Help and Support EN EN Applications Bind DNS Common Issues Issue: server booted with a time in the future, and bind / named downloaded the trust information with a future timestamp Often you'll see this in the logs: validating ./DNSKEY: unable to find a DNSKEY which verifies the DNSKEY RRset and also matches a trusted key for '.' managed-keys-zone: No valid trust anchors for '.' Solution: 1) shut down named 2) delete /var/named/dynamic/managed-keys.bind.jnl and create file just containing: ;BIND LOG V9 8 3) ensure new file is owned by the named user. 4) start up named You'll see something like this in the logs: Apr 28 12:49:00 XXXXXX named[4093]: managed-keys-zone: journal rollforward failed: no more Apr 28 12:49:00 XXXXXX named[4093]: managed-keys-zone: unable to load from '/var/named/dynamic/managed-keys.bind.jnl'; renaming file to '/var/named/dynamic/jn-xMvuHJmM' for failure analysis and retransferring. And then your dnssec should start working again... There's probably better ways to trigger the resolution, but the above seems to work....   E-mail Settings This chapter covers basic email settings for all platforms, as well as per platform specific guides. Android Phone and Tablets For Android based phones, tablets, Chromebook and IoT devices, there are a number of options of e-mail clients. Some vendors supply their own developed email client however Google’s own GMAIL client is common across all legitimate android devices and we support this client. POP/IMAP Figure 26 go to the add account function under 'Accounts' In Android settings, or Gmail Figure 27 choose to add an IMAP account Figure 28 Once the email address is entered, Manual setup is unlocked. Choose MANUAL SETUP Figure 29 choose IMAP account. Optionally you may choose POP3 Figure 30 enter the password for the IMAP email account you wish to setup Figure 31 change the INCOMING mail server to mail.rackcorp.com Figure 32 change the OUTGOING mail server to mail.rackcorp.com . Change the port to 25 and security to STARTTLS If you are using our Mongolian servers, please use mail.mn.rackcorp.com as the mail server. Figure 33 successful account configuration will result in a success message Exchange Figure 34 within GMAIL, choose add account or add another email address Figure 35 GMAIL will present a list of account types. Choose EXCHANGE . Figure 36 enter the email address for your EXCHANGE account at the prompt to begin the setup process Figure 37 enter the password for your exchange account when prompted Figure 38 several prompts will be made during the exchange setup process. Agree to these by pressing OK Figure 39 once your password is accepted, a further page will display a summary of your account settings. simply press NEXT Figure 40 several prompts will be made during the exchange setup process. Agree to these by pressing OK. Figure 41 To add exchange accounts to a mobile device, the exchange server requires mobile device management rules as listed to be applied to your device. Please read the above screen carefully. Changes to the security settings of your device will be made automatically and are required to add exchange mail to your device. Figure 42 when the Gmail exchange setup process is complete the success message is displayed Apple iPhone and iPad POP/IMAP manual setup Figure 43 Navigate to the settings icon in your idevice, and then Passwords and Accounts Figure 44 in the Settings -> Passwords & accounts page, hit Add Account. Fetch New Data should be Push Figure 45 we are manually setting up an IMAP or POP account so choose Other Figure 46 Under Other - Add Mail Account Figure 47 Fill in your email account details as requested Figure 48 fill in the email account and server details as illustrated If you are using our Mongolian servers, please use mail.mn.rackcorp.com as the mail server. Figure 49 once your account details are saved and tested, you can choose what data to sync to the mail server, leave the default setting Figure 50 on success your email account is now added to the account list in iOS Exchange Figure 51 we are setting up an EXCHANGE account Figure 52 enter your email address for your exchange account Figure 53 enter your password and create an account description Figure 53 enter your password and create an account description Figure 55 fill in your account details as follows Figure 56 once your account details are confirmed and verified, you will receive a sync options screen. Choose here what options you want to sync to your device. Syncing contacts for example will overwrite your existing contacts and upload existing contacts Apple Mac OS Exchange setup POP3/IMAP manual setup Figure 23 in Mac Mail accounts, select add other mail account Figure 24 In the Mac Mail setup wizard, fill in your POP/IMAP account details Figure 25  Mac Mail setup wizard will then request the server names. Fill in mail.rackcorp.com If you are using our Mongolian servers, please use mail.mn.rackcorp.com as the mail server. For Apple MacOS 14.5 sonoma and newer, the OUTGOING userid and password is set automatically by the system if you add your email via the SETTINGS->ACCOUNTS page and use Mac Mail Basic E-Mail Settings RackCorp supports mail auto discovery. This is a feature built into modern email clients that allows the email program to obtain the correct mail settings for a user based just on their email address and password. This works for POP, IMAP and Exchange email options on RackCorp. If you do not wish to use auto discovery, standard email settings are supported including optional SSL and TLS encryption between the end user and RackCorp mail servers. Email Settings | POP/IMAP Choose POP OR IMAP email server. IMAP is generally recommended. POP Email downloads entire emails to your device before they can be viewed and optionally deletes them from the server. Pros: Useful for archival, allows inbox and mail management such as zero inbox Cons: not ideal for multi devices, slower to look at new emails IMAP downloads a header of the email first so the sender, subject, date can be previewed and keeps all the mail on the server. Pros: Lightweight and stores mail on server, ideal for multi device use and low bandwidth Cons: offline viewing of email depends on settings and if entire mail has been downloaded. Global Common Settings: Email you@example.net Username you@example.net Password your_password Incoming Server mail.rackcorp.com Outgoing Server mail.rackcorp.com Outgoing Server Type SMTP Outgoing Server Username you@example.net (or tick ‘same as incoming’) if available Outgoing server password your_password Webmail https://webmail.rackcorp.com You must fill in the OUTGOING username and password to be able to SEND email from our system. For Apple MacOS 14.5 sonoma and newer, the OUTGOING userid and password is set automatically by the system if you add your email via the SETTINGS->ACCOUNTS page and use Mac Mail   USA Common Settings: Email you@example.net Username you@example.net Password your_password Incoming Server mail.us.rackcorp.com Outgoing Server mail.us.rackcorp.com Outgoing Server Type SMTP Outgoing Server Username you@example.net (or tick ‘same as incoming’) if available Outgoing server password your_password Webmail https://webmail.us.rackcorp.com   Mongolia  Common Settings: Email you@example.net Username you@example.net Password your_password Incoming Server mail.mn.rackcorp.com Outgoing Server mail.mn.rackcorp.com Outgoing Server Type SMTP Outgoing Server Username you@example.net (or tick ‘same as incoming’) if available Outgoing server password your_password Webmail https://webmail.mn.rackcorp.com   Krgyz Common Settings: Email you@example.net Username you@example.net Password your_password Incoming Server mail.kg.rackcorp.com Outgoing Server mail.kg.rackcorp.com Outgoing Server Type SMTP Outgoing Server Username you@example.net (or tick ‘same as incoming’) if available Outgoing server password your_password Webmail https://webmail.kg.rackcorp.com   Choose a type of encryption from SSL or TLS . TLS is recommended for compatibility. POP POP with SSL POP with TLS or STARTTLS Incoming Server Port: 995 Outgoing Server Port: 465 Incoming Server Port: 143 Outgoing Server Port: 25 IMAP IMAP with SSL IMAP with TLS or STARTTLS Incoming Server Port: 993 Outgoing Server Port: 465 Incoming Server Port: 143 Outgoing Server Port: 25 RackCorp global webmail for standard email is available at https://webmail.rackcorp.com Email Settings | Exchange To setup exchange email accounts in your client, the recommended way is to use auto discover with an exchange compatible mail client or use Outlook Web Access (OWA, Microsoft’s implementation of webmail, web based version of the Outlook email client for Exchange Email). Supply your email address and password to the email client and it will perform the setup process. The setup process on most clients this will also setup Calendar, Tasks and Contacts. On Mobile devices, a device security policy may be applied by the setup process. The address for OWA varies depending on the region and is available in your Outlook account information https://mail.ex1.rackcorp.com is the global OWA system https://mail.ex1.rackcorp.mn is the Mongolian OWA system mail.ex1.rackcorp.com is the primary RackCorp Exchange server if manual configuration is desired Figure 1 Outlook Web Access (OWA) webmail on RackCorp Microsoft Office Outlook Guide for Outlook 2010,2013,2016,2019,2022 & Office 365 Outlook 2010/2013/2016 -  Standard E-Mail Figure 2 Microsoft Outlook account settings (File Menu) Figure 3 Microsoft Outlook Add Account - Auto Setup Figure 4 Enter your account password here if prompted during the auto setup process enter it. If you are also prompted to allow server settings, press allow Figure 5 Microsoft Outlook auto account setup successful notfication Figure 6 settings for your newly added account are available from the File menu in Microsoft Outlook and selecting the appropriate account from the drop down Outlook 2019/Outlook 365  - Standard Email The setup screens for both these versions vary to other versions of versions of Outlook so verbal setup instructions will not be fully applicable. Figure 7 Microsoft Outlook account settings (File Menu) Figure 8 enter your email address in the Outlook welcome screen and tick manual setup Figure 9 Choose from IMAP or POP email accounts. IMAP is recommended. Figure 10 complete the email settings as illustrated, incoming and outgoing mail servers, encryption and ports If you are using our Mongolian servers, please use mail.mn.rackcorp.com as the mail server. Figure 11 complete the password for your email account Figure 12 Outlook welcome process is a success message. There is a optional link selected by default that leads to a webpage describing how to install Outlook for mobile. Outlook 2019/Outlook 365  - Hosted Exchange Figure 13. Add a new account to outlook. Note the exact screen varies version to version Fig 14. Choose EXCHANGE from the email selection Fig 15. A permissions popup will appear soon after. Select The options circled in red as screenshot. The popup might be hidden or obscured by outlook. Fig 16. enter your exchange password. Selecting Remeber my Password is optional. Fig 17. If your password is correct you will be presented with options. The defaults are sufficient. Fig 18. Final Notice of Successful Addition of account Mozilla Thunderbird Email Client Setup | Mozilla Thunderbird Figure 20 Mozilla Thunderbird setup, choose add mail account from the dropdown and fill in the details then press continue. Figure 21 Mozilla Thunderbird email setup - choose manual Config now if you wish to define your own mail server settings Figure 22 Mozilla Thunderbird setup - once the manual setup window appears, complete the mail server details, choosing IMAP or POP If you are using our Mongolian servers, please use mail.mn.rackcorp.com as the mail server. Windows Mail Windows 10 Mail POP/IMAP manual setup Auto discovery or manual settings can be used with Win10 Mail Figure 13 Windows 10 Mail setup – Click Accounts and then add account. Select Advanced setup Figure 14 Windows 10 mail manual setup for RackCorp POP/IMAP email - choose advanced setup If you are using our Mongolian servers, please use mail.mn.rackcorp.com as the mail server. Figure 15 Windows 10 mail manual setup for RackCorp POP/IMAP email - choose Internet email Figure 16 Windows 10 mail manual setup for RackCorp POP/IMAP email - fill in the details as illustrated, choose IMAP or POP Exchange At This time, there is an issue with the latest release of the email application for Windows 10, which prevents the ‘ EXCHANGE ’ option below from being chosen, ADVANCED SETUP must be chosen Figure 17 Windows 10 mail setup for RackCorp Hosted Exchange - choose advanced setup Figure 18 Windows 10 mail setup for RackCorp Hosted Exchange - select Exchange ActiveSync Figure 19 Windows 10 mail setup for RackCorp Hosted Exchange - fill in the details as illustrated. Domain is to be left blank. Once you have completed THE ADD AN ACCOUNT form, Windows will prompt you about security policies for your computer. Select YES. Selecting YES may strength your windows security settings such as your password strength requirements You will then receive an ALL FINISHED success message. How to check Exchange mailbox free space How to Check your exchange mailbox free space and avoid fake spam emails regarding your mailbox. Regarding hosted exchange provided mailboxes, all folders within that mailbox count towards the account quota. If the user is frequently reaching their quota we recommend keeping the Deleted Items folder empty ("emptying the trash") or locally archiving folders to a new PST folder. There are a number of official ways to check the storage size of your hosted exchange mailbox. If you receive a message claiming your storage is full from sales@rackcorp.com or any other specific email address, or the email has a coloured box to click to resolve the issue please ignore and delete the email as it is a fake spam.  