@scottalanmiller said in Errors Building Guacamole Server on Fedora 28:

@nashbrydges said in Errors Building Guacamole Server on Fedora 28:

@wrx7m said in Errors Building Guacamole Server on Fedora 28:

I have noticed that there are a quite a few threads on something not working properly on Fedora 28. I guess it is just that it seems to be the preferred OS and people are using it more than others.

Yeah there's a real love affair for Fedora here but in my case, when I couldn't get this running on Fedora and was able to get it working flawlessly on Ubuntu, guess what OS it's running on right now. Many guides for setting this up on Ubuntu out there.

Are there? I feel like I looked at the time and in order to get it working you have to drop to Ubuntu LTS, same as dropping to CentOS from Fedora. I thought Ubuntu was plagued by the current versions not working the same as Fedora/CentOS are.

Yeah, this is the guide that I used and was finally able to set this up.

https://chasewright.com/2017/08/01/guacamole-with-mysql-on-ubuntu/

@wrx7m said in Errors Building Guacamole Server on Fedora 28:

I have noticed that there are a quite a few threads on something not working properly on Fedora 28. I guess it is just that it seems to be the preferred OS and people are using it more than others.

Yeah there's a real love affair for Fedora here but in my case, when I couldn't get this running on Fedora and was able to get it working flawlessly on Ubuntu, guess what OS it's running on right now. Many guides for setting this up on Ubuntu out there.

So it turns out that Easy Appointment is not a fit. No reminders of an upcoming event, only if an event changes are there email notifications.

Nextcloud Calendar may work but for some reason, the popup reminders are not working even though I've enabled popups for the site on my browser. Even tried via Edge and Firefox and popups don't work in those either. I'd also need to figure out a way to turn off the file share function of Nextcloud for this to be approved. I'm going to keep plugging away at Nextcloud and see if I can get reminders to work.

@black3dynamite I think I may go poke around with it and see how much it can be customized to fit the client's specific needs.

@black3dynamite Thanks, I did see that one but the demo with multi-step forms is a bit of a killer. I also don't see notifications for the users. It talks about notifications only when changes but not when the scheduled appointment is approaching. Need that notification thing to work like Outlook calendar would to remind you of an approaching meeting for the user who booked the event except can't use Office 365 calendar.

I may not be able to find a solution without building it out which I'm hoping I can avoid.

I'm looking for an appointment scheduling solution for the following scenario for a client. They have software that can only allow one user access at a time and need to schedule access for multiple users throughout the day.

• Admin will create a calendar
• users will then be able to schedule their system access based on availability
• must be self hosted
• must be web based front end (mobile apps not required)
• must have reminders for users as their scheduled time slot approaches (reminder emails won't work). Only way this would likely work is if the members remain logged in to the web page and the system pops up a reminder as their time approaches.
• should preferably allow for individuals to log into the system to schedule their time slot but will need to see system availability and scheduled times from other users (no edit access for other user scheduled appointments) so they can negotiate changes is necessary (that negotiation process does not need to live within the calendar)
• Google calendar and shared Office 365 calendars are not viable solutions (members will live across multiple teams and the calendar will contain some sensitive information so only self hosted solutions)

Wondering if anyone here has something similar they've used and can recommend. I've spent hours on Google and all options looked at so far don't really fit the need for one reason or another.

Closest I've seen is https://smartscheduling.com/ but not self hosted and didn't have web based reminders for logged in users. If you can imagine an appointment scheduling tool like that of a Dr's office but where reminders are sent to front desk staff and not patients.

You may not have LoS to the building from your current location but I had a similar issue with a client and we were able to negotiate with the property management of a nearby apartment building that did have LoS. My client rents access to the building roof where we installed fiber internet access and a Poit-to-Point network. There's about 2km between the PtP devices and we managed to get about 175Mbps speeds using Ubiquiti gear. Would that be an option you could investigate? Easy to setup VPN between locations at that time.

Thanks for all the feedback. I'll be creating a few VMs for the staff to "play" with to see what flavor of Linux they like best. These suggestions will be very useful.

@phlipelder said in Client Wants To Transition From Windows To Linux:

Curiosity question: Are the users already familiar with FOSS to some degree thus the request?

I'd really like to hear about how the transition goes and how long it takes the users to regain their efficiencies.

The client's staff are all relatively young and all have expressed interest in this move which was the primary reason why they're entertaining this move. Being a small company with few employees, getting the existing staff onboard was important and moving forward, they will be creating onboarding documentation to help new employees less familiar with non Windows OS.

@black3dynamite Possibility if there's no desktop alternative available.

As title says, I have a small client that wants to fully transition to Linux for desktop OS. There are currently 5 users but will be growing to around 30-32 users by end of year. No onsite servers and don't foresee the need for one either. They use Office 365 for mail and Nextcloud on Vultr for files.

I've started compiling a list of software they use and corresponding Linux alternatives. Here's my list so far. You'll notice that some don't list an alternative or have more than 1 shown. I'm interested in what this group prefers.

MS Office = OnlyOffice (because of its native use of pptx, xlsx, docx file types)
Desktop email = Evolution, Thunderbird? Sure they could simply use web mail but they do prefer the desktop client experience.
Notepad = Will likely suggest Nextcloud Notes?
Softphone = Linphone, Zoiper?
Notepad++ = Notepadqq, Atom?
MS Publisher = ???
Screen Capture = ???
Visio = Draw.io, Dia?
OneNote = ???

