Categories
Docker Linux Technology

Setup Nginx reverse proxy + Docker compose + IPv6 nat

Setting up an Nginx reverse proxy with Docker Compose and IPv6 NAT might sound complex, but it’s a powerful combination for managing and securing web traffic.

In this guide, we’ll walk you through the steps to configure Nginx as a reverse proxy, use Docker Compose to manage containers, and set up IPv6 NAT (Network Address Translation) to ensure smooth and efficient communication across your network.

Whether you’re new to these tools or looking to improve your setup, this guide will help you get everything running smoothly.

This setup was tested using a RPM package-based distro, so the tool of choice is Dnf, but it could be Yum as well.

1 – Installing Docker

Preparing the repo and installing Docker:

# dnf config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo
# dnf install docker-ce docker-ce-cli containerd.io
# systemctl enable docker
# systemctl start docker

Install docker-compose:

# wget https://github.com/docker/compose/releases/download/v2.29.1/docker-compose-$(uname -s)-$(uname -m) -O /usr/local/bin/docker-compose

# chmod +x /usr/local/bin/docker-compose

2 – Adding IPv6 support to Linux and Docker

Prepare a Linux host and Docker to support IPv6 connections:

Make sure your Linux server has IPV6 enabled in your network card.

Enable IPv6 for all network interfaces.

# sysctl -w net.ipv6.conf.all.disable_ipv6=0
# sysctl -w net.ipv6.conf.default.disable_ipv6=0

Enable IPv6 for a specific network interface. I use the eth0 network interface in this example.

# sysctl -w net.ipv6.conf.eth0.disable_ipv6=0

It is also important to enable forward capabilities for IPv6 connections.

# sysctl -w net.ipv6.conf.all.forwarding=1
# sysctl -w net.ipv6.conf.eth0.proxy_ndp=1
# sysctl -w net.ipv6.conf.eth0.accept_ra=2
# sysctl -w net.ipv6.conf.default.forwarding=1

Apply the changes:

# sysctl -p

Restart your network service and check if your network card has an IPv6 assigned.

# ip -6 address show dev eth0

eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1460 qdisc fq_codel state UP group default qlen 1000
inet6 af30:a1cd:b319:c0f3:c5f8:cd0d:7700:493f/128 scope global dynamic valid_lft 2512sec preferred_lft 2452sec

# ping6 google.com
PING google.com(in-in-f139.1e100.net (2607:f8b0:4001:c01::8b)) 56 data bytes
64 bytes from in-in-f139.1e100.net (2607:f8b0:4001:c01::8b): icmp_seq=1 ttl=115 time=0.658 ms
64 bytes from in-in-f139.1e100.net (2607:f8b0:4001:c01::8b): icmp_seq=2 ttl=115 time=0.699 ms
64 bytes from in-in-f139.1e100.net (2607:f8b0:4001:c01::8b): icmp_seq=3 ttl=115 time=0.712 ms

Create the file /etc/docker/daemon.json

Note that according to the IPv6 Nat project page (https://github.com/robbertkl/docker-ipv6nat), the network block must be in the range fc00::/7.

{
"ipv6": true,
"fixed-cidr-v6": "fd00:dead:beef::/64"
}

And restart the Docker service:

# systemctl restart docker

3 – Creating Docker Compose files

Now, we need to create the directory structure to launch the containers:

# mkdir -p /data/docker/nginx_config

# mkdir /data/docker/nginx_data

And create a docker-compose file:

# cd /data/docker

# vi docker-compose.yaml

docker-compose.yaml

services:
redirect:
container_name: redirect
image: 'nginx:latest'
depends_on:
- ipv6nat
environment:
ENABLE_IPV6: true
restart: unless-stopped
ports:
- target: 80
published: 80
protocol: tcp
mode: host
- target: 443
published: 443
protocol: tcp
mode: host
networks:
private:
ipv4_address: 172.19.0.2
ipv6_address: fd00:dead:beef:abcd::2
volumes:
- ./nginx_config/nginx.conf:/etc/nginx/nginx.conf:ro
- ./nginx_config/conf.d:/etc/nginx/conf.d/
- ./nginx_config/ssl/fullchain.pem:/root/fullchain.pem:ro
- ./nginx_config/ssl/privkey.pem:/root/privkey.pem:ro
- ./nginx_data/:/var/log/nginx/
- /etc/localtime:/etc/localtime:ro

