Home » Search results for 'web sites 101'

Search Results for: web sites 101

The Most Versatile VoIP Provider: FREE PORTING

ISP-In-A-Box: The $500 Mac mini (Chapter X, Web Sites 101, Part II)

Today we finish up our two-part series on a few webmaster fundamentals that you will need before we can build some of our upcoming web projects. The tasks assume that you already have an Apache Web Server up and running and that you have installed Webmin which we covered last week. As in past columns, our preference is that you first at least read through our previous ISP-In-A-Box tutorials (available as a PDF collection here) so that you have a basic understanding of how to do things, but that√¢‚Ǩ‚Ñ¢s up to you. Yesterday we showed you how to assure that directories without a default web page never display, and you learned how to password-protect web site directories. Today we’ll show you how to configure Apache to serve up multiple web sites from a single web server, yours.

There’s no reason you can’t have more than one domain with your new web server. And each can have its own independent web site. Whether it’s static or data-driven is, of course, up to you. You also can build fully-qualified subdomains for all of your kids or small-business departments, and let them maintain their own web sites using the Mac’s built-in user accounts. For example, web sites for johnny.begood.com and betty.begood.com would be built in the Sites folder for accounts set up on your Mac as johnny and betty. Then it’s a simple matter, with Omnis.com’s DNS tools, to point johnny.begood.com to the appropriate web site using a Proxy (aka mod_proxy) record for the begood.com domain that looks like this (substituting your own IP address, of course):

  • Namejohnny
  • TypePROXY
  • Contenthttp://111.111.111.111/~johnny
  • But suppose you want to have two completely different domains with two completely different web sites, and you don’t want to have to create separate Mac accounts to maintain each domain. That’s not a problem either. Apache was designed to do just that. We’re going to use Webmin to configure a second domain which we’ll create in a new folder called calendar off our main web site tree: /Library/WebServer/Documents. Note, however, that you shouldn’t create the calendar folder under the default Documents folder unless you don’t mind that folks visiting your main web site (http://mydomain.com) can also access the calendar web site by going to http://mydomain.com/calendar. If you want to prevent this, then you’d create the calendar folder at the same level as the Documents folder, i.e. as a new folder in the /Library/WebServer folder. The only drawback of the latter approach is that you can no longer access the site using the http://localhost syntax. I’ll bet you can figure out why.

    The first step is obviously to register a second domain and use the registrar’s DNS service. We’ve previously covered this (here) if you need some help. Once you have done that, create two new DNS A records that point to your IP address. Apache will handle figuring out which domain is hitting your web server. Note that you cannot use Proxy records if you want Apache to resolve the domain names. If you use Proxy records, you can distinguish various web sites by assigning each domain to a different port, e.g. 82, 83, and 84. The syntax for the Content would be http://111.111.111.111:81. You also would have to enable these ports in the Apache config file by searching for the word "Listen" in httpd.conf and adding separate lines for each port you wish to enable: Listen 82, Listen 83, and Listen 84. Then you would restart Apache. For now, let’s use A records which are a bit easier to implement:

  • Namewww
  • Content111.111.111.111
  • Name@
  • Content111.111.111.111
  • We’re now ready to configure Apache to handle the second domain. Make sure Webmin is running on your server (/etc/webmin/start), and then open a web browser and go to http://localhost:10000. Click on the Servers button and then click Apache Web Server. At the bottom of the page is a form to Create A New Virtual Server. Just fill out the form with these settings and leave the other defaults the way they are. Then click the Create Now button.

  • Handle connections to addressany address
  • Portdefault (if you were using the Proxy port approach, you would specify port 82, etc. here)
  • Document root/library/webserver/documents/calendar
  • Domainmydomain.com (use the real name of your second domain here)
  • For your changes to take effect, you’ll need to stop and restart your web server. This can be done at the top of the form by clicking the Stop Apache button and then the Start Apache button.

    ISP-In-A-Box: The $500 Mac mini (Chapter X, Web Sites 101, Part I)

    Today and tomorrow, we're going to cover a few more fundamentals that you will need to master before we can build some of our upcoming web projects. Today's tasks assume that you already have an Apache Web Server up and running and that you have installed Webmin which we covered last week. As in past columns, our preference is that you first at least read through our previous ISP-In-A-Box tutorials (available as a PDF collection here) so that you have a basic understanding of how to do things, but that's up to you. Our three projects for today and tomorrow are assuring that directories without a default web page never display, learning how to password-protect web site directories, and mastering how to configure Apache to serve up multiple web sites from a single web server, yours.

    Preventing Display of Web Site Directories With No Default Web Page. As delivered by Apple with your new Mac, the default Apache configuration tells your web server to display a directory listing of any web site directory that does not have a default web page (index.html or index.php). That means that, if you create subdirectories below /Library/WebServer/Documents, the contents of each one will be shown to any visitor that guesses the name of the directory. If you happen to have your tax returns stored there, you see the problems this might cause. To demonstrate what I'm talking about, let's create a directory and then access it with a web browser. Open a Terminal window and switch to root access: sudo su. Now create a directory called emrem under your main web site: mkdir /Library/WebServer/Documents/emrem. Switch to your web browser and access the new site: http://localhost/emrem/. See what I mean. If you had filled emrem with documents, they would be accessible to anyone on the Internet. The same default applies to your personal web site at http://localhost/~username and subdirectories created in your Sites folder. For security's sake and your own peace of mind, I prefer defaults which specify that the contents of directories not be displayed unless you expressly authorize it. So here's how to fix it. Switch back to your Terminal window with root access. Move to the Apache configuration directory: cd /etc/httpd. Now let's edit the Apache config file carefully: pico httpd.conf. Search for the word "indexes": Ctrl-W, indexes, then enter. We're looking for every line in the config file that begins with the word "Options" and contains the word "Indexes." This probably won't apply for the first match of the word "Indexes" so move the next occurrence of the term: Ctrl-W then enter. You should get a match on this one. Position the cursor under the "I" in Indexes and press CTRL-D until the entire word is deleted. Then search for the next match, and repeat the drill until you get to the bottom of the file. Now save your changes: CTRL-X, Y, then enter. Now stop and then restart Apache for your changes to take effect (covered in our Apache tutorial). Then access http://localhost/emrem/ again, and you should get an access denied message.

    Password-Protecting Web Site Directories. There also will be times when you want to build web sites on your server which are available over the Internet, just not to everybody. The easiest way to accomplish this is to prompt for a username and password to log in to certain sites before any access is provided. Apache handles this for any web browser, but you first have to enable it. Then you need to build a password file and store it where Apache can find it, but your web site vistors cannot. And finally, we need to insert an .htaccess file in every directory that you want to password-protect for Internet access.

    Configuring default htaccess file. To get started, Ctrl-Click here and Download the Linked htaccess File to your Desktop. Do not save the file with a leading period in the file name. We'll do that later. Open Finder, click on your local hard disk, and navigate to the /Library/WebServer folder. Now Click-And-Drag the htaccess file on your Desktop to the /Library/WebServer folder. Close your Finder window, and then open a Terminal window. Switch to root user access: sudo su. Provide your admin password if prompted. Now we want to clean up the ownership and permissions for our sample htaccess file so move to the directory where we put the file: cd /Library/WebServer. Make root the owner of the file: chown root htaccess. Make admin the group for the file: chgrp admin htaccess. Now set the file permissions for world read access only: chmod 774 htaccess.

    Configuring Apache for Password-Protected Directories. Now we have to configure Apache so that we can password-protect directories. The default Apache configuration would ignore our .htaccess file. Using your Terminal window with root access, move to the Apache configuration directory: cd /etc/httpd. Now let's edit the config file carefully: pico httpd.conf. Search for the word ".htaccess": Ctrl-W, .htaccess, then enter. This will position the cursor on a comment about using .htaccess files to override Apache settings. Immediately below the comment is a line which begins with the word "AllowOverride." We want to replace the word after AllowOverride with the word "All" (without quotes). Move the cursor to the beginning of the word to be deleted and press Ctrl-D until the word is deleted. Then type All. Save the config file: CTRL-X, Y, then enter. Now stop and then restart Apache for your changes to take effect (covered in our Apache tutorial).

    Building a Password File. The password file is where Apache looks to determine whether one of your web site visitors (including you) is allowed access. There are a couple tricks to this. First, you want to put the file where Apache can read it, but your web visitors cannot. And you want to be careful not to insert blank lines in the file with just a colon. That basically lets everyone in. The format for the file is username:password, each on a separate line. And the password are encrypted. Here's how to do it. Open a Terminal window and switch to root access: sudo su. Now let's move to the directory where we'll put the password file: cd /usr/local. We're going to name our password file users.pw to match the htaccess file that you already downloaded. To create the file and erase any existing file without warning type: htpasswd -c users.pw admin. Think up a password you can remember, and you'll be prompted to type it twice. Now let's verify that the file was created: cat users.pw. You should see the word admin, then a colon, and then your encrypted password. To add additional users to your existing file, just type: htpasswd -b users.pw username password. Remember, if you accidentally use the htpasswd -c syntax a second time, you will overwrite your existing file and all of its entries. So be careful.

    Password-Protecting A Directory. The way you password-protect a given directory on your web site is to copy the htaccess file we downloaded earlier into the desired directory, and name it .htaccess (with a leading period). So let's try it. Move to the nerd directory we built previously: cd /Library/WebServer/Documents/nerd. Now copy the htaccess file into the directory: cp /Library/WebServer/htaccess .htaccess. Close your web browser and reopen it to http://localhost/nerd/ and you should be prompted for a username and password. Type in admin and the password you made up, and you should be admitted. If you're not prompted for a username and password, you probably forgot to restart your Apache web server after updating the Apache config file. If you can't get in with the the username and password you thought would work, just recreate the file, and try again. Suppose you change your mind and want to remove password protection from a directory. Switch to root access with Terminal: sudo su. Move to the directory: cd /Library/WebServer/Documents/nerd. And then delete the .htaccess file: rm .htaccess. You may have to change our browser and reopen it for the changes to take effect.

