br />
<br />
<br />
<!-- list of category you want to see this page in --><br />
[[Category: Contrib]]<br />
<br />
<!-- Please keep there the template revision number as is --><br />
[[contribtemplate::2| ]]<br />
[[contriblang:: {{#var:lang}} | ]]</div>ReetPhttps://wiki.koozali.org/index.php?title=Matrix-server&diff=41986Matrix-server2023-02-09T17:16:54Z<p>ReetP: Created page with "{{Languages}} <!-- here we define the contrib name variable --> <!-- we get the page title, remove suffix for translated version; if needed you can define there with the value..."</p>
<hr />
<div>{{Languages}}<br />
<!-- here we define the contrib name variable --><br />
<!-- we get the page title, remove suffix for translated version; if needed you can define there with the value you want--><br />
{{#vardefine:contribname| {{lc: {{#titleparts: {{BASEPAGENAME}} |1}} }} }}<br />
{{#vardefine:smecontribname| smeserver-{{lc: {{#titleparts: {{BASEPAGENAME}} |1}} }} }}<br />
<!-- we define the language --><br />
{{#vardefine:lang| {{lc: {{#titleparts: {{PAGENAME}} | | -1}} }} |en }}<br />
{{Infobox contribs<br />
|name={{#var:contribname}}<br />
|image={{#var:contribname}}.jpg<br />
|description_image= {{#var:contribname}} logo<br />
|maintainer= maintainer<br />
|licence= <br />
|url= https://wiki.koozali.org<br />
|category= Category you want<br />
|tags=File,this,with,a,list,of,tags<br />
}}<br />
<br />
===Maintainer===<br />
[[User:reetp|John Crisp]] <br />
<br />
===Status===<br />
<br />
{{WIP box|}}<br />
23/02/2023 This is a work in progress and not yet complete<br />
<br />
=== Version ===<br />
<!-- keep this first element as is, you can add some if needed --><br />
{{#smeversion: {{#var:smecontribname}} }}<br />
{{#smeversion: {{#var:contribname}} }}<br />
<br />
=== Description ===<br />
An open network for secure, decentralized communication<br />
Matrix is an open source project that publishes the Matrix open standard for secure, decentralised, real-time communication, and its Apache licensed reference implementations.<br />
Maintained by the non-profit Matrix.org Foundation, we aim to create an open platform which is as independent, vibrant and evolving as the Web itself... but for communication.<br />
As of June 2019, Matrix is out of beta, and the protocol is fully suitable for production usage.<br />
<br />
=== Installation ===<br />
<tabs container style="display: inline-block;" ><tab name="For SME 10"><br />
yum --enablerepo=smecontribs install {{#var:smecontribname}}<br />
</tab></tabs><br />
<br />
This installation depends on docker<br />
<br />
https://wiki.koozali.org/Docker<br />
<br />
These are how I did it manually. <br />
<br />
mkdir -p /home/e-smith/files/docker/configs/data<br />
<br />
Needs a fix. Need to check what docker assigns as user:group id<br />
chmod 0777 /home/e-smith/files/docker/configs/data<br />
<br />
This will open the port for federation:<br />
config set matrix service access public status enabled TCPPort 8448<br />
<br />
<br />
===Apache===<br />
<br />
mkdir -p /etc/e-smith/templates/etc/httpd/conf/httpd.conf/ProxyPassVirtualMatrix<br />
touch template-begin<br />
touch template-end<br />
nano ProxyPassContent<br />
<br />
Paste<br />
<br />
{<br />
if ($port eq "$httpPort") {<br />
$OUT .=<<_EVERYWHERE;<br />
<VirtualHost 0.0.0.0:80><br />
ServerName matrix.sovereigninsignia.com<br />
DocumentRoot /home/e-smith/files/ibays/Primary/html<br />
RewriteEngine on<br />
RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/.*<br />
RewriteRule ^/.well-known/acme-challenge(/.*|\$) https://%{HTTP_HOST}/.well-known/acme-challenge\$1 [L,R]<br />
RewriteRule ^/(.*|\$) https://%{HTTP_HOST}/\$1 [L,R]<br />
</VirtualHost><br />
_EVERYWHERE<br />
<br />
$OUT .=<<_THERE;<br />
<VirtualHost 0.0.0.0:8448><br />
SSLEngine on<br />
ServerName matrix.sovereigninsignia.com<br />
RequestHeader set "X-Forwarded-Proto" "https"<br />
AllowEncodedSlashes NoDecode<br />
ProxyPass /_matrix http://127.0.0.1:8008/_matrix nocanon<br />
ProxyPassReverse /_matrix http://127.0.0.1:8008/_matrix<br />
</VirtualHost><br />
_THERE<br />
}<br />
<br />
if ($port eq "$httpsPort"){ <br />
$OUT .=<<_HERE;<br />
<VirtualHost 0.0.0.0:443><br />
SSLEngine on<br />
ServerName matrix.sovereigninsignia.com<br />
ProxyPass /.well-known/acme-challenge/ !<br />
DocumentRoot /home/e-smith/files/ibays/Primary/html<br />
RequestHeader set "X-Forwarded-Proto" "https"<br />
AllowEncodedSlashes NoDecode<br />
ProxyPreserveHost on<br />
ProxyPass /_matrix http://127.0.0.1:8008/_matrix nocanon<br />
ProxyPassReverse /_matrix http://127.0.0.1:8008/_matrix<br />
ProxyPass /_synapse/client http://127.0.0.1:8008/_synapse/client nocanon<br />
ProxyPassReverse /_synapse/client http://127.0.0.1:8008/_synapse/client<br />
<Location /><br />
Require all granted<br />
</Location><br />
<Location /.well-known/acme-challenge/><br />
Require all granted<br />
</Location><br />
</VirtualHost><br />
_HERE<br />
}<br />
}<br />
<br />
<br />
<br />
/home/e-smith/files/docker/configs/docker-compose.yml<br />
<br />
version: '2.3'<br />
services:<br />
element:<br />
image: vectorim/element-web:latest<br />
restart: unless-stopped<br />
volumes:<br />
- ./element-config.json:/app/config.json<br />
synapse:<br />
container_name: synapse<br />
image: matrixdotorg/synapse:latest<br />
restart: unless-stopped<br />
volumes:<br />
- ./data:/data<br />
environment:<br />
SYNAPSE_SERVER_NAME: "matrix.sovereigninsignia.com"<br />
SYNAPSE_REPORT_STATS: "yes"<br />
ports:<br />
- 8008:8008<br />
# This may vary - need to think abut this<br />
user: 991:991<br />
<br />
# Experimental<br />
# This<br />
# network_mode: "host"<br />
# Or<br />
# networks: ["server"]<br />
#networks:<br />
# server:<br />
# external: true<br />
# However it may fixing the internal docker network and adding to 'LocalNetworks'<br />
# to allow local DNS lookups etc<br />
<br />
nano /home/e-smith/files/docker/configs/element-config.json<br />
<br />
Paste this content:<br />
https://develop.element.io/config.json<br />
<br />
Remove "default_server_name": "matrix.org" from element-config.json<br />
<br />
Paste this at the top of the file using your server name:<br />
<br />
"default_server_config": {<br />
"m.homeserver": {<br />
"base_url": "https://matrix.example.com",<br />
"server_name": "matrix.example.com"<br />
},<br />
"m.identity_server": {<br />
"base_url": "https://vector.im"<br />
}<br />
},<br />
<br />
<br />
Generate synapse config:<br />
<br />
docker-compose run --rm synapse generate<br />
<br />
Do we need to edit the server name here? Check.<br />
<br />
nano /home/e-smith/files/docker/configs/data/homeserver.yaml<br />
<br />
<br />
=== Configuration ===<br />
you can list the available configuration with the following command :<br />
config show matrix<br />
<br />
Some of the properties are not shown, but are defaulted in a template or a script. Here a more comprehensive list with default and expected values :<br />
{| class="wikitable"<br />
!property<br />
!default<br />
!values<br />
!<br />
|-<br />
|DbName<br />
|matrix<br />
|string<br />
|for postgresql docker db<br />
|-<br />
|DbPassword<br />
|GENERATED<br />
|string<br />
|for mysql db<br />
|-<br />
|DbUser<br />
|none<br />
|string<br />
|for mysql db<br />
|-<br />
|access<br />
|private<br />
|private, public<br />
|<br />
|-<br />
|TCPPort<br />
|8448<br />
|variable<br />
|<br />
|-<br />
|status<br />
|enabled<br />
|enabled,disabled<br />
|}<br />
<br />
<br />
<br />
===Add Users===<br />
<br />
docker exec -it synapse bash<br />
register_new_matrix_user -c /data/homeserver.yaml http://localhost:8008<br />
<br />
For an admin user<br />
register_new_matrix_user -a -c /data/homeserver.yaml http://localhost:8008<br />
<br />
https://manpages.debian.org/testing/matrix-synapse/register_new_matrix_user.1.en.html<br />
<br />
Update user password with postgresql<br />
<br />
docker exec -it synapse /usr/local/bin/hash_password -c /data/homeserver.yaml<br />
UPDATE users SET password_hash = '<password-hash>' WHERE name = '@someone:server.com'<br />
<br />
where <password-hash> is the hash returned by the docker command above<br />
<br />
<br />
===Alternative compose file===<br />
<br />
https://cyberhost.uk/element-matrix-setup/<br />
<br />
docker network create --driver=bridge --subnet=10.10.10.0/24 --gateway=10.10.10.1 matrix_net<br />
<br />
version: '2.3'<br />
services:<br />
postgres:<br />
image: postgres:14<br />
restart: unless-stopped<br />
networks:<br />
default:<br />
ipv4_address: 10.10.10.2<br />
volumes:<br />
- ./postgresdata:/var/lib/postgresql/data<br />
<br />
# These will be used in homeserver.yaml later on<br />
environment:<br />
- POSTGRES_DB=synapse<br />
- POSTGRES_USER=synapse<br />
- POSTGRES_PASSWORD=STRONGPASSWORD<br />
<br />
element:<br />
image: vectorim/element-web:latest<br />
restart: unless-stopped<br />
volumes:<br />
- ./element-config.json:/app/config.json<br />
networks:<br />
default:<br />
ipv4_address: 10.10.10.3<br />
<br />
synapse:<br />
image: matrixdotorg/synapse:latest<br />
restart: unless-stopped<br />
networks:<br />
default:<br />
ipv4_address: 10.10.10.4<br />
volumes:<br />
- ./synapse:/data<br />
<br />
networks:<br />
default:<br />
external:<br />
name: matrix_net<br />
<br />
<br />
Generate synapse config:<br />
<br />
docker-compose run --rm synapse generate<br />
<br />
Comment homeserver.yaml<br />
<br />
#database:<br />
# name: sqlite3<br />
# args:<br />
# database: /data/homeserver.db<br />
<br />
Add postgresql<br />
<br />
database:<br />
name: psycopg2<br />
args:<br />
user: synapse<br />
password: STRONGPASSWORD<br />
database: synapse<br />
host: postgres<br />
cp_min: 5<br />
cp_max: 10<br />
<br />
<br />
docker-compose up -d<br />
<br />
=== Uninstall ===<br />
yum remove {{#var:smecontribname}} {{#var:contribname}}<br />
<br />
=== Bugs ===<br />
Please raise bugs under the SME-Contribs section in {{BugzillaFileBug|product=|component=|title= bugzilla}}<br />
and select the {{#var:smecontribname}} component or use {{BugzillaFileBug|product=SME%20Contribs|component={{#var:smecontribname}}|title=this link}}<br />
<br />
Below is an overview of the current issues for this contrib:{{#bugzilla:columns=id,product,version,status,summary|sort=id|order=desc|component={{#var:smecontribname}} |noresultsmessage=No open bugs found.}} <br />
<br />
===Changelog===<br />
Only released version in smecontrib are listed here.<br />
<br />
{{ #smechangelog: {{#var:smecontribname}} }}<br />
<br />
<br />
<!-- list of category you want to see this page in --><br />
[[Category: Contrib]]<br />
<br />
<!-- Please keep there the template revision number as is --><br />
[[contribtemplate::2| ]]<br />
[[contriblang:: {{#var:lang}} | ]]</div>ReetPhttps://wiki.koozali.org/index.php?title=IPv6&diff=41953IPv62023-02-01T13:09:07Z<p>ReetP: /* LDAP */</p>
<hr />
<div>==IPv6 implementation on Koozali SME Server==<br />
<br />
Some notes on how we can implement IPv6 on Koozali SME Server<br />
<br />
This is a massive task and needs careful consideration and a lot of work.<br />
<br />
Initial bug:<br />
https://bugs.koozali.org/show_bug.cgi?id=6393<br />
