In this post we install and configure an instance of Ubuntu Server under WSL2 for Linux. Many developers are going to choose to use WSL2, so we guide them to install the Ubuntu Server version of WSL2. This provides a more standard environment referenced by many howto procedures on the Internet.
WSL2 enables a computer running Windows 11 Pro to host a guest instance of Ubuntu Server:
WSL2 offers some advantages for a developer experience
WSL2 offers some advantages for a local developer in terms of networking: if they install a service that opens a port, like port 22/tcp for SSH, that same port is opened on localhost of the Windows machine hosting the WSL2 Ubuntu Server instance. A developer can SSH to port 22 on localhost, without configuring a static IP address or port forwarding. This eliminates the need to configure virtual switches, static IP addresses, and port forwarding. In addition, WSL2 provides a file mounts of the Windows file system within Linux, and a file mount of the Linux filesystem within Windows.
Other ways to install Ubuntu Server on a Windows 11 Pro computer
There are other ways to install Ubuntu Server on a Windows 11 Pro computer, including Windows Hyper-V. If you need to host multiple instances of Ubuntu Server with static IP addresses and subnet routing, consider using Hyper-V instead.
Installing WSL2
Start a CMD window as Administrator. At the Start menu, type the letters “cmd” then right-click on the app icon to run the command prompt as root:
Enter the following command:
powershell
Enter the following command:
wsl --install -d Ubuntu-24.04
Reboot your computer.
Enter values for username and password:
Enter the following command from a CMD window running as Administrator:
wsl --list --verbose
Enter the following command:
wsl --setdefault Ubuntu-24.04
Enter the following command:
wsl
Enter the following command:
lsb_release -a
Enter the following command:
sudo su
Updating apt packages on the Linux system
Enter the following commands:
apt clean
apt update
Enter the following command:
apt upgrade
Enter y for yes:
Enter the following command:
reboot
from a CMD window running as Administrator, enter the following command:
wsl
Installing some utilities
Enter the following commands:
sudo su
apt install net-tools git build-essential
Installing openssh-server
Enter the following command:
apt install openssh-server
From a CMD window running as Administrator, enter the following command:
In this post, we build a home server using Ubuntu Desktop Linux that includes a Samba network file server, an OpenVPN virtual private network (VPN), and a KVM hypervisor hosting virtual machine (VM) guests including a Linux/Apache/MySQL/PHP web server. In addition, we build an offsite backup server using Fedora Server Linux, and link the offsite backup server to the home server via a WireGuard secure network tunnel.
Tasks for the home server
The home server will perform the following tasks:
Samba network file server
OpenVPN server
KVM hypervisor to host virtual machine (VM) guests
LAMP web server in a VM
Wireguard public-facing host to client connection to offsite backup server
Hardware for the home server
As the home server will host virtual machine guests, I need a certain level of performance, so I bought a refurbished circa 2017 computer for C$403 (US$294). CPU performance can affect OpenVPN performance, so the VPN server will benefit from a stronger CPU as well.
The home server is a small form factor (SFF) desktop circa 2017:
Dell OptiPlex 5050 SFF (circa 2017)
i7-7700 CPU
32GB DDR4 RAM
1TB SATA SSD
Formatting and configuring the home server with Ubuntu Desktop 22.04 LTS
I formatted the home server with Ubuntu Desktop 22.04 LTS.
Why choose Ubuntu Desktop instead of Ubuntu Server?
For the home server, I wanted the option of a graphical user interface (GUI) desktop for use at console, and via remote desktop. A GUI desktop is also more convenient for the creation and management of KVM virtual machine guests using the virt-manager GUI, (and avoids the need for SSH tunnel forwarding and an X11 server to reach a headless server).
Formatting in UEFI mode
With modern hardware, I like to use UEFI mode for disk booting. Although we do not need a multiple-boot menu for this server, it is easier to construct a multiple-boot menu using grub when booting in UEFI mode. This is the default on a post-2016 motherboard, but it is worth looking at the BIOS when you first lay hands on a machine.
Connecting using wired Ethernet
We need a wired Ethernet connection for the home server, as we want to create a bridge mode adapter (br0) so that virtual machine (VM) guests can have IP addresses in the host networking subnet.
Complete the fields as needed, then click on “Continue”:
Click on “Restart Now”:
Press the ENTER key on your keyboard:
Using the nmcli command to create a bridge mode adapter (br0)
Because we are working on an Ubuntu desktop, we will use the nmcli command to create a bridge mode adapter (br0).
Open a terminal window. Enter the following commands:
sudo su
apt install net-tools bridge-utils
ifconfig
Look at the information displayed by the ifconfig command. Identify the name of the wired Ethernet connection. The name may be “eth0” or a string such as “enp0s31f6”
Use the value you identified above and use it in place of ethernet_name.
Enter the following commands:
nmcli con add ifname br0 type bridge con-name br0
nmcli con add type ethernet ifname ethernet_name master br0
nmcli con up br0
nmcli con show
brctl show
Using the nmcli command to set a static IP address on the bridge mode adapter (br0)
Although the br0 adapter appears in the Gnome Settings control panel, its IP address cannot be set using this graphical user interface (GUI). We can set the IP address and other IPV4 values of a br0 adapter using the nmcli command.
Enter the following commands:
nmcli con modify br0 ipv4.addresses 192.168.56.40/24 ipv4.gateway 192.168.56.1 ipv4.method manual
nmcli con modify br0 ipv4.dns "8.8.8.8 8.8.4.4"
nmcli con down br0 && sudo nmcli con up br0
con show br0
Understanding the bridge networking device (br0) and its relationship with the Ethernet adapter
The bridge networking device (br0) is a wrapper around the Ethernet adapter. The br0 adapter replaces the Ethernet adapter.
Configuring the desktop user to login automatically
From the Ubuntu Desktop, Start the Settings application. Click on the search icon and search for “users”:
Click on “Unlock…”:
When prompted, enter the password for the user that owns the desktop session:
Enable “Automatic Login”:
Setting Blank Screen Delay to Never and Disabling Automatic Screen Lock
In the Settings application, go to Privacy, then Screen. Change “Blank Screen Delay” to “Never”. Disable “Automatic Screen Lock”:
Enabling Remote Desktop Sharing
In the Settings application, go to Sharing, then go to “Remote Desktop”. Enable “Remote Desktop”. Enable “Remote Control”. Provide values for “User Name” and “Password”
Creating a firewall exception for the remote desktop port
Open a terminal window. Enter the following commands:
sudo su
ufw allow 3389/tcp
Testing Remote Desktop access to the home server from a Linux desktop
Use the Remmina program and select the RDP protocol. Complete the fields as necessary for your installation, then click on “Save and Connect”:
Testing Remote Desktop Sharing from a Windows 11 Pro desktop
Click on the Start button. Enter the text “remote desktop”. Click on the icon for “Remote Desktop Connection”:
Enter the IP address of the home server. Click “Connect”:
Enter the username and password you specified in the Settings application on the home server under Sharing | Remote Desktop:
Check the box “Don’t ask me again for connection to this computer”. Click on “Yes”:
Considering VNC as an alternative to Remote Desktop (RDP)
If you have difficulty connecting to the home server using a Windows remote desktop client, consider using VNC:
Using the smbpasswd command to create a Samba username to match the desktop username
Open a terminal window. Enter the following commands. Replace username with the user that owns the desktop on the home server. When prompted, provide a value for the password:
sudo su
smbpasswd -a username
Creating a firewall exception for the network file sharing (CIFS) port
Enter the following command:
ufw allow 137,138,139,445/tcp
Testing the network file share using the Files (Nautilus) program
In the Files (Nautilus) application, click on “+ Other Locations”:
Select “Registered User”. Provide a value for “Username”. For Domain, put “WORKGROUP”. Provide a value for “Password”. Click on “Connect”:
Testing the network file share using File Explorer in Windows 11 Pro
From the File Explorer application in Windows 11 Pro, enter the address of the server in the address bar. Prefix the address with “\\” as in “\\192.168.56.40” for the following example. Enter the IP address of your home server:
Advanced applications of Samba including Active Directory authentication
Declaring a CNAME record in DNS to map a subdomain to the IP address of the persistent host name
If you have a registered domain name, and you have access to the DNS control panel for that domain, you can declare a CNAME record in DNS to map a subdomain to the ip address of the persistent hostname. For example, the GoDaddy DNS control panel allows the following kind of CNAME declaration:
This creates the subdomain servername.example.com, which will ping to the same IP address as persistenthostname.ddns.net
In this case we have set the time-to-live (TTL) value to 1 hour, so the IP address of the CNAME host would be updated once per hour. Many DNS providers block the option of declaring a CNAME to the apex (@) host of a domain. You can still host a subdomain, for example:
https://servername.example.com
If you need to declare the @ host as a CNAME consider pobox.com
If you need to declare the @ host of a domain as a CNAME associated with a persistent host name, consider using pobox.com as your DNS provider.
