DEV Community: HostnExtra Technologies

Install NetBox on Ubuntu 22.04 - HostnExtra

HostnExtra Technologies — Wed, 19 Oct 2022 13:01:08 +0000

In this article, we'll explain how to install NetBox on Ubuntu 22.04. This will guide you with the installation and configuration process.

NetBox is an infrastructure resource modeling (IRM) application designed to empower network automation. NetBox was developed specifically to address the needs of network and infrastructure engineers. It is intended to function as a domain-specific source of truth for network operations.

NetBox runs as a web application atop the Django Python framework with a PostgreSQL database.

Prerequisites:

A Ubuntu 22.04 installed KVM VPS or dedicated server.
A root user access or normal user with administrative privileges

Install NetBox on Ubuntu 22.04

1. Keep the server up to date

# apt update -y && apt upgrade -y

2. Install and Configure PostgreSQL Database

We'll install and configure a local PostgreSQL database.

Note: NetBox requires PostgreSQL 9.6 or higher. Please note that MySQL and other relational databases are not currently supported.

Install PostgreSQL database using following command:

# apt install -y postgresql libpq-dev

Next, we need to create a database for NetBox and assign it a username and password for authentication.

# sudo -u postgres psql

postgres=# CREATE DATABASE netbox;

CREATE DATABASE

postgres=# CREATE USER netbox WITH PASSWORD 'r5t6^7$%gyuuyt4';

CREATE ROLE

postgres=# GRANT ALL PRIVILEGES ON DATABASE netbox TO netbox;

GRANT

postgres=# \q

3. Install Redis

Redis is an in-memory key-value store which NetBox employs for caching and queuing. Use following command to install Redis:

# apt install redis-server -y

Use the redis-cli utility to ensure the Redis service is functional:

# redis-cli ping

PONG

4. Install and Configure NetBox

There are two ways to install NetBox.

Download a Release Archive
Clone the Git Repository

We'll install NetBox by cloning the Git repository.

First, install required packages and its dependencies:

# apt install -y python3 python3-pip python3-venv python3-dev build-essential libxml2-dev libxslt1-dev libffi-dev libpq-dev libssl-dev zlib1g-dev

Update pip (Python's package management tool) to its latest release:

# pip3 install --upgrade pip

Create the base directory /opt/netbox for the NetBox installation.

# mkdir -p /opt/netbox/ && cd /opt/netbox/

Next, clone the master branch of the NetBox GitHub repository into the current directory.

# git clone -b master https://github.com/netbox-community/netbox.git .

Create a system user account named netbox. We'll configure the WSGI and HTTP services to run under this account. We'll also assign this user ownership of the media directory.

# adduser --system --group netbox

# chown --recursive netbox /opt/netbox/netbox/media/

Move into the NetBox configuration directory and make a copy of configuration.example.py named configuration.py.

# cd /opt/netbox/netbox/netbox/

# cp configuration_example.py configuration.py

Create a symbolic link of Python binary.

# ln -s /usr/bin/python3 /usr/bin/python

Generate a random SECRET_KEY of at least 50 alphanumeric characters.

# /opt/netbox/netbox/generate_secret_key.py

Above command will create a secret key, store it so that we can use it in the configuration.py.

Open and edit the configuration file configuration.py.

# nano /opt/netbox/netbox/netbox/configuration.py

The final file should have the following configurations.

ALLOWED_HOSTS = ['*']

DATABASE = {
'NAME': 'netbox', # Database name you created
'USER': 'netbox', # PostgreSQL username you created
'PASSWORD': 'r5t6^7$%gyuuyt4', # PostgreSQL password you set
'HOST': 'localhost', # Database server
'PORT': '', # Database port (leave blank for default)
}

SECRET_KEY = 'YOUR SECRET KEY'

Note:

You can add your domain or server IP in ALLOWED_HOSTS = [''] or you can simple enter "*" for all.

Once NetBox has been configured, we're ready to proceed with the actual installation.

We'll run the packaged upgrade script (upgrade.sh) to perform the following actions:

Create a Python virtual environment
Install all required Python packages
Run database schema migrations
Aggregate static resource files on disk

# /opt/netbox/upgrade.sh

Enter the Python virtual environment created by the upgrade script:

# source /opt/netbox/venv/bin/activate

Create a superuser account using the createsuperuser

# cd /opt/netbox/netbox

# python3 manage.py createsuperuser

Output:

Email address: admin@example.com

Password:

Password (again):

Superuser created successfully.

Note:

Remember the username and password. It will require once we finish the installation process to login.

5. Configure Gunicorn

NetBox ships with a default configuration file for gunicorn. To use it, copy /opt/netbox/contrib/gunicorn.py to /opt/netbox/gunicorn.py.

# cp /opt/netbox/contrib/gunicorn.py /opt/netbox/gunicorn.py

Copy contrib/netbox.service and contrib/netbox-rq.service to the /etc/systemd/system/ directory and reload the systemd dameon:

# cp -v /opt/netbox/contrib/*.service /etc/systemd/system/

# systemctl daemon-reload

Start and enable the netbox and netbox-rq services:

# systemctl start netbox netbox-rq

# systemctl enable netbox netbox-rq

6. Configure Nginx Web Server

Install Nginx web server using following command:

# apt install -y nginx

Copy the nginx configuration file provided by NetBox to /etc/nginx/sites-available/netbox.

# cp /opt/netbox/contrib/nginx.conf /etc/nginx/sites-available/netbox

Edit the netbox configuration file and remove all the content and copy paste below contents:

# nano /etc/nginx/sites-available/netbox

Remember to change server_name.

server {
listen 80;

# CHANGE THIS TO YOUR SERVER'S NAME
server_name 127.0.0.1;

client_max_body_size 25m;

location /static/ {
alias /opt/netbox/netbox/static/;
}

location / {
proxy_pass http://127.0.0.1:8001;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
}
}

Then, delete /etc/nginx/sites-enabled/default and create a symlink in the sites-enabled directory to the configuration file you just created.

