The situation was that I wanted to test out the very cool project Yunohost but I already had Nextcloudpi (another awesome project!) running on my local network. I already had a DDNS service (No-ip) running which was pointing to my Nextcloudpi (“NCP” moving forward) box, and a second DNS service that I set up which pointed to my router for the purpose of Yunohost (“YH” moving forward). You can read about that cool DNS solution in my other blog post, by the way, as it works really well and gives a bit more power.. and it’s free.

The problem was that ports 443 and 80 were being used by NCP but YH needed them as well. The only options appeared to be:

a) change the ports of one of the machines (complicated because clients outside of the LAN in the world webs won’t know those ports) or
b) figure out what a ‘reverse proxy’ is and then make it work

The challenge was that NCP was using Apache whilst YH uses NGINX – both of which are capable of reverse proxy. So, in order to do this I ended up doing some learning of both although it turns out it wasn’t really needed after all. C’est la vie…at least I learned some things!

At the end of the journey of trying about 10,000 different settings in the Apache default configuration file that comes with NCP (and other Apache installs) called “000-default.conf” it started working after adding just two lines to my configuration which seemed not to be in any other tutorial online for some reason. The key two lines that were needed were:

SSLEngine On
SSLProxyEngine On

Without those two lines it would just never work even though the rest of my settings were right.

Ok, enough of my hard journey story, let’s log the actual configuration and steps so that anyone who wants to do the same setup can save the pain!


Before we begin, I will assume that you already have the following set up:

  1. Server A (in my case NCP) running Apache which is already successfully reachable and working from the outside world. Through this machine Server B will be reached.
  2. Server B (in my case YH) running whatever (I think) but in my case it’s running NGINX and this box is the one we are trying to make visible to the outside world through ports 80 and 443
  3. You have a domain ( in this tutorial) which you own and which is already successfully hitting your router (You can test by pinging the domain and seeing the IP address of your router show up). You can do this with my other tutorial mentioned above as well. You can also get a free ‘domain’ from services like No-ip if you don’t care what the domain looks like.
  4. You have full access to SSH into both machines, but in this case Server A is the critical one.
  5. You are using an Ubuntu environment and have know how to open a Terminal and use it (roughly)
  6. You are willing to learn and try things if this doesn’t perfectly work as per this specific example. I’ll give you a few resource links as well to help you in case your set up needs tweaking.

Let’s Begin – Setting up Apache Default Config on Server A

  1. ssh into Server A (format ssh username@your.IP.Address )
  2. Change directory (cd) to your Apache2 sites-available directory. In my case it looks like this but if you aren’t using NCP it might be different
    cd /etc/apache2/sites-available
  3. Type this command to back up your Server A apache settings. If you mess anything up you can restore this one and delete the default and rename it back to original name.

sudo cp 000-default.conf 000-default.backup

  1. Check to make sure the new file with .backup is showing up by typing ‘ls’. If it’s there then proceed.
  2. Copy the sample configuration below into your clipboard
  3. Open the default Apache config file with this command (if you haven’t used nano before probably good to do a quick online overview) for editting:
    sudo nano 000-default-conf
  4. you may have some settings already in this file (you should) at the top. Scroll down to the bottom of whatever is there and then paste in the sample you have copied from below with the control + shift + v (If you don’t hold shift it won’t paste)
  5. Go through the newly-pasted configs and adjust to your settings changing domain names and ip addresses to yours.
  6. Control x to save and exit, ‘y’ to save modified buffer and ‘enter’ key to write your changes
  7. Restart apache with this command to see if it works (this will shut down whatever stuff is running on Server A so probably good idea to do this wisely if the server is currently being used by others…:

sudo systemctl restart apache2

If you get nice silence from your terminal, and no ‘journalctl’ messages, then things are going the right direction.

Run Let’s Encrypt Manually for SSL certs on Server A

For this step, to be honest, I’m not sure if you need to do it because certs are already on both boxes for NCP and YH. But you might not have that so I’ll provide the steps since after I did them nothing was worse and everything was working… I would love to get some feedback on this step.

  1. Install Let’s Encrypt tools:
    sudo apt-get install python-certbot-apache
  2. Run it
    sudo certbot --apache -d -d

Let’s Finish – Test Server B

Go to your domain from outside your LAN (just to make sure you are getting a real test) and try to hit Server B. I find mobile phone data plans are good for this kind of testing, otherwise, call your grandma and ask her what happens when she goes to…

If it works, you’re done.

If it doesn’t you might need to tweak your settings.

Sample Configuration – copy this and adjust to your set up

Your IP address will obviously be changed to the correct one where your Server B is. Copy everything in the code block below.

 <VirtualHost *:80>

   ProxyPreserveHost on
   ProxyPass /
   ProxyPassReverse /


#Listen 443

<VirtualHost *:443>

    SSLEngine On
    SSLProxyEngine On


     ProxyPreserveHost on
     ProxyPass /
     ProxyPassReverse / https://192.168.37:443/

FULL Sample Configuration Reference (DO NOT COPY THIS ONE)

This is what my config looked like when everything was done and working.

The ‘Rewrite engine’ stuff here was added by Lets Encrypt when it was run so it ‘should’ appear in your config after you run it after initial settings have been added. Same with the ‘Include’ stuff and the SSL certificate stuff at the bottom of the second entry.

<VirtualHost *:80>

   ProxyPreserveHost on
   ProxyPass /
   ProxyPassReverse /

RewriteEngine on
RewriteCond %{SERVER_NAME} [OR]
RewriteCond %{SERVER_NAME}
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]


#Listen 443

<VirtualHost *:443>

    SSLEngine On
    SSLProxyEngine On


     ProxyPreserveHost on
     ProxyPass /
     ProxyPassReverse / https://192.168.37:443/

Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/
SSLCertificateKeyFile /etc/letsencrypt/live/

Random Keywords and messy spam from the Journey

This next section is merely a copy/paste of all the steps I was trying to try to get this working. The purpose is not to follow any of these instructions but merely to leave as keywords in hopes that other people trying the same things will end up finding this blog and save themself the pain! 🙂 So, don’t use the next section for any form of tutorial but feel free to read and learn.