The only legitimate email alerting to a full mailbox comes from "Outlook" itself had has a Envelope Icon as below screenshot. Figure 1: Outlook Web Anywhere - Click Options -> General -> My Account Figure 2: Microsoft Office Outlook 2021 Status bar Figure 3: System generated mailbox alerts. Please note the look and feel of these emails as others will be fake. Getting started with rclone for RackCorp S3 storage - Windows rclone is an open source multi-platform tool for managing your cloud file storage. Multiple storage providers are supported natively including the large hyper-scalers as well as regional niche providers. RackCorp S3 Storge is natively supported in rclone making setup straight forward. As a command line based tool, rclone by itself is sufficent for transferring files and managing your S3 bucket on rackcorp. Integration withing the OS via a driver letter or folder-path is available via OS file system drivers. WinFSP, an optional install, enables FUSE integration with rclone to provide a drive letter or path for your S3 buckets on Windows. Downloads https://rclone.org/downloads/ (please download stable ver unless advised by tech support) https://github.com/winfsp/winfsp/releases/  (optional, required for drive letter/folder function) Unzip rclone into a easily accessible directory Open a command prompt  and navigate to that directory Run rclone config Setup and configure rclone Setup C:\Users\KngtRider\Downloads\rclone>rclone config No remotes found - make a new one n) New remote s) Set configuration password q) Quit config n/s/q> Select New Remote and give it a friendly name Name> type "rackcorpS3" or whatever you want Choose your storage backend type name> rackcorps3 Option Storage. Type of storage to configure. Enter a string value. Press Enter for the default (""). Choose a number from below, or type in your own value. 1 / 1Fichier \ "fichier" 2 / Alias for an existing remote \ "alias" 3 / Amazon Drive \ "amazon cloud drive" 4 / Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, Digital Ocean, Dreamhost, IBM COS, Minio, RackCorp, SeaweedFS, and Tencent COS \ "s3" Select Item 4, Amazon Compatible S3 Storage> 4 Option provider. Choose your S3 provider. Enter a string value. Press Enter for the default (""). Choose a number from below, or type in your own value. 1 / Amazon Web Services (AWS) S3  \ "AWS" 2 / Alibaba Cloud Object Storage System (OSS) formerly Aliyun  \ "Alibaba" 3 / Ceph Object Storage  \ "Ceph" 4 / Digital Ocean Spaces  \ "DigitalOcean" 5 / Dreamhost DreamObjects  \ "Dreamhost" 6 / IBM COS S3  \ "IBMCOS" 7 / Minio Object Storage  \ "Minio" 8 / Netease Object Storage (NOS)  \ "Netease" 9 / RackCorp Object Storage  \ "RackCorp" Select item 9, Rackcorp Choose a number from below, or type in your own value. 1 / Enter AWS credentials in the next step. \ "false" 2 / Get AWS credentials from the environment (env vars or IAM). \ "true" Select Item 2, Enter Credentials Option access_key_id. AWS Access Key ID. Leave blank for anonymous access or runtime credentials. Enter a string value. Press Enter for the default (""). access_key_id> Generate and grab your credentials from the RackCorp Portal Lets enter KDTTI5TWN4L4Y1JNH837 Option secret_access_key. AWS Secret Access Key (password). Leave blank for anonymous access or runtime credentials. Enter a string value. Press Enter for the default (""). secret_access_key> Grab your key and secret from the RackCorp portal, remembering that is is a one-time-operation and your secret will no longer be available once it is first viewed Option region. region - the location where your bucket will be created and your data stored. Enter a string value. Press Enter for the default (""). Choose a number from below, or type in your own value. 1 / Global CDN (All locations) Region \ "global" 2 / Australia (All states) \ "au" 3 / NSW (Australia) Region \ "au-nsw" 4 / QLD (Australia) Region \ "au-qld" 5 / VIC (Australia) Region \ "au-vic" 6 / Perth (Australia) Region \ "au-wa" 7 / Manila (Philippines) Region \ "ph" 8 / Bangkok (Thailand) Region \ "th" 9 / HK (Hong Kong) Region \ "hk" 10 / Ulaanbaatar (Mongolia) Region \ "mn" 11 / Bishkek (Kyrgyzstan) Region \ "kg" 12 / Jakarta (Indonesia) Region \ "id" 13 / Tokyo (Japan) Region \ "jp" 14 / SG (Singapore) Region \ "sg" 15 / Frankfurt (Germany) Region \ "de" 16 / USA (AnyCast) Region \ "us" 17 / New York (USA) Region \ "us-east-1" 18 / Freemont (USA) Region \ "us-west-1" 19 / Auckland (New Zealand) Region \ "nz" Choose 2, AUS  Location constraint - the location where your bucket will be located and your data stored. Enter a string value. Press Enter for the default (""). Choose a number from below, or type in your own value. 1 / Global CDN Region \ "global" 2 / Australia (All locations) \ "au" 3 / NSW (Australia) Region \ "au-nsw" 4 / QLD (Australia) Region \ "au-qld" 5 / VIC (Australia) Region \ "au-vic" 6 / Perth (Australia) Region \ "au-wa" 7 / Manila (Philippines) Region \ "ph" 8 / Bangkok (Thailand) Region \ "th" 9 / HK (Hong Kong) Region \ "hk" 10 / Ulaanbaatar (Mongolia) Region \ "mn" 11 / Bishkek (Kyrgyzstan) Region \ "kg" 12 / Jakarta (Indonesia) Region \ "id" 13 / Tokyo (Japan) Region \ "jp" 14 / SG (Singapore) Region \ "sg" 15 / Frankfurt (Germany) Region \ "de" 16 / USA (AnyCast) Region \ "us" 17 / New York (USA) Region \ "us-east-1" 18 / Freemont (USA) Region \ "us-west-1" 19 / Auckland (New Zealand) Region \ "nz" Choose 2, AUS  Option acl. Canned ACL used when creating buckets and storing or copying objects. This ACL is used for creating objects and if bucket_acl isn't set, for creating buckets too. For more info visit https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl Note that this ACL is applied when server-side copying objects as S3 doesn't copy the ACL from the source but rather writes a fresh one. Enter a string value. Press Enter for the default (""). Choose a number from below, or type in your own value. / Owner gets FULL_CONTROL. 1 | No one else has access rights (default). \ "private" / Owner gets FULL_CONTROL. 2 | The AllUsers group gets READ access. \ "public-read" / Owner gets FULL_CONTROL. 3 | The AllUsers group gets READ and WRITE access. | Granting this on a bucket is generally not recommended. \ "public-read-write" / Owner gets FULL_CONTROL. 4 | The AuthenticatedUsers group gets READ access. \ "authenticated-read" / Object owner gets FULL_CONTROL. 5 | Bucket owner gets READ access. | If you specify this canned ACL when creating a bucket, Amazon S3 ignores it. \ "bucket-owner-read" / Both the object owner and the bucket owner get FULL_CONTROL over the object. 6 | If you specify this canned ACL when creating a bucket, Amazon S3 ignores it. \ "bucket-owner-full-control" Choose 1 For owner full control over your files with no public access Edit advanced config? y) Yes n) No (default) y/n> Choose N Summary of settings is next displayed [rackcorps3] type = s3 provider = RackCorp env_auth = false access_key_id = OG4CONUEWUQEIVUTFI9F secret_access_key = tA+Nswu25EF6oxEKHzW3SjDuwSBjK1k8GQ73WMQk region = au endpoint = au.s3.rackcorp.com location_constraint = au-nsw acl = private -------------------- y) Yes this is OK (default) e) Edit this remote d) Delete this remote Press Y to accept changes. You are returned to the main menu. Name Type ==== ==== rackcorps3 s3 e) Edit existing remote n) New remote d) Delete remote r) Rename remote c) Copy remote s) Set configuration password q) Quit config e/n/d/r/c/s/q> Q to quit back to the command prompt. Connect rclone to a drive letter or folder-path on the operating system Where rackcorps3: is your friendly connection name from setup and s: can be a spare drive letter not in use by your system C:\Users\KngtRider\Downloads\rclone>rclone mount rackcorps3: s: The service rclone has been started. This will launch drive letter on demand. Once the process/rclone window is closed, the drive letter will be unmounted. Advanced Setup Topics Autostart on Windows The following code will establish a windows service that will mount the S3 drive letter on startup but via a context that is visible to all users of the computer For this guidance, we assume the rclone is unzipped to c:\rclone. If you are following the above instructions, change the path for rclone to the exact path you used in those instructions, eg c:\users\yourwindowsusername\Downloads\rclone Open a command prompt and navigate to c:\rclone Execute Powershell by running powershell at the cmd prompt At the powershell prompt enter this command to create the new rclone service New-Service -Name Rclone -BinaryPathName 'c:\rclone\rclone.exe mount rackcorps3: S: --config c:\rclone\rclone.conf --log-file c:\rclone\mount.txt' Where:  c:\rclone\ is your path to rclone rackcorps3: is the friendly name for your S3 instance S: is the desired drive letter Providing all the parameters are correct including keys, the service should execute as its set to automatic mode and the drive letter S: should appear. To manually interact with the service, use 'net stop rclone' and 'net start rclone' at the windows command prompt Getting started with S3 storage on RackCorp Hybrid Cloud - Windows & Mac This document will cover the basics to get up and running to use RackCorp’s S3 storage service, including setting up access keys and secrets, creating buckets and transferring/manipulating your files via a number of third party client applications on Windows.   There are several ways to host your files on RackCorp S3. This document focuses on Windows Clients but most applications are also available for Mac and Linux. FTP style application (browser) Mounted Drive Letter application (drive) API access for modern web applications. You are free to use a S3 compliant application of your choosing, although the following applications are validated with our service and for which we can provide limited support and assistance. Windows MAC LINUX FileZilla Pro Payware FileZilla Pro Payware FileZilla Pro Payware Cyberduck (Browser) Free  Cyberduck (Browser) Free rclone Mountain Duck (Drive) Trial Mountain Duck (Drive) Trial CloudBerry MSP360 Explorer Free Cloudberry MSP360 Explorer Free rclone rclone TNT Drive Trial Mountain Duck Expan Drive Expan Drive S3Browser Freeware WinSCP OBJECT STORAGE S3 compatible object storage contains one or more storage buckets; each bucket contains a number of widgets. Each widget has a unique ID. Each widget has some meta data describing attributes of the object such as dates or revisions Inside each widget is some data we want to access. We are able to sort through the widgets that are in these buckets until we find the one we are looking for. 1. Create your S3 credentials in RackCorp Portal.  The Storage tab in RackCorp Portal manages your CREDENTIALS and BUCKETS 1.1 Start by adding a new credential. Give your new key a descriptive name, e.g. Employee name, Client or contractor name. Try to keep this distinct compared to what you name your buckets later. Think of your access key as your username Think of your ‘secret’ key as your password. 