# rm /etc/nginx/sites-enabled/default

# ln -s /etc/nginx/sites-available/netbox /etc/nginx/sites-enabled/netbox

Note:

Above Nginx code will give you error if you use as it is, because it mentioned SSL configuration too. You need to install SSL after the above commands.

Please refer our How to Install Let’s Encrypt on Nginx Ubuntu article to install SSL certificate.

Now test Nginx configuration and restart the Nginx service:

# nginx -t

# systemctl restart nginx

That's it we have successfully completed with the installation and configuration process.

Navigate to your browser and access NetBox with using either server IP or domain name.

In this article, we've seen how to install NetBox on Ubuntu 22.04.

Install Caddy on Ubuntu 22.04 - HostnExtra

HostnExtra Technologies — Tue, 18 Oct 2022 17:26:33 +0000

In this article, we’ll explain you how to install Caddy on Ubuntu 22.04. This article will guide you with the installation process and host a website.

The Caddy web server is an open-source web server written in Go. It is designed around simplicity and security that comes with a number of features that are useful for hosting websites. Caddy is both a flexible, efficient static file server and a powerful, scalable reverse proxy.

Prerequisites

A Ubuntu install dedicated server or KVM VPS.
A root user access or normal user with administrative privileges.

Install Caddy on Ubuntu 22.04

1. Keep the server up to date

# apt update -y && apt upgrade -y

WWWW2. Install Caddy

Following command will install and automatically starts and runs Caddy for you as a systemd service named caddy using our official caddy.service unit file.

Install dependencies:

# sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https

First, add GPG key using following command:

# curl -1sLf ‘https://dl.cloudsmith.io/public/caddy/stable/gpg.key’ | sudo gpg –dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg

Next, add repository and update it:

# curl -1sLf ‘https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt’ | sudo tee /etc/apt/sources.list.d/caddy-stable.list

# apt update

Finally, install Caddy using following command:

# apt install caddy

Now, navigate to your browser and enter your server IP or domain name:

http://Server-IP

http://example.com

Install Caddy on Ubuntu

3. Configure Domain with Caddy

Before moving following, first set up domain’s A/AAAA DNS record at your registrar or control panel.

Note: Replace hostnextra.com with your domain name

Create a directory for your website files

# mkdir -p /var/www/html/hostnextra.com

Next, if you are using SELinux than you need to change the file security context for web content. (Optional)

# chcon -t httpd_sys_content_t /var/www/html/hostnextra.com -R
# chcon -t httpd_sys_rw_content_t /var/www/html/hostnextra.com -R

Now, open Caddy’s configuration file and add your domain name and change website’s root directory.

# nano /etc/caddy/Caddyfile

Change the site root to /var/www/html/hostnextra.com (write your website path) as

install Caddy HostnExtra

Note:

If you want to use SSL, you need to mention :443 SSL port and also install SSL certificate.

You can run caddy trust command to install SSL local certificate. We’ve not tested it yet. If we perform it in future, we’ll update the tutorial. You can check the official document about Automatic HTTPS for more information.

Once you done with the changes reload the caddy.service to reflect the changes.

# systemctl reload caddy

Now, create a index.html file in /var/www/html/hostnextra.com using following command:

# echo ‘<!doctype html><head><title>Hello from Caddy!</title></head><body><h1 style=”font-family: sans-serif”>This page is being served via Caddy</h1></body></html>’ | sudo tee /var/www/html/hostnextra.com/index.html

Finally, refresh the page in your browser and you will see our newly created index.html.

In this article, we have seen how to install Caddy on Ubuntu 22.04.

Install Snipe-IT on Ubuntu 22.04 - HostnExtra

HostnExtra Technologies — Mon, 17 Oct 2022 12:14:14 +0000

In this article, we'll explain how to install Snipe-IT on Ubuntu 22.04.

Snipe-IT was made for IT asset management, to enable IT departments to track who has which laptop, when it was purchased, which software licenses and accessories are available, and so on. Snipe-IT is a open-source IT asset management and it eliminates the need for complex IT asset tracking spreadsheets.

Prerequisites:

An Ubuntu 22.04 installed dedicated server or KVM VPS.
A root user access or normal user with administrative privileges.

Install Snipe-IT on Ubuntu 22.04

1. Update the server and install dependencies:

# sudo apt update -y && apt upgrade -y

Install unzip dependency

# sudo apt-get install unzip git -y

2. Install Apache Webserver

# sudo apt install apache2 -y

In case, you enabled firewall and firewall block requests of the apache web server, open a port in the firewall.

# sudo ufw allow 80/tcp

# sudo ufw allow 443/tcp

# sudo ufw reload

Now, let's verify the Apache installation. Open browser and test default page.

http://[SERVER IP]

Enable Apache's mod_rewrite module. Snipe-IT requires this extension to rewrite URLs more cleanly.

# sudo a2enmod rewrite

Restart your Apache web server to apply the changes.

# sudo systemctl restart apache2

3. Install MariaDB

# sudo apt install mariadb-server mariadb-client -y

The default configuration of the MariaDB will not be secured. Let's secured the installation using the following command:

# sudo mysql_secure_installation

Once the script gets executed, it will ask multiple questions.

It will ask you to enter the current password for root (enter for none):

Then enter yes/y to the following security questions:

Set a root password? [Y/n]: y
Remove anonymous users? : y
Disallow root login remotely? : y
Remove test database and access to it? : y
Reload privilege tables now? : y

4. Install PHP and PHP Composer

Here we are installing the default PHP version 8.1 and other modules for web deployments using the following command:

# sudo apt install php php-common php-bcmath php-bz2 php-intl php-gd php-mbstring php-mysql php-zip php-opcache php-intl php-json php-mysqli php-readline php-tokenizer php-curl php-ldap -y

Install PHP Composer, which is a PHP dependency management tool to install and update libraries in your Snipe-IT.

