From: Brian Flowers Date: Sat, 24 Apr 2021 02:30:01 +0000 (-0400) Subject: Initial commit X-Git-Url: http://git.slightlycyberpunk.com%2C%20git.slightlycyberpunk.com/git/?a=commitdiff_plain;h=8497add7a0a8f50d42f3a0f38a551b13fb3e712f;p=tutorials.git Initial commit --- 8497add7a0a8f50d42f3a0f38a551b13fb3e712f diff --git a/centos_dovecot.html b/centos_dovecot.html new file mode 100755 index 0000000..1efc699 --- /dev/null +++ b/centos_dovecot.html @@ -0,0 +1,579 @@ + + + Dovecot on Centos 7 + + + + + + + + + +

Legend

+

+Work in progress
+Installation specific values
+SC standard configuration
+Security configuration +

+ +

Base System Setup

+

Update the OS and install dovecot and (optionally) nano

+
+yum update
+yum install sudo nano wget mailx dovecot procmail fetchmail 
+
+ +

Create required user accounts.

+

For the fetchmail filtering described in the + next step, you may also want to create the users + spam and pending

+
+useradd <username> -m -d /home/<username> -s /bin/bash
+usermod -a -G mail <username>
+su - <username>
+
+ +

Configure Fetchmail

+

Create required files:

+
+touch /home/<username>/.fetchmailrc
+chmod 0600 /home/<username>/.fetchmailrc
+touch /etc/init.d/fetchmail
+chmod +x /etc/init.d/fetchmail
+
+ +

Create mail filter (if desired).

+

The filter shown below has a number of different features. Each block can be removed if + not required. Read the script comments for details.

+

The first block is spam filtering by address -- any messages sent to an address listed + in the file /etc/mailblock.lst (one address per line) will be filtered and delivered to + the 'spam' user. You should have a 'spam' user setup the same as your other mail + accounts to use this feature.

+

The second block is two-step verification filtering -- any messages sent to an address + listed in the file /etc/mailverify.lst will be held for verification. To use this feature, + you must configure a user 'pending' as well as a wildcard alias on '*-pending'. When a + message is delivered for one of the designated addresses, it will be stored with a randomly + generated ID number and a message will be sent to the sender from the address '<random>-pending'. + When the user replies to that mail, their original message will be sent to the address + originally provided

+

/etc/mailDelivery.sh +

+# The destination user can be selected either by an argument to the script,
+#  or based on the user who is executing the script
+user="${1}"
+if [ -z "${user}" ]; then
+  user=`whoami`
+fi
+
+# Read the message and filter the destination addresses from it
+# The addresses will have "^" and "$" characters added to the start and end
+#  for later grep commands.
+message=$(cat; echo x)
+address="`echo -n \"${message%x}\" | \
+            grep -e '^To: ' -e \$'^[ \t]*for' | \
+            awk '{print \"^\"$2\"\$\"}' | \
+            sed 's/[\"<>;]//g'`"
+
+
+
+
+# If a blacklist is provided at /etc/mailblock.lst, messages sent to that address
+#  will be redirected to the inbox of the "spam" user
+if [ `cat /etc/mailblock.lst | grep -ic "${address}"` -gt 0 ]; then
+  user="spam"
+  
+  
+  
+# If a list is provided at /etc/mailverify.lst, messages sent to those address
+#  will require additional verification before being delivered.
+# A mail account must be configured for the 'pending' user, with a wildcard alias
+#  configured on *-pending@domain
+elif [ `cat /etc/mailverify.lst | grep -ic "${address}"` -gt 0 ]; then
+  # First, generate a random ID number to identify this message
+  idnum=$((RANDOM))
+  attempts=0
+  if [ ! -d /home/pending/messages/ ]; then
+    mkdir -p /home/pending/messages/
+  fi
+
+  # If the number is already used, retry up to ten times
+  while [ -f /home/pending/messages/$idnum.msg ] && [ $attempts -lt 10  ]; do
+    idnum=$((RANDOM))
+    attempts=`expr $attempts + 1`
+  done
+
+  # If we could not find a free number, fail to deliver
+  # The user will be sent the contents of /home/pending/failure.msg
+  #  and their original message
+  if [ $attempts -eq 10 ]; then
+    echo "FAILURE"
+    msg=$(cat /home/pending/failure.msg)
+    echo "${msg}  ${message}" | mailx -v \
+        -s "Your message could not be delivered" \
+        -S smtp-auth=cram-md5 \
+        -S smtp=smtp://mail.domain:10025 \
+        -S from="domain pending messages <$idnum-pending@domain>" \
+        -S smtp-auth-user=pending \
+        -S smtp-auth-password='password' \
+        -S nss-config-dir="/etc/pki/nssdb/" \
+        -S ssl-verify=warn \
+        -S smtp-use-starttls \
+        "${from}"
+    exit 1
+  fi
+
+  # Save the message, and give all mail users permission to access it
+  # This is required so it can be accessed by the correct destination user
+  echo -n "${message%x}" > /home/pending/messages/$idnum
+  chown `whoami`:mail /home/pending/messages/$idnum
+  chmod 660 /home/pending/messages/$idnum
+
+  # Get the sender's address from the message, and send them the contents of
+  #  /home/pending/autoresponse.msg, with their message attached. The message
+  #  will be sent from the address <random number>-pending@domain
+  #  and will be released when a reply is received to the same address
+  from="`cat /home/pending/messages/$idnum | \
+        grep '^From:' | \
+        cut -d':' -f2- | \
+        sed 's/[^@]*[ <]\([^ ]*@[^ ]*\)[^@]*/\1/g' | \
+        sed 's/[\"<>;]//g'`"
+  cat /home/pending/autoresponse.msg | mailx -v \
+        -a /home/pending/messages/$idnum \
+        -s "Action required: Your message was not delivered" \
+        -S smtp-auth=cram-md5 \
+        -S smtp=smtp://mail.domain:10025 \
+        -S from="domain pending messages >$idnum-pending@domain>" \
+        -S smtp-auth-user=pending \
+        -S smtp-auth-password='password' \
+        -S nss-config-dir="/etc/pki/nssdb/" \
+        -S ssl-verify=warn \
+        -S smtp-use-starttls \
+        "${from}"
+  exit 0
+  
+# If a reply is received to a *-pending@domain address, 
+#  send the saved message instead
+elif [ `ls /home/pending/messages/ | sed 's/$/-pending@bsflowers.net/g' | grep -ic "${address}"` -gt 0 ]; then
+  idnum="`echo \"${address}\" | \
+        sed 's/\^\([0-9]*\)-pending.*/\1/' | \
+        sort -u | \
+        grep -v [^0-9]`"
+  destination="`cat /home/pending/messages/$idnum | \
+        grep -e '^To: ' -e \$'^[ \t]*for' | \
+        awk '{print \"^\"$2\"\$\"}' | \
+        sed 's/[\"<>;]//g'`"
+
+  user=`echo $destination | cut -d '@' -f1 | cut -d'-' -f2 | sed 's/^^//g'`
+  cat /home/pending/messages/$idnum | sudo /usr/bin/procmail -d $user
+  rm /home/pending/messages/$idnum
+  exit 0
+fi
+
+    
+    
+# Useful for debugging -- saves a copy of each message in the user home
+# echo -n "${message%x}" > /home/$user/mail.tmp
+
+# Send the message
+echo -n "${message%x}" | sudo /usr/bin/procmail -d $user
+
+ +