Using a script to automate the installation of OpenVPN
The openvpn-install.sh from Nyr automates the installation of the OpenVPN server application:
From the desktop of the home server, open a terminal window. Enter the following commands:
virt-manager
Verifying that the virtual machine (VM) is set for bridge mode with the br0 device
Click on the “i” icon on the VM. Select “NIC”:
Determining the current IP address of the VM
Enter the following commands:
sudo su
apt install net-tools
ifconfig
Note the name (ie enp1so) and IP address of the first adapter:
Connecting to the server with SSH
Open a terminal window on the desktop of the home server. Enter the following command, substituting values for username and ipaddress to match your installation:
ssh username@ipaddress
Creating a netplan for a static IP address for the VM
As the VM is running Ubuntu Server, we will use netplan to create a static IP address.
From the SSH terminal window, enter the following commands:
sudo su
cd /etc/netplan
cp 00-installer-config.yaml 00-installer-config.yaml.b4
nano 00-installer-config.yaml
Use the nano text editor to modify the 00-installer-config.yaml file. Change the value of adaptername as needed ie “enp1s0”:
Use the nano text editor to modify the apache2.conf file. Find the “<Directory /var/www/>” section. Change “AlllowOverride None” to “AllowOverride All”:
<Directory /var/www/html>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
Enter the following commands:
a2enmod rewrite
systemctl restart apache2
Running the mysql_secure_installation command
Enter the following command.
mysql_secure_installation
Answer the prompts as follows:
Testing the web server on port 80
From the desktop of the home server, start a web browser. Visit the IP address of the VM that hosts the LAMP web server:
Forwarding the LAMP web server ports from the public-facing router to the bridge mode IP address of the VM hosting the LAMP web server
Testing the web server from a public address
Using your cell phone: switch to LTE data mode. Visit the URL of your persistent hostname. If you have a CNAME declared for a subdomain host in DNS, visit that URL as well.
Creating virtual hosts for Apache
Open an SSH terminal window to the VM hosting the LAMP web server:
ssh desktop@192.168.56.23
Enter the following commands:
sudo su
cd /etc/apache2/sites-available
nano persistenthostname.ddns.net.conf
Use the nano text editor to edit the persistenthostname.ddns.net.conf file:
Using Let’s Encrypt to create an SSL certificate for https
Open an SSH terminal window to the VM hosting the LAMP web server. Enter the following commands:
sudo su
apt install python3-certbot-apache
certbot --apache
systemctl restart apache2
Enabling Wireguard on the home server
Open an SSH terminal window to the home server. Provide values for username and ipaddress to match your installation:
ssh username@ipadress
Creating public and private WireGuard keys
Enter the following commands:
sudo su
cd /etc/wireguard
umask 077
wg genkey > privatekey
wg pubkey < privatekey > publickey
Creating a firewall exception for the WireGuard port on the home server
ufw allow 55555/udp
Enter the following commands:
nano wg0.conf
Creating the wg0.conf file
Use the nano text editor to modify the wg0.conf file. Provide a value for privatekey matching the privatekey of the home server, generated above. (Provide a value for publickey of the peer system (the offsite backup server) when the value becomes available, then restart the wg-quick@wg0 service):
[Interface]
# home server
Address = 10.5.0.1/24
PrivateKey = privatekeyofhomeserver
ListenPort = 55555
[Peer]
# offsite backup server
PublicKey = publickeyofoffsitebackupserver
AllowedIPs = 10.5.0.0/24, 192.168.1.0/24
Forwarding the WireGuard port from the public-facing router to the home server
Tasks for the offsite backup server
The offsite backup server will perform the following tasks
Samba network file server
Wireguard client connection to home server
Hardware for the backup server
My brother donated a computer to the project, a computer that was headed for a dumpster. This is an example of a hacker living his principles.
This machine could not address more than 1.5GB RAM of the RAM we found in our junkpiles. This machine has a 20GB mechanical hard drive — we could certainly upgrade that with a 120GB SSD, but we decided to see what was possible with the mechanical drive. We will be attaching an SSD drive to the computer. Because the taskings are Samba network file sharing and a Wiregurd tunnel to the home server, it may not be necessary to upgrade the mechanical drive.
The offsite backup server is a small form factor (SFF) desktop circa 2005:
HP HSTNC-008P-SF (circa 2005)
Pentium(R) D CPU
1.5GB DDR RAM
20GB mechanical drive (presumably 5400RPM)
Formatting and configuring the offsite backup server with Fedora Server 38
My brother formatted the offsite backup server with Fedora Server 38. This server will have a text-only console. This will allow us to conserve about 1.1GB RAM, ie 3/4 of the 1.5GB RAM we have available in the system.
Why choose Fedora Server instead of Fedora Desktop?
For the offsite backup server, as the hardware is limited, we will use Fedora Server to conserve CPU and RAM resources.
Formatting in Legacy Mode
With older, pre-2016 hardware, it is simpler to format in Legacy Mode. In this case, the system literally is legacy, this is the only mode available.
Connecting using wired Ethernet
We will connect the offsite backup server using wired Ethernet. This simplifies some kinds of networking, including WireGuard, which we will use later in this procedure to create a secure tunnel to the home server.
Installing a few utilities on the offsite backup server
Log in at the console of the offsite backup server. Enter the following commands:
sudo su
dnf install net-tools iptraf-ng finger wireguard
ifconfig
Examine the output of the ifconfig command. Find the name of the Ethernet adapter, it may be something like “enp0s25” or “eth0” — take note of this value.
Using the nmcli command to configure a static IP address for the offsite backup server
Enter the following commands. Provide values for adaptername and ipv4.gateway that match your installation:
nmcli con modify adaptername ipv4.addresses 192.168.1.95/24 ipv4.gateway 192.168.1.1 ipv4.method manual
nmcli con modify br0 ipv4.dns "8.8.8.8 8.8.4.4"
nmcli con down br0 && sudo nmcli con up br0
con show br0
reboot
Installing the Samba program on the offsite backup server
Open an SSH terminal window to the offsite backup server. Enter the following command:
dnf install samba
Creating a network file share using Samba on the offsite backup server
Use the nano text editor to modify the wg0.conf file. Provide a value for privatekey matching the privatekey of the home server, generated above. Provide a value for publickey matching the private key of the offsite backup server:
Web presence step by step is a series of posts that show you to how to build a web presence.
In this post, we learn how to declare multiple subdomain names under a single domain name for use as virtual host names, for multiple separate websites.
Understanding virtual hosts and their relation to domain and subdomain names
A shared LAMP web server can host multiple websites, or “virtual hosts,” named after domain and subdomain names.
You may wish to host a web-based application like MyBB or Nextcloud as its own website, rather than as a subdirectory of an existing website, without purchasing an additional domain name.
Multiple subdomains can be hosted on the same web server, or on different web servers.
The bare domain and the www subdomain
A virtual host can be identified by a “bare” domain name like “webpresencestepbystep.com,” or by a subdomain name, like “www.webpresencestepbystep.com” — by convention, the www subdomain prefix points to the same content as the “bare” domain name.
Additional subdomains like “community” and “media”
Additional subdomain names can be declared like “community.webpresencestepbystep.com” and “media.webpresencestepbystep.com” – these subdomains can point to separate websites on the same web server, or on different web servers.
Understanding domain and subdomain names and their relation to Domain Name System (DNS) zone files
As we can see in the DNS zone for the domain, the host names “@” (“bare domain”) and “community” are A declarations associated with the IP address of web server A.
The host name “www” is a CNAME declaration associated with the host name “@” so implicitly is associated with the IP address of web server A.
The host name “media” is an A declaration associated with the IP address of web server B.
2 websites on web server A, 1 website on web server B, all as subdomains of a single domain name
By using multiple subdomains of the same domain name, 3 separate websites can be declared, with 2 websites hosted on web server A, and 1 website hosted on web server B, without the need to purchase additional domain names.
Bare domain and subdomain www on web server A
webpresencestepbystep.com and www.webpresencestepbystep.com on web server A
A note about www and CNAME
the subdomain “www” host name is a canononical name (“CNAME”) of the @ host name, which identifies the “bare” domain. This means that www.webpresencestepbystep.com will resolve to the same IP address as webpresencestepbystep.com
Web presence step by step is a series of posts that show you to how to build a web presence.
In this chapter we install and use a script to automate the creation of a virtual host on an Apache web server.
A PHP script that automates the creation of a virtual host under Apache
This script collects and validates inputs, then executes the commands to create a virtual host under Apache.
A note about the source code view below
For formatting reasons, the text is limited to a fixed width. To fully view the text, you can scroll to the right to see the ends of lines, or use the print view for this blog post.