    Security 101: A Fresh Look at Incredible PBX Security Audit Methodology

    Incredible PBX remains one of the most secure VoIP server platforms on the planet for one simple reason. We always deploy a preconfigured Linux IPtables firewall with a whitelist that hides your server from everyone except you and trusted VoIP providers. IPtables is automatically configured and deployed as part of every initial install of Incredible PBX regardless of your platform. This includes XiVO with Debian 8 as well as CentOS 6 and 7, Ubuntu 14.04, Raspbian 7 and 8, and even SHMZ OS (not recommended). If your server happens to be housed behind a hardware-based firewall as well, then so much the better. That obviously isn’t possible with most Cloud-based servers so IPtables firewall security is a must.

    Unlike most other VoIP server platforms, we don’t leave firewall configuration to chance. Nor do we assume you’re a firewall expert. It really doesn’t matter whether you are or not, you still need a server platform that is secure and protected. So we do it for you initially and, if you are a firewall expert or study to become one, you then can modify the default settings to meet your own requirements down the road. In the meantime, you and your server are protected.

    As you probably have surmised, we conduct periodic security audits of our servers testing for vulnerabilities. And we perform these audits locally as well as remotely using servers we’ve deployed throughout the world. We also deploy honeypot servers from time to time in order to gather important information about what the bad guys are up to. With as many platforms as Incredible PBX now supports, just conducting local and remote security audits is no small feat.

    Today we want to share some of the methodology we use in conducting our audits, and we’ll provide the results of our most recent remote security audit. We encourage everyone with a VoIP server, whether it’s Incredible PBX or some other platform, to periodically test your server(s) for vulnerabilities AND access. It not only could save you thousands of dollars, but it also protects the rest of us by assuring that you haven’t inadvertently provided malicious individuals with a zombie platform from which to launch denial of service and spam attacks against the Internet community. So let’s get started.

    The first step in testing your server is to log into your server as root using SSH or Putty from multiple IP addresses. These sites should include logins from the home base of your server if it’s a dedicated machine, from your home PC, from a neighbor’s PC, from a public WiFi hotspot, and from your smartphone as well as someone else’s. If you gain access from all of these sites, you’ve got a problem. It means SSH access is not protected in any way on your server. While SSH is relatively secure, it has had its share of problems. And zero day vulnerabilities are regularly discovered in various Linux utilities so exposing all of your server’s important resources to the Internet is a very bad idea.

    The second test deciphers the existing firewall rules that have been activated on your server: iptables -nL. If the results look like the following, you’ve got a major problem. It means there are no firewall rules blocking any access to your server:

    root@incrediblepbx:~ $ iptables -nL
    
    Chain INPUT (policy ACCEPT)
    target     prot opt source               destination         
    
    Chain FORWARD (policy ACCEPT)
    target     prot opt source               destination         
    
    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination         
    

    Next, reboot your server and repeat the first two tests to make certain that your firewall still is activated properly whenever your server experiences a power outage and comes back on line.

    If your firewall is not running, try issuing the command, iptables-restart, and then retest: iptables -nL. If you get the same results shown above, then something has come unglued. Here’s how to easily fix things up. First, move to the directory where the iptables rules are stored on your server. For CentOS/SL/RHEL, it’s /etc/sysconfig. For Debian/Ubuntu/Raspbian, it’s /etc/iptables.

    Next, copy the default Incredible PBX firewall settings to the proper file location.

    For CentOS/SL/RHEL platforms:

    cp -p /etc/sysconfig/rules.v4.ubuntu14 /etc/sysconfig/iptables
    cp -p /etc/sysconfig/rules.v6.ubuntu14 /etc/sysconfig/ip6tables
    

    For Debian/Ubuntu/Raspbian platforms:

    cp -p /etc/iptables/rules.v4.ubuntu14 /etc/iptables/rules.v4
    cp -p /etc/iptables/rules.v6.ubuntu14 /etc/iptables/rules.v6
    

    Next, edit iptables (CentOS/SL/RHEL) or rules.v4 (Debian/Ubuntu/Raspbian) and move to the bottom of the file where you’ll find a section that looks like this:

    # The IP addresses are your server, user, and public addresses respectively
    -A INPUT -s 8.8.4.4 -j ACCEPT
    -A INPUT -s 8.8.8.8 -j ACCEPT
    -A INPUT -s 74.86.213.25 -j ACCEPT
    

    Replace the existing IP addresses with the actual IP addresses of your server, user workstation, and public IP address. Be very careful here. If you don’t whitelist the IP address of the machine on which you are performing these tasks, you will lock yourself out when you restart your firewall. Once you’ve made the changes, save the file.

    Finally, restart IPtables using the following command: iptables-restart. Then retest: iptables -nL.

    We’re not going to spend a lot of time addressing what the proper firewall rules for your VoIP server should be. If you’re interested, you can take a look at the IPtables firewall setup that is deployed with Incredible PBX. On RHEL/CentOS/SL servers, you’ll find the firewall rules in /etc/sysconfig/iptables. On Debian/Ubuntu/Raspbian servers, the rules are in /etc/iptables/rules.v4. Suffice it to say that, if the only remote access required with your server is to connect to VoIP service providers, there is no reason to expose your web server or your SIP ports to the Internet, period. And this is true whether your server is sitting behind a hardware-based firewall or not.

    The Incredible PBX security design uses a whitelist to provide access to most network services other than those that are absolutely essential to the operation of your server. The reason we use a whitelist is because blacklists don’t work. Those interested in doing harm to your server are perfectly capable of altering their IP addresses until they find one that isn’t blacklisted. And they also are adept at poisoning blacklists with IP addresses that are absolutely essential to the operation of your server, e.g. DNS servers and NTP servers.

    As part of every Incredible PBX firewall install, we provide SIP and IAX access to many of the major VoIP providers around the globe. You may be wondering why we use IP addresses for providers rather than fully-qualified domain names. The reason is that IPtables doesn’t directly support FQDNs. Instead, when IPtables starts up, it looks up every FQDN and converts it into an IP address. If a server matching the FQDN happens to be off line, IPtables crashes and burns. The same is true if the lookup is attempted before DNS services are running on your server. So, the short answer to why we use IP addresses is because it is safer. The downside, of course, is you can’t eyeball the IP address and decipher to whom it belongs. If you ever have any doubt about the identity of the provider associated with any specific IP address, there’s a simple utility you can run to identify its owner: nslookup 178.63.143.236.

    Here is a list of the providers included in the default Incredible PBX whitelist. Others can be added using the add-ip and add-fqdn utilities in /root. If you use FQDNs, be sure to add the entries to /root/ipchecker so that your IP addresses are periodically checked and updated when necessary. This is especially important for dynamic IP addresses at remote locations.

    outbound1.vitelity.net
    inbound1.vitelity.net
    atlanta.voip.ms
    chicago.voip.ms
    dallas.voip.ms
    houston.voip.ms
    losangeles.voip.ms
    newyork.voip.ms
    seattle.voip.ms
    tampa.voip.ms
    montreal.voip.ms
    montreal2.voip.ms
    toronto.voip.ms
    toronto2.voip.ms
    london.voip.ms
    didforsale.com
    callcentric.com
    sipgate.com
    chi-in.voipstreet.com
    did.voip.les.net
    magnum.axvoice.com
    proxy.sipthor.net
    sip.voipwelcome.com
    incoming.future-nine.com
    outgoing.future-nine.com
    DEN.teliax.net
    LAX.teliax.net
    NYC.teliax.net
    ATL.teliax.net
    IPkall (defunct) used two IP addresses: 66.54.140.46 and 66.54.140.47
    gvgw1.simonics.com
    sip2sip.info
    googlelabs.com
    talk.google.com
    gmail.com
    

    The major drawbacks to firewall whitelists are (1) you can inadvertently lock yourself out of your own server and (2) someone that needs access to your server from remote locations may have more difficulty connecting without intervention by a network administrator to authorize remote access. With Incredible PBX, we’ve provided some tools to ease the pain. First, Incredible PBX is deployed with both the PPTP and NeoRouter VPN platforms already in place. With a VPN IP address, remote logins are minimized because they work from almost anywhere. Second, Incredible PBX includes the PortKnocker utility which lets a remote user "knock" on the server using three randomly assigned port numbers to gain temporary access. Many Incredible PBX platforms also support Travelin’ Man 4 which lets you authorize remote access by telephone. You also need to test remote VPN, PortKnocker, and Travelin’ Man 4 access as part of your security audits.

    Testing for vulnerabilities is only half of the puzzle. Also make certain that your server has the proper Linux tools in place to allow you to whitelist additional IP addresses so that remote users can deploy phones or gain access to your server when necessary. Try to run the nslookup and dig utilities to verify that they are installed on your server. If not, install them with yum install bind-utils (CentOS/SL/RHEL) or apt-get install dnsutils (Debian/Ubuntu/Raspbian).

    Security Audit Results. We’re pleased to report that no vulnerabilities were identified in any of the Incredible PBX platforms; however, good security practices dictate that the IPkall IP addresses should probably be removed from the whitelist now that the company has ceased providing VoIP services.