/etc/mailblock.lst

+
+spammy-address@domain
+
+ +

/home/<username>/.fetchmailrc

+
+set daemon 300
+poll <external mailserver> with proto pop3
+  user <username>@<domain> with password '<password>' is '<username>' here
+  ssl
+mda '/etc/maildelivery.sh %T'
+
+# Use the mda line below to disable filtering
+#mda '/usr/bin/procmail -d %T'
+
+ +

/etc/init.d/fetchmail

+
+#!/bin/bash
+
+cut -d: -f1 /etc/passwd | while read USERNAME
+  do
+    if [ -f /home/${USERNAME}/.fetchmailrc ]; then
+      pid=`head -1 /home/${USERNAME}/.fetchmail.pid 2>/dev/null`
+      if [ "$1" = "start" ] && [ `kill -0 $pid 2>/dev/null; echo $?` -ne 0 ]; then
+        echo "Starting fetchmail for user: ${USERNAME}"
+        su - ${USERNAME} -c "fetchmail --daemon 300 -f ~/.fetchmailrc"
+      elif [ "$1" = "stop" ]; then
+        echo "Stopping fetchmail for user: ${USERNAME}"
+        kill $pid
+      elif [ "$1" = "status" ]; then
+        if [ `kill -0 $pid 2>/dev/null; echo $?` -eq 0 ]; then
+          echo "Fetchmail is UP for user: ${USERNAME}"
+        else
+          echo "Fetchmail is DOWN for user: ${USERNAME}"
+        fi
+      fi
+    fi
+  done
+
+ +

/etc/systemd/system/fetchmail.service

+
+[Unit]
+Description=Fetchmail multi-user mail import
+After=local-fs.target network.target network-online.target
+
+[Service]
+Type=oneshot
+ExecStart=/etc/init.d/fetchmail start
+ExecStop=/etc/init.d/fetchmail stop
+RemainAfterExit=yes
+
+[Install]
+WantedBy=multi-user.target
+
+ +

Enable the Fetchmail service

+
+systemctl enable fetchmail
+
+ +

Configure Dovecot

+ + +

/etc/dovecot/dovecot.conf

+
+protocols = imap
+listen = mail.<domain>
+verbose_proctitle = yes
+shutdown_clients = yes
+
+ +

/etc/dovecot/conf.d/10-auth.conf

+
+disable_plaintext_auth = yes
+auth_mechanism = plain cram-md5
+!include auth-passwdfile.conf.ext
+
+ +

/etc/dovecot/conf.d/auth-passwdfile.conf.ext

+
+passdb {
+  driver = passwd-file
+  args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
+}
+
+# userdb { ... }
+
+ +

Get the cram-md5 password hash using emailrelay-passwd and create the password file:

+
+emailrelay-passwd
+touch /etc/dovecot/cram-md5.pwd
+chmod 0600 /etc/dovecot/cram-md5.pwd
+chown dovecot /etc/dovecot/cram-md5.pwd
+nano /etc/dovecot/cram-md5.pwd
+
+ +

/etc/dovecot/cram-md5.pwd

+
+<username>:<cram-md5 formatted password>
+
+ +

/etc/dovecot/conf.d/10-director.conf

+
+...
+
+ +

/etc/dovecot/conf.d/10-logging.conf

+
+...
+
+ +

/etc/dovecot/conf.d/10-mail.conf

+
+mail_location = mbox:~/mail:INBOX=/var/mail/%u
+mail_attachment_dir = ~/attachments
+
+ +

/etc/dovecot/conf.d/10-master.conf

+
+
+#inet_listener imap{...}
+inet_listener imaps{...}
+#service pop{...}
+#service lmtp{...}
+
+
+ +

/etc/dovecot/conf.d/10-ssl.conf

+
+
+ssl = yes
+ssl_cert = </etc/pki/dovecot/certs/domain.crt
+ssl_key = </etc/pki/dovecot/private/domain.key
+ssl_ca = </etc/pki/dovecot/certs/ca.pem
+
+
+ +

/etc/dovecot/conf.d/15-lda.conf

+
+
+postmaster_address = mail@<domain>
+hostname = mail.<domain>
+
+
+ +

/etc/dovecot/conf.d/20-imap.conf

+
+imap_idle_notify_interval = 1 mins
+
+ +

Enable the Dovecot service

+
+systemctl enable dovecot
+
+ +

Install E-mailrelay

+
+sudo yum install gcc gcc-c++ openssl openssl-devel
+cd ~
+wget https://sourceforge.net/projects/emailrelay/files/latest/download?source=files
+mv emailrelay* emailrelay.tar.gz
+tar -xzvf emailrelay.tar.gz
+cd emailrelay*
+./configure --with-openssl
+make
+make install
+
+ +

Configure E-mailrelay

+

Prepare SSL keys for E-mailrelay

+
+
+cat /etc/pki/dovecot/certs/domain.crt /etc/pki/dovecot/private/domain.key > /etc/pki/dovecot/private/domain.crt.key
+
+
+ +

Prepare authentication file

+
+touch /etc/emailrelay.auth
+chmod 0600 /etc/emailrelay.auth
+
+ +

/etc/emailrelay.auth

+
+CRAM-MD5 server <E-mailrelay client login> <CRAM-MD5 encoded password>
+PLAIN client <remote SMTP server login> <plaintext password>
+
+ +

Create E-mailrelay filter for local mail delivery

+

/etc/emailrelay-filter.sh +

+#!/bin/sh
+# emailrelay-filter.sh
+
+# Function (if required) to convert incoming mail address to local username
+# As designed, this function will take an address like 'alias-user@domain.com'
+#  and deliver it to 'user'
+addrToUser()
+{
+  ADDR="${1}"
+  USER=`echo $ADDR | awk -F"-" '{print $NF}'`
+  echo "$USER"
+}
+
+content="${1}"
+envelope="`echo \"${content}\" | sed 's/content/envelope.new/'`"
+destination="`cat ${content} | grep '^To:' | cut -d':' -f2-`"
+
+while [ ! -z "${destination}" ]; do
+  islocal=`echo ${destination} | grep "@domain" | wc -l`
+  if [ "$islocal" -lt 1 ]; then
+    exit 0
+  else
+    user="`echo ${destination} | sed 's/\([^ <]*\)@domain[^ ;]*/\1/'`"
+    destination="`echo ${destination} | sed \"s/${user}@domain//\"`"
+    localuser=`addrToUser ${user}`
+    cat "${content}" | grep -v "^To:" | sudo /usr/bin/procmail -d ${localuser}
+  fi
+  sleep 5
+done
+
+rm ${content} ${envelope}
+exit 100
+
+ +

Configure retry and failure notifications

+
+
+/usr/local/libexec/emailrelay/examples/emailrelay-notify.sh
+/usr/local/libexec/emailrelay/examples/emailrelay-resubmit.sh
+
+
+ +

