Author: Gareth Eaton

Install File Browser and adding SSL

Gareth Eaton

As root execute the following.

  • curl -fsSL https://raw.githubusercontent.com/filebrowser/get/master/get.sh | bash

That’s it for installation!

Testing filebrowser

  • filebrowser -p 8080 -a 134.122.27.34 -r /path/to/your/files

-p is the port to listen on
-a is the IP address to listen on
-r is the root directory that you’d like to serve. In most cases on Unix, this is /var/www/html/

In a web browser, you can go to your IP address or domain name with the port that you specified. The default credentials are as follows.

Username: admin
Password: admin

AUTO START ON REST

Since the database is automatically created for us, let’s create a file in the /etc/ directory called filebrowser.json

Please update the configuration file with values that are appropriate for your system.

{
“port”: 8080,
“baseURL”: “”,
“address”: “134.122.27.34”,
“log”: “stdout”,
“database”: “/etc/filebrowser.db”,
“root”: “/var/www/”
}

Now execute this command to activate filebrowser….

  • filebrowser -c /etc/filebrowser.json

How to Run filebrowser on Boot

Let’s make a system daemon to startup filebrowser when the system starts up. These instructions were written with an Ubuntu operating systems in mind.

Create the following file at /etc/systemd/system/filebrowser.service

[Unit]

Description=File Browser

After=network.target

[Service]

ExecStart=/usr/local/bin/filebrowser -c /etc/filebrowser.json

[Install]

WantedBy=multi-user.target

To enable and start the filebrowser service, run the following commands.

  • systemctl enable filebrowser.service
  • systemctl start filebrowser.service

How to Install an SSL Certificate for filebrowser

This can be a little fiddly.

You will need a Domain and in the A in records point it to a Public IP address, set up the port forwarding from port 80 to the internal IP port 80 (this is just for now)

Install a web server

  • apt install apache2

install Certbot

Step 1 – Installing Certbot

Certbot is a tool to obtain certificates from Let’s Encrypt and configure on your web server. Snap package is the easist way for installing certbot on Ubuntu system.

You might have to run this first…

  • sudo apt update
  • sudo apt install snapd
  • sudo snap install snap-store
  • sudo snap install –classic certbot

if you get an error you can try

  • sudo apt install fuse squashfuse

NOTE: Snaps rely on certain Linux kernel features which are not available under containerized servers like those running under openvz, so if you get an error use,

  • sudo apt install certbot

when installed 

  • certbot certonly –apache -d your_domain_name

when installed copy the following…

 

 

Congratulations! Your certificate and chain have been saved at:

   /etc/letsencrypt/live/drive.itsnotgoogle.com/fullchain.pem

   Your key file has been saved at:

   /etc/letsencrypt/live/drive.itsnotgoogle.com/privkey.pem

   Your certificate will expire on 2022-10-13. To obtain a new or

   tweaked version of this certificate in the future, simply run

   certbot again. To non-interactively renew *all* of your

   certificates, run “certbot renew”

now add them to the filebrowser.json

  • cd etc
  • nano filebrowser.json

“port”: 8080,
“baseURL”: “”,
“address”: “192.168.0.63”,
“log”: “stdout”,
“database”: “/etc/filebrowser.db”,
“root”: “/var/www/”,
“cert”: “/etc/letsencrypt/live/drive.itsnotgoogle.com/fullchain.pem”,
“key”: “/etc/letsencrypt/live/drive.itsnotgoogle.com/privkey.pem”

  • systemctl restart filebrowser.service
  • systemctl status filebrowser.service

Now change the port forwarding to

port 443 & port 8080

port 443 is use by the web browser for SSL.

Enable /etc/rc.local with Systemd

Gareth Eaton

If you are running a Linux distro that uses Systemd, then you may find that your command in /etc/rc.local file would not run at system boot time. This guide explains how to enable /etc/rc.local script to run on system startup.