<br />
Feel free to add notes and comments.<br />
<br />
{{Warning box|Code below is highly experimental. Do NOT try it on a production server.}}<br />
<br />
===Commentary===<br />
<br />
As IPv4 address availability has decreased, the world is slowly starting to use IPv6.<br />
<br />
A fundamental block to adoption of IPv6 has been the lack of backwards compatibility. Yes, you could go full IPv6 only, assuming all your devices can handle it, but as most of the world still runs IPv4 you have to manage that. <br />
<br />
Essentially every service and app has to be written to allow for both IPv4 AND IPv6. aka 'Dual Stack'.<br />
<br />
That means duplicating a lot of work, and due to the nature of IPv6 - it was not designed to handle NAT, and every device is meant to have a routable public IP - this means added complexity and security considerations. That makes it more difficult for Koozali in Server/Gateway mode.<br />
<br />
Carriers have found it easier to use CGNAT - double NAT - than deal with the issue of rolling out IPv6.<br />
<br />
Some countries have rolled IPv6 out, some are in the process, and many have not at all.<br />
<br />
Even where IPv6 has been rolled out, not all ISPs offer it.<br />
<br />
IPv6 has been around for 25 years and is still a very long way from widespread adoption. It may well be another 25 years before the world is fully IPv6, and IPv4 will still exist for a long time come thereafter.<br />
<br />
===List of areas to be considered===<br />
<br />
====Config entries====<br />
<br />
There are a couple of instances where a key is already used:<br />
<br />
config show IPv6<br />
<br />
We should use this as the basis for IPv6 settings.<br />
<br />
====IP addresses====<br />
<br />
I have no IPv6 from my provider so set up a 6to4 tunnel account with Hurricane:<br />
<br />
https://tunnelbroker.net/<br />
<br />
You can set up a free account and obtain a /64block<br />
<br />
The following testing was done with a server in server only mode as this is the easier scenario.<br />
<br />
My server is behind a Mikrotik router. I first set up the Mikrotik to handle the IPv6. Then I worked on the server.<br />
<br />
The server will pick up an IPv6 address automatically from the tunnel via the router. It will need further configuration for SME to handle the tunnel instead of the router. However, this is sufficient for basic testing.<br />
<br />
Remember that IPv6 address are public facing. I have not done any work on firewalling.<br />
<br />
Some other brief thoughts:<br />
<br />
* Tunneled 6to4<br />
* Native IPv6 block from ISP<br />
* DHCP/DNS in Koozali<br />
* Routed using public IP and private address space?<br />
<br />
====Enable networking====<br />
<br />
{{Warning box|Code below is highly experimental. TESTING ONLY. Do NOT try it on a production server as you will almost certainly get hacked}}<br />
<br />
IPv6 currently disabled.<br />
<br />
Get your Gateway IP "Server IPv6 Address:" and set it here:<br />
<br />
IPv6=service<br />
status=enabled<br />
Gateway=2001:470:79c1:5ff::1<br />
<br />
This seems to get it started:<br />
<br />
mkdir -p /etc/e-smith/templates-custom/etc/sysctl.conf<br />
nano /etc/e-smith/templates-custom/etc/sysctl.conf/net.ipv6<br />
<br />
{<br />
if ( ($IPv6{status} || 'disabled') ne "enabled" ) {<br />
$OUT .= "# IPv6 is disabled\n";<br />
$OUT .= "net.ipv6.conf.all.disable_ipv6 = 1\n";<br />
$OUT .= "net.ipv6.conf.default.disable_ipv6 = 1\n";<br />
}<br />
else {<br />
$OUT .= "# IPv6 is enabled\n";<br />
$OUT .= "net.ipv6.conf.all.disable_ipv6 = 0\n";<br />
$OUT .= "net.ipv6.conf.default.disable_ipv6 = 0\n";<br />
}<br />
}<br />
<br />
mkdir -p /etc/e-smith/templates-custom/etc/sysconfig/network-scripts/ifcfg-ethX<br />
nano /etc/e-smith/templates-custom/etc/sysconfig/network-scripts/ifcfg-ethX/60IPV6<br />
<br />
{<br />
if ($IPv6{'status'} eq "enabled") {<br />
$OUT .= "IPV6INIT=yes";<br />
$OUT .= "IPV6_AUTOCONF=yes";<br />
$OUT .= "IPV6_DEFROUTE=yes";<br />
$OUT .= "IPV6_PEERROUTES=yes";<br />
$OUT .= "IPV6_FAILURE_FATAL=yes";<br />
$OUT .= "DNS0=2001:4860:4860::8888"; # Google DNS - you may want to change them!!<br />
$OUT .= "IPV6_PRIVACY=no";<br />
} else {<br />
return "IPV6INIT=no";<br />
}<br />
<br />
mkdir -p /etc/e-smith/templates-custom/etc/sysconfig/network-scripts/route-ethX<br />
nano /etc/e-smith/templates-custom/etc/sysconfig/network-scripts/route-ethX/08Gateway<br />
<br />
{<br />
return "" unless (defined $GatewayIP && (<br />
($SystemMode eq 'serveronly' && $InternalInterface{Name} eq $THIS_DEVICE ) ||<br />
($ExternalInterface{Name} eq $THIS_DEVICE) ));<br />
$OUT .= "$GatewayIP dev $THIS_DEVICE\n";<br />
$OUT .= "default via $GatewayIP dev $THIS_DEVICE\n";<br />
if ($IPv6{'status'} eq "enabled") {<br />
$OUT .= "$IPv6{'Gateway' dev $THIS_DEVICE\n";<br />
$OUT .= "default via $IPv6{'Gateway'} dev $THIS_DEVICE\n";<br />
}<br />
}<br />
<br />
{{Warning box|If you run the following command your server will have a public IP and NO firewall. You have been warned}}<br />
<br />
signal-event post-upgrade;signal-event reboot.<br />
<br />
You should get an automatic IP assigned from your Hurricane pool.<br />
<br />
ip addr show eth0<br />
<br />
3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000<br />
link/ether ca:94:35:c2:d6:e1 brd ff:ff:ff:ff:ff:ff<br />
inet 192.168.10.212/24 brd 192.168.10.255 scope global eth0<br />
valid_lft forever preferred_lft forever<br />
inet6 2001:470:79c1:5ff:c894:35ff:fec2:d6e1/64 scope global mngtmpaddr dynamic <br />
valid_lft 2591951sec preferred_lft 604751sec<br />
inet6 fe80::c894:35ff:fec2:d6e1/64 scope link <br />
valid_lft forever preferred_lft forever<br />
<br />
Try a ping6 <br />
<br />
ping6 ipv6.google.com<br />
PING ipv6.google.com(mad06s10-in-x0e.1e100.net (2a00:1450:4003:808::200e)) 56 data bytes<br />
64 bytes from mad06s10-in-x0e.1e100.net (2a00:1450:4003:808::200e): icmp_seq=1 ttl=117 time=56.2 ms<br />
64 bytes from mad06s10-in-x0e.1e100.net (2a00:1450:4003:808::200e): icmp_seq=2 ttl=117 time=55.5 ms<br />
<br />
<br />
See the bug for some more templates that we might be able to use.<br />
<br />
====Firewall====<br />
<br />
ip6tables<br />
<br />
====Server/Gateway====<br />
<br />
Routing<br />
<br />
====DNS/DHCPD====<br />
<br />
DNS (PiHole in a docker container?)<br />
<br />
<br />
====Services====<br />
<br />
List of other affected services and vague efforts to get IPv6 running for them.<br />
<br />
httpd<br />
<br />
email<br />
<br />
smbd<br />
<br />
mysql (already listens for tcp6/3313)<br />
<br />
ntpd (already listens on udp6/123)<br />
<br />
sshd as below<br />
<br />
ldap as below<br />
<br />
=====SSH===== (bad hack here so careful as this may open your server up to remote access)<br />
<br />
mkdir /etc/e-smith/templates-custom/etc/ssh/sshd_config<br />
nano /etc/e-smith/templates-custom/etc/ssh/sshd_config/15ListenAddress<br />
<br />
{<br />
my $access = $sshd{'access'} || 'private';<br />
my $address = ($access eq "public") ? "0.0.0.0" : "$LocalIP";<br />
# Not sure how we allow for 'Local IP only' with IPv6<br />
# Possibly limit it to the local subnet?<br />
if ($IPv6{status} eq "enabled") { <br />
$OUT .= "ListenAddress ::\n";<br />
$OUT .= "ListenAddress $address\n";<br />
} else {<br />
$OUT .= "ListenAddress $address\n";<br />
}<br />
}<br />
<br />
signal-event remoteaccess-update<br />
<br />
Then try:<br />
<br />
ssh root@2001:470:1f13:3ff:2a9:b700:fe99:792c<br />
<br />
=====LDAP=====<br />
<br />
mkdir -p /etc/e-smith/templates-custom/etc/sysconfig/slapd<br />
nano /etc/e-smith/templates-custom/etc/sysconfig/slapd/40OPTIONS<br />
<br />
Add this code:<br />
<br />
{<br />
{<br />
# Any custom options<br />
#SLAPD_OPTIONS=" -4 -d { $ldap{LogLevel} || 256 } -s 0 "<br />
my $slapdOptions = "#Test";<br />
my $logLevel = $ldap{LogLevel} || 256;<br />
if ($IPv6{'status'} eq "enabled") {<br />
$slapdOptions = "SLAPD_OPTIONS=\"-d $logLevel -s 0\" " ;<br />
} else {<br />
$slapdOptions = "SLAPD_OPTIONS=\"-4 -d $logLevel -s 0\" " ;<br />
}<br />
$OUT .= "# Any custom options\n";<br />
$OUT .= "$slapdOptions\n";<br />
}<br />
<br />
Edited the unit file /usr/lib/systemd/system/ldap.service to comment out the Environment line and just leave the config file<br />
<br />
#Environment="SLAPD_URLS=ldap:/// ldaps:/// ldapi:///" "SLAPD_OPTIONS=-4 -d 256 -s 0"<br />
EnvironmentFile=/etc/sysconfig/slapd<br />
<br />
systemctl daemon-reload<br />
systemctl restart ldap.service<br />
<br />
'''However, /usr/sbin/cpu is not IPv6 aware and is unmaintained.'''<br />
<br />
We can bypass this and force IPv4 by editing:<br />
<br />
/etc/cpu-system.conf<br />
<br />
Modify the template and change localhost to 127.0.0.1<br />
<br />
[LDAP]<br />
LDAP_HOST = 127.0.0.1<br />
LDAP_PORT = 389<br />
<br />
===Other notes===<br />
<br />
Use in a web browser<br />
https://[2001:470:1f13:3ff:2a9:b700:fe99:792c]<br />
<br />
Ping<br />
ping6 2001:470:1f13:3ff:2a9:b700:fe99:792c<br />
<br />
===Bugs===<br />
https://bugs.koozali.org/show_bug.cgi?id=6393<br />
<br />
[[Category:SME10-Development]]<br />
[[Category:Developer]]<br />
[[Category:Advance]]<br />
[[Category:Howto]]</div>ReetPhttps://wiki.koozali.org/index.php?title=Docker&diff=41952Docker2023-02-01T11:11:11Z<p>ReetP: /* Contrib */</p>
<hr />
<div>{{WIP box}}<br />
Placeholder for anything to do with Docker (https://docker.com)<br />
{{Note box| The contrib has been built from the original notes and I use it to permanently run Rocketchat }}<br />
<br />
=== Version ===<br />
{{ #smeversion: smeserver-docker }}<br />
<br />
'''You can discuss all things related to this page on the forums [http://forums.contribs.org/index.php/topic,51181.0.html here]'''<br />
<br />
'''There is a separate page that addresses the design of a Docker contrib [http://wiki.contribs.org/Docker_design_concept here]''' <br />
<br />
'''There is also a page to discuss on how to create a Docker image of SME [https://wiki.contribs.org/Docker_Image_of_SME here]'''<br />
<br />
==About==<br />
[[File:Docker_logo.png]]<br />
<br />
Docker is an open-source project that automates the deployment of applications inside software containers, providing that way an additional layer of abstraction and automatization of operating system–level virtualization on Linux. Docker uses resource isolation features of the Linux kernel such as cgroups and kernel namespaces to allow independent "containers" to run within a single Linux instance, avoiding the overhead of starting virtual machines.<br />
<br />
<br />
===Why Docker on SME Server?===<br />
Docker containers hold one or more applications (and all it's dependencies) and can be started and stopped at will. The containers, when activated, use the Linux kernel namespaces and are operating isolated from the rest of your server, except for storage/mount points and networking, depending on the configuration of the container. Some applications require special PHP versions or other modifications to your server settings that are not desirable and may effect yum updates and upgrades. Docker containers is a way to have such an application packed with all it's dependencies and run it isolated. You can have multiple containers running, depending on your server hardware capacity.<br />