1.2 Choose the customer in the dropdown field. This would be either your company/client name or a sub-customer/sub-client. You would have originally setup any sub-customers in the RackCorp portal under the Customers section.  1.3 Define an optional expiry date for the key. If you are going to be issuing an amount of keys this is a good way to track of authorised access. 1.4 Define the Read/Write Permission for the credential. This is ideal if you would like to create a credential for someone that you would like to share files with, or to freeze files. Once you have created or updated your key, a summary result is displayed. A progress spinner is displayed while your keys are generated and a green tick means they are ready to view. Click on the access key to retrieve your access key and secret. This is a ONE-TIME PROCESS. TAKE A NOTE OF YOUR ‘SECRET’ DISPLAYED IN THIS POPUP. It is NOT retrievable. You now have the three elements needed to securely access your files in RackCorp S3 Your endpoint URL: For some of our customers we will setup a custom URL, In this document we will use s3.rackcorp.com as an example. Your ACCESS KEY : Retrievable from the portal Your SECRET : A one-time code displayed in the portal In RackCorp S3, there is a many to many relationships between access keys and buckets. This means all keys created under a customer can access all the buckets created under that customer. 2. Create your S3 buckets. 2.1 Define a descriptive name for your bucket. The name should reflect what the bucket’s purpose is. Such as `TropicalHolidayProject` or ‘a1bucket’ in our example. For bucket names please use alphanumeric characters, dash and no spaces. 2.2 Choose the customer in the dropdown field. This would be either your company/client name or a sub-customer/sub-client. You would have originally set up any sub-customers in the RackCorp portal under the Customers section. 2.3 Choose the region for where you would like to store your buckets. In this drop-down we list common regional options and these options may vary per customer. If these do not suit you contact our support department who can define manual region rules for you. An example S3 Region might be “Australia”, which would encompass several physically distinct data storage locations; “Australia - East” for NSW and Victoria or “Philippines and Hong Kong”. The field has been pre-populated with two of our NSW datacentres, a Sydney region covering both as well as Thailand. 2.4 Access Policy determines whether your access key is required to access this bucket. You could typically use this option to enable public web content PUBLIC ENABLE  = No key is required to access the bucket. PUBLIC DISABLE = Access key is required to access the bucket. 2.5 Status is simply an enable/on-off toggle for the container. 2.6 Wait for your bucket to be added. 3. Configure your S3 application with your credentials.  We will demonstrate two types of windows applications as client examples for RackCorp S3. A ‘FTP’ style application and a drive-letter type app, where buckets are mounted as windows drive letters, allowing files to be natively accessed by windows applications without having to GET or PUT them from the S3 server first. S3 Applications FileZilla Pro Payware https://filezillapro.com/ Cyber Duck (Browser) Freeware https://cyberduck.io/ Mountain Duck (Drive) Trial https://mountainduck.io / CloudBerry MSP360 Explorer Freeware https://www.msp360.com/explorer.aspx CloudBerry MSP360 Drive Trial https://www.msp360.com/drive.aspx TNT Drive Trial https://tntdrive.com/ S3Browser Freeware https://s3browser.com/ WinSCP https://winscp.net/eng/index.php rclone https://rclone.org/downloads/ Expan Drive https://www.expandrive.com/ WINDOWS 3.1 FTP Style S3 Client These require your files to be downloaded to your computer and then uploaded back to the server when needed. These types of clients are ideal for managing files that are not often edited and for which you may require additional features to manipulate your files and buckets. 3.1.1 S3 Browser freeware Accounts -> Add New Account to setup your keys in the client For ‘S3 Browser’, simply drag and drop your files between your PC and your bucket.  We can see here that our credential has access to two buckets as that’s what we created in the portal. 3.1.2 Cloudberry Explorer for Windows Please add a 'S3 Compatible' Connection Choose your S3 Source either in the left or right pane of the application 3.2 Drive Letter mount clients These applications mount each bucket a driver letter in windows explorer, allowing you to manage your files as if they are native in your windows system. Downloads/uploads occur when you copy files to/from that particular drive letter/bucket. These are better for managing large numbers of content rich files that would be edited by the end user such as photos text or video, and for those who would like ease of use. 3.2.1 TNT drive trial MAC OS FTP-Style We recommend Cyberduck for those who would like get/put style of application.  Drive-Mount We have tested and validated both Mountain   Duck (from the developer of Cyber Duck) as well as Cloud Mounter against MacOS Ventura. These S3 clients will give you folder/drive mount access for your S3 Buckets. Mountain Duck Please add a "amazon s3' type connection configurator, using the endpoint of your choice CloudMounter Please update to the latest version For Ventura Support and follow the below settings example to setup Cloud Mounter. Add a "amazon s3' connection and fill in the details per rackcorp portal. Substitute the Server Endpoint for the one of your choosing eg AU or AU-NSW or S3 regions s per our S3 settings page. Expan Drive For ExpanDrive please add a "Amazon S3" Connection 4. Advanced Features   This document is intended to get you up and running with the RackCorp S3 Storage service using popular Windows client applications. To use advanced features like file versioning, encryption, Access Control Lists, cross-region replication, Transfer Acceleration, bucket logging and API access, please contact your account manager for additional information. These features may require specific settings or regions to work.   Document History: 008: Add Mac/Windows Expan Drive, Cloudberry for Windows 007: Added Mountain Duck and Cloud Mounter for Mac OSX Ventura 006: Added WinSCP and rclone 005: Multi Language support 004: Add support and usage guidance for Cyber Duck and Mountain Duck from iterate GmbH Install OPNsense Firewall in the cloud OPNsense 20.x setup workflow for RackCorp Hybrid cloud Summary: Setting up OPNsense is easy if one has direct access bare metal, or has a desktop virtualisation where one can define internal NICs/networks, which can be used for the LAN side management. However, since we are setting up in a hybrid public/private cloud, without a management terminal (VM) setup on the same subnet as the LAN network, we will not be able to manage and configure the OPNsense since the locked down WAN interface is the one exposed to the outside world. Additionally, limited configuration is provided through its’s terminal shell. We want to have some management ports (properly secured) exposed to the Internet. For our hybrid cloud, we shall swap the public and private interfaces in OPNsense This is the reverse of the expected setup flow. We do this because the LAN interface has a preset ‘allow all’ rule which lets us login to its management portal. This will allow us to easily configure the system remotely via web browser and then we will change the settings back to the Public IP being on the WAN interface and private IP on the LAN interfaces. The general steps to get OPNsense 20 running on RackCorp Hybrid are as follows: Install ISO Get access to Web GUI Make firewall rule on WAN interface for remote management Reassign/swap the LAN/WAN interfaces Rekey in the correct IP address for the LAN/WAN interfaces The WAN IP included in this guide is for example only. Please replace it with the one we have provided you 1. Install ISO   OPNsense assigns its Interfaces to NICs in the order they are assigned to in the RackCorp Portal, starting with LAN interface. So let’s ‘swap’ the interfaces so we can login to the management webpage: 1. Start off with the following configuration for the RackCorp Portal and OPNsense in your RackCorp VM RackCorp vNIC ID RackCorp vNIC Label IP VLAN OPNsense Interface NIC 1 Public 116.206.80.210 /27 Public VLAN1 for Demo LAN (vtnet0) NIC 2 Private 10.0.0.1 /24 Public VLAN1 for Demo WAN (vtnet1) Rackcorp portal will display green lights when the configuration is correct. Setup your RackCorp VM with the networking from the above table. Don’t forget to add the VLANs For demonstration, we have left the default vNIC labels. If the vNIC labels are confusing you could define them based on the interface, e.g. Private or Public combined with the end of the vNIC MAC address e.g. 33 or 34. 2. Follow the boot and installation instructions for the OPNsense 20.x using the ISO image file. 2.1 Mount the OPNsense Installer ISO in RackCorp and then boot the VM. 2.2 A live environment is booted with optional installation. Do not run interface assignment during boot if you are going to install to HD. 2.3 Once booted, install the system to disk using the following Login: installer password: opnsense Follow the guided instructions to install to HDD. The defaults are fine for a single disk install. Once complete, follow the prompt to reboot the OPNsense install and EJECT the ISO from the RackCorp portal. 2. Get access to Web GUI   3. Opnsense has a built in wizard in the console menu that aids the user to setup their LAN NIC, WAN NIC, any tertiary NIC such as a DMZ or management NIC as well as IPv4/6 addressing and DHCP. Your Opnsense will have booted to this menu after install. 3.1 SET INTERFACE IP for WAN Select NONE , this will clear the interface and let us re-assign. 3.2 SET INTERFACE IP for LAN Select 116.206.80.210 /27 as per table. Since this example uses a 27 bit subnet, our gateway is .193 and our maximum host is .223. For DNS use RackCorp NS1 110.232.116.249 or Google DNS 8.8.8.8 Interface LAN DHCP No New LAN IP 116.206.80.210 Subnet 27 Gateway 116.206.80.193 Gateway as name server No IPv4 Name server 8.8.88 IPv6 LAN Interface via WAN Tracking: No IPv6 LAN Interface via DHCP: No IPv6 Address: for none LAN DHCP Server: n HTTP fallback for web GUI n 4. Once you have keyed in the LAN IP address, you should be able to access it via web browser. There will be an introductory setup wizard but be sure to skip the WAN setup page. Login to OPNsense web page. Click logo top left to skip configuration wizard. Once we have logged into the OPNsense management page, this is verification that we can access the system 3. Make firewall rule on WAN interface for remote management   5. Add an alias to define management ports. Firewall-> Aliases . We use ports 80, 443, 8080 in this example. [Save]. [Apply] 6. Add WAN port forward rule to Firewall -> Rules -> WAN. Protocol: TCP Source Port: Any Destination port range Start: Scroll UP in the list to find it. Destination port range End: Scroll UP in the list to find it. Log Packets: Enabled [Save]. [Apply]. 4. Reassign/swap the LAN/WAN interfaces 7. Interfaces-> Assignments . Compare the settings here versus Rackcorp portal Where are we now: a LAN Interface with public IP set in OPNsense and WAN interface with no WAN IP set. Since our Port Forward that will allow us to access management interface externally is now defined, we can swap the interfaces. You need to swap both the interfaces in OPNsense portal. 7.1 In OPNense portal, (Interfaces->Assignments) Swap so that (LAN) -> VTNET1 RackCorp NIC 2 (WAN) -> VTNET0 RackCorp NIC 1 [SAVE] 5. Rekey in the correct IP address for the LAN/WAN interfaces   8. Once you have swapped, OPNsense might forget the IP subnets and we need to re-key them into the console. Re-key in the IP/subnets using option 2. Clear them if necessary with Interface LAN Configure via DHCP No New LAN IP 10.0.0.1 Subnet 24 Gateway for none IPv6 LAN Interface via WAN Tracking: N IPv6 LAN Interface via DHCP6: N IPv6 Address: for none Revert to HTTP as web GUI protocol N 9. Once both LAN and WAN have been rekeyed, you should be able to log in to the OPNsense management portal via its WAN address and RackCorp vNIC status lights turn green. 