Create init file for E-mailrelay

+
+touch /etc/init.d/emailrelay
+chmod +x /etc/init.d/emailrelay
+
+

/etc/init.d/emailrelay

+
+#!/bin/bash
+
+#. /etc/init.d/functions
+
+if [ "$1" = "start" ]; then
+  /usr/local/sbin/emailrelay --as-proxy remote SMTP server:587 --client-tls \
+  --client-auth /etc/emailrelay.auth --port 10025 -r --server-tls /etc/pki/dovecot/private/domain.crt.key \
+  --filter /etc/emailrelay-filter.sh --pid-file /etc/emailrelay.pid --verbose > /var/log/emailrelay.log
+elif [ "$1" = "stop" ]; then
+  kill `cat /etc/emailrelay.pid`
+elif [ "$1" = "status" ]; then
+  pid=`cat /etc/emailrelay.pid`
+  wc=`ps -p $pid | wc -l`
+  if [ ! -z "$pid" ] && [ $wc -gt 1 ]; then
+    echo "E-mailrelay is running"
+  else
+    echo "E-mailrelay is NOT running"
+  fi
+fi
+
+ +

/etc/systemd/system/emailrelay.service

+
+[Unit]
+Description=Emailrelay smtp proxy
+After=local-fs.target network.target network-online.target
+
+[Service]
+Type=simple
+PIDFile=/etc/emailrelay.pid
+ExecStart=/usr/local/sbin/emailrelay --as-proxy remote SMTP server:587 --client-tls \
+  --client-auth /etc/emailrelay.auth --port 10025 -r --server-tls /etc/pki/dovecot/private/domain.crt.key \
+  --server-auth=/etc/emailrelay.auth
+  --filter /etc/emailrelay-filter.sh --pid-file /etc/emailrelay.pid --verbose > /var/log/emailrelay.log
+ExecStop=kill `cat /etc/emailrelay.pid`
+
+[Install]
+WantedBy=multi-user.target
+
+ +

Enable the Emailrelay service

+
+systemctl enable emailrelay
+
+ +

Configure sudo access

+
/etc/sudoers
+
+# Allow sudo to be used in fetchmail mda script
+#Defaults    requiretty
+
+# Allow users to send mail to other users
+daemon mail.bsflowers.net = (root) NOPASSWD: /usr/bin/procmail
+%mail mail.bsflowers.net = (root) NOPASSWD: /usr/bin/procmail
+
+ +

Reboot and confirm services

+
+reboot
+systemctl status dovecot
+systemctl status emailrelay
+systemctl status fetchmail
+
+ +

Verification

+

The following optional steps will help verify or troubleshoot the installation

+ +

Check Dovecot Status

+

This will show if the Dovecot server is running

+
+systemctl status dovecot
+
+ +

Check Dovecot Logs

+

Check for errors, and watch these logs while performing remaining steps

+
+tail -f /var/log/dovecot.log
+
+ +

Login to dovecot with SSL

+

The following commands are to login to the Dovecot IMAP server via SSL on port 993, +and open the user's inbox.

+
+openssl s_client -crlf -connect mail.<domain>:993
+tag login <username> "<password>"
+tag LIST "" "*"
+tag SELECT INBOX
+
+

You can also use this to check the certificate expiration dates

+
+openssl s_client -crlf -connect mail.openssl s_client -crlf -connect mail.<domain>:993 | openssl x509 -noout -dates
+
+ +

Check E-mailrelay logs

+
+tail -f /var/log/maillog
+
+ +

Check user's mailbox locally

+
+su - user mail
+
+ + + diff --git a/centos_httpd.html b/centos_httpd.html new file mode 100644 index 0000000..a857aaf --- /dev/null +++ b/centos_httpd.html @@ -0,0 +1,111 @@ + + + Apache on Centos 7 + + + + + + + + + +

Legend

+

+Work in progress
+Installation specific values
+SC standard configuration
+Security configuration +

+ +

Base System Setup

+

Update the OS and install httpd, ssh, and nano

+
+yum update
+yum install sudo nano openssh-server mod_ssl openssl httpd 
+
+ +

Install any optional plugins. For example, PHP

+
+yum install php
+
+ +

Configure the server

+

/etc/httpd/conf/httpd.conf

+
+#Listen 80
+ServerAdmin www@domain
+
+ +

Configure SSL

+

If this server is hosting multiple domains, move the entire virtualhost tag into a separate file + (/etc/httpd/conf.d/domain.conf) and create copies of that file for each domain +
And update certificate filenames as required (these are based on letsencrypt.org certs).

+

/etc/httpd/conf.d/ssl.conf

+
+<VirtualHost domain:443>
+DocumentRoot "/var/www/html/domain
+ServerAdmin www@domain
+SSLCertificateFile /etc/pki/tls/certs/domain/cert.pem
+SSLCertificateKeyFile /etc/pki/tls/certs/domain/privkey.pem
+SSLCertificateChainFile /etc/pki/tls/certs/domain/chain.pem
+</VirtualHost>
+
+ +

Start the server

+
+systemctl enable httpd
+systemctl start httpd
+systemctl enable sshd
+systemctl start sshd
+
+ + diff --git a/debian_git.html b/debian_git.html new file mode 100644 index 0000000..dd4e54f --- /dev/null +++ b/debian_git.html @@ -0,0 +1,122 @@ + + + Git server on Debian 8 + + + + + + + + + +

Legend

+

+Work in progress
+Installation specific values
+SC standard configuration
+Security configuration +

+ +

Base System Setup

+

Update the OS and install the git server

+
+apt-get update
+apt-get upgrade
+apt-get install git-core gitweb
+
+ +

Configure Git server

+

/etc/gitweb.conf

+
+$projectroot = "/home/git";
+
+ +
+useradd git -m -d /home/git -s /bin/bash
+su - git
+git config --global user.name "Repo Owner's Name"
+git config --global user.email git@domain
+
+

Add a project

+
+mkdir project1.git
+cd project1
+git init --bare
+service apache2 restart
+
+ +

Configure Apache webserver

+

/etc/apache2/ports.conf

+
+#Listen 80
+
+ +

/etc/apache2/sites-available/default-ssl.conf

+
+ServerAdmin git@domain
+DocumentRoot /usr/share/gitweb
+
+SSLCertificateFile     /etc/ssl/certs/domain/cert.pem
+SSLCertificateKeyFile  /etc/ssl/certs/domain/privkey.pem
+SSLCertificateChainFile /etc/ssl/certs/domain/fullchain.pem    
+
+ +
+rn /etc/apache2/sites-enabled/000-default.conf
+ln /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-enabled/default-ssl.conf
+a2enmod cgi
+a2enmod ssl
+service apache2 restart
+
+ + + diff --git a/servers/centos_dovecot.html b/servers/centos_dovecot.html new file mode 100755 index 0000000..1efc699 --- /dev/null +++ b/servers/centos_dovecot.html @@ -0,0 +1,579 @@ + + + Dovecot on Centos 7 + + + + + + + + + +

Legend

+

+Work in progress
+Installation specific values
+SC standard configuration
+Security configuration +

+ +

Base System Setup

+

Update the OS and install dovecot and (optionally) nano

+
+yum update
+yum install sudo nano wget mailx dovecot procmail fetchmail 
+
+ +

Create required user accounts.

