### Step-by-Step HaroonNet ISP Platform Installation Source: https://github.com/nimroozy/haroonnet-isp-platform/blob/main/SAFE-INSTALLATION.md A detailed, step-by-step guide for installing the HaroonNet ISP Platform, covering system preparation, essential tool installation, SSH security, IPv6 disabling, Docker and Docker Compose setup, firewall configuration, and platform deployment. This method is for users who prefer granular control. ```bash # 1. Prepare system apt update && apt upgrade -y # 2. Install essential tools apt install -y curl wget git htop tree jq vim nano # 3. Secure SSH before any firewall changes ufw allow 22/tcp ufw --force enable # 4. Disable IPv6 echo 'net.ipv6.conf.all.disable_ipv6 = 1' >> /etc/sysctl.conf echo 'net.ipv6.conf.default.disable_ipv6 = 1' >> /etc/sysctl.conf echo 'net.ipv6.conf.lo.disable_ipv6 = 1' >> /etc/sysctl.conf sysctl -p # 5. Install Docker curl -fsSL https://get.docker.com -o get-docker.sh sh get-docker.sh rm get-docker.sh # 6. Install Docker Compose curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose chmod +x /usr/local/bin/docker-compose # 7. Configure Docker for IPv4 only mkdir -p /etc/docker cat > /etc/docker/daemon.json << 'EOF' { "ipv6": false, "fixed-cidr": "172.17.0.0/16", "log-driver": "json-file", "log-opts": { "max-size": "10m", "max-file": "3" } } EOF systemctl restart docker # 8. Clone and setup ISP platform git clone https://github.com/nimroozy/haroonnet-isp-platform.git cd haroonnet-isp-platform # 9. Create required directories mkdir -p logs/freeradius chmod 755 logs/freeradius # 10. Configure firewall safely ufw allow 22/tcp # SSH - CRITICAL ufw allow 80/tcp # HTTP ufw allow 443/tcp # HTTPS ufw allow 1812/udp # RADIUS Auth ufw allow 1813/udp # RADIUS Accounting ufw allow 3799/udp # CoA/DM ufw allow 3000/tcp # Admin Portal ufw allow 3001/tcp # Customer Portal ufw allow 4000/tcp # API Backend ufw allow 3002/tcp # Grafana ufw allow 9090/tcp # Prometheus ufw allow 5555/tcp # Flower # Disable IPv6 in UFW sed -i 's/IPV6=yes/IPV6=no/' /etc/default/ufw ufw --force enable # 11. Build and start platform docker-compose build docker-compose up -d ``` -------------------------------- ### Initial System Setup and Package Installation (Bash) Source: https://github.com/nimroozy/haroonnet-isp-platform/blob/main/docs/fresh-ubuntu-installation.md Updates system packages, installs essential utilities like curl, wget, git, htop, and configures the system timezone and hostname. A reboot is required to apply changes. ```bash # Update system packages sudo apt update && sudo apt upgrade -y # Install essential packages sudo apt install -y curl wget git htop tree jq vim nano ufw fail2ban \ software-properties-common apt-transport-https ca-certificates \ gnupg lsb-release build-essential # Set timezone (adjust as needed) sudo timedatectl set-timezone Asia/Kabul # Configure hostname sudo hostnamectl set-hostname haroonnet-server # Reboot to apply updates sudo reboot ``` -------------------------------- ### Automated and Manual Service Deployment Source: https://github.com/nimroozy/haroonnet-isp-platform/blob/main/docs/installation.md Commands to execute the automated setup script or perform manual Docker-based installation and service management. ```bash # Automated ./scripts/setup.sh # Manual docker-compose build docker-compose up -d docker-compose ps ``` -------------------------------- ### HaroonNet Platform Download and Setup (Bash) Source: https://github.com/nimroozy/haroonnet-isp-platform/blob/main/docs/fresh-ubuntu-installation.md Creates the necessary directory structure for the HaroonNet platform, clones the repository (or copies local files), makes scripts executable, and creates subdirectories for logs, backups, uploads, SSL certificates, and configuration files. ```bash # Create application directory sudo mkdir -p /opt/haroonnet sudo chown $USER:$USER /opt/haroonnet cd /opt/haroonnet # Clone the platform (replace with actual repository URL) git clone https://github.com/your-repo/haroonnet-isp-platform.git . # Or if you have the files locally, copy them: # cp -r /path/to/haroonnet-isp-platform/* . # Make scripts executable chmod +x scripts/*.sh # Create required directories mkdir -p {logs,backups,uploads,ssl} mkdir -p config/{nginx/conf.d,prometheus,grafana/{provisioning,dashboards},loki,promtail} ``` -------------------------------- ### System Preparation and Repository Cloning Source: https://github.com/nimroozy/haroonnet-isp-platform/blob/main/docs/installation.md