  1. set up individual virtual host conf files on box 1 else:

We were unable to find a vhost with a ServerName or Address of
Which virtual host would you like to choose?

1: nextcloud.conf | | HTTPS | Enabled
2: ncp.conf | | HTTPS | Enabled
3: 000-default.conf | | | Enabled

Select the appropriate number [1-3] then [enter] (press ‘c’ to cancel):

Select the appropriate number [1-3] then [enter] (press ‘c’ to cancel): c
No vhost exists with servername or alias of No vhost was selected. Please specify ServerName or ServerAlias in the Apache config.
No vhost selected


finding apache config…

seems like one shouldn’t mess with this… and that lets encxrypt probably does it for you

  1. sudo apt-get install python-certbot-apache (apparently not installed on ncp somehow..)
  2. created basic conf file in /sites-available
  3. restarted apache – worked
  4. added symlink to sites-enabled, restarted apache, breaks
  5. run certbot without enabled…with usual
    sudo certbot –apache -d -d

pi@nextcloudpi:/etc/apache2 $ sudo certbot –apache -d -d
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Cert not yet due for renewal

You have an existing certificate that has exactly the same domains or certificate name you requested and isn’t close to expiry.
(ref: /etc/letsencrypt/renewal/

What would you like to do?

1: Attempt to reinstall this existing certificate
2: Renew & replace the cert (limit ~5 per 7 days)

choosing option 2

fail. same error above

now trying to go back to simply 443 config in 000-default but wtihout ssl engine stuff.

now running:
sudo certbot --apache -d -d

this is something… progress….

the bad part:

Failed redirect for
Unable to set enhancement redirect for
Unable to find corresponding HTTP vhost; Unable to create one as intended addresses conflict; Current configuration does not support automated redirection

the good part


  • We were unable to set up enhancement redirect for your server,
    however, we successfully installed your certificate.
  • Congratulations! Your certificate and chain have been saved at:
    Your key file has been saved at:
    Your cert will expire on 2019-09-14. To obtain a new or tweaked
    version of this certificate in the future, simply run certbot again
    with the “certonly” option. To non-interactively renew all of
    your certificates, run “certbot renew”
Tags : , , , ,


In a previous blog post I set up a Yunohost (“YH” moving forward) box with a script so that it would report it’s location back to Cloudflare (“CF” moving forward) automatically using a cron job entry on the box and a cool piece of free software called ddns-cloudflare. That blog was to make sure the website stuff (ie. WordPress blog, Nextcloud, etc) would work. The other neat part about setting up your YH box this way, I was thinking during the process, is that (I guess but haven’t tested yet), you could just unplug it and plug it in at another physical location (with the right ports open at that location, of course) and it should just start ‘magically working’. This would be a real selling feature for getting ‘off the grid’.

Now to attack the part that most people like me avoid – EMAIL!

We have all heard that email servers are complicated and stressful, but, with the CF-YH combo – once I figured it out – it now seems much easier than I had expected. But there weren’t any specific blogs out there for me to follow so I decided it would be super helpful to write one to help others avoid what I just went through.

This tutorial will connect CF to your YH email and give you a few tips to test as you go until it’s all working, since there are a few things in both CF and in YH that are a bit ‘weird’ I discovered. My hope is that this tutorial helps you get setup faster and easier.

This tutorial assumes you already have a CF account setup with the settings from the previous tutorial (www and A record stuff).


You will be able to find the private and unique details for your own Yunohost installation in the following section of your user interface:

Domains / / DNS Configuration

When you click this it will open up a pane that has all your records from the previous tutorial but also the recommended email settings. If you are like me, none of it will make sense at all.

The parts you are going to need to match up to CF are:


The way in which you input them into CF is more than half of the battle, and the part where this tutorial should save you about 3 days of messing around.

First, let me give you a link to Cloudflare’s own support page on this topic. This will also give you a list of pretty much any kind of entry you might need in your own setup, if it’s more advanced than this tutorial. It also shows you how to create a records in your CF DNS settings. Here’s the link.

Now that you know how to enter a record in general, let’s enter them.

I’m going to display this like this:


  • TYPE: MX
  • NAME:


  • WHAT YH SHOWS IN DNS CONFIG PANE: mail._domainkey 3600 IN TXT “v=DKIM1; h=sha256; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA…super_duper_long_long_thing”
  • NAME: mail._domainkey
  • VALUE: v=DKIM1; h=sha256; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA…super_duper_long_long_thing (NO quotations)


  • WHAT YH SHOWS IN DNS CONFIG PANE: _dmarc 3600 IN TXT “v=DMARC1; p=none”
  • NAME: _dmarc
  • VALUE: v=DMARC1; p=none

It was explained to me that I also need to check RDNS, but I have not had any problems yet, and I’m not sure what this is nor how to do it. If you want to add this instruction in the comments that would be great.

If you refresh your page in CF and notice that an orange cloud has re-appeared from grey status, you may not have updated your .yml zone file correctly from previous tutorial. Your script might be updating the DNS records and accidentally forcing it back on. And this will stop your emails from working (the orange cloud). Go back to that tutorial and review the script yml config file setup and make sure you got he hashtags on the right lines…

At this point, it’s the moment of truth: will you be able to send and receive emails?


This part created some issues for me because there may (or may not) be either a bug or an interface issue in the YH account setup. It appears, as you create the YH user that the email can be separate, however, from my experience, you should keep the username and the ’email name’ to be exactly the same – let YH auto-fill it and keep that as your email name. So, if you want your email to be, make your YH username as johndoe at the top and let that auto-fill into the email field below. It seems like YH can’t take periods/dots in the username so john.doe won’t work. There appears to be email aliases that are supposed to work so probably you can figure this out but for me, for this tutorial, I would just avoid dots/periods, keep a simple username and make sure it auto-fills into the email field.


Once your username / email is set up in YH, now move on to test the email, in the client of your choice, but I strongly recommend Thunderbird to at least test to make sure things are working because it definitely works, I can confirm. Once this test is confirmed and you can send, receive emails with a basic thunderbird setup, then can feel confidence about all your settings above.