    For CentOS/SL/RHEL platforms:

    sed -i '/66.54.140.46/d' /etc/sysconfig/iptables
    sed -i '/66.54.140.47/d' /etc/sysconfig/iptables
    sed -i '/66.54.140.46/d' /etc/sysconfig/rules.v4.ubuntu14
    sed -i '/66.54.140.47/d' /etc/sysconfig/rules.v4.ubuntu14
    iptables-restart
    

    For Debian/Ubuntu/Raspbian platforms:

    sed -i '/66.54.140.46/d' /etc/iptables/rules.v4
    sed -i '/66.54.140.47/d' /etc/iptables/rules.v4
    sed -i '/66.54.140.46/d' /etc/iptables/rules.v4.ubuntu14
    sed -i '/66.54.140.47/d' /etc/iptables/rules.v4.ubuntu14
    iptables-restart
    

    We did identify a couple of access anomalies that kept the add-ip and add-fqdn utilities in /root from functioning properly. These glitches meant that a few administrators could not easily add remote IP addresses to their whitelists. Three fixes are recommended. First, be sure the utilities documented in the previous paragraph are installed on your server. Second, on CentOS/SL/RHEL platforms or servers installed using the Incredible PBX ISO, issue the following commands after logging into your server as root:

    sed -i 's|/etc/iptables/rules.v4|/etc/sysconfig/iptables|' /root/add-ip
    sed -i 's|/etc/iptables/rules.v4|/etc/sysconfig/iptables|' /root/add-fqdn
    

    Third, for Incredible PBX deployments on the CentOS 7 platform, issue these commands while logged in as root:

     chattr -i /root/add-ip
     sed -i 's|iptables-persistent|iptables|' /root/add-ip
     chattr +i /root/add-ip
    

    Be safe!

    Originally published: Tuesday, August 9, 2016





    Need help with Asterisk? Visit the PBX in a Flash Forum.


     

    Special Thanks to Our Generous Sponsors


    FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

    BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

    The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

    VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
     

    Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
     



    Some Recent Nerd Vittles Articles of Interest…

    PIAF 101: Taking Asterisk 10 for a Spin

    There’s been some interest in a quick-and-dirty guide to get PBX in a Flash up and running without much in the way of bells and whistles. So here you go. This step-by-step will get PIAF-Red with Asterisk® 10 or PIAF-Purple with Asterisk 1.8.5.0 or 1.8.6.01 humming away. If you’re going to do things this way, then make sure your PIAF server or virtual host with PIAF is sitting behind a secure, hardware-based firewall (such as dLink’s Gaming Router) with NO INTERNET PORT EXPOSURE to your PIAF box!

    UPDATE: Digium has dropped support for Google Voice in Asterisk 10 so we no longer recommend Asterisk 10 for production use. You can read all about it here.

    Atom-based PC Platform. For the least expensive hardware alternative, pick up an Atom-based PC, preferably not an EEE PC because of the network driver incompatibility with CentOS. The refurbished Revos work fine. Someone has actually tested them! And they can easily support a small business with dozens of phones.

    PIAF ISO Setup. Once you have your hardware connected to a reliable Internet source, you’ll need to choose the appropriate ISO for your hardware. If you have a CD-ROM or DVD drive on your server, we’d recommend the 32-bit PIAF 1.7.5.6.3 ISO. Just download it from SourceForge or one of the PIAF mirror sites, burn it to a CD, and then boot your server from the CD. If your server lacks a CD-ROM and DVD drive, then download the brand new 32-bit PIAF 1.7.5.6.3 Flash-Only ISO from SourceForge and copy it to a 1GB or larger thumb drive following the instructions in this Nerd Vittles tutorial. Then boot your server from the thumb drive. You’ll find OpenVZ and VMware templates on our download mirrors as well.

    PIAF Installation. Once you’ve booted the PIAF installer, you’ll be prompted to choose an installation method. For most users, simply pressing the Enter key will get things started. Choose a keyboard and time zone when prompted and then enter a very secure root password for your new server. The installer then will load CentOS 5.6 onto your server. When complete, your server will reboot. Remove the CD or Flash Drive at this point, and you’ll be prompted to choose the version of Asterisk to install. Just for fun, choose PIAF-Red which loads the latest Asterisk 10 beta. It works just fine!

    During the final phase of the install, you will be prompted to choose a master password for FreePBX® and the other VoIP web utilities. Once your server reboots, log into the Linux CLI using your root password and write down the IP address of your server from the status display.

    FreePBX Setup. Most of your life with PBX in a Flash will be spent using the FreePBX web GUI and your favorite browser. Just click on the image below to enlarge. To access the FreePBX GUI, point your browser at the IP address you wrote down. Read the RSS Feed in the PIAF GUI for late-breaking security alerts. Then click on the Users button which will toggle to the Admin menu. Click the FreePBX icon. When prompted for your username and password, the username is maint. The password will be the FreePBX master password you chose in completing the PIAF install.

    To get a minimal system functioning, here’s the 5-minute drill. You’ll need to set up at least one extension with voicemail, configure a free Google Voice account for free calls in the U.S. and Canada, configure inbound and outbound routes to manage incoming and outgoing calls, and plug your maint password into CallerID Superfecta so that names arrive with your incoming calls. Once you add a phone with your extension credentials, you’re done.

    Extension Setup. Now let’s set up an extension to get you started. A good rule of thumb for systems with less than 50 extensions is to reserve the IP addresses from 192.x.x.201 to 192.x.x.250 for your phones. Then you can create extension numbers in FreePBX to match those IP addresses. This makes it easy to identify which phone on your system goes with which IP address and makes it easy for end-users to access the phone’s GUI to add bells and whistles. To create extension 201 (don’t start with 200), click Setup, Extensions, Generic SIP Device, Submit. Then fill in the following blanks USING VERY SECURE PASSWORDS and leaving the defaults in the other fields for the time being.

    User Extension … 201
    Display Name … Home
    Outbound CID … [your 10-digit phone number if you have one; otherwise, leave blank]
    Emergency CID … [your 10-digit phone number for 911 ID if you have one; otherwise, leave blank]

    Device Options
    secret … 1299864Xyz [make this unique AND secure!]
    dtmfmode … rfc2833
    Voicemail & Directory … Enabled
    voicemail password … 14332 [make this unique AND secure!]
    email address … yourname@yourdomain.com [if you want voicemail messages emailed to you]
    pager email address … yourname@yourdomain.com [if you want to be paged when voicemail messages arrive]
    email attachment … yes [if you want the voicemail message included in the email message]
    play CID … yes [if you want the CallerID played when you retrieve a message]
    play envelope … yes [if you want the date/time of the message played before the message is read to you]
    delete Vmail … yes [if you want the voicemail message deleted after it’s emailed to you]
    vm options … callback=from-internal [to enable automatic callbacks by pressing 3,2 after playing a voicemail message]
    vm context … default

    Write down the passwords. You’ll need them to configure your SIP phone.

    Extension Security. We cannot overstress the need to make your extension passwords secure. All the firewalls in the world won’t protect you from malicious phone calls on your nickel if you use your extension number or something like 1234 for your extension password if your SIP or IAX ports happen to be exposed to the Internet. Incredible PBX automatically randomizes all of the extension passwords for you.

    In addition to making up secure passwords, the latest versions of FreePBX also let you define the IP address or subnet that can access each of your extensions. Use it!!! Once the extensions are created, edit each one and modify the permit field to specify the actual IP address or subnet of each phone on your system. A specific IP address entry should look like this: 192.168.1.142/255.255.255.255. If most of your phones are on a private LAN, you may prefer to use a subnet entry in the permit field like this: 192.168.1.0/255.255.255.0 using your actual subnet.

    Courtesy of wordle.net

    Adding a Google Voice Trunk. There are lots of trunk providers, and one of the real beauties of having your own PBX is that you don’t have to put all of your eggs in the same basket… unlike the AT&T days. We would encourage you to take advantage of this flexibility. With most providers, you don’t pay anything except when you actually use their service so you have nothing to lose.

    For today, we’re going to take advantage of Google’s current offer of free calling in the U.S. and Canada through the end of this year. You also get a free phone number in your choice of area codes. PBX in a Flash now installs a Google Voice module for FreePBX that lets you set up your Google Voice account with PBX in a Flash in just a few seconds once you have your credentials.

    Signing Up for Google Voice. You’ll need a dedicated Google Voice account to support PBX in a Flash. The more obscure the username (with some embedded numbers), the better off you will be. This will keep folks from bombarding you with unsolicited Gtalk chat messages, and who knows what nefarious scheme will be discovered using Google messaging six months from now. So keep this account a secret!

    We’ve tested this extensively using an existing Gmail account rather than creating a separate account. Take our word for it. Inbound calling is just not reliable. The reason seems to be that Google always chooses Gmail chat as the inbound call destination if there are multiple registrations from the same IP address. So… set up a dedicated Gmail and Google Voice account, and use it exclusively with PBX in a Flash. Google Voice no longer is by invitation only. If you’re in the U.S. or have a friend that is, head over to the Google Voice site and register. If you’re living on another continent, see MisterQ’s posting for some tips on getting set up.

    You must choose a telephone number (aka DID) for your new account, or Google Voice calling will not work… in either direction. You also have to tie your Google Voice account to at least one working phone number as part of the initial setup process. Your cellphone number will work just fine. Don’t skip this step either. Just enter the provided confirmation code when you tell Google to place the test call to the phone number you entered. Once the number is registered, you can disable it if you’d like in Settings, Voice Setting, Phones. But…

    IMPORTANT: Be sure to enable the Google Chat option as one of your phone destinations in Settings, Voice Setting, Phones. That’s the destination we need for PBX in a Flash to function with Google Voice! Otherwise, inbound and/or outbound calls will fail. If you don’t see this option, you may need to call up Gmail and enable Google Chat there first. Then go back to the Google Voice Settings and enable it. Be sure to try one call each way from Google Chat in Gmail. Then disable Google Chat in GMail for this account. Otherwise, it won’t work with PIAF.

    While you’re still in Google Voice Settings, click on the Calls tab. Make sure your settings match these:

    • Call ScreeningOFF
    • Call PresentationOFF
    • Caller ID (In)Display Caller’s Number
    • Caller ID (Out)Don’t Change Anything
    • Do Not DisturbOFF
    • Call Options (Enable Recording)OFF
    • Global Spam FilteringON

    Click Save Changes once you adjust your settings. Under the Voicemail tab, plug in your email address so you get notified of new voicemails. Down the road, receipt of a Google Voice voicemail will be a big hint that something has come unglued on your PBX.