Initial steps to update the operating system, install necessary dependencies, and clone the platform source code from the repository. ```bash sudo apt update && sudo apt upgrade -y sudo apt install -y git curl wget git clone cd haroonnet-isp-platform chmod +x scripts/setup.sh ``` -------------------------------- ### Docker and Docker Compose Installation (Bash) Source: https://github.com/nimroozy/haroonnet-isp-platform/blob/main/docs/fresh-ubuntu-installation.md Installs Docker Engine and Docker Compose on Ubuntu 22.04. It removes old versions, adds the official Docker repository, installs the necessary packages, and adds the current user to the docker group. It also starts and enables the Docker service. ```bash # Remove old Docker versions if any sudo apt remove -y docker docker-engine docker.io containerd runc # Add Docker's official GPG key sudo mkdir -p /etc/apt/keyrings curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg # Add Docker repository echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null # Update package index sudo apt update # Install Docker Engine sudo apt install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin # Add current user to docker group sudo usermod -aG docker $USER # Install Docker Compose (standalone) sudo curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose sudo chmod +x /usr/local/bin/docker-compose # Start and enable Docker sudo systemctl start docker sudo systemctl enable docker # Verify Docker installation sudo docker run hello-world ``` -------------------------------- ### Build and Start HaroonNet ISP Platform with Docker Source: https://github.com/nimroozy/haroonnet-isp-platform/blob/main/docs/fresh-ubuntu-installation.md Builds all services for the HaroonNet ISP Platform using Docker Compose and then starts them in detached mode. It includes steps to log out and back in to apply group memberships, navigate to the platform directory, and check the status and logs of the running services. ```bash # Log out and log back in to apply docker group membership exit # SSH back in # Navigate to platform directory cd /opt/haroonnet # Build all services docker-compose build --no-cache # Start the platform docker-compose up -d # Check service status docker-compose ps # View logs to ensure everything is starting correctly docker-compose logs -f --tail=50 ``` -------------------------------- ### Manual HaroonNet ISP Platform Installation Source: https://github.com/nimroozy/haroonnet-isp-platform/blob/main/SAFE-INSTALLATION.md Installs the HaroonNet ISP Platform manually by cloning the repository, running a network fix script, and then executing the setup script. This method provides more control over the installation process. ```bash # Clone repository git clone https://github.com/nimroozy/haroonnet-isp-platform.git cd haroonnet-isp-platform # Run network fix first ./scripts/fix-network.sh # Then run setup ./scripts/setup.sh ``` -------------------------------- ### Basic RADIUS Setup on Mikrotik Router Source: https://github.com/nimroozy/haroonnet-isp-platform/blob/main/docs/fresh-ubuntu-installation.md Configuration commands for a Mikrotik router to set up RADIUS authentication and accounting, configure PPPoE profiles, enable Change of Authorization (CoA), and verify the setup. Assumes RADIUS server is accessible at YOUR_SERVER_IP. ```bash # Connect to your Mikrotik router via SSH or Winbox # Replace YOUR_SERVER_IP with your Ubuntu server IP # Add RADIUS server /radius add service=ppp address=YOUR_SERVER_IP secret=haroonnet-secret-2024 authentication-port=1812 accounting-port=1813 timeout=3s # Enable RADIUS for PPP /ppp aaa set use-radius=yes interim-update=00:05:00 accounting=yes # Create PPPoE profile /ppp profile add name=haroonnet-pppoe use-radius=yes only-one=yes change-tcp-mss=yes # Set up PPPoE server /interface pppoe-server server add service-name=HaroonNet interface=ether2 default-profile=haroonnet-pppoe # Enable CoA /radius incoming set accept=yes port=3799 /radius incoming add address=YOUR_SERVER_IP secret=haroonnet-coa-secret-2024 # Verify configuration /radius print /ppp aaa print ``` -------------------------------- ### Initialize Database and Verify HaroonNet ISP Platform Installation Source: https://github.com/nimroozy/haroonnet-isp-platform/blob/main/docs/fresh-ubuntu-installation.md Verifies the installation of the HaroonNet ISP Platform by checking service status, database initialization, RADIUS