hillclimber
Member
- Joined
- Nov 17, 2008
- Messages
- 30
- Reaction score
- 9
Having now had time to study and test the latest most-delightful Ubuntu server/installer with an eye towards adding the VOIP stuff on to this professional web server known as BOA, I can offer these comments and suggestions.
The opportunity for open-source developers to build Twilio/OpenPBX-like stuff using PIAF and Drupal on Ubuntu/Debian, to me, seems fantastic. As do accompanying client-facing customer interfaces, like A2Billing, which conceivably lower the barrier of entry for anyone to really start their own VOIP services company, using PIAF. Or, simply customize PIAF plus a Drupal/CRM web interface to spec. for a client project.
The only incompatibility of using PIAF with this professional web server known as BOA to overcome so far as I can see, has to do with the security model of PIAF, which uses IPTables. Also, PIAF isn't really 100% open-sourced code ala GIT on Github like this professional web server, which uses CSF firewall (here's a 2nd citation for CSF firewall[EDIT: that page says CSF Firewall actually requires IPtables, and double-checks to see if it is installed first]), so GIT code merging isn't really an option it seems. I think, but am uncertain, and surely welcome comments.
So, would it at least be possible perhaps, for the IPtables security stuff to become an optional step of the PIAF installer, which can simply be bypassed? Then, perhaps PIAF Ubuntu VOIP stuff could be installed without conflict on this professional web server known as BOA. For one thing, I think it is fair to say the firewall security model of this professional web server is well-tested and mature, so I'd prefer to use it, especially for anything actually client-facing over the internet. (and I just got really good with free Class 1 NGINX SSL certificates, which can be documented for others soon, to accompany such an Ubuntu web front-end installation recipe).
There is some conflict between the PIAF and BOA server installers. PIAF uses Apache and BOA uses NGINX, but I don't think this is anything like a show-stopper, and they don't necessarily conflict. Only redundant resources are wasted. This aspect doesn't seem too discouraging. Also, PIAF uses MySQL and BOA ditched that long ago, using MariaDB instead; and I never noticed the difference personally as a developer.
Of course I had to dig into Port Knocking which was kind of on My To-do List for a long time already, and tried to install Ward's program which lead to the error message, "IPTables is not installed", on this professional web server known as BOA, which was interesting, and then I studied up some more on CSF firewall. Turns out Port Knocking on CSF firewall can be turned on with a simple config setting, so now I'm much more secure than before this study! I learned something today about tools I've been using for years already. Thanks for the push!
One last note for others is I previously thought it best to use a non-standard SSH port, and not use Port 22. An obscurity thing, of course. No, turns out that can be risky, so port knocking is really important to setup.
EDIT: Time has passed since this was written, and it seems only fair to add more notes on using the CSF Server Webmin GUI, in case anyone tries to test-drive the Drupal BOA server linked to several times above. When/if you install BOA, to access the CSF Firewall GUI, you must first upload its webmin module at /etc/csf/csfwebmin.tgz (or /usr/local/csf/csfwebmin.tgz; I see now actually it is a symlink in /etc/csf). HOWEVER, before you can do that, you must first install webmin.
It is best to use the easier to write/read/understand instructions: The first time you install BOA using the script on Github, a new install preferences file will be created at /root/.barracuda.cnf. You must edit this file and then perform a standard Barracuda update, which must be performed from time to time, and is good to learn how to do.
Here's mostly copy/pasted text that came from here:, and also here:
Add any package like Collectd, chive at a later moment
$ vim .barracuda.cnf
PDS --- fast DNS cache server (pdnsd) (default)
BND --- Bind9 DNS Server
SLR --- MultiCore Apache Solr Tomcat (Not interesting any-more, now that I have discovered the ELK Stack! Here's a guide to install the log-centralizing/indexing server, best in its own Ubuntu virtual machine IMHO)
CHV --- Chive DB Manager (default, much more secure than using PHPmyAdmin)
BDD --- SQL Buddy DB Manager
CGP --- Collectd Graph Panel
WMN --- Webmin Control Panel
CSF --- csf/lfd Firewall (default)
CSS --- Compass Tools (available on Squeeze, Wheezy, Precise and Trusty)
FTP --- Pure-FTPd server with forced FTPS
FMG --- FFmpeg support
GIT --- Latest Git from sources
add the shortcodes from above to like this _XTRAS_LIST='CSF CGP'
Run update:
barracuda up-stable
The opportunity for open-source developers to build Twilio/OpenPBX-like stuff using PIAF and Drupal on Ubuntu/Debian, to me, seems fantastic. As do accompanying client-facing customer interfaces, like A2Billing, which conceivably lower the barrier of entry for anyone to really start their own VOIP services company, using PIAF. Or, simply customize PIAF plus a Drupal/CRM web interface to spec. for a client project.