    Configuring Google Voice Trunk in FreePBX. All trunk configurations now are managed within FreePBX, including Google Voice. This makes it easy to customize PBX in a Flash to meet your specific needs. Click the Setup tab and choose Google Voice in the Third Party Addons. To Add a new Google Voice account, just fill out the form:

    Phone number is your 10-digit Google Voice number. Username is your Google Voice account name without @gmail.com. NOTE: You must use a Gmail.com address in the current version of this module! Password is your Google Voice password. NOTE: Don’t use 2-stage password protection in this Google Voice account! Be sure to check all three boxes: Add trunk, Add routes, and Agree to TOS. Then click Submit Changes and reload FreePBX. Down the road, you can add additional Google Voice numbers by clicking Add GoogleVoice Account option in the right margin and repeating the drill. For Google Apps support, see this post on the PIAF Forum.

    Outbound Routes. The idea behind multiple outbound routes is to save money. Some providers are cheaper to some places than others. It also provides redundancy which costs you nothing if you don’t use the backup providers. The Google Voice module actually configures an Outbound Route for 10-digit Google Voice calling as part of the automatic setup. If this meets your requirements, then you can skip this step for today.

    Inbound Routes. An Inbound Route tells PBX in a Flash how to route incoming calls. The idea here is that you can have multiple DIDs (phone numbers) that get routed to different extensions or ring groups or departments. For today, we’ll build a simple route that directs your Google Voice calls to extension 201. Choose Inbound Routes, leave all of the settings at their default values except enter your 10-digit Google Voice number in the DID Number field. Enable CallerID lookups by choosing CallerID Superfecta in the CID Lookup Source pulldown. Then move to the Set Destination section and choose Extensions in the left pull-down and 201 in the extension pull-down. Now click Submit and save your changes. That will assure that incoming Google Voice calls are routed to extension 201.

    IMPORTANT: Before Google Voice calling will actually work, you must restart Asterisk from the Linux command line interface. Log into your server as root and issue this command: amportal restart.

    CallerID Superfecta Setup. CallerID Superfecta needs to know your maint password in order to access the necessary modules to retrieve CallerID information for inbound calls. Just click Setup, CID Superfecta, and click on Default in the Scheme listings in the right column. Scroll down to the General Options section and insert your maint password in the Password field. You may also want to enable some of the other providers and adjust the order of the lookups to meet your local needs. Click Agree and Save once you have the settings adjusted.

    General Settings. Last, but not least, we need to enter an email address for you so that you are notified when new FreePBX updates are released. Scroll to the bottom of the General Settings screen after selecting it from the left panel. Plug in your email address, click Submit, and save your changes. Done!

    Adding Plain Old Phones. Before your new PBX will be of much use, you’re going to need something to make and receive calls, i.e. a telephone. For today, you’ve got several choices: a POTS phone, a softphone, or a SIP phone. Option #1 and the best home solution is to use a Plain Old Telephone or your favorite cordless phone set (with 8-10 extensions) if you purchase a little device known as a Sipura SPA-3102. It’s under $70. Be sure you specify that you want an unlocked device, meaning it doesn’t force you to use a particular service provider. This device also supports connection of your PBX to a standard office or home phone line as well as a telephone.

    Configuring a SIP Phone. There are hundreds of terrific SIP telephones and softphones for Asterisk-based systems. Once you get things humming along, you’ll want a real SIP telephone such as the $50 Nortel color videophone we’ve recommended previously. You’ll also find lots of additional recommendations on Nerd Vittles and in the PBX in a Flash Forum. If you’re like us, we want to make damn sure this stuff works before you shell out any money. So, for today, let’s download a terrific (free) softphone to get you started. We recommend X-Lite because there are versions for Windows, Mac, and Linux. So download your favorite from this link. Install and run X-Lite on your Desktop. At the top of the phone, click on the Down Arrow and choose SIP Account Settings, Add. Enter the following information using 201 for your extension and your actual password for extension 201. Then plug in the actual IP address of your PBX in a Flash server instead of 192.168.0.251. Click OK when finished. Your softphone should now show: Available.

    Enabling Google Voicemail. Some have requested a way to retain Google’s voicemail system for unanswered calls in lieu of using Asterisk voicemail. The advantage is that Google offers a free transcription service for voicemail messages. To activate this, you’ll need to edit the [googlein] context in extensions_custom.conf in /etc/asterisk. Just modify the last four lines in the context so that they look like this and then restart Asterisk: amportal restart

    ;exten => s,n(regcall),Answer
    ;exten => s,n,SendDTMF(1)
    exten => s,n(regcall),Set(DIAL_OPTIONS=${DIAL_OPTIONS}aD(:1))
    exten => s,n,Goto(from-trunk,gv-incoming,1)

    But I Don’t Want to Use Google Voice. If you’d prefer not to use Google Voice at all with PBX in a Flash, that’s okay, too. Here’s how to disable it and avoid the chatter in the Asterisk CLI. Log into your server as root and edit /etc/asterisk/modules.conf. Change the first three lines in the [modules] context so that they look like this. Then restart Asterisk: amportal restart.

    autoload=yes
    noload => res_jabber.so
    noload => chan_gtalk.so

    Where To Go From Here. We’ve barely scratched the surface of what you can do with your new PBX in a Flash system. If you’re new to all of this, then your next step probably should be last week’s Incredible PBX 2.0 tutorial. It’s a 5-minute addition that installs nearly 50 Asterisk applications that will keep you entertained for the rest of the year. If you’d prefer to do it yourself, then… enjoy!

    Originally published: Monday, August 29, 2011



    Need help with Asterisk? Visit the PBX in a Flash Forum.
    Or Try the New, Free PBX in a Flash Conference Bridge.


    whos.amung.us If you’re wondering what your fellow man is reading on Nerd Vittles these days, wonder no more. Visit our new whos.amung.us statistical web site and check out what’s happening. It’s a terrific resource both for us and for you.


     

    Special Thanks to Our Generous Sponsors


    FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

    BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

    The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

    VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
     

    Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
     


    Some Recent Nerd Vittles Articles of Interest…

    1. See this Nerd Vittles article for Asterisk 1.8.6.0 install instructions. []

    Cloud Computing 101: Using Amazon’s S3 (Simple Storage Service) for Off-Site Asterisk Backups


    When we began the PBX in a Flash project, one of our key design requirements to distinguish our product from other Asterisk® aggregations was to include an automated, rock-solid reliable, backup solution that backed up not only Asterisk but your entire server in a way that could be restored painlessly without manually reinstalling the initial PBX in a Flash image. After almost a year in production, PBX in a Flash remains the only distribution with a complete backup solution. In the Orgasmatron builds of PBX in a Flash, we've gone a step further. Automated weekly backups to a flash drive are preconfigured. All it takes to get started is a $15 flash drive. Insert the stick and run the usbformat.sh script. Thereafter, a full backup is run each Sunday night, and the self-booting ISO images are conveniently placed on the flash drive for easy restoration of your entire system should the need ever arise.

    We appreciate, however, that others running Asterisk and FreePBX need backup solutions as well. And, while today's tutorial won't get you a full system backup which is comparable to what's available on PBX in a Flash systems, what it will do is provide an automated off-site backup storage solution for all of your critical FreePBX data for pennies a day. Beginning last year, FreePBX started offering a backup solution for FreePBX data as an integral part of the FreePBX web interface. The FreePBX solution lets you define a schedule for backing up your voicemail, system recordings, system configuration, CDR, and operator panel. What the restore process won't do is put Humpty back together again without first reinstalling your operating system and Asterisk environment. For those using PBX in a Flash, you've got the best of all worlds with these two backup solutions. For everyone else, the FreePBX backup alternative is certainly better than nothing. It also is a terrific tool for moving from one distribution to another (hint!) or to a new server environment. So long as the versions of FreePBX on both systems match, users have reported excellent results.

    In addition to the need to recreate your server environment from scratch, there's an additional problem with the FreePBX backup solution. It gets stored on the same drive as your Asterisk server. That works great until your hard disk dies or your house catches on fire. Backups are written to /var/lib/asterisk/backups and placed in subdirectories matching the Schedule Name you assign to the backup procedure. For reasons which will become obvious, it's a good idea to name your schedules without any spaces in the name, e.g. DailyBackup. The only thing we've really found missing in the FreePBX solution is an off-site storage option to protect you in the event of a catastrophe.

    A Picture Is Worth A Thousand Words. We recently were reminded of the importance of off-site storage when a neighbor's house caught fire in the middle of the night. Fortunately, the entire family escaped without injury. But all of the contents of the home were destroyed either by the fire or by the water used to put out the fire. After being awakened by a neighbor in the middle of the night, there was less than 5 minutes to extract mom and dad and four young children from the house before it was totally engulfed in flames. Moving computers out of harm's way most assuredly was the furthest thing from their minds. Enter: Amazon S3 aka Cloud Storage. A recent InformationWeek poll found that "storage--including archiving and disaster recovery--was cited as the service category most likely to be outsourced to the cloud, ahead even of business applications."

    If this is all news to you, here's a quick thumbnail on Amazon S3 from the Wikipedia:

    "Amazon S3 (Simple Storage Service) is an online storage web service offered by Amazon Web Services. Amazon S3 provides unlimited storage through a simple web services interface. Amazon launched S3, its first publicly-available web service, in the United States in March 2006 and in Europe in November 2007. Since its inception, Amazon has charged end users $0.15 per gigabyte-month, with additional charges for bandwidth used in sending and receiving data. As of November 1, 2008, pricing will move to tiers where end users storing more than 50 terabytes per month will receive discounted pricing. Amazon claims that S3 uses the same scalable storage infrastructure that Amazon.com uses to run its own global e-commerce network. Amazon S3 is reported to store more than 29 billion objects as of October 2008. This is up from 14 billion objects as of January 2008, and from 10 billion in October 2007. S3 uses include web hosting, image hosting, and a back-up system. S3 comes with no guarantee that customer data will not be lost."