authentication, API health, and running comprehensive tests. It includes a delay to ensure services are ready before proceeding with checks. ```bash # Wait for services to be fully ready (2-3 minutes) sleep 180 # Check if all services are running docker-compose ps # Verify database initialization docker-compose exec mysql mysql -u root -p${MYSQL_ROOT_PASSWORD} -e "SHOW DATABASES;" # Test RADIUS authentication docker-compose exec freeradius radtest admin@haroonnet.com admin123 localhost 1812 testing123 # Check API health curl http://localhost:4000/health # Check admin portal curl http://localhost:3000 # Run comprehensive tests ./scripts/run_tests.sh ``` -------------------------------- ### Environment Configuration Source: https://github.com/nimroozy/haroonnet-isp-platform/blob/main/docs/installation.md Instructions for setting up the .env file with essential database, security, and SMTP credentials required for platform operation. ```bash cp env.example .env nano .env # Example variables: MYSQL_ROOT_PASSWORD=your-secure-password JWT_SECRET=your-jwt-secret-key SMTP_HOST=smtp.gmail.com ``` -------------------------------- ### Initial Configuration Steps for HaroonNet ISP Platform Source: https://github.com/nimroozy/haroonnet-isp-platform/blob/main/docs/fresh-ubuntu-installation.md Outlines the initial configuration steps after installing the HaroonNet ISP Platform. This includes logging into the Admin Portal, changing default passwords, configuring company settings, adding NAS devices, creating service plans, and setting up notifications via SMTP and Twilio. ```bash # 1. Login to Admin Portal # Access: https://your-server-ip:3000 # Login with: admin@haroonnet.com / admin123 # 2. Change Default Passwords # Go to Settings → Users # Change admin password # Update Grafana admin password # 3. Configure Company Settings # Go to Settings → Company # Update company information # Set timezone and currency # Configure contact details # 4. Add Your NAS Devices # Go to Network → NAS Devices # Add your Mikrotik routers # Configure IP addresses and shared secrets # Test connectivity # 5. Create Service Plans # Go to Services → Plans # Create internet packages (speeds, quotas, pricing) # Configure Mikrotik rate limits # Set billing cycles # 6. Configure Notifications # Go to Settings → Notifications # Configure SMTP settings for emails # Set up SMS provider (Twilio) # Test notification delivery ``` -------------------------------- ### Troubleshoot Platform Services Source: https://github.com/nimroozy/haroonnet-isp-platform/blob/main/docs/fresh-ubuntu-installation.md Diagnostic commands to inspect logs, resource usage, and database connectivity for common service failures. ```bash docker-compose logs docker stats docker-compose exec mysql mysql -u root -p${MYSQL_ROOT_PASSWORD} -e "SHOW PROCESSLIST;" docker-compose exec freeradius freeradius -CX ``` -------------------------------- ### FreeRADIUS Installation and Configuration (Bash) Source: https://github.com/nimroozy/haroonnet-isp-platform/blob/main/docs/fresh-ubuntu-installation.md Installs FreeRADIUS with MySQL support and utility tools. It stops the service for later configuration and backs up the original configuration files, ensuring proper permissions are set. ```bash # Install FreeRADIUS and MySQL module sudo apt install -y freeradius freeradius-mysql freeradius-utils # Stop FreeRADIUS service (we'll configure it later) sudo systemctl stop freeradius sudo systemctl disable freeradius # Backup original configuration sudo cp -r /etc/freeradius/3.0 /etc/freeradius/3.0.backup # Set proper permissions sudo chown -R freerad:freerad /etc/freeradius/3.0 sudo chmod -R 640 /etc/freeradius/3.0 sudo chmod 750 /etc/freeradius/3.0 ``` -------------------------------- ### Ultimate One-Click Installation for ISP Platform Source: https://github.com/nimroozy/haroonnet-isp-platform/blob/main/README.md This script automates the complete installation of the HaroonNet ISP Platform, handling all dependencies, configurations, and service setups with zero manual intervention. It ensures a modern UI, secure firewall, optimal Docker networking, and health checks for all services. ```bash curl -sSL https://raw.githubusercontent.com/nimroozy/haroonnet-isp-platform/main/install-isp-platform.sh | bash ``` -------------------------------- ### One-Command HaroonNet ISP Platform Installation Source: https://github.com/nimroozy/haroonnet-isp-platform/blob/main/SAFE-INSTALLATION.md