 ipv6nat:
   container_name: ipv6nat
   image: robbertkl/ipv6nat
   restart: unless-stopped
   network_mode: "host"
   privileged: true
   volumes:
     - /var/run/docker.sock:/var/run/docker.sock:ro
     - /lib/modules:/lib/modules:ro

networks:
 private:
   name: private
   driver: bridge
   enable_ipv6: true
   driver_opts:
     com.docker.network.enable_ipv6: "true"
     com.docker.network.bridge.gateway_mode_ipv6: "nat"
     com.docker.network.bridge.name: "private"
     com.docker.network.bridge.enable_icc: "true"
     com.docker.network.bridge.enable_ip_forwarding: "true"
     com.docker.network.bridge.enable_ip_masquerade: "true"
   ipam:
     driver: default
     config:
       - subnet: "172.19.0.0/16"
         gateway: "172.19.0.1"
       - subnet: "fd00:dead:beef:abcd::/64"

4 – Creating Nginx config files and directories

Nginx main config file.

/data/docker/nginx_config/nginx.conf

# nginx
user nginx;
worker_processes auto;

error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;

events {
worker_connections 1024;
}

http {
include /etc/nginx/mime.types;
default_type application/octet-stream;

# Logging NAT ip
set_real_ip_from 0.0.0.0/0;
set_real_ip_from ::/0;
real_ip_header X-Forwarded-For;
real_ip_recursive on;

log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent"';

access_log /var/log/nginx/access.log main;

# Basic Settings
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;

include /etc/nginx/conf.d/*.conf;
}

Create extra directories:

# mkdir /data/docker/nginx_config/conf.d
# mkdir /data/docker/nginx_config/ssl

Extended Nginx configuration files.

/data/docker/nginx_config/conf.d/proxy.conf

# Nginx proxy
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;

proxy_buffering off;
proxy_request_buffering off;
proxy_http_version 1.1;
proxy_intercept_errors on;

proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
send_timeout 60s;

/data/docker/nginx_config/conf.d/ssl.conf

ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";

Website to be accessed:

/data/docker/nginx_config/conf.d/00-redir-wordpress.conf

server {
listen 80;
listen [::]:80;
listen 443 ssl;
listen [::]:443 ssl;

server_name example.com www.example.com;

ssl_certificate /root/fullchain.pem;
ssl_certificate_key /root/privkey.pem;

include /etc/nginx/conf.d/ssl.conf;

if ($ssl_protocol = "") {
rewrite ^ https://$server_name$request_uri? permanent;
}

location / {
include /etc/nginx/conf.d/proxy.conf;
proxy_pass http://172.19.0.3;
}
}

Copy certificates to the designated directory:

# cp /etc/letsencrypt/live/example.com/fullchain.pem /data/docker/nginx_config/ssl/
# cp /etc/letsencrypt/live/example.com/privkey.pem /data/docker/nginx_config/ssl/

5 – Launching the containers and testing the setup

# cd /data/docker
# docker-compose up -d

Check if they were built and run:

# docker ps 
CONTAINER ID   IMAGE                                  COMMAND                  CREATED        STATUS       PORTS                                                                      NAMES
3d2899dfcc8e   nginx:latest                           "/docker-entrypoint.…"   25 hours ago   Up 6 hours   0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp   redirect
f5f5f61ebb7e   robbertkl/ipv6nat                      "/docker-ipv6nat-com…"   41 hours ago   Up 6 hours                                                                              ipv6nat

Check if the network called “private” was created and has IPv6 assigned to it:

# docker inspect network private

[
{
"Name": "private",
"Id": "ec3013e265ef97be8081df6aa1a161762e1692899b21f5007eb95eb1be9b2347",
"Created": "2024-08-24T13:31:46.161380218-03:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": true,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "172.19.0.0/16",
"Gateway": "172.19.0.1"
},
{
"Subnet": "fd00:dead:beef:abcd::/64",
"Gateway": "fd00:dead:beef:abcd::1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"3d2899dfcc8ea068739c4a7f4748c723831862dbfe7dcd33ab3afacb8c56435f": {
"Name": "redirect",
"EndpointID": "66ab9ee74aabbec9f97319ef11d9516d5d9c0dfde9fe5268d6e11ee261f6b6ab",
"MacAddress": "02:42:ac:13:00:02",
"IPv4Address": "172.19.0.2/16",
"IPv6Address": "fd00:dead:beef:abcd::2/64"
},
"Options": {
"com.docker.network.bridge.enable_icc": "true",
"com.docker.network.bridge.enable_ip_forwarding": "true",
"com.docker.network.bridge.enable_ip_masquerade": "true",
"com.docker.network.bridge.gateway_mode_ipv6": "nat",
"com.docker.network.bridge.name": "private"
},
"Labels": {
"com.docker.compose.network": "private",
"com.docker.compose.project": "docker",
"com.docker.compose.version": "2.29.1"
}
}
]

Remember that is important to allow ports 80 and 443 TCP in your firewall.

