Author: heros

Setup Nginx reverse proxy + Docker compose + IPv6 nat

Post author By heros
Post date August 27, 2024
No Comments on Setup Nginx reverse proxy + Docker compose + IPv6 nat

Setting up an Nginx reverse proxy with Docker Compose and IPv6 NAT might sound complex, but it’s a powerful combination for managing and securing web traffic.

In this guide, we’ll walk you through the steps to configure Nginx as a reverse proxy, use Docker Compose to manage containers, and set up IPv6 NAT (Network Address Translation) to ensure smooth and efficient communication across your network.

Whether you’re new to these tools or looking to improve your setup, this guide will help you get everything running smoothly.

This setup was tested using a RPM package-based distro, so the tool of choice is Dnf, but it could be Yum as well.

1 – Installing Docker

Preparing the repo and installing Docker:

# dnf config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo
# dnf install docker-ce docker-ce-cli containerd.io
# systemctl enable docker
# systemctl start docker

Install docker-compose:

# wget https://github.com/docker/compose/releases/download/v2.29.1/docker-compose-$(uname -s)-$(uname -m) -O /usr/local/bin/docker-compose

# chmod +x /usr/local/bin/docker-compose

2 – Adding IPv6 support to Linux and Docker

Prepare a Linux host and Docker to support IPv6 connections:

Make sure your Linux server has IPV6 enabled in your network card.

Enable IPv6 for all network interfaces.

# sysctl -w net.ipv6.conf.all.disable_ipv6=0
# sysctl -w net.ipv6.conf.default.disable_ipv6=0

Enable IPv6 for a specific network interface. I use the eth0 network interface in this example.

# sysctl -w net.ipv6.conf.eth0.disable_ipv6=0

It is also important to enable forward capabilities for IPv6 connections.

# sysctl -w net.ipv6.conf.all.forwarding=1
# sysctl -w net.ipv6.conf.eth0.proxy_ndp=1
# sysctl -w net.ipv6.conf.eth0.accept_ra=2
# sysctl -w net.ipv6.conf.default.forwarding=1

Apply the changes:

# sysctl -p

Restart your network service and check if your network card has an IPv6 assigned.

# ip -6 address show dev eth0

eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1460 qdisc fq_codel state UP group default qlen 1000
inet6 af30:a1cd:b319:c0f3:c5f8:cd0d:7700:493f/128 scope global dynamic valid_lft 2512sec preferred_lft 2452sec

# ping6 google.com 
PING google.com(in-in-f139.1e100.net (2607:f8b0:4001:c01::8b)) 56 data bytes
64 bytes from in-in-f139.1e100.net (2607:f8b0:4001:c01::8b): icmp_seq=1 ttl=115 time=0.658 ms
64 bytes from in-in-f139.1e100.net (2607:f8b0:4001:c01::8b): icmp_seq=2 ttl=115 time=0.699 ms
64 bytes from in-in-f139.1e100.net (2607:f8b0:4001:c01::8b): icmp_seq=3 ttl=115 time=0.712 ms

Create the file /etc/docker/daemon.json

Note that according to the IPv6 Nat project page (https://github.com/robbertkl/docker-ipv6nat), the network block must be in the range fc00::/7.

{
  "ipv6": true,
  "fixed-cidr-v6": "fd00:dead:beef::/64"
}

And restart the Docker service:

# systemctl restart docker

3 – Creating Docker Compose files

Now, we need to create the directory structure to launch the containers:

# mkdir -p /data/docker/nginx_config

# mkdir /data/docker/nginx_data

And create a docker-compose file:

# cd /data/docker

# vi docker-compose.yaml

docker-compose.yaml

services:
  redirect:
    container_name: redirect
    image: 'nginx:latest'
    depends_on:
      - ipv6nat
    environment:
      ENABLE_IPV6: true
    restart: unless-stopped
    ports:
      - target: 80
        published: 80
        protocol: tcp
        mode: host
      - target: 443
        published: 443
        protocol: tcp
        mode: host
    networks:
      private:
        ipv4_address: 172.19.0.2
        ipv6_address: fd00:dead:beef:abcd::2
    volumes:
      - ./nginx_config/nginx.conf:/etc/nginx/nginx.conf:ro
      - ./nginx_config/conf.d:/etc/nginx/conf.d/
      - ./nginx_config/ssl/fullchain.pem:/root/fullchain.pem:ro
      - ./nginx_config/ssl/privkey.pem:/root/privkey.pem:ro
      - ./nginx_data/:/var/log/nginx/
      - /etc/localtime:/etc/localtime:ro

  ipv6nat:
    container_name: ipv6nat
    image: robbertkl/ipv6nat
    restart: unless-stopped
    network_mode: "host"
    privileged: true
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - /lib/modules:/lib/modules:ro

networks:
  private:
    name: private
    driver: bridge
    enable_ipv6: true
    driver_opts:
      com.docker.network.enable_ipv6: "true"
      com.docker.network.bridge.gateway_mode_ipv6: "nat"
      com.docker.network.bridge.name: "private"
      com.docker.network.bridge.enable_icc: "true"
      com.docker.network.bridge.enable_ip_forwarding: "true"
      com.docker.network.bridge.enable_ip_masquerade: "true"
    ipam:
      driver: default
      config:
        - subnet: "172.19.0.0/16"
          gateway: "172.19.0.1"
        - subnet: "fd00:dead:beef:abcd::/64"

4 – Creating Nginx config files and directories

Nginx main config file.

/data/docker/nginx_config/nginx.conf

# nginx
user  nginx;
worker_processes  auto;

error_log  /var/log/nginx/error.log notice;
pid        /var/run/nginx.pid;

events {
worker_connections  1024;
}

http {
include       /etc/nginx/mime.types;
default_type  application/octet-stream;

# Logging NAT ip
set_real_ip_from 0.0.0.0/0;
set_real_ip_from ::/0;
real_ip_header X-Forwarded-For;
real_ip_recursive on;

log_format main '$remote_addr - $remote_user [$time_local] "$request" '
                '$status $body_bytes_sent "$http_referer" '
                '"$http_user_agent"';

access_log /var/log/nginx/access.log main;

# Basic Settings
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;

include /etc/nginx/conf.d/*.conf;
}

Create extra directories:

# mkdir /data/docker/nginx_config/conf.d
# mkdir /data/docker/nginx_config/ssl

Extended Nginx configuration files.

/data/docker/nginx_config/conf.d/proxy.conf

# Nginx proxy
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;

proxy_buffering off;
proxy_request_buffering off;
proxy_http_version 1.1;
proxy_intercept_errors on;

proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
send_timeout 60s;

/data/docker/nginx_config/conf.d/ssl.conf

ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";

Website to be accessed:

/data/docker/nginx_config/conf.d/00-redir-wordpress.conf

server {
    listen 80;
    listen [::]:80;
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name example.com www.example.com;

    ssl_certificate /root/fullchain.pem;
    ssl_certificate_key /root/privkey.pem;

    include /etc/nginx/conf.d/ssl.conf;

    if ($ssl_protocol = "") {
       rewrite ^   https://$server_name$request_uri? permanent;
    }

    location / {
        include /etc/nginx/conf.d/proxy.conf;
        proxy_pass http://172.19.0.3;
    }
}

Copy certificates to the designated directory:

# cp /etc/letsencrypt/live/example.com/fullchain.pem /data/docker/nginx_config/ssl/
# cp /etc/letsencrypt/live/example.com/privkey.pem /data/docker/nginx_config/ssl/

5 – Launching the containers and testing the setup

# cd /data/docker
# docker-compose up -d

Check if they were built and run:

# docker ps 
CONTAINER ID   IMAGE                                  COMMAND                  CREATED        STATUS       PORTS                                                                      NAMES
3d2899dfcc8e   nginx:latest                           "/docker-entrypoint.…"   25 hours ago   Up 6 hours   0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp   redirect
f5f5f61ebb7e   robbertkl/ipv6nat                      "/docker-ipv6nat-com…"   41 hours ago   Up 6 hours                                                                              ipv6nat