Installs the HaroonNet ISP Platform using a single command. This method includes disabling IPv6 and protecting SSH access. It utilizes `curl` to download and execute the installation script. ```bash # This version includes IPv6 disable and SSH protection curl -sSL https://raw.githubusercontent.com/nimroozy/haroonnet-isp-platform/main/one-command-install.sh | bash ``` -------------------------------- ### Configure Alerting and Notifications Source: https://github.com/nimroozy/haroonnet-isp-platform/blob/main/docs/fresh-ubuntu-installation.md Commands to modify Prometheus alert rules and manage system configuration files. ```bash nano config/prometheus/alert_rules.yml ``` -------------------------------- ### Execute Platform Test Suites Source: https://github.com/nimroozy/haroonnet-isp-platform/blob/main/docs/fresh-ubuntu-installation.md Run automated test scripts to verify system integrity, including unit, integration, end-to-end, and load testing. ```bash ./scripts/run_tests.sh ./scripts/run_tests.sh unit ./scripts/run_tests.sh integration ./scripts/run_tests.sh e2e ./scripts/run_tests.sh load ``` -------------------------------- ### Download and Run Network Fix Script Source: https://github.com/nimroozy/haroonnet-isp-platform/blob/main/SAFE-INSTALLATION.md Downloads and executes a script to fix potential network issues before installation. This is a recommended first step to ensure network stability. It requires `wget` and `chmod` commands. ```bash # Download and run the network fix script first wget https://raw.githubusercontent.com/nimroozy/haroonnet-isp-platform/main/scripts/fix-network.sh chmod +x fix-network.sh ./fix-network.sh ``` -------------------------------- ### Troubleshooting and System Maintenance Source: https://github.com/nimroozy/haroonnet-isp-platform/blob/main/docs/installation.md Diagnostic commands to inspect service logs, manage container lifecycles, and optimize system resources like swap memory. ```bash docker-compose logs -f docker-compose restart docker stats sudo fallocate -l 4G /swapfile sudo swapon /swapfile ``` -------------------------------- ### Scale API Services with Docker Compose Source: https://github.com/nimroozy/haroonnet-isp-platform/blob/main/docs/installation.md Scale the API services horizontally to handle increased user load by using the '--scale' option with Docker Compose. This command starts multiple instances of the API service and requires a load balancer to distribute traffic effectively. ```bash # Scale API servers docker-compose up -d --scale api=3 # Use load balancer # Configure NGINX upstream ``` -------------------------------- ### Perform System Maintenance Source: https://github.com/nimroozy/haroonnet-isp-platform/blob/main/docs/fresh-ubuntu-installation.md Daily, weekly, and monthly maintenance tasks including log rotation, package updates, database optimization, and security audits. ```bash docker-compose ps df -h sudo apt update && sudo apt upgrade -y git pull origin main docker-compose build --no-cache docker-compose up -d docker-compose exec mysql mysql -u root -p${MYSQL_ROOT_PASSWORD} -e "OPTIMIZE TABLE haroonnet.customers, haroonnet.subscriptions, haroonnet.invoices;" sudo lynis audit system ``` -------------------------------- ### Obtain SSL Certificates with Certbot Source: https://github.com/nimroozy/haroonnet-isp-platform/blob/main/docs/installation.md Secure the platform by replacing self-signed certificates with valid SSL certificates obtained using Let's Encrypt and Certbot. This process involves installing Certbot, obtaining a certificate for your domain, and then copying the generated certificate files to the appropriate directory. ```bash # Using Let's Encrypt sudo apt install certbot sudo certbot certonly --standalone -d yourdomain.com # Copy certificates cp /etc/letsencrypt/live/yourdomain.com/fullchain.pem ssl/ cp /etc/letsencrypt/live/yourdomain.com/privkey.pem ssl/ ``` -------------------------------- ### Check Docker Logs Source: https://github.com/nimroozy/haroonnet-isp-platform/blob/main/docs/fresh-ubuntu-installation.md This command allows you to view the logs for a specific service within your Docker Compose setup. It's essential for diagnosing issues by examining the output and error messages of running services. Ensure you replace 'service-name' with the actual name of the service you want to inspect. ```bash docker-compose logs service-name ``` -------------------------------- ### Alternative One-Command