1 Jan
2019
1 Jan
'19
9:33 p.m.
On Sat, Dec 29, 2018 at 11:28 AM Xboxboy Mageia <xboxboy.mageia(a)gmail.com>
wrote:
Erik, thanks for responding.
On Mon, Dec 24, 2018 at 9:43 PM Erik Huelsmann <ehuels(a)gmail.com> wrote:
create
and use a self signed cert, but if we're going net facing, and the
accountant is going to access it, I'm guessing using Let's Encrypt or
similar is worth chasing up?
I'm all for locking firewalls down tight: I still don't fully understand
the reverse proxy concept: But I'm sure I can be guided :)
Ok, so the debian install went simply. I used debian 9 (Stretch), without a
GUI. 'ip addr' gives 192.168.1.101, which sounds right, as that's my lan,
192.168.1.X.
I then followed the instructions on https://apt.ledgersmb.org/index.html,
but I installed version 1.5, and did not add the 'test component', I don't
know what that means, sorry.
Hi!
Good! Feel free to drop in whenever you feel like it. The channel may not
always be active, but I'm usually monitoring activity. You're most likely
active during my nights (I'm in Europe), but I'll try to respond as early
on the day as possible.
I forgot to mention, I'm on IRC these days as Aussie_matt (registered
name) or pilot_aus (unregistered).
Ok. So, I take it your desire is to run the setup in the Debian VM? Or
are you looking at installing in a CentOS VM?
Sorry, yes, I'll use a Debian OS guest VM, on a Centos host OS.
Sure. No problem. Is the server which hosts the VMs web-facing? (Hmm,
reading on, I think your point with the fixed IP is probably that it is
webfacing indeed.)
Not currently, I only have it running internally on our network: But I
wish to have LedgerSMB, and one other web app, to be accessible from
outside: I don't know the ins and outs of VPN's, but I suspect that makes
it tricky for the accountant to login. Web facing is more practical, but
more open to web threats? I could be wrong on that.
I would like LedgerSMB to be web facing to allow
me to
A: work from home at times
B: The accountant to log in and work when required (usually year end).
I have a setup like that myself too, so we can make that work :-)
Awesome! Which version of LedgerSMB did you install? Do I
remember that you're
installing 1.5?
I believe you're correct it was 1.5, as the apt repo wasn't able to do
1.6
for some reason at this point in time: Dependency related IIRC.
All advice most appreciated. I may need my hand
held significantly at
first, especially in regards to networking and security.
In order to run a secure setup, there's one very important thing you need
to have: a TLS/SSL Certificate. That will help keep the password going over
the wire, secure.
Another thought that I have is: when you want to expose only LedgerSMB's
web interface to the outside world, it's probably best to set up an
extremely strict firewall/iptables setup which forwards/filters just the
one single required port. Another idea would be to set up a (reverse)
proxy: an HTTP server running on an already public VM which forwards the
traffic to an internal server unaccessible to the internet.
Ah yes. Ok, so on my home Nextcloud install (internal only) I was able to Many ideas. Please follow-up or join #ledgersmb!
I've come down sick over the break, so am yet to return to the shop to
look at
doing anything:
I guess my first step is to install a Debian OS vm, and get the APT repo
hooked in and installed: Take a snapshot, then we can proceed?
Regards,
I was able to add the DB admin user where the prompt comes up: Now do I
need to reset/config mysql's root user and password also?
So from my desktop I tried to access via firefox 192.168.1.101:5762/setup.pl,
but it's unable to connect.
I have the VM network set to bridged, networking is my downfall, and the
other thing I suspect is that I need to open the firewall for the webserver.
All advice appreciated.
--
Bye,
Erik.
Many thanks.
http://efficito.com -- Hosted accounting and
ERP.
Robust and Flexible. No vendor lock-in.
2 Jan
2 Jan
6:48 a.m.
New subject: Production Install, Networking and Setup
On Wed, Jan 2, 2019 at 12:34 AM Xboxboy Mageia <xboxboy.mageia(a)gmail.com> wrote:
I was able to add the DB admin user where the prompt
comes up: Now do I need to
reset/config mysql's root user and password also?
First; the database server being used is postgresql not mysql.
And no, we don't mess with the 'root' user (which in the case of
postgresql is 'postgres' on a Debian system); that's why we create a
database admin user specifically for the LSMB app.
So from my desktop I tried to access via firefox
192.168.1.101:5762/setup.pl, but it's unable to connect.