Check if the network called “private” was created and has IPv6 assigned to it:

# docker inspect network private

[
    {
        "Name": "private",
        "Id": "ec3013e265ef97be8081df6aa1a161762e1692899b21f5007eb95eb1be9b2347",
        "Created": "2024-08-24T13:31:46.161380218-03:00",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": true,
        "IPAM": {
            "Driver": "default",
            "Options": null,
            "Config": [
                {
                    "Subnet": "172.19.0.0/16",
                    "Gateway": "172.19.0.1"
                },
                {
                    "Subnet": "fd00:dead:beef:abcd::/64",
                    "Gateway": "fd00:dead:beef:abcd::1"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {
            "3d2899dfcc8ea068739c4a7f4748c723831862dbfe7dcd33ab3afacb8c56435f": {
                "Name": "redirect",
                "EndpointID": "66ab9ee74aabbec9f97319ef11d9516d5d9c0dfde9fe5268d6e11ee261f6b6ab",
                "MacAddress": "02:42:ac:13:00:02",
                "IPv4Address": "172.19.0.2/16",
                "IPv6Address": "fd00:dead:beef:abcd::2/64"
            },
                    "Options": {
            "com.docker.network.bridge.enable_icc": "true",
            "com.docker.network.bridge.enable_ip_forwarding": "true",
            "com.docker.network.bridge.enable_ip_masquerade": "true",
            "com.docker.network.bridge.gateway_mode_ipv6": "nat",
            "com.docker.network.bridge.name": "private"
        },
        "Labels": {
            "com.docker.compose.network": "private",
            "com.docker.compose.project": "docker",
            "com.docker.compose.version": "2.29.1"
        }
    }
]

Remember that is important to allow ports 80 and 443 TCP in your firewall.

Iptables rules (IPv6 + Ipv4):

# ip6tables -A INPUT -m state --state NEW -p tcp -m multiport --dports 80,443 -j ACCEPT
# iptables -A INPUT -m state --state NEW -p tcp -m multiport --dports 80,443 -j ACCEPT

If everything is running well, you might be able to see the access log as it follows:

# tail -f /data/docker/nginx_data/access.log

2001:818:e264:7200:e62:dffe:9007:731a - - [27/Aug/2024:09:04:46 -0300]"GET / HTTP/1.0" 200 39550 "https://example.com/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36"

In conclusion, setting up an Nginx reverse proxy with Docker Compose and IPv6 NAT enhances your server’s network capabilities and optimizes traffic management. By following the detailed steps, including configuring Docker for IPv6, enabling IPv6 NAT, and customizing Nginx, you can ensure efficient handling of both IPv4 and IPv6 traffic. This guide simplifies the process, making it easier to implement a modern, flexible network infrastructure, suitable for diverse applications, while maintaining strong security and performance standards.

Automation Linux

Chef.io Tool kit

Introduction to Chef.io: A Guide to Automation and Configuration Management

Chef.io, is a powerful automation platform that transforms infrastructure into code. In today’s fast-paced digital landscape, managing complex IT environments efficiently is crucial. Chef.io provides the tools and practices needed to automate your infrastructure, ensuring consistency, repeatability, and speed in your deployment processes.

Chef.io stands out due to its robust ecosystem and flexibility, allowing you to manage infrastructure as code across various environments, from on-premises to cloud. Whether you’re a system administrator, developer, or DevOps engineer, Chef.io’s comprehensive toolset can help you automate the repetitive tasks, enforce configuration standards, and ensure your infrastructure is always in the desired state.

Main compectps of Chef.io:

Nodes: The machines that are managed by Chef.
Cookbooks: Collections of recipes and related files.
Recipes: Instructions for configuring a node.
Resources: Building blocks of a recipe, representing specific elements of a system (e.g., packages, files, services).
Run List: Specifies the order in which recipes should be applied on a node.