    To give you some idea of pricing, our current FreePBX daily backups are roughly 50 megabytes in size. A new PBX in a Flash install yields a 20MB FreePBX backup. Using a cable modem connection, uploading our 50MB daily backup to Amazon S3 takes about 5 minutes and costs 2¢. Storage of a full month's worth of rotating backups would add another quarter to the monthly cost. Thus, the tab to upload and store 30 backups a month runs less than one dollar, pretty cheap insurance by any measure. And, unless you tinker with your system as much as we do, daily backups probably are overkill. The tab for weekly uploads and storage on Amazon S3 would run less than 25¢ a month assuming you remove all but the last five backups from S3 in each subsequent month. So... what are you waiting for?

    Configuring Weekly Backups with FreePBX. The first step is to set up the automated backup process in FreePBX. Using a browser, open FreePBX and choose Tools, Backup & Restore. Click Add Backup Schedule and name the schedule WeeklyBackup. Select all of the radio buttons to backup everything possible with FreePBX. For the time of the backups, leave the Follow Schedule Below option selected. Choose a time for the backup by clicking on the appropriate settings. We recommend 3:05 a.m. which means you click on 5 in the minutes column and 3 in the hours column. Finally, click the Selected option button under Weekdays and then click Wednesday. Click Submit Changes to save your settings.

    Creating an Amazon S3 Account. Before you can create backups on Amazon S3, you'll obviously need an account. Here's the link to sign up: http://www.amazon.com/s3. Once you sign up, you'll receive an email with this link to manage your new account. Log in using your Amazon username and password. Write down your Access Key ID. Next click on the button to generate a new Secret Access Key. Once it's generated, click on the link provided to display it. Write it down, too. You'll need both your Access Key and your Secret to use Amazon's S3 service.

    Installing s3cmd to Manage Your S3 Backups. There are a number of tools available to interact with Amazon S3. We've chosen s3cmd which happens to be free and uses python which is preconfigured on PBX in a Flash systems. Another great tool is JungleDisk, but it costs $20. It uses s3sync and Ruby which you'd need to install: yum install ruby. It also requires SSL certificates which complicates things a bit. For an excellent tutorial, see Chris Sherwood's writeup. Of course, time marches on, and today we can do all of the same things at no cost. So let's get started.

    To install and configure s3cmd, log into your server as root and issue the following commands:1

    cd /root
    wget http://downloads.sourceforge.net/s3tools/↩
    s3cmd-0.9.8.3.tar.gz?modtime=1217338796&big_mirror=0
    tar zxvf s3cmd*
    mv s3cmd-0.9.8.3 s3cmd
    cd s3cmd
    ./s3cmd --configure

    You'll be prompted to enter your Access Key and Secret Key to access Amazon S3. Next you'll be asked to provide an encryption password to protect your data while being transmitted to Amazon. Make up a random collection of letters and numbers. For the path to the GPG program, press Enter to choose the default: /usr/bin/gpg. Choose whether to use HTTPS to transmit your data. It's a little slower, but it's secure so we recommend choosing it. We're going to automate the backup process so you're not going to be watching the file transmission process anyway. Next, you'll be asked whether to test S3 access using the credentials you've supplied, Type y and be sure you get a success message. Otherwise, recheck your Access Key and Secret Key for typos. Finally, you'll be asked whether to save the settings. Choose Y. Your settings will be saved in /root/.s3cfg. Be sure to erase the file if you give your server to someone else!

    Using the s3cmd Command Line Interface. s3cmd is a command line tool so we'll walk you through the basics before we automate the weekly backup process. There's an excellent tutorial for s3cmd that is available here, and more S3 tools are on the way. What you really need to know about S3 file storage is that files are stored in disk volumes which S3 calls buckets. You can have up to 100 buckets. Wildcards don't work the way Linux wildcards do, and S3 is picky about the use of periods. Our recommendation: don't use them for the time being. Also be aware that bucket names are like domain names. They must be unique across the S3 cloud. So... daily-backup and weekly-backup won't work on your system because we already own those buckets. The easiest naming convention is probably to use your full name or company name for the bucket name and then create directories below there for your data. For other tips, see the S3 FAQ. Now let's run down the basic list of commands in the order you typically would use them:

    Create a New Bucket: s3cmd mb s3://weekly-backup (Unique on S3!)
    List Your Buckets: s3cmd ls
    List Bucket Contents: s3cmd ls s3://weekly-backup
    Upload a File: s3cmd put file.xyz s3://weekly-backup/file.xyz
    Download a File: s3cmd get s3://weekly-backup/file.xyz file.xyz
    Delete a File: s3cmd del s3://weekly-backup/file.xyz
    Delete a Bucket: s3cmd rb s3://weekly-backup (NOTE: Bucket must be empty!)

    Automating the Off-Site Backups to Amazon S3. We now have all the pieces we need build a weekly cron script to automate the backup process to our new Amazon S3 storage facility. So let's build the script. For purposes of this example, we will assume that you have followed our instructions above in setting up the backup process with FreePBX. We obviously need to know when new backups are made so that we can configure a cron script at the proper time to copy the backup file up to the Amazon S3 server. We also need to know the name of the FreePBX directory with the backups and will assume that it's /var/lib/asterisk/backups/WeeklyBackup. Finally we need to know the name of the bucket to be created on Amazon S3 to store the backups and we'll assume it's s3://weekly-backup as we used in the examples above.

    Step 1 is to build the script. Using your favorite editor, create a file and name it /root/s3backup.sh: nano -w /root/s3backup.sh. Here's what should go in it:2

    #!/bin/bash
    cd /var/lib/asterisk/backups/WeeklyBackup
    thisbackup=`find *.gz -mtime -1 | tail -n 1`
    /root/s3cmd/s3cmd put ↩
    /var/lib/asterisk/backups/WeeklyBackup/$thisbackup ↩
    s3://weekly-backup/$thisbackup

    Save the file: Ctrl-X, Y, then Enter and make the script executable: chmod +x s3backup.sh. Note that, for this script to actually work, you must run it on the same day AND after FreePBX has first generated a backup.

    Step 2 is to create a cron job that will execute the above script shortly after 3:05 a.m. on Wednesday morning making sure we leave enough time for FreePBX to complete the backup task. To be safe, we'll set it up for 4 a.m. every Wednesday. Edit /etc/crontab and add an entry at the bottom of the file that looks like the following:

    0 4 * * 3 root /root/s3backup.sh > /dev/null

    If you just wanted a basic backup system using Amazon S3, congratulations! You've graduated. But there's so much more if you don't mind getting your hands a little dirty.


    We're Getting Close. Before we tackle the techie stuff, let us pause for a moment and provide a progress report on the VPN in a Flash project. Thanks primarily to Tom King, we've made enormous progress in the last couple weeks. And, again, the accompanying picture says it better than words. We're also nearing completion of the documentation. The idea behind this project was to provide a mobile and transportable, full-featured VoIP PBX for under $500. For those with satellite offices or remote construction sites or branch offices, the Acer Aspire One is ideal. But it also can serve as a secure traveling companion for those that are often on the road. And, of course, it's an almost perfect fit for a home, a home office, a vacation home, or any hotel room with WiFi. Not only does it have an incredibly small footprint, but it also has computing power to spare with the new Intel Atom motherboard, a gig of RAM, and a 120GB hard disk. Yes, it's got wired AND wireless covered seamlessly, and it offers the Orgasmatron II build including fax capability plus the Hamachi VPN for secure connections within your own private network of servers and PCs. And our custom build offers the very latest KDE GUI with the brand-new Fedora 10 and performance to spare. The 1024x600 screen resolution you've simply got to see to believe. This photo doesn't do it justice. Plus we've added the Zoiper softphone which works nicely with the integrated microphone and speaker to let you place secure calls back through your home office PBX or directly through the fully-functional Asterisk 1.4 PBX which runs silently in the background with the new FreePBX 2.5 web interface. We hope to begin taking orders on or before the first anniversary of PBX in a Flash, November 14. For more details, click here or check out our forum posting. We now return you to your regularly scheduled program...


    Using Fuse, s3fs, and Rsync with Amazon S3. At the outset, we want to express our special thanks to John Eberly for his article laying the foundation for much of what follows. The S3 technology has advanced dramatically since it first was introduced. So much so that you now can mount an Amazon S3 bucket as a local device on your server and use it like any other mounted device. This means you can use standard Linux tools to copy, list, delete, and move files. And you can use the built-in intelligence of tools such as rsync to actually keep directories in sync without recopying data that already exists in both locations and without manually deleting data which already has been removed from the source directory. For long time readers of Nerd Vittles, you know that rsync is one of our favorite Asterisk tools. It works flawlessly!

    Unfortunately, with CentOS 5, the Linux Fuse file system installation process is a bit quirky, but here we go anyway. First, you'll need the Dag Wieers YUM repository to install some of these applications. The easiest way to activate the repository is to just execute the following commands while logged into your server as root. When we're finished with the repository, we'll delete /etc/yum.repos.d/dag.repo so that you don't accidentally use it unintentionally for other yum updates down the road:

    cd /root
    wget http://nerd.bz/q77p30
    rpm -ivh fuse-devel*
    wget http://downloads.sourceforge.net/fuse/fuse-2.7.4.tar.gz?↩
    modtime=1217019944&big_mirror=0
    tar zxvf fuse-2.7*
    cd fuse-2.7.4
    ./configure
    make
    make install
    cd ..