Download the Composer installer.

# sudo curl -sS https://getcomposer.org/installer | php

Move the composer.phar executable to /usr/local/bin/.

# sudo mv composer.phar /usr/local/bin/composer

5. Create a Database

Create a database and database user for Snipe-IT. First login into MySQL/MariaDB as a root user.

# sudo mysql -u root -p

Run following commands to perform this task:

CREATE DATABASE snipe_it;
CREATE USER 'snipe_it_user'@'localhost' IDENTIFIED BY 'EXAMPLE_PASSWORD';
GRANT ALL PRIVILEGES ON snipe_it.* TO 'snipe_it_user'@'localhost';
FLUSH PRIVILEGES;
EXIT;

Note: Replace snipe_it_user to your choice username and replace EXAMPLE_PASSWORD to you choice password.

6. Install Snipe-IT

Navigate to the root directory of your web server.

# cd /var/www/

Use git to clone the latest Snipe-IT repository from the https://github.com/snipe/snipe-it URL and copy the downloaded files to a snipe-it directory.

# sudo git clone https://github.com/snipe/snipe-it snipe-it

Switch to the snipe-it directory.

# cd snipe-it

Snipe-IT ships with a sample configuration file. Copy it to /var/www/snipe-it/.env.

# sudo cp /var/www/snipe-it/.env.example /var/www/snipe-it/.env

Edit the configuration file.

# sudo nano /var/www/snipe-it/.env

In the Snipe-IT configuration file, locate these settings.

APP_URL=null
APP_TIMEZONE='UTC'

Set APP_URL to your server's Fully Qualified Domain Name, or it's public IP address. If you use a time zone other than UTC, change the timezone to a PHP-supported timezone, and enclose it in single quotes.

APP_URL=example.com
APP_TIMEZONE='America/New_York'

Locate these settings.

DB_DATABASE=null
DB_USERNAME=null
DB_PASSWORD=null

Change those values to the database information you set up in Step 3.

DB_DATABASE=snipe_it
DB_USERNAME=snipe_it_user
DB_PASSWORD=EXAMPLE_PASSWORD

Save and close the file.

Install the Snipe-IT dependencies with Composer. You'll receive a warning not to run this as root on each command. It's okay to continue as root for the Snipe-IT install, so type yes and hit ENTER.

# composer update --no-plugins --no-scripts

# composer install --no-dev --prefer-source --no-plugins --no-scripts

Set the correct ownership and permission for the Snipe-IT data directory.

# sudo chown -R www-data:www-data /var/www/snipe-it
# sudo chmod -R 777 storage

Once the Composer finishes running, generate a Laravel APP_Key value in the /var/www/snipe-it/.env configuration file you created earlier. Type yes and hit ENTER when prompted to continue.

# sudo php artisan key:generate

7. Create a Virtual Host File

First we'll disable default Apacheconf file and create new vhost conf file.

Disable the default Apache configuration file.

#sudo a2dissite 000-default.conf

Create a new Apache configuration file.

# sudo nano /etc/apache2/sites-available/snipe-it.conf

Paste the information below and replace example.com with your server's domain name or public IP address.

<VirtualHost *:80>
ServerName example.com
DocumentRoot /var/www/snipe-it/public
<Directory /var/www/snipe-it/public>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
</VirtualHost>

Save and exit the file.

Enable your new configuration file.

# sudo a2ensite snipe-it.conf

Restart your Apache web server to apply the changes.

# sudo systemctl restart apache2

8. Run the Setup Wizard

Navigate to your browser and access the setup wizard using your server IP or domain name you have mentioned in vhost conf file.

Once you complete the setup wizar your will redirect to dashbord

In this article, we have seen how to install Snipe-IT on Ubuntu 22.04.

Install CouchDB on Ubuntu 22.04 - HostnExtra

HostnExtra Technologies — Thu, 13 Oct 2022 13:47:32 +0000

In this article, we'll explain how to install CouchDB on Ubuntu 22.04 and configure it with Nginx proxy server and Certbot SSL.

Apache CouchDB is an open-source document-oriented NoSQL database, implemented in Erlang. Seamless multi-master sync, that scales from Big Data to Mobile, with an Intuitive HTTP/JSON API and designed for Reliability. Store your data safely, on your own servers, or with any leading cloud provider. Your web- and native applications love CouchDB, because it speaks JSON natively and supports binary data for all your data storage needs.

Prerequisites:

A Ubuntu 22.04 installed dedicated server or KVM VPS with root or non-root access (for non-root, use "sudo").
A DNS A record that points your domain to the public IP address of the server.

Let's start with the installation process

Install CouchDB on Ubuntu

1. Update the server and install dependency

# sudo apt update && sudo apt install -y curl apt-transport-https gnupg

2. Configure the CouchDB repository and key.

# curl https://couchdb.apache.org/repo/keys.asc | gpg --dearmor | sudo tee /usr/share/keyrings/couchdb-archive-keyring.gpg >/dev/null 2>&1
# echo "deb [signed-by=/usr/share/keyrings/couchdb-archive-keyring.gpg] https://apache.jfrog.io/artifactory/couchdb-deb/ ${VERSION_CODENAME} main" | sudo tee /etc/apt/sources.list.d/couchdb.list >/dev/null
# sudo apt update

Note:

If you get following error, edit couchdb.list and add jammy before main. It will resolve it.

E: Malformed entry 1 in list file /etc/apt/sources.list.d/couchdb.list (Component)
E: The list of sources could not be read

3. Install CouchDB

# sudo apt install -y couchdb

The installation will ask few question.

1. standalone 2. clustered 3. none
General type of CouchDB configuration: 1

Choose according to your choice. We have select 1 for this demonstration purpose.

A CouchDB node has an Erlang magic cookie value set at startup.

This value must match for all nodes in the cluster. If they do not match, attempts to connect the node to the cluster will be rejected.

CouchDB Erlang magic cookie: monkey

Set the Erlang Magic Cookie. This is a unique identifier to authenticate for your cluster, all nodes must have the same cookie. Here we have wrote monkey. You can write anything you want.

The default is 127.0.0.1 (loopback) for standalone nodes, and 0.0.0.0 (all interfaces) for clustered nodes. In clustered mode, it is not allowed to bind to 127.0.0.1.

CouchDB interface bind address: 0.0.0.0

Add bind address as 0.0.0.0

A pre-existing admin user will not be overwritten by this package.

Password for the CouchDB "admin" user:

Repeat password for the CouchDB "admin" user:

Here add admin password as per your choice.

The installation has been completed successfully. Navigate to browser and open http://:5984/_utils/

4. Configure Nginx

Now, let's configure Nginx proxy. Install Nginx using following command:

# sudo apt-get install -y nginx apache2-utils

Remove default Nginx config file, we'll create our own config file.

# sudo rm -rf /etc/nginx/sites-enabled/default

Now create a new config file

# nano /etc/nginx/sites-available/couchdb-site

Add following content:

server {
listen 80 default_server;
server_name coachdb.local;

location / {
proxy_pass http://localhost:5984;
proxy_redirect off;

proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;

}

}

Note:

For security reason, you can change the default http 80 port to something else like 5000. So to access it you need to mention 5000 port at the end of website name. But it may create conflict with SSL. We've not test different port with SSL.

Now, create a symbolic link and restart Nginx service using following command:

# ln -s /etc/nginx/sites-available/couchdb-site /etc/nginx/sites-enabled/
# nginx -t
# systemctl restart nginx

5. Configure Firewall

Enable UFW if its not enabled.

# ufw enable

Add following ports:

# ufw allow 22/tcp

# ufw allow 80/tcp

# ufw allow 443/tcp

# ufw allow 5984/tcp

Check the status:

# ufw status

Note:

Your SSH port might be different.
If you have custom Nginx web server port, add that port also.

6. Install certbot's nginx package

# apt install certbot python3-certbot-nginx -y

7. Obtaining a Certificate

Obtain a certificate using certbot command. The Nginx plugin will take care of reconfiguring Nginx and reloading the config.

# certbot --nginx -d yoursite.com -d www.yousite.com

By running certbot first time, you will be prompted to enter an email address and agree to the terms of service.

That's it, we have successfully install CouchDB on Ubuntu 22.04 and configured it with Nginx proxy server and Certbot SSL.

Install Grafana on Rocky Linux 9 - HostnExtra

HostnExtra Technologies — Tue, 11 Oct 2022 11:57:12 +0000

In this tutorial, we shall show you how to install Grafana on Rocky Linux 9. We shall install Grafana Enterprise and Open Source CLI version 9.1.7-1 with PostgreSQL.

Grafana is open source visualization and analytics software. It allows you to query, visualize, alert on, and explore your metrics no matter where they are stored. In plain English, it provides you with tools to turn your time-series database (TSDB) data into beautiful graphs and visualizations.

Prerequisites

A Rocky Linux 9 dedicated server or KVM VPS.

Supported databases are SQLite, MySQL, and PostgreSQL.
A root user access or normal user with administrative privileges.

By default, Grafana installs with and uses SQLite, which is an embedded database stored in the Grafana installation location. In this tutorial we are going to install PostgreSQL and configure it.

Let’s get started with the installation process.

Install Grafana on Rocky Linux 9

Step 1 - Keep the server up to date

# dnf update -y

Step 2 - Install PostgreSQL database

Install PostgreSQL database using following command:

# apt install -y postgresql

Start and enable PostgreSQL service:

# systemctl start postgresql

# systemctl enable postgresql

Next, we need to create a database for Grafana and assign it a username and password for authentication.

# sudo -u postgres psql

postgres=# CREATE DATABASE grafana;

CREATE DATABASE

postgres=# CREATE USER grafana WITH PASSWORD 'grafana';

CREATE ROLE

postgres=# GRANT ALL PRIVILEGES ON DATABASE grafana TO grafana;

GRANT

postgres=#\c grafana

You are now connected to database "grafana" as user "postgres".

postgres=#CREATE TABLE session ( key CHAR(16) NOT NULL, data bytea, expiry INT NOT NULL, PRIMARY KEY (key));

CREATE TABLE

postgres=# \q

Note:

Use your own database name as well as username and set strong password.

Step 3 - Create repository file

# vi /etc/yum.repos.d/grafana.repo

Add following lines:

For Enterprise releases:

[grafana]
name=grafana
baseurl=https://packages.grafana.com/enterprise/rpm
repo_gpgcheck=1
enabled=1
gpgcheck=1
gpgkey=https://packages.grafana.com/gpg.key
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt

For OSS releases:

[grafana]
name=grafana
baseurl=https://packages.grafana.com/oss/rpm
repo_gpgcheck=1
enabled=1
gpgcheck=1
gpgkey=https://packages.grafana.com/gpg.key
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt

Step 4 - Install Grafana

Before you install Grafana, there is a one change we need to make. From RHEL 9 SHA-1 is deprecated and Grafana uses SHA-1 to GPG key. It will fail by default but if we update default crypto policies to SHA-1, it will not fail and get install successfully. Run following command to update it:

# update-crypto-policies --set DEFAULT:SHA1

Now we can install Grafana.

For Enterprise:

# dnf install grafana-enterprise -y

For Open Source.

# dnf install grafana -y

Add port 3000 in the firewall.

If you are using firewalld:

# firewall-cmd --add-port=3000/tcp --permanent

# firewall-cmd --reload

If you are using IPTables:

# iptables -A INPUT -p tcp --dport 3000 -j ACCEPT

# iptables-save

Step 5: Configure PostgreSQL:

First edit pg_hba.conf file.

# vi /var/lib/pgsql/14/data/pg_hba.conf

Add following lines:

host all grafana 0.0.0.0/0 trust
local all grafana trust

Save and exit.

