How to Install Let’s Encrypt on Apache2

 Apache2, Clusterweb, ClusterWeb, Debian, Linux, Profissional de TI, Redes, Segurança, Shell Script  Comentários desativados em How to Install Let’s Encrypt on Apache2
nov 052018

Improving your website security through encryption, even on the most basic servers, can increase your visitors’ trust in your site and your ability to run it. Setting up encryption on your web host has generally been complicated and expensive, which often deters administrators whose web applications might not depend on user input. Let’s Encrypt aims to change this by making implementing encryption on any website easier. They are an open and free project that allows obtaining and installing of certificates through simple, automated, commands.

Let's Encrypt Project Logo

Continue reading »

How to install OpenVPN inside a jail in FreeNAS with access to remote hosts via NAT

 Clusterweb, ClusterWeb, Firewall, FreeNAS, Leitura Recomendada, Linux, Profissional de TI, Redes  Comentários desativados em How to install OpenVPN inside a jail in FreeNAS with access to remote hosts via NAT
maio 252017


  • FreeNAS 9.10+
  • Domain updated by DDNS or a static IP
  • Internet access
  • Router forwarding of your port of choice (in my case 10011 UDP internal to 443 UDP external).
  • SFTP Client (Winscp, Transmit or plain scp)

Route all traffic?
If you want to route all traffic through the VPN Tunnel, be sure to read the Know This section

In this guide, we’ll do the server/client configuration as follows:

Server configuration:

  • Creating the Jail.
  • Optional: mounting local storage.
  • Installing OpenVPN inside the jail.
  • Creating all the certificates needed: the server root cert, the OpenVPN server cert and each of the client’s cert.
  • OpenVPN configuration file.
  • Firewall settings so NAT can work.
  • Registering OpenVPN as a service so it can start automatically with the jail.

Client configuration:

  • OpenVPN configuration file.
  • Certificate installation in client

Continue reading »

jun 112015

  1. sudo apt-get update
  2. ———————————————————————–
  3. sudo apt-get install apache2
  4. ———————————————————————–
  5. sudo adduser –disabled-password –system –home /var/lib/deluge –gecos “SamRo Deluge server” –group deluge
  6. ———————————————————————–
  7. sudo touch /var/log/deluged.log
  8. ———————————————————————–
  9. sudo touch /var/log/deluge-web.log
  10. ———————————————————————–
  11. sudo chown deluge:deluge /var/log/deluge*
  12. ———————————————————————–
  13. sudo apt-get update
  14. ———————————————————————–
  15. sudo apt-get install deluged
  16. ———————————————————————–
  17. sudo apt-get install deluge-webui
  18. ———————————————————————–
  19. sudo nano /etc/default/deluge-daemon
  20. ———————————————————————–
  21. # Configuration for /etc/init.d/deluge-daemon
  22. # The init.d script will only run if this variable non-empty.
  23. DELUGED_USER=”deluge”
  24. # Should we run at startup?
  26. ———————————————————————– Continue reading »

Install NTOP on Debian and Configure to Use NetFlow on Mikrotik RouterOS

 Apache2, Clusterweb, Leitura Recomendada, Linux, Mikrotik, Profissional de TI, Redes, Segurança  Comentários desativados em Install NTOP on Debian and Configure to Use NetFlow on Mikrotik RouterOS
jun 182014

Ntop is a network monitoring tool similar to Unix top, which shows network traffic usage. It can act as a NetFlow collector for flows generated by routers such as Cisco or Mikrotik. NetFlow is an industry standard for flow-based traffic monitoring.

We will install and configure Ntop to collect flows generated by Mikrotik router. Note: “Ntop” != “NtopNG”.

Install Pre-required Software

We’re using Debian Wheezy:

$ uname -rv
3.2.0-4-686-pae #1 SMP Debian 3.2.51-1

Update the system first:

# apt-get update && apt-get upgrade -uV

Install required software:

# apt-get install libtool automake autoconf make build-essential python-dev subversion

Install external tools and libraries required by ntop:

# apt-get install libpcap-dev libgdbm-dev zlib1g-dev libgeoip-dev libgraphviz-dev \
> graphviz rrdtool librrd-dev

Continue reading »

RedHat / CentOS Install and Configure Cacti Network Graphing Tool

 Leitura Recomendada, Linux, Redes  Comentários desativados em RedHat / CentOS Install and Configure Cacti Network Graphing Tool
jun 192013

Cacti is a network graphing tool similar to MRTG. How do I install and configure common options to collect SNMP data and various other data (such as system load, network link status, hard disk space, logged in users etc) into an RRD?

From the official project site:

Cacti is a complete frontend to RRDTool, it stores all of the necessary information to create graphs and populate them with data in a MySQL database. The frontend is completely PHP driven. Along with being able to maintain Graphs, Data Sources, and Round Robin Archives in a database, cacti handles the data gathering. There is also SNMP support for those used to creating traffic graphs with MRTG.

