NETWAYS Web Services: Connect to your own Domain!

This entry is part of 10 in the series NETWAYS Web Services

Our team has continued to improve the NETWAYS Web Services products for providing more comfort to our customers. Now any app can be run under its own Domain Name in combination with its own SSL certificate. This option is available for the following products:

The implementation within the product is quite simple. After your app has been created successfully, you will find a new webform in your app’s Access tab. Here is an example of a Request Tracker app:

As the webform shows, customers simply have to enter a registered Domain Name and their SSL Certificate as well as their SSL Key. The implementation in the app will be done by our NWS platform fully automated. Customers only need to take care about the quality and correctness of the certificate and to make sure they enter the DNS record correctly on their Domain Name Server. The IP address needed will be indicated underneath the webform in the information section. Furthermore, it is still possible to set an additional CName for your app. This means that your customized Domain Name and the CName can be used in parallel. Furthermore, the platform generated standard URL will stay valid and customers can always go back to the initial settings by removing their entries from the webform.

After clicking the save button, the app will be restarted and all changes will be taken into production immediately.

The bonus of this option is clear: Anybody working with your apps will be glad to use easy to read and memorize URLs. Furthermore, company identity and culture is even more important today than ever. So why not also provide your SuiteCRM, Rocket.Chat or Nextcloud with a well branded URL?

More information can be found on our NWS homepage, in any of our product sections or by contacting us via the NWS livechat.

Important note: All NWS products are up for a 30 day free trial!

Nicole Lang

Autor: Nicole Lang

Ihr Interesse für die IT kam bei Nicole in ihrer Zeit als Übersetzerin mit dem Fachgebiet Technik. Seit 2010 sammelt sie bereits Erfahrungen im Support und der Administration von Storagesystemen beim ZDF in Mainz. Ab September 2016 startete Sie Ihre Ausbildung zur Fachinformatikerin für Systemintegration bei NETWAYS, wo sie vor allem das Arbeiten mit Linux und freier Software reizt. In ihrer Freizeit überschüttet Sie Ihren Hund mit Liebe, kocht viel Gesundes, werkelt im Garten, liest Bücher und zockt auch mal gerne.

NETWAYS Web Services: GitLab EE

This entry is part 1 of 10 in the series NETWAYS Web Services

The NETWAYS Web Services Team is proud to announce the arrival of a new product: Customers can now have their GitLab EE instances hosted on our NWS platform.

Version control has become one of the most important aspects of everyday work life and has gone far beyond being only used by development teams. Many more use cases for version control have been created so far and are still to come. Even small teams are already using GitLab CE for controlling their workflows which is one of our reasons to offer this software as a hosted product.

After realizing that many users needed higher performance for increasing their productivity, we decided to add GitLab EE to our portofolio as it offers many more options and features than the CE version – without having to take care of the underlying hard- and software layers needed for running the application.

The process of hosting GitLab EE with us is almost as simple and comfortable as with all our other products – create an NWS account, choose a product and get started. GitLab EE makes a little exception for it is an Enterprise product and therefore customers need to provide a license acquired at GitLab. You can be sure that all features included in your license will be available in your NWS container right from the start.

This license is the only aspect the customer needs to take care of – NWS will provide all the comfort our customers already know from our other products, like maintenance works, updates, patches and a stable and well monitored platform underneath.

 

All those who do not want to worry about their version control should take a look at our attractive and scalable plans as well as individually sized solutions for hosting GitLab EE. More information can be found on our NWS homepage, in our GitLab EE section or by contacting us via the NWS livechat.

Important note: All NWS products are up for a 30 day free trial!

 

Nicole Lang

Autor: Nicole Lang

Ihr Interesse für die IT kam bei Nicole in ihrer Zeit als Übersetzerin mit dem Fachgebiet Technik. Seit 2010 sammelt sie bereits Erfahrungen im Support und der Administration von Storagesystemen beim ZDF in Mainz. Ab September 2016 startete Sie Ihre Ausbildung zur Fachinformatikerin für Systemintegration bei NETWAYS, wo sie vor allem das Arbeiten mit Linux und freier Software reizt. In ihrer Freizeit überschüttet Sie Ihren Hund mit Liebe, kocht viel Gesundes, werkelt im Garten, liest Bücher und zockt auch mal gerne.