Iptables rules (IPv6 + Ipv4):

# ip6tables -A INPUT -m state --state NEW -p tcp -m multiport --dports 80,443 -j ACCEPT
# iptables -A INPUT -m state --state NEW -p tcp -m multiport --dports 80,443 -j ACCEPT

If everything is running well, you might be able to see the access log as it follows:

# tail -f /data/docker/nginx_data/access.log

2001:818:e264:7200:e62:dffe:9007:731a - - [27/Aug/2024:09:04:46 -0300]"GET / HTTP/1.0" 200 39550 "https://example.com/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36"

In conclusion, setting up an Nginx reverse proxy with Docker Compose and IPv6 NAT enhances your server’s network capabilities and optimizes traffic management. By following the detailed steps, including configuring Docker for IPv6, enabling IPv6 NAT, and customizing Nginx, you can ensure efficient handling of both IPv4 and IPv6 traffic. This guide simplifies the process, making it easier to implement a modern, flexible network infrastructure, suitable for diverse applications, while maintaining strong security and performance standards.

Categories
Automation Linux

Chef.io Tool kit

Introduction to Chef.io: A Guide to Automation and Configuration Management

Chef.io, is a powerful automation platform that transforms infrastructure into code. In today’s fast-paced digital landscape, managing complex IT environments efficiently is crucial. Chef.io provides the tools and practices needed to automate your infrastructure, ensuring consistency, repeatability, and speed in your deployment processes.

Chef.io stands out due to its robust ecosystem and flexibility, allowing you to manage infrastructure as code across various environments, from on-premises to cloud. Whether you’re a system administrator, developer, or DevOps engineer, Chef.io’s comprehensive toolset can help you automate the repetitive tasks, enforce configuration standards, and ensure your infrastructure is always in the desired state.

Main compectps of Chef.io:

  • Nodes: The machines that are managed by Chef.
  • Cookbooks: Collections of recipes and related files.
  • Recipes: Instructions for configuring a node.
  • Resources: Building blocks of a recipe, representing specific elements of a system (e.g., packages, files, services).
  • Run List: Specifies the order in which recipes should be applied on a node.

Commonly Used Chef.io Commands

As you get hands-on with Chef.io, you’ll find that certain commands become essential for your day-to-day operations. Here are some of the most commonly used Chef.io commands, categorized by their primary functions:

chef generate cookbook COOKBOOK_NAME

Generates a new Chef cookbook.

chef generate recipe RECIPE_NAME

Generates a new recipe within a cookbook.

chef generate attribute ATTRIBUTE_FILE

Generates a new attributes file within a cookbook.

chef generate template TEMPLATE_FILE

Generates a new template file within a cookbook.

chef generate resource RESOURCE_NAME

Generates a new custom resource within a cookbook.

chef-client

Runs the Chef client on a node, applying the configurations defined in the node’s run list.

chef-client -o 'my_cookbook::my_recipe

Runs a specific recipe without altering the node’s run list.

Knife Commands

knife cookbook upload COOKBOOK_NAME

Uploads a cookbook to the Chef server.

knife spork promote --remote ENV COOKBOOK_NAME

Promote/push a cookbook changes to Chef server

knife node list

Lists all nodes registered with the Chef server.

knife node show NODE_NAME -F json

Displays details about a specific node in Json format.

knife node edit NODE_NAME

Change node attributes.

knife bootstrap NODE_IP -N NODE_NAME -x USER -P PASSWORD --sudo

knife bootstrap NODE_IP -E ENV -N NODE_NAME --bootstrap-version 17.10.3 --bootstrap-vault-item VAULT_NAME -r 'ROLE_NAME' -U root --ssh-identity-file ~/.ssh/id_rsa

Bootstraps a new node, installing the Chef client and registering it with the Chef server.

knife block ENV

Show/Select the current environment

knife environment list

Lists all environments on the Chef server.

knife role create ROLE_NAME

Creates a new role.

knife ssh "name:NODE_NAME" "COMMAND"