Finally, modify default database configuration and set to PostgreSQL database configuration.

# vi /etc/grafana/grafana.ini

[database]
# You can configure the database connection by specifying type, host, name, user and password
# as separate properties or as on string using the url properties.

# Either "mysql", "postgres" or "sqlite3", it's your choice
type = postgres
host = 127.0.0.1:5432
name = grafana
user = grafana
password = grafana

Note:

Change the name, user, and password as your configurations.

Save and exit.

To start and enable the service and verify that the service has started: grafana-server.service.

# systemctl start grafana-server.service
# systemctl enable grafana-server.service

Package details

Default file (environment vars) to /etc/sysconfig/grafana-server
Configuration file to /etc/grafana/grafana.ini systemd service (if systemd is available) name grafana-server.service
The default configuration uses a log file at /var/log/grafana/grafana.log
The default configuration specifies an sqlite3 database at /var/lib/grafana/grafana.db

The installation is completed successfully.

In this tutorial, you have learnt how to install Grafana on Rocky Linux 9.

How To Install Grafana on AlmaLinux 9 - HostnExtra

HostnExtra Technologies — Mon, 10 Oct 2022 13:55:48 +0000

In this tutorial, we shall show you how to install Grafana on AlmaLinux 9. We shall install Grafana Enterprise and Open Source CLI version 9.1.7-1 with PostgreSQL.

Prerequisites

A AlmaLinux 9 dedicated server or KVM VPS.

Supported databases are SQLite, MySQL, and PostgreSQL.
A root user access or normal user with administrative privileges.

By default, Grafana installs with and uses SQLite, which is an embedded database stored in the Grafana installation location. In this tutorial we are going to install PostgreSQL and configure it.

Let’s get started with the installation process.

Install Grafana on AlmaLinux 9

Step 1 - Keep the server up to date

# dnf update -y

Step 2 - Install PostgreSQL database

Before you install PostgreSQL, check the current version here and download.

Install the repository RPM:

# dnf install -y https://download.postgresql.org/pub/repos/yum/reporpms/EL-9-x86_64/pgdg-redhat-repo-latest.noarch.rpm

Disable the built-in PostgreSQL module:

# dnf -qy module disable postgresql

Install PostgreSQL database using following command:

# dnf install -y postgresql14-server

Initialize, start, and enable PostgreSQL service:

# sudo /usr/pgsql-14/bin/postgresql-14-setup initdb

# systemctl start postgresql-14

# systemctl enable postgresql-14

Next, we need to create a database for Grafana and assign it a username and password for authentication.

# sudo -u postgres psql

postgres=# CREATE DATABASE grafana;

CREATE DATABASE

postgres=# CREATE USER grafana WITH PASSWORD 'grafana';

CREATE ROLE

postgres=# GRANT ALL PRIVILEGES ON DATABASE grafana TO grafana;

GRANT

postgres=#\c grafana

You are now connected to database "grafana" as user "postgres".

postgres=#CREATE TABLE session ( key CHAR(16) NOT NULL, data bytea, expiry INT NOT NULL, PRIMARY KEY (key));

CREATE TABLE

postgres=# \q

Note:

Use your own database name as well as username and set strong password.

Step 3 - Create repository file

# vi /etc/yum.repos.d/grafana.repo

Add following lines:

For Enterprise releases:

[grafana]
name=grafana
baseurl=https://packages.grafana.com/enterprise/rpm
repo_gpgcheck=1
enabled=1
gpgcheck=1
gpgkey=https://packages.grafana.com/gpg.key
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt

For OSS releases:

[grafana]
name=grafana
baseurl=https://packages.grafana.com/oss/rpm
repo_gpgcheck=1
enabled=1
gpgcheck=1
gpgkey=https://packages.grafana.com/gpg.key
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt

Step 4 - Install Grafana

# update-crypto-policies --set DEFAULT:SHA1

Now we can install Grafana.

# dnf install grafana-enterprise -y

or

# dnf install grafana -y

Add port 3000 in the firewall.

If you are using firewalld:

# firewall-cmd --add-port=3000/tcp --permanent

# firewall-cmd --reload

If you are using IPTables:

# iptables -A INPUT -p tcp --dport 3000 -j ACCEPT

# iptables-save

Step 5: Configure PostgreSQL:

First edit pg_hba.conf file.

# vi /var/lib/pgsql/14/data/pg_hba.conf

Add following lines:

host all grafana 0.0.0.0/0 trust
local all grafana trust

Save and exit.

Finally, modify default database configuration and set to PostgreSQL database configuration.

# vi /etc/grafana/grafana.ini

[database]
# You can configure the database connection by specifying type, host, name, user and password
# as separate properties or as on string using the url properties.

# Either "mysql", "postgres" or "sqlite3", it's your choice
type = postgres
host = 127.0.0.1:5432
name = grafana
user = grafana
password = grafana

Note:

Change the name, user, and password as your configurations.

Save and exit.

To start and enable the service and verify that the service has started: grafana-server.service.

# systemctl start grafana-server.service
# systemctl enable grafana-server.service

Package details

Default file (environment vars) to /etc/sysconfig/grafana-server
Configuration file to /etc/grafana/grafana.ini
systemd service (if systemd is available) name grafana-server.service
The default configuration uses a log file at /var/log/grafana/grafana.log
The default configuration specifies an sqlite3 database at /var/lib/grafana/grafana.db

The installation is completed successfully.

In this tutorial, you have learnt how to install Grafana on AlmaLinux 9.

A Guide to Install Grafana on Ubuntu 22.04 - HostnExtra

HostnExtra Technologies — Wed, 05 Oct 2022 11:01:37 +0000

In this tutorial, you will learn how to install Grafana on Ubuntu 22.04 with PostgreSQL DB. We shall install Grafana Enterprise and Open Source CLI version 9.1.6.

Prerequisites

A Ubuntu 22.04 dedicated server or KVM VPS.