To view the source code in an another text editor, download and uncompress the zip file described below, or select and copy the text from the source code example below, and paste the text into a file on your computer called “addvhost.php”
Consider copying the file to your Apache web server’s /usr/bin directory with a chmod of 755 so that it can be executed from the system path. Steps to do so are included in the procedure below.
Saving the PHP script to a file called addvhost.php
Uncompress the zip file to extract the file “addvhost.php” then copy the file to your Apache web server.
Source code of the script
Scroll right to see the ends of lines.
#!/usr/bin/php
<?PHP
// addvhost.php
// v0102
// updated to variable-ize vhostip as a base setting
// creates a virtual host under Apache
// Gordon Buchan 20210512 https://gordonbuchan.com
// MIT License https://mit-license.org
// tested on Ubuntu 20.04, may work on Debian
// directory structure allows for chroot jails for SFTP:
// in a jail you do not own your home directory, only your webdir
// tip: apt install finger whois
// ////////////////////////////////////////////////////////////////
// start summary
// initialize base settings in variables ie bvhwb
// ask for vhostsubdomain, vhostusername, vhostpassword
// infer vhosthomedir, vhostwebdir by convention
// create user, home directory, password
// create directory
// create index.php document
// chown vhosthomedir as root:root
// chown vhostwebdir as vhostusername:vhostusername
// chmod vhostwebdir
// create virtual host file
// enable virtual host
// echo suggestion that client restart apache, run certbot --apache, restart apache
// end summary
// ////////////////////////////////////////////////////////////////
// start base settings
$bvhostconfdir = "/etc/apache2/sites-available";
$bvhwb = "/usr/web";
$restartcommandstr = "systemctl apache2 restart";
$vhostenablecommandstr = "a2enmod";
$echoplaintextpasswords = TRUE;
$logplaintextpassword = TRUE;
$vhostserveradmin = "info@yourdomain.com";
// tip: could be "xxx.xxx.xxx.xxx"
$vhostip = "*";
// ////////////////////////////////////////////////////////////////
// end base settings
// ////////////////////////////////////////////////////////////////
// start function sink
// start polyfill
// str_contains() polyfill for pre PHP8: code for this function taken from php.net
if (!function_exists('str_contains')) {
function str_contains(string $haystack, string $needle): bool
{
return '' === $needle || false !== strpos($haystack, $needle);
} // end function str_contains()
}
// ////////////////////////////////////////////////////////////////
// end polyfill
// validate functions
// We will be using the readline() function to ask questions on the command line.
// These functions allow us to do rich validation within a while statement to trap
// the readline in a loop until our conditions are satisfied.
// We will also echo text to the console with reasons for rejection to assist the client.
// For example: bad string format, vhost appears to exist already, etc.
// ////////////////////////////////////////////////////////////////
function vhostsubdomainverify($vhostsubdomainstr) {
global $bvhwb;
global $bvhostconfdir;
//assume true until proven false
$returnval = TRUE;
// is the string clean?
// note that "-" hyphen character is permitted, not part of symbol sieve
if ( preg_match('/[\'^£$%&*()}{@#~?><>,|=_+¬]/', $vhostsubdomainstr) ) {
$returnval = FALSE;
echo "string has special character that is not permitted\n";
}
// string does not contain a period symbol
if (!str_contains($vhostsubdomainstr,".") ) {
$returnval = FALSE;
echo "string does not contain a \".\" period symbol.\n";
}
// string contains two period symbols in a row
if (str_contains($vhostsubdomainstr,"..") ) {
$returnval = FALSE;
echo "string contain two \"..\" period symbols in a row.\n";
}
// string contains leading period symbol
$strlen = strlen($vhostsubdomainstr);
$begsample = substr($vhostsubdomainstr,0,1);
if ($begsample == ".") {
$returnval = FALSE;
echo "string begins with a \".\" period symbol.\n";
}
// string contains trailing period symbol
$endlen = strlen($vhostsubdomainstr);
$endsample = substr($vhostsubdomainstr,($endlen - 1),1);
if ($endsample == ".") {
$returnval = FALSE;
echo "string ends with a \".\" period symbol.\n";
}
// does the vhostsubdomain already exist?
$vhostsubdomainstrund = str_replace(".","_",$vhostsubdomainstr);
clearstatcache();
if (is_dir("$bvhwb/$vhostsubdomainstrund") ) {
$returnval = FALSE;
echo "webdir for proposed vhost already exists.\n";
} else {
} // end if (is_dir()
$grepforvhost1str = "grep -i 'ServerName $vhostsubdomainstr' $bvhostconfdir/*";
$grepforvhost2str = "grep -i 'ServerAlias $vhostsubdomainstr' $bvhostconfdir/*";
$grepforvhost1res = shell_exec($grepforvhost1str);
$grepforvhost2res = shell_exec($grepforvhost2str);
// if the string has contents something was there for the grep to find
if ($grepforvhost1res || $grepforvhost2res) {
echo "subdomain appears to be part of an existing virtual host\n";
$returnval = FALSE;
}
return $returnval;
} // end function vhostsubdomainverify()
// ////////////////////////////////////////////////////////////////
function prependverify($prependverify) {
// let us make our tests and comparisons case-insensitive
$lowerpv = strtolower($prependverify);
if ( ( $lowerpv == "n") || ($lowerpv == "no") || ($lowerpv == "y") || ($lowerpv == "yes") ) {
$returnval = TRUE;
} else {
echo "please indicate n or no, y or yes\n";
$returnval = FALSE;
}
return $returnval;
} // end function prependverify()
// ////////////////////////////////////////////////////////////////
function usernameverify($vhostusername) {
// force to lower-case
$vhostusername = strtolower($vhostusername);
// assume TRUE until proven false
$returnval = TRUE;
// is the string clean?
// note that "-" hyphen character is permitted, as is the "_" underscore character, not part of symbol sieve
if ( preg_match('/[\'^£$%&*()}{@#~?><>,|=+¬]/', $vhostusername) ) {
$returnval = FALSE;
echo "string has special character that is not permitted\n";
}
$vhunstrlen = strlen($vhostusername);
if ($vhunstrlen < 2) {
echo "username should be minimum 2 characters\n";
$returnval = FALSE;
}
if ($vhunstrlen > 32) {
echo "username should be maximum 32 characters\n";
$returnval = FALSE;
}
// what does finger return?
$fingerstr = shell_exec("finger $vhostusername 2>&1");
if (!str_contains("$fingerstr","no such user") ) {
echo "finger found this username to already be in use\n";
$returnval = FALSE;
}
return $returnval;
} // end function usernameverify()
// ////////////////////////////////////////////////////////////////
function passwordplainverify($passwordplain) {
// assume TRUE until proven false
$returnval = TRUE;
// we should do some tests here
// but mostly just for length, not all that fancy stuff.
// but: we will want to offer to auto-generate a plaintext password
$ppstrlen = strlen($passwordplain);
if ($ppstrlen < 8) {
echo "password should be at least 8 characters\n";
$returnval = FALSE;
}
return $returnval;
} // end function passwordplainverify()
// ////////////////////////////////////////////////////////////////
function genpassverify($genpassverify) {
// let us make our tests and comparisons case-insensitive
$lowergpv = strtolower($genpassverify);
if ( ( $lowergpv == "n") || ($lowergpv == "no") || ($lowergpv == "y") || ($lowergpv == "yes") ) {
$returnval = TRUE;
} else {
echo "please indicate n or no, y or yes\n";
$returnval = FALSE;
}
return $returnval;
} // end function genpassverify()
// ////////////////////////////////////////////////////////////////
function genuserverify($genuserverify) {
// let us make our tests and comparisons case-insensitive
$lowerguv = strtolower($genuserverify);
if ( ( $lowerguv == "n") || ($lowerguv == "no") || ($lowerguv == "y") || ($lowerguv == "yes") ) {
$returnval = TRUE;
} else {
echo "please indicate n or no, y or yes\n";
$returnval = FALSE;
}
return $returnval;
} // end function genuserverify()
// end function sink
// ////////////////////////////////////////////////////////////////
// start get information at command line: vhostsubdomain, vhostusername, vhostpassword
// also, generate and derive values
echo "\naddvhost.php\n";
echo "Add a virtual host to Apache\n\n";
// ask and validate inputs
// the readline is trapped in a loop until vhostsubdomainverify() is satisfied
// function will also echo text to the console with reasons for rejection to assist the client
// bad string format or vhost appears to exist already, etc.
// ////////////////////////////////////////////////////////////////
// vhostsubdomain
$vhostsubdomain = "";
while (!$vhostsubdomain || !vhostsubdomainverify($vhostsubdomain) ) {
$vhostsubdomain = readline("Enter domain xxxxxxxx.xxx or subdomain xxxxxxxx.xxxxxxxx.xxx: ");
}
// putting this here because it is right after we have the $vhostsubdomain string, and just before we need it for $genuseranswer
// will also need this later for derived values like the $vhostwebdir
$vhostsubdomainund = str_replace(".","_",$vhostsubdomain);
// should we prepend with www. as well?