Running remote commands

knife vault update VAULT_NAME VAULT_FIELD -C NODE_NAME

Grant access to a vault for a certain node

knife data bag edit VAULT_NAME VAULT_FIELD --secret-file=/home/user/.chef/secret

Update encrypted_data_bag_secret taking it from server

knife search node "name:NODE_NAME"

knife search node 'platform_version:22.04 AND (owner_short:XX OR owner_short:YY)' -a packages.openssl.version

knife search node 'role:ROLE_NAME1 OR role:ROLE_NAME2' -a network.interfaces.eth0.addresses

Perform queries using node attributes

Berkshelf Commands

berks install

Installs the cookbooks specified in the Berksfile.

berks upload

Uploads cookbooks to the Chef server.

berks update

Updates cookbooks to their latest versions as specified in the Berksfile.

ChefSpec and InSpec Commands

chef exec rspec

Runs ChefSpec tests to simulate Chef runs.

inspec exec PATH_TO_PROFILE

Runs InSpec tests to verify compliance.

Chef Shell Commands

chef-shell

Opens an interactive shell session for executing Chef commands and testing recipes.

chef-shell -s

Starts Chef Shell in Solo mode.

chef-shell -z

Starts Chef Shell in safe mode.

Cookstyle Commands

cookstyle -a

Find for syntax errors in the cookbook and fix them
Categories
Linux Python RedHat Technology

How to send emails with Python 3

There are some situations in which System Admins must send emails from their servers. For those who are working with the newest Linux versions, Python version 3 has become its default. In this article, I will share how to send SMTP authenticated emails by using a Python 3 script.

The following script uses both libraries “smtplib” to establish the connection with the server, and “sys” to obtain parameters from the command line. In this case, the parameter “-a” is used to attach a text file to be sent, and the parameter “-s” is used to set the subject of the message. You should change the lines below for your environment.

1 – Set your mail server hostname and port.

mailobj = smtplib.SMTP('myserver.com',587)

2 – Username and password.

mailobj.login('user@myserver.com','secret')

3 – Correspondent and recipient.

sender = 'from@myserver.com'
receivers = 'to@myserver.com'

4 – This is the correct way to run the script:

./send-email.py -a "/some/text/file" -s "subject"

Finally, here is the script source code:

#!/usr/bin/python3

import smtplib, sys

param1 = sys.argv[1]
param2 = sys.argv[3]

if "-a" in param1:
    attached_file = sys.argv[2]
    f = open(attached_file, "r")
    body_text = f.read()

if "-s" in param2:
    subject = sys.argv[4]

mailobj = smtplib.SMTP('myserver.com',587)
mailobj.ehlo()
mailobj.starttls()
mailobj.login('user@myserver.com','secret')

sender = 'from@myserver.com'
receivers = 'to@myserver.com'
message = """From: FROM
To: TO
Subject: SUBJECT

TEXT
"""
message = message.replace("FROM",sender)
message = message.replace("TO",receivers)
message = message.replace("SUBJECT",subject)
message = message.replace("TEXT",body_text)

mailobj.sendmail(sender, receivers, message)
mailobj.quit()

Categories
Linux RedHat Technology

Setting up Centos / RedHat 8 extra repositories

One of the first tasks that system admins should do when they install a new Linux machine is to make sure they have a reliable repository to get the software they need.

Here, following some sources that I consider essential to obtain RPM packages.

1 – Install both those extra repositories epel and remi:

# yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
# yum -y install https://rpms.remirepo.net/enterprise/remi-release-8.rpm

2 – Install the package responsible for handling the yum configuration and enabling the repositories:

# yum -y install yum-utils
# yum config-manager --set-enabled powertools
# yum config-manager --set-enabled remi
# yum config-manager --set-enabled epel

3 – Now, you can update your Linux:

# yum update
Categories
Linux Network RedHat Technology

Using Tcptrack on Centos 8

This tutorial shows how to use the Tcptrack package on Centos 8, which does not have this RPM in its repository.

The Tcptrack is a console tool that displays the TCP connections that are currently active. It is also useful to see the amount of data and traffic that each connection consumes. Its usage is quite similar to the Tcpdump command.

To install this package on your Centos or RedHat version 8, follow the steps below. You should be logged in with root privileges.