    If you're a Linux whiz kid, you're probably scratching your head wondering why we would install an RPM version of fuse and then turn around and install it again by compiling it from source. The short answer is "hell if I know." The longer answer is that fuse won't work unless you do it this way. Sorry. If you really are a whiz kid, you can educate all of us as to why this is necessary by posting a comment.

    Now that the Linux fuse file system is installed, we need one more application. It's the glue between Linux fuse and Amazon S3: s3fs. So let's download, compile, and install the s3 file system application:

    cd /root
    wget http://s3fs.googlecode.com/files/s3fs-r177-source.tar.gz
    tar zxvf s3fs*
    cd s3fs
    make -f Makefile
    mkdir /mnt/s3fs
    cp s3fs /usr/bin/.
    cd ..

    Finally, to simplify mounting of your S3 file system, we need to store your Access Key and Secret Key in a config file just as was done with s3cmd above. So create a new file named /etc/passwd-s3fs and add your AccessKey:SecretKey in the file, e.g. 12345:67890


    Mount S3 bucket (the unique one): s3fs weekly-backup /mnt/s3fs

    Check available storage space: df -h /mnt/s3fs

    Synch Backup directory with S3: rsync -avz --delete ↩
    /var/lib/asterisk/backups/WeeklyBackup /mnt/s3fs

    Dismount your S3 bucket: umount /mnt/s3fs

    For the steps to integrate this directly into FreePBX to assure that your backups are automatically saved to S3, see Comment #1 below.


    Hosting Provider Mega Deal. Just an FYI that the Nerd Vittles hosting provider, BlueHost, has raised the bar again on hosting services. For $6.95 a month, you can host unlimited domains with unlimited web hosting disk storage and unlimited monthly bandwidth. Free domain registration is included for as long as you have an account. It really doesn't get any better than that. And their hosting services are flawless! Just use our link. You get a terrific hosting service, and we get a little lunch money.


     

    Special Thanks to Our Generous Sponsors


    FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

    BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

    The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

    VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
     

    Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
     


    Some Recent Nerd Vittles Articles of Interest...

    1. Where you see ↩ means that you should join the text on the following line to the original line as a single line of text (usually with no intervening space). []
    2. In the following code, the ↩ character means to join the three lines of text into a single line with a single space between the code on each line. The difference in the two examples is you don't usually have spaces in http: requests while commands issued on the command line obviously have spaces between different parts of command. []

    ISP-In-A-Box: Hosting Multiple Web Sites And Domains On Your Mac

    Once you get a web site up and running on your Mac mini (or any other Mac running Mac OS X Panther or Tiger), you’ll probably get hooked and want to add additional web sites or domains. So today we’re going to give you a template that can be used to add additional sites to your heart’s content. In a previous article, we covered one approach to hosting multiple domains. In that scenario, we built separate web sites in the Sites folder for various user accounts on your Mac. Then using Omnis.com‘s DNS tools, we pointed different domains or subdomains to the appropriate web sites on your Mac using a Proxy (aka mod_proxy) record for the domain that looked like this (substituting your own IP address, of course):

  • Namewww
  • TypePROXY
  • Contenthttp://111.111.111.111/~johnny
  • That solution works; however, it forces you to log in as different users to manage the different web sites. Today’s approach assumes you want to manage multiple web sites from a single account on your Mac using the traditional web site folder heirarchy located at /Library/WebServer/Documents. Our site design for multiple web sites and multiple domains goes like this. We’ll create a websites folder below the /Library/WebServer/Documents folder. Then, for each new web site or domain, we’ll create a subfolder below the websites folder. We’ll leave the websites folder empty and adjust Apache to bar direct access to the contents of that folder. Then we’ll assign a TCP port for the new site and add the necessary code to support the new domain to the Apache config file, httpd.conf. Finally, we’ll point our domains to your Mac’s IP address using the proxy service of a domain registrar, restart Apache, and presto, you’ll be hosting multiple web sites from your Mac mini ISP-In-A-Box. One advantage of this design is that you still can remotely manage all of your web sites using a WebDAV client on almost any computer. We covered all of that here last week. We’re assuming you already have built your first web site using our Apache tutorials. If not, start here. Then go here and here. Then you’ll be ready to continue on with this tutorial. As with most of our articles, a degree in Rocket Science isn’t required, but you do have to use the Pico editor to make a few customizations to the Apache configuration files. For the Internet wizards reading this, you’re probably saying there’s an easier way to set up multiple web sites with Apache. Yes, there is. It just doesn’t seem to work in the Mac environment. If anyone comes up with a simpler method that works, do us all a favor and put it in a comment.

    Creating the First Web Site. Let’s begin by creating the folder that will house all of our new web sites. Open a Terminal window and switch to root access with your admin password: sudo su. Now move to the main web site folder: cd /Library/WebServer/Documents. Create the new websites folder: mkdir websites. Move to the websites folder: cd websites. Now create a directory to house our first new web site: mkdir mysite. For additional web sites, you’ll simply create additional folders below the websites folder as we just did.

    Modifying Apache to Support New Web Sites. Because of Apple’s configuration design, we’re going to configure our new web sites to use TCP ports in the eighties beginning with 81 rather than the default HTTP port, port 80. Remember not to use 82. We used that for our WebDAV server. So we’ll need to first edit httpd.conf in the /etc/httpd folder. Open a Terminal window and switch to root access: sudo su. Move to the Apache config directory: cd /etc/httpd. Make a duplicate of the httpd.conf file just in case something goes wrong: cp httpd.conf httpd.sav. Now carefully edit the Apache config file: pico httpd.conf. Switch back to your web browser and Ctrl-Click on the access.txt code snippet here and open it in a new tab or window in your web browser. Press Command-A then Command-C to copy the code snippet to your clipboard. Now switch back to your Terminal window and move to the bottom of the httpd.conf file by repeatedly pressing Ctrl-V. Copy the clipboard contents there by pressing Command-V.

    Now let’s look at what we pasted. The first three lines tell Apache not to display a directory listing of the websites folder if someone accesses your web site by typing: http://yourwebsite.com/websites/. The Listen 81 line tells Apache to listen on this TCP port as well as port 80. The VirtualHost _default_:81 line identifies the port which will be used to access this web site. The DocumentRoot and Directory lines tell Apache where the data for this web site is stored on your server: /Library/WebServer/Documents/websites/mysite. The allow from all line gives everyone access to this web site. And Options +Indexes tells Apache to display a directory listing of this folder if there is no index.html or index.php startup file in the folder. If you want to hide the directory if there is no startup file, change the plus sign to a minus sign.

    Now that you understand what the various lines in the config file do, let’s save the changes to httpd.conf: Ctrl-X,Y,enter. Now restart the Apache web server: apachectl restart.

    Firewall Adjustments. Remember to add a new port authorization in your Mac firewall to support port 81. Go to SystemPreferences->Sharing->Firewall and click the New button. Choose Other for the PortName, specify the desired TCP port number (81), and name the service HTTP81 so you can remember what it does. Click OK to save your update. Also make the necessary adjustment to your hardware based firewall to authorize the new port and point it to the internal IP address of your Mac. If your hardware firewall uses port 81 for remote access, be sure to change it to another port.

    Domain Registrar Adjustments. Finally, access your domain registrar’s web site (as previously noted, we recommend Omnis.com which supports proxy DNS entries) and, using the registrar’s DNS tools, add a proxy record to point your domain to the IP address and port 81 of your Mac web server: http://111.111.111.111:81 using your own IP address. You usually have to make two proxy record entries, one for @ and one for www if you want your web site accessible as either www.yourwebsite.com or yourwebsite.com. If you don’t know the IP address of your Mac web server, just access our IP site identifier using a web browser on your Mac web server, and it will tell you.

    Adding Additional Web Sites or Domains. When you’re ready to add additonal web sites or domains to your web server, just follow these simple steps. Add a new folder in the /Library/WebServer/Documents/websites folder. Add an additional Listen and VirtualHost block to your access.conf config file for each domain address which will be used to access the new web site. Be sure to change the access port to port 83 or higher and the web site directory location in every line that you added. Remember to use a different TCP port for each new domain you add. Restart your Apache web server. Make the necessary additions to your Mac and hardware-based firewalls to support the new port. Then add the proxy DNS entry for your new domain using your domain registrar’s proxy DNS tools. For a sample of what we just did using the mysite.webify.us subdomain, click here. Yes, we eat our own dog food.

    ISP-In-A-Box: Remotely Managing Mac Web Sites Using WebDAV

    Got DAV?If you’re using a Mac mini or any other Mac running OS X Tiger or Panther to host your web site, then you’ve probably wondered how you can update the content on your web site without sitting in front of your Mac. Today we’ll show you how to build and use your Mac’s WebDAV server to remotely manage your web site from just about anywhere. And you can use just about any computer to do it, even one of those Win thingies. All we need to do is tweak the Apache software that’s already installed with Mac OS X Tiger or Panther. When we are finished, we want a web site on your Mac that can be accessed by anyone using a garden-variety web browser without requiring a password. But we also want to be able to update the content of that web site by connecting over the Internet to the appropriate folder on the Mac using WebDAV with a username and password to keep the bad guys out. If you haven’t already read our previous article on how to use WebDAV clients and Web Folders, then start there to learn all about how to connect to a WebDAV server from another Mac, or a Windows PC, or even a Linux or UNIX computer.

    As you probably know, WebDAV stands for Web-based Distributed Authoring and Versioning. Simply put, it is an HTTP protocol extension that allows people anywhere on the Internet to collaboratively edit and manage documents and other files using the same protocol and port used for surfing the web. In the Mac world, WebDAV provides a Disk Volume on your Desktop that "looks and feels" like any other networked hard disk. In the Windows world, WebDAV is called Web Folders. They can be used like any other mapped drive in Network Neighborhood. If you’re still a little fuzzy about the WebDAV concept, think of how you link to another drive on your local area network. WebDAV gives you the same functionality across the entire Internet with virtually the same ease of use. Depending upon user privileges, of course, you can copy files to and from a WebDAV volume, and the protocol imposes versioning control through file locking to assure that multiple people with access rights don’t change the same file at the same time. Tiger and Panther versions of Mac OS X provide both a WebDAV client and server. So let’s get started.