$prependanswer = "";
while (!$prependanswer || !prependverify($prependanswer) ) {
$prependanswer = readline("Do you wish to prepend the subdomain www.$vhostsubdomain as well (n/y)? ");
}
$prependanswer = strtolower($prependanswer);
// ////////////////////////////////////////////////////////////////
// vhostusername
// default username
// should we offer to automatically generate a username based on the subdomain host name?
$genuseranswer = "";
while (!$genuseranswer || !genuserverify($genuseranswer) ) {
$genuseranswer = readline("Generate a username? ");
}
$genuseranswer = strtolower($genuseranswer);
if ( ($genuseranswer=="yes") || ($genuseranswer=="y") ) {
// generate a username
// we are counting on the novel construction of this name with _ modeled on subdomain
$vhostusername = $vhostsubdomainund;
$vhostusernamestrlen = strlen($vhostusername);
// the unique stuff is closer to the front
// so we will truncate to first 32 characters
if ($vhostusernamestrlen > 32) {
$vhostusername = substr($vhostusername,0,32);
}
// what does finger return?
$fingerstr2 = shell_exec("finger $vhostusername 2>&1");
if (!str_contains("$fingerstr2","no such user") ) {
echo "finger found this username to already be in use\n";
exit();
}
} else {
// the client said no to automatic generation of username so we will ask for one
$vhostusername = "";
while (!$vhostusername || !usernameverify($vhostusername) ) {
$vhostusername = readline("Enter username: ");
}
} // end if ($genuseranswer=="yes")
// ////////////////////////////////////////////////////////////////
// vhostpasswordplain
// should we offer to automatically generate a plaintext password?
$genpassanswer = "";
while (!$genpassanswer || !genpassverify($genpassanswer) ) {
$genpassanswer = readline("Generate a plaintext password? ");
}
$genpassanswer = strtolower($genpassanswer);
if ( ($genpassanswer=="yes") || ($genpassanswer=="y") ) {
// generate a random plaintext password
$vhostpasswordplain = "";
$passwordlength = "8";
$posscharsplain = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
$posscharssymbols = '!@#%*?';
$posscharspstrlen = strlen($posscharsplain);
$posscharssstrlen = strlen($posscharssymbols);
// first the plain characters
for ($i=0;$i<($passwordlength-1);$i++) {
$randomint = random_int(0,$posscharspstrlen-1);
$randomchar = substr($posscharsplain,$randomint,1);
$vhostpasswordplain .= $randomchar;
} //end for $i
// now the symbol character
$randomint = random_int(0,$posscharssstrlen-1);
$randomchar = substr($posscharssymbols,$randomint,1);
$vhostpasswordplain .= $randomchar;
// now shuffle the string so the symbol position moves and as bonus the string is different
$vhostpasswordplain = str_shuffle($vhostpasswordplain);
} else {
// the client said no to automatic generation of plaintext, so we will ask for one
$vhostpasswordplain = "";
while (!$vhostpasswordplain || !passwordplainverify($vhostpasswordplain) ) {
$vhostpasswordplain = readline("Enter plaintext password: ");
}
} // end if ($genpassanswer=="yes")
// ////////////////////////////////////////////////////////////////
// vhostpasswordhashed (transformation)
// yes, i tried password_hash() -- it did not work for SHA512, this does.
// tip: apt install whois to get mkpasswd command
$vhostpasswordhashed = shell_exec("mkpasswd -m sha-512 $vhostpasswordplain");
// remove linefeed from the string
$vhostpasswordhashed = str_replace("\n","",$vhostpasswordhashed);
// ////////////////////////////////////////////////////////////////
// end get information at command line: vhostsubdomain, vhostusername, vhostpassword
// ////////////////////////////////////////////////////////////////
// start print collected values
$vhosthomedir = "$bvhwb/$vhostusername";
$vhostwebdir = "$bvhwb/$vhostusername/$vhostsubdomain";
echo "\nvalues collected, generated, and derived\n\n";
echo "vhostsubdomain: $vhostsubdomain\n";
echo "prependanswer: $prependanswer\n";
echo "vhostusername: $vhostusername\n";
echo "genpassanswer: $genpassanswer\n";
if ($echoplaintextpasswords) {
echo "vhostpasswordplain: $vhostpasswordplain\n";
}
echo "vhostpasswordhashed: $vhostpasswordhashed\n";
echo "vhosthomedir: $vhosthomedir\n";
echo "vhostwebdir: $vhostwebdir\n";
// ////////////////////////////////////////////////////////////////
// end print collected values
// ////////////////////////////////////////////////////////////////
// start engine section
// ////////////////////////////////////////////////////////////////
// create the $vhostusername with $vhosthomedir and $vhostpasswordhashed
// build the string, look at the string, then maybe do a shell_exec of the string
$shelluseraddstr = "useradd -m -d '$vhosthomedir' '$vhostusername' -s '/usr/bin/bash' -p '$vhostpasswordhashed'";
// disable for production
// echo "shelluseraddstr: $shelluseraddstr\n";
// so it will always be declared
$shelluseraddret = "";
// disable for testing other conditions without committing to this
$shelluseraddret = shell_exec($shelluseraddstr);
//echo "shelluseraddret: $shelluseraddret\n";
// non-null (non-0) exit value from shell indicates an error
if ($shelluseraddret) {
echo "ERROR: there was a problem executing the shell command to create the vhostusername $vhostusername. Stopping.\n";
exit();
} else {
//echo "SUCCESS: the vhostusername $vhostusername was created\n";
}
echo "\n";
// ////////////////////////////////////////////////////////////////
// mkdir $vhostwebdir
$mkdirvhostwebdirret = mkdir($vhostwebdir,0775,TRUE);
if (!$mkdirvhostwebdirret) {
echo "ERROR: there was a problem creating the vhostwebdir $vhostwebdir. Stopping\n";
exit();
} else {
//echo "SUCCESS: the vhostwebdir $vhostwebdir was created.\n";
}
// ////////////////////////////////////////////////////////////////
// fwrite $vhostwebdir/index.php
$indexfilecontents = "<?PHP\n\necho \"<p>$vhostsubdomain</p>\\n\";\n";
$fh1 = fopen("$vhostwebdir/index.php","w");
$filesuccess1 = fwrite($fh1,$indexfilecontents);
fclose($fh1);
if ($filesuccess1) {
//chown root $vhosthomedir
$vhosthomedirownretu1 = chown("$vhosthomedir","root");
if ($vhosthomedirownretu1) {
//echo "SUCCESS chown root $vhosthomedir\n";
} else {
echo "ERROR chown root $vhosthomedirdir not successful\n";
exit();
}
//chgrp root $vhosthomedir
$vhosthomedirownretg1 = chgrp("$vhosthomedir","root");
if ($vhosthomedirownretg1) {
//echo "SUCCESS chgrp root $vhosthomedir\n";
} else {
echo "ERROR chgrp root $vhosthomedirdir not successful\n";
exit();
}
//echo "SUCCESS indexfile written to file: $vhostwebdir/index.php\n";
// chmod the $vhostwebdir
chmod("$vhostwebdir", 0755);
$vhostwebdirperms = substr(sprintf('%o', fileperms("$vhostwebdir")), -4);
//echo "vhostwebdirperms: $vhostwebdirperms\n";
if ($vhostwebdirperms == "0755") {
//echo "SUCCESS chmod 755 $vhostwebdir\n";
} else {
echo "ERROR chmod 755 $vhostwebdir not successful. Stopping.\n";
exit();
}
// chown $vhostusername $vhostwebdir
$vhostwebdirownretu1 = chown("$vhostwebdir",$vhostusername);
if ($vhostwebdirownretu1) {
//echo "SUCCESS chown $vhostusername $vhostwebdir\n";
} else {
echo "ERROR chown $vhostusername $vhostwebdir not successful\n";
exit();
}
// chgrp $vhostusername $vhostwebdir
$vhostwebdirownretg1 = chgrp("$vhostwebdir",$vhostusername);
if ($vhostwebdirownretu1) {
//echo "SUCCESS chgrp $vhostusername $vhostwebdir\n";
} else {
echo "ERROR chgrp $vhostusername $vhostwebdir not successful\n";
exit();
}
// chmod the $vhostwebdir/index.php
chmod("$vhostwebdir/index.php", 0755);
$vhostindexperms = substr(sprintf('%o', fileperms("$vhostwebdir/index.php")), -4);