Installation for ISP Platform Source: https://github.com/nimroozy/haroonnet-isp-platform/blob/main/README.md This is an alternative script for installing the HaroonNet ISP Platform using a single command. It provides a streamlined installation process for the complete ISP management system. ```bash curl -sSL https://raw.githubusercontent.com/nimroozy/haroonnet-isp-platform/main/one-command-install.sh | bash ``` -------------------------------- ### System Health Check for HaroonNet ISP Platform Source: https://github.com/nimroozy/haroonnet-isp-platform/blob/main/docs/fresh-ubuntu-installation.md Provides commands to perform a system health check after installing the HaroonNet ISP Platform. It includes checking Docker service status, system resources with htop, disk space with df -h, and network connectivity for essential ports. ```bash # Check all services are running docker-compose ps # Check system resources htop # Check disk space df -h # Check network connectivity ss -tuln | grep -E ':(1812|1813|3799|3000|4000)' ``` -------------------------------- ### Verify Application and RADIUS Database Counts Source: https://github.com/nimroozy/haroonnet-isp-platform/blob/main/docs/fresh-ubuntu-installation.md SQL queries executed via docker-compose to check the number of users, customers, and service plans in the application database, and the number of users, groups, and NAS devices in the RADIUS database. ```bash # Check application database docker-compose exec mysql mysql -u haroonnet -p${MYSQL_PASSWORD} haroonnet -e "SELECT COUNT(*) as users FROM users; SELECT COUNT(*) as customers FROM customers; SELECT COUNT(*) as plans FROM service_plans;" # Check RADIUS database docker-compose exec mysql mysql -u radius -p${RADIUS_DB_PASSWORD} radius -e "SELECT COUNT(*) as users FROM radcheck; SELECT COUNT(*) as groups FROM radgroupreply; SELECT COUNT(*) as nas_devices FROM nas;" ``` -------------------------------- ### Monitor and Optimize Platform Performance Source: https://github.com/nimroozy/haroonnet-isp-platform/blob/main/INSTALLATION-SUMMARY.md Commands to monitor real-time resource usage, execute load tests, and identify slow database queries. Includes an optimization command to reclaim space in key tables. ```bash # Check resource usage docker stats # Run performance tests ./scripts/run_tests.sh load # Check slow queries docker-compose logs mysql | grep "slow query" # Optimize database docker-compose exec mysql mysql -u root -p -e "OPTIMIZE TABLE haroonnet.customers, haroonnet.subscriptions, radius.radacct;" ``` -------------------------------- ### Check Docker Compose Service Status Source: https://github.com/nimroozy/haroonnet-isp-platform/blob/main/SAFE-INSTALLATION.md Lists the status of services managed by Docker Compose. This command is used after installation to verify that all components of the HaroonNet ISP Platform are running correctly. ```bash docker-compose ps # All services should be running ``` -------------------------------- ### Automated Installation Script for HaroonNet ISP Platform Source: https://github.com/nimroozy/haroonnet-isp-platform/blob/main/INSTALLATION-SUMMARY.md This bash script automates the download and installation of the HaroonNet ISP Platform. It requires cloning the repository and then executing the quick-install script. Access details for the Admin Portal are provided upon successful installation. ```bash # 1. Download the platform git clone cd haroonnet-isp-platform # 2. Run the automated installer ./scripts/quick-install.sh # 3. Access the platform # Admin Portal: https://your-server-ip:3000 # Login: admin@haroonnet.com / admin123 ``` -------------------------------- ### Firewall and Network Security Configuration Source: https://github.com/nimroozy/haroonnet-isp-platform/blob/main/docs/installation.md Configures UFW firewall rules to secure the server while allowing necessary traffic for SSH, web portals, and RADIUS authentication. ```bash sudo ufw --force reset sudo ufw default deny incoming sudo ufw default allow outgoing sudo ufw allow ssh sudo ufw allow 80/tcp sudo ufw allow 443/tcp sudo ufw allow 1812/udp sudo ufw allow 1813/udp sudo ufw allow 3799/udp sudo ufw --force enable ``` -------------------------------- ### Manually Backup MySQL Databases Source: https://github.com/nimroozy/haroonnet-isp-platform/blob/main/docs/installation.md Create manual backups of the MySQL databases used by the application ('haroonnet') and for RADIUS authentication. This