Literally, just follow this link exactly. If your settings are right, it will work. If they aren’t, they won’t. Also, be sure to wait at least 30 minutes for your cron jobs (if you are continuing from the Cloudflare tutorial) to run because the cron job can mess up your settings as well, I discovered. Once you have run a cycle or two of cron jobs and all is well, go wild with the hottest new technology – email…

TIP: when you get to the manual config, Thunderbird puts a period / dot before the serverhostname which is easy to miss. If your email is in the main domain root, then make sure to remove these dots.

Now send a test email to another account you have access to. One important thing to check is that you aren’t ending up in spam folders…

TIP: If you press send on your test email and it hangs on sending, go into your account settings of Thunderbird and you might have some old Outoing (SMTP) servers from previous YH email tests in there. I found after I deleted these old test servers and tried again, it worked perfectly, but if there were other ones in there it hung and failed.

Assuming you got your test email, now send a reply back to it and make sure you get that too. If you’re excited and bored or both, do this step over and over again perhaps with nursery rhyme verses…but make sure no one is watching you… I can’t emphasize enough that you need to wait at least a cycle or two of your cron jobs running to make sure it’s not messing things up over at Cloudflare.

All good? Nice. Another consideration now that you are a warrior hosting your own email is that by using Thunderbird you can back up your emails easily enough by simply connecting and synching your emails across multiple devices.


Now let’s set this up on our Ubuntu Touch device with Dekko.

  1. Select the left hamburger menu
  2. Select the top right settings cogwheel on dark panel
  3. Select ‘mail’
  4. Select ‘accounts’
  5. Select the top right + plus sign
  6. Select IMAP
  7. Enter ‘whatever you want’ for the first two name options
  8. IMAP hostname: overwrite example with your yunhost server email location
  9. ENCRYPTION: should already default to this: ‘force encryption (SSL/TLS)’. if not, do it.
  10. username/password: auto-filled from first step
  11. authentication: change to ‘login’ (defaults to ‘plain’)
  12. SMTP server: overwrite example with your yunohost server email location
  13. SMTP port: 587
  14. ENCRYPTION: ‘use encryption (STARTTLS)
  15. AUTHENTICATION: change to ‘login’ (it defaults to ‘plain’)

Last and final and very important or your outbound email will literally break for this account and, I think, all your email accounts. You need to go back into the settings for this new email address and to this step:

  1. Select top left hamburger menu
  2. Select top right settings cogwheel on dark panel
  3. Select ‘mail’
  4. Select ‘accounts’
  5. Select Your newly-created yunohost email account
  6. Select Outgoing Server
  7. Scroll down under the LOGIN field and turn on the switch that says ‘Authenticate from server capabilities’
  8. Press left arrow at top of screen to save settings


Now, you should be in business sending and receiving emails from a Yunohost server, in your house, using Dekko email client on your Ubuntu Touch device.

Tags : , , , ,


EDIT 19/06/12 – made some tweaks to this after realizing a few small errors. Sorry if you followed before June 12 🙁

I really wanted to self-host a kind of ‘family box’ which would allow me to have self-hosted email, Nextcloud, websites, and a few other basic things and not have it running on someone else’s server. During the process of searching I came across Yunohost (Pronounced “Why You No Host?”). I installed it on an old test box (super old) with their own documentation and it was really quite simple, especially if you have done any kind of operating system installation before.

My specific goal was to make it all work with a domain that I own ( for this tutorial). I feel that having a strange email address (the default Yunohost email setup looks weird and is awkward) is of little value for most people so this step must be overcome to become a viable solution for myself and other people I know.


If your registrar gives you full control of your DNS, CNAME, MX etc settings you might not even need this Cloudflare-Yunohost tutorial. My registrar didn’t allow me to do what I needed so I went to the next step. I don’t have enough experience to speak about the different registrars and their settings so research that yourself if you want. Otherwise, move on to this exciting Cloudflare-Yunohost setup…


As mentioned above, my registrar didn’t make it clear how to do CNAME stuff and mess with MX records, etc, so I ended up searching high and low for an open, free and reliable solution. Thanks to the free software community, I was pointed towards Cloudflare. People I trust and like consider Cloudflare to be ‘good guys’ and that was enough for me to trust and try.

Forgive my limited understanding and description, but I’ll do my best here: Cloudflare is a super robust ‘web traffic controller’ which gives the website admin person (since you are installing Yunohost that is you now!) really powerful control over how data moves to/from the domain/servers. They have cool controls and a nice interface too. Anyway, they have a free account you can start which allows you to do everything in this tutorial and through the process you’ll get a chance to see how nice Cloudflare (“CF” moving forward) is too.

Note: this tutorial assumes you are using Ubuntu or at least have the same terminal commands.

We’re going to do this:

  1. Tell your domain registrar to point traffic to CF
  2. Tell your Yunohost (“YH” moving forward) box to point to CF
  3. Stick a free software script on your YH box that automatically tells CF where your YH box is every 30 minutes (in case your IP address changes)(replaces dynamic dns service need…)


  1. Do the YH setup as per yunohost. Make sure your router’s ports are open! Check this page about ports and note that some ISPs will (unethically?) block you from using port 25 (email) and in this case you might be completely out of luck or have to change your ISP so you should check that first on this page. If port 25 is blocked you should be able to use everything except email (nextcloud, wordpress, etc should work) so it’s not completely without hope… TIP! If you get your domain setup first in YH sometimes Cloudflare will be able to magically import all your stuff automatically helping you avoid the manual inputs over at CF
  2. Get a Cloudflare account
  3. Log into your domain registrar and change nameservers to the ones shown in your CF account. This guy’s video is pretty good if you haven’t done it before.
  4. Take note of this project, which is the script which will automate the DNS updates stuff. Special thanks to the programmer!
  5. ssh into your yunohost box by typing (where 123 stuff is the local IP address of your YH box):
    ssh admin@
    This will get you into your YH box where you can stick the script files into your home directory.
  6. Clone the cloudflare-ddns project files above into your YH box by typing this into your terminal (TIP! do NOT use ‘sudo’ here!):
    git clone
  7. Then change to your new directory:
    cd cloudflare-ddns
  8. Then change to the zones directory within:
    cd zones
  9. Then copy the example yml file so that it duplicates and is named to your own domain:
  10. Now open the file so you can edit the contents:
    sudo nano
  11. Now edit the ‘’ line and change to the email you registered your CF account with
  12. Change whatever it says to the right of cp_api_key: to your cloudflare api key. There is a link of how to find that right in the terminal window but in case it stresses you out and you miss it here is the link
  13. Change zone name (cf_zone:) to:
  14. Set all the DNS stuff so that the file looks like this where the # signs are ‘comments’ telling the script to forget about this part:

Only write the subdomain (‘ddns’ for ‘’)

– ‘@’:
type: A
# proxied: true
log: ERROR

  • ‘www’:
    type: A
    # – ‘ddns’:
    # type: AAAA
    # ttl: 300
    # proxied: false
    # log: INFO

If you compare to the example file you can see the changes.

I just commented-out with hashtags the AAAA stuff since apparently I don’t need it (a great contributer told me) as well as the smallest but most painful one, the ‘Proxied: true” line! This one, if you don’t put a hashtag in front, will, every time your cron job runs, tell CF to make CF the controller of the DNS and then basically shut down your websites and your email will also stop working. Then you have to go in and turn the orange cloud back to grey again.

  1. Save and exit the nano editor with control x and ‘yes’
  2. Then move back up one level in the directory so you can run next command:
    cd ..
  3. Run a one-off test to see if it’s working as per the usage docs with this command
    python -z

if it’s ‘working’ you should:

a) see a success report back from your terminal that looks something like this:

2019-05-31 05:16:15,165 | INFO | The record '' (A) is already up to date


b) should be able to now go to your CF account and see the IP address of where your YUNO-box is / public-facing router listed in the DNS area. You can check this part by going into your router (or one of those ‘what’s my IP address?” websites) and compare your router’s IP address with the IP address in Cloudflare – they should be the same now. If not, assure that the orange cloud in CF is turned off by clicking. It will change to a grey colour when off and this is what you want.

If everything is looking good, let’s move on to making this update process happen automated in the backgroun since it would not be fun to have to run this test script every day or a few times a day!

Now that your config file for this script is all good, let’s go and do the cron job thing

  1. Type:
    crontab -e

Probably if you haven’t done this already it will say it’s blank and give you two options. choose ‘nano’ because it’s easier (option 1) and not VIM because it’s brutal and hurts

  1. The script provided in the usage page for doing this next step assumes you know what you are doing, that you understand Linux file structures and paths and even cron jobs. I didn’t. So, I’m going to spare you the pain here (you can read the pain below in the bonus section(s) if you are bored or like learning) and tweak this script so that you have a higher chance of this working. First, this is what was provided from the usage page:

Every 30 minutes, update my Cloudflare records.

*/30 * * * * python /path/to/ -z

If you just simply ran this tutorial that means your Cloudflare directory that you git-cloned in step 6 above is in your home directory. However, you need to add in the user into the path for this to work properly. Also, until you know this thing is working, I would advise you add in the MAILTO option above the script so that you can get a few emails for a few hours confirming it is or isn’t working. You can go back in and remove or comment out with a # the MAILTO line (or comment it out with a hashtag) after you are sure everything is working.

So, here is what I did that finally made it work

Every 30 minutes, update my Cloudflare records.
*/30 * * * * python /home/admin/cloudflare-ddns/ -z

If everything is working, you’ll keep getting ‘success’ emails that look like this everytime the cron job runs:

2019-05-31 05:30:05,942 | INFO | The record ‘’ (A) is already up to date

At this point I went back in (see step 17 above) in and hashtagged out the MAILTO= line so the emails stopped coming every thirty minutes.


    This one took me an addition day to figure out. I was getting continual TOO_MANY_REDIRECTS errors when trying to access my Yunobox. The problem was solved by the click of one box in my Cloudflare settings as follows:

crypto / SSL : change to ‘FULL’ in the dropdown.

    If you don’t do this step, your email and a few other things won’t work. Just click the orange clounds in your DNS section so they turn grey. That’s it.


If you try to do your letsencrypt SSL cert before these steps are done, it won’t let you (from my experience) But at this point it should all work. In your YH admin interface, just go to domains,, SSL certificate, and then ‘install lets encrypt’


Now your Yunobox should be automatically reporting back your router’s IP address to Cloudflare and Cloudflare is routing your website traffic through its nameservers, etc. As long as your ports and certificates are working, you should now be able to start using it with your own domain.

Now that this is done and you go to your new domain and nothing is there that’s because… there is nothing there. Go figure. So you have to install an ‘app’ (ie wordpress, nextcloud) through the Yunohost app area of admin. I’ll do a separate blog on that probably, but it’s pretty easy.

Tags : ,

How to Set up a Calendar with Ubuntu Touch and Nextcloud

1. Set up online account in Ubuntu Touch

You will need all your calendar info from your Nextcloud instance before beginning. Looks something like this:

  1. open calendar
  2. middle icon that shows grid calendar
  3. ‘add online calendar’
  4. choose NC
  5. enter credentials

2. Sync

UT calendar ‘should’ start syncing right away and you’ll see a little icon appear showing that sync started and stopped. Sometimes, however, it seems like a manual sync is required. You can do this by going to the calendar page and selecting the top right hamburger menu and then the circular arrow ‘refresh’ icon.

Tags : , , , , ,


Has your Suite CRM global search broken? I hear you. Hard times. I actually went through the entire process of upgrading our whole instance for about a month and after finishing all that, it turns out it was just this broken index! Good news is that the newer version of Suite CRM is about ten times more awesome so I’m glad I was forced to upgrade. But here’s the point – this tutorial might be all you need to fix your Suitecrm broken global search.

The problem is that if you are in a shared host environment like me and not very skilled it’s just downright scary to perform some of the tutorials I found. I had no choice but to give it a shot and thankfully it worked. Hopefully this tutorial will remove some of the fear for you that I had to go through.