//echo "vhostindexperms: $vhostindexperms\n";
if ($vhostindexperms == "0755") {
//echo "SUCCESS chmod 755 $vhostwebdir/index.php\n";
} else {
echo "ERROR chmod 755 $vhostwebdir/index.php not successful. Stopping.\n";
exit();
}
// chown $vhostusername $vhostwebdir/index.php
$vhostindexownretu1 = chown("$vhostwebdir/index.php",$vhostusername);
if ($vhostindexownretu1) {
//echo "SUCCESS chown $vhostusername $vhostwebdir/index.php\n";
} else {
echo "ERROR chown $vhostusername $vhostwebdir/index.php not successful\n";
exit();
}
// chgrp $vhostusername $vhostwebdir/index.php
$vhostindexownretg1 = chgrp("$vhostwebdir/index.php",$vhostusername);
if ($vhostindexownretu1) {
//echo "SUCCESS chgrp $vhostusername $vhostwebdir/index.php\n";
} else {
echo "ERROR chgrp $vhostusername $vhostwebdir/index.php not successful\n";
exit();
}
} else {
echo "ERROR indexfile not written to file: $vhostwebdir/index.php\n";
exit();
}
// ////////////////////////////////////////////////////////////////
// fwrite $bvhostconfdir/$vhostsubdomain.conf
$timestring = date("Y/m/d H:i:s T");
$vhostconffilecontents = "# generated $timestring by addvhost.php\n";
$vhostconffilecontents .= "<VirtualHost $vhostip:80>\n";
$vhostconffilecontents .= "<IfModule mpm_itk_module>\n";
$vhostconffilecontents .= "\tAssignUserID $vhostusername $vhostusername\n";
$vhostconffilecontents .= "</IfModule>\n";
$vhostconffilecontents .= "ServerName $vhostsubdomain\n";
if ( ($prependanswer == "y") || ($prependanswer == "yes") ) {
$vhostconffilecontents .= "ServerAlias www.$vhostsubdomain\n";
}
$vhostconffilecontents .= "DocumentRoot $vhostwebdir\n";
$vhostconffilecontents .= "ServerAdmin $vhostserveradmin\n";
$vhostconffilecontents .= "CustomLog /var/log/apache2/$vhostsubdomain-access_log combined\n";
$vhostconffilecontents .= "ErrorLog /var/log/apache2/$vhostsubdomain-error_log\n";
$vhostconffilecontents .= "</VirtualHost>\n";
// disable in production
// echo "vhostconffilecontents = \n$vhostconffilecontents\n";
// write the text file
$fh2 = fopen("$bvhostconfdir/$vhostsubdomain.conf","w");
$filesuccess2 = fwrite($fh2,$vhostconffilecontents);
fclose($fh2);
if ($filesuccess2) {
//echo "SUCCESS virtual host config written to file: $bvhostconfdir/$vhostsubdomain.conf\n";
} else {
echo "ERROR virtual host config not written to file: $bvhostconfdir/$vhostsubdomain.conf\n";
exit();
}
// ////////////////////////////////////////////////////////////////
// shell_exec a2ensite $bvhostconfdir/$vhostsubdomain.conf
// so it will always be declared
$shella2enret = "";
// disable for testing other conditions without committing to this
$shella2enret = shell_exec("a2ensite $vhostsubdomain.conf");
//echo "shella2enret: $shella2enret\n";
// non-null (non-0) exit value from shell indicates an error
if ( str_contains($shella2enret,"ERROR") ) {
//echo "ERROR: there was a problem executing the shell command to enable the vhostsubdomain $vhostsubdomain. Stopping.\n";
exit();
} else {
echo "SUCCESS: enabled vhostsubdomain $vhostsubdomain\n";
}
// ////////////////////////////////////////////////////////////////
// echo to console suggestion that systemctl restart apache2 be executed
echo "\n";
echo "Next steps:\n";
echo "This script did not restart apache2. That is up to you.\n";
echo "systemctl restart apache2\n";
echo "validate site on port 80\n";
echo "run certbot --apache to expand ssl cert\n";
echo "systemctl restart apache2\n";
echo "validate site on port 443\n";
echo "\n";
// ////////////////////////////////////////////////////////////////
// end engine section
Declaring the host name in DNS
Declare the host name in the DNS zone file for the domain:
Testing that the host name loads a “park page”
Use a web browser to visit the host name:
Executing commands as root
This chapter assumes that you are logged in as the root user. If you are not already root, escalate using this command:
sudo su
Installing the finger, whois, and unzip utilities
This script depends on the finger, whois, and unzip utilities.
Enter this command:
apt install finger whois unzip
Downloading and uncompressing the addvhost.zip file
Completing the addvhost.php questionnaire, entering a username and a plaintext password
In this example, we decline the option to generate a username, and enter a value for the username. We also decline the option to generate a plaintext password, and enter a value for the plaintext password.
root@server01:~# addvhost.php
addvhost.php
Add a virtual host to Apache
Enter domain xxxxxxxx.xxx or subdomain xxxxxxxx.xxxxxxxx.xxx: webpresencestepbystep.ca
Do you wish to prepend the subdomain www.webpresencestepbystep.ca as well (n/y)? y
Generate a username? n
Enter username: webuserca
Generate a plaintext password? n
Enter plaintext password: password
values collected, generated, and derived
vhostsubdomain: webpresencestepbystep.ca
prependanswer: y
vhostusername: webuserca
genpassanswer: n
vhostpasswordplain: password
vhostpasswordhashed: $6$IdLp5YrW.Z3Tvnm$hlRvIBour47UcZrVm0QA2YgLp2z3C3e5W7PwiS3o.KbZz.mtFeCvWdew/eemdec3Wz9t.WEIuIm3Q2EKTuXYd1
vhosthomedir: /usr/web/webuserca
vhostwebdir: /usr/web/webuserca/webpresencestepbystep.ca
SUCCESS: enabled vhostsubdomain webpresencestepbystep.ca
Next steps:
This script did not restart apache2. That is up to you.
systemctl restart apache2
validate site on port 80
run certbot --apache to expand ssl cert
systemctl restart apache2
validate site on port 443
Enter this command:
systemctl restart apache2
Enter this command:
certbot --apache
Enter this command:
systemctl restart apache2
Visiting the virtual host
Use a web browser to visit the host name:
Completing the addvhost.php questionnaire, accepting a generated username and plaintext password
In this example, we accept the option to generate a username. We also accept the option to generate a plaintext password.
Take careful note of the plaintext password value, as shown in the “vhostpasswordplain” field.
root@server01:~# addvhost.php
addvhost.php
Add a virtual host to Apache
Enter domain xxxxxxxx.xxx or subdomain xxxxxxxx.xxxxxxxx.xxx: webpresencestepbystep.com
Do you wish to prepend the subdomain www.webpresencestepbystep.com as well (n/y)? y
Generate a username? y
Generate a plaintext password? y
values collected, generated, and derived
vhostsubdomain: webpresencestepbystep.com
prependanswer: y
vhostusername: webpresencestepbystep_com
genpassanswer: y
vhostpasswordplain: NQeQ2%VT
vhostpasswordhashed: $6$Woe9pPUwnXqUP$9RW60p6SSNfqLJSi4BeAyhe89mBpyTELk2/at7eJcKqou5Q9Y6Nti4P7EoyTV0CBfin6SxlvNHvkZjrpEGxxX0
vhosthomedir: /usr/web/webpresencestepbystep_com
vhostwebdir: /usr/web/webpresencestepbystep_com/webpresencestepbystep.com
SUCCESS: enabled vhostsubdomain webpresencestepbystep.com
Next steps:
This script did not restart apache2. That is up to you.
systemctl restart apache2
validate site on port 80
run certbot --apache to expand ssl cert
systemctl restart apache2
validate site on port 443
Web presence step by step is a series of posts that show you to how to build a web presence.
In this chapter we install and configure dwservice.net to provide remote technical support as an alternative to TeamViewer.
dwservice.net allows a client to share their computer’s desktop so you can provide technical support
When you build and maintain technical systems, you need to support the clients of those systems, including customers, colleagues, and contractors. dwservice.net allows you to invite a client to share their computer’s desktop so you can provide technical support.