<br />
Examples:<br />
* ownCloud running in a container with a higher version of PHP then SME Server provides<br />
* A postgres application running in a container without having to install Postgres on SME Server<br />
* Service on demand, you can start/start (even scripted) a container when you need the service within the container<br />
* Move containers from one SME Server to another (Back-up or production) without installing the application itself<br />
* Time based service e.g. cron jobs. Only have an application running when you need it.<br />
* Keep SME Server's stock stability, security and flexibility, yet run exotic applications<br />
<br />
<br />
==Considerations==<br />
* Storage of image library (local/NAS)<br />
* Storage of Docker application data (local/NAS)<br />
* Networking e.g. bridged with host, new bridge with host or port mapping<br />
* Stand alone all-in-on docker or linked containers<br />
* Security<br />
* Only use TRUSTED repo's with images. Who build the image, what's in it?<br />
* Naming convention of images to identify source(person or repo), SME version, application and version. e.g.:<br />
owncloud-7.0.1-smeserver-9.0-john<br />
wordpress-3.9.1-smeserver-8.1-mary<br />
ehour-1.4.1-smeserver-9.0-richard<br />
sharedfolders-2.1.1-smeserver-9.0-fws<br />
frontaccounting-3.2.1-smeserver-8.1-contribsorg<br />
<br />
Why the SME Server version in the naming convention if it's all inside the container? Well, it could well be that the application inside the container will use some of SME Server specifics such as the db, templates or perl interaction. In that case we need to make sure that we know for which SME Server the image was build.<br />
<br />
<br />
* Verification (checksum) of available images<br />
* Setting up trusted docker repo's<br />
* disable docker repo's enabled by default at installation and come up with a command that enables them a la Yum<br />
<br />
<br />
==Installation==<br />
<br />
===Contrib===<br />
<br />
yum install smeserver-extrarepositories-docker-ce<br />
signal-event yum-modify<br />
yum --enablerepo=smecontribs install smeserver-docker<br />
signal-event post-upgrade;signal-event reboot<br />
<br />
(Note the contrib is still in smetest)<br />
<br />
<br />
Uses config entries<br />
<br />
config setprop docker iptables false/true - default false<br />
<br />
config setprop docker DNS [192,168.10.1,8.8.8.8] - defaults to LocalIP<br />
<br />
config setprop docker DockerNetwork [IP range eg 192.168.100.0/24] - defaults to dockers own choice. Range is not yet checked for validity.<br />
<br />
There is an action to update the core files:<br />
<br />
smeserver-docker-update <br />
<br />
{{Note box| Note to self - probably needs quotes around "false" for iptables}}<br />
<br />
config show docker <br />
status enabled/disabled - enabled by default<br />
iptables true/false - false by default to prevent docker manipulating iptables<br />
<br />
config show containerd<br />
status enabled/disabled - enabled by default - called and used by docker<br />
<br />
See if it works:<br />
<br />
systemctl status docker<br />
<br />
And test:<br />
<br />
docker run hello-world<br />
<br />
docker ps -a<br />
docker rm <id><br />
<br />
docker images<br />
docker rmi <id><br />
<br />
We can also use docker-compose:<br />
<br />
curl -L https://github.com/docker/compose/releases/download/1.29.2/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose<br />
chmod +x /usr/local/bin/docker-compose<br />
chgrp docker /usr/local/bin/docker-compose<br />
<br />
A test compose file is installed.<br />
<br />
cd /home/e-smith/files/docker/configs<br />
docker-compose up -d hello_world<br />
<br />
Add your own templates to:<br />
<br />
/etc/e-smith/templates/home/e-smith/files/docker/configs/docker-compose.yml<br />
<br />
or:<br />
<br />
/etc/e-smith/templates-custom/home/e-smith/files/docker/configs/docker-compose.yml<br />
<br />
signal-event smeserver-docker-compose-update<br />
cd /home/e-smith/files/docker/configs<br />
docker-compose up -d my_hello<br />
<br />
==Things to do==<br />
<br />
Plenty<br />
<br />
===Challenges===<br />
* How to interact with localhost PAM or LDAP from within a container?<br />
<br />
I think that you can access localhost services by adding:<br />
<br />
--net="host" to docker run<br />
<br />
This means any services on the docker container are equally valid 'localhost' services accessible from the server itself so you need to ensure the server is properly firewalled. See Issues below.<br />
<br />
* Many more...<br />
<br />
<br />
==Notes==<br />
<br />
<br />
====Networking====<br />
<br />
{{WIP box | This is still a work in progress. the following are notes for reference only}}<br />
<br />
Docker attempts to guess what network to use and sets a bridged interface for it.<br />
<br />
Access to the container.<br />
<br />
This allows access to any local services, and any ports in the container will appear locally<br />
<br />
v1 format<br />
--net="host" <br />
<br />
v2 + format<br />
<br />
Docker<br />
--network host<br />
<br />
Compose<br />
network_mode: host<br />
<br />
This maps container port 80 to host port 8088<br />
<br />
# container:host<br />
ports:<br />
- 8080:8080<br />
<br />
So if you ran an Apache container service on port 80, you can connect to it from the host using <br />
<br />
container.ip.add:8088<br />
<br />
Using --network host means it is easier to connect to the container using the local IP address. Simple port forwarding/opening will suffice.<br />
<br />
However, it exposes all ports on the container locally, and there may also be conflicts with local ports.<br />
<br />
Using a port mapping is preferred, but your SME server will then block access container access to local services such as DNS.<br />
<br />
The answer is probably to statically set the Docker network, and then add the network to 'Local Network'. You can then expose ports via the docker config entry eg:<br />
<br />
docker=service<br />
status=enabled<br />
UPDPort=1234<br />
TCPPort=8088<br />
<br />
I am working on this currently but the LocalNetworking approach doesn't work. It probably need manipulation of the firewall with templates.<br />
<br />
=== Login to container===<br />
<br />
If permitted, most containers can be logged into using this:<br />
<br />
docker exec -t -i -u root <container_name> /bin/bash<br />
<br />
===SME Server specifics===<br />
By default Docker will store all images, containers and other data in:<br />
/var/lib/docker<br />
<br />
For SME Server this is not ideal for we would like to incorporate all Docker data into the pre-defined backup procedure(s) that come with SME Server. The preferred location for Docker data would be:<br />
'''/home/e-smith/files/docker'''<br />
<br />
===File permissions===<br />
<br />
You may have issues writing to local filesystems from Docker images.<br />
<br />
First add something like this to your compose file<br />
<br />
volumes:<br />
- /opt/uploads/:/opt/uploads/<br />
<br />
You may need to find out what permissions are required.<br />
<br />
<br />
In RocketChat I had to add a dummy user and group like this<br />
<br />
mkdir -p /opt/uploads<br />
chmod 0777 /opt/uploads<br />
<br />
I then could upload and check the ID that docker users. I thins case it was 65533<br />
<br />
So I then did:<br />
groupadd -g 65553 rocketchat<br />
useradd -s /sbin/nologin -u 65533 -d /dev/null -g rocketchat rocketchat<br />
chmod 0744 /opt/uploads<br />
<br />
And then test again.<br />
<br />
===Using a Docker image===<br />
<br />
You should generally be prefer to use docker-compose for images.<br />
<br />
<br />
==Building your own images==<br />
* Notes<br />
Manual, or..<br />
https://github.com/docker/fig<br />
<br />
<br />
==Related articles of interest==<br />
* [http://jpetazzo.github.io/2014/01/29/docker-device-mapper-resize/ Container storage and (re)size]<br />
<br />
===Setting up a (Private) Docker repository===<br />
TBA<br />
<br />
* https://blog.codecentric.de/en/2014/02/docker-registry-run-private-docker-image-repository/<br />
<br />
<br />
<br />
==='Proposal test image:'===<br />
An application that requires Java, PHP, Apache, MySQL and LDAP. The localhost MySQL and localhost LDAP should be used by the application. The application should be publicly available either on a subdomain or specific port on the FQDN. The application should only be available between 08:00AM until 19:00PM.<br />
All application data should be incorporated by the default SME Sever backup mechanisms, including the image itself.<br />
<br />
* Building the image based on centos6<br />
* Configure networking, bridges and ports<br />
* Start/restart and stop syntax of the application<br />
* Configure cron<br />
<br />
==General old notes==<br />
The following methods and notes are left for reference.<br />
<br />
By default, there are pre-built images available from the official [https://registry.hub.docker.com/ Docker Hub]. In our examples we will use the pre-built centos7 image.<br />
<br />
To get a list of all available Centos images you can use:<br />
docker search centos<br />
You will be flooded with available images from the Docker hub. This is because everyone can have a free account on Docker hub and create one repository for him/herself. We limit our testing to the official Centos repo. With all the other images, you are on your own and usage is at your own risk.<br />
<br />
===Downloading a docker image===<br />
To download the centos7 image to your local server, issue the following command as root:<br />
docker pull centos:centos7<br />
where the syntax is 'centos' as the main repository and 'centos7' the specific version. Would you issue only 'docker pull centos', then all centos versions will be downloaded. So be specific.<br />
<br />
Once the image has been downloaded, you can check your local images by issuing:<br />
docker images<br />
<br />
The listing included the Image ID and Name. These are important to run additional commands when the container is running.<br />
<br />
<br />
===Running a docker container===<br />
Now that we have downloaded the centos7 image it's time to give it a spin. To start the cento6 container we can issue the following command:<br />
docker run -t -i --net="host" centos:centos7 bash<br />
This will tell docker to run the centos6 container interactively from the local centos repo, use the host network interface and start bash. After a few seconds you will be presented with the bash prompt inside the centos7 container:<br />
bash-4.1#<br />
and to check if we are really inside the centos6 container we can display the release version:<br />
cat /etc/redhat-release<br />
which will result in:<br />
CentOS release 7.8 (Final)<br />
From here you can use the normal commands like yum etc.<br />
<br />
To exit the container you give the normal 'exit' command, which will stop the centos6 container and bring you back to the prompt of your local server.<br />
<br />