    In a nutshell, the WebDAV server setup goes like this. We’ll assume that your main web site was built in the default location on your Mac: /Library/WebServer/Documents. First, we’ll change the group owner of this folder so that we can get read and write access to it using WebDAV. Then we’ll set up a username and password system to support WebDAV access for you and whoever else you provide usernames and passwords to. Next we’ll activate the WebDAV mods in Apache which already are installed on your Mac. We’ll then reconfigure Apache a bit to support WebDAV access and formatting. And finally we’ll restart your web server and presto, WebDAV.

    You don’t need to be a Rocket Scientist to do this, but you do have to get your hands dirty with our favorite command-line editor, Pico. For those that care about such things, Tiger actually replaces Pico with Nano, but you still can access it by typing Pico … and it works the same way. If you’ve followed other Nerd Vittles tutorials, then this one will be a breeze. Just be sure you edit carefully and, if something does go wrong, copy your backup Apache config file back over the edited one and try again. Apache errors don’t get reported in System Preferences->Sharing when you activate your personal web server. If you have problems and want to see what’s going on, activate and then run WebMin (which we previously covered on Nerd Vittles and upgraded here a few weeks ago for Tiger). Using your browser, access WebMin and choose Servers->Apache Webserver. Then start and stop the web server from there. Errors will be reported with the line number in the config file that’s causing the problem. Ctrl-C in Pico will tell you what line number you’re on in the config file. If this sounds like I’ve had recent experience, you’d be correct. That’s part of the price you pay for being a pioneer.

    Changing Group Owner of Your Web Site. Open a Terminal window, and switch to root access: sudo su. Then navigate to the following folder: cd /Library/WebServer. Change the Documents folder to the Apache group: chgrp -R www Documents. Provide write access to authorized users who connect to this WebDAV folder: chmod 775 Documents.

    Security Warning: Be aware that we are opening a security hole in your web site by giving Apache write (and delete) access to your main web folder and any subdirectories. We’ve had two levels of protection for your web site: Mac OS X and Apache. Now we just have one: Apache. So you would not want to put up any type of web page, CGI script, or PHP code which allows someone using a web browser to manipulate, delete, rename, or copy files into or on your web site because of the very real risk of compromising your web site files. In short, the only things now standing between your web site and the bad guys are your web pages and Apache’s internal security mechanisms. While Apache has a rock-solid track record insofar as bugs and security are concerned, there’s still always a risk. And we wanted you know about it up front. Did we mention the importance of frequent backups? Here’s an article that will tell you how to do that as well. If you ever decide you want to stop using WebDAV, here’s how to provide the double-layer of security protection once again. Open a Terminal window, and switch to root access: sudo su. Then navigate to the following folder: cd /Library/WebServer. Change the Documents folder back to the admin group: chgrp -R admin Documents. Even with the admin group enabled for Documents, you still can access your web sites with WebDAV. You just won’t be able to upload new documents or delete existing ones.

    Building a Password File. We already built a password file in the Web Sites 101 tutorial on Nerd Vittles. We used that password file to manage web site access to various web directories. You probably don’t want to use the same password file for this WebDAV application unless you are building this for same set of users with the same privileges. The only trick to password files is you want to put the file where Apache can read it but your web visitors cannot. And you want to be careful not to insert blank lines in the file with just a colon. That basically lets everyone in. The format for the file is username:password, each on a separate line. And the passwords are encrypted. Here’s how to do it. Open a Terminal window and switch to root access: sudo su. Now move to the directory where we’ll put the password file: cd /usr/local. We’re going to name this password file website.pw so we can remember what it’s for. To create the file and erase any existing file without warning type: htpasswd -c website.pw admin. Think up a password you can remember, and you’ll be prompted to type it twice. Now let’s verify that the file was created: cat website.pw. You should see the word admin, then a colon, and then your encrypted password. To add additional users to the file, just type: htpasswd -m website.pw username where username is your next user. You’ll be prompted for the password. Remember, if you accidentally use the htpasswd -c syntax a second time, you will overwrite your existing file and all of its entries. So be careful. Finally, remember to make duplicate entries using email syntax for the username to assure that Windows clients can access your DAV resources: htpasswd -m website.pw joe@schmo.com.

    Reconfiguring Apache to Support WebDAV. Open a Terminal window, and switch to root access: sudo su. Then navigate to the folder with Apache’s configuration file: cd /etc/httpd. First, let’s make a backup copy of the config file in case something goes wrong: cp httpd.conf httpd.conf.dav.save. Now let’s carefully edit the config file: pico httpd.conf. If you previously built the WebDAV server backup application which we covered on Tiger Vittles, then skip to the next paragraph. Otherwise, uncomment the headers_module line by searching for headers (Ctrl-W, headers, enter) and then pressing Ctrl-D while positioned over the # sign at the beginning of the line. Now search for mod_headers (Ctrl-W, mod_headers, enter) and uncomment that line (Ctrl-D while positioned over beginning # sign). Now search for dav_module (Ctrl-W, dav_module, enter) and uncomment the line (Ctrl-D while positioned over beginning # sign). Now search for mod_dav (Ctrl-W, mod_dav, enter) and uncomment the line (Ctrl-D while positioned over beginning # sign). Now press Ctrl-V repeatedly until you get to the bottom of the file. Switch to your web browser and download WebDAV snippet #1. When the code snippet displays in your web browser, press Command-A then Command-C to copy all of the code to your clipboard. Now switch back to Pico, click at the bottom of the config file, and paste code snippet #1 into the config file by pressing Command-V. Use the cursor keys to move to the BrowserMatch section of the code we just pasted and be sure "redirect-carefully" didn’t end up on a line by itself. If it did, position the cursor over the first letter "r" and press the backspace key to move it back up to the end of the previous line of code. Don’t worry if a dollar sign displays at the end of the line after you move it. This just indicates that additional text is off the screen.

    We’ve got one more code snippet to cut and paste, and we’ll be all set. We want to search for the second occurrence of /Directory in the Apache config file: Ctrl-W,/Directory,enter,Ctrl-W,enter. Move the cursor to the beginning of the line and press Enter to open up a blank line. Now move up to the blank line by pressing the Up Arrow. Switch to your web browser and download WebDAV snippet #2. When the code snippet displays in your web browser, press Command-A then Command-C to copy all of the code to your clipboard. Now switch back to Pico, click on the blank line we inserted, and paste code snippet #2 into the config file by pressing Command-V.

    That should do it. Save your Apache config file: Ctrl-X, Y, enter. And restart Apache by deselecting and then reselecting Personal Web Sharing from System Preferences->Sharing. Close the Terminal window by typing exit, pressing enter, and then pressing Command-Q.

    Testing Your WebDAV Server. To test whether WebDAV is working, switch to your Desktop and, using Finder, press Command-K. When prompted for the server address, type http://localhost and then click the Connect button. Enter your username and password that you created in the website.pw password file, and your main web site folder should appear on your Desktop. Drag a file from your Desktop to the folder to be sure everything is working as it should. If you’ve enabled web access through your Mac and router firewalls (which we have previously covered here), then you should be able to access your WebDAV server from the Internet with your IP address or domain name. Just press Command-K from Finder and use the following syntax for your WebDAV resource: http://mydomain.com. For more details on using WebDAV clients or to use a Windows machine to access your WebDAV share, read our previous article on the subject here. Now you can enjoy remotely managing your web sites with WebDAV. So put on your travelling shoes!


    Some Recent Nerd Vittles Articles of Interest…

    ISP-In-A-Box: The $500 Mac mini (WebDAV and Web Folders 101)

    Microsoft deserves a lot of credit for popularizing the idea of Web Folders, but the open source movement gets the accolades for making WebDAV work reliably across all the computing platforms. If you didn't already know, WebDAV stands for Web-based Distributed Authoring and Versioning. Simply put, it is an HTTP protocol extension that allows people anywhere on the Internet to collaboratively edit and manage documents and other files using the same protocol and port used for surfing the web. In the Mac world, WebDAV provides a Disk Volume on your Desktop that "looks and feels" like any other networked hard disk. In the Windows world, WebDAV provides a Web Folder which can be used like any other mapped drive in Network Neighborhood. If you're still a little fuzzy about the WebDAV concept, think of how you link to another drive on your local area network. WebDAV gives you the same functionality across the entire Internet with virtually the same ease of use. Depending upon user privileges, of course, you can copy files to and from a WebDAV volume, and the protocol imposes versioning control through file locking to assure that multiple people don't change the same file at the same time. Panther and Tiger versions of Mac OS X provide both a WebDAV client and server, and today we'll walk you through configuring and using both the client and the server on your Mac. Because of the number of folks that also use Windows machines at the office, we'll also briefly touch upon how to access your Mac WebDAV resources and set up a Web Folder from a Windows XP machine.

    HOW-TO Use the WebDAV Client on the Mac. We're going to start by walking through the set up process for connecting to a WebDAV server resource anywhere on the Internet. To connect to a WebDAV resource from a Mac, press Command-K from Finder. Then enter a Server Address in the following format: http://192.168.0.103/dav/. This tells Finder to use the HTTP protocol to establish a link to an IP address and folder that you designate. You also can use a fully-qualified domain name in lieu of an IP address. Typically, you'll be prompted for a username and password, and then a new volume will appear on your Desktop which can be used just like your local hard disk. When you finish using the resource, CTRL-Click on the volume and Eject it. It's that simple.

