Re: [ledgersmb-users] Production Install, Networking and Setup
On Sat, Dec 29, 2018 at 11:28 AM Xboxboy Mageia <xboxboy.mageia@gmail.com> wrote:
Erik, thanks for responding.
On Mon, Dec 24, 2018 at 9:43 PM Erik Huelsmann <ehuels@gmail.com> wrote:
Hi!
Good! Feel free to drop in whenever you feel like it. The channel may not always be active, but I'm usually monitoring activity. You're most likely active during my nights (I'm in Europe), but I'll try to respond as early on the day as possible.
I forgot to mention, I'm on IRC these days as Aussie_matt (registered name) or pilot_aus (unregistered).
Ok. So, I take it your desire is to run the setup in the Debian VM? Or are you looking at installing in a CentOS VM?
Sorry, yes, I'll use a Debian OS guest VM, on a Centos host OS.
Sure. No problem. Is the server which hosts the VMs web-facing? (Hmm, reading on, I think your point with the fixed IP is probably that it is webfacing indeed.)
Not currently, I only have it running internally on our network: But I wish to have LedgerSMB, and one other web app, to be accessible from outside: I don't know the ins and outs of VPN's, but I suspect that makes it tricky for the accountant to login. Web facing is more practical, but more open to web threats? I could be wrong on that.
I would like LedgerSMB to be web facing to allow me to A: work from home at times B: The accountant to log in and work when required (usually year end).
I have a setup like that myself too, so we can make that work :-)
Awesome!
Which version of LedgerSMB did you install? Do I remember that you're installing 1.5?
I believe you're correct it was 1.5, as the apt repo wasn't able to do 1.6 for some reason at this point in time: Dependency related IIRC.
All advice most appreciated. I may need my hand held significantly at first, especially in regards to networking and security.
In order to run a secure setup, there's one very important thing you need to have: a TLS/SSL Certificate. That will help keep the password going over the wire, secure. Another thought that I have is: when you want to expose only LedgerSMB's web interface to the outside world, it's probably best to set up an extremely strict firewall/iptables setup which forwards/filters just the one single required port. Another idea would be to set up a (reverse) proxy: an HTTP server running on an already public VM which forwards the traffic to an internal server unaccessible to the internet.
Ah yes. Ok, so on my home Nextcloud install (internal only) I was able to
create and use a self signed cert, but if we're going net facing, and the accountant is going to access it, I'm guessing using Let's Encrypt or similar is worth chasing up? I'm all for locking firewalls down tight: I still don't fully understand the reverse proxy concept: But I'm sure I can be guided :)
Many ideas. Please follow-up or join #ledgersmb!
I've come down sick over the break, so am yet to return to the shop to look at doing anything:
I guess my first step is to install a Debian OS vm, and get the APT repo hooked in and installed: Take a snapshot, then we can proceed?
Ok, so the debian install went simply. I used debian 9 (Stretch), without a GUI. 'ip addr' gives 192.168.1.101, which sounds right, as that's my lan, 192.168.1.X. I then followed the instructions on https://apt.ledgersmb.org/index.html, but I installed version 1.5, and did not add the 'test component', I don't know what that means, sorry.
Regards,
-- Bye,
Erik.
Many thanks.
http://efficito.com -- Hosted accounting and ERP. Robust and Flexible. No vendor lock-in.
I was able to add the DB admin user where the prompt comes up: Now do I need to reset/config mysql's root user and password also? So from my desktop I tried to access via firefox 192.168.1.101:5762/setup.pl, but it's unable to connect. I have the VM network set to bridged, networking is my downfall, and the other thing I suspect is that I need to open the firewall for the webserver. All advice appreciated.
On Wed, Jan 2, 2019 at 12:34 AM Xboxboy Mageia <xboxboy.mageia@gmail.com> wrote:
I was able to add the DB admin user where the prompt comes up: Now do I need to reset/config mysql's root user and password also?
First; the database server being used is postgresql not mysql. And no, we don't mess with the 'root' user (which in the case of postgresql is 'postgres' on a Debian system); that's why we create a database admin user specifically for the LSMB app.
