Let's Encrypt on Exchange 2013

Preparation

Go to https://www.win-acme.com/ and download the latest release and unzip it to a directory of your choice.

Open on your firewall port 80

Make sure that on your IIS you have a default site on port 80

Execution

Open a CMD with Administrator privileges 

run: 

wacs.exe --target manual --host mail.yourdomain.com,autodiscover.yourdomain.com --certificatestore My --acl-fullcontrol "network service,administrators" --installation iis,script --installationsiteid 1 --script "./Scripts/ImportExchange.ps1" --scriptparameters "'{CertThumbprint}' 'IIS,SMTP,IMAP' 1 '{CacheFile}' '{CachePassword}' '{CertFriendlyName}'"

Close Port 80

That's it

Atlassian Confluence SSL with Let'sEncrypt Certificates

 Let's Encrypt und Atlassian Confluence

1. Install Certbot

sudo snap install core; sudo snap refresh core

sudo snap install --classic certbot

sudo ln -s /snap/bin/certbot /usr/bin/certbot

2. Tomcat modification

Add to server.xml

<Connector acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" port="8080" protocol="HTTP/1.1" redirectPort="8443" useBodyEncodingForURI="true"/>

This enables Tomcat to listen on Port 80.

Restart Tomcat

Open your firewall that Port 80 reaches your Confluence server.

3. Request your Certificate

certbot certonly --standalone -d confluence.yourdomain.com

4. Create P12 Certificate

openssl pkcs12 -export -out /tmp/confluence.p12 -in /etc/letsencrypt/live/confluence.yourdomain.com/fullchain.pem -inkey /etc/letsencrypt/live/confluence.yourdomain.com/privkey.pem -name tomcat

(Note your export Password - you need it later in step 6 and for your server.xml)

5. Prepare your Keystore

keytool -delete -alias tomcat -keystore <MY_KEYSTORE_FILENAME>

6. Import Let's Encrypt Certificate

 keytool -importkeystore -deststorepass '1234' -destkeypass '1234' -destkeystore /opt/atlassian/confluence/ConfluenceKeyStore.jks -srckeystore /tmp/confluence.p12 -srcstoretype PKCS12 -srcstorepass '1234' -alias tomcat

7. Clean Up

Delete entry added in step 2 from server.xml and ckeck if the path to your new keystore and password are correct.

Restart confluence

Close Port 80 on your Firewall 

SNOM VPN tar

 Some hint to create the correct tarball

vpn.cnf:

dev tun

persist-tun

persist-key

cipher AES-256-CBC

auth SHA1

tls-client

client

resolv-retry infinite

remote ip-of-your-firewall 1199 udp

ca /openvpn/ca.crt

cert /openvpn/phone1.crt

key /openvpn/phone1.key

remote-cert-tls server

to create the ball:

put all files in one empty directory

then:

chown -Rf root:root *
chmod -R 700 *
tar cvpf vpnclient.tar *

Secure erase of Harddisks

In case you have to do a secure erase of a Harddisk (not SSD!)


shred -vfz -n 8 /dev/sda

Jitsi Meeting Installation

In case you want to install Jitsi Meeting

apt update && apt upgrade -V && apt dist-upgrade && apt autoremove

reboot

sudo ufw allow OpenSSH
sudo ufw allow http
sudo ufw allow https
sudo ufw allow in 10000:20000/udp 

sudo ufw enable

sudo apt install -y openjdk-8-jre-headless

sudo apt install -y nginx
sudo systemctl start nginx.service 

sudo systemctl enable nginx.service

wget -qO - https://download.jitsi.org/jitsi-key.gpg.key | sudo apt-key add -
sudo sh -c "echo 'deb https://download.jitsi.org stable/' > /etc/apt/sources.list.d/jitsi-stable.list" 

sudo apt update -y

sudo apt install -y jitsi-meet

Absichern:

Shell

vi  /etc/prosody/conf.avail/meet.meinedomain.de.cfg.lua
Hier werden sog. virtuelle Hosts definiert (nicht zu verwechseln mit den virtuellen Hosts von nginx). Der erste virtuelle Host wird nun so eingestellt, dass eine Authentifizierung erforderlich ist:

VirtualHost "meet.meinedomain.de"
    authentication = "internal_plain"
Am Ende der Datei wird dann ein weiterer virtueller Host hinzugefügt:

VirtualHost "guest.meet.meinedomain.de"
    authentication = "anonymous"
    c2s_require_encryption = false

Als nächstes wird der neue virtuelle Host der Jitsi Meet Installation bekannt gemacht:

vi  /etc/jitsi/meet/meet.meinedomain.de-config.js
Unter der Angabe der eigentlichen Domain wird nun die Domain des zuvor angelegten virtuellen Hosts als „anonyme Domain“ hinterlegt:

hosts: {
        // XMPP domain.
        domain: 'meet.meinedomain.de',

        // When using authentication, domain for guest users.
        anonymousdomain: 'guest.meet.meinedomain.de',
Nun muss noch eine weitere Datei bearbeitet werden:

vi /etc/jitsi/jicofo/sip-communicator.properties
Hier fügen wir einfach nur eine Zeile ein:

org.jitsi.jicofo.auth.URL=XMPP:meet.meinedomain.de

Nun folgt noch ein wichtiger Punkt: Das Hinzufügen von Benutzername und Passwort zum Erstellen neuer Konferenz-Räume. Dazu einfach folgenden Befehl direkt in die Kommandozeile eingeben:


prosodyctl register JitsiAdmin meet.meinedomain.de 'mEinPAssw0rt'

danach neu Starten:

service prosody restart
service jicofo restart
service jitsi-videobridge2 restart

If the installation is on a machine behind NAT jitsi-videobridge should configure itself automatically on boot. If three way call does not work further configuration of jitsi-videobridge is needed in order for it to be accessible from outside. Provided that all required ports are routed (forwarded) to the machine that it runs on. By default these ports are (TCP/443 or TCP/4443 and UDP/10000). The following extra lines need to be added to the file /etc/jitsi/videobridge/sip-communicator.properties:

org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS=<Local.IP.Address>
org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=<Public.IP.Address>

Jitsi crash when a second participant join the conference?On /var/log/jitsi/jicofo.log, a line similar to the following is found:
SEVERE: org.jitsi.jicofo.JitsiMeetConferenceImpl.log() Can not invite participant — no bridge available

To fix the video bridge, the same password (In my example: PASSWord) need to be set on 2 places:

# cat /etc/jitsi/videobridge/config | grep JVB_SECRET
JVB_SECRET=PASSWORD

# cat /etc/jitsi/videobridge/sip-communicator.properties | grep org.jitsi.videobridge.xmpp.user.shard.PASSWORD=
org.jitsi.videobridge.xmpp.user.shard.PASSWORD=PASSWORD

than:

# prosodyctl passwd jvb@auth.your.domain.com
Enter PASSWORD twice here

followed by reboot of your jitsi server

Ubuntu 18 Netplan

In case you have problems with static IP on ubuntu:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20

network: version: 2 renderer: networkd ethernets: enp0s25: dhcp4: yes dhcp6: no gateway4: 172.168.0.1 nameservers: addresses: [172.168.0.1] wifis: wlp3s0: dhcp4: yes dhcp6: no gateway4: 172.168.0.1 nameservers: addresses: [172.168.0.1] access-points: "myssid": password: "mypassword"

Or make an online check: 

http://www.yamllint.com/

don't forget: netplan apply

Grandstream HandyTone 802 (HT802) Fax ATA

In case you have problems to send a fax via VoIP

try this
Tab: FXS PORT

• Use First Matching Vocoder in 200OK SDP to YES
• Preferred Vocoder: choice 1: PCMU
• Fax Mode to Passthrough
• Re-INVITE After Fax Tone Detected to “Enabled”
• Disable Line Echo Canceller (LEC) to YES
• Jitter Buffer Type to Fixed (if that causes issues you can set it to Adaptive)
• Disable Call-Waiting: set to YES
• isable Call-Waiting Caller ID: set to YES
• Disable Call-Waiting Tone: set to YES

MYSQL MD5 Passwort reset in database

In case you have to alter a MD5 password in a mySQL table

1. Create the MD5 hash of your password
2. Create a file called password.txt, containing nothing but the new password
3. Having a MAC: md5 -q ./password.txt; rm ./password.txt 
4. Login your database 
5. mysql -u root -p
6. show databases;
7. use (name-of-database, i.e. mailer);
8. show tables; 
9. select * from users; (to see what is in your DB)
10. UPDATE users SET password=”(MD5-string-you-made)” WHERE ID = (id#-of-account-you-are-reseting-password-for);
11. “SELECT ID, user_login, user_pass FROM (name-of-table-you-found);” (to confirm your changes)

IGMP Aruba 2920

Some hints about IGMP basics:

show ip igmp <vid>

show ip igmp config

show ip igmp vlan <vid> config

show ip igmp statistics

show ip igmp groups

show ip igmp vlan <vid> group <ip-addr>

Enable

HP Switch(vlan-1)# vlan 1 ip igmp

HP Switch(vlan-1)# ip igmp

Disable

no ip igmp

no vlan 1 ip igmp

Example:
Ports 1-2
auto
Filter multicast traffic. Forward IGMP traffic to hosts on these ports that belong to the multicast group for which the traffic is intended. (Also forward any multicast traffic through any of these ports that is connected to a multicast router.)
Ports 3-4
forward
Forward all multicast traffic through this port.
Ports 5-6
blocked
Drop all multicast traffic received from devices on these ports.
 
HP Switch(config)# vlan 1 ip igmp auto 1,2 forward 3,4
blocked 5,6



HP Switch(vlan-1)# ip igmp auto 1,2 forward 3,4
blocked 5,6

Configuring static multicast groups

Use this command to configure a group on the switch so that multicast traffic for that group can be forwarded with a receiver host. Traffic will be flooded for this group.

Syntax:

[no] ip igmp static-group <group-address>

global:

igmp lookup-mode ip

on your NVX VLAN:

ip address dhcp-bootp

Ports PoE abschalten

[no] interface <port-list> power-over-ethernet

Ports in VLAN nehmen

[no] interface 1,6,7-10 tagged vlan 1,3,5-10