Thursday, August 15, 2024

Setup a ProxMox Instance with NextCloud


 
Introduction

This article describes the steps I took to set up a ProxMox instance and then installed NextCloudPi in a container.

About ProxMox

From the ProxMox website: “Proxmox Virtual Environment is a complete open-source platform for enterprise virtualization. With the built-in web interface you can easily manage VMs and containers, software-defined storage and networking, high-availability clustering, and multiple out-of-the-box tools using a single solution.”

About NextCloud

NextCloud is an open source cloud software. You can install NextCloud on your own computer and have your own private cloud instance, and keep your (private) data in your control, visible only to you, and to those whom you authorize to access it.

Installation

  • Download ProxMox iso
  • Flash the iso into a USB drive as a bootable drive
    • I used EaseUS but it failed to install on the old Asus laptop with an error that it could not find the iso image
    • I re-flashed using Balena Etcher, and then the installation was successful
  • Plug the USB into the old Asus laptop
  • Turn the laptop on, and press the key to get to the sartup options
  • Select to boot from the USB
  • Go through the installation process
  • After installation, it showed the URL to use for accessing the ProxMox admin panel
  • Go to that URL by using an internet browser (Chrome, FireFox, etc) from another computer on the local network
  • Enter the login and password to get to the ProxMox control panel

Run the post-install helper script

ProxMox VE Helper Scripts is a crucial repository of helper scripts for ProxMox. For a community edition (no subscription) homelab instance, it is best to run the Post Install helper script. It disabled the nagging message urging you to subscribe, and makes a number of other helpful adjustments.

Note: It can be dangerous to run a script from the internet. You might want to inspect the script before running it, and run them at your own risk. I did not write these scripts, and I do not accept any responsibility for what the scripts do.

  • Open: ProxMox VE Helper Scripts
  • Expand Proxmox VE Tools and click on Proxmox VE Post Install

    • Copy the command and paste as text into the ProxMox shell window and wait for it to finish (answering “yes” (y) to all options presented during the process):
      bash -c "$(wget -qLO - https://github.com/tteck/Proxmox/raw/main/misc/post-pve-install.sh)"

Install NextCloudPi

The next step is to install NextCloud. Fortunately, the helper scripts contain a script that automates the tasks for installing and configuring NextCloud. It is called NextCloudPi. It also provides a managemnt page to manage the NextCloud instance.
  • On the ProxMox VE helper Scripts page from above, type NextCloud in the search box

  • Copy the command and paste as text into the ProxMox shell window and wait for it to finish (you may have to press yes to all the prompts):

    bash -c "$(wget -qLO - https://github.com/tteck/Proxmox/raw/main/ct/nextcloudpi.sh)"
  • Visit the URL for NextCloudPi to manage the NextCloud instance.
  • Visit the NextCloud page and login as the admin username ncp and create user accounts for your users, including yourself.

Miscellaneous Setup

I have also set up some other things, which I might describe in another article:
  • Set up reverse proxy (via CloudFlare) so that I can access Nextcloud via the internet from anywhere
    • Add firewall rules using FirewallD to allow the above reverse proxy to work
  • Set up NextCloud and the NAS to backup NextCloud onto the NAS on a schedule
  • Upgrade the ProxMox hard drive to a bigger hard drive and give more disk space to NextCloud

Tuesday, April 2, 2024

Login to non-domain computer from a domain member computer

The Problem:

On Microsoft Windows 11 (maybe older windows too), that is a member of a domain, when using the Remote Desktop Client to login to a remote computer that is not a member of a domain, it keeps asking for the remote password. Either that, or it asks for the Windows Hello login (PIN), and then asks for the password, every time you connect, even if you check the checkbox to remember (i.e. save) the login credentials.

The Solution:

I found a nice way to get around the "problem" described above, by using the CmdKey command-line tool. The solution is to use the CmdKey command-line tool to add a "generic" login credential, replacing the "domain" login credential. After doing that, Remote Desktop Client starts to automatically log me into the remote computer, without going into a loop, asking for the password, or asking me to type the PIN and then the login/password every time I connect.

Here are the steps to replace the "domain" login credentials with the "generic" login credentials:

1. List all saved remote desktop credentials:

> cmdkey /list:TERMSRV/*

2. Delete credential for the target server <targetname>:

> cmdkey /delete:TERMSRV/<targetname>

3. Set generic credentials for the target server <targetname>:

> cmdkey /generic:TERMSRV/<targetname> /user:<username> /pass:<password>

4. List all saved remote desktop credentials to verify the above changes:

> cmdkey /list:TERMSRV/*

Now, start Remote Desktop Client and connect to the target computer, and surprise! It connects and logs you in automatically.

Ref: Windows 11 22H2 - Can't use saved credential (see the answer by informatik01 dated Feb 19, 2023, 10:49 AM)

Saturday, November 18, 2023

Convert Redmine to Run in a Docker Container - Part II

Introduction

In Part I of this article, we covered backing up and preparing the system for upgrading Redmine and converting it to run in a Docker container. In this article, we shall delve into the actual upgrade and conversion process.

OS Upgrade or Fresh Install

Upgrading the OS

$ sudo apt update

$ sudo apt upgrade -y

$ sudo apt dist-upgrade

$ sudo apt autoremove

$ sudo apt install update-manager-core

$ sudo do-release-upgrade

 

  • Press "y" to confirm
  • After summary display, press "y" to agree to upgrade
  • After upgrade is complete, do restart the system and press "y" and "Enter"

After re-boot, Check release version:

$ lsb_release -a

If you need to do another LTS upgrade, do this again:

$ sudo do-release-upgrade

  • Press "y" to confirm
  • After summary display, press "y" to agree to upgrade
  • After upgrade is complete, do restart the system and press "y" and "Enter"

After re-boot, Check release version:

$ lsb_release -a


Upgrading the OS

  • Download the new OS server ISO and copy to the host machine's hard drive
    • Tip: It is faster to download on a data-center server, and then copy to your office PC, and delete the server copy
  • Add the ISO as the CD-Rom drive for the VM
  • Connect to the VM from the VM (Hyper-V) Manager
  • Re-start the VM from the host machine
  • The installer should be running from the CD-ROM, follow the instructions to install the OS on the whole hard disk
  • In the applications, choose SSH server and docker to be installed
  • Login name: administrator; password: same as the previous VM
  • Server name: redmine
  • Ethernet setup:
    • During the setup:
      • Choose eth0custom for defining static IP
      • IP address: <your host server's IP Address>/24
      • Name server: <DNS name server IP>
      • Gateway: <your network gateway>
    • On re-boot, remove the CD-ROM for the VM, so it does not boot from it
    • You can customize the netowork setup by editing etc/netplan/00-installer-config.yaml
      • On re-boot, remove the CD-ROM for the VM, so it does not boot from it
    • Add to /etc/hosts, any items that are not published on the DNS server:
      <your server IP address>   REDMINE
      <main server IP>   <mail server domainname e.g mail.abc.com>
      <database server IP>      <database server domain name>
      <messaging server IP>    <messagin server domainname>

Install docker (if needed)

This step is needed only if docker is not already installed

Instructions for Ubuntu-based OS : https://docs.docker.com/engine/install/ubuntu/

1. Update and install pre-requisites

$ for pkg in docker.io docker-doc docker-compose podman-docker containerd runc; do sudo apt-get remove $pkg; done

$ sudo apt update

$ sudo apt upgrade -y

 unattended-upgrades -- locally changed file was kept

 error:

Processing triggers for initramfs-tools (0.130ubuntu3.13) ...
update-initramfs: Generating /boot/initrd.img-4.15.0-213-generic
W: Operation was interrupted before it could finish

# Try to fix the error in building boot image:

$ sudo update-initramfs -u -k all
$ sudo update-grub

2. Add Docker's official GPG key:

$ sudo apt install ca-certificates curl gnupg
$ sudo install -m 0755 -d /etc/apt/keyrings
$ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
$ sudo chmod a+r /etc/apt/keyrings/docker.gpg

3. Set up the repository:

$ echo   "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu   "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" |   sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

4. Update the apt package index:

$ sudo apt update

To install and test the latest version of docker, run:

$ sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

# test docker
$ sudo docker run hello-world

To be able to run the docker command without having to type sudo every time,  run:

# Add group for docker (be aware of security concerns, it allows running as root)
$ sudo addgroup docker

# Add user "administrator" to docker group
$ sudo usermod -aG docker administrator

# Activate changes to the group to avoid re-starting the server
$ newgrp docker

# Now we can run docker commands without sudo
$ docker run hello-world

Redmine Setup

Prepare to Launch the Redmine Docker Image

Create assets in the docker host machine's local storage, so they will be preserved when the docker container is stopped

$ mkdir ~/downloads
$ mkdir ~/redmine-docker
$ cd ~/redmine-docker
$ mkdir assets
$ cd assets
$ mkdir plugins-new
$ mkdir plugins
$ mkdir themes

# This command is to prepare to provide email server and database config:
$ mkdir config

# For upgrading in the same OS:
# Copy previous redmine instance's files for the new instance:
$ sudo cp -r ~/www/redmine/files .
$ sudo cp -r ~/www/redmine/plugins/* ./plugins/

# This command is for Production Server only:
$ sudo cp -r ~/www/redmine/config/configuration.yml ./config/

# OR for Fresh OS, copy-in the backup files and extract them:
# Use scp in reverse direction from the backup computer to the
# downloads folder, and then extract the tar files as shown here:
$ tar -xzf ~/downloads/redmine-files.gz ./
$ tar -xzf ~/downloads/redmine-plugins.gz ./
$ tar -xzf ~/downloads/redmine-themes.gz ./

# Remove the obsolete plugins we got from the backup file, for example:
$ sudo rm -rf plugins/clipboard_image_paste
$ sudo rm -rf plugins/redmine_agile
$ sudo rm -rf plugins/redmine_custom_css
$ sudo rm -rf plugins/redmine_emojibutton
$ sudo rm -rf plugins/redmine_lightbox2

# Download or copy the new plugins

$ cd plugins-new

$ git clone https://github.com/red-soft-ru/time_logger.git time_logger

$ git clone https://github.com/onozaty/redmine-view-customize.git view_customize

$ git clone https://github.com/AlphaNodes/redmine_messenger.git redmine_messenger

$  wget -O checklists.zip <your checklists plugin download link> 
$ unzip checklists.zip
$ rm checklists.zip

$ wget -O redminex-lightbox2-1-0-0.zip <your lightbox2 plugin download link> 
$ unzip redminex-lightbox2-1-0-0.zip
$ rm redminex-lightbox2-1-0-0.zip

# Install Coffee theme
$ cd ../themes
$ wget -O coffee.zip <your theme download link> 
$ unzip coffee.zip $ rm coffee.zip $ cd .. # Change ownership of the asset folders to the administrator $ sudo chown -R administrator:docker plugins $ sudo chown -R administrator:docker plugins-new $ sudo chown -R administrator:docker files $ sudo chown -R administrator:docker themes $ sudo chown -R administrator:docker config $ sudo chmod -R 777 plugins $ sudo chmod -R 777 plugins-new $ sudo chmod -R 777 files $ sudo chmod -R 777 themes $ sudo chmod -R 777 config # move to the redmine docker project folder $ cd ~/redmine-docker

Setup email server

For Production Server only:

  • Create the file assets/config/configuration.yml
$ nano assets/config/configuration.yml
  • Make sure these items in the file are as shown below:
# = Redmine configuration file
#
# Each environment has it's own configuration options.  If you are only
# running in production, only the production block needs to be configured.
# Environment specific configuration options override the default ones.
#
# Note that this file needs to be a valid YAML file.
# DO NOT USE TABS! Use 2 spaces instead of tabs for identation.

# default configuration options for all environments
default:
  # database command timeout
  checkout_timeout: 30

  # Outgoing emails configuration
  # See the examples below and the Rails guide for more configuration options:
  # http://guides.rubyonrails.org/action_mailer_basics.html#action-mailer-configuration
  email_delivery:

  # ==== Simple SMTP server at localhost
  #
  #  email_delivery:
  #    delivery_method: :smtp
  #    smtp_settings:
  #      address: "localhost" 
  #      port: 25
  #
  # ==== SMTP server at example.com using LOGIN authentication and checking HELO for foo.com
  #
  #  email_delivery:
       delivery_method: :smtp
       smtp_settings:
         address: <you mail server, e.g: mail.abc.com>
         port: <you smtp port>
authentication: :login user_name: <your email client login> password: <you email client password>

Press CTRL+S and CTRL+X to save and exit

Create SQL Server Database Config File

This section shows how to configure the SQL server as the database for Redmine, and set the timeout. Setting the timeout prevents errors when running queries. If you use a different database server, then change the values as needed by your database, or skip this section and use the configuration the docker  compose file (shown below), as described in the Redmine installation documents, for your database.
  • Create the file assets/config/database.yml with the contents shown below :
$ nano assets/config/database.yml

database.yml File Contents:

production:
  adapter: "sqlserver" 
  host: "<SQL server host name or IP>" 
  port: "1433" 
  username: "<SQL server user for redmine database>" 
  password: "<SQL server password for redmine database user>" 
  database: "<Redmine database name>" 
  encoding: "utf8" 
  timeout: 30000

The last line with the timeout helps avoid SQL timeout errors when running queries in Redmine.

Press CTRL+S and CTRL+X to save and exit

Create Docker Compose File

In the folder ~/redmine-docker, create a file compose.yaml with the contents shown below:

# Create and edit the compose.yaml file
$ nano compose.yaml

compose.yaml File Contents:

version: '3.1'

# Build and run redmine docker image
#
# To run the image: sudo docker compose up
# Append -d to run detached (in the background)
# to run with upgrading of plugins, add -e REDMINE_PLUGINS_MIGRATE=1:
#
# $ sudo docker compose run -e REDMINE_PLUGINS_MIGRATE=1

services:

  redmine:
    image: redmine:5.0.5
    container_name: redmine
    restart: always
    ports:
      - 80:3000
    #environment:
    # these have been moved to assets/config/database.yml so we can specify the timeout
    #  REDMINE_DB_SQLSERVER: <SQL server host name or IP>
    #  REDMINE_DB_PASSWORD: <SQL server password for redmine database user>
    #  REDMINE_DB_USERNAME: <SQL server user for redmine database>
    #  REDMINE_DB_DATABASE: <Redmine database name>
    #  REDMINE_DB_ENCODING: utf8
    volumes:
      - /home/administrator/redmine-docker/assets/plugins:/usr/src/redmine/plugins
      - /home/administrator/redmine-docker/assets/themes:/usr/src/redmine/public/themes-new
      - /home/administrator/redmine-docker/assets/files:/usr/src/redmine/files
      - /home/administrator/redmine-docker/assets/config/configuration.yml:/usr/src/redmine/config/configuration.yml
      - /home/administrator/redmine-docker/assets/config/database.yml:/usr/src/redmine/config/database.yml

Press CTRL+S and CTRL+X to save and exit

The above docker cmpose file will setup the Redmine docker instance with port 80 on the host server mapped to the internal port 3000 for Redmine in the docker container. That means you will be able to access Redmine by going to your server's http address.

Launch Redmine Docker Image

$ docker compose build

# Launch docker container in interactiver terminal mode
$ docker compose up

# (To stop the running container in interactive mode, press @CTRL+C@)

# OR launch docker container in the background

$ docker compose up -d

For your reference, you can stop and remove the image as follows:

$ docker compose down

Install and Update Plugins and Themes

After the docker image is running and the website is up, copy or fetch the plugin into the host machine's plugins folder.


Then, login to the docker container's bash CLI and install the plugins using the gem bundler:

# Copy new plugins into the mapped plugin folder and remove the source folder
$ mv -r /home/administrator/redmine-docker/assets/plugins-new/* /home/administrator/redmine-docker/assets/plugins/
$ rm -rf /home/administrator/redmine-docker/assets/plugins-new 

# Find the docker container name
$ sudo docker ps

# The container name is: redmine
# Login to the container's bash CLI:
$ sudo docker exec -ti redmine gosu redmine bash

# Copy the default themes from the new Redmine instance into the new themes folder
redmine-1234$ cp -r /usr/src/redmine/public/themes/*.* /usr/src/redmine/public/themes-new/

# Setup bundle to not install for development and test setup
redmine-1234$ bundle config set --local without 'development test'

# install any new gem bundles
redmine-1234$ bundle install

# Upgrade all the plugins
redmine-1234$ bundle exec rake redmine:plugins:migrate RAILS_ENV=production

redmine-1234$ exit
$

Now that we have copied the new Redmine's default themes into the new themes folder, it now contains the default themes that came with Redmine, as well as our latest downloaded themes. So, let's switch the new themese folder to be the actual themes folder. Edit the compose file and under the volumes section, change to  themes-new to themes:

$ nano compose.yaml

compose.yaml Content under volumes:

      - /home/administrator/redmine-docker/assets/themes:/usr/src/redmine/public/themes

Press CTRL+S and CTRL+X to save and exit

Re-start Redmine:

# Re-start Redmine:
$ docker compose down
$ docker compose up -d

You should now be able to login to Redmine using your old Redmine login instance by going to your host machine's IP or DNS name as http://<server IP or domain name>

Configure plugins, etc

  • For users to use the API access key, Enable REST web service must be turned on in the "API" tab of the setting page.
  • You can use the view-customize plugin to inject css and js into Redmine:
    • go to Administration/View customize
    • Click on the + sign for New View Customize
      • define pattern as: /issues
      • Insertion position: Head of all pages
      • Type: CSS
      • Code: Enter your customized css code
      • Enabled: Checked
      • Click Create on the bottom-left
    • Click on the + sign for New View Customize
      • define pattern as: /issues
      • Insertion position: Head of all pages
      • Type: Javascript
      • Code: Enter your customized js code
      • Enabled: Checked
      • Click Create on the bottom-left

LDAP Configuration

We use Exchange server for user authentication, and this section shows how to setup LDAP Authentication in Redmine for user authenitcation via the exchange server.
  • Click Administration
  • Click LDAP Authentication
  • Click New Authentication Mode near the top-right
  • Enter these values:
    FieldValue
    NameActive Directory
    Host<your LDAP server name e..g ldap.abc.com>
    Port, protocol389, LDAP
    Account<LDAP domain e.g. abc>\$login
    Password[leave empty]
    Base DNDC=<LDAP domain e.g abc>,DC=com
    LDAP filter[leave empty]
    Timeout[leave empty] or try : (sAMAccountType=805306368)
    On-the-fly user creation[checked]
    ATTRIBUTES
    Login attributesAMAccountName
    Firstname AttributegivenName
    Lastname AttributesN
    email Attributemail

Test LDAP:

You can test to make sure LDAP is working on the host machine as follows: 

# install LDAP utilities
$ sudo apt install ldap-utils -y

# test LDAP connection
$ ldapsearch -H ldap://<LDAP server domain name>  -D "<username@domain.com>" -W -b "dc=<LDAP domain e.g. abc>,dc=com" "(sAMAccountType=805306368)" | grep "# " 

If LDAP is working on the host machine, then you can switch any user to login via Active directory by changing the Authentication Mode to use Active directory, in theur User settings. Their login name will be the part of your email before the @ sign. The password will be your Active directory passowrd for that login.

I would suggest that you make another admin account with Authentication Mode set to Internal Login, before switching yoru main admin account to use Active Directory. This is so that in case Active Directory login fails, you can still get into Redmine using that other account as an Admin, and fix things.

Friday, November 3, 2023

Convert Redmine to Run in a Docker Container - Part I

 Introduction

We have been running Redmine, an issue tracking system, on a Virtual Machine running Ubuntu. The Ubuntu OS is near end of life for support, and the Redmine version is also very old. So we wanted to upgrade both the OS and Redmine to the latest versions.

The following article describes the steps we took to upgrade the OS and Redmine.

As an option, you can upgrade only Redmine to run in a docker container, and that will simplify the data backup part of the task, because you can copy the existing data to a new location on the same server.

Convention

When you see code blocks:

  • Lines that start with $ are commands to be typed (or copy-pasted), without the $, into the terminal window
  • Lines that start with # are helpful comments for you