First, as always, none of this would have been possible without all the history of awesome developers who put their code into the Suitecrm project. I will refer to a few specific folks but there are many others involved as with any free software proejct. To you we are all thankful and hopefully this tutorial helps others join the Suitecrm project.

Next, let’s talk about the task at hand

Before We Begin

I find it’s useful to look at the steps in a casual way before doing them. No one really does this in tutorials but I find it lowers stress levels when you approach each step. What we’re going to do here is just back up a few things so we don’t kill our crm forever if we make a mistake, rename a folder, learn a couple of new things in Phpmyadmin (some tool in Cpanel and elsewhere), delete a bunch of old rows in a database table that’s making your Global Search broken, and then tell Suitecrm to ‘start indexing afresh’. That’s it. So remember, ‘If Wayne can do it, you can do it too. Just take your time.

I am assuming that you are using a Cpanel shared hosting environment. If you aren’t, I’m guessing that you are probably smarter than me anyway and this tutorial will feel to baby-like. Feel free to skip to this tutorial here if that is you. Pretty much all of what I’m doing is from that but he didn’t explain a few things I simply couldn’t figure out online.

Step 0 – Advise Others Not to Use SuiteCRM

I always tell others to not use the crm when I do maintenance. Probably you should advise the same.

Step 1 – Back up your Whole Suite CRM instance

In theory you ‘could’ skip this step but I’ve learned it’s worth it. We’re only renaming one directory in this tutorial so if you are careful you could skip it. But since you probably need a recent backup anyway, why not do it?

  • a) Go to file manager
  • b) Go to your suite crm install folder and back it up. There are two ways to do it I’ve learned. You can compress it where it is with the Cpanel compress tool and then just download to your computer or, better, use an FTP tool and get it that way. Both work.

Step 2 – Back up your MySQL Database

Besides your files in Step 1, these database files are the other critical files to back up.

  • a) Go to ‘backup’ section of cpanel,
  • b) go to “Download a MySQL Database Backup”
  • c) select the database asssociated with your suitecrm and click it. If you don’t now what your database is, and you have a few, then there are two ways to figure it out:
  • if you installed by Softaculous, you can just search Suitecrm in the search field, find your install and then click the pencil icon to see the details which will show the database name
  • If you didn’t install it that way, you’ll have to find the Suitecrm directory in file manager, go into the directory, and then click the ‘view’ button after selecting the config.php file. Scroll down until you see a block that looks like this which will expose your info:

array (
‘db_host_name’ => ‘localhost’,
‘db_host_instance’ => ‘SQLEXPRESS’,
‘db_user_name’ => ‘yourdatabaseNAMEwillbehere’,
‘db_password’ => ‘randomPASSWORDwillbehere’,
‘db_name’ => ‘yourdatabaseUSERNAMEwillbehere’,
‘db_type’ => ‘mysql’,
‘db_port’ => ”,
‘db_manager’ => ‘MysqliManager’,

Now you have your database file safely saved on your machine as well as a backup of your suitecrm. Nice work.

Step 3 – Rename the Index file.

In your file manager navigate to this spot:

(yes, that’s a lot of indexes!)

Inside this is, no surprise, another index folder! But this is the one we want. Double click on the text and re-name it to ‘index.backup’ from it’s current ‘index’. Just so you know what’s going to happen here is the system will go looking for ‘index’ but because you just renamed it it won’t find it and will create a new one (which is a trick, because that’s what we want, you trickster!). At the same time you’re backing up the old one so bonus.

And that’s it for the work you need to do in your file manager for now.

Step 4 – Stop your Cron Jobs if You Have Them Started (which I’m thinking you do…)

If your Suitecrm is doing workflow stuff and sending alerts, probably your cron jobs are setup so you already know what a cron job is. If not, back up your current cron setting so you can quickly get it up and running again. I just saved this in in a safe place in a text file to use again after completing this stuff.

  • a) go to Cron Jobs in cpanel
  • b) copy and paste the settings you have into the text file and save it safely somewhere
  • c) delete the cron job This makes sure the cron job won’t run while you are doing the next steps. I went a step further, ( not sure if it’s needed ) and changed all my scheduled events in admin/schedules to ‘inactive’ to assure that I could turn them on one at a time later after I turned this on again. I think this was a good move so I’ll advise it next:

Step 5 – Turn all your scheduled jobs in Suite CRM Scheduler to ‘Inactive’

See comments just above.

## Do the Database Work
Ok, now we’re ready to do the stuff that was totally foreign to me but pretty fast and easy once you know how. Go into ‘Phpmyadmin’ section of Cpanel to begin.

Delete Rows from Table aod_index

This one is pretty easy. just find it on the left

… and click it then click the red delete circle and say yes to delete (or was it ‘go’? whatever, you’ll know…)

Delete Rows from aod_indexevent

This next step requires getting rid of WAAAAY too many rows to do by a human. Trust me, I tried before I was forced to find this better and faster way.

This one is a bit more ‘cryptic’ since you have to write a code. But the neat part is yiou know you are doing it right because it auto-fills as you type it.

  • a) go to SQL tab at the top of your Phpmyadmin
  • b) highlight and delete whatever is in that big white query box at the top if there is anything
  • c) Start typing this command and use the tab key (for fun) to autofill when it pops up stuff:

truncate aod_indexevent

  • c) press ‘go’ on the far right
  • d) agree when the warning Do you really want to execute “TRUNCATE aod_indexevent”? comes up

Boom. Done. Now we have to turn everything back on.

Step 6 – Turn Everything Back On

  • 1. your cron job
  • 2. your schedulers in admin, but see note below

Final Notes

There are two important admin schedulers related to your searches which need to index. the main one related to above which I believe broke our Global Search was the ‘Optimize AOD Index’ job. SO, for this one what I did was set it to ‘every 2 hours’ after I did the steps above. This would allow me to see an improvement sooner. Then, once I realized it was fixed, I switched it back to ‘every 14 hours’. I’m not sure what a good amount of time is but that seems to be working well for me. SO maybe you could do the same which will allow you to see if its working sooner. It seemed that by the end of the first day mine was fully working again.

