Proxmox GUI webpage stuck on loading

Connection time out!!!! So boring nah?

I can’t figure out where the problem is. It works and then couple of hours later I’d come back and it keeps on loading forever. SSH works fine, can SSH into containers as well. Just the GUI doesn’t work. Tried full upgrade. Checked for network conflicts, doesn’t seem to be any.

Here’s the tidbit solution to this probelm like similar (BTW works on PVE 6/7 version apparent)-

If browser refresh doesn’t work, then please post the output:

apt update
apt full-upgrade
pveversion -v

Then Run

apt install --reinstall pve-manager proxmox-widget-toolkit
systemctl restart pveproxy pvestatd pvedaemon
systemctl daemon-reload
Share

Zimbra Let’s Encrypt SSL Script

#!/bin/bash -x

# SSL certificate installation in Zimbra
# with SSL certificate provided by Let's Encrypt (letsencrypt.org)

# Check if running as root
if [ "$(id -u)" != "0" ]; then
echo "This script must be run as root" 1>&2
exit 1
fi

read -p 'letsencrypt_email [mail@server]: ' letsencrypt_email
read -p 'mail_server_url [mail.server]: ' mail_server_url

# Check All variable have a value
if [ -z $mail_server_url ] || [ -z $letsencrypt_email ]
then
echo run script again please insert all value. do not miss any value
else

# Installation start
# Stop the jetty or nginx service at Zimbra level
su - zimbra -c 'zmproxyctl stop'
su - zimbra -c 'zmmailboxdctl stop'

# Install git and letsencrypt
cd /opt/
apt-get install git
git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt

# Get SSL certificate
./letsencrypt-auto certonly --standalone --non-interactive --agree-tos --email $letsencrypt_email -d $mail_server_url --hsts
cd /etc/letsencrypt/live/$mail_server_url
cat <<EOF >>chain.pem
-----BEGIN CERTIFICATE-----
MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow
PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O
rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq
OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b
xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw
7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD
aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG
SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69
ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr
AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz
R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5
JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo
Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
-----END CERTIFICATE-----
EOF

# Verify commercial certificate
mkdir /opt/zimbra/ssl/letsencrypt
cp /etc/letsencrypt/live/$mail_server_url/* /opt/zimbra/ssl/letsencrypt/
chown zimbra:zimbra /opt/zimbra/ssl/letsencrypt/*
ls -la /opt/zimbra/ssl/letsencrypt/
su - zimbra -c 'cd /opt/zimbra/ssl/letsencrypt/ && /opt/zimbra/bin/zmcertmgr verifycrt comm privkey.pem cert.pem chain.pem'

# Deploy the new Let's Encrypt SSL certificate
cp -a /opt/zimbra/ssl/zimbra /opt/zimbra/ssl/zimbra.$(date "+%Y%m%d")
cp /opt/zimbra/ssl/letsencrypt/privkey.pem /opt/zimbra/ssl/zimbra/commercial/commercial.key
sudo chown zimbra:zimbra /opt/zimbra/ssl/zimbra/commercial/commercial.key
su - zimbra -c 'cd /opt/zimbra/ssl/letsencrypt/ && /opt/zimbra/bin/zmcertmgr deploycrt comm cert.pem chain.pem'

# Restart Zimbra
su - zimbra -c 'zmcontrol restart'

# setting auto https redirect
cd /opt && touch https-redirect.sh && chown zimbra:zimbra https-redirect.sh && chmod +x https-redirect.sh
cat <<EOF >>/opt/https-redirect.sh
zmprov ms $mail_server_url zimbraReverseProxyMailMode redirect
EOF
su - zimbra -c '/opt/https-redirect.sh'
rm /opt/https-redirect.sh
fi
Share

Setup HAProxy Load Balancer for MariaDB Galera Cluster

If you check the above test scenario and try to create DBs on any of the nodes, you would see that the data would automatically sync between the nodes. Which means Availability is achieved. Now to achieve high availability we will use HaProxy as the loadbalancer.

Set up another VM for this and install HAProxy as follows.

sudo apt-get update
sudo apt-get install haproxy

Edit HA Proxy Config as follows.

sudo vim /etc/haproxy/haproxy.cfg

Add the following lines. Continue reading “Setup HAProxy Load Balancer for MariaDB Galera Cluster” »

Share

MariaDB Galera Cluster on Ubuntu 20

MariaDB Galera Cluster is a synchronous multi-master cluster for MariaDB with support for XtraDB/InnoDB storage engines. It has the following top features.

  • It provides active-active multi-master topology
  • You can read and write to any cluster node
  • It has an automatic node joining
  • Automatic membership control, failed nodes drop from the cluster
  • Has true parallel replication, on row level
  • Direct client connections
sudo apt update && sudo apt -y upgrade
sudo reboot

Setup Hostnames

Here’re the IP plans of my servers-

Continue reading “MariaDB Galera Cluster on Ubuntu 20” »

Share

Installer for jitsi-meet, jigasi and jibri

Found this lovely code base (that actually worked) on github, supported on a debian 10/11 or ubuntu 20+ versions-

The script (jitsi_setup.sh) can be used to install stable version of all 3 on a stand-alone server. This is simply a script version of quick-install document at https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-quickstart

It Installs below mentioned software:

nginx, prosody, jitsi-meet-prosody, jitsi-meet, jitsi-meet-web, jitsi-meet-web-config, jitsi-meet-turnserver, jicofo, jitsi-videobridge2

Below are optional, will be installed only if opted for:

jigasi (https://github.com/jitsi/jigasi)
jibri (https://github.com/jitsi/jibri)

Also has option for configuring:

  • secure domain (https://jitsi.github.io/handbook/docs/devops-guide/secure-domain)
  • jigasi authentication (find it towards the end of secure domain link)
  • transcription(Google/Vosk) (https://github.com/jitsi/jigasi#configuring-sip-and-transcription)
  • Etherpad (https://github.com/ether/etherpad-lite)

Continue reading “Installer for jitsi-meet, jigasi and jibri” »

Share

Running pfSense in a XenServer with xenguest

If you deploy pfSense on a XenServer, you may be shocked at the performance loss-specially on interface speed! But wait, there are some tweaks to make this usable.

Installing pfSense

Go ahead and setup pfSense like normal, and when you are done, perform the following tweaks. (the day till it’s tested on pfsense version 2.5.2 and xen on scp-ng 8.1)

XenServer tweaks

Find UUID for the pfSense VM you just installed.

xe vm-list

You should get something like the following

uuid ( RO) : b435d920-eb22-b45d-5058-091619ed427f
name-label ( RW): pfSense
power-state ( RO): running

uuid ( RO) : 42626f69-6185-4aa6-a125-839700f96828
name-label ( RW): Control domain on host: xenserver-000
power-state ( RO): running

We want the UUID of the instance running pfSense, b435d920-eb22-b45d-5058-091619ed427f in this case. Continue reading “Running pfSense in a XenServer with xenguest” »

Share

Build WAF with Reverse Proxy Load Balancer using Nginx

Getting Started

First, it is recommended to update and upgrade all your software packages to the latest version. You can update all of them by running the following command:

apt update -y
apt upgrade -y

Once all the packages are updated, install other required packages with the following command:

apt install g++ flex bison curl apache2-dev doxygen libyajl-dev ssdeep liblua5.2-dev libgeoip-dev libtool dh-autoreconf libcurl4-gnutls-dev libxml2 libpcre++-dev libxml2-dev git liblmdb-dev libpkgconf3 lmdb-doc pkgconf zlib1g-dev libssl-dev -y

Once you are done, you can proceed to the next step.

Install ModSecurity on Ubuntu 22.04

By default, the ModSecurity package is not included in the Ubuntu default repository. So you will need to compile it from the source.

First, download the latest version of ModSecurity with the following command:

wget https://github.com/SpiderLabs/ModSecurity/releases/download/v3.0.8/modsecurity-v3.0.8.tar.gz

Once the download is completed, extract the downloaded file with the following command:

tar -xvzf modsecurity-v3.0.8.tar.gz

Next, navigate to the extracted directory and configure it with the following command: Continue reading “Build WAF with Reverse Proxy Load Balancer using Nginx” »

Share

M3U Restream

There’s a wonderful piece of microservice node.js based restream utility, that let you re-stream from a source and also do the ffmped transcoding if you’d like. I just liked the piece!

My installed OS was Ubuntu 18.x and I used node version 12.x.

The problem

You have an IPTV provider that provides an (extended) M3U playlist file. You want to:

  • Add HTTPS encryption to the streams (and probably move the unencrypted reception offsite).
  • Transcode the streams to a lower bitrate, or convert to a uniform video or audio format.

The solution

Run this software, preferably on an offsite host. It only requires a Node installation (No NPM modules are required!). To add HTTPS support, front it with nginx (or similar). Continue reading “M3U Restream” »

Share

Install Discourse on Ubuntu 20.04

Secure the Server

Turn on automatic security updates.

$ sudo dpkg-reconfigure -plow unattended-upgrades

Setup a firewall with ufw.

$ sudo apt-get install ufw
$ sudo ufw default allow outgoing
$ sudo ufw default deny incoming
$ sudo ufw allow 22 comment 'SSH'
$ sudo ufw allow http comment 'HTTP'
$ sudo ufw allow https comment 'HTTPS'
$ sudo ufw enable

Install fail2ban to secure your server

$ sudo apt install fail2ban

Configure fail2ban to Use ufw

Copy the main configuration to avoid unexpected changes during package updates.

$ sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

Edit the configuration file with your favorite text editor

$ sudo nano /etc/fail2ban/jail.local

Change the banaction and banaction_allports settings to ufw in the file /etc/fail2ban/jail.local as follows: Continue reading “Install Discourse on Ubuntu 20.04” »

Share