10. Follow our additional tasks for further configuration as required. 11. If you have problems with this procedure, select (4) Reset Factory Settings in the console menu. The OPNsense will reset itself, then shutdown. Restart the VM from RackCorp and try again. 11) Reload all services can also help ADDITIONAL TASKS Once your basic setup is running, it can be further configured to suit your requirements. Consult your security policy on how to handle such appliance management. Things to consider can be, of which many are industry best practice Considering adding a management network or 1 or more DMZ networks to the firewall for added functionality Use VPN functionality for management login instead of HTTP/S ports. Use VPN functionality for remote workers to be able to access enterprise content. If HTTP/S ports are desired for management via WAN/Internet, consider changing the port numbers and or whitelisting the OPNsense IP/URL to particular authorised management systems. Configure and test SSH access if necessary, bound by whitelisting, management interface or VPN tunnel. Install additional plugins, such as Wireguard VPN or other utilities via the plugins page to enhance the functionality of the firewall. RackCorp BGP Communities RackCorp is currently undergoing a transition to our BGP model globally.  If you notice a combination of communities is not working as you expect, please raise a support ticket as our team as it may be our issue BGP Looking Glass URL (RackCorp is currently undergoing testing on this service and it is not currently publicly available) https://lg.rackcorp.com/ Transit Management (outbound) (Please note while we try to pass on these communities, upstream networks may still advertise to these providers) 56038:283 Don't advertise to CoreIX (AS31708) 56038:284 Don't advertise to Hurricane Electric (AS6939) 56038:285 Don't advertise to Constant (AS20473) 56038:297 Don't advertise to NTT (AS2914) 56038:279 Don't advertise to Vocus (AS4826) 56038:286 Don't advertise to IPTransit (AS64098) 56038:287 Don't advertise to Indonet (AS9340) 56038:288 Don't advertise to Voxility (AS3223) 56038:289 Don't advertise to China Telecom (AS58453) 56038:290 Don't advertise to Aknet (AS12764) 56038:291 Don't advertise to Cogent (AS174) 56038:292 Don't advertise to Mongolia National DC (AS56301) 56038:293 Don't advertise to Gemnet (AS45204) Peering Management (outbound) (Please note while we try to pass on these communities, upstream networks may still advertise to peering exchanges) 56038:300 Don't advertise to WA-IX AU 56038:301 Don't advertise to NSW-IX AU 56038:302 Don't advertise to VIC-IX AU 56038:303 Don't advertise to QLD-IX AU 56038:310 Don't advertise to Megaport WA IX AU 56038:311 Don't advertise to Megaport NSW IX AU 56038:312 Don't advertise to Megaport VIC IX AU 56038:313 Don't advertise to Megaport QLD IX AU 56038:320 Don't advertise to DEC-IX DE Global Management (outbound) 56038:666 Blackhole prefix wherever possible (only IPv4 /32 or IPv6 /128 allowed) 56038:777 Do not advertise outside of local city (Useful if deploying anycast and utilising other vendors besides RackCorp) 56038:888 Attempt to pad announcements globally with prefixes for optimal anycast traffic 56038:8880 Attempt to pad announcements globally with prefixes for optimal anycast traffic (identical to :888) 56038:8881 Attempt to pad announcements globally with prefixes for optimal anycast traffic +1 56038:8882 Attempt to pad announcements globally with prefixes for optimal anycast traffic +2 56038:8883 Attempt to pad announcements globally with prefixes for optimal anycast traffic +3 56038:8889 Do not advertise 56038:2000 Do not advertise by default (Use specific keyed communities) Cloud Users next-hop (outbound) You can use 110.232.119.254 as your next-hop.  Our systems will automatically assign your VM primary IP as the next hop. Keyed Management (outbound) (Please note while we try to pass on these communities, upstream networks may still advertise at these locations) A: 1=Dont Advertise, 2=Advertise no padding, 3=Advertise pad x1, 4=Advertise pad x2, 5=Advertise pad x3, 6=Advertise no-export B: 0=Transit + Peering, 1=Transit Only, 2=Peering Only 56038:1AB00 Global 56038:1AB21 AU Brisbane 56038:1AB01 AU Sydney GlobalSwitch 56038:1AB26 AU Sydney Equinix 56038:1AB02 AU Melbourne 56038:1AB03 AU Perth 56038:1AB09 DE FRA8 56038:1AB08 HK 56038:1AB14 IN 56038:1AB13 JP 56038:1AB19 MN MNDC1 56038:1AB20 MN GEMNET1 56038:1AB12 NL Amsterdam 56038:1AB11 NZ 56038:1AB17 TH BKK1 56038:1AB18 TH BKK2 56038:1AB06 UK London 56038:1AB04 US Fremont 56038:1AB05 US Chicago 56038:1AB15 US Los Angeles, CA 56038:1AB16 US Reston VA 56038:1AB07 SG 56038:1AB22 KG NSP1 56038:1AB23 PH Carmona 56038:1AB24 PH Makati 56038:1AB25 ID Jakarta 56038:5070 Force local-pref 70 56038:5080 Force local-pref 80 (Default) 56038:5090 Force local-pref 90 56038:5095 Force local-pref 95 Informational Communities (inbound) 56038:3000 Received via local 56038:3001 Received via transit 56038:3002 Received via peering 56038:3003 Received via customer BGP Internal Distancing (inbound) RackCorp uses a private AS65001 to represent some internal connectors in the BGP router path and is used to indicate distance between datacenters/cities. You can make use of these internally if you wish in calculating optimal routing RackCorp Datacenter Locations and Codes Datacenter Codes and Test IPs The codes below identify the locations of servers both at order time and on billing information DC Code DC Description Test IP v4 Test IP v6 RC-AU-NEXTDCB2 AU Brisbane NextDC B2 185.207.10.109 RC-AU-VOCUS530 AU Melbourne Vocus 530 103.233.30.118 RC-AU-VOCUSPER03 AU Perth Vocus PER03 PerthIX 103.233.31.38 RC-AU-GLOBESW1 AU Sydney GlobalSwitch 116.206.80.238 2406:4a00:1::feed RC-AU-EQX1 AU Sydney Equinix SYD4 103.43.116.87 RC-DE-FRANKFURT2 DE Frankfurt FRA8 103.43.118.76 RC-HK-EQXHK2 HK Hong Kong EQXHK2 116.206.82.37 RC-ID-DCI1 ID Jakarta DCI1 185.207.9.5 RC-ID-AREA31 ID Jakarta Area31 103.69.75.46 RC-KG-NSP1 KG Kyrgyzstan NSP1 137.83.12.36 RC-KG-DATA1 KG Kyrgyzstan DataTime1 137.83.12.138 RC-MN-GEM1 MN Gemnet1 116.206.83.60 RC-MN-MNDC1 MN National DC1 103.43.117.37 RC-MN-MGL1 MN Mogul DC1 114.129.42.2 RC-MN-SSYS1 MN SSystems DC1 103.43.118.196 RC-NZ-SH1 NZ Auckland SH1 120.138.21.118 RC-PH-CRM1 PH Philippines Carmona 45.250.158.14 RC-PH-MAK1 PH Philippines Makati 103.219.70.176 RC-TH-BKK2 TH Thailand NTT BKK2 116.206.81.103 RC-TH-TCC1 TH Thailand TCC DC1 185.207.8.36 RC-UK-MEMACO1 UK Memaco House 103.69.74.41 2406:4a00:1f00::4 RC-US-VA1 USA Virgina CoreSite VA1 103.69.73.4 RC-US-LA2 USA Los Angeles LA2 103.69.72.4 RackCorp IP Address Allocations IPv4 185.207.8.0/22 103.69.72.0/22 110.232.116.0/22 103.43.116.0/22 103.233.30.0/23 137.83.12.0/24 116.206.80.0/22 IPv6 2406:4a00::/32 RACKCORP REST API RACKCORP REST API Rackcorp has migrated many of its functionalities to work with REST API architecture to modernize and make easy the process to get data through HTTP protocol. Every month we are adding new services through REST API. It is important you follow us to get the last updates and the last version of our API. API Information: Current Version: v2.8 API URL: https://www.rackcorp.net/api/v2.8 Before you start to create any code or connect through our API, you need to create an API Key access which allows your code to make HTTPS requests to our services and be authorized to get data for your services. We will explain here how you add this API Key in your code. To create API credentials, goto ADMINISTRATION -> API in our portal.  URL: https://portal.rackcorp.com/index.php?cmd=api Then, you click ADD, type a name for this new Key and a secret ( password ) and SAVE. Make sure to record your SECRET phrase somewhere safe. It is required for API access and cannot be retrieved, It can only reset via the API portal key details page API Standards: As described in our article REST API Architecture and Standards , there is no definitive standard patterns that all engineers/devs should follow to create REST API for their app. In Rackcorp we keep things simple. The main structure for our REST API follows the patterns below: version: v2.8 main URL: https://api.rackcorp.net/api object data: customers | dc | network | api | dns | device URL format: https://api.rackcorp.net/api/ +version+/object data/+ID item Example GET all data: https://api.rackcorp.net/api/v2.8/device Example GET one Item: https://api.rackcorp.net/api/v2.8/device/1   Bellow is some example code which you can use as example to implement your first REST API connection to our platform: We strongly recommend that you only make REST API calls from your back-end code.  Be careful when using javascript code to call a REST API url. Never add your credentials in front-end code.  Speak to our team if unsure. In this simple introduction to code REST API, we will use PHP and PYTHON programming language. PHP: In the sample bellow we add a dummy API KEY and API SECRET. Please, change this data accordingly with your data "dc.getall"]; $query['APIUUID'] = ""; // No authetnication required for getting datacenter list $query['APISECRET'] = ""; $curl = curl_init($url); curl_setopt($curl, CURLOPT_POSTFIELDS, json_encode($query)); curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); $response = curl_exec($curl); if($response) { return json_decode($response, true); } return false; ?> PYTHON: import json import logging import sys import os import glob import re from bson import json_util from flask.helpers import make_response from flask import request, jsonify version = 'v2.8' apiurl = 'https://api.rackcorp.net/api'+version+'/'+dc setheaders = { 'content-type': 'application/json', 'User-Agent': 'Mozilla', 'jwt': jwt } data = {} data['APIUUID'] = '' data['APISECRET'] = '' apiresp = None apiresp = requests.get(self.apiurl+'/sessions/logout',data=self.rcdata,headers=setheaders) As you can see in both examples, the logic to connect through our API is quite simple. You just need the URL, the APIUUID and APISECRET as part of the object or array that gets passed to the API. Below you can find links with more advanced docs to use our API.  Also, the complete list of REST API services (urls) explaining the query data and the expected response data for each situation. REST API GibHub Docs: Link: https://github.com/RackCorpCloud/rackcorp-api/wiki/RACKCORP-REST-API Swagger RACKCORP REST API: Swagger is a suite of API developer tools from SmartBear Software and a former specification upon which the OpenAPI Specification is based. This platform displays in simple layout all REST API functions allowing you visualize what your code should expect as response for each call (GET, PUT, PUSH, DELETE). You can see through this platform the schema for each function and also, the expected JSON format response. You can also make tests to connect through your services in our servers using your real APIUUID and APISECRET. It is good for testing staging environments and make sure that your call will receive exactly what your code expects. Dont forget to select which url path API you wanna use for tests. In Swagger page you can see in Server three options. The first one is a swagger mocking URL which is not for tests. The second one is the RACKCORP Production REST API Core (please be careful to use this URL ). The third one is the RACKCORP Staging REST API which should be used for tests. Link: https://app.swaggerhub.com/apis/RackCorp/Rackcorp-REST-API/2.8 RACKCORP REST API EXAMPLES Reference material: Swagger App: https://app.swaggerhub.com/apis-docs/RackCorp/Rackcorp-REST-API/2.8 Rackcorp REST API docs: https://wiki.rackcorp.com/books/help-and-support-en/page/rest-api-architecture-and-standards PHP Code: Simple server creation: "FAULT", "message" => "API Error"); } return json_decode($response, true); } $customerID = 1000; // Change this to your customer ID (available in portal under ADMINISTRATION -> MY DETAILS) // locations are defined here: https://wiki.rackcorp.com/books/help-and-support-en/page/rackcorp-datacenter-locations-and-codes $neworder = "data": [ "customerid": $customerID, "currency": "AUD", "servicebilltag": "CLOUDSERVER", "productdetails": [ "BILLINGMODEL": "monthly", "NOINSTANCES": 1, "HOSTNAME": "Test Machine", "CLOUDTYPE": "public", "DCID": "89", "OS": "OS-ALMALINUX-16.1", "VMHID": "", "CPU": 2, "MEMORYGB": 4, "STORAGEGB": 20, "IPV6": 0, "IPV4": 1, "NT-SPEED": "NT-SPEED100", "TRAFFICGB": "TRAFFICGB-100", "BKP": "BKP-FREE", "SUPPORT": "SUPPORT-STD", "DDOS": "", "SECURITY":[] ] ]; // Lodge the order (this just locks pricing in for up to 72 hours but doesnt actually create any resources) // IMPORTANT - method POST $response = rackcorpAPI("/order/create/server", $neworder); var_dump($response); // You can look up the order if you want: // IMPORTANT - method GET $response = rackcorpAPI("/order/"+$response['data']["orderid"]); var_dump($response); // Then confirm the order to start provisioning: // IMPORTANT - method GET $response = rackcorpAPI("/order/confirm/server/"+$response['data']["orderid"]); var_dump($response); ?