Use PuTTYgen to generate public and private keys. Paste the public key into /home/userid/.ssh/authorized_keys. Select Connection/SSH/Auth in PuTTY for each host entry to identify the private key. Retrieve the public key with the private key by clicking the ‘Load’ button in PuTTYgen. If you use a passphrase for added security, you must use it each time you log into a server. Here’s a place to start.
I just had the good fortune of inheriting an HP ProLiant DL360 Gen8 server (vintage 2012). It has two Intel Xeon E5-2440 / 2.4 GHz pocessors with 6 cores each and a Passmark CPU mark of 9221 each. It has 64GB of memory. There are 4 900GB 10k 2.5″ drives configured as RAID 5 and 2 1TB 7.2K 2.5″ drives as RAID 1. The RAID 5 was previously RAID 10.
I have used Ubuntu/KVM for virtulization. However, there are no Ubuntu drivers for the HP Smart Array so I chose VMware ESXi for my virtualization. There are special HPE downloads from VMware dated June 2019. These contain ESXi 6.5 U3 which I think is the final version for the Gen8. The current version of ESXi is 6.7.
I got a permanent free license that has the following limitations:
This is a great way to learn VMware!
This is a stub
LinuxBabe has a tutorial. The first step is to install the LEMP Stack (Nginx, MariaDB, PHP7.2-FPM) on Ubuntu 18.04. No joy. Then I tried snap using the Digital Ocean tutorial. No joy.
OK, Tech Republic came through with this one and it worked. I started out with a patched ubuntu 18.04 lts server the followed the script. I wanted to use my file server as the data store. I exported the top directory of my file server then mounted the nfs share on the NextCloud server. Then I added permissions on the file server for NextCloud. I added www-data to the group with permissions for the top directory and changed permissions to 770 to allow the group to write and prevent other users from listing the directory.
Next, port forwarding must be enabled. Cox Communications, my ISP, blocks port 80 (HTTP) so I used port 8080 and forwarded it to port 80 on the NextCloud server. This works, but is insecure. I need to use HTTPS (port 443) which also removes the need for translating ports in port forwarding.
Most tutorials for NextCloud use the snappy package manager for installation. Subsequent SSL/TLS installations also use snappy which doesn’t work with my apt installation. The next hurdle was an connection error when requesting a certificate from Let’s Encrypt. My next tact is to create a self-signed SSL certificate using the Digital Ocean tutorial. Because this certificate is not signed by a trusted certificate authority, you get the “Your Connection is not Private” error. However, your data is still encrypted and you can trust it.
Wouldn’t it be nice to have all my file server files available to NextCloud. NextCloud gives you access to userid/files. My file organization is //fileserver/storage/protected with categories of files next. These categories include documents, downloads, manuals, movies, manuals, pictures, tv, utilities and video. It also includes my userid, lynn, which is the root directory for NextCloud. Below lynn is files which is what you see in NextCloud, aka //fileserver/storage/protected/lynn/files.
I had to move documents, downloads, manuals, movies, manuals, music, pictures, tv, utilities, and movies under //fileserver/media/storage/protected/lynn/files. I was able to retain my directory structure by creating symbolic links for each of these directories, e.g.,
sudo ln -s /media/storage/protected/lynn/files/movies /media/storage/protected/movies
Because I didn’t use the NextCloud interface to add files, these files did not appear. I had to rescan the files as the NextCloud user to see them:
sudo -u www-data php /var/www/html/nextcloud/occ files:scan –all
I start with the Digital Ocean tutorial.
First, install Apache and PHP.
$ sudo apt install autoconf gcc make unzip libgd-dev libmcrypt-dev libssl-dev dc snmp libnet-snmp-perl gettext
$ cd ~
$ curl -L -O https://github.com/NagiosEnterprises/nagioscore/archive/nagios-4.4.5.tar.gz
$ tar zxf nagios-4.4.5.tar.gz
$ cd nagioscore-nagios-4.4.4
./configure –with-httpd-conf=/etc/apache2/sites-enabled
make all
sudo make install-groups-users
sudo make install
sudo make install-daemoninit
sudo make install-commandmode
sudo make install-config
more
sudo useradd nagios
sudo apt update
sudo apt install autoconf gcc libmcrypt-dev make libssl-dev wget dc build-essential gettext
cd ~
curl -L -O https://nagios-plugins.org/download/nagios-plugins-2.3.3.tar.gz
tar zxf nagios-plugins-2.3.3.tar.gz
cd nagios-plugins-2.3.3
./configure
make
sudo make install
cd ~
curl -L -O https://github.com/NagiosEnterprises/nrpe/releases/download/nrpe-4.0.0/nrpe-4.0.0.tar.gz
tar zxf nrpe-4.0.0.tar.gz
cd nrpe-4.0.0
./configure
Another try at getting a client to work: https://www.howtoforge.com/tutorial/ubuntu-nagios/
Lawrence Systems has an excellent video describing how to setup OpenVPN for remote access on pfsense. Once the setup is complete, add users from the System / User Manager / Users dialog in pfsense.