Commonly Used Chef.io Commands

As you get hands-on with Chef.io, you’ll find that certain commands become essential for your day-to-day operations. Here are some of the most commonly used Chef.io commands, categorized by their primary functions:

chef generate cookbook COOKBOOK_NAME
Generates a new Chef cookbook.

chef generate recipe RECIPE_NAME
Generates a new recipe within a cookbook.

chef generate attribute ATTRIBUTE_FILE
Generates a new attributes file within a cookbook.

chef generate template TEMPLATE_FILE
Generates a new template file within a cookbook.

chef generate resource RESOURCE_NAME
Generates a new custom resource within a cookbook.

chef-client
Runs the Chef client on a node, applying the configurations defined in the node’s run list.

chef-client -o 'my_cookbook::my_recipe
Runs a specific recipe without altering the node’s run list.

Knife Commands

knife cookbook upload COOKBOOK_NAME
Uploads a cookbook to the Chef server.

knife spork promote --remote ENV COOKBOOK_NAME
Promote/push a cookbook changes to Chef server

knife node list
Lists all nodes registered with the Chef server.

knife node show NODE_NAME -F json
Displays details about a specific node in Json format.

knife node edit NODE_NAME
Change node attributes.

knife bootstrap NODE_IP -N NODE_NAME -x USER -P PASSWORD --sudo
knife bootstrap NODE_IP -E ENV -N NODE_NAME --bootstrap-version 17.10.3 --bootstrap-vault-item VAULT_NAME -r 'ROLE_NAME' -U root --ssh-identity-file ~/.ssh/id_rsa
Bootstraps a new node, installing the Chef client and registering it with the Chef server.

knife block ENV
Show/Select the current environment

knife environment list
Lists all environments on the Chef server.

knife role create ROLE_NAME
Creates a new role.

knife ssh "name:NODE_NAME" "COMMAND"
Running remote commands

knife vault update VAULT_NAME VAULT_FIELD -C NODE_NAME
Grant access to a vault for a certain node

knife data bag edit VAULT_NAME VAULT_FIELD --secret-file=/home/user/.chef/secret
Update encrypted_data_bag_secret taking it from server

knife search node "name:NODE_NAME"
knife search node 'platform_version:22.04 AND (owner_short:XX OR owner_short:YY)' -a packages.openssl.version
knife search node 'role:ROLE_NAME1 OR role:ROLE_NAME2' -a network.interfaces.eth0.addresses
Perform queries using node attributes

Berkshelf Commands

berks install
Installs the cookbooks specified in the Berksfile.

berks upload
Uploads cookbooks to the Chef server.

berks update
Updates cookbooks to their latest versions as specified in the Berksfile.

ChefSpec and InSpec Commands

chef exec rspec
Runs ChefSpec tests to simulate Chef runs.

inspec exec PATH_TO_PROFILE
Runs InSpec tests to verify compliance.

Chef Shell Commands

chef-shell
Opens an interactive shell session for executing Chef commands and testing recipes.

chef-shell -s
Starts Chef Shell in Solo mode.

chef-shell -z
Starts Chef Shell in safe mode.

Cookstyle Commands

cookstyle -a
Find for syntax errors in the cookbook and fix them

Linux Python RedHat Technology

How to send emails with Python 3

Post author By heros
Post date July 14, 2021
No Comments on How to send emails with Python 3

There are some situations in which System Admins must send emails from their servers. For those who are working with the newest Linux versions, Python version 3 has become its default. In this article, I will share how to send SMTP authenticated emails by using a Python 3 script.

The following script uses both libraries “smtplib” to establish the connection with the server, and “sys” to obtain parameters from the command line. In this case, the parameter “-a” is used to attach a text file to be sent, and the parameter “-s” is used to set the subject of the message. You should change the lines below for your environment.