Hope this tutorial helps someone as I don’t have developer skills to pay the project back

Tags : , ,

How to Encrypt a Password Around and Merge Multiple PDFs in Ubuntu

For some reason, this is way harder than it should be. I thought I would be able to find a simple ‘pdf stitcher’ software in the Software Centre and just put them in there, arrange them and then export to PDF – with a password. I think this used to be possible with PDF Sam but anyway. This tutorial will hopefully be a long term and reliable way that we can do this in a pinch from any machine.

This is all terminal based so get ready to pump up your terminal skills.

1. Stick PDFs in a Dedicated Folder

Assemble into one directory all the PDFs you plan to stitch together and wrap up with a password. I think the command will only work if they are in one place so this step is important.

2. Install PDFTK

sudo apt install pdftk… I think… but you might need some other package these days… remind me in comments if this is wrong 🙂

3. Go to your PDF directory

Using the CD (change directory) command, navigate to the directory you made in step 1.

4. Run the Command for One Page Only.

This is the basic format for PDFTk showing one file being output with a new name and a password

pdftk [mydoc_old].pdf output [mydoc_new].pdf user_pw [awesomepasswd]

In this case you”ll swap out the filenames accordingly.

*Special note! do not put the square brackets in there. those are just to show you what needs to be swapped out. I actually did this and wasted a lot of time (lol)

Also, take note of this, you ‘might’ get a warning that the PDF has a user password and you can’t do these tasks because you don’t know the owner password. It seems banks do this on their bank statements, which is funny, because they don’t supply a secure way to send banking documents to them and ask me to email…

Error will look like this if you need to work around it:

has set an owner password (which is not required to handle this PDF).
You did not supply this password. Please respect any copyright.

I found a nice work around to stick it to these bankers which is to use the Ubuntu ‘print’ (ie. printing to your printer) and then change from your printer to ‘print to file’. Side note: If you didn’t know about this built in and super easy PDF feature and you only need to do one PDF at a time and no encryption, this is the way to do it.

The output PDF from this method seems to strip away any of the ‘owner password’ annyoyances. Hint: this is also a good time to rename your individual pdfs to a number in the order you want them to appear in the final merged PDF. I do 001, 002, 003 during this phase making the next section way, way easier.

5. Run the Command for Merging Multiple PDFs

The process is the same as above, but now that you have your folder full of 001, 002, 003 numbered files, here is what you do:

pdftk [001].pdf [002].pdf [003.pdf] output [mydoc_new].pdf user_pw [awesomepasswd]

Once you hit ‘enter’ a new file will appear in the same directory with name ‘mydoc_new.pdf’ and will have 001, 002, 003 in it and be locked behind the password ‘awesomepasswd’.

Pretty handy especially when you have to deal with ‘owner passwords’ in the PDF.

Hope this helps!

Tags : , , , ,

How to use Onionshare on Ubuntu

Looking for some extra security, privacy and anonymity whens sending files? This might be a neat solution for you.

Currently it seems the instructions for using this interesting Onionshare technology are not super clear so I’m writing up a quick tutorial so others can save a few minutes and set their expectations correctly.

First, how it works is this:

  • You have to use a command line tool for now
  • Onionshare does a bunch of fancy stuff to your file and turns it into a shareable link
  • The person on the other side gets the files by entering that link into a tor browser (not a regular browser – won’t work)
  • You get a .zip file, not the raw file which you download to your local device and extract
  • It seems you only get one chance and if you don’t get the files, the link dies and the sender has to start again.

So, let’s get started:

1. Install Onionshare.

Command line install instructions are in the Ubuntu section here

2. Install Tor browser

I used the Ubuntu Software centre. Probably there are other ways to get it.

3. Convert your file into a shareable and anonymous link

In the terminal, go to where your file is with the CD command and then type:
onionshare filename.txt
Where filename.txt is whatever file it is you are trying to share.

4. Copy Link to clipboard

If you haven’t used a terminal for copying before you’ll need to do control + shift + C (not just control + c)

5. Have sender open link in Tor browser

In this case it’s probably you for the first test so paste the link into the Tor browser.

6. Download the file(s)

It seems you only get one shot and that it won’t download raw file but only compressed package. Also if you aren’t familiar with Tor, I lost some precious time here as well looking on my computer for the file but it downloads into a ‘tor folder’ it seems so use the browser to go find your file in case it didn’t end up where you expected…what I did was find it, and then control + X it to my local machine from there to do the next steps.

7. Extract and Enjoy

Worked for me!

One-Shot Sharing

Try now to click the download files button again. You will see it’s dead.
Try also to use the same share link again. You will see this also is dead.
Kind of cool.

Sending more than one File at Once

So, after sending one file, I tried again to send an entire directory containing a screenshot, a PDF and a music file just to see what happened. I then tried to do the exact command with a regular directory to see if this would be able to handle it but no go. Onionshare appears not to be able to do this. It failed and couldn’t open the end zip file. For the second test I compressed the directory first as a .zip, then sent that via the instructions above and … still no go. When I try to extract it fails.

So it may currently only be able to send single files, but definitely single files work well with these instructions above and if you figured out how to send a directory, throw that in the comments below.

Tags : ,

Converting a Zsun Wifi Card Reader into a Wifi Range Extender

This post is a follow-up post to my original where I successfully flashed OpenWRT onto these Zsun devices. Be sure to see that post first if you haven’t already flashed OpenWRT onto the device.

Note that this tutorial should also work for any device upon which you can put OpenWRT (ie any compatible old router you have kicking around).

With this project, what I was really trying to do was create a legitimate ‘mesh network’ but my skills and time ran out so I resolved to have a ‘half victory’ which was to be able to use these little devices to expand our home wifi with small size footprint and lower energy usage, even if it was just on demand, as needed. For example, if I needed wifi to reach outside while gardening so I could listen to streamed music, etc, I could plug one of these in nearby and extend the range instantly.

Before beginning, it’s important to note that this process may need your critical thinking to build on what I’ve done, and if you have further progress, it would be appreciated by all to know, if you could write them in the comments. For full disclosure I fried two Zsun devices while learning so make sure to heed my advice in the other blog if you are using this device.