Enter the username and password displayed on the Windows workstation running the dwservice.net client, click on “Sign in”:
Resources available on the Windows workstation
This page shows the resources available on the Windows workstation:
Screen (remote desktop)
Remote control of the desktop of the Windows workstation:
Files and Folders
Access to the filesystem on the Windows workstation:
Shell
Access to the operating system shell prompt on the Windows workstation:
Installing the dwservice.net client on a Windows workstation to enable unattended access
Right-click on the “dwagent.exe” file. Select “Run as administrator”:
Select “Install,” click on “Next”:
Select “Yes,” click on “Next”:
Select “Creating a new agent, click on “Next”:
Enter the username and password of a valid dwservice.net account in the “DWS user” and DWS password” fields. Enter a name to describe the workstation in the “Agent name” field. Click on “Next”:
Enter the username and password displayed on the MacOS workstation running the dwservice.net client, click on “Sign in”:
Resources available on the MacOS workstation
This page shows the resources available on the MacOS workstation:
Screen (remote desktop)
Remote control of the desktop of the MacOS workstation:
Files and Folders
Access to the filesystem on the MacOS workstation:
Shell
Access to the operating system shell prompt on the MacOS workstation:
Installing the dwservice.net client on a MacOS workstation to enable unattended access
Click on “Open”:
Select “Install,” click on “Next”:
enter the “User Name” and “Password” for the MacOS workstation, click on “OK”:
Click on “Next”:
Select “Yes,” click on “Next”:
Select “Creating a new agent,” click on “Next”:
Enter the username and password of a valid dwservice.net account in the “DWS user” and DWS password” fields. Enter a name to describe the workstation in the “Agent name” field. Click on “Next”:
Enter the username and password displayed on the Linux workstation running the dwservice.net client, click on “Sign in”:
Resources available on the Linux workstation
This page shows the resources available on the Linux workstation:
Screen (remote desktop)
Remote control of the desktop of the Linux workstation:
Files and Folders
Access to the filesystem on the Linux workstation:
Shell
Access to the operating system shell prompt on the Linux workstation:
Installing the dwservice.net client on a Linux workstation to enable unattended access
Open a terminal window on the Linux desktop. Change to the folder where the file was downloaded.
Use “sudo su” to become root if you have not already done so. enter these commands:
Enter this command:
bash dwagent.sh
Select “Install,” click on “Next”:
Click on “Next”:
Select “Yes,” click on “Next”:
Enter the username and password of a valid dwservice.net account in the “DWS user” and DWS password” fields. Enter a name to describe the workstation in the “Agent name” field. Click on “Next”:
Creating the MySQL database that will store data for the Live Helper Chat software
Enter this command:
mysql -u root -p
In the MySQL console, enter these commands (where ‘xxxxxx’ is your password):
create user lhc01@localhost;
set password for lhc01@localhost = 'xxxxxx';
create database lhc01;
use lhc01;
grant all privileges on * to lhc01@localhost;
quit
Downloading the zip file containing the Live Helper Chat software
Using Filezilla, connect to the Ubuntu Linux cloud server you created in Chapter 3: Buying an Ubuntu Linux cloud server from Digital Ocean. On the right (remote) side, select the directory that contains the documents for your website. On the left (local) side, select the directory that contains the “lhc_web” directory. Right-click or command-click on the directory, select Upload:
The transfer completes:
Installing the Live Helper Chat software using the Live Helper Chat installation wizard
Complete the field as shown below. Click “Finish installation”:
Click “Login here”:
Generating the Live Helper Chat JavaScript text to add to an HTML header
(Note: for our example domain, we can visit this site at https://linuxstepbyste.com/lhc_web/index.php/site_admin)
Enter your username and password. Click “Login”:
Click on “Settings”:
Under “Mobile,” click on “Settings”:
Select the checkbox “Enable notifications,” click on “Save”:
Click on “Settings”:
Click on “Embed code”:
Click on “Widget embed code (new):
Complete the fields and select the options as required for your site. Copy the code from the text area to the page where you would like the web chat window to appear:
Embedding Live Helper Chat in a WordPress site
To embed the Live Helper Chat application in a WordPress site, we must first install the Insert Headers and Footers plugin for WordPress.
Installing the Insert Headers and Footers WordPress plugin
In your WordPress control panel, click on “Plugins,” then click on “Add New”:
In the search window, enter the text “insert headers and footers,” locate the plugin “Insert Headers and Footers,” click on “Install Now”:
Click on “Activate”:
Click on “Settings,” then click on “Insert Headers and Footers”:
Adding the JavaScript code using the Insert Headers and Footers WordPress plugin
Complete the fields as shown.
Scroll to the bottom of the page. Paste the JavaScript code you generated earlier in the section “Generating the Live Help Chat JavaScript text to add to an HTML header” to the field “Scripts in Footer,” click “Save”:
Cick on “Visit Site”:
The chat window is visible on the WordPress site:
Texting between the site’s visitors and the site’s operators:
Embedding Live Helper Chat in a simple web page
We can add the Live Helper Chat text chat window to a simple web page.
Using an SSH terminal program, connect to your Ubuntu Linux cloud server. Change to the directory containing the documents for your website. Enter the command:
nano test.html
Paste the JavaScript code you generated in the section “Generating the Live Help Chat JavaScript text to add to an HTML header,” press Control-X to save and exit the file:
Enter these commands (where username is the username that owns the documents for the website):
From the MySQL console prompt, enter these commands (use a unique password in place of ‘xxxxxx’):
create user bb01@localhost;
set password for bb01@localhost = 'xxxxxx';
create database bb01;
use bb01;
grant all privileges on * to bb01@localhost;
quit
Installing the php-gd extension
In order to generate graphics representing captchas, we need to install the php-gd extension.
Enter the command:
apt install php-gd
Enter the command:
systemctl restart apache2
Configuring a Gmail account to allow MyBB to send email messages
Uncompressing the zip file extracts 2 directories: “Documentation,” and “Upload”:
Renaming the directory named “Upload” to “community”
Rename the “Upload” directory to “community”:
Using FileZilla to upload the community directory to the directory containing the documents for your website
We will use the FileZilla file transfer program to upload the directory renamed as “community” to the directory containing the documents for your website.
If you need detailed instructions on how to install and use FileZilla on Windows, MacOS, or Linux
Using Filezilla, connect to the Ubuntu Linux cloud server you created in Chapter 3: Buying an Ubuntu Linux cloud server from Digital Ocean. On the right (remote) side, select the directory that contains the documents for your website. On the left (local) side, select the directory that contains the “community” directory. Right-click or command-click on the directory, select Upload:
The transfer completes:
Installing the MyBB software using the MyBB installation wizard
For our example domain, we will visit:
https://linuxstepbystep.com/community
(substitute your domain name)
Click “Next”:
Click “Next”:
Click “Next”:
Complete the fields as show below. Click “Next”:
Scroll to the bottom of the web page. Click “Next”:
Click “Next”:
Click “Next”:
Complete the fields as show below. Click “Next”:
Complete the fields as show below. Click “Next”:
This screen will display when we have finished:
Visiting the community forum site
For our example domain, we will visit:
https://linuxstepbystep.com/community
(substitute your domain name)
Logging into the admin account
Enter the username and password for the admin user. Click “Login”:
Click on “Admin CP”:
Enter the username and password for the admin user. Enter the secret PIN. Click “Login”:
Configuring the MyBB community forum site
Click on “Configuration”:
Scroll towards the bottom of the web page:
Click on “Mail Settings”:
Configure settings for “Mail handler”
Mail handler: select "SMTP mail" SMTP hostname: smtp.gmail.com SMTP port: 587 SMTP username: the address of the gmail account you selected or created earlier in this procedure SMTP Encryption Mode: select "TLS encryption"
Click “Save Settings”:
Click on “Login and Registration Options”:
For “Registration Method,” select “Send Email Verification”:
Scroll to the bottom of the web page. Click on “Save Settings”:
Registering as a new user on the community forum site
Use a web browser to visit the community forum site. Click on “Register.” On the page titled “Registration Agreement,” consider then if you decide click “I agree”:
Complete the fields as show in the example below. Click “Submit Registration!”:
MyBB displays this message:
Check the email account you provided during registration. View the message sent by MyBB community forum site:
To activate your account, click on the link in the email:
Welcome as a member:
We will create a post. Click on “My Forum”:
Click on “Post Thread”:
In the field “Thread Subject:” enter a subject.
In the field “Your Message:” enter the text of a message.
This post describes how to create a BASH script that opens the KVM virtual network adapter to outside traffic, and forwards ports from the KVM host to the KVM guest using iptables and Network Address Translation (NAT).
The KVM virtual network adapter rejects packets from the outside world by default
By default, the virtual network adapter for KVM (virbr0) is configured to block network traffic originating from outside the host computer. This can be resolved with iptables directives, which will be described below.
You do not need to use /etc/ufw/before.rules or /etc/libvirt/hooks/qemu to forward ports to a KVM guest
Many Internet articles and posts on this subject give the incorrect impression that the only way to forward ports to a KVM guest is via UFW and its /etc/ufw/before.rules file, and/or that you need to create a post-configuration script as a qemu “hook” in the /etc/libvirt/hooks/qemu file. You can open the virtual network adapter to outside traffic and forward ports to the KVM guest under NAT solely using iptables directives.
An example of a BASH script that opens the virtual adapter to outside traffic, and forwards ports from the host to the guest
To illustrate the solution, here is a sample BASH script that contains iptables directives that open the virtual adapter to outside traffic, and forwards ports 80/tcp, 443/tcp, and 8022/tcp from the host to the guest.
A note about the source code view below
For formatting reasons, the text is limited to a fixed width. To fully view the text, you can scroll to the right to see the ends of lines, or use the print view for this blog post.