Shopware Update

Jeder nutzt für seine Dienste die verschiedensten Tools. Wir bei NETWAYS kümmern uns im Hosting Bereich für Sie um eben diese Dienste und Tools, sodass Sie als User sich damit nicht beschäftigen müssen.
In diesem Rahmen betreuen wir auch Shopware Installationen unserer Kunden.
Jedoch wollen derartige Dienste auch Updates um aktuell zu bleiben. Ein Shopware Update ist meist nichts großes. Dennoch gibt es hier auch nicht nur eine Variante, wie diese am besten durchzuführen sind. Die Variante die für mich die “beste” ist, möchte ich hier kurz vorstellen.


Schritt 1

Zunächst benötigt man das Paket des jeweiligen Updates. Diese können hier heruntergeladen werden. Im Anschluss kurz entpacken und schon kann es los gehen. Wichtig hierbei ist, dass die Dateien des Updates, die Dateien der Shopware Installation überschreiben.

Deswegen: Ein Backup rettet manchmal jeden Admin! Dies gilt auch für die DB, da diese ebenfalls bearbeitet wird.

Schritt 2
Das Update einspielen.

root@shopware:/tmp# cp -a -R /tmp/update_5/update_5/* /var/www/shopware_directory

Schritt 3
Im Endeffekt war es das auch schon. Unter http://shopware-test.meinedomain.com/recovery/update kann nun das Update gestartet werden. Hier passiert bis auf einige wenige Klicks alles automatisch. Nach dem erfolgreichen Update, muss noch ein Ordner gelöscht werden, sodass das System wieder freigegeben wird.

root@shopware:/var/www/shopware_directory# rm -rf /update-assets

Nun sind keine weiteren Schritte mehr nötig. Auf Fehlermeldungen muss natürlich individuell eingegangen werden. Sollten Sie hierbei auf Probleme stoßen oder möchten ebenfalls eine Umgebung aufbauen, können Sie gerne Kontakt zu uns aufnehmen.

Marius Gebert

Autor:

Marius ist seit September 2013 bei uns beschäftigt. Er hat im Sommer 2016 seine Ausbildung zum Fachinformatiker für Systemintegration absolviert und kümmert sich nun um den Support unserer Hostingkunden. Seine besonderen Themengebiete erstrecken sich vom Elastic-Stack bis hin zu Puppet. Auch an unserem Lunchshop ist er ständig zu Gange und versorgt die ganze Firma mit kulinarischen Köstlichkeiten.
Seine Freizeit verbringt Marius gern an der frischen Luft und wandert dabei durch die fränkische Schweiz

NETWAYS Web Services: Request Tracker

This entry is part 9 of 10 in the series NETWAYS Web Services

Unsere NWS-Produktfamilie ist um ein weiteres Mitglied gewachsen: Den BestPractical Request Tracker. Dies wird vor allem Kunden freuen, die zwar ein stabiles und zuverlässiges Ticketsystem nutzen möchten, sich aber nicht um die Bereitstellung von Ressourcen, die Installation sowie die Wartung kümmern möchten – denn all dies wird von unserer NETWAYS Web Services Plattform übernommen. Der Kunde selbst muss sich nur um eine Hand voll Voreinstellungen kümmern, die jedoch direkt über Webformulare an die App übergeben werden.

Diese Voreinstellungen umfassen folgende Aspekte, die der Kunde bereitstellen muss:

  • ein IMAP oder POP3 Postfach, von dem der Request Tracker Kundenmails abholt und daraus ein Ticket generiert. Dies stellt vor allem sicher, dass bestehende Mail-Adressen weiter genutzt werden können.
  • einen SMTP-Server, der den Versand der Mails aus dem Request Tracker steuert.

Des Weiteren bietet unsere App viele Möglichkeiten, den Request Tracker nach Belieben anzupassen. Kunden können nicht nur den Namen Ihres Request Trackers und Ihrer Organisation festlegen, sondern auch eine Zeitzone und eine eigene Absender-Mail-Adresse eintragen:

Auch innerhalb der App kann der Request Tracker hervorragend an Ihr Unternehmen angepasst werden. Es können nicht nur im administrativen Bereich User-Gruppen und Ticket-Queues erstellt werden, sondern auch das Erscheinungsbild des Tools individualisiert werden.