As root user

  • systemctl status rc-local

if it says – Active: inactive (dead)

then you need to enable

  • systemctl enable rc-local

if you get – The unit files have no installation config

The unit file have no Install section. As such Systemd can not enable it. First we need to create a file:

  • nano /etc/systemd/system/rc-local.service

Add the following

[Unit]
 Description=/etc/rc.local Compatibility
 ConditionPathExists=/etc/rc.local

[Service]
 Type=forking
 ExecStart=/etc/rc.local start
 TimeoutSec=0
 StandardOutput=tty
 RemainAfterExit=yes
 SysVStartPriority=99

[Install]
 WantedBy=multi-user.target

To exit the file, Press Ctrl+X.

  • chmod +x /etc/rc.local

Make a rc-local file

  • printf ‘%s\n’ ‘#!/bin/bash’ ‘exit 0’ |  tee -a /etc/rc.local

add execute permission to /etc/rc.local file.

  • chmod +x /etc/rc.local

enable the service on system boot:

  • systemctl enable rc-local

Output should be – Created symlink /etc/systemd/system/multi-user.target.wants/rc-local.service -> /etc/systemd/system/rc-local.service.

Start the service and check its status

  • systemctl start rc-local.service
  • systemctl status rc-local.service

The output should be – Active: active (exited) since Fri 2022-07-15 15:57:31 UTC; 7s ago

Now you can – nano /etc/rc.local – edit as needed

Build your own PRIVATE search engine – Using SearXNG

Gareth Eaton

Setup a server running Ubuntu 20.04 or Debian 11

We was using Debian 11 in a Container hosted in Proxmox

Login as root and update.

  • apt install && sudo apt upgrade -y

Install Docker

  • curl -fsSL https://get.docker.com -o get-docker.sh
  • sudo sh get-docker.sh

Install docker-compose

  • apt install docker-compose -y

Now we can move to the directory where we want to install Searx and using git
NOTE: if you don’t have git installed install it – apt install git

  • cd /usr/local
  • git clone https://github.com/searxng/searxng-docker.git

Verify that it copied correctly in to your current directory

  • ls

Now change in to the new directory

  • cd searxng-docker

adjust the content of the .env file

  • nano .env

Add you host name to SEARXING_HOSTNAME= your_host_name_here

If you want to use a SSL remove the # on the LETSENCRYPT= <email> and add you email address

exit the file using Ctrl+X hit “Y” and then “Enter”

Run this command to generate a key

sed -i “s|ultrasecretkey|$(openssl rand -hex 32) |g” searxng/settings.yml

Now to start SearX run this command

sudo docker-compose up -d

If you want to auto restart your on a reboot you will need to edit the docker-compose.yaml file

  • nano docker-compose.yaml

add restart: always after the followsing

environment:
– SEARXNG_HOSTNAME=${SEARXNG_HOSTNAME:-http://localhost:80}
– SEARXNG_TLS=${LETSENCRYPT_EMAIL:-internal}

…….

tmpfs:
– /var/lib/redis

……..

environment:
– SEARXNG_BASE_URL=https://${SEARXNG_HOSTNAME:-localhost}/

 

now restart SearX

  • sudo docker-compose up -d

 

 

 

 

 

 

OBS to ZOOM

Gareth Eaton

Install OBS

  • sudo apt install ffmpeg
  • sudo add-apt-repository ppa:obsproject/obs-studio
  • sudo apt update
  • sudo apt install obs-studio

VIDEO

  • Down load and install v4l2 sink
  • sudo apt-get install v4l2loopback-dkms

Run v4l2 loopback

  • sudo modprobe v4l2loopback devices=1

See where the Dummy video is running to

  • v4l2-ctl –list-device

Open OBS
goto the Tool puldown and open v4l2 and set the the path

SOUND

  • pactl load-module module-null-sink sink_name=Virtual-Speaker sink_properties=device.description=Virtual-Speak
  • pactl load-module module-remap-source source_name=Remap-Source master=Virtual-Speaker.monitor

Now in OBS in the setting Audio-Advanced Monitoring Device to Virtual-speaker

In Zoom
For the video set to Dummy
For the Sound set to Remap Virtual-Speaker

Install web-server on Ubuntu 20.04 server

Gareth Eaton

We will show you how to install a web-server with EHCP Force Edition and Webmin control panel. 

NOTE:  Your ISP might block ports needed to run a Webserver, check with them first to see if they block ports, also your will need a public IP address. 