Supported databases are SQLite, MySQL, and PostgreSQL.
A root user access or normal user with administrative privileges.

By default, Grafana installs with and uses SQLite, which is an embedded database stored in the Grafana installation location. Here we're installing PostgreSQL database.

Let's get started with the installation process.

Install Grafana on Ubuntu 22.04

Step 1 - Keep the server up to date

# apt update -y

# apt upgrade -y

Step 2 - Install PostgreSQL database

Install PostgreSQL database using following command:

# apt install -y postgresql

Start and enable PostgreSQL service:

# systemctl start postgresql

# systemctl enable postgresql

Next, we need to create a database for Grafana and assign it a username and password for authentication.

# sudo -u postgres psql

postgres=# CREATE DATABASE grafana;

CREATE DATABASE

postgres=# CREATE USER grafana WITH PASSWORD 'grafana';

CREATE ROLE

postgres=# GRANT ALL PRIVILEGES ON DATABASE grafana TO grafana;

GRANT

postgres=#\c grafana

You are now connected to database "grafana" as user "postgres".

postgres=#CREATE TABLE session ( key CHAR(16) NOT NULL, data bytea, expiry INT NOT NULL, PRIMARY KEY (key));

CREATE TABLE

postgres=# \q

Note:

Use your own database name as well as username and set strong password.

Step 2 - Install required package and add GPG key

# apt-get install apt-transport-https -y

# wget -q -O - https://packages.grafana.com/gpg.key | sudo apt-key add -

Step 3 - Add this repository for stable releases

Latest Enterprise edition

# echo "deb https://packages.grafana.com/enterprise/deb stable main" | sudo tee -a /etc/apt/sources.list.d/grafana.list

Latest OSS release

# echo "deb https://packages.grafana.com/oss/deb stable main" | sudo tee -a /etc/apt/sources.list.d/grafana.list

Step 4 - Install Grafana Enterprise

After you add the repository first update the server and install the Grafana Enterprise.

# apt-get update -y
# apt-get install grafana-enterprise -y

To install OSS release:

# apt-get update -y

# apt-get install grafana -y

Configure PostgreSQL:

First edit pg_hba.conf file.

# nano /etc/postgresql/14/main/pg_hba.conf

Add following lines:

host all grafana 0.0.0.0/0 trust
local all grafana trust

Save and exit.

Finally, modify default database configuration and set to PostgreSQL database configuration.

# nano /etc/grafana/grafana.ini

[database]
# You can configure the database connection by specifying type, host, name, user and password
# as separate properties or as on string using the url properties.

# Either "mysql", "postgres" or "sqlite3", it's your choice
type = postgres
host = 127.0.0.1:5432
name = grafana
user = grafana
password = grafana

Note:

Change the name, user, and password as your configurations.

Save and exit.

To start and enable the service and verify that the service has started: grafana-server.service.

# systemctl start grafana-server.service

# systemctl enable grafana-server.service

Package details
Default file (environment vars) to /etc/default/grafana-server
Configuration file to /etc/grafana/grafana.ini
systemd service (if systemd is available) name grafana-server.service
The default configuration sets the log file at /var/log/grafana/grafana.log
HTML/JS/CSS and other Grafana files at /usr/share/grafana
Step 5 - Log in into dashboard

To log in to Grafana for the first time:

Open your web browser and go to http://localhost:3000/. The default HTTP port that Grafana listens to is 3000 unless you have configured a different port.
On the login page, enter admin for username and password.
Click Log In. If login is successful, then you will see a prompt to change the password.
Click OK on the prompt, then change your password.

The installation is completed successfully.

In this tutorial, you have learnt how to install Grafana on Ubuntu 22.04.

How To Install Git Server on Ubuntu 22.04 - HostnExtra

HostnExtra Technologies — Thu, 29 Sep 2022 11:45:48 +0000

In this tutorial, we will see how to install Git server on Ubuntu 22.04. You will learn to install and configure Git server.

Git is a distributed version-control system for tracking changes in source code during software development. It is designed for coordinating work among programmers, but it can be used to track changes in any set of files. Its goals include speed, data integrity, and support for distributed, non-linear workflows.

Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency.

Prerequisites

A Ubuntu 22.04 installed dedicated server or KVM VPS.
A root user access or normal user with administrative privileges.
Add DNS A record of your server's hostname. For example we are using hub.hostnextra.com as our server hostname. Or else use your server IP address in the place of hub.hostnextra.com.

Install Git Server on Ubuntu 22.04

Let's get started with installation. There are two ways to install Git.

Step 1 is install Git using APT

Keep the server up-to-date

# sudo apt update -y

Install Git

# sudo apt install git -y

Verify the installation:

# git --version

Step 2 is install git from source

You can download latest version of Git from release page. It make take longer time and will not be updated and maintained through the yum package manager. But it will allow you to download a newer version than what is available through the CentOS repositories, and will give you some control over the options that you can include.

First, install dependencies

# sudo apt install libz-dev libssl-dev libcurl4-gnutls-dev libexpat1-dev gettext cmake gcc -y

After the installation complete, go to release page and copy the download link. You can find tar.gz, right click on it and copy the link.

Now, download it in the server using wget command and rename it:

# sudo wget https://github.com/git/git/archive/refs/heads/master.zip

Once the download is complete, we can extract the tar file

# unzip master.zip

Now, go to that directory to begin configuring our build.

# cd git-master

Now, you can make the package and install it by typing these two commands:

# sudo make prefix=/usr/local all
# sudo make prefix=/usr/local install

Now, replace the shell process so that the version of Git we just installed will be used:

# exec bash

We have built and installed Git successfully. To verify it check the version using following command:

# git --version

Configure Git

Add user to handle the repositories:

# sudo adduser git

# sudo su - git

Initiate a new empty repository using following command:

# git init --bare ~/hostnextra.git

Enable post-update hook by copying the sample file as follows:

# cd hostnextra.git/hooks/
# cp post-update.sample post-update

That's it for server side.