To run a container in the background, you need to issue to docker run command with the -d flag instead of the -i flag<br />
<br />
<br />
===Copy docker images===<br />
Docker images are stored on your local server. If you want to run the image on another machine you first have to take the image out of your local image repository and save the image in a transferable format. For this the ''save'' the image in .tar format. To get a listing of all available images on your local server:<br />
<br />
docker images<br />
<br />
will result in (example):<br />
<br />
[root@sme9 ~]# docker images<br />
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE<br />
sme9 6.5 55db4355a2de 46 minutes ago 854.7 MB<br />
leszekk/centos_minimalcd 6.5 bc56fa8f1204 8 months ago 452.6 MB<br />
<br />
To create a copy of our sme9 image and save it as 'copyofsme9 you need to enter the following command:<br />
docker save sme9:6.5 > /tmp/copyofsme9.tar<br />
<br />
which will result in a copyofsme9.tar file in your /tmp directory of your local server. You can now copy/move this file to another server or simply archive it for later usage.<br />
<br />
To use the copyofsme9.tar file on another server and use it on that server with Docker, we can load it into the repository of the new server:<br />
docker load -i < /downloads/copyofsme9.tar<br />
<br />
After Docker has loaded the file, you can check it's availability by executing: docker images and you can use it just like any other image on your new server. You can use the ''save'' and ''load'' commands to clean up your local repository and share copies of your image.<br />
<br />
===Docker networking===<br />
<br />
some thoughts to share on docker networking<br />
<br />
* Network port mapping<br />
http://docs.docker.com/userguide/dockerlinks/<br />
* Network Configuration<br />
http://docs.docker.com/articles/networking/<br />
<br />
'''Note:''' Could we use FWS webapps to create an apache sub domain where the docker web application can be reached and 'masquerade' an unusual http port? e.g.<br />
owncloud.mydomain.com vs mydomain.com:8000<br />
Using<br />
mydomain.com/owncloud<br />
would require ibay checking <br />
<br />
<br />
===Docker Name resolution===<br />
<br />
<br />
Other DNS can be added to the unit file or daemon.json - see further below for details.<br />
<br />
Or you could add directly from the command line<br />
docker run -i -t -dns 208.67.220.220 -dns 208.67.220.222 sme9_real:6.5 /bin/bash<br />
<br />
===Docker Compose===<br />
<br />
https://github.com/docker/compose/releases/tag/1.29.2<br />
<br />
curl -L https://github.com/docker/compose/releases/download/1.29.2/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose<br />
chmod +x /usr/local/bin/docker-compose<br />
<br />
===Shipyard web GUI===<br />
Deprecated<br />
There is a separate page on how to install Shipyard, the Docker web GUI [http://wiki.contribs.org/Shipyard here]<br />
<br />
<br />
===Issues===<br />
<br />
This was a v9 issue. Leaving for reference.<br />
<br />
You will find that if you use 'host' networking docker will set /sys as Read Only and you will get an error with the raid_check as per this bug<br />
<br />
https://bugs.contribs.org/show_bug.cgi?id=10660<br />
<br />
If you don't use host networking, you use the internal IP address set with docker, but this address is unknown as a local network to SME and it will block any queries emanating from the container. I am looking at this with the contrib.<br />
<br />
<br />
===Repo setup===<br />
<br />
db yum_repositories set docker-ce-stable repository \<br />
BaseURL 'https://download.docker.com/linux/centos/7/$basearch/stable' \<br />
EnableGroups no \<br />
GPGCheck yes \<br />
GPGKey https://download.docker.com/linux/centos/gpg \<br />
Name 'Docker Stable' \<br />
Visible yes \<br />
status enabled<br />
<br />
signal-event yum-modify<br />
<br />
yum --enablerepo=extras,docker-ce-stable install docker-ce docker-ce-cli<br />
<br />
or to try with the smeserver-docker contrib - still modifying this<br />
<br />
yum --enablerepo=extras,smetest install smeserver-docker<br />
<br />
<br />
So we get a service in /etc/systemd/system-preset/49-koozali.preset<br />
<br />
config set docker service status enabled<br />
config set containerd service status enabled<br />
mkdir -p /home/e-smith/files/docker<br />
mkdir -p /home/e-smith/files/docker/configs<br />
<br />
<br />
Startup options<br />
<br />
The big issue is getting this to work correctly with the firewall.<br />
<br />
https://docs.docker.com/compose/compose-file/compose-file-v3<br />
<br />
Host mode where the container has the same IP as the server and the service runs the same as any other host service, and can talk to other local host services easily, but exposes the container more.<br />
<br />
Bridge mode where the container is on it's own internal docker network that is bridged to the local machine, but then queries emanating from the container will have the internal docker IP and can be refused by real 'local' services eg AD/MySQL etc. unless the firewall or other services can be adjusted.<br />
<br />
<br />
https://docs.docker.com/compose/compose-file/compose-file-v3/#network_mode<br />
<br />
network_mode: "bridge"<br />
network_mode: "host"<br />
network_mode: "none"<br />
network_mode: "service:[service name]"<br />
network_mode: "container:[container name/id]"<br />
<br />
<br />
https://docs.docker.com/compose/compose-file/compose-file-v3/#ports<br />
<br />
Port mapping is incompatible with network_mode: host<br />
<br />
https://docs.docker.com/engine/reference/commandline/dockerd/#daemon-configuration-file<br />
<br />
We can add startup options via /etc/docker/daemon.json<br />
<br />
===Files to modify?===<br />
<br />
For now I have created a hardcoded file with the content from below<br />
<br />
mkdir -p /usr/lib/systemd/system/docker.service.d<br />
<br />
/usr/lib/systemd/system/docker.service.d/50koozali.conf<br />
<br />
If we template then we would use two fragments like this:<br />
<br />
/etc/e-smith/templates/usr/lib/systemd/system/docker.service.d/50koozali.conf/40service<br />
<br />
[Service]<br />
Type=notify<br />
# the default is not to use systemd for cgroups because the delegate issues still<br />
# exists and systemd currently does not support the cgroup feature set required<br />
# for containers run by docker<br />
# docker home set to /home/e-smith/files/docker<br />
ExecStart=<br />
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock -g /home/e-smith/files/docker/data<br />
ExecReload=/bin/kill -s HUP $MAINPID<br />
TimeoutSec=0<br />
RestartSec=2<br />
Restart=always<br />
<br />
/etc/e-smith/templates/usr/lib/systemd/system/docker.service.d/50koozali.conf/80install<br />
<br />
[Install]<br />
WantedBy=sme-server.target<br />
<br />
expand-template /usr/lib/systemd/system/docker.service.d/50koozali.conf<br />
<br />
<br />
But now we can use /etc/docker/daemon.json<br />
<br />
This can be templated. Key point to avoid is a conflict between the docker internal network and out own.<br />
We also want to know what is happening with IPTables rules<br />
<br />
eg<br />
<br />
{<br />
"bip": "192.168.100.1/24", << Set our own choice of internal network<br />
"data-root": "/home/e-smith/files/docker/data", << set our own data directory<br />
"dns": ["127.0.0.1", "192.168.10.212"] << set our own DNS<br />
}<br />
<br />
===Docker Networking===<br />
<br />
Docker now does it's own thing with IPTables and it is hard to disable - we need to be careful here<br />
<br />
https://docs.docker.com/network/iptables/<br />
<br />
How do we check conflicts?<br />
<br />
ip addr show docker0<br />
<br />
docker network ls<br />
<br />
docker network inspect bridge<br />
<br />
https://www.baeldung.com/ops/docker-network-information<br />
<br />
docker network inspect -f '{{range .IPAM.Config}}{{.Subnet}}{{end}}' bridge<br />
172.17.0.0/16<br />
<br />
So one way is to add it to the daemon.json file (see above)<br />
<br />
{<br />
"iptables": false<br />
}<br />
<br />
And note:<br />
<br />
Restart the Docker daemon and voila: your containers will not be exposed to every possible interface but you will need to explicitly manipulate your iptables rules if you want the traffic to pass through, e.g.: this is needed to NAT your containers:<br />
<br />
<br />
-A POSTROUTING -s 172.17.0.0/24 -o eth0 -j MASQUERADE<br />
<br />
An alternative which I use on RocketChat is to proxy calls using mod_proxy_tunnel.so<br />
<br />
/etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/20LoadModule98ExtraMod<br />
<br />
{<br />
# Load wstunnel if available<br />
if ( -e '/usr/lib64/httpd/modules/mod_proxy_wstunnel.so' ||<br />
-e '/usr/lib/httpd/modules/mod_proxy_wstunnel.so') {<br />
$OUT .= "LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so\n";<br />
}<br />
}<br />
<br />
You can then use some custom httpd templates to create a proxy pass virtual host.<br />
<br />
===Docker Compose===<br />
<br />
https://docs.docker.com/compose/install/<br />
<br />
Check the latest release:<br />
<br />
https://github.com/docker/compose/releases/<br />
<br />
curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose<br />
chmod 0700 /usr/local/bin/docker-compose<br />
chgrp docker /usr/local/bin/docker-compose<br />
<br />
Add template fragments here to make your compose file:<br />
<br />
/etc/e-smith/templates/home/e-smith/files/docker/configs/docker-compose.yml<br />
<br />
Note that there is now Compose format.<br />
<br />
https://github.com/docker/compose#where-to-get-docker-compose<br />
<br />
https://github.com/docker/compose-switch<br />
<br />
=== Old Unit file ===<br />
Previous unit file for ref<br />
<br />
[Unit]<br />
Description=Docker Application Container Engine<br />
Documentation=https://docs.docker.com<br />
BindsTo=containerd.service<br />
After=network-online.target firewalld.service containerd.service<br />
Wants=network-online.target<br />
Requires=docker.socket<br />
<br />
[Service]<br />
Type=notify<br />
# the default is not to use systemd for cgroups because the delegate issues still<br />
# exists and systemd currently does not support the cgroup feature set required<br />
# for containers run by docker<br />
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock -g /home/e-smith/files/docker<br />
ExecReload=/bin/kill -s HUP $MAINPID<br />
TimeoutSec=0<br />
RestartSec=2<br />
Restart=always<br />
<br />
# Note that StartLimit* options were moved from "Service" to "Unit" in systemd 229.<br />
# Both the old, and new location are accepted by systemd 229 and up, so using the old location<br />
# to make them work for either version of systemd.<br />
StartLimitBurst=3<br />
<br />
# Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230.<br />
# Both the old, and new name are accepted by systemd 230 and up, so using the old name to make<br />
# this option work for either version of systemd.<br />
StartLimitInterval=60s<br />
<br />
# Having non-zero Limit*s causes performance problems due to accounting overhead<br />
# in the kernel. We recommend using cgroups to do container-local accounting.<br />
LimitNOFILE=infinity<br />
