DEAL Steal on Cloud Servers $1.00/mo.

billsimon

Experienced in Asterisk, FreePBX, and SIP
Joined
Jan 2, 2011
Messages
1,009
Reaction score
333
If it's not broken, dont fix it
Great philosophy as long as you don't want to use modern software that takes advantage of features in more recent kernels.
 

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
15,327
Reaction score
2,705
FYI: For all of the Incredible PBX platforms, these VPS offerings will work just fine and will be totally secure so long as you don't disable IPtables. Aside from 3CX not working, the other major drawback for web server hosting is the lack of ipset country blocking with this generation of OpenVZ. But the $1.50 NYC offering today is an incredible deal that you probably won't see again from any provider for a very long time. If, for no other reason, think redundancy, backups, and HA!

Code:
Hosted by ColoCrossing (Buffalo, NY) [0.04 km]: 13.228 ms
Testing download speed................................................................................
Download: 654.37 Mbit/s
Testing upload speed................................................................................................
Upload: 401.35 Mbit/s
OpenVZ VPS Special (New York) 2GB:
4 CPU Core Allocations
2048MB (2GB) Dedicated RAM
2048MB vSwap
150GB Secured Disk Space
3000GB Premium Bandwidth
1 IPv4 Address
30 IPv6 Addresses
1000Mbps Port Speed
Instantly Setup
NEW FEATURE: Advanced DDoS Protection Included!

Special Pricing: $18.00 Annually
Order Link: https://www.woothosting.com/pulse/cart.php?a=add&pid=91
 
Last edited:

mainenotarynet

Not really a Guru - Just a long time user
Joined
May 29, 2010
Messages
618
Reaction score
82
Location
Bangor, ME USA
The link with the ?a=add&pid=88 ( the two-fer) I just ordered today (Aug 22nd) so the single for 18 or the double for 36 must still be valid.

@wardmundy - I finally gave up on my host HVH in getting the etho as a veth0 - no go and I have tried Issabel (which I had working until I tried to register my Hard phone and the exten in the web GUI was wrong and Fail2Ban locked me out (even though I adjusted /etc/fail2ban/jail.conf to ignoreip = 127.0.0.1/8 [My fqnd home ip] and my cluster of IPs at hvh as I wanted to connect my OPenfire/Spark which has asterisk capabilities [block of IPs 208/28]) and restarted fail2ban - still locked me out

I like the look of Issabel4 but I keep getting locked out -- seems they have the IPTables and Fail2Ban built in but they don't match up with yours. WAZO should be Waz:asshole: as the interface looks like FPBX but major pieces missing ( the pretty pics in the NV article I found needs fqdn/admin / and they are the plugins, but they don't connect right either.

I want the Picotts/IbmBluemix/Polly/GoogleTTS options (good to have choices) but I can't seem to find a version that 'just works' - hopefully I can get SOMETHING to work on Woothosting.
 

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
15,327
Reaction score
2,705
ignoreip = 127.0.0.1/8 is your localhost, i.e your server. Private LAN would probably be 192.168.0.x or 10.0.0.x. That's why you keep getting locked out.

As for Issabel's IPtables, you can't enable it if you plan to use Incredible PBX. Otherwise, you'll get a mess. See our tutorial for setup details. Start with a clean Issabel install with CentOS 7. Then run the Incredible PBX installer.
 

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
15,327
Reaction score
2,705
Here's a quick tutorial for WootHosting until I get one published:

Issabel at WootHosting
#Begin with CentOS 7 64-bit minimal VPS from a PC you will use to manage your server
#Create a user account and then a virtual server that looks like this using your own hostname

#set a root password in Root/Admin Password tab and enable TUN/TAP in Settings
#login to your server’s IP address with SSH or Putty
yum -y update
yum -y install wget nano
wget -O - http://repo.issabel.org/issabel4-netinstall.sh | bash
# set MariaDB and admin passwords — be sure MariaDB password is passw0rd (with a zero)
# after reboot, log back in as root
wget http://incrediblepbx.com/IncrediblePBX11-Issabel4.sh
chmod +x IncrediblePBX11-Issabel4.sh
./IncrediblePBX11-Issabel4.sh
# reset MariaDB and admin passwords — be sure MariaDB password is passw0rd (with a zero)
# enter same admin password one final time when prompted (this is for Apache access to all web apps including Issabel)
# reboot
# log back in as root and Automatic Update Utility will load patches
# then log in to web client. you’ll be prompted twice (http and https) for your Apache admin credentials (same as your GUI admin password)
# save the Apache credentials to your browser so you don’t have to do it again
# login to Issabel GUI with admin and your admin password
 

mainenotarynet

Not really a Guru - Just a long time user
Joined
May 29, 2010
Messages
618
Reaction score
82
Location
Bangor, ME USA
I think you misunderstood the [my fqnd ip ] as you thought I was referencing the 127.0.0.1 -- no I have a fqdn that references my home location (my pbx is in the cloud ... remember) which actually starts 74.x.x.x/32 (one IP) and the block for my dedicated box (so ALL my other sites can hook in to pbx if needed) starts as 75.x.x.208/28 (encompases 13? or so IPs including its own public facing IP

when I add to iptables I do add-fqdn thehouse myfqdn.tld and set to 0 so I can do everything at the house

Waiting on woothosting now
 

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
15,327
Reaction score
2,705


OpenVZ VPS Labor Day Special 1GB (perfect for any of our VoIP platforms):


2 CPU Core Allocations
1024MB (1GB) Dedicated RAM
1024MB vSwap
50GB Secured Disk Space
3000GB Premium Bandwidth
1 IPv4 Address
100Mbps Port Speed
Instantly Setup
Location: Los Angeles, Miami or New York
NEW FEATURE: Advanced DDoS Protection Included!