The only incompatibility of using PIAF with this professional web server known as BOA to overcome so far as I can see, has to do with the security model of PIAF, which uses IPTables. Also, PIAF isn't really 100% open-sourced code ala GIT on Github like this professional web server, which uses CSF firewall (here's a 2nd citation for CSF firewall[EDIT: that page says CSF Firewall actually requires IPtables, and double-checks to see if it is installed first]), so GIT code merging isn't really an option it seems. I think, but am uncertain, and surely welcome comments.
So, would it at least be possible perhaps, for the IPtables security stuff to become an optional step of the PIAF installer, which can simply be bypassed? Then, perhaps PIAF Ubuntu VOIP stuff could be installed without conflict on this professional web server known as BOA. For one thing, I think it is fair to say the firewall security model of this professional web server is well-tested and mature, so I'd prefer to use it, especially for anything actually client-facing over the internet. (and I just got really good with free Class 1 NGINX SSL certificates, which can be documented for others soon, to accompany such an Ubuntu web front-end installation recipe).
There is some conflict between the PIAF and BOA server installers. PIAF uses Apache and BOA uses NGINX, but I don't think this is anything like a show-stopper, and they don't necessarily conflict. Only redundant resources are wasted. This aspect doesn't seem too discouraging. Also, PIAF uses MySQL and BOA ditched that long ago, using MariaDB instead; and I never noticed the difference personally as a developer.
Of course I had to dig into Port Knocking which was kind of on My To-do List for a long time already, and tried to install Ward's program which lead to the error message, "IPTables is not installed", on this professional web server known as BOA, which was interesting, and then I studied up some more on CSF firewall. Turns out Port Knocking on CSF firewall can be turned on with a simple config setting, so now I'm much more secure than before this study! I learned something today about tools I've been using for years already. Thanks for the push!
One last note for others is I previously thought it best to use a non-standard SSH port, and not use Port 22. An obscurity thing, of course. No, turns out that can be risky, so port knocking is really important to setup.
EDIT: Time has passed since this was written, and it seems only fair to add more notes on using the CSF Server Webmin GUI, in case anyone tries to test-drive the Drupal BOA server linked to several times above. When/if you install BOA, to access the CSF Firewall GUI, you must first upload its webmin module at /etc/csf/csfwebmin.tgz (or /usr/local/csf/csfwebmin.tgz; I see now actually it is a symlink in /etc/csf). HOWEVER, before you can do that, you must first install webmin.
It is best to use the easier to write/read/understand instructions: The first time you install BOA using the script on Github, a new install preferences file will be created at /root/.barracuda.cnf. You must edit this file and then perform a standard Barracuda update, which must be performed from time to time, and is good to learn how to do.
Here's mostly copy/pasted text that came from here:, and also here:
Add any package like Collectd, chive at a later moment
$ vim .barracuda.cnf
PDS --- fast DNS cache server (pdnsd) (default)
BND --- Bind9 DNS Server
SLR --- MultiCore Apache Solr Tomcat (Not interesting any-more, now that I have discovered the ELK Stack! Here's a guide to install the log-centralizing/indexing server, best in its own Ubuntu virtual machine IMHO)
CHV --- Chive DB Manager (default, much more secure than using PHPmyAdmin)
BDD --- SQL Buddy DB Manager
CGP --- Collectd Graph Panel
WMN --- Webmin Control Panel
CSF --- csf/lfd Firewall (default)
CSS --- Compass Tools (available on Squeeze, Wheezy, Precise and Trusty)
FTP --- Pure-FTPd server with forced FTPS
FMG --- FFmpeg support
GIT --- Latest Git from sources
add the shortcodes from above to like this _XTRAS_LIST='CSF CGP'
Run update:
barracuda up-stable