LimitNPROC=infinity<br />
LimitCORE=infinity<br />
<br />
# Comment TasksMax if your systemd version does not support it.<br />
# Only systemd 226 and above support this option.<br />
TasksMax=infinity<br />
<br />
# set delegate yes so that systemd does not reset the cgroups of docker containers<br />
Delegate=yes<br />
<br />
# kill only the docker process, not all processes in the cgroup<br />
KillMode=process<br />
<br />
[Install]<br />
WantedBy=multi-user.target<br />
<br />
<br />
==Bugs==<br />
<br />
Please raise bugs under the SME-Contribs section in {{BugzillaFileBug|product=|component=|title=bugzilla}}and select the smeserver-docker component or use <br />
{{BugzillaFileBug|product=SME%20Contribs|component=smeserver-docker |title=this link}}.<br />
<br />
<br />
{{#bugzilla:columns=id,product,version,status,summary |sort=id |order=desc |disablecache=1 |component=smeserver-docker |noresultsmessage="No open bugs found."}}<br />
<br />
<br />
==Changelog==<br />
<br />
Only released version in smecontrib are listed here.<br />
<br />
{{ #smechangelog: smeserver-docker }}<br />
<br />
<br />
<br />
[[Category:Containers]]<br />
[[Category:Contrib]]<br />
[[Category:Containers:Docker]]</div>ReetPhttps://wiki.koozali.org/index.php?title=Rocket_Chat:Contrib&diff=41950Rocket Chat:Contrib2023-01-26T17:38:33Z<p>ReetP: /* Koozali SME v10 */</p>
<hr />
<div>'''[[Rocket_Chat#smeserver-rocketchat_contrib|Contrib]]''': [mailto:jcrisp@safeandsound.co.uk][[User:ReetP|John Crisp]]<br />
{{Note box|Please note that there is also a howto on manually installing Rocket.Chat [[Rocket_Chat|'''here''']]<br />
However, due to dependencies a manual install will not work on SME}}Version up to 0.61.2 will work with this contrib.<br />
<br />
Later versions will need my newer smeserver-rocketchat-0.2.x contrib which uses docker.<br />
<br />
==smeserver-rocketchat contrib==<br />
{{WIP box}}<br />
<br />
There is no contrib for v10 as yet. I will work on it when I have time. These are just some notes for reference.<br />
<br />
==Current version==<br />
<br />
NA<br />
<br />
You may be able to install from source but chances are CentOS7 will be 'too old'<br />
<br />
Latest source is here:<br />
<br />
https://github.com/RocketChat/Rocket.Chat/tags<br />
<br />
==Required repos==<br />
<br />
Add repos:<br />
<br />
* [[epel]]<br />
* [[User:ReetP|reetp]] <br />
<br />
Settings<br />
<br />
config set rocketchat service TCPPort 3000 mailPort 25 mailURL localhost access public status enabled<br />
<br />
<br />
signal-event post-upgrade;signal-event reboot<br />
<br />
<br />
System ➔ startup<br />
+----------------------------------------------------+<br />
| SERVER RUNNING |<br />
+----------------------------------------------------+<br />
| |<br />
| Version: 0.xx.x |<br />
| Process Port: 3000 |<br />
| Site URL: <nowiki>http://rocketchat.local.net:3000</nowiki> |<br />
| OpLog: Disabled |<br />
| |<br />
+----------------------------------------------------+<br />
<br />
You should now be able to connect to your Rocket.Chat instance <br />
<br />
http://rocketchat.local.net:3000<br />
<br />
===Registering a new account===<br />
<br />
Because the SME mail server is fussy you may find it easier to force some settings in the Rocket.Chat DB before trying to register:<br />
<br />
You can set your SMTP host as localhost or mail.yourdomain.com<br />
<br />
mongo<br />
use rocketchat<br />
db.rocketchat_settings.update({"_id" : "SMTP_Host"}, {$set: {"value":"mail.yourdomain.com"}})<br />
db.rocketchat_settings.update({"_id": "From_Email"}, {$set: {"value":"admin@yourdomain.com"}})<br />
exit<<br />
<br />
<br />
===Errors===<br />
<br />
<br />
NA<br />
<br />
<br />
===Apache SSL with Proxypass===<br />
{{Note box|This is still experimental and there may be issues with SSL only for the Primary iBay and Letsencrypt. You will need a minimum version of smeserver-rocketchat-0.1-5 }}<br />
<br />
It is recommended to add Letsencrypt support as detailed below (see here for my contrib https://wiki.contribs.org/Letsencrypt)<br />
<br />
Make a copy of the ProxyPassVirtualHosts dir<br />
<br />
cp -e /etc/e-smith/templates/etc/httpd/conf/httpd.conf/ProxyPassVirtualHosts /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/ProxyPassVirtualRocketchat<br />
<br />
Edit this file:<br />
<br />
/etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/ProxyPassVirtualRocketchat/50Content<br />
<br />
Replace the existing code with this:<br />
<br />
ProxyPreserveHost on<br />
SetEnv proxy-nokeepalive 1<br />
ProxyPass /.well-known/acme-challenge/ !<br />
<br />
DocumentRoot /home/e-smith/files/ibays/Primary/html<br />
<br />
<IfModule mod_proxy_wstunnel.c><br />
ProxyPassMatch ^/sockjs/(.*)/websocket ws://localhost:3000/sockjs//websocket<br />
ProxyPass /websocket ws://localhost:3000/websocket<br />
</IfModule><br />
<br />
ProxyPass / http://localhost:3000/<br />
ProxyPassReverse / http://localhost:3000/<br />
<br />
<Location /><br />
Require all granted<br />
</Location><br />
<br />
<Location /.well-known/acme-challenge/><br />
Require all granted<br />
</Location><br />
<br />
<br />
Save, and then run<br />
<br />
signal-event webapps-update<br />
<br />
<br />
<br />
Now we need to setup our subdomain for the reverse proxy<br />
<br />
db domains set chat.mycompany.local domain Description RocketChat Nameservers internet \<br />
TemplatePath ProxyPassVirtualRocketchat ProxyPassTarget http://localhost:3000/<br />
<br />
It should look like this:<br />
chat.mycompany.local=domain<br />
Nameservers=internet (can be localhost)<br />
ProxyPassTarget=http://127.0.0.1:3000/<br />
TemplatePath=ProxyPassVirtualRocketchat<br />
letsencryptSSLcert=enabled (with letsencrypt support)<br />
<br />
We need to set Rocket.Chat to listen on localhost now:<br />
<br />
config setprop rocketchat rootURL chat.mycompany.domain SSLProxy yes<br />
signal-event remoteaccess-update<br />
service rocketchat restart<br />
<br />
If you can now successfully get to Rocketchat on your subdomain https://chat.mycompany.local you can disable default access on port 3000:<br />
<br />
config setprop rocketchat access private<br />
signal-event remoteaccess-update<br />
<br />
You may find you need to clear your browser cache before it works correctly on https://chat.mycompany.local rather than http://chat.mycompany.local:3000<br />
<br />
IF you have Letsencrypt support you can now set your main domain to SSL only:<br />
<br />
db accounts setprop Primary SSL enabled<br />
signal-event ibay-modify Primary<br />
<br />
===Upgrades===<br />
<br />
To upgrade rocketchat:<br />
<br />
yum --enablerepo=reetp install rocketchat<br />
<br />
To upgrade the rocketchat configurator:<br />
<br />
yum --enablerepo=reetp install smeserver-rocketchat<br />
<br />
===Bugs===<br />
<br />
Look for bugs :-) As the contrib is not in CVS please report them in the forum and I will try and keep an eye out.<br />
<br />
<br />
==Mongo DB examples==<br />
<br />
===Usage===<br />
<br />
Example using mongo itself:<br />
<br />
mongo<br />
<br />
use rocketchat<br />
<br />
Show all collections in DB<br />
show collections<br />
<br />
Show all entries in a collection<br />
db.rocketchat_avatars.chunks.find()<br />
<br />
db.rocketchat_settings.find({"_id" : "SMTP_Host"})<br />
db.rocketchat_settings.find({"_id" : "From_Email"})<br />
<br />
db.rocketchat_settings.findOne({_id : "From_Email"}, {_id:0, value: 1})<br />
db.rocketchat_settings.findOne({_id : "SMTP_Host"}, {_id:0, value: 1})<br />
<br />
db.rocketchat_settings.update({"_id":"From_Email"}, {$set: {"value":"admin@yourdomain.com"}})<br />
db.rocketchat_settings.update({"_id":"SMTP_Host"}, {$set: {"value":"mail.yourdomain.com"}})<br />
<br />
<br />
Remove all entries in a collection (CAREFUL!!!!!!)<br />
db.rocketchat_avatars.chunks.remove({})<br />
<br />
Help<br />
help<br />
<br />
Some more mongo commands for reference<br />
<br />
https://github.com/RocketChat/Rocket.Chat/issues/15880#issuecomment-570070433<br />
<br />
Directly check a specific user ID from bash:<br />
mongo rocketchat --eval "db.users.find({'username':'usernamehere'}).forEach( function(u) { print(u._id + \" ; \" + u.username); } )"<br />
<br />
Log into rocketchat database:<br />
mongo rocketchat<br />
<br />
Check out all the user IDs in the database: <br />
db.users.find().forEach( function(u) { print(u._id + ";" + u.username); } ) <br />
<br />
Or just a specific user's ID:<br />
db.users.find({'username':'usernamehere'}).forEach( function(u) { print(u._id + \" ; \" + u.username); } )<br />
<br />
Replace specific user ID's password in the database:<br />
db.users.update( {'_id': 'useridhere'}, {$set: {'services.password.bcrypt': 'bcryptedpasswordhere'}}, {multi:true} )<br />
<br />
My only issue with above (only time I needed it for recovery purposes), was that I didn't know which tool to use to generate a bcrypted password. So in the hurry I copied the hash from one account I already knew (my own). If someone knows a good command for creating one directly in bash, I assume it would do.<br />
<br />
There are bcrypt password generators online, and various libraries you can use<br />
<br />
For listing out any passwords in the database I used:<br />
<br />
db.users.find().forEach( function(u) { print(u.services.password.bcrypt + " ; " + u.username); } ) <br />
<br />
If you have deactivated users it may fail so use this for individual accounts.<br />
<br />
However, you can get it for an individual user with:<br />
<br />
db.users.find({'username':'SomeUserName'}).forEach( function(u) { print(u.services.password.bcrypt + " ; " + u.username); } ) <br />
<br />
Set a user config item:<br />
<br />
db.users.update( {'username': 'SomeUserName'}, {$set: {'settings.preferences.showMessageInMainThread': 'true'}} )<br />
<br />
Find a single user:<br />
<br />
db.getCollection('users').find( {'username':'SomeUserName'} )<br />
<br />
Get limited information:<br />
<br />
db.getCollection('users').find({}, {"username":1, "settings.preferences.showMessageInMainThread":1})<br />
<br />
Reset 2FA nonsense:<br />
<br />
db.users.update({'username': 'SomeUserName'}, {$unset: {'services.totp': 1}});<br />
db.users.update({'username': 'SomeUserName'}, {$unset: {'services.email2fa': 1}});<br />
<br />
===Database Backup===<br />
<br />
You can dump the tables to a directory of your choice:<br />
<br />
mongodump --dumpDbUsersAndRoles -d rocketchat -o /root/rocketchatmongo<br />
<br />
===Database Restore===<br />
<br />
You can restore you database as follows:<br />
<br />
mongorestore --restoreDbUsersAndRoles -d rocketchat -dir /root/rocketchatmongo/rocketchat --quiet<br />
<br />
==Node usage==<br />
<br />
* This should go to a new Node page for reference<br />
<br />
Use n, an extremely simple Node version manager that can be installed via npm (See http://stackoverflow.com/questions/7718313/how-to-change-to-an-older-version-of-node-js)<br />
<br />
Say you want Node.js v0.10.x to build Atom.<br />
<br />
npm install -g n # Install n globally<br />
n 0.10.33 # Install and use v0.10.33 local only<br />
<br />
Usage:<br />