1 – Set your mail server hostname and port.

mailobj = smtplib.SMTP('myserver.com',587)

2 – Username and password.

mailobj.login('user@myserver.com','secret')

3 – Correspondent and recipient.

sender = 'from@myserver.com'
receivers = 'to@myserver.com'

4 – This is the correct way to run the script:

./send-email.py -a "/some/text/file" -s "subject"

Finally, here is the script source code:

#!/usr/bin/python3

import smtplib, sys

param1 = sys.argv[1]
param2 = sys.argv[3]

if "-a" in param1:
    attached_file = sys.argv[2]
    f = open(attached_file, "r")
    body_text = f.read()

if "-s" in param2:
    subject = sys.argv[4]

mailobj = smtplib.SMTP('myserver.com',587)
mailobj.ehlo()
mailobj.starttls()
mailobj.login('user@myserver.com','secret')

sender = 'from@myserver.com'
receivers = 'to@myserver.com'
message = """From: FROM
To: TO
Subject: SUBJECT

TEXT
"""
message = message.replace("FROM",sender)
message = message.replace("TO",receivers)
message = message.replace("SUBJECT",subject)
message = message.replace("TEXT",body_text)

mailobj.sendmail(sender, receivers, message)
mailobj.quit()

Linux RedHat Technology

Setting up Centos / RedHat 8 extra repositories

Post author By heros
Post date June 23, 2021
No Comments on Setting up Centos / RedHat 8 extra repositories

One of the first tasks that system admins should do when they install a new Linux machine is to make sure they have a reliable repository to get the software they need.

Here, following some sources that I consider essential to obtain RPM packages.

1 – Install both those extra repositories epel and remi:

# yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
# yum -y install https://rpms.remirepo.net/enterprise/remi-release-8.rpm

2 – Install the package responsible for handling the yum configuration and enabling the repositories:

# yum -y install yum-utils
# yum config-manager --set-enabled powertools
# yum config-manager --set-enabled remi
# yum config-manager --set-enabled epel

3 – Now, you can update your Linux:

# yum update

Linux Network RedHat Technology

Using Tcptrack on Centos 8

Post author By heros
Post date June 23, 2021
No Comments on Using Tcptrack on Centos 8

This tutorial shows how to use the Tcptrack package on Centos 8, which does not have this RPM in its repository.

The Tcptrack is a console tool that displays the TCP connections that are currently active. It is also useful to see the amount of data and traffic that each connection consumes. Its usage is quite similar to the Tcpdump command.

To install this package on your Centos or RedHat version 8, follow the steps below. You should be logged in with root privileges.

1 – Enable the Powetools repository and Install both the RPM builder and those packages’ dependencies:

# yum config-manager --set-enabled powertools

# yum -y install rpm-build libpcap-devel gcc-c++ ncurses-devel make

2 – Download the source code:

# cd /tmp

# git clone https://github.com/bchretien/tcptrack.git

3 – Change SPEC file to the new version:

# cd /tmp/tcptrack/

# vi tcptrack.spec

Change line #2 to:

%define version 1.4.3

4 – Create the compressed source

# cd /tmp

# mv tcptrack tcptrack-1.4.3

# mkdir -p /root/rpmbuild/SOURCES/

# tar -czvf /root/rpmbuild/SOURCES/tcptrack-1.4.3.tar.gz tcptrack-1.4.3

5 – Now, go to the source directory and build the new package:

# cd /tmp/tcptrack-1.4.3

# rpmbuild -ba tcptrack.spec

6 – It is done! You can install the package that was just created:

# rpm -ivh /root/rpmbuild/RPMS/x86_64/tcptrack-1.4.3-1.x86_64.rpm

7 – There is a simple example of how to use it:

# tcptrack -i eth0

8 – Following, more advanced filters:

Showing only IPv4 connections

# tcptrack -i eth0 "ip"

Showing only connections through ports 465 and 587

# tcptrack -i eth0 "port 465 and port 587"

Showing only connections from a specific IP:

# tcptrack -i eth0 "host 192.168.1.2"

You can also combine both filters:

# tcptrack -i eth0 "host 192.168.1.2 and port 443"

Here is an example of how to exclude a value from your view:

# tcptrack -i eth0 "host 192.168.1.2 and port ! 22"

By pressing “s” you can sort by:

Rate
Bytes
Idle
Unsorted

That’s it, have fun 🙂

Essay

Is the Internet the best place to get information?

Post author By heros
Post date April 28, 2021
No Comments on Is the Internet the best place to get information?