So from my desktop I tried to access via firefox 192.168.1.101:5762/setup.pl, but it's unable to connect.
I have the VM network set to bridged, networking is my downfall, and the other thing I suspect is that I need to open the firewall for the webserver.
As you noted in IRC that the "apache page" is visible but couldn't see LSMB on its port; checking the firewall setup if you haven't already done so seems a good idea to me. I'll usually use something like 'netstat -tnlp' (on Debian, that's in the net-tools pkg) to check that the 5762 port is up. If it is but it doesn't seem to be accessible from your desktop then you're right and it's likely the firewall. If you're using apache on that server, have you already installed the ledgersmb-1.5-apache pkg? That will attempt to set up the web proxy configuration using using apache. The server name does need to set in the config but a default setup for https is configured. -- Robert J. Clay rjclay@gmail.com jame_mx@matrix
Hi, Ok, so the debian install went simply. I used debian 9 (Stretch), without a
GUI. 'ip addr' gives 192.168.1.101, which sounds right, as that's my lan, 192.168.1.X.
I then followed the instructions on https://apt.ledgersmb.org/index.html, but I installed version 1.5, and did not add the 'test component', I don't know what that means, sorry.
[snip]
I was able to add the DB admin user where the prompt comes up: Now do I need to reset/config mysql's root user and password also?
So from my desktop I tried to access via firefox 192.168.1.101:5762/setup.pl, but it's unable to connect.
Ok. Are you able to ping that ip address from your desktop? That should indicate if you should expect to be able to connect to the web server as well.
I have the VM network set to bridged, networking is my downfall, and the other thing I suspect is that I need to open the firewall for the webserver.
Bridged sounds fine. quick question: Is the "eth0" (or enpXs0 with X a number) network on the VM's host part of the bridge? If not, you probably need to enable IP forwarding. Before we go that route, lets start by checking you can 'ping' the address though. (And: can you ping the host that the VM is running on?)
All advice appreciated.
Regards, -- Bye, Erik. http://efficito.com -- Hosted accounting and ERP. Robust and Flexible. No vendor lock-in.
Running "brctl show" w/o/ the quotes on the VM's host will show you the bridge and the interfaces that are connected to it. 'ifconfig" w/o the quotes on the VM's host will show you the all of interfaces. Might help chasing down the problem. Regards, Bill Ott Home: 919-363-0031 Cell: 919-434-7589 Email: Mailto:billott@theotts.org Website: http://www.theotts.org Profile: http://www.linkedin.com/in/wbott On 1/9/19 5:21 PM, Erik Huelsmann wrote:
Hi,
Ok, so the debian install went simply. I used debian 9 (Stretch), without a GUI. 'ip addr' gives 192.168.1.101, which sounds right, as that's my lan, 192.168.1.X.
I then followed the instructions on https://apt.ledgersmb.org/index.html, but I installed version 1.5, and did not add the 'test component', I don't know what that means, sorry.
[snip]
I was able to add the DB admin user where the prompt comes up: Now do I need to reset/config mysql's root user and password also?
So from my desktop I tried to access via firefox 192.168.1.101:5762/setup.pl <http://192.168.1.101:5762/setup.pl>, but it's unable to connect.
Ok. Are you able to ping that ip address from your desktop? That should indicate if you should expect to be able to connect to the web server as well.
I have the VM network set to bridged, networking is my downfall, and the other thing I suspect is that I need to open the firewall for the webserver.
Bridged sounds fine. quick question: Is the "eth0" (or enpXs0 with X a number) network on the VM's host part of the bridge? If not, you probably need to enable IP forwarding. Before we go that route, lets start by checking you can 'ping' the address though. (And: can you ping the host that the VM is running on?)
All advice appreciated.
Regards,
-- Bye,
Erik.
http://efficito.com <http://efficito.com/> -- Hosted accounting and ERP. Robust and Flexible. No vendor lock-in.
_______________________________________________ users mailing list users@lists.ledgersmb.org https://lists.ledgersmb.org/mailman/listinfo/users
participants (4)
-
bill Ott -
Erik Huelsmann -
Robert J. Clay -
Xboxboy Mageia