n # Output versions installed<br />
n latest # Install or activate the latest node release<br />
n stable # Install or activate the latest stable node release<br />
n <version> # Install node <version><br />
n use <version> [args ...] # Execute node <version> with [args ...]<br />
n bin <version> # Output bin path for <version><br />
n rm <version ...> # Remove the given version(s)<br />
n --latest # Output the latest node version available<br />
n --stable # Output the latest stable node version available<br />
n ls # Output the versions of node available<br />
<br />
<br />
==NPM Usage==<br />
<br />
To update your version of npm run the following<br />
<br />
npm install -g npm<br />
<br />
Or for a specific version:<br />
<br />
npm install -g npm@3.10.9<br />
<br />
==DB settings==<br />
<br />
Typical standard setup:<br />
rocketchat=service<br />
TCPPort=3000<br />
access=public<br />
mailPort=25<br />
mailURL=localhost<br />
status=enabled<br />
<br />
Typical proxy subdomain setup:<br />
rocketchat=service<br />
SSLProxy=yes<br />
TCPPort=3000<br />
access=private<br />
mailPort=25<br />
mailURL=localhost<br />
rootURL=chat.mydomain.co.uk<br />
status=enabled<br />
<br />
<br />
<br />
==Koozali SME v10==<br />
<br />
I am starting to look at running this under docker on v10<br />
<br />
Some quick notes.<br />
<br />
You will need<br />
<br />
Docker<br />
https://wiki.contribs.org/Docker<br />
<br />
Docker Compose (because it makes it easier to template)<br />
https://github.com/docker/compose/releases<br />
<br />
Docker environment settings to disable 2FA<br />
<br />
- OVERWRITE_SETTING_Accounts_TwoFactorAuthentication_Enforce_Password_Fallback=false<br />
- OVERWRITE_SETTING_Accounts_TwoFactorAuthentication_Enabled=false<br />
<br />
Mongo (I prefer to run a full instance rather than a docker one)<br />
https://wiki.contribs.org/MongoDB<br />
<br />
Make sure you add replicaset support in Mongo and set it up:<br />
<br />
mongo --eval "printjson(rs.initiate())"<br />
<br />
<br />
I'll add more later, and try and make a full contrib in due course<br />
<br />
FAQ<br />
<br />
https://handbook.rocket.chat/company/tools/rocket.chat</div>ReetPhttps://wiki.koozali.org/index.php?title=MongoDB&diff=41949MongoDB2023-01-26T17:21:57Z<p>ReetP: /* Other settings */</p>
<hr />
<div>==How to install MongoDB==<br />
<br />
{{Note box| Manual configuration required}}<br />
<br />
===Install Official Repository===<br />
<br />
Use ExtraRepositories from here<br />
<br />
https://wiki.koozali.org/Extrarepositories<br />
<br />
Note that all versions are available form 0.9 -> 1.0 -> 3.0/1/2/3/4/5/6/7 -> 4.0/1/2/3/4 -> 5.0<br />
<br />
Please check which versions are deprecated - they should not be used.<br />
<br />
https://www.mongodb.com/support-policy/lifecycles<br />
<br />
As of July 2022 the oldest supported version is 4.2 until April 2023<br />
<br />
yum install smeserver-extrarepositories-mongodb<br />
<br />
signal-event yum-modify<br />
<br />
Install your chosen version:<br />
<br />
yum --enablerepo=mongodb4.2 install mongodb-org <br />
<br />
If refuses to install because of no GPG Key you can change '''GPGCheck''' above from '''Yes''' to '''No''' and try '''yum install...''' again or<br />
<br />
rpm --import https://www.mongodb.org/static/pgp/server-4.0.asc<br />
<br />
Or<br />
<br />
yum --enablerepo=mongodb4.2 install mongodb-org --nogpgcheck<br />
<br />
===Starting Mongo===<br />
<br />
{{Warning box|Please check additional notes below before trying this section}}<br />
{{Warning box| Complete work in progress - here be Dragons!}}<br />
<br />
We need a db config entry for SME to recognise it:<br />
<br />
config set mongod service status enabled access private<br />
<br />
We will need a file <br />
<br />
mkdir -p /usr/lib/systemd/system/mongod.service.d<br />
<br />
nano /usr/lib/systemd/system/mongod.service.d/50koozali.conf<br />
<br />
Something like:<br />
<br />
[Unit]<br />
After=network.target network.service wan.service<br />
[Install]<br />
WantedBy=sme-server.target<br />
<br />
===Configuration File===<br />
<br />
Minimal config I use for Rocket.Chat<br />
<br />
<nowiki>grep '^[[:blank:]]*[^[:blank:]#;]' /etc/mongod.conf</nowiki><br />
<br />
systemLog:<br />
verbosity: 0<br />
destination: file<br />
logAppend: true<br />
path: /var/log/mongodb/mongod.log<br />
storage:<br />
dbPath: /var/lib/mongo<br />
journal:<br />
enabled: true<br />
processManagement:<br />
fork: true # fork and run in background<br />
pidFilePath: /var/run/mongodb/mongod.pid # location of pidfile<br />
timeZoneInfo: /usr/share/zoneinfo<br />
net:<br />
port: 27017<br />
bindIp: 127.0.0.1 # Enter 0.0.0.0,:: to bind to all IPv4 and IPv6 addresses or, alternatively, use the net.bindIpAll setting.<br />
# Enable replication for Rocket.Chat<br />
replication:<br />
replSetName: rs0<br />
<br />
<br />
Once started you need to initialises the replicaset:<br />
<br />
mongo --eval "printjson(rs.initiate())"<br />
<br />
===Other settings===<br />
<br />
nano /etc/security/limits.conf<br />
<br />
These settings are automatically added during installation<br />
<br />
@mongod soft nproc unlimited<br />
@mongod hard nproc unlimited<br />
@mongod soft nofile 64000<br />
@mongod hard nofile 64000<br />
<br />
Adding a user<br />
<br />
https://www.linode.com/docs/guides/install-mongodb-on-centos-7/<br />
<br />
use admin<br />
<br />
db.createUser(<br />
{<br />
user: "admin",<br />
pwd: "admin123",<br />
roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]<br />
}<br />
)<br />
<br />
show users<br />
<br />
We can then set Mongo to force authentication when connecting.<br />
<br />
nano /usr/lib/systemd/system/mongod.service.d/50koozali.conf<br />
<br />
Add:<br />
<br />
[Service]<br />
Environment="OPTIONS= --auth-f /etc/mongod.conf"<br />
<br />
Restart Mongo<br />
<br />
systemctl restart mongod <br />
<br />
You should now need a password to login.<br />
<br />
===Templating mongod.conf===<br />
<br />
This is possible but we need to create a new file so we do not overwrite the original - otherwise yum/rpm will complain.<br />
<br />
Something like /etc/mongod/mongod.conf<br />
<br />
Template fragments in <br />
<br />
/etc/e-smith/templates/etc/mongod/mongod.conf<br />
<br />
We can then amend the systemd overrride<br />
<br />
nano /usr/lib/systemd/system/mongod.service.d/50koozali.conf<br />
<br />
Add this:<br />
<br />
[Service]<br />
Environment="OPTIONS=-f /etc/mongod/mongod.conf"<br />
<br />
===Dump and restore===<br />
<br />
Samples - YMMV.<br />
<br />
Quick little script to dump the Rocket.Chat collection:<br />
<br />
#!bin/bash<br />
echo "Dump with Users/Roles"<br />
mongodump --dumpDbUsersAndRoles -d rocketchat -o /root/backup/rocketchatmongo<br />
echo "dump all"<br />
mongodump -d rocketchat -o /root/backup/rocketchatmongo-all<br />
<br />
<br />
{{Warning box| Do not restore between versions!!}}<br />
<br />
If you export from a version eg 4.0 then restore to that version. Do not try and restore 4.0 to 4.2 or higher.<br />
<br />
Then change your repo, and then upgrade mongo.<br />
<br />
To restore:<br />
<br />
mongorestore /root/backup/rocketchatmongo-all<br />
<br />
===Backup with system===<br />
<br />
With credit to Daniel Berteaud<br />
<br />
Action script to dump the mongo DB on pre-backup event<br />
<br />
mkdir -p /home/e-smith/db/mongo<br />
<br />
cat <<_EOF > /etc/e-smith/events/actions/mongodb-dump<br />
#!/bin/bash -e<br />
/usr/bin/mongodump --quiet --out /home/e-smith/db/mongo/<br />
_EOF<br />
<br />
chmod +x /etc/e-smith/events/actions/mongodb-dump<br />
cd /etc/e-smith/events/pre-backup<br />
ln -s ../actions/mongodb-dump ./S60mongodb-dump<br />
<br />
===Vaporise or reinitialise the database===<br />
<br />
{{Warning box| This will totally and utterly vaporise your data. Got a backup?? You have been warned}}<br />
<br />
Remove the directory contents:<br />
<br />
rm -rf /var/lib/mongo/*<br />
<br />
Or remove the entire directory and recreate it with the correct ownership:<br />
<br />
rm -rf /var/lib/mongo<br />
mkdir -p /var/lib/mongo<br />
chown -R mongod:mongod /var/lib/mongo<br />
<br />
If you have a replicaset set in /etc/mongod.conf make sure you initiate it:<br />
<br />
mongo --eval "printjson(rs.initiate())"<br />
<br />
----<br />
[[Category:Howto]]<br />
[[Category:Administration]]<br />
[[Category:Database]]</div>ReetPhttps://wiki.koozali.org/index.php?title=MongoDB&diff=41948MongoDB2023-01-26T17:17:14Z<p>ReetP: /* Templating mongod.conf */</p>
<hr />
<div>==How to install MongoDB==<br />
<br />
{{Note box| Manual configuration required}}<br />
<br />
===Install Official Repository===<br />
<br />
Use ExtraRepositories from here<br />
<br />
https://wiki.koozali.org/Extrarepositories<br />
<br />
Note that all versions are available form 0.9 -> 1.0 -> 3.0/1/2/3/4/5/6/7 -> 4.0/1/2/3/4 -> 5.0<br />
<br />
Please check which versions are deprecated - they should not be used.<br />
<br />
https://www.mongodb.com/support-policy/lifecycles<br />
<br />
As of July 2022 the oldest supported version is 4.2 until April 2023<br />
<br />
yum install smeserver-extrarepositories-mongodb<br />
<br />
signal-event yum-modify<br />
<br />
Install your chosen version:<br />
<br />
yum --enablerepo=mongodb4.2 install mongodb-org <br />
<br />
If refuses to install because of no GPG Key you can change '''GPGCheck''' above from '''Yes''' to '''No''' and try '''yum install...''' again or<br />
<br />
rpm --import https://www.mongodb.org/static/pgp/server-4.0.asc<br />
<br />
Or<br />
<br />
yum --enablerepo=mongodb4.2 install mongodb-org --nogpgcheck<br />
<br />
===Starting Mongo===<br />
<br />
{{Warning box|Please check additional notes below before trying this section}}<br />
{{Warning box| Complete work in progress - here be Dragons!}}<br />
<br />
We need a db config entry for SME to recognise it:<br />
<br />
config set mongod service status enabled access private<br />
<br />
We will need a file <br />
<br />
mkdir -p /usr/lib/systemd/system/mongod.service.d<br />
<br />
nano /usr/lib/systemd/system/mongod.service.d/50koozali.conf<br />
<br />
Something like:<br />
<br />
[Unit]<br />
After=network.target network.service wan.service<br />
[Install]<br />
WantedBy=sme-server.target<br />
<br />
===Configuration File===<br />
<br />
Minimal config I use for Rocket.Chat<br />
<br />
<nowiki>grep '^[[:blank:]]*[^[:blank:]#;]' /etc/mongod.conf</nowiki><br />
<br />
systemLog:<br />
verbosity: 0<br />
destination: file<br />
logAppend: true<br />
path: /var/log/mongodb/mongod.log<br />
storage:<br />
dbPath: /var/lib/mongo<br />
journal:<br />
enabled: true<br />
processManagement:<br />
fork: true # fork and run in background<br />
pidFilePath: /var/run/mongodb/mongod.pid # location of pidfile<br />
timeZoneInfo: /usr/share/zoneinfo<br />
net:<br />
port: 27017<br />
bindIp: 127.0.0.1 # Enter 0.0.0.0,:: to bind to all IPv4 and IPv6 addresses or, alternatively, use the net.bindIpAll setting.<br />
# Enable replication for Rocket.Chat<br />
replication:<br />
replSetName: rs0<br />
<br />
<br />
Once started you need to initialises the replicaset:<br />
<br />