Oh, one last useful statement: I recommend turning off the wifi in your master-router so that you (you) don’t get confused by which wifi radio device you are connecting to since both devices will, by the end of the tuturial, be sharing the exact same SSID. It reduces confusion and headaches to turn this off (just the wifi, you can use wired connection if you have access). Also, while you are turning it off, take note as to what channel it is broadcasting on since you will want to choose a new channel that is far away from this one on the new device.

Ok, let’s get started.

Setting up the Device as an Access Point

For full credit I pulled the methods for this process from this video, but the video wasn’t super helpful because it required an internet connection to do the changes and I needed a static page with text instructions! These are those:

Step 1: Set up the Interface

  1. Go to ‘network’ and ‘interfaces’ in the sub-servient (new word I made, enjoy, GNU license word..gnucabulary…) device (in my case the zsun).
  2. If you have any other interfaces besides ‘LAN’, remove them as they won’t be used
  3. Edit the LAN
  4. Change the IPv4 field to the static IP address that this device will have on your main home network.
    If your main router is for example, then you could set this to if it’s available. If not, find one that is and set it. And don’t lose it! You will need it to log back into the router after making the change.
  5. Change the gateway IP address to the master (gnucabulary…) routers (ie. if that’s your router’s admin login page)
  6. In the “DHCP Server” settings below on the same page, there is a checkbox called ‘ignore interface’. Check that box which will disable DHCP (the thing that sends out IP addresses to all your devices) since you won’t need it
  7. “Save and Apply’ button at the bottom

Reminder note: your device will no longer be found at if that’s where you just logged in. It will now be accessible at the address you chose in step 4 above. I always forget this one, ha. Go find it and log back in…

Step 2: Disable the Firewall

  1. Go to ‘System’ and then ‘Startup’
  2. Scroll down until you see ‘firewall’
  3. Disable it by clicking on the ‘enabled’ button
  4. ‘Submit’ button

Step 3: Adjust the Wifi settings

  1. Go to ‘Network’ then ‘wifi’
  2. Edit the active wifi entry
  3. Change the channel (1 to 11) of the device to one that is fairy far away from that of your main router so there is a nice gap between the frequencies
  4. In ‘Interface Configuration’ section, change the mode to ‘access point’if it isn’t already
  5. change the SSID to exactly the same one as your main router (if it’s slightly different it won’t work)
  6. Change the WPA2/psk password to exactly the same one as your main router is outputting. If you don’t it won’t work
  7. ‘Save & Apply’ button

Some Follow up Notes

As hinted at at the very beginning of this tutorial, from this point on you will not (or may not?) be able to access your subservient device while the wifi of the master router is on. The reason for this is because probably your computer will find the master router’s wifi device and connect to that. I had big struggles trying to find this device again. If you need to access it, either unplug your master router (honestly this is the easiest way if no one will be angry at you for killing their internet) or go into the master router’s settings and disable the wifi transmit. For me, I recommend turning off the master router’s wifi transmit until it’s all setup on the subservient first.

I had quite a bit of problems, even though my master router wasn’t transmitting wifi, connecting to my newly-IP’d subservient device. After I cleared my browsers cache it did re-appear but I’m not sure that’s why. You might need to mess around with your browser to be able to hit the admin page again. I think my problem might be because I have multiple devices running OpenWRT and the browser gets confused…

Special thanks to all the contributors at OpenWRT!

Tags : , , ,

How to Flash OpenWRT onto a Zsun Card


EDIT JAN 7, 2019
Warning! Before beginning this tutorial, note that I have **fried** two Zsun devices nearly immediately after doing these steps. My theory appears to be correct that as soon as you flash to OpenWRT the default power output is way, way too high and so it starts heating up and frying it. Within about 15 minutes of flashing both devices were dead and inaccessible – their SSID didn’t even show up. I am now testing another one where I dropped the power to low and it’s still alive after about 45 minutes. Therefore pay special attention I’m going to test another one now, but in case you find this blog today, you might want to wait a few days for my findings….

I found a lot of pages on the internet showing that it’s possible to flash OpenWRT onto a Zsun Smart Card Reader. A friend gave me a couple and I wanted to try some mesh network ideas. However, for some reason I couldn’t find everything in one spot for Ubuntu, so I’m writing this guide for anyone else who might want to try. There was also a significant bug I encountered which I overcame which might help you if you have tried and failed in the past.

I also recommend staying fully disconnected from your home wifi while you are doing this to avoid confusion. If you have access to an ethernet cable and router this will make things a bit more simple.

What You Will Need

  1. Zsun Reader
  2. micro SD card to insert into reader – BONUS! I just discovered you only need this for the flashing process and then can remove and use again for flashing other devices (microSD not required to function as extender!)
  3. Ubuntu machine with understanding of how to open a Terminal
  4. (optional) A dedicated folder/directory on your computer where you can ‘do all your actions’. I find this reduces risks and helps you keep your files in one place. You can even download this blog to PDF and put it in the same folder.
  5. All the stuff you need in one place on local machine (because your internet will go down while flashing)

Step 1: Download to local machine the File you will need to flash onto the Zsun

I found it really hard to find the file on this page. Here is a direct link to the file and save this in a memorable location on your computer as we’ll need to access it soon.

Direct link to download

Step 2: Make sure your micro SD card is formatted to FAT32

On ubuntu you can do this by pressing the super key, typing ‘disk’and using the disk utility. Note – always unplug all external drives you do not want to accidentally kill! Also pay super-special attention you are not accidentally formatting your own computer’s hard drive (I’ve done this hard life lesson and you don’t want it)

Step 3: Insert empty and correctly formatted card into the Zsun card reader

Self explanatory

Step 4: Plug in Zsun card reader into your computer (or any powered usb slot)

Self explanatory

Step 5: Connect the Zsun to your WIFI network

This is funny because I totally missed this step and (obviously) it has to be connected to the network in order for it to show up in network and be able to access the admin page. I had an attempted connection which failed and then the second time it connected. You connect to it like any wifi network but it won’t ask for a password.