+

For the fetchmail filtering described in the + next step, you may also want to create the users + spam and pending

+
+useradd <username> -m -d /home/<username> -s /bin/bash
+usermod -a -G mail <username>
+su - <username>
+
+ +

Configure Fetchmail

+

Create required files:

+
+touch /home/<username>/.fetchmailrc
+chmod 0600 /home/<username>/.fetchmailrc
+touch /etc/init.d/fetchmail
+chmod +x /etc/init.d/fetchmail
+
+ +

Create mail filter (if desired).

+

The filter shown below has a number of different features. Each block can be removed if + not required. Read the script comments for details.

+

The first block is spam filtering by address -- any messages sent to an address listed + in the file /etc/mailblock.lst (one address per line) will be filtered and delivered to + the 'spam' user. You should have a 'spam' user setup the same as your other mail + accounts to use this feature.

+

The second block is two-step verification filtering -- any messages sent to an address + listed in the file /etc/mailverify.lst will be held for verification. To use this feature, + you must configure a user 'pending' as well as a wildcard alias on '*-pending'. When a + message is delivered for one of the designated addresses, it will be stored with a randomly + generated ID number and a message will be sent to the sender from the address '<random>-pending'. + When the user replies to that mail, their original message will be sent to the address + originally provided

+

/etc/mailDelivery.sh +

+# The destination user can be selected either by an argument to the script,
+#  or based on the user who is executing the script
+user="${1}"
+if [ -z "${user}" ]; then
+  user=`whoami`
+fi
+
+# Read the message and filter the destination addresses from it
+# The addresses will have "^" and "$" characters added to the start and end
+#  for later grep commands.
+message=$(cat; echo x)
+address="`echo -n \"${message%x}\" | \
+            grep -e '^To: ' -e \$'^[ \t]*for' | \
+            awk '{print \"^\"$2\"\$\"}' | \
+            sed 's/[\"<>;]//g'`"
+
+
+
+
+# If a blacklist is provided at /etc/mailblock.lst, messages sent to that address
+#  will be redirected to the inbox of the "spam" user
+if [ `cat /etc/mailblock.lst | grep -ic "${address}"` -gt 0 ]; then
+  user="spam"
+  
+  
+  
+# If a list is provided at /etc/mailverify.lst, messages sent to those address
+#  will require additional verification before being delivered.
+# A mail account must be configured for the 'pending' user, with a wildcard alias
+#  configured on *-pending@domain
+elif [ `cat /etc/mailverify.lst | grep -ic "${address}"` -gt 0 ]; then
+  # First, generate a random ID number to identify this message
+  idnum=$((RANDOM))
+  attempts=0
+  if [ ! -d /home/pending/messages/ ]; then
+    mkdir -p /home/pending/messages/
+  fi
+
+  # If the number is already used, retry up to ten times
+  while [ -f /home/pending/messages/$idnum.msg ] && [ $attempts -lt 10  ]; do
+    idnum=$((RANDOM))
+    attempts=`expr $attempts + 1`
+  done
+
+  # If we could not find a free number, fail to deliver
+  # The user will be sent the contents of /home/pending/failure.msg
+  #  and their original message
+  if [ $attempts -eq 10 ]; then
+    echo "FAILURE"
+    msg=$(cat /home/pending/failure.msg)
+    echo "${msg}  ${message}" | mailx -v \
+        -s "Your message could not be delivered" \
+        -S smtp-auth=cram-md5 \
+        -S smtp=smtp://mail.domain:10025 \
+        -S from="domain pending messages <$idnum-pending@domain>" \
+        -S smtp-auth-user=pending \
+        -S smtp-auth-password='password' \
+        -S nss-config-dir="/etc/pki/nssdb/" \
+        -S ssl-verify=warn \
+        -S smtp-use-starttls \
+        "${from}"
+    exit 1
+  fi
+
+  # Save the message, and give all mail users permission to access it
+  # This is required so it can be accessed by the correct destination user
+  echo -n "${message%x}" > /home/pending/messages/$idnum
+  chown `whoami`:mail /home/pending/messages/$idnum
+  chmod 660 /home/pending/messages/$idnum
+
+  # Get the sender's address from the message, and send them the contents of
+  #  /home/pending/autoresponse.msg, with their message attached. The message
+  #  will be sent from the address <random number>-pending@domain
+  #  and will be released when a reply is received to the same address
+  from="`cat /home/pending/messages/$idnum | \
+        grep '^From:' | \
+        cut -d':' -f2- | \
+        sed 's/[^@]*[ <]\([^ ]*@[^ ]*\)[^@]*/\1/g' | \
+        sed 's/[\"<>;]//g'`"
+  cat /home/pending/autoresponse.msg | mailx -v \
+        -a /home/pending/messages/$idnum \
+        -s "Action required: Your message was not delivered" \
+        -S smtp-auth=cram-md5 \
+        -S smtp=smtp://mail.domain:10025 \
+        -S from="domain pending messages >$idnum-pending@domain>" \
+        -S smtp-auth-user=pending \
+        -S smtp-auth-password='password' \
+        -S nss-config-dir="/etc/pki/nssdb/" \
+        -S ssl-verify=warn \
+        -S smtp-use-starttls \
+        "${from}"
+  exit 0
+  
+# If a reply is received to a *-pending@domain address, 
+#  send the saved message instead
+elif [ `ls /home/pending/messages/ | sed 's/$/-pending@bsflowers.net/g' | grep -ic "${address}"` -gt 0 ]; then
+  idnum="`echo \"${address}\" | \
+        sed 's/\^\([0-9]*\)-pending.*/\1/' | \
+        sort -u | \
+        grep -v [^0-9]`"
+  destination="`cat /home/pending/messages/$idnum | \
+        grep -e '^To: ' -e \$'^[ \t]*for' | \
+        awk '{print \"^\"$2\"\$\"}' | \
+        sed 's/[\"<>;]//g'`"
+
+  user=`echo $destination | cut -d '@' -f1 | cut -d'-' -f2 | sed 's/^^//g'`
+  cat /home/pending/messages/$idnum | sudo /usr/bin/procmail -d $user
+  rm /home/pending/messages/$idnum
+  exit 0
+fi
+
+    
+    
+# Useful for debugging -- saves a copy of each message in the user home
+# echo -n "${message%x}" > /home/$user/mail.tmp
+
+# Send the message
+echo -n "${message%x}" | sudo /usr/bin/procmail -d $user
+
+ +

/etc/mailblock.lst

+
+spammy-address@domain
+
+ +

/home/<username>/.fetchmailrc

+
+set daemon 300
+poll <external mailserver> with proto pop3
+  user <username>@<domain> with password '<password>' is '<username>' here
+  ssl
+mda '/etc/maildelivery.sh %T'
+
+# Use the mda line below to disable filtering
+#mda '/usr/bin/procmail -d %T'
+
+ +