Special Pricing: $12.00 Annually (50¢ more per month buys double the RAM and performance with triple the storage)

Order Link: https://www.woothosting.com/pulse/cart.php?a=add&pid=90

Wazo Platform Tutorial: Installing Wazo on WootHosting VPS

Getting Started: Issabel in the Cloud for $1.00 to $3.50 per month

Revolutionary VoIP: The New (free) PIAF5 powered by 3CX

 
Last edited:

mainenotarynet

Not really a Guru - Just a long time user
Joined
May 29, 2010
Messages
618
Reaction score
82
Location
Bangor, ME USA
I was doing some reading on the high availability with Wazo, but then had a thought -- those that use FOP2 (Licensed of course) would need two (one for each server as when main goes down, so does FOP2. HA is a great idea but when you need two of everything (I have the Full License ($80) which is IM Chat and Visual Voicemail too) that could get expensive. Maybe Asternic? could modify the license code to accommodate a Failover server (1 only) so one license works on both Master and slave (maybe for an extra $20) but then how do you account for switching the fop2 to the 2nd server - I imagine in DNS having two IPs for the same domain would wreak havok (I like wreaking havok) or not even work at all.

I might go with Wazo anyways. Issabell having in-built iptables and fail2ban which did lock me out when adding a hard phone AFTER I added myself to the /etc/fail2ban/jail.conf ignoreIP list is how I found that Issabel doesn't use the jails (and in their interface has no option to ignoreIP anyways)

I'll let you know if I can get Wazo working correctly on Woothosting. Trying Now.
 

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
15,327
Reaction score
2,705
Wazo works fine on WootHosting including NeoRouter (which you will need for HA). We have one running in Miami already:

 

dicko

Still learning but earning
Joined
Oct 30, 2015
Messages
676
Reaction score
251
I think the OpenVZ platform itself is tied to the 2.6 kernel. So I don't think you can upgrade the kernel without moving to another release of OpenVZ. Micro$oft would call it a "feature." Try finding an OpenVZ platform that is not 2.6-based just for grins. It's the reason we ditched Proxmox way back when.

The security issues really don't matter much for Incredible PBX and other platforms that use the Travelin' Man 3 whitelist firewall because the bad guys can't even see your server. Personally, we don't use OpenVZ for public web servers because port 80 is exposed. But, for PBXs with a whitelist firewall, it doesn't much matter... and it's dirt cheap.
DYI proxmox akso deopped openvz for much the same reason, the now use LXC

Personally the use of containers is anathema for me as they preclude aggressive kernel based firewall rules for portscan/portflood detection as done by CSF gor example. IMHO it as worth two bucks a month for a kvm .
 
  • Like
Reactions: wardmundy

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
15,327
Reaction score
2,705
@dicko: 100% agree where a server is used for public access of any kind. However, at least for Incredible PBX servers that use Travelin' Man 3 with its whitelist-based firewall, there is almost zero risk of intrusion from strangers so the usual kernel-based rules for portscan/portflood and ipset are unnecessary since the bad guys can't even see the server. And that's why these servers are such a great deal for VoIP implementations.
 

dicko

Still learning but earning
Joined
Oct 30, 2015
Messages
676
Reaction score
251
@dicko: 100% agree where a server is used for public access of any kind. However, at least for Incredible PBX servers that use Travelin' Man 3 with its whitelist-based firewall, there is almost zero risk of intrusion from strangers so the usual kernel-based rules for portscan/portflood and ipset are unnecessary since the bad guys can't even see the server. And that's why these servers are such a great deal for VoIP implementations.
I love your confidence Ward, historically however way too many navies have been destroyed by not thinking geek fire (sic). was a real problem ;-), complacency will always be trumped by a wise virgin's candle. I apologise for the mixed metaphors but just wait . . .
 
Last edited:

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
15,327
Reaction score
2,705
I love your confidence Ward, historically however way too many navies have been destroyed by not thinking geek fire (sic). was a real problem ;-), complacency will always be trumped by a wise virgin's candle. I apologise for the mixed metaphors but just wait . . .
Yep. Never say never. Always pays to be diligent and to keep your server updated and to keep your firewall monitored. 5-1/2 years and counting...
 

krzykat

Guru
Joined
Aug 2, 2008
Messages
1,610
Reaction score
438
Location
South Florida
Hey Guys - sorry - late to the party - been off the forum for a while. OK - scanning this real quick this looks like a wonderful solution to a potential problem that I and I'm sure many others have. I like and trust Vultr right now, and their backups are awesome. However last month they were having an issue (assume DDOS attack) in Miami and I had to quickly create new instances in Atlanta from the backups to get people back up and running in short order. Then comes along the HA which when coupled with OpenDNS sounds like a real winner. But instead of putting all eggs in one basket, it sounds like the best bet would be to keep my Vultr as Primary and then use this new service as the redundant HA backup. Has anyone done this and how has it gone?
 
  • Like
Reactions: wardmundy

Members online

PIAF 5 - Powered by 3CX

Forum statistics

Threads
22,523
Messages
138,565
Members
14,646
Latest member
cigspriced