Saturday, February 11, 2017

How to mount QNAP shared folder in Linux

QNAP is the popular Network Attached Storage(NAS) are systems that consist of one or more hard drives. For more information about QNAP refer to this link here.
In this how to am going to show you how to mount a shared folder in QNAP in your machine running Linux. To mount the shared folder follow the steps below:

1. Log in to your NAS and create a shared folder.

a. Login to your NAS and go to Control Panel --> Previlege Settings --> Shared Folders


b. Create a shared folder by clicking Create then select Shared Folder, give a folder any name of your preference then create.


c. After creating the folder edit Folder Shared Permission which is found on Action section.
On select permission type choose NFS host access then access rights choose No Limit, on Host/IP/Network you may specify your network or leave it black.


Click Apply to save your settings.


2. Login to your linux machine and mount the shared folder.

a. Create a mount folder in your computer

$cd /home/james/Documents/
$ mkdir MyBackup
I have created a folder in my Document named MyBackup. 

 b. Install nfs helper program by command below.

$sudo apt-get install nfs-common 

 c.Mount the partition by running below command.

$sudo mount -t nfs A.B.C.D:/MyData /home/james/Documents/MyBackup 

 where: A.B.C.D is IP address of QNAP server.

 After running the command go your computer and you will see the shared folder mounted with exactly size.

Which means anything saved in this shared folder in your computer will be uploaded directly to your NAS.

3.To unmount the shared folder anytime run the following command.

$sudo umount -t nfs A.B.C.D:/MyData /home/james/Documents/MyBackup

Enjoy.

Saturday, October 29, 2016

How to create and activate SSL self-signed certificate in Ubuntu 16.04/14.04

When running server with critical applications which involves credit card transactions,data transfer and logins, security is first thing you should put in mind, this lab is going to show you how to install self-signed certificate from scratch, the certificate will ensure secure connection between your server and clients.
To create and apply certificate follow simple steps below:


1. Update your system and install Apache
This step assumes that the server is new and apache is not yet installed, if already installed move to step 2
sudo su 
apt-get update
apt-get install apache2

To test if your apache is well installed, open your server IP/hostname on your browser and you you will see APACHE2 UBUNTU DEFAULT PAGE, otherwise restart apache,

 /etc/init.d/apache2 restart

2. Create the certificate
Run below command to create your certificate
mkdir /etc/apache2/ssl
openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt

This certificate will be valid for 10 years, but if you want the certificate to be valid for few years change the value 3650 by indicating how many days the certificate to be valid.

After running second command above it will ask you to provide information about your company, below is example

What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:TZ
State or Province Name (full name) [Some-State]:ARUSHA
Locality Name (eg, city) []:ARUSHA
Organization Name (eg, company) [Internet Widgits Pty Ltd]:JARASYOLA LTD
Organizational Unit Name (eg, section) []:ICT
Common Name (e.g. server FQDN or YOUR name) []:web.jarasyola.co.tz
Email Address []:administrator@jarasyola.co.tz

Now the certificate is created.

3. Configure Apache

a. Make sure that mod_rewrite, mod_ssl,  and the default SSL virtual host is enabled - you'll need these line items to be able to force visitors to use HTTPS.

a2enmod rewrite ssl
a2ensite default-ssl

b. The key must not be password protected, and it must be locked down such that only the root user can read it,
chmod 600 /etc/apache2/ssl/apache.key

c. Configure Apache to read new certificates
Change these lines in /etc/apache2/sites-enabled/default-ssl.conf, open the file

vim /etc/apache2/sites-enabled/default-ssl.conf
 and change:

 From:
SSLCertificateFile      /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
To:
SSLCertificateFile  /etc/apache2/ssl/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/apache.key

d. Add the following in /etc/apache2/sites-available/000-default.conf


        <Directory "/var/www/html">

            Options FollowSymLinks

            AllowOverride All

        </Directory>

This assumes /var/www/html is your document root. e. Restart Apache

/etc/init.d/apache2 restart

4. Push visitors to HTTPS

Now as you certificate is installed and apply, to push visitors to HTTPS, put something similar to the following snippet into /var/www/html/.htaccess





RewriteEngine On
# Redirect all HTTP traffic to HTTPS.
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://SERVERHOSTNAME/IPADDRESS/$1 [R,L]

Change SERVERHOSTNAME/IPADDRESS to actual server hostname/ip address.



Now your server is secure and all your traffic from your server to browser (client) is encrypted.


Friday, October 14, 2016

Updating calling rates in A2billing

It's normal for VOIP providers to update their rate cards once and a while and this may cause issues especially getting loss when the rates are increased.