1 – Enable the Powetools repository and Install both the RPM builder and those packages’ dependencies:

# yum config-manager --set-enabled powertools

# yum -y install rpm-build libpcap-devel gcc-c++ ncurses-devel make

2 – Download the source code:

# cd /tmp

# git clone https://github.com/bchretien/tcptrack.git

3 – Change SPEC file to the new version:

# cd /tmp/tcptrack/

# vi tcptrack.spec

Change line #2 to:

%define version 1.4.3

4 – Create the compressed source

# cd /tmp

# mv tcptrack tcptrack-1.4.3

# mkdir -p /root/rpmbuild/SOURCES/

# tar -czvf /root/rpmbuild/SOURCES/tcptrack-1.4.3.tar.gz tcptrack-1.4.3

5 – Now, go to the source directory and build the new package:

# cd /tmp/tcptrack-1.4.3

# rpmbuild -ba tcptrack.spec

6 – It is done! You can install the package that was just created:

# rpm -ivh /root/rpmbuild/RPMS/x86_64/tcptrack-1.4.3-1.x86_64.rpm

7 – There is a simple example of how to use it:

# tcptrack -i eth0

8 – Following, more advanced filters:

Showing only IPv4 connections

# tcptrack -i eth0 "ip"

Showing only connections through ports 465 and 587

# tcptrack -i eth0 "port 465 and port 587"

Showing only connections from a specific IP:

# tcptrack -i eth0 "host 192.168.1.2"

You can also combine both filters:

# tcptrack -i eth0 "host 192.168.1.2 and port 443"

Here is an example of how to exclude a value from your view:

# tcptrack -i eth0 "host 192.168.1.2 and port ! 22"

By pressing “s” you can sort by:

  • Rate
  • Bytes
  • Idle
  • Unsorted

That’s it, have fun 🙂

Categories
Linux Network RedHat

RedHat 8 Basic Network Settings

For those who have choose to not set up the network connection during the RedHat 8 installation process, it is quintessential doing that soon after the system performs a reboot. Otherwise, you might not be able to install remote packages, receiving nor sending information anywhere.

The following tutorial provides the very basic configuration to make such connectivity possible.

1 – Change your “hostname”. Just edit the file “/etc/hostname” and overwrite the machine’s full hostname.

2 – Define your IP address.

Considering that your system has recognized your interface as “ens160“, and you do not have a DHCP system available on LAN. Edit the file “/etc/sysconfig/network-scripts/ifcfg-ens160.

2.1 – Change the parameter BOOTPROTO from dhcp to static

2.2 – In the end of file, you should add two parameters: IPADDR=X.X.X.X (for example, 192.168.0.2) IPMASK=X.X.X.X (for example, 255.255.255.0)

3 – Now, edit the file “/etc/sysconfig/network” to set up your default gateway. Add the following parameter: GATEWAY=X.X.X.X (for example, 192.168.0.1)

4 – To make this changes effective, type the commands below:

# ifdown ens160 ; ifup ens160

5 – You can check if those settings were rightly applied.

# ifconfig ens160
ens160: flags=4163 mtu 1500
inet 192.168.0.2 netmask 255.255.255.0 broadcast 192.168.0.255
inet6 fe80::289b:a5a7:1282:9065 prefixlen 64 scopeid 0x20
inet6 2804:14c:5bb2:8e8f:72ff:9ed2:b6d9:81b4 prefixlen 64 scopeid 0x0
ether 00:0c:29:9a:b6:0e txqueuelen 1000 (Ethernet)
RX packets 611 bytes 71365 (69.6 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 569 bytes 67271 (65.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.0.1 0.0.0.0 UG 100 0 0 ens160
192.168.0.0 0.0.0.0 255.255.255.0 U 100 0 0 ens160

6 – Finally, test if you are able to get a “ping” response from an public internet address.

# ping -c 3 1.1.1.1
PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data.
64 bytes from 1.1.1.1: icmp_seq=1 ttl=55 time=22.6 ms
64 bytes from 1.1.1.1: icmp_seq=2 ttl=55 time=22.6 ms
64 bytes from 1.1.1.1: icmp_seq=3 ttl=55 time=20.8 ms

If the IP address that you already set up has fully access to the Internet beyond the gateway, you will be able to get the correct answer from the destiny.

--- 1.1.1.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 6ms
rtt min/avg/max/mdev = 20.785/21.971/22.571/0.847 ms

Categories
Linux RedHat Technology

Changing System Runlevel on RedHat 8

Most of Centos, Fedora, and RedHat previous users are used to set Runlevel by changing the file “/etc/inittab”, however, the newest version of the Red Hat OS (version 8) changed the way how it is set.

You should use the following commands to perform this change in each scenario.