( EHCP Force Edition supports dynamic IP addresses by installing EHCP Force Edition on your home server, and then use Dynamix & its client software on your server to setup and use dynamic DNS. )

Your will also need to open ports on the rougher and port forward them to the IP address you are going to use for the server.  (You need to open ports 20,21,22,25,53,80,110,143,443,10000 on your server and on your modem/firewall/router. If you have no firewall on your server, you don’t need to do anything on your server.)

We are assuming you have followed the instructions on “Installing Ubuntu 20.04 server on VirtualBox” and this is a follow on from that post.

SSH into your server and go to the root dir using sudo -i

Installing webmin

First you will need to add need to add the Webmin repository so that we can install and update Webmin using our package manager.  To do this you will need to edit the Sources.list

Open the file in your preferred editor. We will use nano

  • sudo nano /etc/apt/sources.list

Then add this line to the bottom of the file to add the new repository:

  • deb http://download.webmin.com/download/repository sarge contrib

Save the file and exit the editor. If you used nano, do so by pressing CTRL+X, Y, then ENTER.

Next, you’ll add the Webmin PGP key so that your system will trust the new repository. 

Following that, download the Webmin PGP key with wget and add it to your system’s list of keys:

  • wget -q -O- http://www.webmin.com/jcameron-key.asc | sudo apt-key add

Now to update and install

  • sudo apt update
  • sudo apt install webmin
Once the installation finishes, you’ll be presented with the following output:
Webmin install complete. You can now login to https://your_server:10000/
as root with your root password, or as any user who can use sudo
to run commands as root.
 
I have always had to use the server IP address and not the server name so change the name to the IP address of the server.
 —-
Note: If you installed and enabled ufw during the prerequisite step, you will need to run the following command in order to allow Webmin through the firewall:
 
  • sudo ufw allow 10000
 For extra security, you may want to configure your firewall to only allow access to this port from certain IP ranges.

Installing Easy Hosting Control Panel - Force Edition

1st your will need to change the IP address to a Static configuration, to do this we will use Webmin.

Login to webmin by typing in HTTPS://YOUR_SERVER IP_ADDRESS:10000,

go to Networking – Network Configuration – Network Interfaces

click on the Bootup Interface and change it to a  Static configuration. Add the IP Address you would like to use (E.g. 192.168.??.??), and the netmask of 255.255.255.0

Now Save and go to Routing and Gateways, change the Gateway to you rougher address.

Now go to Hostname and DNS Client change the DNS to 8.8.8.8 and 8.8.4.4

Save and Apply Configuration, Clicking the button to activate the current boot-time interface and routing settings, as they normally would be after a reboot. 

Be careful if you have a different IP address then the one in the address field, this may make your system inaccessible via the network,  and cut off access to Webmin.

 
 
 

Install EHCP

Download & Install EHCP Force Edition (Stable)

To download and install the latest “stable” version of EHCP Force Edition, use the following commands at the terminal prompt:

  • wget -O “ehcpforce_stable_snapshot.tar.gz” -N https://github.com/earnolmartin/EHCP-Force-Edition/releases/download/1.1.1.1/ehcpforce_stable_snapshot.tar.gz
  • tar -zxvf “ehcpforce_stable_snapshot.tar.gz”
  • cd ehcp
  • sudo bash install.sh

You can Install EHCP Force Edition in unattended mode (installs all software without prompts and generates passwords) you will need to make note of the passwords if you use this, I personally don’t like this mode as I like to use password I can remember, but if you use passwords you generate make sure they’re strong. 

Add a working email – this is needed to send warnings etc…

Install extra software in addition to EHCP Force Edition – you may choose to do this but it will take extra space, time to install, and can slow down your server. I don’t install them.

Now sit back and wait…

After the install, you will have a working web server, you can access by adding your server IP in the address line of the web browser, but there are still some things you need to do finish the webserver off. 

Let’s look at that now….

  • EHCP Setup

Installing Ubuntu 20.04 server on VirtualBox

Gareth Eaton
  • VirtualBox installed
  • Download Ubuntu 20.04 server

Downloading Ubuntu 20.04 server

Setting up VirtualBox

1st Create a Virtual Machine by going to Machine – New or press crtl N

Add the Name of the Machine E.g. server, change the type to Linux and Version to Ubuntu (64-bit)

NEXT

MEMORY SIZE  – Set the Memory size, for now,use 1024MB you can change it later if you need to. 