I wrote a tutorial a while ago on how to create the rate in A2billing, to update rates may be very challenging sometimes, here are two options,  either updating the rates in mysql database or creating new ratecard, the later is simple.

Use the steps below to update the rates.

1. Create a new ratecard
    RATES -->Rate Cards --> Add RateCard


2. Login in mysql and edit the new rate card with per instruction found on my last post found here.

When updating the commands remember to change idtariffplan to match the ID of your new rate card, example

mysql> SELECT id,tariffname FROM cc_tariffplan;
+----+-----------------------+
| id | tariffname            |
+----+-----------------------+
|  1 | Ratecard1             |
|  2 | Ratecard2             |
|  3 | Ratecard141016  |
+----+-----------------------+

New rate card ID is 3, the command will be 

UPDATE cc_ratecard SET buyrate = rateinitial WHERE idtariffplan = 3

3. Apply the new rate card
Go to:

RATES --> Call Plan --> Update Call Plan with new rate card.


Hope it will help someone, drop comment if you face any issue.

Happy Nyerere day!!






Saturday, September 24, 2016

Replicating Emails between two mail servers by Dovecot dsync

If you're running mail server for large ISP, sometimes we may need to think of replicating your emails in two servers for redundancy, this is very possible if your are running Linux mail server with postfix, dovecot and mysql, and this is archived by using Devocot dsync.

dsync is Dovecot's mailbox synchronization utility. It can be used for several different use cases: Two-way synchronization of mailboxes, creating backups of mails, and convert mailboxes from/to different mailbox formats. All of these can be used within the same server or between different servers (via ssh(1) or tcp connections). Remote mailboxes can be accessed also via IMAP protocol, which allows using dsync for mailbox migration purposes.

Below is configuration on how to sync emails between two servers, Server A is fully configured original server and server B is new server which you will sync emails from Server A, make sure Server B is fully configured also, then follow the steps below to sync emails between server A and B.

Server A
Backup/export the email database from original server

mysqldump -u [username] -p [database name] > [database name].sql

eg. if my database is mail and user is postfix the command will be,

mysqldump -u postfix -p mail > emailbackup.sql

Server B
Restore/import email database to second server.

mysql -u [username] -p newdatabase < [database name].sql


The following configuration should be done on both servers

a.  Enable notify and replication plugins
Open the file,

/etc/dovecot/conf.d/10-mail.conf

and add the following,

# Enable globally the notify and replication plugins
# This will then apply to all protocols dovecot supports
mail_plugins = notify replication

b. Enable iterative _query
Open the file
/etc/dovecot/dovecot-sql.conf.ext or /etc/dovecot/dovecot-sql.conf , according to your settings and add the following or just un-commenting the existing one.

iterate_query = SELECT username AS user FROM mailbox WHERE active = '1';

c. Create the dsync configuration file 

 # vi  /etc/dovecot/conf.d/30-dsync.conf

and add the following:

# From here
# This sets globally the port needed to connect # Configure the aggregator service for notifications
service aggregator {
    fifo_listener replication-notify-fifo {
        # Your mail user that's managing files generally is used here
        user = vmail
        mode = 0666
    }
    unix_listener replication-notify {
        user = vmail
        mode = 0666
    }
}


# Configure the replicator service
service replicator {
    process_min_avail = 1
    unix_listener replicator-doveadm {
        mode = 0666
    }
}
service doveadm {
     user = vmail
    inet_listener {
        # port to listen on
        port = 12345
        # enable SSL
        #ssl = yes
    }
}

doveadm_port = 12345
doveadm_password = dovecot password
# Configure target hosts for replication
# tcps can be tcp if you don't want to connect with SSL
# :port can be omitted if it's the default set globally for doveadm

plugin {

    mail_replica = tcp:replica_server_IP
}

service config {
  unix_listener config {
    user = vmail
  }
}

# Up to here.

d. Restart dovecot

service dovecot restart

f. If configuration is done well, run the following to check the status of syncing,

doveadm replicator status '*'

You should see the syncing is on progress.


Note,

The doveadm_password should be the same on both servers, mail_replica = tcp:replica_server_IP, for ServerA replica_server_IP is ip address of ServerB, and for ServerB replica_server_IP is ip address of ServerA.

Some usefully commands,

i. To check the replication on each server:

doveadm replicator status '*'

ii. Replicate a given email account manually

doveadm replicator replicate <email>

iii.  Replicate a given email account manually IN FULL

doveadm replicator replicate -f <email> 

iv. Check replication status. Also works without the email parameter.

doveadm replicator status <email>
Hope it helps someone, drop comments if you face any issues.