For Windows users, simply run VPN / OpenVPN / Client Export / Current Windows Installer. This creates an executable to run on the client machine.
For Android users, create the inline configuration (.ovpn) file and copy to the device. Install OpenVPN from the play store and import the profile (.ovpn file).
I installed pfSense as a KVM guest using a variety of sources. The basic installation is pretty simple. I used a Crosstalk Solutions video to guide me.
One issue was that IP permanent reservations are implemented different from typical home routers. Static (permanent) IP addresses can’t be part of the DHCP address pool. Permanent addresses are assigned as static addresses in a different range. However, they will be assigned to the client by DHCP. This made it difficult to keep permanent assignments so my servers all got new IP addresses. Ugh.
Another issue is how to dedicate two new 1GB NICs to the pfSense machine. I opted to use the passthrough option for them when I created the virtual guest. They both negotiated at 100mbps/full duplex. The LAN side should have negotiated at 1GB which is an open issue.
My Ubuntu/KVM drive is a single 256MB Kingston SSD. Since it’s not mirrored, I need a good backup plan.
Since my home IP address is not static, I need to use Dynamic DNS to update my NameCheap domain (lynnhargrove.com) when my IP address changes. I set up a cname record that points to host www at lynnhargrove.com and an aname record that points to host @ at 98.174.184.138. I used a NameCheap forum post to configure NameCheap and pfSense for DDNS, however I was unable to successfully test the update process.
NAT/Port Forwarding
Port forward is under Firewall/NAT in pfSense. When you create a port forward entry, a corresponding rule is written to allow the port through the firewall. What was not obvious is that under System/Advanced/Firewall & NAT/Network Address Translation, you must enable NAT reflection mode for port forwards. Of the two choices, Pure NAT didn’t work, but NAT + proxy did.
There may be a better way to configure networking, but I have a guest VM (pfSense) serving an IP address to the KVM host. Obviously, pfSense is not available when KVM starts so KVM doesn’t get an IP address. It seems to eventually resolve. I configured a static address in /etc/network/interfaces but that didn’t help. I added this to crontab:
sudo crontab -e
@reboot sleep 300 && dhclient
I decided to make my AMD 5370 low-power (~55w) Ubuntu KVM virtualization server a “production” home lab server. I just picked up a hand-me-down HP ProLiant DL360 Gen8 server which is not so low-power (~180w). This pushed me to run the AMD server continuously and to turn on the ProLiant when I want to play in the sandbox. Since Ubuntu/KVM lacks Smart Array drivers for the ProLiant, I’ll use VMware ESXi.
I run my Ubuntu file server as a guest on the AMD server. Since it will no longer be a sandbox, I added a couple of PCIe 1GB NICs and installed the pfSense firewall/router. I plan to include an OpenVPN server. I also plan to add Nagios (systems monitor), NextCloud and probably FreeNAS for my file server. I also run a PlayOn/Plex media server on a Lenovo M73 with is really low-power (~15w). I might move PlayOn and Plex to the AMD server. It might even be fun to put an Umbuntu software mirror on the AMD. I suspect I should get a life, but I think that ship has sailed.
For lack of a better place to note it, use tasksel to install packages from a command line menu after the initial installation.
I installed KVM without LVM to keep it simple. My guest file server ran out of root partition space when I installed Plex Media Server. This guide helped me increase the size of my virtual disk.
SSH to kvm:
$ sudo virsh domblklist file2
fdisk -l /var/lib/libvirt/images/file2.qcow2
sudo qemu-img resize /var/lib/libvirt/images/file2.qcow2 +3G
SSH to file2:
lsblk (confirm new disk size)
sudo growpart /dev/vda 2
lsblk
sudo resize2fs /dev/vda2
df -h
The Lenovo ThinkPad X220 is about the only Hackintosh alternative under $300. and it’s one of the easiest MacOS installs. It is vintage 2011, but it does have an Intel Core i5-2540M 2.60 GHz Dual-core processor that may be my fastest computer at the moment. I was looking for a 13″ screen lightweight laptop that traveled well. It has a 12.5″ screen and weighs 3.8 pounds. I found a refurb on Newegg for $155 and a MAC OS X compatible WiFi card for $13.
Mac OS X Mojave 10.14 (9/24/18) does not easily support the ThinkPad X220 hardware. Therefore, Mac OS X High Sierra 10.13 (9/25/17) is what I will install with no plans to upgrade. I will use the McDonnel Tech guide for installation.
I’m using the guide from tonymacx86 and a computer with an Asus P5KPL-CM motherboard, an E5300 @ 2.6GHz with 4 GB of memory.
More…
Here are my solar panels.
Here is my plan.
PV Array Tilt Angle Calculator. (13 – 59 degrees)
Build A DIY Solar Tracker video.
Thanks for joining me!
Good company in a journey makes the way seem shorter. — Izaak Walton
What I Learned Today 