Now let's go to client side:

Install Git

# sudo apt install git -y

Once the installation gets completed, start the configuring the Git

Configure Git

Submit inflammation about yourself so that commit messages will be generated with correct information attached:

# git config --global user.name "git"
# git config --global user.email "git@hub.hostnextra.com"

Create a directory where you can keep all your projects

# mkdir ~/dev
# cd ~/dev

Now, create a clone the hostnextra.git repository that we have created earlier in the server

# git clone git@hub.hostnextra.com:~/hostnextra.git hostnextra.git

Cloning into 'hostnextra.git'...

It will ask to enter git user password:

git@hub.hostnextra.com's password:
warning: You appear to have cloned an empty repository.

Go to respository

# cd hostnextra.git

You can see the repository is empty, so lets create some files

# echo "my test file" > file1.txt

Add these file to our git repository

# git add .

Commit the changes

# git commit -am "My First Commit" [master (root-commit) b337197] My First Commit 1 file changed, 1 insertion(+) create mode 100644 file1.txt

Push these changes to the remote git repository at hub.hostnextra.com

# git push origin master

you will be asked for password, enter git user password

git@hub.hostnextra.com's password:
Enumerating objects: 3, done.
Counting objects: 100% (3/3), done.
Writing objects: 100% (3/3), 229 bytes | 76.00 KiB/s, done.
Total 3 (delta 0), reused 0 (delta 0)
To hub.hostnextra.com:~/hostnextra.git
* [new branch] master -> master

Verify the changes, access the git server and run following command to check the logs

# git log

Output will be similar like:

commit b3371975bd44fb4aca344e365fa635180967f7fe (HEAD -> master)
Author: git git@hub.hostnextra.com
Date: Wed Apr 14 10:06:06 2021 +0000

My First Commit

We have successfully install Git server on Ubuntu 22.04.

Install Portainer on Ubuntu 22.04 with Docker - HostnExtra

HostnExtra Technologies — Tue, 27 Sep 2022 11:54:23 +0000

In this article, we'll explain how to install Portainer on Ubuntu 22.04 with Docker.

Portainer is powerful, open-source toolset that allows you to easily build and manage containers in Docker, Swarm, Kubernetes and Azure ACI. It works by hiding the complexity that makes managing containers hard, behind an easy to use GUI.

Prerequisites

Ubuntu 22.04 installed dedicated server or KVM VPS.
A root user access or normal user with administrative privileges.
Add A record of your preferred domain like port.example.com

Install Portainer on Ubuntu 22.04 with Docker

1. Keep server updated

Always keep your server up-to-date for security purpose.

# sudo apt-get update -y

2. Install Docker

Install the required dependencies for Docker:

# sudo apt-get install apt-transport-https ca-certificates curl gnupg-agent software-properties-common -y

Next, run the commands below to download and install Docker’s official GPG key. The key is used to validate packages installed from Docker’s repository making sure they’re trusted.

# curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - sudo apt-key fingerprint 0EBFCD88

Add the Docker Repository

# sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"

The following command will download Docker and install it:

# sudo apt-get update -y

# sudo apt-get install docker-ce -y

3. Create a container

We'll show you two ways to deploy the container.

If you want to use domain name to access Portainer, use following command to deploy the container:

# sudo docker run --restart always -d --name=portainer -v /var/run/docker.sock:/var/run/docker.sock -v /vol/portainer/data:/data -e VIRTUAL_HOST=port.example.com -e VIRTUAL_PORT=9000 portainer/portainer-ce -H unix:///var/run/docker.sock

Note:

-v /var/run/docker.sock:/var/run/docker.sock means mounting /var/run/docker.sock to the container so portainer can control the Docker.
-v /vol/portainer/data:/data means storing data of portainer on directory /vol/portainer/data.
port.example.com is your domain to access the portainer.

2. If you want to access Portainer using server IP, use following command to deploy the container:

# sudo docker volume create portainer_data

# sudo docker run -d -p 8000:8000 -p 9000:9000 --name=portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ce

4. Configure Reverse Proxy for Portainer (Optional if you will use domain name)

Caddyfile is a reverse proxy server. It is necessary to secure the connection to prevent network hijacking. Caddyfile can obtains and automatically maintains SSL certificate.

Create a Caddyfile. Caddyfile is a document containing configs for your sites:

`# sudo mkdir -p /vol/caddy/configs

sudo vim /vol/caddy/configs/Caddyfile`

Add following content:

port.example.com {
tls youremail@example.com
reverse_proxy portainer:8000
}

Replace: port.example.com with your domain name and youremail@example.com with your actual email id.

Save and exit.

Finally, create a Caddy container using following command:

# sudo docker run --restart always -d -p 80:80 -p 443:443 -v "/vol/caddy/data:/data/caddy" -v "/vol/caddy/configs:/etc/caddy" --link portainer --name caddy caddy

Note:

-p 80:80 -p 443:443 means publish its 80 and 443 port to your host so you can access it with those ports.
-v "/vol/caddy/data:/data/caddy" means mount caddy working directory to your host to persist data such as certificates.
-v "/vol/caddy/configs:/etc/caddy" means mount caddy configuration directory to your host to persist configurations.
--link portainer means link container caddy with portainer so they can access with each other.

Access Portainer

Navigate to your browser and access the Portainer by using either your domain or server IP and set admin password and finish the installment.

That's it. The installation has been completed successfully.

In this article, we've have seen how to install Portainer on Ubuntu 22.04 with Docker.

How to Install Vue CLI on Ubuntu 22.04 - HostnExtra

HostnExtra Technologies — Tue, 27 Sep 2022 11:46:52 +0000

In this article, we’ll explain how to install Vue CLI on Ubuntu 22.04.

Vue.js is an open-source model-view-viewmodel front end JavaScript framework. This article will guide you the installation process and creating hello world first project.

Prerequisites

A Ubuntu 22.04 installed dedicated server or KVM VPS.
A root user access or normal user with administrative privileges.