A PHP script that generates a BASH script that opens the virtual network adapter to outside traffic, and forwards ports from the host to the guest
This script runs the ifconfig and virsh commands to compile lists of possible WAN interfaces and KVM guests. This script prompts for choices at console, and generates a text file containing a BASH script with iptables directives that open the virtual adapter to outside traffic, and forward ports from the host to the guest using network address translation (NAT).
A note about the source code view below
For formatting reasons, the text is limited to a fixed width. To fully view the text, you can scroll to the right to see the ends of lines, or use the print view for this blog post.
To view the source code in an another text editor, download and uncompress the zip file described below, or select and copy the text from the source code example below, and paste the text into a file on your computer called “forwardportstoguest.php”
Consider copying the file to your server’s /usr/bin directory with a chmod of 755 so that it can be executed from the system path. Steps to do so are included in the procedure below.
Saving the PHP script to a file called forwardportstoguestgenerator.php
Uncompress the zip file to extract the file “forwardportstoguestgenerator.php” then copy the file to your KVM host computer.
or
Select and copy the text from the source code example above, and paste the text into a file on your computer called “forwardportstoguestgenerator.php”
#!/usr/bin/php
<?PHP
// forwardportstoguestgenerator.php
// v0102
// scan ifconfig and virsh, create iptables directives to forward ports to kvm guests
// chmod this script 755 to run as ./forwardportstoguestgenerator.php or run with php forwardportstoguestgenerator.php
// writes to a text file the BASH script forwardportstoguestscript.sh
// 2021/04/07
// Gordon Buchan https://gordonbuchan.com
// MIT license https://mit-license.org
// overview
// run the command "ifconfig" to isolate potential wan adapter names and ip addresses
// infer the KVM subnet based on the first 3 sections of the ip address of the "virbr0" adapter
// run the command "virsh net-dhcp-leases default" to isolate potential kvm guest names and ip addresses
// ask client to choose WAN adapter
// ask client to choose KVM guest
// create a batch file containing iptables directives to open the virtual adapter to packets from outside the host
// and to forward ports from the host adapter to the KVM guest adapter 80/tcp, and 443/tcp, 8022/tcp
// //////////////////////////////////////////////////////////////////////////////////
// start function sink
// str_contains() polyfill for pre PHP8
if (!function_exists('str_contains')) {
function str_contains(string $haystack, string $needle): bool
{
return '' === $needle || false !== strpos($haystack, $needle);
}
}
// end function sink
// //////////////////////////////////////////////////////////////////////////////////
// start get the WAN adapter names and ip addresses
// capture output of ifconfig command to variable $ifcstr
$ifcstr = `ifconfig`;
// convert string $ifcstr to array of lines $ifcstrarr
// use linefeed as field delimiter in array population
$ifcstrarr = explode("\n",$ifcstr);
// count lines in the array
$ifcstrarrnumlines = count($ifcstrarr);
$adnamestrarr = array();
$adipstrarr = array();
$kvmsubnet = "";
// iterate through array of lines
for ( $i=0;$i<$ifcstrarrnumlines;$i++) {
if ( str_contains($ifcstrarr[$i],"flags")) {
$flagsstr = "flags";
$flagsstrloc = strpos("$ifcstrarr[$i]", $flagsstr) - 2;
$adnamestr = substr($ifcstrarr[$i],0,$flagsstrloc);
} // close if str contains "flags"
// we will eventually filter virbr0, but for now we can find out the subnet for the KVM guest network
if ( str_contains($ifcstrarr[$i],"inet") && !str_contains($ifcstrarr[$i],"inet6") ) {
$inetstr = "inet";
$inetstrloc = strpos("$ifcstrarr[$i]",$inetstr) + 5;
$adipstr = substr($ifcstrarr[$i],$inetstrloc,"20");
$spacestrloc = strpos("$adipstr"," ");
// trimming the variable
$adipstr = substr($adipstr,0,$spacestrloc);
if (str_contains($adnamestr,"virbr0")) {
// start infer KVM subnet
// //////////////////////////////////////////////////////////
// do stuff here to get the virbr0 ip address so we can infer subnet
$kvmsubnetraw = $adipstr;
$lastdotloc = strrpos($kvmsubnetraw,".");
$kvmsubnet = substr($kvmsubnetraw,0,$lastdotloc) . ".0/24";
echo "\nKVM subnet\nkvmsubnet: $kvmsubnet\n\n";
// end infer KVM subnet
// //////////////////////////////////////////////////////////
} else {
// stuff the arrays they will match by number because done at same time
// filter for loopback device
if (!($adipstr == "127.0.0.1")) {
$adnamestrarr[] = $adnamestr;
$adipstrarr[] = $adipstr;
}
}
} // close if str contains "inet"
} // end for $i
//so we are always defined
$adnamestrarrnumlines = "";
$adnamestrarrnumlines = count ($adnamestrarr);
if (!$adnamestrarrnumlines) {
echo "no WAN adapters found.\nStopping.\n";
exit();
}
// if we do not have a KVM subnet, then something is wrong. Stop.
if (!$kvmsubnet) {
echo "KVM subnet not detected. Stopping.\n";
exit();
}
// end get the WAN adapter names and ip addresses
// //////////////////////////////////////////////////////////////////////////////////
// start get the KVM guest names and ip addresses
// capture output of virsh command to variable $ifcstr
$virshleastr = `virsh net-dhcp-leases default`;
// convert string $virshleastr to array of lines $virshleastrarr
// use linefeed as field delimiter in array population
$virshleastrarr = explode("\n",$virshleastr);
// count lines in the array
$virshleastrarrnumlines = count($virshleastrarr);
$kvmnamestrarr = array();
$kvmipstrarr = array();
// iterate through array of lines
for ( $j=0;$j<$virshleastrarrnumlines;$j++) {
if ( str_contains($virshleastrarr[$j],"ipv4")) {
$ipv4str = "ipv4";
$ipv4strloc = strpos("$virshleastrarr[$j]", $ipv4str) + 11;
$kvmlinestr = substr($virshleastrarr[$j],$ipv4strloc,50);
$slashstr = "/";
$slashstrloc = strpos("$kvmlinestr",$slashstr);
$kvmipstr = substr($kvmlinestr,0,$slashstrloc);
$kvmnamestr = substr($kvmlinestr,$slashstrloc+5,12);
$kvmnamestr = trim($kvmnamestr);
//stuff the arrays they will match by number because done at same time
$kvmnamestrarr[] = $kvmnamestr;
$kvmipstrarr[] = $kvmipstr;
} // close if str contains "ipv4"
} // end for $j
$kvmnumlines = count ($kvmnamestrarr);
if (!$kvmnumlines) {
echo "no VM guest DHCP leases found. Please start a VM.\nStopping.\n";
exit();
}
// end get the KVM guest names and ip addresses
// //////////////////////////////////////////////////////////////////////////////////
// start ask client to choose WAN adapter
// show the possible WAN adapters as a numbered list to console:
echo "WAN adapters\n";
for ($k=0;$k<$adnamestrarrnumlines;$k++) {
$displaynum = $k + 1;
echo "$displaynum. $adnamestrarr[$k] $adipstrarr[$k]\n";
}
echo "\n";
// use readline function to ask questions interactively
// trap function in a while condition for sanity checking on input until satisfied
$wananswer = "";
while (!$wananswer || ($wananswer>$displaynum) || !is_numeric($wananswer) ) {
$wananswer = readline("Please choose a WAN adapter (1-$displaynum): ");
}
echo "choice entered: $wananswer\n";
// because humans start at 1 and computers start at 0
$wanchoiceminus = $wananswer - 1;
$wanadaptername = $adnamestrarr[$wanchoiceminus];
$wanadapterip = $adipstrarr[$wanchoiceminus];
echo "\n";
echo "wanadaptername: $wanadaptername\n";
echo "wanadapterip: $wanadapterip\n";
echo "\n";
// end ask client to choose WAN adapter
// //////////////////////////////////////////////////////////////////////////////////
// start ask client to choose KVM guest
// show the possible KVM guests as a numbered list to console:
echo "KVM guests\n";
echo "(hint: if a VM is not listed here, start the VM so it gets a DHCP lease)\n";
for ($m=0;$m<$kvmnumlines;$m++) {
$displaynum = $m + 1;
echo "$displaynum. $kvmnamestrarr[$m] $kvmipstrarr[$m]\n";
}
echo "\n";
// use readline function to ask questions interactively
// trap function in a while condition for sanity checking on input until satisfied
$kvmanswer = "";
while (!$kvmanswer || ($kvmanswer>$displaynum) || !is_numeric($kvmanswer) ) {
$kvmanswer = readline("Please choose a KVM guest (1-$displaynum): ");
}
echo "choice entered: $kvmanswer\n";
// because humans start at 1 and computers start at 0
$kvmchoiceminus = $kvmanswer - 1;
// we should not confuse kvm guest name with kvmadaptername
// we hardcode the name of the kvm adapter as the string "virbr0"
$kvmadaptername = "virbr0";
$kvmadapterip = $kvmipstrarr[$kvmchoiceminus];
echo "\n";
