How to – Use the built in Dynamic Portal for Vicibox

Uncategorized

How to – Use the built in Dynamic Portal for Vicibox

by Carpenox 2 Comment
Dynportal

How to – Use the built in Dynamic Portal for Vicibox

Ok so I have had a LOT of people ask me how to use the dynamic portal for Vicibox or for their own Vicidial scratch install. I didn’t think I needed to go over this topic, since it’s in the install instructions for vicibox9, but since there has been a very high demand for it. This is the prelude for the live session I will be giving in a couple hours.

So there is an easy way to install this on your server if you are using a scratch install for Leap by adding the repo for Vicibox that matches your Linux distro. You can go to the url below:

https://download.opensuse.org/repositories/home:/vicidial:/vicibox/

Once you find the Leap version you are using, just add the repo such as this: For this example, Leap 15.2

The Steps – Vicibox Dynamic Portal

Step 1 – Add the Vicibox repo

zypper ar https://download.opensuse.org/repositories/home:/vicidial:/vicibox/openSUSE_Leap_15.2/home:vicidial:vicibox.repo
zypper ar https://download.opensuse.org/repositories/home:/vicidial:/vicibox/openSUSE_Leap_15.2/home:vicidial:vicibox.repo

Step 2 – Install the needed files

After you add the repo, you can just type: 

zypper install vicibox*

Step 3 – Edit the apache config files for dynamic portal

For this next part I will show you the code for the dynamic portal conf file incase you are trying to install this on another OS. Here is the dynportal.conf file which is in /etc/apache2/vhost.d/ and you can find an example of the ssl version below in the picture

<VirtualHost *:81>
        ServerAdmin admin@company.com
        # This needs to be different from other vhosts otherwise they'll get
        # mod_cband applied to it too since it works by ServerName not VHost
        ServerName dynportal.company.com
        #ServerAlias
        DocumentRoot /srv/www/vhosts/dynportal
        ErrorLog /var/log/apache2/dynportal-error_log
        #CustomLog /var/log/apache2/access_log combined
        CustomLog /dev/null combined
        HostnameLookups Off
        UseCanonicalName Off
        ServerSignature Off
        TraceEnable Off
        Include /etc/apache2/conf.d/php7.conf
        Include /etc/apache2/conf.d/mod_deflate.conf
        Include /etc/apache2/conf.d/mod_cband.portal
        DirectoryIndex index.html index.php index.htm

        # Prevent access to debug and other things
        <Files ~ "^\.ht">
                Require all denied
        </Files>
        <Files ~ "^\debug.txt">
                Require all denied
        </Files>
        <Directory "/srv/www/vhosts/dynportal/inc">
                Require all denied
        </Directory>

        # And allow our directory to be served finally
        <Directory "/srv/www/vhosts/dynportal">
                Options FollowSymLinks
                AllowOverride None
                Require all granted
        </Directory>

        # Take care of CSS and some other web-crap security things
        <IfModule mod_headers.c>
                Header always set X-Frame-Options: DENY
                Header always set X-XSS-Protection "1; mode=block"
                Header always set X-Content-Type-Options: nosniff
                Header always set Content-Security-Policy "script-src 'self'; object-src 'self'"
                Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;"
        </IfModule>

</VirtualHost>

Make sure you change the domain and email and then restart Apache: service apache restart

dynportal-ssl.conf file example
<VirtualHost *:446>
        ServerAdmin admin@agentwebdialer.com
        # This needs to be different from other vhosts otherwise they'll get
        # mod_cband applied to it too since it work by ServerName not VHost
        ServerName agentwebdialer.com
        #ServerAlias
        DocumentRoot /srv/www/vhosts/dynportal
        ErrorLog /var/log/apache2/dynportal-error_log
        #CustomLog /var/log/apache2/access_log combined
        CustomLog /dev/null combined
        HostnameLookups Off
        UseCanonicalName Off
        ServerSignature Off
        TraceEnable Off
        Include /etc/apache2/conf.d/php7.conf
        Include /etc/apache2/conf.d/mod_deflate.conf
        Include /etc/apache2/conf.d/mod_cband.portal
        DirectoryIndex index.html index.php index.htm

        # Configure SSL cert
        SSLEngine on
        SSLCertificateFile /etc/certbot/live/agentwebdialer.com/cert.pem
        #SSLCACertificateFile /etc/apache2/ssl.crt/CA_chain.crt
        SSLCertificateKeyFile /etc/certbot/live/agentwebdialer.com/privkey.pem

        # SSL Options
        <FilesMatch "\.(php)$">
                SSLOptions +StdEnvVars
        </FilesMatch>
        SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0

        # Prevent access to debug and other things
        <Files ~ "^\.ht">
                Require all denied
        </Files>
        <Files ~ "^\debug.txt">
                Require all denied
        </Files>
        <Directory "/srv/www/vhosts/dynportal/inc">
                Require all denied
        </Directory>

        # And allow our directory to be served finally
        <Directory "/srv/www/vhosts/dynportal">
                Options Indexes FollowSymLinks
                AllowOverride None
                Require all granted
        </Directory>

        # Take care of CSS and some other web-crap security things
        <IfModule mod_headers.c>
                Header always set X-Frame-Options: DENY
                Header always set X-XSS-Protection "1; mode=block"
                Header always set X-Content-Type-Options: nosniff
                Header always set Content-Security-Policy "script-src 'self'; object-src 'self'"
                Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;"
        </IfModule>

</VirtualHost>

Step 4 – Change the default settings for the dynamic portal

Make sure you change the defaults.inc.php file in /srv/www/vhosts/dynportal/inc

defaults,inc.php

Step 5- Open Ports on Firewall

There is a service added to the yast firewall to add the dynamic portal named viciportal, make sure you add this to the “public” zone

Open the port in the firewall to the “trusted” zone

Step 6 – Add Crontab Entry

The last step is to add a crontab entry for the dynamic portal entries as such:

### ViciBox integrated firewall, by default just load the VoIP Black list and reload it every 4 hours
### You can lock everyone out of your server if you set this wrong, so understand what you are doing!!!
@reboot /usr/local/bin/VB-firewall.pl --whitelist=ViciWhite --dynamic --quiet
* * * * * /usr/local/bin/VB-firewall.pl --whitelist=ViciWhite --dynamic
I changed the timing on the crontab entry to every 60 seconds from its original setting

Step 6 – Change folder permissions & Restart Apache

chmod -R 775 /srv/www/vhosts/dynportal
service apache restart

Step 7 – You’re Done! Check it out!

After you restart apache and open the port in the firewall, you should be able to go to http://yourserver:81/valid8.php or https://yourserver:446/valid8.php for SSL and see the following:

Dynamic Portal

Well, that’s it, I did this from memory instead of trying it from scratch so if I missed anything, I’ll update the instructions, just leave a comment below. Thanks. See you guys soon at the Live session: https://fb.me/e/5zj1fJ9Fg

-Nox

Leave a Reply