In recent years, the internet has become people’s preferred communication system. Some individuals argue that this environment is not reliable when it comes to obtaining information. Although this is a democratic type of media, I believe that the lack of regulation tends to increase the amount of false information spread among its users.

The advancement of technology has brought many benefits to society as a whole. Nowadays, not only are mobile devices affordable, but also access to the network is cheap and available even in remote places. Therefore, the more people adopt the internet as their main source of news, the more media vehicles will publish their content on this platform. As a result, people from various social backgrounds are now able to consume information as previous generations could not imagine. Usually, people who are better informed make the best decisions in many aspects of their lives.

On the other hand, the internet was born without any regulatory system. The concept behind its creation was to provide a space in which every citizen could freely manifest his or her thoughts and beliefs. Because of this chaotic environment, many groups have been using the web as a tool to spread misinformation, conspiracy theories, and many other content that will manipulate the opinion of readers. To illustrate, recently, so-called fake news played a huge role in the United States elections. If voters had checked the validity of the information, they might have changed the way they voted. In other words, if internet users do not carefully check the source of what they are reading, they will become an easy target for those who want to spread biased messages as true information.

To sum up, this is a controversial topic, and there is not a simple measure to fix these issues. The system is hugely complex and involves a multitude of players such as tech companies, governments, legislators and political regimes. In summary, people should think twice after reading a piece of information from the internet.

Essay

What the causes of crimes are and how to prevent them

Post author By heros
Post date April 27, 2021
No Comments on What the causes of crimes are and how to prevent them

Annually, the number of criminals on the street increases. Criminal activity has countless causes, such as poverty and lack of education. By improving such social conditions, the government might be able to decrease violence on the streets. This essay will discuss this topic in detail.

Although the overall sense of safety in large cities has been increasing, those places still have neighborhoods in which criminals have territorial dominance. In such areas, the state cannot provide its inhabitants with even basic public services. The lack of schools, for example, is the main reason behind the use of youngsters as a workforce by criminal organizations. It is not rare to see drug dealers and cartels luring teenagers with guns, gold jewelry, and, consequently, power in order to recruit them. As a result, uneducated people might think it is easier to obtain social status and wealth as gang members. If the government wants to ameliorate this situation, it must invest heavily in education in these sensible regions.

Moreover, destitute individuals also have a tendency to commit more crimes than fortunate ones. Nowadays, the media publishes an astonishing number of advertisements on television, social media, and billboards, to name a few. People who cannot afford such items may eventually consider engaging in illegal activity to make money. In this case, their lack of moral values will play a huge role in this decision. However, if they have a job that provides them with enough money to buy things, they will not have to handle this dilemma.

In summary, this is a controversial subject that not even specialists have a silver-bullet solution to. However, it is clear that the more educated a population is, the less crime its people will experience on a daily basis. This field should be the number one priority of every public authority.

Linux Network RedHat

RedHat 8 Basic Network Settings

Post author By heros
Post date April 22, 2021
No Comments on RedHat 8 Basic Network Settings

For those who have choose to not set up the network connection during the RedHat 8 installation process, it is quintessential doing that soon after the system performs a reboot. Otherwise, you might not be able to install remote packages, receiving nor sending information anywhere.

The following tutorial provides the very basic configuration to make such connectivity possible.

1 – Change your “hostname”. Just edit the file “/etc/hostname” and overwrite the machine’s full hostname.

2 – Define your IP address.

Considering that your system has recognized your interface as “ens160“, and you do not have a DHCP system available on LAN. Edit the file “/etc/sysconfig/network-scripts/ifcfg-ens160“.

2.1 – Change the parameter BOOTPROTO from dhcp to static

2.2 – In the end of file, you should add two parameters: IPADDR=X.X.X.X (for example, 192.168.0.2) IPMASK=X.X.X.X (for example, 255.255.255.0)

3 – Now, edit the file “/etc/sysconfig/network” to set up your default gateway. Add the following parameter: GATEWAY=X.X.X.X (for example, 192.168.0.1)

4 – To make this changes effective, type the commands below:

# ifdown ens160 ; ifup ens160

5 – You can check if those settings were rightly applied.