/etc/init.d/fetchmail

+
+#!/bin/bash
+
+cut -d: -f1 /etc/passwd | while read USERNAME
+  do
+    if [ -f /home/${USERNAME}/.fetchmailrc ]; then
+      pid=`head -1 /home/${USERNAME}/.fetchmail.pid 2>/dev/null`
+      if [ "$1" = "start" ] && [ `kill -0 $pid 2>/dev/null; echo $?` -ne 0 ]; then
+        echo "Starting fetchmail for user: ${USERNAME}"
+        su - ${USERNAME} -c "fetchmail --daemon 300 -f ~/.fetchmailrc"
+      elif [ "$1" = "stop" ]; then
+        echo "Stopping fetchmail for user: ${USERNAME}"
+        kill $pid
+      elif [ "$1" = "status" ]; then
+        if [ `kill -0 $pid 2>/dev/null; echo $?` -eq 0 ]; then
+          echo "Fetchmail is UP for user: ${USERNAME}"
+        else
+          echo "Fetchmail is DOWN for user: ${USERNAME}"
+        fi
+      fi
+    fi
+  done
+
+ +

/etc/systemd/system/fetchmail.service

+
+[Unit]
+Description=Fetchmail multi-user mail import
+After=local-fs.target network.target network-online.target
+
+[Service]
+Type=oneshot
+ExecStart=/etc/init.d/fetchmail start
+ExecStop=/etc/init.d/fetchmail stop
+RemainAfterExit=yes
+
+[Install]
+WantedBy=multi-user.target
+
+ +

Enable the Fetchmail service

+
+systemctl enable fetchmail
+
+ +

Configure Dovecot

+ + +

/etc/dovecot/dovecot.conf

+
+protocols = imap
+listen = mail.<domain>
+verbose_proctitle = yes
+shutdown_clients = yes
+
+ +

/etc/dovecot/conf.d/10-auth.conf

+
+disable_plaintext_auth = yes
+auth_mechanism = plain cram-md5
+!include auth-passwdfile.conf.ext
+
+ +

/etc/dovecot/conf.d/auth-passwdfile.conf.ext

+
+passdb {
+  driver = passwd-file
+  args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
+}
+
+# userdb { ... }
+
+ +

Get the cram-md5 password hash using emailrelay-passwd and create the password file:

+
+emailrelay-passwd
+touch /etc/dovecot/cram-md5.pwd
+chmod 0600 /etc/dovecot/cram-md5.pwd
+chown dovecot /etc/dovecot/cram-md5.pwd
+nano /etc/dovecot/cram-md5.pwd
+
+ +

/etc/dovecot/cram-md5.pwd

+
+<username>:<cram-md5 formatted password>
+
+ +

/etc/dovecot/conf.d/10-director.conf

+
+...
+
+ +

/etc/dovecot/conf.d/10-logging.conf

+
+...
+
+ +

/etc/dovecot/conf.d/10-mail.conf

+
+mail_location = mbox:~/mail:INBOX=/var/mail/%u
+mail_attachment_dir = ~/attachments
+
+ +

/etc/dovecot/conf.d/10-master.conf

+
+
+#inet_listener imap{...}
+inet_listener imaps{...}
+#service pop{...}
+#service lmtp{...}
+
+
+ +

/etc/dovecot/conf.d/10-ssl.conf

+
+
+ssl = yes
+ssl_cert = </etc/pki/dovecot/certs/domain.crt
+ssl_key = </etc/pki/dovecot/private/domain.key
+ssl_ca = </etc/pki/dovecot/certs/ca.pem
+
+
+ +

/etc/dovecot/conf.d/15-lda.conf

+
+
+postmaster_address = mail@<domain>
+hostname = mail.<domain>
+
+
+ +

/etc/dovecot/conf.d/20-imap.conf

+
+imap_idle_notify_interval = 1 mins
+
+ +

Enable the Dovecot service

+
+systemctl enable dovecot
+
+ +

Install E-mailrelay

+
+sudo yum install gcc gcc-c++ openssl openssl-devel
+cd ~
+wget https://sourceforge.net/projects/emailrelay/files/latest/download?source=files
+mv emailrelay* emailrelay.tar.gz
+tar -xzvf emailrelay.tar.gz
+cd emailrelay*
+./configure --with-openssl
+make
+make install
+
+ +

Configure E-mailrelay

+

Prepare SSL keys for E-mailrelay

+
+
+cat /etc/pki/dovecot/certs/domain.crt /etc/pki/dovecot/private/domain.key > /etc/pki/dovecot/private/domain.crt.key
+
+
+ +

Prepare authentication file

+
+touch /etc/emailrelay.auth
+chmod 0600 /etc/emailrelay.auth
+
+ +

/etc/emailrelay.auth

+
+CRAM-MD5 server <E-mailrelay client login> <CRAM-MD5 encoded password>
+PLAIN client <remote SMTP server login> <plaintext password>
+
+ +

Create E-mailrelay filter for local mail delivery

+

/etc/emailrelay-filter.sh +

+#!/bin/sh
+# emailrelay-filter.sh
+
+# Function (if required) to convert incoming mail address to local username
+# As designed, this function will take an address like 'alias-user@domain.com'
+#  and deliver it to 'user'
+addrToUser()
+{
+  ADDR="${1}"
+  USER=`echo $ADDR | awk -F"-" '{print $NF}'`
+  echo "$USER"
+}
+
+content="${1}"
+envelope="`echo \"${content}\" | sed 's/content/envelope.new/'`"
+destination="`cat ${content} | grep '^To:' | cut -d':' -f2-`"
+
+while [ ! -z "${destination}" ]; do
+  islocal=`echo ${destination} | grep "@domain" | wc -l`
+  if [ "$islocal" -lt 1 ]; then
+    exit 0
+  else
+    user="`echo ${destination} | sed 's/\([^ <]*\)@domain[^ ;]*/\1/'`"
+    destination="`echo ${destination} | sed \"s/${user}@domain//\"`"
+    localuser=`addrToUser ${user}`
+    cat "${content}" | grep -v "^To:" | sudo /usr/bin/procmail -d ${localuser}
+  fi
+  sleep 5
+done
+
+rm ${content} ${envelope}
+exit 100
+
+ +

Configure retry and failure notifications

+
+
+/usr/local/libexec/emailrelay/examples/emailrelay-notify.sh
+/usr/local/libexec/emailrelay/examples/emailrelay-resubmit.sh
+
+
+ +

Create init file for E-mailrelay

+
+touch /etc/init.d/emailrelay
+chmod +x /etc/init.d/emailrelay
+
+

/etc/init.d/emailrelay

+
+#!/bin/bash
+
+#. /etc/init.d/functions
+
+if [ "$1" = "start" ]; then
+  /usr/local/sbin/emailrelay --as-proxy remote SMTP server:587 --client-tls \
+  --client-auth /etc/emailrelay.auth --port 10025 -r --server-tls /etc/pki/dovecot/private/domain.crt.key \
+  --filter /etc/emailrelay-filter.sh --pid-file /etc/emailrelay.pid --verbose > /var/log/emailrelay.log
+elif [ "$1" = "stop" ]; then
+  kill `cat /etc/emailrelay.pid`
+elif [ "$1" = "status" ]; then
+  pid=`cat /etc/emailrelay.pid`
+  wc=`ps -p $pid | wc -l`
+  if [ ! -z "$pid" ] && [ $wc -gt 1 ]; then
+    echo "E-mailrelay is running"
+  else
+    echo "E-mailrelay is NOT running"
+  fi
+fi
+
+ +