Step 6: Make Card Accessible to Admin

I ‘guess’ that this step in one of the tutorials I read preps the card to be able to access via Samba. Not sure, I could not access the files on the card until I performed this step so let’s do that now. In a browser, copy/paste this:

It should spit back this:

Note: if you get ‘connection refused’ message in the next step you may have to re-try this command a few times. Make sure you are actually connected by wifi to device. One time I had to do a full computer reboot too and then it seemed to work.

Step 7: Access the Zsun via Samba (SMB)

(reminder this is an Ubuntu tutorial so you might have to do it a different way on your machine if it isn’t the same)

The super painful part of this tutorial for me is that this easy part was subject to a weird Ubuntu bug that tracks back nearly 10 years. If you are bored you can read about it here, but probably, like me, you just want to hack this zsun and then put evertyhing back the way it was. So let’s do that:

Step 8: Overcoming the Ubuntu Samba Username password bug

  1. in a terminal enter this:
    sudo nano /etc/samba/smb.conf
  2. Scroll down into the ‘Authentification’ section.
  3. at the very bottom in the space just above the “Domains” section, paste in (with control shift paste) this:

security = user
client use spnego = no

  1. ctrl x to get out
  2. ctrl y to agree to write the changes

Step 9: Continue with Tutorial and Accesss the Zsun via Samba

  1. Open Nautilus (called ‘Files’ on the launcher) (the file cabinet icon thing…)
  2. Go to ‘Other locations’ on the left menu at the bottom. A ‘Enter server address’ field will appear.
  3. Type in zsun address as follows: smb://
  4. enter admin/admin pass/user (don’t worry about ‘workgroup’)
  5. when greeted with ‘public’ enter that directory
  6. hit ‘contrl h’ on your keyboard which will show hidden folders. If you don’t do this step you might not think the next step will work since it’s a hidden folder.
  7. You should see ‘trash~’ something. But if you don’t… whatever. Seems to work if it’s fully blank too… Here is where you create the following folder (with the dot/period in front):
    .update if it doesn’t appear after creating this folder, review step 6 above…
  8. Drag and drop the file you downloaded way above (SD100-openwrt.tar.gz) into this new .update folder. Yes, the whole tar file, don’t extract it.
  9. CRITICAL STEP! Before doing step 10, make sure you skip ahead, and deeply familiarize yourself with the steps following it because you will have a short time to do those steps before the device fries and dies. Once you have read it all (especially big step 11 below) then come back here and execute step 10.
  10. After you are sure that the file is done copying in, go to a browser and enter this:

When you see this, things should be working:

Here is a fair-use paste from buddy’s blog

Wait for the reboot into OpenWRT

Wait for long LED flash, then multiple fast flashes – now OpenWRT is booting for the first time.
There will be a long period of (normal slow) flashing, then one long flash, then a whole bunch of very fast flashes. The ZSun Wifi network disappears, and eventually re-appears as OpenWRT.

What he didn’t add that I discovered was when everything is totally done it will be a solid light colour.

SUPER IMPORTANT NOTE (in case you missed my other 20 warnings…) immediately as quickly as possible and reduce transmission power on device! Learn how to do this in Big Step 11 below …if it’s not too late.

Step 10: Log into your new OpenWRT Mini Router!

I have another OpenWRT router going in my house so right away I’m going to log into the new little guy here and change it’s IP address to something different to make sure they don’t conflict. The default OpenWRT is so we’ll access it there now.

You’ll get a browser warning that it’s not secure. No problem, add exception, move forward.

You’ll be greeted with a log in screen with no password set.

Log in.

Step 11: Turn Down Radio Transmission Power to Prevent Deep Fried Zsun!

IMMEDIATELY reduce the transmission power of the device. The default is set to the maximum power and it will fry/kill this device in less than 10 minutes after you flash it. I lost two devices this way so act quickly as follows:

1. Go to network

2. go to ‘wifi’

3. click ‘edit’ on the ‘OpenWRT’ entry

4. Drop transmit power to 4 (lowest)

5. ‘save and apply’ button at the bottom

This will momentarily disconnect you from the device while it makes these settings. From here, assuming my theory above is true, you can start doing other things now such as resetting your device access password:

Go to ‘system’ and ‘system administration’ and create a new user/password

Step 12: Undo whatever we did to that Samba bug above (If you want)

Remember when we fixed that Samba bug above? I’m frankly not sure if that was a secure thing to do so let’s undo it in your computer just in case by going back in the same way, deleting those lines you added, and then saving.

Step 13: Remove microSD

As mentioned above, the microSD is no longer required if you are just using device as a wifi range extender (see this tutorial). You can unplug, remove microSD and plug it in now.

Step 13: Enjoy!

The rest, my friends, is up to you. Hope this helps!

Thanks to the following resources

  1. This nice video helped me create this Ubuntu guide
  2. This great blog entry mentioned at the beginning.
  3. Of course the awesome people who hacked this thing here

Tags : , , , ,

Fixing Wrong Monitor Display in Ubuntu 18.04

What a pain in the hindquarters… I lost about 2 hours of my life after I plugged in a Samsung 40″ monitor after having been using a Samsung 20″ Monitor. When I went back to my 20″ in my office, Ubuntu (I’m using Gnome currently until Unity8 is ready) my laptop continued to falsely detect the monitor as a 40″ still . The result was a bad display of the wrong size. I could not adjust the settings, nor save any changes, etc, etc.

Thankfully, a friend in the UBports community (awesome, awesome community and project by the way) just saved my day, and what was most nice (is that English?) is that it took less than 30 seconds to fix.

So, if you want to erase or delete or get rid of some false monitor detection in your ubuntu machine, this might also help you 🙂

Note before beginning: The monitor may/will still display as the wrong size/name but it will work as it should regardless of the name it has in the display settings.

  1. Open a Terminal
  2. Enter this command rm .config/monitors.xml
  3. Press enter (of course)
  4. Reboot
  5. Enjoy your life again

PS – After searching for hours and blogging this someone did point out that there was an official page with this solution, but yeah. If you don’t find it hopefully this blog will help solution be found.

Tags : , ,