Baikal – own calendar with ToDo list (CalDav) and address book (CardDav)

Using own CalDav and CardDav server can help you with creating private platform to synchronize event and contacts between multiply devices and other services like webmails.

First let us download latest baikal version from http://baikal-server.com/  to /var/www/dav.example.com

Next extract it

Move files to destination ex. /var/www/dav.example.com

Create vhost config file for Apache

or you could use more advance config file that use SSL (razem z Let’sEncrypt) + php5_fastcgi :

Now we enable required apache modules and restart it:

Let us change files ownership (depending on what user runs Apache default would be ex. www-data):

Create file so baikal will enable installation panel:

Depending which vhost file we use we enter baikal via web browser

On first page setup everything the way you like, and on the next one you will be able to configure database backend, so you can pick sqlite or mysql/mariadb.

 

So now we go up and running dav platform for you private data.

 

Updating:

Even if you use latest version from page, I would suggest update it to newest one from git page

For example currently the newest on git is 0.4.2 baikal version.

It is recommended to make backup of your database if you started already to use baikal.

Download newest baikal to same directory where you install the 0.2.7 version:

Extract it

Change ownership for extracted baikal and move every file outside excluding  ‘Specific‘ folder.

Enter administration panel ex. dav.example.com and you will see warning like this:

After login in baikal will update the database and you will be ready to use it once again.

 

Difference between 0.2.x and 0.4.x is in URL we tend to use card.php and cal.php are now  dav.php, and both still works but are deprecated so eventually they will stop working. I recommended to use dav.php.

Good practice would also be adding DNS record:

This way autodiscover function when setting up account on your device will find your proper configuration faster.

 

Example use:

Thunderbird:

 

Thunderbird + Cardbook

Add address book > Remote

 

Android + DavDroid:

 

Facebooktwittergoogle_plusreddit

Dovecot – Proper IDLE timeout for android phones

If you are using your own imap server with android you could (but not nesesery) notice bigger battery drain and email application being on top of application that drain battery.

This could be a server side problem, because default dovecot configuration have idle_timeout set to 2minuts, so basicly every 2 minuts your phone query/poll imap server information about new emails – which results in higher battery drain.

Lets evalueate this with simple shell command:

This should result i:

The interval between each ‘OK still here’ is that your imap clean see/does. By default this should be 2minut interval.

Let us change this:

systemctl restart dovecot.service

And we are done.

Facebooktwittergoogle_plusreddit

Syncthing – own virtual drive

Syncthing – like the name tells is ‘thing’ synchronization application, which also works realy great as virtual drive (without web interface). With this in mind, this application wont fight it way on virtual drives market with Google Drive or ownCloud.

If we are looking for multi-platform solution which works out-of-box, and we want to synchronies our folder (1:1) across multiply nodes without to much configuration Syncthing is the perfect solution (for more complicated project I would go with rsync)!

Instalation (Debian/Ubuntu):

Instalation (Windows):

 

Starting application (Linux/Windows):

Syncthing run as user that run it with command:

 

Configuration as system service (Linux systemd):

Make file /etc/systemd/system/syncthing@.service

Next we create or use existing account to use for syncthing, lets assume its ‘myuser’ account:

 

Facebooktwittergoogle_plusreddit

GoGS with Apache2

First let us enable few modules that will be needed:

Sample vhosta config file for apache2:

Let us assure that gogs is running and the restart apache

 

To install gogs as service we need to create file, enable it and run:

 

Facebooktwittergoogle_plusreddit

GoGS – lightweight git front-end

GoGS is a frontend for git, it is a low demanding solution and thanks to fact that its being wrote in Go it work on every platform that support Go language.

GoGS as a core application use git and support different databases (mysql, postgresql lub tidb)

We could install gogs from source but we will use ready binary files for our system, and for backend we will use mariadb/mysql on debian/ubuntu system:

Lets download binary package from project page: gogs.io (in my case it was gogs_v0.9.13_linux_amd64.tar.gz) and extract it:

Now we need to create user and database for gogs:

 

First start:

Now we can connect with gogs via web browser using localhost:3000 or domain:3000 because gogs listening on 0.0.0.0:3000 address.

Configure it:

Rest things you can setup as you like.

Now we got running and ready to use GoGS installation (GoGIT)

Facebooktwittergoogle_plusreddit

Let’s encrypt – Green lock icon for ours web page – free SSL certificates

Let’s encrypt was created with one goal in mind, which was create secure platform that will give everybody ability to create valid certificates that we could use to enforce secure for ours web pages. That way our www can established secure and private connections with visitors so both sides will have benefits. Making all certificates generated this way valid we gain the ‘green lock icon’ in URL bar in web browsers, so every visitor don’t have to be scared away with big red warning message about unknown certificated being use (like it would when we use self-signed certificates)

On beginning I would suggest to read Apache Part 2: Enable SSL if you didn’t enabled SSL for your vhosts and also we will need self-signed certificates for full process to complete.

For now, as its 03/18/2016 letsencrypt allow for automatic certificates installation on Debian/Ubuntu platforms with Apache2 (as web server), and rest platforms/web servers are supported via manual installation.