Wichtiger Hinweis: Alle Angebote bei den NETWAYS Web Services können Sie 30 Tage kostenfrei testen!

Nicole Lang

Autor: Nicole Lang

Ihr Interesse für die IT kam bei Nicole in ihrer Zeit als Übersetzerin mit dem Fachgebiet Technik. Seit 2010 sammelt sie bereits Erfahrungen im Support und der Administration von Storagesystemen beim ZDF in Mainz. Ab September 2016 startete Sie Ihre Ausbildung zur Fachinformatikerin für Systemintegration bei NETWAYS, wo sie vor allem das Arbeiten mit Linux und freier Software reizt. In ihrer Freizeit überschüttet Sie Ihren Hund mit Liebe, kocht viel Gesundes, werkelt im Garten, liest Bücher und zockt auch mal gerne.

Setting up a TURN Server for Nextcloud Video Calls

We recently had an support inquiry from one of our Nextcloud customers at Netways Web Services. He told us that he had installed the Nextcloud Video Calls app from the Nextcloud Appstore but was not able to make any video calls. He and the person on the other end always got a black video screen when attempting to call each other.
After some research I identified the potential cause of the problem. It turned out that a TURN server was required (pardon the pun).

 

TURN – what is that?

The Nextcloud Video Calls app contains a WebRTC-based server called spreed. WebRTC uses the ICE (Interactive Connectivity Establishment) framework to overcome networking complexities (like NATs) where connecting the participating clients directly isn’t possible. But it will need at least a STUN server to accomplish that. STUN standing for “Session Traversal Utilities for NAT” will enable the clients to discover their public IP addresses and the NAT where they are behind. Note that this server is only used to initially establish the connection. Once the connection is set up the media will stream directly between the clients. The Nextcloud Video Calls app is preconfigured with “stun.nextcloud.com:443” as STUN server. But this doesn’t always work – just like our customer experienced it, for some clients a STUN server won’t be enough to establish the connection. That might be the case if one or multiple participants are behind a symmetric NAT where UDP hole punching does not work. And that’s where the TURN server comes in. “Traversal Using Relay NAT” (TURN) extends STUN capabilities to make media traversal possible even if the clients are behind symmetric NATs. But that means that the whole traffic will flow through the TURN server since it is acting as a relay. Therefore most TURN servers use credential or shared secret mechanisms to authenticate the clients. So after all you end up having two options: either you find a TURN server provider that you can trust and who is willing to grant you access to his service or you set up your own TURN server.

 

How to set up a TURN Server

We decided to set up our own TURN. Like most of the tutorials recommend we installed Coturn. Our “TURN-VM” is running Ubuntu 16.04 and has a public IP address – this is actually quite important since the TURN server needs at least one dedicated public IP address to work properly. In order to have full STUN/TURN server functionality it’s even required to have two public IP addresses.
Now let’s start – first install coturn:

apt-get install coturn

Next enable coturn as service (use the editor of your choice):

vim /etc/default/coturn

Now uncomment the last line, save and close the file:

#
# Uncomment it if you want to have the turnserver running as 
# an automatic system service daemon
#
TURNSERVER_ENABLED=1

We will have a look at the config file of Coturn. It has a lot of lines so I will only go over settings that are relevant in conjunction with Nextcloud’s spreed video calls. Open the turnserver.conf with an editor

vim /etc/turnserver.conf

and have a look at the following lines

#listening-port=3478
#tls-listening-port=5349

Those are the default listening ports coturn will use. In my case I changed them to

listening-port=80
tls-listening-port=443

because I don’t have a webserver running on the VM and I already had the ports open in the firewall. This is important – make sure that the server is reachable on these ports and no firewall is blocking them.
Note that the tls-listening-port is only relevant if you plan on using TLS-encrypted connections.

You’ll find the following line a couple of lines below the tls-listening-port:

#listening-ip=172.17.19.101

If you leave it as a comment then Coturn will listen on all the IP addresses available for this host. I uncommented it and changed it to the actual public IP address of this server

listening-ip=185.XX.XXX.XXX

Further down I did the same for the relay-ip:

relay-ip=185.XX.XXX.XXX

Now look for “fingerprint” and “lt-cred-mech” and uncomment:

fingerprint
lt-cred-mech

A couple of lines below you’ll find

#use-auth-secret

and

#static-auth-secret=north

uncomment both, then open up another shell window and generate a secret for example with

openssl rand -hex 32
751c45cae60a2839711a94c8d6bf0089e78b2149ca602fdXXXXXXXXXXXXXXXXX

copy the generated secret string and paste it into the turnserver.conf

use-auth-secret
static-auth-secret=751c45cae60a2839711a94c8d6bf0089e78b2149ca602fdXXXXXXXXXXXXXXXXX

Enabling “use-auth-secret” and setting a “static-auth-secret” will prevent unauthorized usage of your TURN server and is highly recommended!

Head further down and look for

#realm=mycompany.org

then uncomment and change it to the FQDN of the TURN server

realm=xxxxx.netways.de

The next line to uncomment and change is

total-quota=100

then uncomment

stale-nonce

If you want to use TLS then you should get a SSL certificate and key for example via Letsencrypt and then set the following lines of the turnserver.conf to the path where those files are located, in my case:

cert=/ssl/nws.crt
pkey=/ssl/nws.pem

also set cipher-list to

cipher-list="ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AES:RSA+3DES:!ADH:!AECDH:!MD5"

If you don’t plan on using this TURN server as STUN then you can uncomment

no-stun

Now some last uncommenting

no-loopback-peers
no-multicast-peers

and you should be ready to start your coturn server. Save the file and close the editor.

Start/restart coturn for example with

service coturn restart

or

/etc/init.d/coturn restart

You may want to watch the logfile to see if everthing is fine

tail -f /var/log/turn_YYYY-MM-DD.log
0: log file opened: /var/log/turn_2017-08-15.log
0: pid file created: /var/run/turnserver.pid
0: IO method (main listener thread): epoll (with changelist)
0: WARNING: I cannot support STUN CHANGE_REQUEST functionality because only one IP address is provided
0: Wait for relay ports initialization...
0:   relay 185.XX.XXX.XXX initialization...
0:   relay 185.XX.XXX.XXX initialization done
0: Relay ports initialization done
0: IO method (general relay thread): epoll (with changelist)
0: IO method (general relay thread): epoll (with changelist)
0: turn server id=0 created
0: turn server id=2 created
0: IPv4. TLS/SCTP listener opened on : 185.XX.XXX.XXX:80
0: IPv4. TLS/TCP listener opened on : 185.XX.XXX.XXX:80
0: IO method (general relay thread): epoll (with changelist)
0: IPv4. TLS/SCTP listener opened on : 185.XX.XXX.XXX:443
0: IPv4. TLS/TCP listener opened on : 185.XX.XXX.XXX:443
..
.

So now we are ready to test if it is working.

 
 

How to test my TURN Server

Visit this page and see if you can get a proper response from your Coturn server.

The field for “STUN or TURN URI” should look something like this:

turn:xxxxx.netways.de:443?transport=tcp

but you can also use the IP:

turn:185.XX.XXX.XXX:443?transport=tcp

adding the part “?transport=tcp” is important as I was not able to get my TURN server to respond without TCP only.
Next click on “Gather candidates”.

What you would want as a result should look similar to this:

Time Component  Type Foundation Protocol    Address	 Port	         Priority
0.006	1	host	0	 UDP	10.0.10.144	60925	126 | 32512 | 255
0.009	1	host	1	 TCP	10.0.10.144	63376	125 | 32640 | 255
0.010	1	host	1	 TCP	10.0.10.144	9	125 | 32704 | 255
0.015	2	host	0	 UDP	10.0.10.144	47302	126 | 32512 | 254
0.016	2	host	1	 TCP	10.0.10.144	64892	125 | 32640 | 254
0.016	2	host	1	 TCP	10.0.10.144	9	125 | 32704 | 254
0.031	1	srflx	2	 TCP	XXX.XX.XX.XX	3362	 99 | 32607 | 255
0.051	2	srflx	2	 TCP	XXX.XX.XX.XX	3364	 99 | 32607 | 254
0.069	                                                                     Done

If you get a timeout with “Not reachable?” then probably a firewall is blocking the connection. Check again if the ports for the TURN server are open and if you can reach it externally via Telnet or something similar.

 
If everything works as expected you can continue and enter FQDN, port and shared secret in the video calls settings of your Nextcloud:

Also make sure that “TURN server protocols” is set to “TCP only”.
Finally test if video calls work with participants from different networks, through NAT’s and firewalls.

