On Sat, Dec 29, 2018 at 11:28 AM Xboxboy Mageia <xboxboy.mageia(a)gmail.com>
Erik, thanks for responding.
On Mon, Dec 24, 2018 at 9:43 PM Erik Huelsmann <ehuels(a)gmail.com> wrote:
Good! Feel free to drop in whenever you feel like it. The channel may not
always be active, but I'm usually monitoring activity. You're most likely
active during my nights (I'm in Europe), but I'll try to respond as early
on the day as possible.
I forgot to mention, I'm on IRC these days as Aussie_matt (registered
name) or pilot_aus (unregistered).
Ok. So, I take it your desire is to run the setup in the Debian VM? Or
are you looking at installing in a CentOS VM?
Sorry, yes, I'll use a Debian OS guest VM, on a Centos host OS.
Sure. No problem. Is the server which hosts the VMs web-facing? (Hmm,
reading on, I think your point with the fixed IP is probably that it is
Not currently, I only have it running internally on our network: But I
wish to have LedgerSMB, and one other web app, to be accessible from
outside: I don't know the ins and outs of VPN's, but I suspect that makes
it tricky for the accountant to login. Web facing is more practical, but
more open to web threats? I could be wrong on that.
I would like LedgerSMB to be web facing to allow
A: work from home at times
B: The accountant to log in and work when required (usually year end).
I have a setup like that myself too, so we can make that work :-)
Which version of LedgerSMB did you install? Do I
remember that you're
I believe you're correct it was 1.5, as the apt repo wasn't able to do
for some reason at this point in time: Dependency related IIRC.
All advice most appreciated. I may need my hand
held significantly at
first, especially in regards to networking and security.
In order to run a secure setup, there's one very important thing you need
to have: a TLS/SSL Certificate. That will help keep the password going over
the wire, secure.
Another thought that I have is: when you want to expose only LedgerSMB's
web interface to the outside world, it's probably best to set up an
extremely strict firewall/iptables setup which forwards/filters just the
one single required port. Another idea would be to set up a (reverse)
proxy: an HTTP server running on an already public VM which forwards the
traffic to an internal server unaccessible to the internet.
Ah yes. Ok, so on my home Nextcloud install (internal only) I was able to
and use a self signed cert, but if we're going net facing, and the
accountant is going to access it, I'm guessing using Let's Encrypt or
similar is worth chasing up?
I'm all for locking firewalls down tight: I still don't fully understand
the reverse proxy concept: But I'm sure I can be guided :)
Many ideas. Please follow-up or join #ledgersmb!
I've come down sick over the break, so am yet to return to the shop to
I guess my first step is to install a Debian OS vm, and get the APT repo
hooked in and installed: Take a snapshot, then we can proceed?
Ok, so the debian install went simply. I used debian 9 (Stretch), without a
GUI. 'ip addr' gives 192.168.1.101, which sounds right, as that's my lan,
I then followed the instructions on
but I installed version 1.5, and did not add the 'test component', I don't
know what that means, sorry.
-- Hosted accounting and
Robust and Flexible. No vendor lock-in.
I was able to add the DB admin user where the prompt comes up: Now do I
need to reset/config mysql's root user and password also?
So from my desktop I tried to access via firefox 192.168.1.101:5762/setup.pl,
but it's unable to connect.
I have the VM network set to bridged, networking is my downfall, and the
other thing I suspect is that I need to open the firewall for the webserver.
All advice appreciated.