Hi guys,
thanks to the IRC guys and the apt packager I was able to get a test install done in virtual box under debian guest OS.
Good! Feel free to drop in whenever you feel like it. The channel may not always be active, but I'm usually monitoring activity. You're most likely active during my nights (I'm in Europe), but I'll try to respond as early on the day as possible.
Over the Summer (I'm in Australia) break I might have enough time to get stuck into installing it for production.
I have a server at my business with CENTOS as the host, with all my other apps running in virtual box VM's.
Ok. So, I take it your desire is to run the setup in the Debian VM? Or are you looking at installing in a CentOS VM?
I'm looking for some help in regards to how to configure the network safely and securely, as all other apps are currently used internally, ie. none are web facing.
Sure. No problem. Is the server which hosts the VMs web-facing? (Hmm, reading on, I think your point with the fixed IP is probably that it is webfacing indeed.)
I would like LedgerSMB to be web facing to allow me to
A: work from home at times
B: The accountant to log in and work when required (usually year end).
I have a setup like that myself too, so we can make that work :-)
Which version of LedgerSMB did you install? Do I remember that you're installing 1.5?
I have fixed IP at the business.
I have a basic/solid understanding of linux, in terms of managing updates, modifying config files as instructed etc. That said Mageia is my distro of choice, but I was pulling my hair out trying to get a functioning LedgerSmb install. But I understand, with the apt repo, running a debian base install will be easily managed.
All advice most appreciated. I may need my hand held significantly at first, especially in regards to networking and security.
In order to run a secure setup, there's one very important thing you need to have: a TLS/SSL Certificate. That will help keep the password going over the wire, secure.
Another thought that I have is: when you want to expose only LedgerSMB's web interface to the outside world, it's probably best to set up an extremely strict firewall/iptables setup which forwards/filters just the one single required port. Another idea would be to set up a (reverse) proxy: an HTTP server running on an already public VM which forwards the traffic to an internal server unaccessible to the internet.
Many ideas. Please follow-up or join #ledgersmb!
Regards,
--