Preparation

First step is to install git client, if we didn’t already:

Next we need to download latest letsencrypt script, which will help us with signing process:

If we ever need to update letsencrypt we would need to invoke just ‘pull’ command in git client like this:

If in middle of updating with git pull we will encounter message about local modification made by us, then there is a quick&dirty fix for that:

 

Lets Go!

Method 1: Automatically configure everything (Apache 2 + Debian/Ubuntu)

 

Method 2: Obtaining certificates for web server without automatic installation (webroot module)

 

Method 3: Obtaining certificates without using your web server but instead using build-in one (standalone module)

 

If we are using ‘apache’ module everything should work right away, in other case you need to manually add certificates in configure files of your vhosts.

Certificates are saves inside: /etc/letsencrypt/archive but the best is to use sym-links that are created in /etc/letsencrypt/live/

 

Renewing certificates!?

For now (03/18/2016) certificates created with Let’s Encrypt are valid for 90days. Renewing them is more like creating new ones. This process can be made by hand or with use of script proposed by Let’s Encrypt themself .

At first we can make dry run to see if there will be any errors while renewing certs:

If command was successful we can skip the –dry-run argument:

 

Command ‘renew’ use the last saved settings for creating certificates, so if we would like to use stronger encryption by using longer RSA key we can do it by:

 

While renewing certificates application check if valid date have passed. If not them script will skip renewing for that certificate, but we can force it by adding argument ‘--force-renew':

 

Automatic renewing 🙂

This is a copy of script from https://letsencrypt.org

We need to add script to cron, so we won’t need to remember about this

This way cron will try to renew every certificate we use each hour.

 

We could also skip this script and take other approach which is using cron with force-renewal argument:

This way each first day of month there will be generated new certificate for our domains. We go 90days to that so in theory we got 3 tries before our certificate became invalid.

 

Revoking certificate:

 

Update 06/11/2016:

You can update letsencrypt client, you need to run git command

While doing it you can hit on error saying that your local version is modified and you need to commit those changes. The simples way to fix this is reset your local repo:

 

Update 04/08/2017:

letsencrypt change name to certbot

Facebooktwittergoogle_plusreddit

Mikrotik – Send email with information about clients connecting to WiFi network

Mikrotik devices give a lot of configuration options to play with, and this post is one of those configuration which automatically register information about login/logouts in wifi network, and at daily basis send them to custom email address.

Let assume you have already configure email capability in mikrotik system.

Next we want to set topic of information we want to store to file (ex. wifi.log):

Next lets create script that will be backuping log file, send it to your email account, delete backup to free up some space and delete user that will do those things to not make it a easy target:

 

Don’t forget to setup scheduler that will run our script on daily basis:

 

Facebooktwittergoogle_plusreddit

Linux – Hide Bind version

If we would like to hide version of our bind server and make it harder for bot to sniff what version you use (assuming you always update 😉 ) you can make it by editing file: /etc/bind/named.conf.options:

Restart service:

Use dig to check that version you use now:

 

Facebooktwittergoogle_plusreddit

Google Authenticator – manual backup and restore

If we have ROOT access we can manualy backup the file that contains seeds needed to generate password in application.

Backup: You need to set ROOT access for ADB, and then:

The content of the file can be display with help of sqlite client application:

The above method can be done with file manager that can get ROOT access

Restore backup: You need to set ROOT access for ADB, and then:

The above method can be done with file manager that can get ROOT access and copy databases file to:

Also remember to set ownership for proper application user (com.google.android.apps.authenticator2) on this file, because with wrong one (root) the application will crash every time you try to open it.

 

Facebooktwittergoogle_plusreddit

Postfix i Dovecot – perfect duo for mail server

Own mail server? Would be awesome! If you just ask ‘why’ this tutorial is not for you 😉

Goals:

  • own postfix and dovecot server
  • support for virtual accounts
  • disable system accounts support
  • use database as account backend

 

1. Instalation

General type of mail configuration: Internet Site

System mail name: domian.name

2. Mysql/MariaDB backend

First prepare backend:

 

Most important postfix config file main.cf

Next let us create configuration files for virtual account support:

Restart postfix:

 

This will test if postfix ‘see’ virtual account from database:

 

Next we need to edit other postfix config file master.cf

This looked scary but to be sure I included full config file, because there could be changes made in newest version to default config files.

Just reset postfix because we finish configure him 🙂

 

3. Dovecot

First we make backup of files that we will edit:

Edit dovecot.conf

Let us comment and uncomment lines according with this code:

We need to create vmail account

Restart dovecot

4. Adding more account to backend

 

5. SPAM

If you are interested, there are some post about way to fight with spam:

Fight against spam part 1 – Postfix SPF

Fight against spam part 2 – Postfix DKIM

Fight against spam part 3 – Postfix DMARC

Fight against spam part 4 – Postfix SpamAssassin

Fight against spam part 5 – Dovecot Sieve

 

Facebooktwittergoogle_plusreddit