Required software(s)

You need to install the following software on RHEL / Fedora / CentOS Linux:

  1. MySQL Server : Store cacti data.
  2. NET-SNMP server – SNMP (Simple Network Management Protocol) is a protocol used for network management.
  3. PHP with net-snmp module – Access SNMP data using PHP.
  4. Apache / lighttpd / ngnix webserver : Web server to display graphs created with PHP and RRDTOOL.

Install the software

First, login as root user and type the following command to install mysql, apache and php:
# yum install mysql-server mysql php-mysql php-pear php-common php-gd php-devel php php-mbstring php-cli php-snmp php-pear-Net-SMTP php-mysql httpd

Configure MySQL server

First, set root password:
# mysqladmin -u root password NEWPASSWORD

Create cacti MySQL database

Create a database called cacti, enter:
# mysql -u root -p -e 'create database cacti'
Create a user called cacti with a password called zYn95ph43zYtq, enter:
# mysql -u root -p

mysql> GRANT ALL ON cacti.* TO cacti@localhost IDENTIFIED BY 'zYn95ph43zYtq';
mysql> FLUSH privileges;
mysql> \q

Install snmpd

Type the following command to install net-snmpd
# yum install net-snmp-utils php-snmp net-snmp-libs
Configure snmpd, open /etc/snmp/snmpd.conf
# vi /etc/snmp/snmpd.conf
Append / modify it as follows (see snmpd.conf man page for details):

com2sec local     localhost           public
group MyRWGroup v1         local
group MyRWGroup v2c        local
group MyRWGroup usm        local
view all    included  .1                               80
access MyRWGroup ""      any       noauth    exact  all    all    none
syslocation Unknown (edit /etc/snmp/snmpd.conf)
syscontact Root <root@localhost> (configure /etc/snmp/snmp.local.conf)
pass . /usr/bin/ucd5820stat

Save and close the file. Turn on snmpd service:
# /etc/init.d/snmpd start
# chkconfig snmpd on

Make sure you are getting information from snmpd:
# snmpwalk -v 1 -c public localhost IP-MIB::ipAdEntIfIndex
Sample ouptut:

IP-MIB::ipAdEntIfIndex. = INTEGER: 2
IP-MIB::ipAdEntIfIndex.67.yy.zz.eee = INTEGER: 3
IP-MIB::ipAdEntIfIndex. = INTEGER: 1

Install cacti

First, make sure EPEL repo is enabled. Type the following command to install cacti:
# yum install cacti

Install cacti tables

Type the following command to find out cacti.sql path:
# rpm -ql cacti | grep cacti.sql
Sample output:


Type the following command to install cacti tables (you need to type the cacti user password):
# mysql -u cacti -p cacti < /usr/share/doc/cacti-0.8.7d/cacti.sql

Configure cacti

Open /etc/cacti/db.php file, enter:
# vi /etc/cacti/db.php
Make changes as follows:

/* make sure these values refect your actual database/host/user/password */
$database_type = "mysql";
$database_default = "cacti";
$database_hostname = "localhost";
$database_username = "cacti";
$database_password = "zYn95ph43zYtq";
$database_port = "3306";

Save and close the file.

Configure httpd

Open /etc/httpd/conf.d/cacti.conf file, enter:
# vi /etc/httpd/conf.d/cacti.conf
You need to update allow from line. Either set to ALL or your LAN subnet to allow access to cacti:

# Cacti: An rrd based graphing tool
Alias /cacti    /usr/share/cacti

<Directory /usr/share/cacti/>
        Order Deny,Allow
        Deny from all
        Allow from

Another option is create /usr/share/cacti/.htaccess file and password protect the directory. Finally, restart httpd:
# service httpd restart

Setup cacti cronjob

Open /etc/cron.d/cacti file, enter:
# vi /etc/cron.d/cacti
Uncomment the line:

*/5 * * * *     cacti   /usr/bin/php /usr/share/cacti/poller.php > /dev/null 2>&1

Save and close the file.

Run cacti installer

Now cacti is ready to install. Fire a webbrowser and type the url:
Just follow on screen instructions. The default username and password for cacti is admin / admin. Upon first login, you will be force to change the default password.

How do I configure SNMP data collection?

SNMP can be used to monitor server traffic. Once installed login to cacti.
=> Click on Devices

=> Select Localhost

=> Make sure SNMP options are selected as follows:

Fig.01: SNMP configuration

Fig.01: SNMP configuration

Finally, click on Save button.

How do I create SNMP graphs?

Click on “Create Graphs for this Host” link on top right side.

Select SNMP – Interface Statistics

Select a graph type (such as In/Out bytes with total bandwidth)

Finally, click on Create button.

How do I view graphs?

To view graphs click on Graphs tab. Here is sample graph from one my own box:


Fig.02: Cacti in Action - Memory, CPU and Network Usage

Fig.02: Cacti in Action – Memory, CPU and Network Usage
(Fig.02: Cacti in action)


Fig.03: Cacti in Action Disk, Load average and User stats

Fig.03: Cacti in Action Disk, Load average and User stats

Further readings: