Setting Up Webmin/Fail2ban/Freeswitch in Debian

Webmin Setup

The simplest and best way to get Webmin is to use automatic webmin-setup-repo.sh script to configure repositories on your RHEL or Debian derivative systems. It can be done in two easy steps:

$curl -o webmin-setup-repo.sh https://raw.githubusercontent.com/webmin/webmin/master/webmin-setup-repo.sh
sudo sh webmin-setup-repo.sh

This script will automatically setup our repository and install our GPG keys on your system, and provide webmin package for installation and easy upgrades in the future.

Install

If Webmin repository was setup using our webmin-setup-repo.sh as described above then Webmin can be installed as easy as:

$ sudo apt-get install webmin --install-recommends

Access

Open ports for both Webmin and Freeswitch.

$ ufw allow 10000/tcp
$ ufw allow 3478:3479/udp
$ ufw allow 5060
$ ufw allow 5080
$ ufw allow 8021/tcp
$ ufw allow 16384:32768/udp

After successful Webmin installation, you can access its interface by entering https://<Your-Server-IP>:10000 in your browser..

Freeswitch Setup

$curl -sSL https://freeswitch.org/fsget | bash -s [Personal Access Token] release install
$ sudo apt install freeswitch-mod-flite fail2ban

Fail2ban Setup

Fail2ban’s jail.conf file contains a standard configuration for FreeSWITCH.

From Standard jail.conf

[shd] <-- Make sure that this section is empty.

[freeswitch]
enabled  = true
port     = 5060,5061
action_  = %(default/action_)s[name=%(__name__)s-tcp, protocol="tcp"]
           %(default/action_)s[name=%(__name__)s-udp, protocol="udp"]
logpath  = /var/log/freeswitch/freeswitch.log
filter   = freeswitch-ip

/etc/fail2ban/filter.d/freeswitch-ip.conf

# Fail2Ban configuration file
[Definition]
failregex = \[WARNING\] sofia_reg.c:\d+ Can't find user \[.*@\d+.\d+.\d+.\d+\] from <HOST>
ignoreregex =

Add the following line to the [DEFAULT] section of /etc/fail2ban/paths-debian.conf:

sshd_backend = systemd

In Webmin, go to Networking > Fail2ban Intrusion Detector and click on Filter Action Jails. Click on Freeswitch in the list and change ‘Check for log file updates using‘ to systemd and click on the ‘Save’ button.

Usage

To check the status of fail2ban:

$ systemctl status fail2ban.service

To check the IP addresses that were blocked:

$ fail2ban-client banned

Resources

https://webmin.com/download/

https://developer.signalwire.com/freeswitch/FreeSWITCH-Explained/Installation/Linux/Debian_67240088#about

https://developer.signalwire.com/freeswitch/FreeSWITCH-Explained/Security/Fail2Ban_1049236/

https://github.com/fail2ban/fail2ban/issues/3567

https://stackoverflow.com/questions/3561289/what-ports-does-freeswitch-need-open

Setting Up a Syncthing System Service

Create the user who should run the service, or choose an existing one.(Skip if your distribution package already installs these files, see above.) From git location copy the syncthing@.service file into the load path of the system instance. On Debian 12, the path of the file is ‘/usr/lib/systemd/system’. I also added the following lines to the [Service] section of the file:

Group=users
UMask=0002

The umask only works when ‘Ignore Permissions’ is enabled for the folder. Enable and start the service. Replace “myuser” with the actual Syncthing user after the @:

$ sudo systemctl enable syncthing@myuser.service
$ sudo systemctl start syncthing@myuser.service

Reference

https://docs.syncthing.net/users/autostart.html

Setting Up IMAPdump in Debian

IMAPdump, requires OpenSSL to be installed. Install it using the following command:

$ sudo apt install openssl

The IO::Socket::SSL Perl module is also required. First, install using the following command:

$ sudo perl -MCPAN -e shell

Then enter the following command from within the cpan shell:

cpan[1]> install IO::Socket::SSL

Now IMAPdump should run without errors. You can download it from https://github.com/andrewnimmo/rick-sanders-imap-tools.

Install Nextcloud on a Raspberry Pi 5 using Snap

This article assumes that you have all of your files in the /volume1 folder. In order to be able to access these files from within Nextcloud’s External Storage app, you will need to add the following line in /etc/fstab:

/volume1 /mnt/volume1 none bind

Also, until Redis packages are made to take advantage of the larger page size of the Raspberry Pi 5, we will have to add the following line to /boot/firmware/config.txt:

kernel=kernel8.img

Now install nextcloud using the following commands:

$ sudo apt install snapd
$ sudo snap install snapd
$ sudo snap install nextcloud

You should now be able to access the Nextcloud installer by entering the Pi’s IP address in a browser on the same network. If you want to install an SSL certificate then use the following command:

$ sudo /snap/bin/nextcloud.enable-https lets-encrypt

You will be asked to provide an email address and the domain name to be used. You will need to add the following lines to the config.php file for Nextcloud. This file should be located in /var/snap/nextcloud/current/nextcloud/config/config.php.

'overwritehost' => 'example.com',
'overwriteprotocol' => 'https',
'trusted_domains' => 
array (
  0 => 'example.com',
),

Now you should be able to access Nextcloud using your domain name.

References

https://help.nextcloud.com/t/redis-crashing-on-startup-after-swapping-rpi4-8gb-with-rpi5-8gb/182242

https://snapcraft.io/install/nextcloud/debian

https://github.com/nextcloud-snap/nextcloud-snap/wiki/Nextcloud-snap-step-by-step/38e0ac1ceb23a990f10471546b95e2f04f060314