mongo --eval "printjson(rs.initiate())"<br />
<br />
===Other settings===<br />
<br />
nano /etc/security/limits.conf<br />
<br />
These settings are automatically added during installation<br />
<br />
@mongod soft nproc unlimited<br />
@mongod hard nproc unlimited<br />
@mongod soft nofile 64000<br />
@mongod hard nofile 64000<br />
<br />
Adding a user<br />
<br />
https://www.linode.com/docs/guides/install-mongodb-on-centos-7/<br />
<br />
use admin<br />
<br />
db.createUser(<br />
{<br />
user: "admin",<br />
pwd: "admin123",<br />
roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]<br />
}<br />
)<br />
<br />
show users<br />
<br />
We can then set Mongo to force authenticaiotn when conneting.<br />
<br />
nano /usr/lib/systemd/system/mongod.service.d/50koozali.conf<br />
<br />
Add:<br />
<br />
[Service]<br />
Environment="OPTIONS= --auth-f /etc/mongod.conf"<br />
<br />
Restart Mongo<br />
<br />
systemctl restart mongod <br />
<br />
You should now need a password to login.<br />
<br />
===Templating mongod.conf===<br />
<br />
This is possible but we need to create a new file so we do not overwrite the original - otherwise yum/rpm will complain.<br />
<br />
Something like /etc/mongod/mongod.conf<br />
<br />
Template fragments in <br />
<br />
/etc/e-smith/templates/etc/mongod/mongod.conf<br />
<br />
We can then amend the systemd overrride<br />
<br />
nano /usr/lib/systemd/system/mongod.service.d/50koozali.conf<br />
<br />
Add this:<br />
<br />
[Service]<br />
Environment="OPTIONS=-f /etc/mongod/mongod.conf"<br />
<br />
===Dump and restore===<br />
<br />
Samples - YMMV.<br />
<br />
Quick little script to dump the Rocket.Chat collection:<br />
<br />
#!bin/bash<br />
echo "Dump with Users/Roles"<br />
mongodump --dumpDbUsersAndRoles -d rocketchat -o /root/backup/rocketchatmongo<br />
echo "dump all"<br />
mongodump -d rocketchat -o /root/backup/rocketchatmongo-all<br />
<br />
<br />
{{Warning box| Do not restore between versions!!}}<br />
<br />
If you export from a version eg 4.0 then restore to that version. Do not try and restore 4.0 to 4.2 or higher.<br />
<br />
Then change your repo, and then upgrade mongo.<br />
<br />
To restore:<br />
<br />
mongorestore /root/backup/rocketchatmongo-all<br />
<br />
===Backup with system===<br />
<br />
With credit to Daniel Berteaud<br />
<br />
Action script to dump the mongo DB on pre-backup event<br />
<br />
mkdir -p /home/e-smith/db/mongo<br />
<br />
cat <<_EOF > /etc/e-smith/events/actions/mongodb-dump<br />
#!/bin/bash -e<br />
/usr/bin/mongodump --quiet --out /home/e-smith/db/mongo/<br />
_EOF<br />
<br />
chmod +x /etc/e-smith/events/actions/mongodb-dump<br />
cd /etc/e-smith/events/pre-backup<br />
ln -s ../actions/mongodb-dump ./S60mongodb-dump<br />
<br />
===Vaporise or reinitialise the database===<br />
<br />
{{Warning box| This will totally and utterly vaporise your data. Got a backup?? You have been warned}}<br />
<br />
Remove the directory contents:<br />
<br />
rm -rf /var/lib/mongo/*<br />
<br />
Or remove the entire directory and recreate it with the correct ownership:<br />
<br />
rm -rf /var/lib/mongo<br />
mkdir -p /var/lib/mongo<br />
chown -R mongod:mongod /var/lib/mongo<br />
<br />
If you have a replicaset set in /etc/mongod.conf make sure you initiate it:<br />
<br />
mongo --eval "printjson(rs.initiate())"<br />
<br />
----<br />
[[Category:Howto]]<br />
[[Category:Administration]]<br />
[[Category:Database]]</div>ReetPhttps://wiki.koozali.org/index.php?title=IPv6&diff=41913IPv62023-01-06T16:09:47Z<p>ReetP: /* Services */</p>
<hr />
<div>==IPv6 implementation on Koozali SME Server==<br />
<br />
Some notes on how we can implement IPv6 on Koozali SME Server<br />
<br />
This is a massive task and needs careful consideration and a lot of work.<br />
<br />
Initial bug:<br />
https://bugs.koozali.org/show_bug.cgi?id=6393<br />
<br />
Feel free to add notes and comments.<br />
<br />
{{Warning box|Code below is highly experimental. Do NOT try it on a production server.}}<br />
<br />
===Commentary===<br />
<br />
As IPv4 address availability has decreased, the world is slowly starting to use IPv6.<br />
<br />
A fundamental block to adoption of IPv6 has been the lack of backwards compatibility. Yes, you could go full IPv6 only, assuming all your devices can handle it, but as most of the world still runs IPv4 you have to manage that. <br />
<br />
Essentially every service and app has to be written to allow for both IPv4 AND IPv6. aka 'Dual Stack'.<br />
<br />
That means duplicating a lot of work, and due to the nature of IPv6 - it was not designed to handle NAT, and every device is meant to have a routable public IP - this means added complexity and security considerations. That makes it more difficult for Koozali in Server/Gateway mode.<br />
<br />
Carriers have found it easier to use CGNAT - double NAT - than deal with the issue of rolling out IPv6.<br />
<br />
Some countries have rolled IPv6 out, some are in the process, and many have not at all.<br />
<br />
Even where IPv6 has been rolled out, not all ISPs offer it.<br />
<br />
IPv6 has been around for 25 years and is still a very long way from widespread adoption. It may well be another 25 years before the world is fully IPv6, and IPv4 will still exist for a long time come thereafter.<br />
<br />
===List of areas to be considered===<br />
<br />
====Config entries====<br />
<br />
There are a couple of instances where a key is already used:<br />
<br />
config show IPv6<br />
<br />
We should use this as the basis for IPv6 settings.<br />
<br />
====IP addresses====<br />
<br />
I have no IPv6 from my provider so set up a 6to4 tunnel account with Hurricane:<br />
<br />
https://tunnelbroker.net/<br />
<br />
You can set up a free account and obtain a /64block<br />
<br />
The following testing was done with a server in server only mode as this is the easier scenario.<br />
<br />
My server is behind a Mikrotik router. I first set up the Mikrotik to handle the IPv6. Then I worked on the server.<br />
<br />
The server will pick up an IPv6 address automatically from the tunnel via the router. It will need further configuration for SME to handle the tunnel instead of the router. However, this is sufficient for basic testing.<br />
<br />
Remember that IPv6 address are public facing. I have not done any work on firewalling.<br />
<br />
Some other brief thoughts:<br />
<br />
* Tunneled 6to4<br />
* Native IPv6 block from ISP<br />
* DHCP/DNS in Koozali<br />
* Routed using public IP and private address space?<br />
<br />
====Enable networking====<br />
<br />
{{Warning box|Code below is highly experimental. TESTING ONLY. Do NOT try it on a production server as you will almost certainly get hacked}}<br />
<br />
IPv6 currently disabled.<br />
<br />
Get your Gateway IP "Server IPv6 Address:" and set it here:<br />
<br />
IPv6=service<br />
status=enabled<br />
Gateway=2001:470:79c1:5ff::1<br />
<br />
This seems to get it started:<br />
<br />
mkdir -p /etc/e-smith/templates-custom/etc/sysctl.conf<br />
nano /etc/e-smith/templates-custom/etc/sysctl.conf/net.ipv6<br />
<br />
{<br />
if ( ($IPv6{status} || 'disabled') ne "enabled" ) {<br />
$OUT .= "# IPv6 is disabled\n";<br />
$OUT .= "net.ipv6.conf.all.disable_ipv6 = 1\n";<br />
$OUT .= "net.ipv6.conf.default.disable_ipv6 = 1\n";<br />
}<br />
else {<br />
$OUT .= "# IPv6 is enabled\n";<br />
$OUT .= "net.ipv6.conf.all.disable_ipv6 = 0\n";<br />
$OUT .= "net.ipv6.conf.default.disable_ipv6 = 0\n";<br />
}<br />
}<br />
<br />
mkdir -p /etc/e-smith/templates-custom/etc/sysconfig/network-scripts/ifcfg-ethX<br />
nano /etc/e-smith/templates-custom/etc/sysconfig/network-scripts/ifcfg-ethX/60IPV6<br />
<br />
{<br />
if ($IPv6{'status'} eq "enabled") {<br />
$OUT .= "IPV6INIT=yes";<br />
$OUT .= "IPV6_AUTOCONF=yes";<br />
$OUT .= "IPV6_DEFROUTE=yes";<br />
$OUT .= "IPV6_PEERROUTES=yes";<br />
$OUT .= "IPV6_FAILURE_FATAL=yes";<br />
$OUT .= "DNS0=2001:4860:4860::8888"; # Google DNS - you may want to change them!!<br />
$OUT .= "IPV6_PRIVACY=no";<br />
} else {<br />
return "IPV6INIT=no";<br />
}<br />
<br />
mkdir -p /etc/e-smith/templates-custom/etc/sysconfig/network-scripts/route-ethX<br />
nano /etc/e-smith/templates-custom/etc/sysconfig/network-scripts/route-ethX/08Gateway<br />
<br />
{<br />
return "" unless (defined $GatewayIP && (<br />
($SystemMode eq 'serveronly' && $InternalInterface{Name} eq $THIS_DEVICE ) ||<br />
($ExternalInterface{Name} eq $THIS_DEVICE) ));<br />
$OUT .= "$GatewayIP dev $THIS_DEVICE\n";<br />
$OUT .= "default via $GatewayIP dev $THIS_DEVICE\n";<br />
if ($IPv6{'status'} eq "enabled") {<br />
$OUT .= "$IPv6{'Gateway' dev $THIS_DEVICE\n";<br />
$OUT .= "default via $IPv6{'Gateway'} dev $THIS_DEVICE\n";<br />
}<br />
}<br />
<br />
{{Warning box|If you run the following command your server will have a public IP and NO firewall. You have been warned}}<br />
<br />
signal-event post-upgrade;signal-event reboot.<br />
<br />
You should get an automatic IP assigned from your Hurricane pool.<br />
<br />
ip addr show eth0<br />
<br />
3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000<br />
link/ether ca:94:35:c2:d6:e1 brd ff:ff:ff:ff:ff:ff<br />
inet 192.168.10.212/24 brd 192.168.10.255 scope global eth0<br />
valid_lft forever preferred_lft forever<br />
inet6 2001:470:79c1:5ff:c894:35ff:fec2:d6e1/64 scope global mngtmpaddr dynamic <br />
valid_lft 2591951sec preferred_lft 604751sec<br />
inet6 fe80::c894:35ff:fec2:d6e1/64 scope link <br />
valid_lft forever preferred_lft forever<br />
<br />
Try a ping6 <br />
<br />
ping6 ipv6.google.com<br />
PING ipv6.google.com(mad06s10-in-x0e.1e100.net (2a00:1450:4003:808::200e)) 56 data bytes<br />
64 bytes from mad06s10-in-x0e.1e100.net (2a00:1450:4003:808::200e): icmp_seq=1 ttl=117 time=56.2 ms<br />
64 bytes from mad06s10-in-x0e.1e100.net (2a00:1450:4003:808::200e): icmp_seq=2 ttl=117 time=55.5 ms<br />
<br />
<br />
See the bug for some more templates that we might be able to use.<br />
<br />
====Firewall====<br />
<br />
ip6tables<br />
<br />
====Server/Gateway====<br />
<br />
Routing<br />
<br />
====DNS/DHCPD====<br />
<br />
DNS (PiHole in a docker container?)<br />
<br />
<br />
====Services====<br />
<br />
List of other affected services and vague efforts to get IPv6 running for them.<br />
<br />
httpd<br />
<br />
email<br />
<br />
smbd<br />
<br />
mysql (already listens for tcp6/3313)<br />
<br />
ntpd (already listens on udp6/123)<br />
<br />
sshd as below<br />
<br />
ldap as below<br />
<br />
=====SSH===== (bad hack here so careful as this may open your server up to remote access)<br />
<br />
mkdir /etc/e-smith/templates-custom/etc/ssh/sshd_config<br />
nano /etc/e-smith/templates-custom/etc/ssh/sshd_config/15ListenAddress<br />
<br />
{<br />
my $access = $sshd{'access'} || 'private';<br />
my $address = ($access eq "public") ? "0.0.0.0" : "$LocalIP";<br />
# Not sure how we allow for 'Local IP only' with IPv6<br />
# Possibly limit it to the local subnet?<br />
if ($IPv6{status} eq "enabled") { <br />
$OUT .= "ListenAddress ::\n";<br />
$OUT .= "ListenAddress $address\n";<br />
} else {<br />