NEXT

HARD DISK –  again use the default, Create a virtual hard disk now and click on Create. 

HARD DISK FILE TYPE – use VDI – NEXT 

Now we or going to use Dynamically allocated – A dynamically allocated hard disk file will only use space on your physical hard disk as it fills up (up to a maximum fixed size). – NEXT

Set it to 60 GB – click on Create.

Now it will appear on the right hand side of the main interface.

 

Settings

Click on your server which should change color to indicate that you have selected it. Click on the Setting button, on the top of the main interface on the left-hand side. 

Go to Network and change the Attached to: to Bridged Adapter.

Now click on Storage under the Controller: IDE you should see an Empty disk, select it, and now on the right hand-side  you should see Attributes – Optical Drive:  click on the Disk Icon on the right and choose a disk file.  Navigate to the Ubuntu-20.04 File select it and Open. Now the Controller: IDE should show the Ubuntu 20.04 file.

Click on OK

 

Start your server

Now you should be able to start your server.  Press Start, it will open a box to run the server in, (you will need to use the keyboard to navagate, the mouse will not work) now you should  boot to the welcome screen, select your language,  and [update to new installer].

When it’s finished the update click done. Now you should be on the Network connections page. Make a note of the DHCP IP address you will need it later, click Done.  If you use a Proxy set the address now, if your saying whats a Proxy leave it blank.  Click Done.

Ubuntu archive – Click Done

Storage Configuration – Use the tab button on your keyboard to highlight the Done button and click it.  and Done again on the next screen. tab button to highlight continue and press it.

Now answer the questions, 

for the server’s name use lower case and no spaces.  

Done when finished.  

SSH Setup

Now press your space bar to put an X in the Install OpenSSH server and tab to Done.

Featured Server Snaps

If you know you will need any on the list use tab and space to select, else go to Done.  

Now make a coffee and wait… 

When done Reboot

Using SSH to Access you server.

Now when your server has rebooted open a Terminal. We use Linux mint so we press Ctrl alt T, but if you use windows you will need to install third-party application called PuTTY.

For PuTTY – Type the host name or IP address of the SSH server into the “Host name (or IP address)” box. Ensure the port number in the “Port” box matches the port number the SSH server requires,  port 22 by default, Click “Open” to connect.

For Linux Terminal type the following.

ssh YOUR IP ADDRESS -l YOUR USER NAME

For me that would be the following….

ssh 192.168.0.105 -l myusername

Type yes for the fingerprint, and type in the password you setup for your server. 

 

 
 
 

Update the server

Update the server before installing  software, in the teminal type the following…

  • sudo -i
  • apt update
  • apt full-upgrade
This might take some time… 
 
When finished your ready to install the server software… 

See…

  1. Install web-server

Certbot Commands

Gareth Eaton

List All Certificats

  • certbot certificates

Delete a Certbot SSL Certificate

  • certbot delete –apache -d

This command will offer an index from which you can select the domain name

  • sudo certbot delete
  • To delete a Certbot certificate by including the domain name in the command like this:
  • certbot delete –cert-name example.com

Issue or Renew an SSL certificate

The –force-renewal, –duplicate, and –expand options control Certbot’s behavior when re-creating a certificate with the same name as an existing certificate. If you don’t specify a requested behavior, Certbot may ask you what you intended.

–force-renewal tells Certbot to request a new certificate with the same domains as an existing certificate. Each domain must be explicitly specified via -d. If successful, this certificate is saved alongside the earlier one and symbolic links (the “live” reference) will be updated to point to the new certificate. This is a valid method of renewing a specific individual certificate.

–duplicate tells Certbot to create a separate, unrelated certificate with the same domains as an existing certificate. This certificate is saved completely separately from the prior one. Most users will not need to issue this command in normal circumstances.

–expand tells Certbot to update an existing certificate with a new certificate that contains all of the old domains and one or more additional new domains. With the –expand option, use the -d option to specify all existing domains and one or more new domains.