Appreciate everyone's thoughts on alternatives.

The ACTIONS section of Fail2ban config allows you to select to send emails. Default setting is
action = %(action_)s which bans the IP address but changing this to action = %(action_mwl)s bans the IP as well as sends an email to the defined email address including a whois report. If you use action = %(action_xraf)s it will auto send an email to the abuse email contact from the whois lookup.

Here is a sample email that Fail2ban sends after banning the IP

Hi,

The IP 218.78.247.169 has just been banned by Fail2Ban after
3 attempts against sshd.


Here is more information about 218.78.247.169 :

% [whois.apnic.net]
% Whois data copyright terms    http://www.apnic.net/db/dbcopyright.html

% Information related to '218.78.240.0 - 218.78.247.255'

% Abuse contact for '218.78.240.0 - 218.78.247.255' is '[email protected]'

inetnum:        218.78.240.0 - 218.78.247.255
netname:        SHANGHAI-EDU-COMMISSION
descr:          Shanghai Education Commission
country:        CN
admin-c:        CHQ1-AP
tech-c:         CHQ1-AP
mnt-by:         MAINT-CHINANET-SH
status:         ASSIGNED NON-PORTABLE
last-modified:  2008-09-04T06:51:55Z
source:         APNIC

person:         Chen Hai Qiang
address:        460 Yuyuan Road, Shanghai
country:        CN
phone:          +86-21-62173455
fax-no:         +86-21-62538495
e-mail:         [email protected]
nic-hdl:        CHQ1-AP
mnt-by:         MAINT-CHINANET-SH
last-modified:  2008-09-04T07:30:36Z
source:         APNIC

% This query was served by the APNIC Whois Service version 1.88.15-46 (WHOIS-US4)


Lines containing IP:218.78.247.169 in /var/log/auth.log

Jun 20 18:40:34 xxxxxxxxxxxxxxxx sshd[116180]: Invalid user jesus from 218.78.247.169 Jun 20 18:40:34 xxxxxxxxxxx sshd[116180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.78.247.169 Jun 20 18:40:35 xxxxxxxxxxxx sshd[116180]: Failed password for invalid user jesus from 218.78.247.169 port 8155 ssh2 Jun 20 18:40:36 xxxxxxxxxxxxxxx sshd[116180]: Connection closed by 218.78.247.169 port 8155 [preauth]


Regards,

Fail2Ban

Veeam Agent running in free mode absolutely does do incremental backups.

@jaredbusch said in Unifi Video:

And it is $20 for the base unit. The PAN is $30.

I have the WyzeCam2

Holu shit! That's tough to beat on pricing against most competitors! How long have you had yours?

@jaredbusch said in If You're Not Already, You May Want To Block Roku Log Domains:

Your logic is flawed.

If you let it communicate once, it has no reason to continually retry.

If you block it, it does not know that it cannot do as designed and will continually retry.

Re-read the post.

27k hits (actual hits...not attempts) last week (before it was blocked) and >10k attempts since blocked.

Noticed that my Roku devices are becoming extremely chatty. 27k hits last week and suddenly, >10k attempts today so far.

@black3dynamite It helps protect your site from DNS spoofing. Here's an example site with DNSSEC.

https://en.internet.nl/site/www.internetsociety.org/303794/#sitednssec

If DNSSEC is improperly setup, the site will not resolve.

Don't think it's very widely used though.

@jaredbusch said in DNS-over-HTTPS with Fedora based PiHole and Cloudflare:

The entire concept is just stupid.
You cannot hide from your provider.

Not about hiding from provider. It's about securing communications between every endpoint. Just another step to HTTPS everywhere.

@bnrstnr

Awesome! Thanks, that did the trick!

Anyone have a working Nginx config they can share? I keep getting the websocket error and immediate disconnection when I login. I've tried a number of configs I found online but nothing seems to allow me to successfully login without being logged out right away. Here is my current conf.

server {
   listen 80;
   server_name mydomain.com;
   return 301 https://$server_name$request_uri;
}

server {
  listen 443 ssl http2;
  server_name mydomain.com;
  
  add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
  add_header X-XSS-Protection "1; mode=block";
  add_header X-Content-Type-Options nosniff;
  add_header Referrer-Policy strict-origin;
  add_header X-Frame-Options "SAMEORIGIN";
  ssl_stapling on;
  ssl_stapling_verify on;
  server_tokens off;

  ssl on;
  ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem;
  ssl_session_timeout 5m;
  ssl_protocols TLSv1.2 TLSv1.3;
  ssl_ciphers 'ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384';
  ssl_ecdh_curve secp384r1:secp521r1;
  ssl_prefer_server_ciphers on;
  ssl_session_cache shared:SSL:10m;
  ssl_dhparam /etc/ssl/certs/dhparam.pem;
  proxy_cookie_path / "/; secure; HttpOnly";

	location /wss/ {
		proxy_pass https://192.168.100.50:8443;
		proxy_http_version 1.1;
		proxy_buffering off;
		proxy_set_header Upgrade $http_upgrade;
		proxy_set_header Connection "Upgrade";
		proxy_read_timeout 600;
	}
        
    location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_set_header X-NginX-Proxy true;
        proxy_pass https://192.168.100.50:8443;
        proxy_redirect off;
        
        proxy_read_timeout 600s;

        # Socket.IO Support
        proxy_http_version 1.1;
        proxy_buffering off;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
   }
}

Cert is working at least.