/etc/systemd/system/emailrelay.service

+
+[Unit]
+Description=Emailrelay smtp proxy
+After=local-fs.target network.target network-online.target
+
+[Service]
+Type=simple
+PIDFile=/etc/emailrelay.pid
+ExecStart=/usr/local/sbin/emailrelay --as-proxy remote SMTP server:587 --client-tls \
+  --client-auth /etc/emailrelay.auth --port 10025 -r --server-tls /etc/pki/dovecot/private/domain.crt.key \
+  --server-auth=/etc/emailrelay.auth
+  --filter /etc/emailrelay-filter.sh --pid-file /etc/emailrelay.pid --verbose > /var/log/emailrelay.log
+ExecStop=kill `cat /etc/emailrelay.pid`
+
+[Install]
+WantedBy=multi-user.target
+
+ +

Enable the Emailrelay service

+
+systemctl enable emailrelay
+
+ +

Configure sudo access

+
/etc/sudoers
+
+# Allow sudo to be used in fetchmail mda script
+#Defaults    requiretty
+
+# Allow users to send mail to other users
+daemon mail.bsflowers.net = (root) NOPASSWD: /usr/bin/procmail
+%mail mail.bsflowers.net = (root) NOPASSWD: /usr/bin/procmail
+
+ +

Reboot and confirm services

+
+reboot
+systemctl status dovecot
+systemctl status emailrelay
+systemctl status fetchmail
+
+ +

Verification

+

The following optional steps will help verify or troubleshoot the installation

+ +

Check Dovecot Status

+

This will show if the Dovecot server is running

+
+systemctl status dovecot
+
+ +

Check Dovecot Logs

+

Check for errors, and watch these logs while performing remaining steps

+
+tail -f /var/log/dovecot.log
+
+ +

Login to dovecot with SSL

+

The following commands are to login to the Dovecot IMAP server via SSL on port 993, +and open the user's inbox.

+
+openssl s_client -crlf -connect mail.<domain>:993
+tag login <username> "<password>"
+tag LIST "" "*"
+tag SELECT INBOX
+
+

You can also use this to check the certificate expiration dates

+
+openssl s_client -crlf -connect mail.openssl s_client -crlf -connect mail.<domain>:993 | openssl x509 -noout -dates
+
+ +

Check E-mailrelay logs

+
+tail -f /var/log/maillog
+
+ +

Check user's mailbox locally

+
+su - user mail
+
+ + + diff --git a/servers/centos_httpd.html b/servers/centos_httpd.html new file mode 100644 index 0000000..a857aaf --- /dev/null +++ b/servers/centos_httpd.html @@ -0,0 +1,111 @@ + + + Apache on Centos 7 + + + + + + + + + +

Legend

+

+Work in progress
+Installation specific values
+SC standard configuration
+Security configuration +

+ +

Base System Setup

+

Update the OS and install httpd, ssh, and nano

+
+yum update
+yum install sudo nano openssh-server mod_ssl openssl httpd 
+
+ +

Install any optional plugins. For example, PHP

+
+yum install php
+
+ +

Configure the server

+

/etc/httpd/conf/httpd.conf

+
+#Listen 80
+ServerAdmin www@domain
+
+ +

Configure SSL

+

If this server is hosting multiple domains, move the entire virtualhost tag into a separate file + (/etc/httpd/conf.d/domain.conf) and create copies of that file for each domain +
And update certificate filenames as required (these are based on letsencrypt.org certs).

+

/etc/httpd/conf.d/ssl.conf

+
+<VirtualHost domain:443>
+DocumentRoot "/var/www/html/domain
+ServerAdmin www@domain
+SSLCertificateFile /etc/pki/tls/certs/domain/cert.pem
+SSLCertificateKeyFile /etc/pki/tls/certs/domain/privkey.pem
+SSLCertificateChainFile /etc/pki/tls/certs/domain/chain.pem
+</VirtualHost>
+
+ +

Start the server

+
+systemctl enable httpd
+systemctl start httpd
+systemctl enable sshd
+systemctl start sshd
+
+ + diff --git a/servers/debian_git.html b/servers/debian_git.html new file mode 100644 index 0000000..dd4e54f --- /dev/null +++ b/servers/debian_git.html @@ -0,0 +1,122 @@ + + + Git server on Debian 8 + + + + + + + + + +

Legend

+

+Work in progress
+Installation specific values
+SC standard configuration
+Security configuration +

+ +

Base System Setup

+

Update the OS and install the git server

+
+apt-get update
+apt-get upgrade
+apt-get install git-core gitweb
+
+ +

Configure Git server

+

/etc/gitweb.conf

+
+$projectroot = "/home/git";
+
+ +
+useradd git -m -d /home/git -s /bin/bash
+su - git
+git config --global user.name "Repo Owner's Name"
+git config --global user.email git@domain
+
+

Add a project

+
+mkdir project1.git
+cd project1
+git init --bare
+service apache2 restart
+
+ +

Configure Apache webserver

+

/etc/apache2/ports.conf

+
+#Listen 80
+
+ +

/etc/apache2/sites-available/default-ssl.conf

+
+ServerAdmin git@domain
+DocumentRoot /usr/share/gitweb
+
+SSLCertificateFile     /etc/ssl/certs/domain/cert.pem
+SSLCertificateKeyFile  /etc/ssl/certs/domain/privkey.pem
+SSLCertificateChainFile /etc/ssl/certs/domain/fullchain.pem    
+
+ +
+rn /etc/apache2/sites-enabled/000-default.conf
+ln /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-enabled/default-ssl.conf
+a2enmod cgi
+a2enmod ssl
+service apache2 restart
+
+ + + diff --git a/servers/description b/servers/description new file mode 100644 index 0000000..2d28bb5 --- /dev/null +++ b/servers/description @@ -0,0 +1 @@ +(Somewhat dated) tutorials for setup of some of the server software that I use diff --git a/webdesktop-source/01_setup.html b/webdesktop-source/01_setup.html new file mode 100755 index 0000000..e446183 --- /dev/null +++ b/webdesktop-source/01_setup.html @@ -0,0 +1,304 @@ + + + Initial Setup + + + + + + + +

Initial Setup

+ +

This tutorial will guide you through configuring a cloud-based Linux desktop +accessible from any device with a web browser and HTML5 support.

+ +

High-level overview

+

We'll be using the following software and services to make this work:

+ + +

This tutorial was based on the following resources:

+ + +

Creating the VPS instance

+

First, visit http://www.gandi.net and register an account.

+

After you login to your account, open the My Account page and select +the Services tab and then the Servers sub-tab. From the server control +panel, select Create a Server

+Servers page +

How you configure the server will depend on what you plan to use it for. +For very simple applications, the lowest settings will suffice, but for heavier +loads you may need to increase these. Higher settings will increase the hourly +fee. These settings can always be changed later, but some starting estimates +are included below:

+

For a simple Visual Basic 6 application (ex: Organizer's Database)

+ +

For a remote office desktop system

+ +

You will probably always want 1 interface, and IPv4 enabled

+Hardware configuration page +

On the next page you will choose the server software configuration.