> Starting a server using cloud-init: After creating a server, you can also choose to start it using cloud-init with your own custom code: $cloudInitStartupData = Array( "cloudInit" => Array( "volumeName" => "config-2", "userData" => "#cloud-config ssh_pwauth: True users: - default - name: user1 groups: sudo shell: /bin/bash sudo: ['ALL=(ALL) NOPASSWD:ALL'] plain_text_passwd: testtest888 lock_passwd: false ", "metaData" => "instance-id: ServerTest9999 local-hostname: MyServerHostname9999 " ) ); $serverIDToStart = 9999; $tx = Array ("objId"=>$serverIDToStart, "objType"=>"DEVICE", "type"=>"STARTUP", "data"=>json_encode($cloudInitStartupData)); // See earlier example for rackcorpAPI function $response = rackcorpAPI("rctransaction.create", $tx); var_dump($response); ?> S3 Storage Settings S3 Storage Regions Region Area Code Australia GlobalSwitch DC1 au-nsw-gbl1 Australia Equinix SYD4 au-nsw-eqx4 Australia Sydney au-nsw Thailand Bangkok NTT DC1 th-bkk Mongolia Ulaanbaatar mn Mongolia Ulaanbaatar GEMNET DC1 mn-gem1 Hong Kong hk Hong Kong Equinix HK2 hk-eqx2 Philippines ph Philippines Carmona DC1 ph-crm1 Kyrgyzstan kg Kyrgyzstan - NSP DC1 kg-nsp1 Indonesia id Indonesia - Area31 DC1 id-area31 Australia LEDC NSW Datacenters au-nsw-ledc Australia NSW Newcastle au-nsw-ledc-ncle1 Australia NSW Dubbo au-nsw-ledc-dbo1 WHERE S3 ENDPOINT URL is areacode.s3.rackcorp.com EG au-nsw-ledc-ncle1.s3.rackcorp.com to force data to newcastle data center, Australia How to install s3cmd for RackCorp INSTALL PACKAGES CentOS 8+ / Rocky Linux / RPM-based Linux yum install s3cmd Debain / Ubuntu / .deb based linux apt install s3cmd CONFIGURATION Demo Read-Only Access Key / Secret Access Key: F4LV2SVMHUOL1UOD2LLF Secret Key: plax+zs9eSmvLVl2E7Wc8fRyv+cyuq7vYgQi7E/6 Default Region: US S3 Endpoint: s3.rackcorp.com DNS Template (if required): %(bucket)s.s3.rackcorp.com (You can create your own inside our portal SERVICES -> STORAGE -> S3 CREDENTIALS / S3 BUCKETS) [demo@demohost demo]# s3cmd --configure Enter new values or accept defaults in brackets with Enter. Refer to user manual for detailed description of all options. Access key and Secret key are your identifiers for Amazon S3. Leave them empty for using the env variables. Access Key: F4LV2SVMHUOL1UOD2LLF Secret Key: plax+zs9eSmvLVl2E7Wc8fRyv+cyuq7vYgQi7E/6 Default Region [US]: Use "s3.amazonaws.com" for S3 Endpoint and not modify it to the target Amazon S3. S3 Endpoint [s3.amazonaws.com]: s3.rackcorp.com Use "%(bucket)s.s3.amazonaws.com" to the target Amazon S3. "%(bucket)s" and "%(location)s" vars can be used if the target S3 system supports dns based buckets. DNS-style bucket+hostname:port template for accessing a bucket [%(bucket)s.s3.amazonaws.com]: %(bucket)s.s3.rackcorp.com Encryption password is used to protect your files from reading by unauthorized persons while in transfer to S3 Encryption password: Path to GPG program [/bin/gpg]: When using secure HTTPS protocol all communication with Amazon S3 servers is protected from 3rd party eavesdropping. This method is slower than plain HTTP, and can only be proxied with Python 2.7 or newer Use HTTPS protocol [Yes]: On some networks all internet access must go through a HTTP proxy. Try setting it here if you can't connect to S3 directly HTTP Proxy server name: New settings: Access Key: F4LV2SVMHUOL1UOD2LLF Secret Key: plax+zs9eSmvLVl2E7Wc8fRyv+cyuq7vYgQi7E/6 Default Region: US S3 Endpoint: s3.rackcorp.com DNS-style bucket+hostname:port template for accessing a bucket: %(bucket)s.s3.rackcorp.com Encryption password: Path to GPG program: /bin/gpg Use HTTPS protocol: True HTTP Proxy server name: HTTP Proxy server port: 0 Test access with supplied credentials? [Y/n] Y Please wait, attempting to list all buckets... Success. Your access key and secret key worked fine :-) Now verifying that encryption works... Not configured. Never mind. Save settings? [y/N] YConfiguration saved to '/home/demo/.s3cfg' Recommended Client Software While there is no formal ( RFC documented ) ' S3 Protocol ', the RackCorp S3 storage platform supports largely conforms to what the industry largely follow, that being the protocol implemented by Amazon. This means that most client software that has ' native S3 ' or ' AWS S3 ' support, will typically work with RackCorp S3, given the correct configuration. If you experience issues with any particular functionality or client software that you believe should work, please feel free to raise a support ticket and we will investigate. S3 Security Considerations There are many use-cases for S3 storage, one of which is hosting of static web content. This requires your bucket to have 'PUBLIC READ ENABLED' permissions selected in the bucket configuration. This means that anyone with a URL to a resource stored in your bucket will be able to access it without requiring any credentials or authentication. This is perfect for static images and other content, for use behind a CDN or for objects in-bedded into your website/mobile application. If you are not using your bucket for hosting of static web content, you must ensure that the 'PUBLIC READ DISABLED' permissions are selected. This ensures that only valid users with an access + secret keypair can access resources in your bucket. Additionally, you can use a 'Presigned URL' for both uploading and accessing of data in buckets, in the same way that you would here: (AWS S3 - presigned urls) . This is the preferred approach for all common use cases as it reduces any potential exposure of data stored in your buckets. For assistance on the points above, please feel free to raise a support request for clarifications. S3 Storage White-label Partner Services RackCorp also extends all of the above S3 Storage Regions to our white-label partner programme where you assign your s3. nameservers to RackCorp hosted DNS. Please contact sales@rackcorp.com for further information. Security Token How-To 1. Choose user   Log into the portal using your username and password and navigate to ADMINISTRATION   -> MY DETAILS Click on MY DETAILS . The CLIENTS AND USERS PAGE is displayed.  Click USERS  to display the assigned users under your CLIENT (customer) account, and select a USER to edit 2. Find token link   Note your user details, there should be a SECURITY TOKEN link visible ready to be used for the first time. 3. Security token setup   The security token setup window is displayed where you can generate your key to add to your desired authenticator application.   4. Connect TOTP Seed   Once the Generate button is pressed, a TOTP Seed key and a Google Authenticator key are displayed. For convivence, a QR code is generated that can be scanned by an authenticator app.     We strongly recommend that a separate physical device such as a phone, tablet or hardware key be used for multi factor authentication.  Google authenticator for mobile devices can scan the generated QR code using the device camera to retrieve the token key and setup your authentication. For desktop authenticators such as a YubiKey hardware key, a screen capture function is available where it can capture the generated displayed QR code from the screen. Otherwise for applications such as WinAuth you will need to copy and paste the URL to the QR code image or manually input the key code into the authenticator. Once the key generator window is closed, your keys are no longer accessible using this function and need to be regenerated and you are returned to your user details. 5. Performance check   Once your authenticator is setup, it is advisable to test it before setting your user preferences to enforce Two-Factor Authentication on login, should the key be wrong technical support will need to reset the users access. Navigate to POWER and click LOGOUT You are returned to the RackCorp portal login at portal.rackcorp.com or your company's white label link   At this step, using your new authenticator to generate the Security Token and input it into the field and login, log back into the portal. Should this be successful progress to step 6 . otherwise check your authenticator for most current code or contact RackCorp Technical Support. 6. Configure security token for a user   Should you login successfully after configuring 2FA, The final step to Security Token setup is to select whether two factor authentication is mandatory required or not on login by selecting REQUIRED or NOT REQUIRED . 7. Final test   Perform a final test of your new 2FA settings. As per step 5,  log out of the RackCorp Portal and then login using your newly setup Two Factor Authentication in addition to your username and password. You should have be able to login successfully and can continue using our services.  Self-Signed SSL certificates Navigating OpenSSL can be tricky with a number of command line chains to memorise, that generate different products. Should a temporary self-sign be needed for a website initial deployment or test process, the following webpage has a all in one generator and presents all results on the page itself with nothing needed to install Only thing of note is industry now requires 1YR max SSL validitty. Some generators will mark the validity for 10 YEARS and RackCorp portal will recognise this as it is technically legitimate. This webpage generator says 1YR but will generate 3 months, typical of a free self sign 'R3' type generator https://en.rakko.tools/tools/46/   Update BookStack on RackCorp - For RackCorp Web Hosting Platform Only - 1. Login to the hosted website shell using a local user, NOT a super user. the PHP version gets misdetected as superuser 2. cd /httpdocs/Bookstack 3. ls to verify folder contents. note artisan, composer.*, composer.phar -bash-4.4$ ls -l total 2900 -rw-r--r-- 1 12425 12425 1186 Nov 7 07:04 LICENSE drwxr-xr-x 20 12425 12425 4096 Dec 20 06:38 app -rwxr-xr-x 1 12425 12425 1685 Nov 7 07:04 artisan drwxr-xr-x 3 12425 12425 4096 Dec 20 06:38 bootstrap -rw-r--r-- 1 12425 12425 57721 Nov 7 07:06 composer-setup.php -rw-r--r-- 1 12425 12425 3353 Dec 20 06:38 composer.json -rw-r--r-- 1 12425 12425 397702 Dec 20 06:38 composer.lock -rw-r--r-- 1 12425 12425 2286233 Nov 7 07:11 composer.phar -rw-r--r-- 1 12425 12425 200 Nov 7 07:04 crowdin.yml drwxr-xr-x 5 12425 12425 4096 Dec 20 06:38 database drwxr-xr-x 5 12425 12425 4096 Nov 7 07:04 dev -rw-r--r-- 1 12425 12425 1292 Nov 7 07:04 docker-compose.yml -rw-r--r-- 1 12425 12425 112666 Dec 20 06:38 package-lock.json -rw-r--r-- 1 12425 12425 1420 Dec 20 06:38 package.json -rw-r--r-- 1 12425 12425 452 Dec 20 06:38 phpstan.neon.dist -rw-r--r-- 1 12425 12425 2610 Dec 20 06:38 phpunit.xml drwxr-xr-x 5 12425 12425 4096 Dec 20 06:38 public -rw-r--r-- 1 12425 12425 14715 Dec 20 06:38 readme.md drwxr-xr-x 7 12425 12425 4096 Nov 7 07:04 resources drwxr-xr-x 2 12425 12425 4096 Dec 20 06:38 routes -rw-r--r-- 1 12425 12425 552 Nov 7 07:04 server.php drwxr-xr-x 8 12425 12425 4096 Dec 20 06:38 storage drwxr-xr-x 13 12425 12425 4096 Dec 20 06:38 tests drwxr-xr-x 2 12425 12425 4096 Nov 7 07:04 themes drwxr-xr-x 43 12425 12425 4096 Nov 7 07:11 vendor -rw-r--r-- 1 12425 12425 9 Dec 20 06:38 version 4.  