  • certbot –expand -d existing.com,example.com,newdomain.com
  • certbot –apache -d example.com

Revoking certificates

If your account key has been compromised or you otherwise need to revoke a certificate, use the revoke command to do so. Note that the revoke command takes the certificate path (ending in cert.pem), not a certificate name or domain.

  • certbot revoke –cert-path /etc/letsencrypt/live/CERTNAME/cert.pem

You can also specify the reason for revoking your certificate by using the reason flag. Reasons include unspecified which is the default, as well as keycompromise, affiliationchanged, superseded, and cessationofoperation:

  • ertbot revoke –cert-path /etc/letsencrypt/live/CERTNAME/cert.pem –reason keycompromise

Additionally, if a certificate is a test certificate obtained via the –staging or –test-cert flag, that flag must be passed to the revoke subcommand. Once a certificate is revoked (or for other certificate management tasks), all of a certificate’s relevant files can be removed from the system with the delete subcommand.

Note

If you don’t use delete to remove the certificate completely, it will be renewed automatically at the next renewal event.

This site works only in browsers with SNI support

Gareth Eaton
 

If you have a shared hosting, a cloud or virtual or dedicated server or service hosting multiple domains, it is normal to face the message.

This site works only in browsers with SNI support.

It’s not an error, it’s a warning message.

It is a thing related to IPv4 and initial days with TLS. We are trying to explain the implication of the error message and in very short, for ordinary websites like a personal website such error in general has no negative impact.

Number of IPv4 is limited and IPv6 unfortunately not so much popular yet. 

Server With SNI, can enable multiple SSL certificates on a single IP.

Some websites have one IP = Website, you can imagen that will use limeted IP address fast,  so we use SNI. SNI stands for server name indication, this means that one IP on a server can open multiple domains, then obviously the IP will not open one website.

So if you see this warning message it means that your website is on a server that is using SNI.

 
 
 

Installing Certbot on Ubuntu 20.04

Gareth Eaton
 
  • Step 1 – Installing Certbot

Certbot is a tool to obtain certificates from Let’s Encrypt and configure on your web server. Snap package is the easist way for installing certbot on Ubuntu system.

You might have to run this first…

  • sudo apt update
  • sudo apt install snapd
  • sudo snap install snap-store

Open a terminal and execute below command to install certbot:

  • sudo snap install --classic certbot

if you get an error you can try

  • sudo apt install fuse squashfuse

Snaps rely on certain Linux kernel features which are not available under containerized servers like those running under openvz, so if you get an error use,  sudo apt install certbot

Step 2 – Generate SSL Certificate

Now, You can request SSL certificates from Let’s encrypt based on the web server.

  1. Apache – The systems running Apache web server, execute the following command. This will list all the domains/sub-domains configured on your web server. Select appropriate numbers to request certificate.
    sudo certbot --apache

    We also use the following to install on a domain.

    sudo certbot - apache -d yourdomain.com
  2. Nginx – For the systems running Nginx web server, use below command to request for the SSL certificates.
    sudo certbot --nginx
  3. Other Web Server – For the system having any other web servers running except Apache or Nginx. Then you can get the certificate only and configure them manually.

    This command will ask you for domain name and document root for the domain.

    sudo certbot certonly --webroot
  4. No Web Server – The systems have no web server running, can also request a ssl certificate. Below command will ask your for the domain name and start a temporary web server on port 80 to complete the verification.
    sudo certbot certonly --standalone

In all of the above cases, the domain must be pointed to your server from dns. Also insure that /.well-known/acme-challenge are served by the webserver.

Step 3 – Test SSL

Once the SSL certificate is installed on the web server, visit https://your-domain.com/ in a web browser and look for the SSL lock icon in the URL bar. You can also do a security scan for the SSL setup on https://www.ssllabs.com/ssltest/.

 

Step 4 – Renew SSL Certificate

Let’s encrypt certificates are issues for 3 months only. You can renew certificate before 30 days of expiry. Certbot allows you a hassle free renewal just by running a single command.

Run the below command to renew all the certificates on that system.

sudo certbot renew

You can also run a dry run without actual renewal. This will help you to test if SSL renewal perform well.

sudo certbot renew --dry-run
WordPress Appliance - Powered by TurnKey Linux