+ +Software configuration page +

Once the server is created, you can hover the mouse cursor over the +information symbol beside the hostname in your server control panel to +show the server's IP address. For the next section of the tutorial, you +will need to SSH to this address. For Linux or Mac OS X users, simply +open a terminal window and type 'ssh admin@[ip address]' +Windows users can connect using +PuTTY. +

Installing the software

+

Install the prerequisites. For the su command, you will use the +same password that you used to connect to the SSH session.

+
+su -
+apt-get update
+apt-get upgrade
+apt-get install tomcat7 vnc4server
+apt-get install libcairo2-dev libjpeg62-dev libpng12-dev libossp-uuid-dev
+apt-get install libssh2-1-dev libvncserver-dev libssl-dev
+apt-get install guacamole
+apt-get install apache2 ufw openbox xterm
+
+ +

Download and deploy the guacamole Tomcat application

+
+wget http://downloads.sourceforge.net/project/guacamole/current/binary/guacamole-0.9.8.war?r=http%3A%2F%2Fguac-dev.org%2Frelease%2Frelease-notes-0-9-8&ts=1443744824&use_mirror=superb-dca2
+mv guacamole-0.9.8.war* /var/lib/tomcat7/webapps/guacamole-0.9.8.war
+
+mkdir /usr/share/tomcat7/.guacamole
+ln -s /etc/guacamole/guacamole.properties /usr/share/tomcat7/.guacamole/
+chmod 644 /etc/guacamole/user-mapping.xml
+
+/etc/init.d/tomcat7 restart
+
+ + +

Update to the latest guacamole install (Yes, it was already installed via +apt-get...but I couldn't get that version to work. It does help by getting some +of the configuration set up though!)

+
+apt-get install build-essential
+wget http://downloads.sourceforge.net/project/guacamole/current/source/guacamole-server-0.9.8.tar.gz?r=http%3A%2F%2Fguac-dev.org%2Frelease
+mv *guacamole-server-0.9.8.tar.gz* guacamole-server-0.9.8.tar.gz
+tar -xzvf guacamole-server-0.9.8.tar.gz
+cd guacamole-server-0.9.8/
+./configure --with-init-dir=/etc/init.d
+make
+make install
+
+ +

Configuration

+ +

Generate an SSL certificate to secure your connection

+
+openssl genrsa -des3 -out /etc/ssl/private/guacd.key 2048
+openssl req -new -key /etc/ssl/private/guacd.key -out /etc/ssl/private/guacd.csr
+cp /etc/ssl/private/guacd.key /etc/ssl/private/guacd.key.org
+openssl rsa -in /etc/ssl/private/guacd.key.org -out /etc/ssl/private/guacd.key
+openssl x509 -req -days 365 -in /etc/ssl/private/guacd.csr -signkey /etc/ssl/private/guacd.key -out /etc/ssl/certs/guacd.crt 
+
+ +

Configure the firewall

+
+ufw allow 22
+ufw allow 443
+ufw default deny
+ufw enable
+
+ +

Configure apache for SSL support

+
+a2enmod ssl
+a2enmod proxy
+a2enmod proxy_http
+a2ensite default-ssl
+service apache2 restart
+
+
nano /etc/apache2/sites-enabled/default-ssl.conf
+
+<IfModule mod_ssl.c>
+<VirtualHost _default_:443>
+        ProxyPass / http://localhost:8080/
+        ProxyPassreverse / http://localhost:8080/
+...
+        SSLCertificateFile    /etc/ssl/certs/guacd.crt           
+        SSLCertificateKeyFile /etc/ssl/private/guacd.key
+...
+
+ +

Configure GUACAMOLE_HOME

+
+echo "export JAVA_HOME=/usr/lib/jvm/default-java" >> ~/.bashrc
+echo "export CATALINA_HOME=/var/lib/tomcat7" >> ~/.bashrc
+echo "export GUACAMOLE_HOME=/etc/guacamole" >> ~/.bashrc
+bash
+
+ +

Update your Guacamole user configuration.

+ +
nano /etc/guacamole/user-mapping.xml
+
+<user-mapping>
+
+    <authorize 
+            username="GUAC-USER"
+            password="GUAC-PASS-MD5"
+            encoding="md5">
+        <protocol>vnc</protocol>
+        <param name="hostname">localhost</param>
+        <param name="port">5901</param>
+        <param name="password">VNCPASS</param>
+    </authorize>
+
+</user-mapping>
+
+

Update your guacd configuration

+
nano /etc/guacamole/guacd.conf
+
+#
+# guacd configuration file
+#
+
+[daemon]
+
+pid_file = /var/run/guacd.pid
+log_level = info
+
+[server]
+
+bind_host = localhost
+bind_port = 4822
+
+ +

Update guacamole.properties auth provider

+
+# Hostname and port of guacamole proxy
+guacd-hostname: localhost
+guacd-port:     4822
+
+# Auth provider class (authenticates user/pass combination, needed if using the provi$
+#auth-provider: net.sourceforge.guacamole.net.basic.BasicFileAuthenticationProvider
+user-mapping: /etc/guacamole/user-mapping.xml
+
+ +

Allow DHCP so you can destroy the network interface while not in use

+
nano /etc/default/gandi
+
+# set a list of network interfaces which should not be configured by DHCP
+# if you attach a interface setup in your private VLAN, you should consider
+# adding the interface here. If you have multiple interfaces, use space as
+# separator.
+# ex : CONFIG_NODHCP="eth1 eth2"
+#CONFIG_NODHCP="eth0"
+CONFIG_NODHCP=""
+
+ +

Configure the VNC server

+
vncserver
+
nano ~/.vnc/xstartup
+
+[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
+[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
+xsetroot -solid grey
+x-window-manager &
+
+ +

Start the server

+
+vncserver -geometry 1024x768 -depth 8
+
+ +

Start the vnc sever when the system reboots

+
nano ~/boot.sh
+
+~/.bashrc
+/etc/init.d/apache2 start
+/etc/init.d/guacd start
+/etc/init.d/tomcat7 start
+
+
crontab -e
+
+@reboot /root/boot.sh
+@reboot vncserver -geometry 1024x768 -depth 8
+
+ +

Update your system and restart the services!

+
+apt-get install gandi-hosting-vm2
+apt-get update
+apt-get upgrade
+/etc/init.d/apache2 restart
+/etc/init.d/guacd restart
+/etc/init.d/tomcat7 restart
+
+ +

Open your browser and navigate to your server at: +https://SERVER IP ADDRESS/guacamole-0.9.8

+ +

Troubleshooting

+

If you encounter any problems getting this working, check for errors +in the following files:

+ +
+/var/log/tomcat7/catalina.out
+/var/log/syslog
+/var/log/apache2/error.log
+~/.vnc/*.log
+
+ +

Also be sure to check the servers are running

+
+/etc/init.d/apache2 status
+/etc/init.d/guacd status
+/etc/init.d/tomcat7 status
+
+ +

If you receive an error that the login is incorrect and you have verified that +you are using the correct login specified in your user-mapping.xml file, try +restarting the tomcat server.

+
/etc/init.d/tomcat7 restart
+ + + \ No newline at end of file diff --git a/webdesktop-source/02_vb6.html b/webdesktop-source/02_vb6.html new file mode 100755 index 0000000..a3c9699 --- /dev/null +++ b/webdesktop-source/02_vb6.html @@ -0,0 +1,56 @@ + + + Installing Visual Basic 6 + + + + + + + +

Adding VB6

+ +

This tutorial will guide you through installing Visual Basic 6 on a +VPS server like web desktop. This is designed for systems running +Ubuntu 12.04 x32

+ +

Preparation

+

Since the Visual Basic installation is a graphical program, these +steps need to be performed from a GUI. Login through Guacamole, then +right-click anywhere on the desktop to open the software menu and +launch the terminal emulator.

+ + +

Installing VB6

+

First, install the requried prerequisite software

+
+apt-get install wine unzip
+
+ +

Next, download the VB6 runtime

+
+wget -O vb6runtime.zip http://downloads.sourceforge.net/project/vb6extendedruntime/Visual%20Basic%206.0%20Extended%20Runtime%201.5.1.zip?r=&ts=1443993940&use_mirror=skylineservers
+unzip vb6runtime.zip
+wine ./VB6\ Extended\ Runtime\ Setup\ 1.5.1.exe
+
+ + + +

Finally, fix the missing expsrv.dll

+
+wget -O expsrv.zip http://downloads.dlldll.com/dllfiles/expsrv.dll.zip
+unzip expsrv.zip
+mv expsrv.dll ~/.wine/drive_c/windows/system32
+
+ + + \ No newline at end of file diff --git a/webdesktop-source/03_odb.html b/webdesktop-source/03_odb.html new file mode 100755 index 0000000..9ce8181 --- /dev/null +++ b/webdesktop-source/03_odb.html @@ -0,0 +1,60 @@ + + + Installing Organizer's Database + + + + + + + +

Installing Organizer's Database

+ +

This tutorial will guide you through installing the Organizer's Database +application on the cloud desktop.

+ +

Preparation

+

You should have already completed the initial setup and Visual Basic 6 +setup tutorials on this system.

+

You should also create a .zip file containing your entire ODB installation. +For example, if your odb.exe is located at C:\ODB\odb.exe, you should create +a .zip file of the entire C:\ODB directory.

+ +

Uploading ODB

+

There are many ways to upload your ODB zip file to the server. If you are +able to use SCP, that is probably the quickest. But since that is not available +on all systems, I will explain a simpler method here.

+ +

First, install and run Firefox on your cloud desktop.

+
+apt-get install firefox
+firefox
+
+ +

Next, use a webmail provider like Gmail, Yahoo mail, or many corporate or +organization email services. Or you can use a file upload service like +dropbox. Upload the ODB zip file and use Firefox inside your web desktop +session to retrieve the file.

+ +

Installing ODB

+ +

Now you simply unzip the file and place it at the correct path.

+
+unzip odb.zip
+mv -R odb/ ~/.wine/drive_c/
+~/.wine/drive_c/odb/odb.exe
+
+ + + + + + \ No newline at end of file diff --git a/webdesktop-source/04_office.html b/webdesktop-source/04_office.html new file mode 100755 index 0000000..6dfadf9 --- /dev/null +++ b/webdesktop-source/04_office.html @@ -0,0 +1,49 @@ + + + Installing basic office software + + + + + + + +

Installing basic office software

+ +

This tutorial will guide you through configuring a standard set of +office tools in the web desktop environment. You probably want two cores +and at least 1024MB of ram on the server for this software.

+ +

Install the software

+

Install a simpler desktop environment

+
apt-get install kubuntu-desktop
+ +

Install an office suite

+
apt-get install libreoffice
+ +

Install a web browser and mail client

+
apt-get install firefox thunderbird
+ +

Configure the VNC

+
nano ~/.vnc/xstartup
+
+...
+#x-window-manager &
+startkde &
+
+ +

The desktop

+ + + + + + \ No newline at end of file diff --git a/webdesktop-source/description b/webdesktop-source/description new file mode 100644 index 0000000..bf28583 --- /dev/null +++ b/webdesktop-source/description @@ -0,0 +1 @@ +Old instruction for creating a compatibility tool for running old VB6 apps through a cloud desktop diff --git a/webdesktop-source/images/01.jpg b/webdesktop-source/images/01.jpg new file mode 100644 index 0000000..232a6ff Binary files /dev/null and b/webdesktop-source/images/01.jpg differ diff --git a/webdesktop-source/images/02.jpg b/webdesktop-source/images/02.jpg new file mode 100644 index 0000000..2f3e586 Binary files /dev/null and b/webdesktop-source/images/02.jpg differ diff --git a/webdesktop-source/images/03.jpg b/webdesktop-source/images/03.jpg new file mode 100644 index 0000000..f708922 Binary files /dev/null and b/webdesktop-source/images/03.jpg differ diff --git a/webdesktop-source/images/04.jpg b/webdesktop-source/images/04.jpg new file mode 100644 index 0000000..391516c Binary files /dev/null and b/webdesktop-source/images/04.jpg differ diff --git a/webdesktop-source/images/05.jpg b/webdesktop-source/images/05.jpg new file mode 100644 index 0000000..076463b Binary files /dev/null and b/webdesktop-source/images/05.jpg differ diff --git a/webdesktop-source/images/odb-01.jpg b/webdesktop-source/images/odb-01.jpg new file mode 100644 index 0000000..6ee521a Binary files /dev/null and b/webdesktop-source/images/odb-01.jpg differ diff --git a/webdesktop-source/images/office-01.jpg b/webdesktop-source/images/office-01.jpg new file mode 100644 index 0000000..8c01921 Binary files /dev/null and b/webdesktop-source/images/office-01.jpg differ diff --git a/webdesktop-source/images/office-02.jpg b/webdesktop-source/images/office-02.jpg new file mode 100644 index 0000000..62bfc0d Binary files /dev/null and b/webdesktop-source/images/office-02.jpg differ diff --git a/webdesktop-source/images/vb-01.jpg b/webdesktop-source/images/vb-01.jpg new file mode 100644 index 0000000..4a4c685 Binary files /dev/null and b/webdesktop-source/images/vb-01.jpg differ diff --git a/webdesktop-source/images/vb-02.jpg b/webdesktop-source/images/vb-02.jpg new file mode 100644 index 0000000..c480221 Binary files /dev/null and b/webdesktop-source/images/vb-02.jpg differ diff --git a/webdesktop-source/images/vb-03.jpg b/webdesktop-source/images/vb-03.jpg new file mode 100644 index 0000000..5015135 Binary files /dev/null and b/webdesktop-source/images/vb-03.jpg differ diff --git a/webdesktop-source/index.php b/webdesktop-source/index.php new file mode 100755 index 0000000..8d386c1 --- /dev/null +++ b/webdesktop-source/index.php @@ -0,0 +1,52 @@ + + + + Slightly Cyberpunk | Tutorials | Web Desktop Source + + + + + +

Web Desktop Tutorials

+ + + + + \ No newline at end of file