git pull origin release && php composer.phar install --no-dev && php artisan migrate this is different to the web instructions, we add the php runtime and .phar due to the environment, otherwise command wont work 5. should see GIT run and do its changes, and then composer run and do its package installs. Any errors mean the command line is wrong for the environment, or the web documentation command line was used.  remote: Total 1799 (delta 1140), reused 1153 (delta 1137), pack-reused 635 Receiving objects: 100% (1799/1799), 634.53 KiB | 0 bytes/s, done. Resolving deltas: 100% (1523/1523), completed with 453 local objects. From https://github.com/BookStackApp/BookStack * branch release -> FETCH_HEAD 01cdbdb..009212a release -> origin/release Updating 01cdbdb..009212a Fast-forward .env.example.complete | 7 +- .github/translators.txt | 10 + .github/workflows/phpstan.yml | 41 + .github/workflows/phpunit.yml | 8 +- .github/workflows/test-migrations.yml | 6 +- .gitignore | 3 +- app/Actions/Activity.php | 2 +- app/Actions/ActivityService.php | 13 +- app/Actions/Comment.php | 2 + app/Actions/CommentRepo.php | 5 +- app/Actions/Tag.php | 9 + app/Actions/TagRepo.php | 53 +- app/Api/ApiDocsGenerator.php | 21 +- app/Api/ApiToken.php | 2 +- app/Api/ApiTokenGuard.php | 4 +- app/Auth/Access/ExternalBaseUserProvider.php | 19 +- app/Auth/Access/Guards/LdapSessionGuard.php | 2 +- app/Auth/Access/Ldap.php | 19 +- app/Auth/Access/LdapService.php | 2 +- Installing dependencies from lock file Verifying lock file contents can be installed on current platform. Package operations: 16 installs, 33 updates, 6 removals Cannot create cache directory /home/httpd/vhostmounts/local/2425/.composer/cache/files/, or directory is not writable. Proceeding without cache - Downloading composer/package-versions-deprecated (1.11.99.4) - Downloading voku/portable-ascii (1.5.6) - Downloading phpoption/phpoption (1.8.1) - Downloading graham-campbell/result-type (v1.0.4) Package manifest generated successfully. 58 packages you are using are looking for funding. Use the `composer fund` command to find out more! > @php artisan cache:clear Application cache cleared! > @php artisan view:clear Compiled views cleared! ************************************** * Application In Production! * ************************************** Do you really wish to run this command? (yes/no) [no]: > yes Nothing to migrate. 6. If the above commands generate an error an do no execute with a result similar to the example above, run the following commands to diagnoise the issue. -bash-4.4$ php composer.phar diagnose Checking composer.json: WARNING require.ssddanbrown/symfony-mailer : exact version constraints (6.4.x-dev) should be avoided if the package follows semantic versioning Checking platform settings: OK Checking git settings: OK Checking http connectivity to packagist: OK Checking https connectivity to packagist: OK Checking github.com rate limit: OK Checking disk free space: OK Checking pubkeys: FAIL Missing pubkey for tags verification Missing pubkey for dev verification Run composer self-update --update-keys to set them up Checking composer version: You are not running the latest stable version, run `composer self-update` to update (2.1.11 => 2.8.4) Composer version: 2.1.11 PHP version: 8.1.0 - Package overridden via config.platform, actual: 8.1.19 PHP binary path: /usr/local/PACKAGES/php-8.1.19-std/bin/php OpenSSL version: OpenSSL 1.1.1k FIPS 25 Mar 2021 cURL version: 7.61.1 libz 1.2.11 ssl OpenSSL/1.1.1k zip: extension present, unzip present, 7-Zip not available Typically the PHP composer is out of date as shown -bash-4.4$ php composer.phar self-update Upgrading to version 2.8.4 (stable channel). Use composer self-update --rollback to return to version 2.1.11 Re-run the diagnostic and it should pass -bash-4.4$ php composer.phar diagnose Checking composer.json: WARNING require.ssddanbrown/symfony-mailer : exact version constraints (6.4.x-dev) should be avoided if the package follows semantic versioning Checking composer.lock: OK Checking platform settings: OK Checking git settings: WARNING Your git version (2.9.5) is too old and possibly will cause issues. Please upgrade to git 2.24 or above Checking http connectivity to packagist: OK Checking https connectivity to packagist: OK Checking github.com rate limit: OK Checking disk free space: OK Checking pubkeys: Tags Public Key Fingerprint: 57815BA2 7E54DC31 7ECC7CC5 573090D0 87719BA6 8F3BB723 4E5D42D0 84A14642 Dev Public Key Fingerprint: 4AC45767 E5EC2265 2F0C1167 CBBB8A2B 0C708369 153E328C AD90147D AFE50952 OK Checking Composer version: OK Checking Composer and its dependencies for vulnerabilities: OK Composer version: 2.8.4 PHP version: 8.1.0 - Package overridden via config.platform, actual: 8.1.19 PHP binary path: /usr/local/PACKAGES/php-8.1.19-std/bin/php OpenSSL version: OpenSSL 1.1.1k FIPS 25 Mar 2021 curl version: 7.61.1 libz 1.2.11 ssl OpenSSL/1.1.1k zip: extension present, unzip present, 7-Zip not available Re-run the installer as per step 4 , you should see it download and install new packages without error -bash-4.4$ php composer.phar install --no-dev > @php -r "!file_exists('bootstrap/cache/services.php') || @unlink('bootstrap/cache/services.php');" Installing dependencies from lock file Verifying lock file contents can be installed on current platform. Package operations: 6 installs, 84 updates, 6 removals - Downloading aws/aws-crt-php (v1.2.7) - Downloading dasprid/enum (1.0.6) - Downloading bacon/bacon-qr-code (v3.0.1) - Downloading psr/log (3.0.2) - Downloading doctrine/event-manager (2.0.1) - Downloading doctrine/deprecations (1.1.4) - Downloading doctrine/dbal (3.9.3) - Downloading doctrine/lexer (3.0.1) - Downloading masterminds/html5 (2.9.0) - Downloading symfony/polyfill-mbstring (v1.31.0) - Downloading sabberworm/php-css-parser (v8.7.0) - Downloading dompdf/php-svg-lib (1.0.0) - Downloading dompdf/php-font-lib (1.0.1) - Downloading dompdf/dompdf (v3.0.2) - Downloading symfony/polyfill-ctype (v1.31.0) - Downloading dragonmantank/cron-expression (v3.4.0) - Downloading symfony/polyfill-php83 (v1.31.0) - Downloading symfony/deprecation-contracts (v3.5.1) - Downloading symfony/http-foundation (v6.4.16) - Downloading guzzlehttp/promises (2.0.4) - Downloading symfony/polyfill-php80 (v1.31.0) - Downloading intervention/gif (4.2.0) - Downloading intervention/image (3.10.2) - Downloading symfony/process (v6.4.15) - Downloading knplabs/knp-snappy (v1.5.0) - Downloading symfony/polyfill-intl-normalizer (v1.31.0) - Downloading symfony/polyfill-intl-grapheme (v1.31.0) - Downloading symfony/string (v6.4.15) - Downloading symfony/service-contracts (v3.5.1) - Downloading symfony/console (v6.4.17) - Downloading voku/portable-ascii (2.0.3) - Downloading phpoption/phpoption (1.9.3) - Downloading graham-campbell/result-type (v1.1.3) - Downloading vlucas/phpdotenv (v5.6.1) - Downloading symfony/css-selector (v6.4.13) - Downloading tijsverkoyen/css-to-inline-styles (v2.3.0) - Downloading symfony/var-dumper (v6.4.15) - Downloading symfony/polyfill-uuid (v1.31.0) - Downloading symfony/uid (v6.4.13) - Downloading symfony/routing (v6.4.16) - Downloading symfony/polyfill-intl-idn (v1.31.0) - Downloading symfony/mime (v6.4.17) - Downloading symfony/event-dispatcher-contracts (v3.5.1) - Downloading symfony/event-dispatcher (v6.4.13) - Downloading egulias/email-validator (4.0.3) - Downloading ssddanbrown/symfony-mailer (6.4.x-dev 0497d6e) - Downloading symfony/error-handler (v6.4.17) - Downloading symfony/http-kernel (v6.4.17) - Downloading symfony/finder (v6.4.17) - Downloading ramsey/collection (2.0.0) - Downloading brick/math (0.12.1) - Downloading ramsey/uuid (4.7.6) - Downloading nunomaduro/termwind (v1.17.0) - Downloading symfony/translation-contracts (v3.5.1) - Downloading symfony/translation (v6.4.13) - Downloading nesbot/carbon (2.72.6) - Downloading monolog/monolog (3.8.1) - Downloading league/mime-type-detection (1.16.0) - Downloading league/flysystem (3.29.1) - Downloading league/flysystem-local (3.29.0) - Downloading nette/utils (v4.0.5) - Downloading nette/schema (v1.3.2) - Downloading dflydev/dot-access-data (v3.0.3) - Downloading league/commonmark (2.6.1) - Downloading laravel/serializable-closure (v1.3.7) - Downloading laravel/prompts (v0.1.25) - Downloading laravel/framework (v10.48.25) - Downloading paragonie/constant_time_encoding (v3.0.0) - Downloading phpseclib/phpseclib (3.0.43) - Downloading psr/http-factory (1.1.0) - Downloading guzzlehttp/psr7 (2.7.0) - Downloading guzzlehttp/guzzle (7.9.2) - Downloading league/oauth1-client (v1.11.0) - Downloading firebase/php-jwt (v6.10.2) - Downloading laravel/socialite (v5.16.1) - Downloading nikic/php-parser (v5.4.0) - Downloading psy/psysh (v0.12.7) - Downloading laravel/tinker (v2.10.0) - Downloading mtdowling/jmespath.php (2.8.0) - Downloading aws/aws-sdk-php (3.336.8) - Downloading league/flysystem-aws-s3-v3 (3.29.0) - Downloading league/oauth2-client (2.8.0) - Downloading robrichards/xmlseclibs (3.1.3) - Downloading onelogin/php-saml (4.2.0) - Downloading pragmarx/google2fa (v8.0.3) - Downloading predis/predis (v2.3.0) - Downloading socialiteproviders/manager (v4.8.0) - Downloading socialiteproviders/microsoft-azure (5.2.0) - Downloading socialiteproviders/twitch (5.4.0) - Downloading ssddanbrown/htmldiff (v1.0.4) - Removing symfony/polyfill-php81 (v1.29.0) - Removing symfony/polyfill-php72 (v1.29.0) - Removing phenx/php-svg-lib (0.5.2) - Removing phenx/php-font-lib (0.5.6) - Removing barryvdh/laravel-snappy (v1.0.2) - Removing barryvdh/laravel-dompdf (v2.0.1) - Upgrading aws/aws-crt-php (v1.2.4 => v1.2.7): Extracting archive - Upgrading dasprid/enum (1.0.5 => 1.0.6): Extracting archive - Upgrading bacon/bacon-qr-code (2.0.8 => v3.0.1): Extracting archive - Upgrading psr/log (3.0.0 => 3.0.2): Extracting archive - Upgrading doctrine/event-manager (1.2.0 => 2.0.1): Extracting archive - Upgrading doctrine/deprecations (1.1.3 => 1.1.4): Extracting archive - Upgrading doctrine/dbal (3.8.2 => 3.9.3): Extracting archive - Upgrading doctrine/lexer (2.1.1 => 3.0.1): Extracting archive - Upgrading masterminds/html5 (2.8.1 => 2.9.0): Extracting archive - Upgrading symfony/polyfill-mbstring (v1.29.0 => v1.31.0): Extracting archive - Upgrading sabberworm/php-css-parser (v8.5.1 => v8.7.0): Extracting archive - Installing dompdf/php-svg-lib (1.0.0): Extracting archive - Installing dompdf/php-font-lib (1.0.1): Extracting archive - Upgrading dompdf/dompdf (v2.0.4 => v3.0.2): Extracting archive - Upgrading symfony/polyfill-ctype (v1.29.0 => v1.31.0): Extracting archive - Upgrading dragonmantank/cron-expression (v3.3.3 => v3.4.0): Extracting archive - Installing symfony/polyfill-php83 (v1.31.0): Extracting archive - Upgrading symfony/deprecation-contracts (v3.0.2 => v3.5.1): Extracting archive - Upgrading symfony/http-foundation (v6.0.20 => v6.4.16): Extracting archive - Upgrading guzzlehttp/promises (2.0.2 => 2.0.4): Extracting archive - Upgrading symfony/polyfill-php80 (v1.29.0 => v1.31.0): Extracting archive - Installing intervention/gif (4.2.0): Extracting archive - Upgrading intervention/image (2.7.2 => 3.10.2): Extracting archive - Upgrading symfony/process (v6.0.19 => v6.4.15): Extracting archive - Upgrading knplabs/knp-snappy (v1.4.4 => v1.5.0): Extracting archive - Upgrading symfony/polyfill-intl-normalizer (v1.29.0 => v1.31.0): Extracting archive - Upgrading symfony/polyfill-intl-grapheme (v1.29.0 => v1.31.0): Extracting archive - Upgrading symfony/string (v6.0.19 => v6.4.15): Extracting archive - Upgrading symfony/service-contracts (v3.0.2 => v3.5.1): Extracting archive - Upgrading symfony/console (v6.0.19 => v6.4.17): Extracting archive - Upgrading voku/portable-ascii (2.0.1 => 2.0.3): Extracting archive - Upgrading phpoption/phpoption (1.9.2 => 1.9.3): Extracting archive - Upgrading graham-campbell/result-type (v1.1.2 => v1.1.3): Extracting archive - Upgrading vlucas/phpdotenv (v5.6.0 => v5.6.1): Extracting archive - Upgrading symfony/css-selector (v6.0.19 => v6.4.13): Extracting archive - Upgrading tijsverkoyen/css-to-inline-styles (v2.2.7 => v2.3.0): Extracting archive - Upgrading symfony/var-dumper (v6.0.19 => v6.4.15): Extracting archive - Upgrading symfony/polyfill-uuid (v1.29.0 => v1.31.0): Extracting archive - Upgrading symfony/uid (v6.0.19 => v6.4.13): Extracting archive - Upgrading symfony/routing (v6.0.19 => v6.4.16): Extracting archive - Upgrading symfony/polyfill-intl-idn (v1.29.0 => v1.31.0): Extracting archive - Upgrading symfony/mime (v6.0.19 => v6.4.17): Extracting archive - Upgrading symfony/event-dispatcher-contracts (v3.0.2 => v3.5.1): Extracting archive - Upgrading symfony/event-dispatcher (v6.0.19 => v6.4.13): Extracting archive - Upgrading egulias/email-validator (3.2.6 => 4.0.3): Extracting archive - Upgrading ssddanbrown/symfony-mailer (6.0.x-dev 2219dcd => 6.4.x-dev 0497d6e): Extracting archive - Upgrading symfony/error-handler (v6.0.19 => v6.4.17): Extracting archive - Upgrading symfony/http-kernel (v6.0.20 => v6.4.17): Extracting archive - Upgrading symfony/finder (v6.0.19 => v6.4.17): Extracting archive - Upgrading ramsey/collection (1.3.0 => 2.0.0): Extracting archive - Upgrading brick/math (0.11.0 => 0.12.1): Extracting archive - Upgrading ramsey/uuid (4.7.5 => 4.7.6): Extracting archive - Upgrading nunomaduro/termwind (v1.15.1 => v1.17.0): Extracting archive - Upgrading symfony/translation-contracts (v3.0.2 => v3.5.1): Extracting archive - Upgrading symfony/translation (v6.0.19 => v6.4.13): Extracting archive - Upgrading nesbot/carbon (2.72.3 => 2.72.6): Extracting archive - Upgrading monolog/monolog (2.9.2 => 3.8.1): Extracting archive - Upgrading league/mime-type-detection (1.15.0 => 1.16.0): Extracting archive - Upgrading league/flysystem (3.24.0 => 3.29.1): Extracting archive - Upgrading league/flysystem-local (3.23.1 => 3.29.0): Extracting archive - Upgrading nette/utils (v4.0.4 => v4.0.5): Extracting archive - Upgrading nette/schema (v1.2.5 => v1.3.2): Extracting archive - Upgrading dflydev/dot-access-data (v3.0.2 => v3.0.3): Extracting archive - Upgrading league/commonmark (2.4.2 => 2.6.1): Extracting archive - Upgrading laravel/serializable-closure (v1.3.3 => v1.3.7): Extracting archive - Installing laravel/prompts (v0.1.25): Extracting archive - Upgrading laravel/framework (v9.52.16 => v10.48.25): Extracting archive - Upgrading paragonie/constant_time_encoding (v2.6.3 => v3.0.0): Extracting archive - Upgrading phpseclib/phpseclib (3.0.36 => 3.0.43): Extracting archive - Upgrading psr/http-factory (1.0.2 => 1.1.0): Extracting archive - Upgrading guzzlehttp/psr7 (2.6.2 => 2.7.0): Extracting archive - Upgrading guzzlehttp/guzzle (7.8.1 => 7.9.2): Extracting archive - Upgrading league/oauth1-client (v1.10.1 => v1.11.0): Extracting archive - Installing firebase/php-jwt (v6.10.2): Extracting archive - Upgrading laravel/socialite (v5.12.1 => v5.16.1): Extracting archive - Upgrading nikic/php-parser (v5.0.1 => v5.4.0): Extracting archive - Upgrading psy/psysh (v0.12.0 => v0.12.7): Extracting archive - Upgrading laravel/tinker (v2.9.0 => v2.10.0): Extracting archive - Upgrading mtdowling/jmespath.php (2.7.0 => 2.8.0): Extracting archive - Upgrading aws/aws-sdk-php (3.300.6 => 3.336.8): Extracting archive - Upgrading league/flysystem-aws-s3-v3 (3.24.0 => 3.29.0): Extracting archive - Upgrading league/oauth2-client (2.7.0 => 2.8.0): Extracting archive - Upgrading robrichards/xmlseclibs (3.1.1 => 3.1.3): Extracting archive - Upgrading onelogin/php-saml (4.1.0 => 4.2.0): Extracting archive - Upgrading pragmarx/google2fa (v8.0.1 => v8.0.3): Extracting archive - Upgrading predis/predis (v2.2.2 => v2.3.0): Extracting archive - Upgrading socialiteproviders/manager (v4.5.1 => v4.8.0): Extracting archive - Upgrading socialiteproviders/microsoft-azure (5.1.0 => 5.2.0): Extracting archive - Upgrading socialiteproviders/twitch (5.3.1 => 5.4.0): Extracting archive - Upgrading ssddanbrown/htmldiff (v1.0.2 => v1.0.4): Extracting archive Generating optimized autoload files > Illuminate\Foundation\ComposerScripts::postAutoloadDump > @php artisan package:discover --ansi INFO Discovering packages. laravel/socialite ........................................................................................................................... DONE laravel/tinker .............................................................................................................................. DONE nesbot/carbon ............................................................................................................................... DONE nunomaduro/termwind ......................................................................................................................... DONE socialiteproviders/manager .................................................................................................................. DONE 59 packages you are using are looking for funding. Use the `composer fund` command to find out more! > @php artisan cache:clear INFO Application cache cleared successfully. > @php artisan view:clear INFO Compiled views cleared successfully. migrate the database as per step 4 if you have not already run it above. 7. The install ends with caches being cleared, lets run them again according to the instructions -bash-4.4$ php artisan cache:clear Application cache cleared! -bash-4.4$ php artisan config:clear Configuration cache cleared! -bash-4.4$ php artisan view:clear Compiled views cleared! -bash-4.4$ 8. Verify version in application Virtual Networking - VLANs in the Cloud RackCorp’s Cloud platform supports fully customisable interworking for your virtual machines; with regards to customisable VLANs both tagged and untagged, and definable IPv4 and IPv6 subnets. Since the RackCorp cloud platform supports a ‘many customers can have many sub customers hierarchy, as a reseller or system manager   can define custom networks for each   customers private clouds very easily. Once your VLANs and IP subnets are setup, these can be tied into your VMs via up to 3 virtual NICs. No end user software environment configuration is necessary. VLAN and IP subnets are accessed via the SERVICES -> NETWORK menu Add a new VLAN Click Add New on the VLANs tab an fill in the form appropriately.   Leave LAN ID field blank unless you have been given a specific LAN ID to use by RackCorp support Add a new IP Network Next, use the Add new IP network to add a new subnet to your account. Take care to assign it to your newly created desired VLAN. You now have a newly defined Private VLAN and IP subnet. Next, we assign these newly created resources to a virtual machine. Adding Virtual NICs to Virtual Machines Select your VM from the SERVICES-> SERVERS list in your RackCorp Portal Account. Click on the NETWORK tab. For this example demonstration we will add a 2 nd private vNIC to the default configuration, preserving NIC1 which is the default PUBLIC vNIC that was configured when ordering the virtual machine. 1. Add a new PRIVATE NIC and select the desired VLAN and tagged/untagged. 2. Review any advanced settings, leave as default if unsure: · DRIVER - Our vNIC are configured to use the RedHat virtio paravirtual driver by default. If you are using an older operating system you may select Intel E1000 · ALLOW DHCP SERVER – select if this NIC will be running a DHCP server · ONLY ALLOW REGISTERED IPs - If selected, traffic leaving this server from IPs other than that registered in the portal will be blocked.   NOTE: firewalls and routers will regularly pass such traffic so you should leave this unticked for such devices. · NIC PASSTHROUGH - allows all traffic to pass through the NIC and disables stateful tracking of traffic 3. The new vNIC has been created successfully. Next, add the particular subnet to the vNIC Upon selection of your new VLAN, the associated subnet is pre-populated. Enter your desired host IP address for the 2 nd vNIC under IP or use auto select, then press VALAIDATE IP to check your configuration. Further Reading See our OPNSENSE firewall setup guide for further examples on how to use virtual NICs and VLANs with RackCorp Hybrid Cloud https://wiki.rackcorp.com/books/help-and-support-en/page/install-opnsense-firewall Virtual Server BGP Settings BGP Configuration for RackCorp AS56038 All RackCorp VMs globally are capable of advertising prefixes via BGP at no extra cost.  The following instructions relate to customers with virtual servers who wish to advertise their public IP addresses. 1) Preparation: Submit a support ticket via the support portal with the following information: - Your AS (if you have one, otherwise we will advertise your IPs under AS56038).  We can also accept an AS-SET. - Any prefixes you wish to advertise.  If we should render this via IRR, we can also do this. Please ensure you add the following to your whois data for your AS (RPSL): import:     from AS56038   accept ANY export:     to AS56038   announce ASXXXXXXXX where ASXXXXXXXX is your ASN 2) Set up a bgp service on your VM.  We recommend using bird, however you can use any daemon you wish.  BGP Sessions are made to 110.232.119.251 and 110.232.119.252 regardless of your VM location in the world. 3) Note that it may initially take up to 24 hours for some of our upstreams to pick up and start carrying your prefixes. Also consider: RackCorp BGP Communities - LINK Particularly if you're using Anycast as RackCorp takes great care to try to give a globally balanced anycast network, so consider using 56038:888 community if you're using RackCorp for Anycast BGP services. Example BGP Configurations Bird BGP v2 example configuration Under Centos 8 / Rocky 8 Linux: yum install epel-release yum install bird cat /etc/bird.conf log syslog all; router id YOURSERVERIPADDRESS; protocol device {       scan time 5; } protocol direct {       interface "dummy*";       ipv4;       ipv6; } protocol bgp rackcorpannounce1 {   local as 56038;   source address YOURSERVERIPADDRESS;   neighbor 110.232.119.251 as 56038;   ipv4 {   import none;   export all;   }; } protocol bgp rackcorpannounce2 {   local as 56038;   source address YOURSERVERIPADDRESS;   neighbor 110.232.119.252 as 56038;   ipv4 {   import none;   export all;   }; } protocol static {       ipv4; # ignore the fact that it says reject, this is where your IP prefixes go       route X.X.X.X/32 reject; } Windows L2TP/IPsec VPN Client Configuration For Windows 8, 10, 11 1 . Open Control panel and select Network and Sharing center .   2 . Choose  Set up a new connection or network  option.     3 . Choose  Connect to a workplace  option and click  Next.   4 . Click Use my Internet connection (VPN)  option.     5 . Enter IP address of ASA's WAN interface or FQDN and any name for VPN adapter which is locally significant and click  Create.     6 . On Network and Sharing Center, choose  Change adapter settings  option on the left pane of the window.     7 . Right click the recently created adapterfor L2TP VPN and choose  Properties.     8 . Navigate to  Security  tab, choose the Type of VPN as  Layer 2 Tunneling Protocol with IPsec (L2TP/IPsec)  and then click on  Advanced settings.     9 . Enter the preshared key as the same mentioned in tunnel-group  DefaultRAGroup  and click  OK . In this example, C!sc0@123 is used as the pre-shared key.   10. Choose the authentication method as Allow these protocols and ensure that only " Microsoft CHAP Version 2 (MS-CHAP v2)  checkbox is checked and click  OK .   11 . Under network connections, right click on L2TP VPN adapter and choose  Connect/Disconnect.     12 . Networks icon will pop up and click  Connect  on L2TP VPN connection.     13 . Enter the user credentials and click  OK .         Virtual Machine Monitoring via SNMP To monitor parameters from within your windows virtual machines you will require two items to be installed: a.  Monitoring server A virtual machine deployed on the VMhosts dedicated for internal monitoring for each of the clients. This will be connected to the same VLAN as the client. Example specifications: VM specifications: 1 core, 2GB RAM, 10 GB storage b. SNMP Service (Agent) installed in the WIndows Virtual Machines you wish to monitor. Ensure Windows firewall allows SNMP traffic.     Step 1: Installing the SNMP Service, sub features and management tools: This can be done via the add remove features or via PowerShell using the following command on the nominated Server: For Wndows Powershell 2014 edition, use : ‘Add-WindowsFeature snmp-service –IncludeAllSubfeatures -IncludeManagementTools’ For Windows Powershell 2016 edition, use To check if SNMP is installed, ‘Get-WindowsFeature *SNMP*’ To install SNMP, ‘Install-WindowsFeature SNMP-Service -IncludeAllSubFeature -IncludeManagementTools’ Step 2: Open the ‘Services’ panel via Control Panel / Administrative Tools or by right clicking the start button, selecting ‘Run’ and entering services.msc followed by ‘OK’ Navigate down to ‘SNMP Service’ and double click on the service, this will open a dialog box with the properties for the SNMP Service. Next we will need to click the Security tab followed by the ‘Add’ button under the ‘Accepted Community Names” title. You can now enter in a community name that’s relevant to you, for this example we have used ‘SnmpM0nitor’   Now we will need to configure where the server will accept SNMP Packets from, this is configured under the “Accept SNMP packets from these hosts” title, click on ‘ADD’ button and enter in the IP address/es of the SNMP Monitoring Servers you just set up. Once completed select Apply and OK to exit. Restart the service by right clicking on the ‘SNMP Service” and selecting Restar t   Step 3:   After SNMP has been installed and configured you will need to download and install the following application “SNMP-Informant” - http://www.wtcs.org/informant/files/informant-std-17.zip This will provide SNMP the correct MIBs for the Cloud Monitoring Service – the additional MIB’s structure the collected information in a compatible format . Step 4: Firewall rules will need to be updated to allow the incoming SNMP requests, open ‘Windows Firewall with Advanced Settings” which is located in ‘Control Panel’ then ‘Administrative Tools’ Locate the existing ‘SNMP Sevice (UDP In) rules and double click the first one (which one is not important), select the ‘Advanced Tab’ and make sure ‘Domain, Private & Public’ are ticked then change the ‘Edge Traversal’ to ‘Allow Edge Traversal’. Select OK and close the remaining windows.   