echo "kvmadaptername: $kvmadaptername\n";
echo "kvmadapterip: $kvmadapterip\n";
echo "\n";
// end ask client to choose KVM guest
// //////////////////////////////////////////////////////////////////////////////////
// start engine section
// construct the string variable containing the contents of the script file
$timestring = date("Y/m/d H:i:s T");
// start from nothing
$scriptcontents = "";
$scriptcontents .= "#!/usr/bin/bash\n";
$scriptcontents .= "# generated $timestring by forwardportstoguestgenerator.php v0102\n";
$scriptcontents .= "# Gordon Buchan https://gordonbuchan.com\n";
$scriptcontents .= "\n";
$scriptcontents .= "# values\n";
$scriptcontents .= "kvmsubnet=\"$kvmsubnet\"\n";
$scriptcontents .= "wanadaptername=\"$wanadaptername\"\n";
$scriptcontents .= "wanadapterip=\"$wanadapterip\"\n";
$scriptcontents .= "kvmadaptername=\"$kvmadaptername\"\n";
$scriptcontents .= "kvmadapterip=\"$kvmadapterip\"\n";
$scriptcontents .= "\n";
$scriptcontents .= "# allow virtual adapter to accept packets from outside the host\n";
$scriptcontents .= "iptables -I FORWARD -i \$wanadaptername -o \$kvmadaptername -d \$kvmsubnet -j ACCEPT\n";
$scriptcontents .= "iptables -I FORWARD -i \$kvmadapterip -o \$wanadaptername -s \$kvmsubnet -j ACCEPT\n";
$scriptcontents .= "# forward ports from host to guest\n";
$scriptcontents .= "iptables -t nat -A PREROUTING -i \$wanadaptername -d \$wanadapterip -p tcp --dport 80 -j DNAT --to-destination \$kvmadapterip:80\n";
$scriptcontents .= "iptables -t nat -A PREROUTING -i \$wanadaptername -d \$wanadapterip -p tcp --dport 443 -j DNAT --to-destination \$kvmadapterip:443\n";
$scriptcontents .= "iptables -t nat -A PREROUTING -i \$wanadaptername -d \$wanadapterip -p tcp --dport 8022 -j DNAT --to-destination \$kvmadapterip:22\n";
$scriptfilename = "forwardportstoguestscript.sh";
# write the text file
$fh = fopen("$scriptfilename","w");
$filesuccess = fwrite($fh,$scriptcontents);
fclose($fh);
if ($filesuccess) {
echo "SUCCESS script written to file: $scriptfilename\n";
chmod("$scriptfilename", 0755);
$scriptperms = substr(sprintf('%o', fileperms("$scriptfilename")), -4);
echo "scriptperms: $scriptperms\n";
if ($scriptperms == "0755") {
echo "SUCCESS chmod 755 $scriptfilename successful.\n";
} else {
echo "ERROR chmod 755 not $scriptfilename not successful.\n";
}
} else {
echo "ERROR script not written to file: $scriptfilename\n";
}
// end engine section
// /////////////////////
Executing as root
If you have not logged in as root, please escalate to root.
Enter this command:
sudo su
Installing php cli and net-tools
The PHP script requires the php cli and the ifconfig command from net-tools. The script also requires virsh, but you likely have that tool installed already if you are hosting KVM guests.
Ubuntu
Enter the command:
apt install php-cli net-tools
Fedora
Enter the command:
dnf install php-cli net-tools
Executing the PHP script forwardportstoguestgenerator.php to generate the BASH script forwardportstoguestscript.sh
Enter the command:
php forwardportstoguestgenerator.php
When prompted, choose a WAN adapter and a KVM guest.
You will see output similar to the following:
root@server:/usr/bin# php forwardportstoguestgenerator.php
KVM subnet
kvmsubnet: 192.168.122.0/24
WAN adapters
1. enx4ce1734b693e 192.168.46.123
2. wlp0s20f3 192.168.46.103
Please choose a WAN adapter (1-2): 1
choice entered: 1
wanadaptername: enx4ce1734b693e
wanadapterip: 192.168.46.123
KVM guests
(hint: if a VM is not listed here, start the VM so it gets a DHCP lease)
1. midland 192.168.122.174
Please choose a KVM guest (1-1): 1
choice entered: 1
kvmadaptername: virbr0
kvmadapterip: 192.168.122.174
SUCCESS script written to file: forwardportstoguestscript.sh
scriptperms: 0755
SUCCESS chmod 755 forwardportstoguestscript.sh successful.
Executing the BASH script forwardportstoguestscript.sh
Enter the command:
bash forwardportstoguestscript.sh
Testing the forwarded ports
Using a different workstation on the network, connect to the IP address of the computer hosting the KVM guest.
If you have forwarded the public-facing ports on your router to the IP address of the computer hosting the KVM guest, test whether traffic on the ports is forwarded to the KVM guest.
Complete the fields “Address,” “Country/Region,” “City,” “Post code,” Click “Continue”:
Click “No thanks”:
Check boxes that apply to your situation. Click “Continue”:
For now, we will limit ourselves to the free tier of services, “Physical products” and “Downloads.” Avoid checking the remaining boxes until you become more expert, as these additional options incur a monthly or annual cost cost. Click “Continue”:
Select answers to the questions. Click “Continue”:
For now, we will de-select the additional services. Click “Continue”:
Click “Continue with my active theme”:
Click “No thanks”:
Click “Next”:
Click “Next”:
Click “Let’s go”:
Configuring WooCommerce
The WooCommerce plugin page appears. The “Finish setup” wizard is displayed. Explore the wizard by completing the steps. We will not explore this wizard in detail as it is largely self-explanatory, and there are many permutations of possible choices specific to each business case.
Avoid “Set up payments” until you have learned more
Delay configuring payments for your store until the end. You should feel comfortable experimenting with the software before there are live financial consequences due to a link with a payment service.
Avoid Jetpack and WooCommerce Tax, set up taxes manually
In the “Set up tax” section, avoid the option “Install Jetpack and WooCommerce Tax,” and instead select the option “Set up manually.”
Start by setting tax rates manually. If you decide later that you need the functionality in the “Jetpack” and “WooCommerce Tax” tools, you can install them later.
Web presence step by step is a series of posts that show you to how to build a web presence.
In this chapter, we install and configure the WP Mail SMTP plugin for WordPress to enable WordPress to send email messages.
WordPress needs to be able to send emails
Some operations require that the WordPress software be able to send email messages. We need to choose or create a Gmail account from which messages will be sent. We need to configure that Gmail account with a web application and OAUTH2 authentication tokens. We need to install and configure the WP Mail SMTP plugin with information from the Gmail account.
Choosing or creating a Gmail account from which to send email messages
Choose an existing Gmail account, or create a new Gmail account. This account should not be the same email account you use for some other purpose, such as employee email. This Gmail account will be used by the WP Mail SMTP plugin for WordPress to send email messages. Login to this Gmail account.
Creating a web application and OAUTH2 authentication tokens
Check the box for “I agree to the Google Cloud Platform Terms of Service…” Select Country “I would like to receive periodic emails…” Select “No” Click “Agree and continue”:
Click “Go to credentials”:
Which API are you using? Gmail API
Which data will you be accessing? Web server (e.g. node.js, Tomcat)
Click “What credentials do I need?”:
Click “Set up consent screen”:
User Type Select “External”
Click “Create”:
Complete the fields as shown below (use your domain instead of the example domain)
Click “Save and continue”:
Click “Add users”:
Enter an email address. Click “Add”:
Click “Save and continue”:
You will see a screen similar to the following. Note that we are on the right tab. Click on the left tab:
Enter values for “Name,” “Authorized JavaScript engine.”
For the field “Authorized redirect URIs,” enter this value:
https://connect.wpmailsmtp.com/google/
Click “Refresh”:
Click “OAuth client ID”:
Click “Done”:
You will see a screen similar to the following:
Installing and Configuring the WP Mail SMTP plugin for WordPress
Go to the control panel for your WordPress blog software. Go to Plugins. Search for “smtp.” Click on the “Install Now” button next to “WP Mail SMTP by WPForms”:
Click “Activate”:
Select “Gmail”:
Enter the values for “Client ID” and “Client Secret” you obtained from the Gmail control panels earlier in this procedure. Enter this value for “Authorized redirect URI”:
https://connect.wpmailsmtp.com/google/
Click “Save Settings”:
Click “Allow plugin to send emails using your Google account”:
Select the Gmail account you chose to allow the WP SMTP Mail plugin for WordPress to send email messages:
Click “Continue”:
Click “Allow”:
Click “Allow”:
Sending a test message
Enter an email address. Click “Send Email”:
An email similar to the following should arrive in the test destination mailbox:
