Categories
Others IT Support

Solved : Connection error of Collabora Online “Failed to add session to XXXX”

After I updated Collabora Online, I got an error and couldn’t open office files on NextCloud.

The error is like below.

Shell

This「Failed to add session to」is shown when Collabora online failed to connect NextCloud server. Most cases, it’s a problem of DNS. So set-up DNS like modifying “/etc/hosts” works most cases. But this time the DNS setting was correct.

As it turns out, disabling IPv6 worked successfully.

For various reasons, the programs on my server that LISTENs the port was configured to enable only IPv4.

I didn’t know why, but I thought Collabora was trying to connect to NextCloud over IPv6 after updating.

So enabling IPv6 on NextCloud server setting might work too.

FYI, The below command temporarily disable IPv6 on Ubuntu 22.

Shell

The below is permanently disable IPv6.

Shell

Categories
OS IT Support

How to login to Ubuntu www-data with SSH

The below is how to login to Ubuntu www-data with SSH.

Shell

Now, you can login as www-data user with id_rsa file from your local environment. I got an error “Permission denied (publickey)” because I forgot to set “chmod 755 /home/www-data”. It takes time to solve it.

Categories
Others IT Support

Install NextCloud & collabora online on openLiteSpeed

The bellow is how to set up Nextcloud and collabora online on openLiteSpeed. If you are having trouble with slow Nextcloud, this aricle might be helpfull.

Setup Environment

  • OS Ubuntu 22.04
  • NextCloud 24.04
  • OpenLiteSpeed 1.7 + PHP 8.1
  • Collabora Online 22
  • SSL LetsEncrypt

Quick Point

  • Increase the number of “num_prespawn_children” in the config xml file of Collabora Online. Also setup only work with IPv4 with “net.proto” value. (Collabora Online works behind openLiteSpeed and the connection between the both program only use IPv4. So IPv6 doesn’t needed.)
  • Generate .htaccess file of NextCloud with the command “occ maintenance:update:htaccess”. And setup rewrite rules of openLiteSpeed from the rewrite section of the generated .htaccess file.
  • Set up collabora Online as a backend server of openLiteSpeed Reverse Proxy.

Prerequisites

  • OS is installed.
  • mariaDB is installed and done initial setup.
  • This article set up below site.
    NextCloud https://nc.you.com/
    Collabora Online https://lool.you.com/

    When referring to the site, please replace them with the names of your own site.

Initial setting

DB : Create a database for NextCloud in your DB environment

SQL

Change the linux user to root

Shell

Change hosts

Shell

Install Redis

Shell

Install other programs if not installed

Shell

OpenLiteSpeed Port 80 + LetsEncrypt

Install OpenLiteSpeed + php 8.1

Shell

Set up http port 80. (It can also be configured on the admin panel  http://nc.you.com:7080/ )

Shell

LetsEncrypt

Shell

openlitespeed global setting

To access https://nc.you.com:7080/

Shell

Change the global setting.

Shell

Install NextCloud

Download and put it on the public folder.

Shell

NextCloud config file setting

Shell

re-generate .htaccess file.

Shell

Open the /var/www/nextcloud/.htaccess file and check the <IfModule mod_rewrite.c> sections. (There is more then two secions of “mod_rewrite.c”)
Move the contents of the sections to [rewrite]=>[rules] setting of the virtual host setting of OpenLiteSpeed. Please refere the section in the below virtual host setting. Also, change RewriteRule prefixes with ^ to ^/. Only for .htaccess, the description rules are slightly different from those of Apache.

NextCloud virtual host setting of OpenLiteSpeed

Shell

Install Collabola Online

Install it.

Shell

virtual host setting of OpenLiteSpeed (reverse proxy with websocket.)

Shell

In the end

Access https://nc.you.com/ and do initial setting. After login with admin account on your NextCloud, Set up [office] section of setting and cheking “Use you own server” and put the server URL “https://lool.you.com/”.

Next cloud and Collabora online will be work with above settings.

Categories
Others IT Support

Configuration of vscode server on a public server

The server version of Visual Studio code has been officially released in preview so I set up it on my VPS server with SSL and Basic/Client authentication.
And I registered vscode server as a systemd service to run vscode server on boot.

Now I can edit any files on the server from anywhere anytime with a browser.

How to set up (Using Ubuntu 20.04)

Nginx is configured as a reverse proxy for the front end, SSL and other security are applied on the Nginx, and vscode server itself is used as the back end. You don’t use Apache as a reverse proxy because the websockets will not pass through correctly.

Visual Studio code server : install and set up

Install as described officially and create a systemd file to register as a service.

Shell

Register the unit file with systemd and run it.

Shell

Wait for a minute or two and obtain the URL of the connection destination that is displayed on the status after the startup.
Only fist time, it takes a minute or two to start up. It start immediately after second time.

Shell

The URL is http://localhost:8000/?tkn=6de5345a-b644-48cd-a7f9-3433bcc031e3 in this example. Please note this URL.

If you could not find of the line “Web UI available at” with the command “sudo systemctl status vscodeserver”, then use the command “journalctl –no-pager | grep -e ‘code-server'”. You can find the line “Web UI available at” around the time you started the vscode server.

Nginx set up

Nginx is configured with a reverse proxy, SSL, and Basic Authentication (or Client Authentication). The SSL files should have been obtained by Let’s Encrypt or somewhere. I will not explain how to obtain the SSL files here.

Shell

Below is the basic configuration file. This file should be set up according to your own environment. My server is used only by me, so I have kept the settings to a minimum.

Shell

Preparation for Basic Authentication

Shell

The following is the key configuration file of virtual host. The setting using Basic authentication for authentication.
You need to change server_name, ssl_certificate, and ssl_certificate_key in the file from below example.

Shell

If you want to use client authentication, the virtual host will be like below.

Shell

After configuration, enable the virtual host configration and restart Nginx

Shell

Now you can access your vscode server from your browser.

The URL will be like https://yourServerName.com/?tkn=6de5345a-b644-48cd-a7f9-3433bcc031e3. The end of URL, after “?tkn=” , is from the URL that you note above.

Don’t forget to close port 8000 with the firewall of your server.

Categories
OS IT Support

How to change the running user of OpenLiteSpeed

I changed my http server from Apache to OpenLiteSpeed and had a few problems. One of them was that I could not change the running user and group of OpenLiteSpeed.

Just changing the configuration file “/usr/local/lsws/conf/httpd_config.conf” and rebooting OpenLiteSpeed doesn’t work. It looked working but I noticed there were a number of user-related anomalies when accessing files with PHP, such as not being able to see the server log or live feed on the Admin console.

The solution is to change the user and group in the above file, then reinstall OpenLiteSpeed with the following command.

Shell

I don’t know why this is necessary, but if you don’t do this, the user of the file you create via OpenLiteSpeed will not be the user of the configuration file.

I used the command “apt” because I’m using Ubuntu. It may be a phenomenon peculiar to Debian systems, and this “reinstall thing” may not be necessary for Redhat systems such as Centos.

Categories
OS IT Support

Fixed : “.user.ini” doesn’t work in OpenLiteSpeed

I changed my http server from Apache to OpenLiteSpeed and had a few problems. One of them is that “.user.ini” file does not work on OpenLiteSpeed.

Instead of using “.user.ini”, you can use the [php.ini Override] setting from [General] tab of the virtual hosts setting on the Admin console.

As a side note, I failed many times when I set up this from the Admin console until I modified the virtual host configuration file directly and rebooted the system from command line using “vi” and “systemctl restart lshttpd”.

After this manually changing, the change from the Admin console is working too.

It might be my simple mistake, but I am writing this side note in the hope that it might be helpful to you.

My setting of [php.ini Override] in the virtual host config file is below.

phpIniOverride  {
  php_value default_charset "SJIS"
  php_value mbstring.language "neutral"
  php_value mbstring.internal_encoding "SJIS"
  php_value date.timezone "Asia/Tokyo"
  php_value error_reporting E_ERROR
}
Categories
OS IT Support

Client Side Certificates for OpenLiteSpeed

I recently changed some of my http servers to OpenLiteSpeed from Apache. When changing the servers, I have a problem: OpenLiteSpeed does not have the client authentication feature that Apache has.

I was debating but finally decided to use a reverse proxy in Apache and authenticate clients there. I know “Then, just use Apache. Why you need to use OpenLiteSpeed?”. But I was not comfortable with Apache, because Apache sometimes freezed up a little, once or twice a week. I know my Apache configuration was something bad, but I couldn’t fix it.

I thought the servers would be too slow for the reverse proxy, but my fears were unfounded. It’s very fast and comfortable after the change.

Below is an example to configure Client Side Certificates for Admin console of OpenLiteSpeed。

Premise

Client certificate
=> Certificates of CA : /opt/myCA/cacert.pem
=> Certificate Revocation Lists : /opt/myCA/crl.pem
Setting of Admin Console of OpenLiteSpeed is below. (There is no need to use SSL. )

Shell

Configuration of Reverse Proxy on Apache

Below is an Apache configuration that accesses the OpenLiteSpeed Admin console “http://127.0.0.1:7080/” via “https://yourdomain.net:8000/”.
mod_proxy and mod_proxy_http modules needed.

Then you are able to protect your site with client certifications.

Shell

The advantages of Client Side Certificates are irreplaceable by other security method. It’s easy to visit a site and easy to revoke your certificate when you lost your computer.
Setting up 2FA, two-step verification, such as Google Authenticator, requires entering credentials every time you visit a site, and there is a risk of phishing scams in the first place. It’s a little bit pain for me.

Categories
Programs IT Support

Change the table design of WordPress theme twenty- twenty

I’m writing this blog with WordPress twenty-twenty, and I decided to change the table design a little like below.

Chores description
Programs I have no choice to do this for my work.
House choures I have no choice to do this for my family.
DIY I have no choice to do this for my family.
Go my hobby I haven’t played in a few years.
Sample

Go to [Appearance]-[Theme Editor], select [style.css], and add the following CSS at the end of the file. Then you can create a table that has no outer frames when you set [is-style-regular my-style-stripes] on the block setting [Additional CSS Class].

CSS
Categories
Programs IT Support

A plugin to login Roundcube using your favorite username and password.

I made a plugin which you to allow to login Roundcube using your favorite username and password.

I also made a tool which convert a CSV file with account information to .config file at once to help your setting.

See my below Github page for details.

https://github.com/y-toy/virtuserpass

I made this tool for the company I work for. I want my company staff members to use their usual usernames and passwords instead of e-mail addresses and the passwords when they login Roundcube.

Categories
Programs IT Support

List the hosts in .ssh /config file, then ssh directly

This is a script to help you to ssh when you set many hosts in ssh .config file. I made Windows Powershell and Linux bash version scripts.

How to use

command: sshfc [Part of the host name]

If you type only sshfc, all hostnames set in the config file will be displayed.

If you type “sys” with the first argument, hostnames including “sys” will be displayed.

You can connect the host with ssh by selecting a number which is shown next to the hostname.

The command name is sshfc with the head of “ssh from .config”.

An example of use as follows.

Install Windows Powershell version

Make bin folder and Add the folder to your PATH. And download the script file from Github and put the file under the bin folder.

PowerShell

Note

Try the following command if you are unable to run the script. This will loosen the restrictions of the script execution.

Install Linux Bash version

Download the script file from Github and move the file under PATH folder.

Shell

Note

I have recently changed my Windows ssh client to “Windows terminal” from Microsoft. The “Windows terminal” itself is excellent, but it is difficult to use when I select the destination of the SSH connection from ssh config file. I made this tool to cover the problem.

Since the tool I made was unexpectedly useful, I made the bash version so that I can use the “sshfc” command after entering the server as well.
Now I don’t have to think “What’s the hostname I set in my config file?”.