$OUT .= "ListenAddress $address\n";<br />
}<br />
}<br />
<br />
signal-event remoteaccess-update<br />
<br />
Then try:<br />
<br />
ssh root@2001:470:1f13:3ff:2a9:b700:fe99:792c<br />
<br />
=====LDAP=====<br />
<br />
mkdir -p /etc/e-smith/templates-custom/etc/sysconfig/slapd<br />
nano /etc/e-smith/templates-custom/etc/sysconfig/slapd/40OPTIONS<br />
<br />
Add this code:<br />
<br />
{<br />
{<br />
# Any custom options<br />
#SLAPD_OPTIONS=" -4 -d { $ldap{LogLevel} || 256 } -s 0 "<br />
my $slapdOptions = "#Test";<br />
my $logLevel = $ldap{LogLevel} || 256;<br />
if ($IPv6{'status'} eq "enabled") {<br />
$slapdOptions = "SLAPD_OPTIONS=\"-d $logLevel -s 0\" " ;<br />
} else {<br />
$slapdOptions = "SLAPD_OPTIONS=\"-4 -d $logLevel -s 0\" " ;<br />
}<br />
$OUT .= "# Any custom options\n";<br />
$OUT .= "$slapdOptions\n";<br />
}<br />
<br />
Edited the unit file /usr/lib/systemd/system/ldap.service to comment out the Environment line and just leave the config file<br />
<br />
#Environment="SLAPD_URLS=ldap:/// ldaps:/// ldapi:///" "SLAPD_OPTIONS=-4 -d 256 -s 0"<br />
EnvironmentFile=/etc/sysconfig/slapd<br />
<br />
systemctl daemon-reload<br />
systemctl restart ldap.service<br />
<br />
However, /usr/sbin/cpu is not IPv6 aware and is unmaintained.<br />
<br />
We can bypass this and force IPv4 by editing:<br />
<br />
/etc/cpu-system.conf<br />
<br />
Modify the template and change localhost to 127.0.0.1<br />
<br />
[LDAP]<br />
LDAP_HOST = 127.0.0.1<br />
LDAP_PORT = 389<br />
<br />
===Other notes===<br />
<br />
Use in a web browser<br />
https://[2001:470:1f13:3ff:2a9:b700:fe99:792c]<br />
<br />
Ping<br />
ping6 2001:470:1f13:3ff:2a9:b700:fe99:792c<br />
<br />
===Bugs===<br />
https://bugs.koozali.org/show_bug.cgi?id=6393<br />
<br />
[[Category:SME10-Development]]<br />
[[Category:Developer]]<br />
[[Category:Advance]]<br />
[[Category:Howto]]</div>ReetPhttps://wiki.koozali.org/index.php?title=IPv6&diff=41912IPv62023-01-05T12:31:33Z<p>ReetP: /* Services */</p>
<hr />
<div>==IPv6 implementation on Koozali SME Server==<br />
<br />
Some notes on how we can implement IPv6 on Koozali SME Server<br />
<br />
This is a massive task and needs careful consideration and a lot of work.<br />
<br />
Initial bug:<br />
https://bugs.koozali.org/show_bug.cgi?id=6393<br />
<br />
Feel free to add notes and comments.<br />
<br />
{{Warning box|Code below is highly experimental. Do NOT try it on a production server.}}<br />
<br />
===Commentary===<br />
<br />
As IPv4 address availability has decreased, the world is slowly starting to use IPv6.<br />
<br />
A fundamental block to adoption of IPv6 has been the lack of backwards compatibility. Yes, you could go full IPv6 only, assuming all your devices can handle it, but as most of the world still runs IPv4 you have to manage that. <br />
<br />
Essentially every service and app has to be written to allow for both IPv4 AND IPv6. aka 'Dual Stack'.<br />
<br />
That means duplicating a lot of work, and due to the nature of IPv6 - it was not designed to handle NAT, and every device is meant to have a routable public IP - this means added complexity and security considerations. That makes it more difficult for Koozali in Server/Gateway mode.<br />
<br />
Carriers have found it easier to use CGNAT - double NAT - than deal with the issue of rolling out IPv6.<br />
<br />
Some countries have rolled IPv6 out, some are in the process, and many have not at all.<br />
<br />
Even where IPv6 has been rolled out, not all ISPs offer it.<br />
<br />
IPv6 has been around for 25 years and is still a very long way from widespread adoption. It may well be another 25 years before the world is fully IPv6, and IPv4 will still exist for a long time come thereafter.<br />
<br />
===List of areas to be considered===<br />
<br />
====Config entries====<br />
<br />
There are a couple of instances where a key is already used:<br />
<br />
config show IPv6<br />
<br />
We should use this as the basis for IPv6 settings.<br />
<br />
====IP addresses====<br />
<br />
I have no IPv6 from my provider so set up a 6to4 tunnel account with Hurricane:<br />
<br />
https://tunnelbroker.net/<br />
<br />
You can set up a free account and obtain a /64block<br />
<br />
The following testing was done with a server in server only mode as this is the easier scenario.<br />
<br />
My server is behind a Mikrotik router. I first set up the Mikrotik to handle the IPv6. Then I worked on the server.<br />
<br />
The server will pick up an IPv6 address automatically from the tunnel via the router. It will need further configuration for SME to handle the tunnel instead of the router. However, this is sufficient for basic testing.<br />
<br />
Remember that IPv6 address are public facing. I have not done any work on firewalling.<br />
<br />
Some other brief thoughts:<br />
<br />
* Tunneled 6to4<br />
* Native IPv6 block from ISP<br />
* DHCP/DNS in Koozali<br />
* Routed using public IP and private address space?<br />
<br />
====Enable networking====<br />
<br />
{{Warning box|Code below is highly experimental. TESTING ONLY. Do NOT try it on a production server as you will almost certainly get hacked}}<br />
<br />
IPv6 currently disabled.<br />
<br />
Get your Gateway IP "Server IPv6 Address:" and set it here:<br />
<br />
IPv6=service<br />
status=enabled<br />
Gateway=2001:470:79c1:5ff::1<br />
<br />
This seems to get it started:<br />
<br />
mkdir -p /etc/e-smith/templates-custom/etc/sysctl.conf<br />
nano /etc/e-smith/templates-custom/etc/sysctl.conf/net.ipv6<br />
<br />
{<br />
if ( ($IPv6{status} || 'disabled') ne "enabled" ) {<br />
$OUT .= "# IPv6 is disabled\n";<br />
$OUT .= "net.ipv6.conf.all.disable_ipv6 = 1\n";<br />
$OUT .= "net.ipv6.conf.default.disable_ipv6 = 1\n";<br />
}<br />
else {<br />
$OUT .= "# IPv6 is enabled\n";<br />
$OUT .= "net.ipv6.conf.all.disable_ipv6 = 0\n";<br />
$OUT .= "net.ipv6.conf.default.disable_ipv6 = 0\n";<br />
}<br />
}<br />
<br />
mkdir -p /etc/e-smith/templates-custom/etc/sysconfig/network-scripts/ifcfg-ethX<br />
nano /etc/e-smith/templates-custom/etc/sysconfig/network-scripts/ifcfg-ethX/60IPV6<br />
<br />
{<br />
if ($IPv6{'status'} eq "enabled") {<br />
$OUT .= "IPV6INIT=yes";<br />
$OUT .= "IPV6_AUTOCONF=yes";<br />
$OUT .= "IPV6_DEFROUTE=yes";<br />
$OUT .= "IPV6_PEERROUTES=yes";<br />
$OUT .= "IPV6_FAILURE_FATAL=yes";<br />
$OUT .= "DNS0=2001:4860:4860::8888"; # Google DNS - you may want to change them!!<br />
$OUT .= "IPV6_PRIVACY=no";<br />
} else {<br />
return "IPV6INIT=no";<br />
}<br />
<br />
mkdir -p /etc/e-smith/templates-custom/etc/sysconfig/network-scripts/route-ethX<br />
nano /etc/e-smith/templates-custom/etc/sysconfig/network-scripts/route-ethX/08Gateway<br />
<br />
{<br />
return "" unless (defined $GatewayIP && (<br />
($SystemMode eq 'serveronly' && $InternalInterface{Name} eq $THIS_DEVICE ) ||<br />
($ExternalInterface{Name} eq $THIS_DEVICE) ));<br />
$OUT .= "$GatewayIP dev $THIS_DEVICE\n";<br />
$OUT .= "default via $GatewayIP dev $THIS_DEVICE\n";<br />
if ($IPv6{'status'} eq "enabled") {<br />
$OUT .= "$IPv6{'Gateway' dev $THIS_DEVICE\n";<br />
$OUT .= "default via $IPv6{'Gateway'} dev $THIS_DEVICE\n";<br />
}<br />
}<br />
<br />
{{Warning box|If you run the following command your server will have a public IP and NO firewall. You have been warned}}<br />
<br />
signal-event post-upgrade;signal-event reboot.<br />
<br />
You should get an automatic IP assigned from your Hurricane pool.<br />
<br />
ip addr show eth0<br />
<br />
3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000<br />
link/ether ca:94:35:c2:d6:e1 brd ff:ff:ff:ff:ff:ff<br />
inet 192.168.10.212/24 brd 192.168.10.255 scope global eth0<br />
valid_lft forever preferred_lft forever<br />
inet6 2001:470:79c1:5ff:c894:35ff:fec2:d6e1/64 scope global mngtmpaddr dynamic <br />
valid_lft 2591951sec preferred_lft 604751sec<br />
inet6 fe80::c894:35ff:fec2:d6e1/64 scope link <br />
valid_lft forever preferred_lft forever<br />
<br />
Try a ping6 <br />
<br />
ping6 ipv6.google.com<br />
PING ipv6.google.com(mad06s10-in-x0e.1e100.net (2a00:1450:4003:808::200e)) 56 data bytes<br />
64 bytes from mad06s10-in-x0e.1e100.net (2a00:1450:4003:808::200e): icmp_seq=1 ttl=117 time=56.2 ms<br />
64 bytes from mad06s10-in-x0e.1e100.net (2a00:1450:4003:808::200e): icmp_seq=2 ttl=117 time=55.5 ms<br />
<br />
<br />
See the bug for some more templates that we might be able to use.<br />
<br />
====Firewall====<br />
<br />
ip6tables<br />
<br />
====Server/Gateway====<br />
<br />
Routing<br />
<br />
====DNS/DHCPD====<br />
<br />
DNS (PiHole in a docker container?)<br />
<br />
<br />
====Services====<br />
<br />
List of other affected services and vague efforts to get IPv6 running for them.<br />
<br />
httpd<br />
<br />
email<br />
<br />
smbd<br />
<br />
mysql (already listens for tcp6/3313)<br />
<br />
ntpd (already listens on udp6/123)<br />
<br />
sshd as below<br />
<br />
ldap as below<br />
<br />
SSH (bad hack here so careful as this may open your server up to remote access)<br />
<br />
mkdir /etc/e-smith/templates-custom/etc/ssh/sshd_config<br />
nano /etc/e-smith/templates-custom/etc/ssh/sshd_config/15ListenAddress<br />
<br />
{<br />
my $access = $sshd{'access'} || 'private';<br />
my $address = ($access eq "public") ? "0.0.0.0" : "$LocalIP";<br />
# Not sure how we allow for 'Local IP only' with IPv6<br />
# Possibly limit it to the local subnet?<br />
if ($IPv6{status} eq "enabled") { <br />
$OUT .= "ListenAddress ::\n";<br />
$OUT .= "ListenAddress $address\n";<br />
} else {<br />
$OUT .= "ListenAddress $address\n";<br />
}<br />
}<br />
<br />
signal-event remoteaccess-update<br />
<br />
Then try:<br />
<br />
ssh root@2001:470:1f13:3ff:2a9:b700:fe99:792c<br />
<br />
LDAP<br />
<br />
mkdir -p /etc/e-smith/templates-custom/etc/sysconfig/slapd<br />
nano /etc/e-smith/templates-custom/etc/sysconfig/slapd/40OPTIONS<br />
<br />
Add this code:<br />
<br />
{<br />
{<br />
# Any custom options<br />
#SLAPD_OPTIONS=" -4 -d { $ldap{LogLevel} || 256 } -s 0 "<br />
my $slapdOptions = "#Test";<br />
my $logLevel = $ldap{LogLevel} || 256;<br />
if ($IPv6{'status'} eq "enabled") {<br />
$slapdOptions = "SLAPD_OPTIONS=\"-d $logLevel -s 0\" " ;<br />
} else {<br />
$slapdOptions = "SLAPD_OPTIONS=\"-4 -d $logLevel -s 0\" " ;<br />
}<br />
$OUT .= "# Any custom options\n";<br />
$OUT .= "$slapdOptions\n";<br />
}<br />
<br />
Edited the unit file /usr/lib/systemd/system/ldap.service to comment out the Environment line and just leave the config file<br />
<br />
#Environment="SLAPD_URLS=ldap:/// ldaps:/// ldapi:///" "SLAPD_OPTIONS=-4 -d 256 -s 0"<br />
EnvironmentFile=/etc/sysconfig/slapd<br />
<br />
systemctl daemon-reload<br />
systemctl restart ldap.service<br />
<br />
===Other notes===<br />
<br />
Use in a web browser<br />
https://[2001:470:1f13:3ff:2a9:b700:fe99:792c]<br />
<br />
Ping<br />
ping6 2001:470:1f13:3ff:2a9:b700:fe99:792c<br />
<br />
===Bugs===<br />
https://bugs.koozali.org/show_bug.cgi?id=6393<br />
<br />
[[Category:SME10-Development]]<br />
[[Category:Developer]]<br />
[[Category:Advance]]<br />
[[Category:Howto]]</div>ReetP