Install Vue CLI on Ubuntu 22.04

1 - User management

Add user

# adduser <user name>

It will ask you to enter the password for the new user.

Add user in sudo group

# usermod -aG sudo block

# su - <username>

2 - Keep the server up to date

$ sudo apt update -y

3 - Download NodeJS

Download latest stable release of NodeJS.

$ sudo curl -sL https://deb.nodesource.com/setup_18.x | sudo -E bash -

4 - Install NodeJS

Next, install the NodeJS using following command:

$ sudo apt-get install -y nodejs

5 - Verify the installation

$ node -v && npm -v

Output:

v18.9.0
8.19.1

6. Install Vue CLI

Following command will install Vue CLI.

$ sudo npm install -g @vue/cli

Verify the installation:

$ vue --version

Output:

@vue/cli 5.0.8

7. Create Vue project

$ vue create hello-world

You will be prompted to pick a preset. You can either choose the default preset which comes with a basic Babel + ESLint setup, or select "Manually select features" to pick the features you need.

Output:
Vue CLI v5.0.8`
? Please pick a preset: (Use arrow keys)
❯ Default ([Vue 2] babel, eslint)
Default (Vue 3 Preview) ([Vue 3] babel, eslint)
Manually select features

Successfully created project hello-world.
Get started with the following commands:

$ cd hello-world $ sudo npm run serve

Output:

App running at:

Local: http://localhost:8080/

Network: http://192.168.0.106:8080/ Note that the development build is not optimized. To create a production build, run npm run build.

Navigate to your browser and open http://[server_IP]:8080.

That’s it. The installation has been completed.

In this article, we have seen how to install Vue CLI on Ubuntu 22.04.

How To Install Gatsby on Ubuntu 22.04

HostnExtra Technologies — Tue, 27 Sep 2022 10:56:36 +0000

In this article, we’ll explain how to install Gatsby on Ubuntu 22.04.

Gatsby is a React-based open-source framework for creating websites and apps. It’s great whether you’re building a portfolio site or blog, or a high-traffic e-commerce store or company homepage. Create blazing fast websites and apps AND harness the power of 2000+ plugins. Build sites with the services you want, like Shopify, Stripe, and WordPress, quickly and easily with Gatsby’s 2000+ plugins. Integrate data from anywhere: APIs, databases, CMSs, static files — or multiple sources at once

This article will guide you with the installation process and deploying default starter Gatsby site.

Prerequisites
A Ubuntu 22.04 installed dedicated server or KVM VPS.
A root user or normal user with sudo administrator privileges.

Learn more: Install Gatsby on Ubuntu 22.04

JSON Web Token Refreshing a token

HostnExtra Technologies — Tue, 22 Jun 2021 05:16:42 +0000

In this article, we'll explain about JSON Web Token Refreshing a token.

Introduction

In this section we touch upon refreshing an access token.
JSON Web Token Refreshing a token

Types of tokens

In general there are two type of tokens: access token and a refresh token. The access token is used for making API calls towards the server. Access tokens have a limited life span, that’s where the refresh token comes in. Once the access token is no longer valid a request can me made towards the server to get a new access token by presenting the refresh token. The refresh token can expire but their life span is much longer. This solves the problem of a user having to authenticate again with their credentials. Whether you should use a refresh token and access token depends.

The refresh token is a random string which the server can keep track of (in memory or store in a database) in order to match the refresh token to the user the refresh token was granted to. So in this case whenever the access token is still valid we can speak of a "stateless" session, there is no burden on the server side to setup the user session, the token is self contained. When the access token is no longer valid the server needs to query for the stored refresh token to make sure the token is not blocked in any way.

Whenever the attacker gets a hold on an access token it is only valid for a certain amount of time (say 10 minutes). The attacker then needs the refresh token to get a new access token. That is why the refresh token needs better protection. It is also possible to make the refresh token stateless but this means it will become more difficult to see if the user revoked the tokens. After the server made all the validations it must return a new refresh token and a new access token to the client. The client can use the new access token to make the API call.

What should you check for?

Regardless of the chosen solution you should store enough information on the server side to validate whether the user is still trusted. You can think of many things, like store the ip address, keep track of how many times the refresh token is used (using the refresh token multiple times in the valid time window of the access token might indicate strange behavior, you can revoke all the tokens an let the user authenticate again).

Also keep track of which access token belonged to which refresh token otherwise an attacker might be able to get a new access token for a different user with the refresh token of the attacker (see https://emtunc.org/blog/11/2017/jwt-refresh-token-manipulation/ for a nice write up about how this attack works) Also a good thing to check for is the ip address or geolocation of the user. If you need to give out a new token check whether the location is still the same if not revoke all the tokens and let the user authenticate again.

Need for refresh tokens

Does it make sense to use a refresh token in a modern single page application (SPA)? As we have seen in the section about storing tokens there are two options: web storage or a cookie which mean a refresh token is right beside an access token, so if the access token is leaked chances are the refresh token will also be compromised. Most of the time there is a difference of course. The access token is sent when you make an API call, the refresh token is only sent when a new access token should be obtained, which in most cases is a different endpoint. If you end up on the same server you can choose to only use the access token.

As stated above using an access token and a separate refresh token gives some leverage for the server not to check the access token over and over. Only perform the check when the user needs a new access token. It is certainly possible to only use an access token. At the server you store the exact same information you would store for a refresh token, see previous paragraph. This way you need to check the token each time but this might be suitable depending on the application. In the case the refresh tokens are stored for validation it is important to protect these tokens as well (at least use a hash function to store them in your database).

JWT a good idea?

There are a lot of resources available which question the usecase for using JWT token for client to server authentication with regards to cookies. The best place to use a JWT token is between server to server communication. In a normal web application you are better of using plain old cookies. See for more information:

Reference: OWASP WebGoat

In this article, we've seen about JSON Web Token Refreshing a token.