    HOW-TO Use Web Folders on a Windows PC. The Windows process is a bit different as you might expect, but the results are the same. Once connected, you'll have a mapped drive that can be used just like any other network drive. The simplest way is to map a drive (see inset). To access Web Folders and save your settings, we're going to use the Add Network Place Wizard. You can access it in several ways. Either Right-Click on Network Neighborhood and choose Map Drive. Or from My Network Places, choose Add a network place. Or from Windows Explorer, choose Tools->Map Network Drive. Now click "Sign up for online storage or connect to a network server" at the bottom of the window.

    When the Add Network Place Wizard appears, you'll be prompted for where to create the network place. Select "Choose another network location" and click Next. For the Internet address, use the same syntax as on the Mac: http://192.168.0.103/dav/ and click Next. Give your network place a name and click Next then Finish. Your new Web Folder will now appear in My Network Places. Just click on it to connect. Here's the gotcha with WebDAV on the Windows platform. If you access a Web Folder by IP address, when you're prompted for a username and password to log in, the username must be in email format: john@doe.org. Another "Better Idea" from our friends at Micro$oft. So when you create usernames on your Mac, keep this in mind if you want Windows users to be able to access the resources reliably. It doesn't matter what the email username or domain is, but it has to be in email format. When you finish using a web folder, be sure to disconnect. Open Windows Explorer, choose Tools->Disconnect Network Drive, and select the Web Folder you wish to disconnect.

    Connecting to a WebDAV Resource. We've temporarily set up a sample WebDAV server on one of our Tiger-enhanced Macs so that you can experiment with WebDAV access from your favorite Mac, Linux, or Windows machine. For reasons which should be obvious, we've disabled writing to our WebDAV server only because we didn't want our hard disk filled up by some anonymous bozo in the middle of the night. We're also going to provide a single username and password for everyone to use. It should be stressed that neither of these scenarios is typical. First, the usual purpose of a WebDAV server is to facilitate collaboration which means all authorized users should be able to read and write to the volume. Second, you usually don't provide access to a WebDAV server for anonymous users. That's what web sites are for. But this is Wiki World, and we wanted to show you how these things are put together before you roll your own. So bear with the constraints recognizing that, when you set up your own WebDAV server, it will be much more robust.

    To access the system, follow one of the client access methods outlined above. The web address using Windows is http://webify.us. For Macs, use http://dav.webify.us:82. When prompted for a username and password, use bozo for the username and forlife as the password. If you have problems with the username on a Windows PC, use bozo@webify.us. Don't forget to disconnect when you are finished playing. NOTE: This system (only) will be down for a move to its new permanent location from Thursday afternoon, May 26 until Saturday morning, May 28. Our apologies.

    That about covers using a WebDAV client. For step-by-step instructions on creating your own WebDAV server on your Mac, here's a reprint of the article from our former Tiger Vittles site.

    ISP-In-A-Box: Building a WebDAV Server for Remote Access

    Ever wished you had several gigs of off-site disk storage so you could safely back up all your most important data and use it for remote access or collaboration. One option, of course, is a .Mac account which gives you 125MB of iDisk storage space and other goodies for $99 a year. You can increase your iDisk to a gigabyte for an additional $49.95 a year, a bargain compared to some commercial sites. Here’s another approach that’ll save you hundreds of dollars a year. Find a friend with a Mac and an Internet connection and swap several gigs of storage space on your friend’s Mac for several gigs of storage space on yours. Then follow along here, and we’ll show both of you how to build and use WebDAV servers to do exactly what the commercial firms are doing. And you can use the Apache software that’s already installed with Mac OS X Tiger.

    As you now know, WebDAV stands for Web-based Distributed Authoring and Versioning. Simply put, it is an HTTP protocol extension that allows people anywhere on the Internet to collaboratively edit and manage documents and other files using the same protocol and port used for surfing the web. In the Mac world, WebDAV provides a Disk Volume on your Desktop that “looks and feels” like any other networked hard disk. In the Windows world, WebDAV is called Web Folders. They can be used like any other mapped drive in Network Neighborhood. If you’re still a little fuzzy about the WebDAV concept, think of how you link to another drive on your local area network. WebDAV gives you the same functionality across the entire Internet with virtually the same ease of use. Depending upon user privileges, of course, you can copy files to and from a WebDAV volume, and the protocol imposes versioning control through file locking to assure that multiple people don’t change the same file at the same time. Panther and Tiger versions of Mac OS X provide both a WebDAV client and server. Nerd Vittles walked you through configuring and using the WebDAV clients. So let’s tackle the WebDAV server setup now. This works with Tiger or Panther by the way.

    In a nutshell, the WebDAV server setup goes like this. We’ll create a new subdirectory in the web server’s storage folder which we’ll use for WebDAV read and write access. Then we’ll set up a username and password system to support WebDAV access. Next we’ll activate the WebDAV mods in Apache which already are installed on your Mac. We’ll then reconfigure Apache a bit to support WebDAV formatting. And finally we’ll restart our web server and presto, WebDAV. You don’t need to be a Rocket Scientist to do this, but you do have to get your hands dirty with a command-line editor, Pico. If you’ve followed other Nerd Vittles tutorials, then this one will be a breeze. Just be sure you edit carefully and, if something does go wrong, copy your backup Apache config file back over the edited one and try again. Apache errors don’t get reported in System Preferences->Sharing when you activate your personal web server. If you have problems and want to see what’s going on, activate and then run WebMin (which we previously covered at Nerd Vittles and upgraded here last week for Tiger). Using your browser, access WebMin and choose Servers->Apache Webserver. Then start and stop the web server from there. Errors will be reported with the line number in the config file that’s causing the problem. Ctrl-C in Pico will tell you what line number you’re on in the config file. If this sounds like I’ve had recent experience, you’d be correct. But you won’t have to pull your hair out. I’ve already done that with mine.

    Creating a WebDAV Folder.
    Open a Terminal window, and switch to root access: sudo su. Then navigate to the root of your web server folders: cd /Library/WebServer/Documents. Create a new WebDAV folder: mkdir dav. Change the permissions of the folder’s group to match the Apache group: chgrp -R www dav. If you want to provide write access to users who connect to your WebDAV folder, then change the permissions to allow it: chmod 775 dav.

    Building a Password File. We already built a password file in the Web Sites 101 tutorial on Nerd Vittles. We used that password file to manage web site access to various web directories. You probably don’t want to use the same password file for WebDAV unless you are building this just for yourself. The only trick to password files is you want to put the file where Apache can read it but your web visitors cannot. And you want to be careful not to insert blank lines in the file with just a colon. That basically lets everyone in. The format for the file is username:password, each on a separate line. And the passwords are encrypted. Here’s how to do it.

    Open a Terminal window and switch to root access: sudo su. Now move to the directory where we’ll put the password file: cd /usr/local. We’re going to name this password file dav.pw so we can remember what it’s for. To create the file and erase any existing file without warning type: htpasswd -c dav.pw admin. Think up a password you can remember, and you’ll be prompted to type it twice. Now let’s verify that the file was created: cat dav.pw. You should see the word admin, then a colon, and then your encrypted password. To add additional users to the file, just type: htpasswd -m dav.pw username where username is your next user. You’ll be prompted for the password. Remember, if you accidentally use the htpasswd -c syntax a second time, you will overwrite your existing file and all of its entries. So be careful. Finally, remember to make duplicate entries using full email syntax for the username to assure that Windows users can access your DAV resources: htpasswd -m dav.pw joe@schmo.com.

    Reconfiguring Apache to Support WebDAV.
    Open a Terminal window, and switch to root access: sudo su. Then navigate to the folder with Apache’s configuration file: cd /etc/httpd. First, let’s make a backup copy of the config file in case something goes wrong: cp httpd.conf httpd.conf.dav.save. Now let’s carefully edit the config file: pico httpd.conf. Uncomment the headers_module line by searching for headers (Ctrl-W, headers, enter) and then pressing Ctrl-D while positioned over the # sign at the beginning of the line. Now search for mod_headers (Ctrl-W, mod_headers, enter) and uncomment that line (Ctrl-D while positioned over beginning # sign). Now search for dav_module (Ctrl-W, dav_module, enter) and uncomment the line (Ctrl-D while positioned over beginning # sign). Now search for mod_dav (Ctrl-W, mod_dav, enter) and uncomment the line (Ctrl-D while positioned over beginning # sign). Now press Ctrl-V repeatedly until you get to the bottom of the file. Switch to your web browser and download this WebDav snippet. When the code snippet displays in your web browser, press Command-A then Command-C to copy all of the code to your clipboard. Then switch back to Pico, click at the bottom of the config file, and paste the code snippet into the config file by pressing Command-V. Use the down arrow to move to the BrowserMatch section of the code we just pasted and be sure “redirect-carefully” didn’t end up on a line by itself. If it did, position the cursor over the first letter “r” and press the backspace key to move it back up to the end of the previous line of code. Don’t worry if a dollar sign displays at the end of the line after you move it. This just indicates that additional text is off the screen… the price we pay for using a free editor. Now we should be all set. Save the config file: Ctrl-X, Y, enter. And restart Apache by deselecting and then reselecting Personal Web Sharing from System Preferences->Sharing. Close the Terminal window by typing exit, pressing enter, and then pressing Command-Q.

    Testing Your WebDAV Server. To test whether WebDAV is working, switch to your Desktop and, using Finder, press Command-K. When prompted for the server address, type http://localhost/dav and then click the Connect button. Enter your username and password that you created in the dav.pw password file, and a blank dav folder should appear on your Desktop. Drag a file from your Desktop to the folder to be sure everything is working as it should. If you’ve enabled web access through your Mac and router firewalls (which we have previously covered here), then you should be able to access your WebDAV folder from the Internet with your IP address or domain name using the syntax: http://mydomain.com/dav. Enjoy your new WebDAV server. Now all you need is a friend to share it with.