# ifconfig ens160

ens160: flags=4163 mtu 1500
inet 192.168.0.2 netmask 255.255.255.0 broadcast 192.168.0.255
inet6 fe80::289b:a5a7:1282:9065 prefixlen 64 scopeid 0x20
inet6 2804:14c:5bb2:8e8f:72ff:9ed2:b6d9:81b4 prefixlen 64 scopeid 0x0
ether 00:0c:29:9a:b6:0e txqueuelen 1000 (Ethernet)
RX packets 611 bytes 71365 (69.6 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 569 bytes 67271 (65.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

# route -n

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.0.1 0.0.0.0 UG 100 0 0 ens160
192.168.0.0 0.0.0.0 255.255.255.0 U 100 0 0 ens160

6 – Finally, test if you are able to get a “ping” response from an public internet address.

# ping -c 3 1.1.1.1
PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data.
64 bytes from 1.1.1.1: icmp_seq=1 ttl=55 time=22.6 ms
64 bytes from 1.1.1.1: icmp_seq=2 ttl=55 time=22.6 ms
64 bytes from 1.1.1.1: icmp_seq=3 ttl=55 time=20.8 ms

If the IP address that you already set up has fully access to the Internet beyond the gateway, you will be able to get the correct answer from the destiny.

--- 1.1.1.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 6ms
rtt min/avg/max/mdev = 20.785/21.971/22.571/0.847 ms

Linux RedHat Technology

Changing System Runlevel on RedHat 8

Post author By heros
Post date April 21, 2021
No Comments on Changing System Runlevel on RedHat 8

Most of Centos, Fedora, and RedHat previous users are used to set Runlevel by changing the file “/etc/inittab”, however, the newest version of the Red Hat OS (version 8) changed the way how it is set.

You should use the following commands to perform this change in each scenario.

Multi-user terminal mode (alike to runlevel 3)

# systemctl set-default multi-user.target

Graphical mode (alike to runlevel 5)

# systemctl set-default graphical.target

Asterisk Linux

Recording and mixing Asterisk’s calls

Post author By heros
Post date April 15, 2021
No Comments on Recording and mixing Asterisk’s calls

One of the most valuable features of the Asterisk PBX server is its recording support. However, before playing the audio files, we must merge both sides of the recorded call. This article was written based on Asterisk version 16 and Sox v14.4.1.

The first step is enabling this feature in the extensions file /etc/asterisk/extensions.conf. The application used for recording is MixMonitor.

In this example, we used the parameter as follows:

exten => s,n,MixMonitor(${UNIQUEID}.wav49)

Note that, ${UNIQUEID} is the filename and .wav49 is the extension, which means that Asterisk will convert audio files by using the WAV format.

After settings are applied, the new recording files will be placed on the directory /var/spool/asterisk/monitor

Before listening to these audios, you should mix them whether they were created from incoming or outgoing calls. Here, we use the the program called sox.

Mixing incoming calls:

/usr/bin/sox -m DIR_MONITOR/FILENAME-in.wav DIR_MONITOR/FILENAME-out.wav OUTPUT-PATH

Where:

DIR_MONITOR: The full path of audio files (/var/spool/asterisk/monitor).

FILENAME: The unique ID given by Asterisk when it was created. In this case, we have (-in) for one side of the call and (-out) for the other one. For example, 1617641548.58651-in.wav and 1617641548.58651-out.wav

OUTPUT-PATH: The full path containing the directory and the filename of the new mixed audio. For example: /var/spool/asterisk/records/my-record.wav

Mixing outgoing calls:

In this case, we must set the frequency to 8000 Mhz, define the channels to mono, and its format to WAV. It is important to notice that we just handle one single file.

/usr/bin/sox DIR_MONITOR/FILENAME.WAV -r 8000 -c 1 -e signed-integer OUTPUT-PATH

I strongly recommend that you make a script to deal with these recordings, store the new files safety and erase the previous ones. This is important to save disc space of the Asterisk server.