 
Well, that’s at least how I got it working and our NWS Nextcloud customer confirmed that he was able to make video calls without black screens as soon as he added in the TURN server details that I sent him.
Feel free to check out our Software as a Service platform NWS where you can test Nextcloud 30 days for free.

Gabriel Hartmann

Autor: Gabriel Hartmann

Gabriel freut sich nun in seiner Ausbildung zum Fachinformatiker für Systemintegration bei NETWAYS endlich sein im Informatikstudium gesammeltes Wissen artgerecht anwenden zu können. Wenn er nicht gerade an Servern, PC’s und sonstigem bastelt, vertreibt sich der gebürtige Oberfranke seine Freizeit mit Radfahren, Fotografie und Snowboarden. Vor allem reizen ihn interessante Projekte und das Arbeiten an Open Source basierten Linux-Systemen.

Nextcloud with Collabora Online

Nextcloud offers plenty of different useful apps. Many of them work straight away with no further configuration, but some of them require you to complete additional setup steps or even to have extra services running. One of them is Collabora Online. In this post I won’t go into detail about the setup steps and the problems you might experience. Instead I’ll show how well Collabora Online integrates into Nextcloud.

 

 

 

 

 

How to Collaborate

So how do you get started if you have Nextcloud and Collabora up and running? First you need some additional users to share your files with. I would recommend to create some groups if you plan on sharing files with multiple users at once. Then add users to these groups. Create some folders for different purposes and share them with the groups. The folders will appear on the other users accounts as soon as they log in to Nextcloud or reload the page.
So now you’ll be able to collaborate on editing the files located inside the shared folders. You can create new spreadsheet (.ods), text document (.odt) and presentation files (.odp) right from your Nextcloud or you can also upload and edit existing files in all kinds of different office file formats. In the following short video I documented the steps of sharing and collaborative editing.

 

 

Another way of sharing files in groups is to enable the “Group folders” module in the Nextcloud Appstore and then create some folders from the Admin-Panel in the “Group folders” section. It simplifies the process of sharing folders in groups and you can even set quota limits for the shared folders.

 


Group folders

 

Something to note: if your Nextcloud is reachable from multiple domains and you want to use collaborative editing, then you and the person with whom you want to edit a document with should access Nextcloud from the same domain. If you try to use collaborative editing by accessing from different domains or sub-domains, it wont work, you won’t see the changes made by the other person inside the document in real-time.

What if you want to collaborate with a person who has no user account on your Nextcloud? You can share files via link, set optionally an expiration date and a password and then start collaborating with anyone. Just provide them with the shared link (and password if set) and they will be able to use Collabora aswell.

 

CODE and alternatives

Collabora itself is based on LibreOffice and has a lot of features built-in that you may know from other office applications. But there are some limitations in terms of concurrent open documents and simultaneous connections. In the free version CODE (Collabora Online Development Edition) it is limited to 10 documents and 20 connections at once. There is another online office suite that you can use with Nextcloud, it’s called Onlyoffice. For Nextcloud you would set up a Onlyoffice Document Server and then get the Onlyoffice App from the Nextcloud Appstore. In comparison to CODE it requires more hardware resources. At least 1 CPU core (with 2 GHz), 2 GB of RAM and 40 GB of disk space. Collabora on the other hand will be fine with 1 CPU Core, 512 MB of RAM and 1.5 GB disk space.

 

Try Nextcloud with CODE for free

If you want to try it yourself you can quickly spin up a Nextcloud app using our Netways Web Services and test Nextcloud with Collabora Online for 30 days for free. We now include Collabora preconfigured in all our Nextcloud plans.

 

Gabriel Hartmann

Autor: Gabriel Hartmann

Gabriel freut sich nun in seiner Ausbildung zum Fachinformatiker für Systemintegration bei NETWAYS endlich sein im Informatikstudium gesammeltes Wissen artgerecht anwenden zu können. Wenn er nicht gerade an Servern, PC’s und sonstigem bastelt, vertreibt sich der gebürtige Oberfranke seine Freizeit mit Radfahren, Fotografie und Snowboarden. Vor allem reizen ihn interessante Projekte und das Arbeiten an Open Source basierten Linux-Systemen.