Saturday, June 18, 2016

Installing lastest version (1.4.6) of GNS3 in Ubuntu/Debian

GNS3 is a Graphical Network Simulator that allows emulation of
complex networks. In this lab am going to show you how to install the lasted version of it on Ubuntu/Debian distributions.
This lab was full tested in Debian 8 and Deepin 15. If you face any issue please drop me a comment.

1. Install dependencies

a. GNS3 dependencies

sudo apt-get install gcc
sudo apt-get install python3-setuptools
sudo apt-get install python3-dev
sudo apt-get install python3-netifaces
sudo apt-get install python3-pyqt4
sudo apt-get install python3-ws4py
sudo apt-get install python3-tornado
sudo apt-get install python3-zmq

b. Dyamips dependencies
The dynamips hypervisor is a program that emulates Cisco MIPS based router hardware, allowing you to run select IOS image files in GNS3. Using dynamips you can run IOS images for Cisco c1700, c2600, c3600, 3700, and 7200 series routers.

sudo apt-get install cmake
sudo apt-get install libelf-dev
sudo apt-get install uuid-dev
sudo apt-get install libpcap-dev

2. Install GNS3 from source

a. Download it

Check the latest release from here,
https://github.com/GNS3/gns3-gui/releases

As on time of compiling this howto the lasted release was version 1.4.6

On download section, download the file with .source.zip extension.

Use the terminal to change to directory containing the dowloand file and extract it.

unzip GNS3-1.4.6.source.zip -d GNS3-1.4.6.source
cd GNS3-1.4.6.source

The GNS3 software is made up of two main components; a server application, and a GUI application. This provides a great amount of flexibility by allowing you to run multiple servers on different PCs. Leveraging this feature, you can create large GNS3 networks.

b. Install GNS3 server

unzip gns3-server-1.4.6.zip
cd gns3-server-1.4.6/
sudo python3 setup.py install
cd ..

During installation it will download some packages online, make sure it finishes, below is expected final output
.
.
Using /usr/lib/python3/dist-packages
Finished processing dependencies for gns3-server==1.4.6

c. Install GNS3 gui

unzip gns3-gui-1.4.6.zip
cd gns3-gui-1.4.6
sudo python3 setup.py install
cd ..

During installation it will download some packages online, make sure it finishes, below is expected final output
.
.

Using /usr/lib/python3/dist-packages
Finished processing dependencies for gns3-gui==1.4.6

d. Install Dynamips Hypervisor

unzip dynamips-0.2.16.zip
cd dynamips-0.2.16/
mkdir build
cd build
cmake ..
make
sudo make install
sudo setcap cap_net_admin,cap_net_raw=ep /usr/local/bin/dynamips
cd .././..

Make sure everything finishes without any error.

d. Install IOU prerequisites

sudo apt-get install libssl1.0.0:i386
sudo ln -s /lib/i386-linux-gnu/libcrypto.so.1.0.0 /lib/libcrypto.so.4
sudo apt-get install bison
sudo apt-get install flex
sudo apt-get install git
git clone http://github.com/ndevilla/iniparser.git
cd iniparser
make
sudo cp libiniparser.* /usr/lib/
sudo cp src/iniparser.h /usr/local/include
sudo cp src/dictionary.h /usr/local/include
cd ..

e. Install GNS3 IOUYAP

unzip iouyap-0.97.zip
cd iouyap-0.97/
sudo make install
sudo cp iouyap /usr/local/bin
cd ..

f. Install VPCS

unzip vpcs-0.6.1.zip
cd vpcs-0.6.1/src
./mk.sh
sudo cp vpcs /usr/local/bin/
cd ../..

g. Install Ubridge
unzip ubridge-0.9.4.zip
cd ubridge-0.9.4/
make
sudo make install
cd ..

3. Install other supporting software Cpulimit, Virtualbox, QEMU and Wireshart

The cpulimit application allows GNS3 to reduce CPU usage when running Cisco ASA devices in GNS3. With VirtualBox installed you can link emulated VirtualBox devices with other GNS3 devices. QEMU (Quick Emulator) is another PC hypervisor, and it is used to create and run Cisco ASA and other devices in GNS3. Wireshark is a powerful packet analyzer; using Wireshark you can sniff packets from your virtual GNS3 networks and analyze them, just as you can in the real world. Enter the following commands to complete your installation.

sudo apt-get install cpulimit
sudo apt-get install virtualbox
sudo apt-get install qemu
sudo apt-get install wireshark

4. Start GNS3
gns3

Note:
If you get below message:

Please install the PyQt5.QtSvg module

Install the module using the command:

sudo apt-get install PyQt5.QtSvg


After installation of the module you will be able to run gns3 on command line without problem.