Step 5:   Within the Cloud portal, navigate to the server which has the SNMP Agent installed (Services / Servers Tab). Once on the Server Summary page select the Monitoring Tab.  Select ‘ADD NEW MONITOR’ followed by the ‘Monitor Type’ you are after. The following page will contain the fields required for your Cloud Monitoring System to successfully monitor the desired server. We recommend populating the following fields: SNMP Community Name: will be the SNMP community string previously defined in Step 2 Alert Threshold: If your monitoring CPU specify the CPU load that will trigger an alert. Alert Only if Exceed for: How long the alert threshold is exceed for in duration to trigger an alert (Important as brief CPU spikes do occur) Alert: This will enable alerts to be created if the alert parameters are met. Alert Email: Nominate a email address to receive the alert. Providing these fields are populated, then select Submit. You will be brought back to the previous page “Monitoring Tab” where you will see the new monitor appear. The metrics will start to flow in and you should see some information after 10 minutes. You can then add more monitors depending on your requirements.   Step 6: This step is only required if your server has a Private IP Address and is behind a NAT Firewall.   Prior to this step, it is expected that a Public IP NAT or PAT would have been made on your perimeter firewall to the nominated Server(s). NAT & PAT instructions are not included in this document due to the variety of firewalls available – we recommend you speak to you firewall management vendor to configure this for you. Once you are aware of your Servers Public IP Nat and the associated firewall rule is enabled to allow SNMP (port 161 UDP), then you will need to edit the ‘Additional Information’ field on the Server Summary Page. The information to be inserted is: “SNMP NAT ” where the will contain the Public IP provided by your Firewall Management vendor. Navigate back to the monitor we previously set up on the ‘Monitor Tab’. Here we will need to populate the Override Polling Host/Port field with the Public IP Address previously used in the Additional Information field.  If you have used AT, you will need to specify the port after the IP Address with a semi colon used as a separator. e.g. 110.232.116.11:14000  Click Submit and your monitor should being to show metrics within 10 minute. How to change Remote Desktop Protocol (RDP) port setting in Windows Server This procedure comprises of several steps 1. Change the port number 2. Add the port to Windows Firewall 3. Toggle RDP services on/off 4. Reconfigure RackCorp VM Firewall to new port, if applicable 5. Port Scan to verify results.   In this example, we shall use a simple PowerShell script to enact the changes. changing RDP from 3389 to 13990 on windows server. $portvalue = 13390 Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -name "PortNumber" -Value $portvalue New-NetFirewallRule -DisplayName 'RDPPORTLatest-TCP-In' -Profile 'Any' -Direction Inbound -Action Allow -Protocol TCP -LocalPort $portvalue New-NetFirewallRule -DisplayName 'RDPPORTLatest-UDP-In' -Profile 'Any' -Direction Inbound -Action Allow -Protocol UDP -LocalPort $portvalue  Once you have run this script, Toggle RDP in the windows remote desktop settings on and off Use https://port.tools/nmap-online-port-scan/ to verify that the applicable ports you are opening and closing come up as open or filtered   Getting Started with Hybrid Cloud Each RackCorp VM by default comes with a Public NIC and Public IPV4 IP . This can be changed at order time or after ordering when the VM is provisioned. Users can delete the public NIC for a VM after ordering and add private NICs.  When adding the private NICs they can select which (or many) of their private VLANs the private NIC has access to.  They can add up to three NICs per VM. They can have one public and one private if they wish. The nature of the hosted private cloud means it is isolated from the internet. We offer a number of different firewall solutions to allow connectivity to these private or Hybrid Clouds For a basic solution we can deploy a VYOS firewall VM for the customer if they want inter-VLAN firewalling and NAT.  It gets deployed with basic outbound NAT and remote SSH based management by default. VYOS is strictly a command line only application A more advanced solution is a managed firewall as a service.  We provide ISO27001 managed firewall for them with all changes tracked logged.  We also do updates and setup high availability/monitoring. Increasing and Resizing Linux Virtual Machine Disk space For RackCorp Cloud VM installer version of Ubuntu 20.04 Only This guide DOES NOT apply to self installed OS. DATA LOSS MAY OCCUR Use our ‘add a server’ tool in the RackCorp Portal to add a new server as described below For this example, deploy a server with 8 core, 16GB RAM and 300GB DISK as shown. Critically for disk expansion to succeed, we are assuming and relying on that the chosen OS is RackCorp’s cloud image of Ubuntu 2004. The OS will take a minute or two to deploy. Once it is ready boot it and run Df -h It should display 300G for the Linux partition POST-RESIZE IN PORTAL Resize to 450GB. Shutdown VM in Portal. Restart VM. Follow the steps to resize the 300G Linux Partition to 450G.  We can view the partition table using: sudo gdisk Where partition #1 is the main OS partition and partition 14,15 at the BEGINGING of the disk are Boot and System Partitions Safe shutdown the OS (via the OS or the SAFE SHUTDOWN button in the RackCorp portal) RESIZE the disk to the desired size , ie 450GB Boot the OS and run Sudo gdisk /dev/vda then p to print the parttable It will display the old disk size as we have not resized the disk yet Press the w key to write changes. We will receive a sector location error press Y to correct. This is expected. Again run: sudo gdisk /dev/vda p to examine the existing parttable before we change it. then run the following to delete the partition from the partition table. del 1 note, this just edits the partition table, not the actual data within those tables. If you do not do   final confirm and write of your changes the changes revert back to their existing settings. Next we will recreate partition #1 to the desired new size, again since we editing the partition table and not the data we do not risk losing data, however care must be taken to observe the right settings. First, the new partition must be in the right order in the table (it usually is, but there is a sort command if needed.) The sectors must be in the logical order an the file system should be correct. Next we will recreate partition #1 to the desired new size, again since we editing the partition table and not the data we do not risk losing data, however care must be taken to observe the right settings. First, the new partition must be in the right order in the table (it usually is, but there is a sort command if needed.) The sectors must be in the logical order an the file system should be correct. Choose n to create new partition 1 for Partition 1 Press enter for First Sector and last sector Enter 8300 for partition type Enter P to display the changes. If you are satisfied, press W to write the changes . If you made a mistake DO NOT write the changes. Try again and once correct THEN W for changes. Note the message above. We have now successfully written the new partition table. Next step is to actually resize our file system to fill the partition Run Sudo partx -u /dev/vda Sudo resize2fs /dev/vda1 Your result should match the below Run sudo gdisk and print to view the new result, it should reflect 450GB Lets reboot for good measure to make sure everything is working. We are now done. Enabling RackCorp Object Storage with Veeam Backup 12 For purpose of this guide, we used the latest Veeam patch at time of writing, 12.2, however the same functionality is exposed on 12.x Create a Object Storage for direct backups   Add the backup repository to Veeam; select OBJECT STORAGE   2. Select S3 COMAPTIBLE as we will be using the S3 API to connect to the object store   3. Choose S3 Compatible 4. Give the object store connection a unique name, For example in this excerise we are connecting to the RackCorp Object store in Newcastle   5. Fill in the Server Details for the object store. Use the server name and endpoints provided to you via tech support or the RackCorp Portal 6. Here we will define credentials to use for the storage. Click Add and fill in credentials that should give access to the storage system. which are your ACCESS KEY and SECRET 7. Once added, select the credential as default from the list and hit NEXT. 8. If the credential is valid, veeam will read back the buckets avalibe to you under your credential A bucket should have been pre-created for you, select it. Veeam will place its backups automatically into a SUBFOLDER of the bucket.   Eg BUCKETNAME\Veeeam But feel free to create a subfolder if you wish for Veeam to use Eg BUCKETNAME\Backups 9. Once you have selected your bucket and folder, it is important to enable IMMUTABLE. The setting is definable by user but if we are doing a daily backup a 1 day immtuable is fine. Press NEXT to continue 10. We dont need to modify any settings on the mount page, hit NEXT.   11. Review your settings here. IF you are aware that you have existing backups in your storage bucket you can import them here by selecting the option. Hit NEXT. 12.  The apply page will execute your settings against the server. There should be no errors (red marks here). When done hit NEXT 13. On completioin we have the Summary page which should be reviewed.     Create a Backup Job We have successfully created the object store, we wll now create a backup job to backup our files into the object store directly. Here we can see the 'legacy' S3 storage system and our Object Store system (in blue), both use the S3 API command set however.  Go to the jobs menu and add a new job as illustrated. For this example we are assuming no existing jobs for the system or backup object store exist. 2. Make sure to add a descriptive title to the backup job as by default the placeholder names are vague 3. Add the machine DNS name that will be backed up  4. On the same window, Press either add or manage accounts. Here you will define access credentials username/password for the machine that needs to be backed up 5. Return to the Computers window and ensure your desired machines are added successfully and proceed. 6. Under backup mode, choose your desired backup source. for this example we will be backing up the C:\PAYLOAD folder so we choose file level backup 7. The next page is the BACKUP REPOSITORY screen. By default it will suggest the repository local to the backup server itself. n the dropdown box, select the object store we added. 8. Indexing and Malware protection is optional, Select this if you originally had advanced indexing enaled on the windows machine you will be backing up 9. Review your backup schedule op[tions. Select run automatically to enable a backup schedule . To preserve bandwidth you can enbale the Terminate Job checkbox to force backups only duing your defined off peak hours   10. Review your backup job settings. Within a few minutes the backup should start. You will not see an progress immediately. To run the first pass of the job without waiting for the schedule select the Run tis job tickbox   11. Once a few minutes have passed, you can monitor the status and statistics of the backup job. From here on, the backup job will adhere to your defied schedule.