I have the VM network set to bridged, networking is my downfall, and the other thing I
suspect is that I need to open the firewall for the webserver.
As you noted in IRC that the "apache page" is visible but couldn't
see LSMB on its port; checking the firewall setup if you haven't
already done so seems a good idea to me.
I'll usually use something like 'netstat -tnlp' (on Debian, that's
in the net-tools pkg) to check that the 5762 port is up. If it is
but it doesn't seem to be accessible from your desktop then you're
right and it's likely the firewall.
If you're using apache on that server, have you already installed
the ledgersmb-1.5-apache pkg? That will attempt to set up the web
proxy configuration using using apache. The server name does need to
set in the config but a default setup for https is configured.
--
Robert J. Clay
rjclay(a)gmail.com
jame_mx@matrix
9 Jan
9 Jan
2:21 p.m.
New subject: Production Install, Networking and Setup
Hi,
Ok, so the debian install went simply. I used debian 9 (Stretch), without a
[snip]
GUI. 'ip
addr' gives 192.168.1.101, which sounds right, as that's my lan,
192.168.1.X.
I then followed the instructions on https://apt.ledgersmb.org/index.html,
but I installed version 1.5, and did not add the 'test component', I don't
know what that means, sorry.
I was able to add the DB admin user where the prompt
comes up: Now do I
need to reset/config mysql's root user and password also?
So from my desktop I tried to access via firefox
192.168.1.101:5762/setup.pl, but it's unable to connect.
Ok. Are you able to ping that ip address from your desktop? That should
indicate if you should expect to be able to connect to the web server as
well.
I have the VM network set to bridged, networking is my
downfall, and the
other thing I suspect is that I need to open the firewall for the webserver.
Bridged sounds fine. quick question: Is the "eth0" (or enpXs0 with X a
number) network on the VM's host part of the bridge? If not, you probably
need to enable IP forwarding. Before we go that route, lets start by
checking you can 'ping' the address though. (And: can you ping the host
that the VM is running on?)
All advice appreciated.
Regards,
--
Bye,
Erik.
http://efficito.com -- Hosted accounting and ERP.
Robust and Flexible. No vendor lock-in.
4:08 p.m.
New subject: Production Install, Networking and Setup
Running "brctl show" w/o/ the quotes on the VM's host will show you the
bridge and the interfaces that are connected to it. 'ifconfig" w/o the
quotes on the VM's host will show you the all of interfaces.
Might help chasing down the problem.
Regards,
Bill Ott
Home: 919-363-0031
Cell: 919-434-7589
Email: Mailto:billott@theotts.org
Website: http://www.theotts.org
Profile: http://www.linkedin.com/in/wbott
On 1/9/19 5:21 PM, Erik Huelsmann wrote:
Hi,
Ok, so the debian install went simply. I used debian 9
(Stretch), without a GUI. 'ip addr' gives 192.168.1.101, which
sounds right, as that's my lan, 192.168.1.X.
I then followed the instructions on
https://apt.ledgersmb.org/index.html, but I installed version 1.5,
and did not add the 'test component', I don't know what that
means, sorry.
[snip]
I was able to add the DB admin user where the prompt comes up: Now
do I need to reset/config mysql's root user and password also?
So from my desktop I tried to access via firefox
192.168.1.101:5762/setup.pl <http://192.168.1.101:5762/setup.pl>,
but it's unable to connect.
Ok. Are you able to ping that ip address from your desktop? That
should indicate if you should expect to be able to connect to the web
server as well.
I have the VM network set to bridged, networking is my downfall,
and the other thing I suspect is that I need to open the firewall
for the webserver.
Bridged sounds fine. quick question: Is the "eth0" (or enpXs0 with X a
number) network on the VM's host part of the bridge? If not, you
probably need to enable IP forwarding. Before we go that route, lets
start by checking you can 'ping' the address though. (And: can you
ping the host that the VM is running on?)
All advice appreciated.
Regards,
--
Bye,
Erik.
http://efficito.com <http://efficito.com/> -- Hosted accounting and ERP.
Robust and Flexible. No vendor lock-in.
_______________________________________________
users mailing list
users(a)lists.ledgersmb.org
https://lists.ledgersmb.org/mailman/listinfo/users
1723
days inactive
1731
days old
3 comments
4 participants
participants (4)
-
bill Ott -
Erik Huelsmann -
Robert J. Clay -
Xboxboy Mageia