Multi-user terminal mode (alike to runlevel 3)

# systemctl set-default multi-user.target

Graphical mode (alike to runlevel 5)

# systemctl set-default graphical.target
Categories
Asterisk Linux

Recording and mixing Asterisk’s calls

One of the most valuable features of the Asterisk PBX server is its recording support. However, before playing the audio files, we must merge both sides of the recorded call. This article was written based on Asterisk version 16 and Sox v14.4.1.

The first step is enabling this feature in the extensions file /etc/asterisk/extensions.conf. The application used for recording is MixMonitor.

In this example, we used the parameter as follows:

exten => s,n,MixMonitor(${UNIQUEID}.wav49)

Note that, ${UNIQUEID} is the filename and .wav49 is the extension, which means that Asterisk will convert audio files by using the WAV format.

After settings are applied, the new recording files will be placed on the directory /var/spool/asterisk/monitor

Before listening to these audios, you should mix them whether they were created from incoming or outgoing calls. Here, we use the the program called sox.

Mixing incoming calls:

/usr/bin/sox -m DIR_MONITOR/FILENAME-in.wav DIR_MONITOR/FILENAME-out.wav OUTPUT-PATH

Where:

DIR_MONITOR: The full path of audio files (/var/spool/asterisk/monitor).

FILENAME: The unique ID given by Asterisk when it was created. In this case, we have (-in) for one side of the call and (-out) for the other one. For example, 1617641548.58651-in.wav and 1617641548.58651-out.wav

OUTPUT-PATH: The full path containing the directory and the filename of the new mixed audio. For example: /var/spool/asterisk/records/my-record.wav

Mixing outgoing calls:

In this case, we must set the frequency to 8000 Mhz, define the channels to mono, and its format to WAV. It is important to notice that we just handle one single file.

/usr/bin/sox DIR_MONITOR/FILENAME.WAV -r 8000 -c 1 -e signed-integer OUTPUT-PATH

I strongly recommend that you make a script to deal with these recordings, store the new files safety and erase the previous ones. This is important to save disc space of the Asterisk server.

Categories
Asterisk Database Linux

Asterisk + ODBC + Mysql

The latest versions of the Asterisk PBX server connect to the Mysql database server by using ODBC. In this tutorial, I will show you how to set this up.

My test environment is CentOS Linux released on 7.9.2009, Asterisk 16.16.0, unixODBC 2.3.1, and Mysql Community Server 8.

I am taking for granted that you already have your Mysql installed and running. If you have not taken this step yet, you should use a tutorial like this one.

1 – Install the Unix ODBC:

# yum -y install unixODBC

2 – Download the official Mysql library connector from: https://dev.mysql.com/downloads/connector/odbc/

# wget https://cdn.mysql.com//Downloads/Connector-ODBC/8.0/mysql-connector-odbc-8.0.23-linux-glibc2.12-x86-64bit.tar.gz

Decompress the package in /usr/local directory or wherever you like.

# tar -zxvf mysql-connector-odbc-8.0.23-linux-glibc2.12-x86-64bit.tar.gz -C /usr/local

3 – Edit the file /etc/odbcinst.ini and insert the following code block:

[MySQL_ANSI]
Driver=/usr/local/mysql-odbc/lib/libmyodbc8a.so
sageCount=1

4 – Edit the file /etc/odbc.ini and create your connection:

[asterisk-connector]
Description = MySQL connection
Driver = MySQL_ANSI
Database = asterisk
Server = 127.0.0.1
Port = 3306

5 – Now, you must configure your Asterisk to use the connection. The file which contains that information is /etc/asterisk/res_odbc.conf

[asterisk]
enabled => yes
dsn => asterisk-connector
username => user
password => secret
pre-connect => yes
max_connections => 100

6 – Finally, make sure that Asterisk is using the ODBC module, take a look at the file /etc/asterisk/modules.conf and find the following line:

preload => res_odbc.so

If you have any questions, please use the comment box below.

Categories
Database Linux

Running Mysql queries using Login Profile

The newest versions of the Mysql server, such as the 8, presents the following message when users try to use the database password in the command line:

# mysql -u root -p"password" -e "show databases"

mysql: [Warning] Using a password on the command line interface can be insecure.

In order to prevent this warning message, you just need to create a password profile, in this example we going to create one called “local”:

# mysql_config_editor set --login-path=local \
--host=localhost --port=3306 \
--socket=/var/lib/mysql/mysql.sock \
--user=root --password

Now, you can easily run queries without providing the password, just use the “local” profile:

# /usr/bin/mysql --login-path=local -h localhost -e "show databases"