Electronic Frontier Foundation’s Let’s Encrypt

In the early days of my business, one of the first services that we offered was web development and design, to be quite honest because it was fairly easy to sell at a large profit margin. However, with me being me and having an intense background in system and server administration, we not only designed and developed the websites, we would also provide the hosting and maintenance for those sites.

All well and good except that some of those websites had either e-commerce built into the site or collected sensitive information from their customers or patrons. So it was a must to use SSL certificates to secure the data while in transport from the user’s browser to our servers (I’ll get into securing and encrypting that data at rest some other day). Back when we were doing it, you had to go find a trusted certificate authority that you actually trusted such as Verisign or Norton that usually came out to a few hundred dollars every year, generate your public and private certificates on your server then getting them to work with whichever web server you had. It was a mess. By far the thing that I hated doing the most for web hosting.

That’s why I was so stoked when I found out about a year and a half ago that The Electronic Frontier Foundation (EFF), in an effort to make SSL connections the new default, not only was becoming a certificate authority, they developed a tool called Lets Encrypt that makes it ridiculously simple to enable SSL on your website. All you have to do is go to https://letsencrypt.org, choose your operating system and web server and it will download the appropriate script. Oh yeah, it’s completely free!

Since Let’s Encrypt has came out, I have used it for every web server that I’ve set up whether it needs it or not. It literally on takes about five minutes to setup so why not?

Continue Reading

Invoice Plane: Open Source Accounting System

Open source accounting system When I first started my business ten years ago, a lot of the tools that I used, I developed myself and that included my invoicing and billing system.

However, about five years in, it was getting to the point where I’d go to invoice a client, I’d have to fix or patch something first. So I eventually bit the bullet and signed up and paid for Freshbooks, which really is a great product but for one, it’s just another monthly bill you have to worry about paying and for two, if you’re just getting started in your business or just have a side business where you don’t need to send invoices or track expenses all that frequently, you may not want to pay that monthly fee.

In comes Invoice Plane. Think of it like the WordPress of accounting software. Invoice Plane is completely self-hosted so you can host it on your existing LAMP server or you can just do what I did and dedicate an old Raspberry Pi to hosting it (or an old computer you have laying around).

With Invoice Plane, you can:

  • Invoice and track clients (totals, outstanding balances, paid balances)
  • Track expenses, including receipts
  • Generate profit and loss statements
  • Accept credit card payments with third party merchants such as my favorite, Stripe (although you’ll need your host on the public internet for that one)

I’ll be the first one to admit that there are a ton of more elegant and more functional accounting systems out there, however, there are some systems that I still like to have in my complete control versus putting in the cloud and business financial data is one.

Check it out at: http://invoiceplane.com

Continue Reading

3CX Phone System

Back in the day, when I first started with VOIP, I really wanted to go with some form of asterisk like Trixbox or Elastix but after months and months of trying, I just couldn’t get it stable enough for companies to be able to rely on.

Then a buddy of mine suggested that I look at a system called 3CX. At that time they were just on version 10 and it only ran on Windows but I tried it out anyway and it seemed pretty stable so we went ahead and bought a license for it (I believe it was $1,200 at that time).

Fast forward to today, about a month ago I had to rebuild a phone server for a non-profit in Bakersfield. Beforehand, I did a bit of research and found that 3CX was not only now on version 15, but they now supported Linux as a platform! Moreover, since this non-profit only had a handful of employees, I could get them on the free tier! Some of the more advanced features aren’t included in the free tier such as the fax server and it limits the number of simultaneous calls to eight but for this particular project, it was perfect!

Within an afternoon, I had wiped one of their old servers, installed Debian 9.0 on it, installed 3cx on it and was provisioning phones. I built it on a Friday but waited until the weekend to change over their SIP trunk provider (Nexvortex) just in case something went wrong.

That following Monday morning, I made sure to wake up extra early and clung to my phone all day knowing that there had to be something that was overlooked or left un-configured. 8:00? Nothing. 12:00? Nothing. 3:00? Nothing. I finally sent the director a text and asked how the phones were today? She just said, “Good, no problems.” Trust me, that’s a miracle!

It’s been up and running solid for a good month and a half except for one issue: if you’re running 3CX on a server with two NICs, be sure to only have one interface hooked to the network.

For the past few years, I had been using RingCentral for most of clients just because it was pretty much friction free but I’m thinking that for now on, I’ll use 3CX on top of Debian.

Continue Reading

PFSense: My Go To Firewall for SMB

Given that I’m an open source junky, it should be no surprise that PFSense is without a doubt, my favorite firewall for both home and small business use.

During the last three years of my business, instead of buying a Cisco SMB or a Sonicwall firewall, what I’ve done is buy a refurbished Dell Poweredge server with typically around 16 gb of memory and usually a RAID array that has the usable capacity of 500 gb for around $200-$300 and popping PFSense on it.

Aside from it being completely open source, some of the things that I love about it are:

  • It being rock solid given its FreeBSD foundation
  • It’s bandwidth monitoring and rule-based policies
  • VPN built in with both OpenVPN and IPSec
  • Web caching built in with Squid
  • Web content filtering to block people from visiting unwanted or inappropriate websites
  • It’s on-demand virus scanning, blocking viruses and malware before it reaches the client’s computer
  • Limit traffic by country
  • A programmable intrusion detection system
  • VLANs completely built in

I could go on and on and on. There are literally hundreds of available plugins that extend the core of PFSense’s functionality. Knock on wood but I’ve had some PFSense servers running for years without issue. I know that a Poweredge server is a bit overkill for a firewall for a small business, but at that price, why the hell not?

Continue Reading

OwnCloud: An open source, self-hosted Dropbox alternative

Sometime last year right around the time that Dropbox had their database of user accounts and passwords compromised, a client of mine got wind of the story and asked me to remove all of their cloud services to on-premise servers.

At the time, I was using Dropbox Plus to keep their network drive in sync between their multiple business locations (quite honestly because it just worked and it was one last thing that I had to worry about managing) so I began researching open source, self hosted alternatives to Dropbox. I quickly came across OwnCloud which is exactly what I was looking for. OwnCloud runs on top of your existing LAMP stack and has a web client, desktop sync clients as well as mobile clients for both iOS and Android. Best of all, it has file versioning built in. You can also use the EFF’s LetsEncrypt to secure the data in transit using SSL.

Ever since discovering it, I’ve also ran my own personal OwnCloud server using a Raspberry Pi and a one terabyte external hard drive. Of course, with any self hosted service, you get the responsibility of backing it up. I don’t keep anything mission critical on my OwnCloud but I wrote a simple Python script to copy over all of the data, dump the MariaDB database, tar it into an archive, send it through an encryption process and send it up to my Google Drive once a week.

Even if you don’t have a business, having your own personal cloud storage is still a fun project to do. For less than $99 (the cost for 1 year of Dropbox Pro), you can go on Amazon and order yourself a cheap Raspberry Pi kit as well as a 1 terabyte USB external hard drive and build your own personal cloud storage!

Continue Reading