command-line approach uses 'mysqldump' to export the database contents to SQL files. ```bash # Backup MySQL databases docker-compose exec mysql mysqldump -u root -p haroonnet > backup-app.sql docker-compose exec mysql mysqldump -u root -p radius > backup-radius.sql ``` -------------------------------- ### Configure System Limits and Network Performance Source: https://github.com/nimroozy/haroonnet-isp-platform/blob/main/docs/fresh-ubuntu-installation.md Increases system limits for file descriptors and processes, and optimizes network performance parameters using sysctl. These configurations are applied to both user and system-wide settings to ensure high performance for the ISP platform. ```bash # Increase system limits for high performance sudo tee -a /etc/security/limits.conf << EOF # HaroonNet ISP Platform limits * soft nofile 65536 * hard nofile 65536 * soft nproc 32768 * hard nproc 32768 root soft nofile 65536 root hard nofile 65536 EOF # Update systemd limits sudo mkdir -p /etc/systemd/system.conf.d sudo tee /etc/systemd/system.conf.d/limits.conf << EOF [Manager] DefaultLimitNOFILE=65536 DefaultLimitNPROC=32768 EOF # Configure sysctl for network performance sudo tee -a /etc/sysctl.conf << EOF # HaroonNet ISP Platform network optimizations net.core.rmem_max = 134217728 net.core.wmem_max = 134217728 net.ipv4.tcp_rmem = 4096 87380 134217728 net.ipv4.tcp_wmem = 4096 65536 134217728 net.ipv4.tcp_congestion_control = bbr net.core.netdev_max_backlog = 5000 EOF # Apply sysctl settings sudo sysctl -p ``` -------------------------------- ### Restore from Backup Archive Source: https://github.com/nimroozy/haroonnet-isp-platform/blob/main/docs/installation.md Recover the system from a previous backup by executing the restore script with the specific backup archive file as an argument. This process is vital for disaster recovery scenarios. ```bash # Restore from backup ./scripts/restore.sh backup-2024-01-01.tar.gz ``` -------------------------------- ### Test API Endpoints and Documentation Access Source: https://github.com/nimroozy/haroonnet-isp-platform/blob/main/docs/fresh-ubuntu-installation.md Curl commands to test the health of the API, authenticate via the login endpoint, and access the API documentation. Assumes API is running on port 4000. ```bash # Test API health curl -k https://YOUR_SERVER_IP:4000/health # Test authentication endpoint curl -k -X POST https://YOUR_SERVER_IP:4000/api/v1/auth/login \ -H "Content-Type: application/json" \ -d '{"email":"admin@haroonnet.com","password":"admin123"}' # Access API documentation curl -k https://YOUR_SERVER_IP:4000/api/docs ``` -------------------------------- ### Verify RADIUS Authentication Source: https://github.com/nimroozy/haroonnet-isp-platform/blob/main/docs/fresh-ubuntu-installation.md Perform authentication tests using curl for the API and radtest for the RADIUS server to ensure user connectivity. ```bash curl -k -X POST https://YOUR_SERVER_IP:4000/api/v1/auth/login \ -H "Content-Type: application/json" \ -d '{"email":"admin@haroonnet.com","password":"admin123"}' docker-compose exec freeradius radtest testuser@haroonnet.com testpass localhost 1812 testing123 ``` -------------------------------- ### Test RADIUS Authentication and Logs Source: https://github.com/nimroozy/haroonnet-isp-platform/blob/main/docs/fresh-ubuntu-installation.md Commands to test RADIUS authentication from the server and an external client, check RADIUS logs, and monitor active user sessions in the RADIUS accounting database. ```bash # Test RADIUS authentication (from server) docker-compose exec freeradius radtest test@haroonnet.com test123 localhost 1812 testing123 # Test from external client (replace IP) radtest test@haroonnet.com test123 YOUR_SERVER_IP 1812 testing123 # Check RADIUS logs docker-compose logs freeradius # Monitor active sessions docker-compose exec mysql mysql -u radius -p${RADIUS_DB_PASSWORD} radius -e "SELECT username, nasipaddress, acctstarttime FROM radacct WHERE acctstoptime IS NULL;" ``` -------------------------------- ### Manage and Optimize MySQL Database Source: https://github.com/nimroozy/haroonnet-isp-platform/blob/main/INSTALLATION-SUMMARY.md Procedures for accessing the database, checking storage consumption, and performing maintenance tasks. These commands help identify database growth and optimize table performance. ```bash # Check MySQL logs docker-compose logs mysql # Access MySQL directly docker-compose exec mysql mysql -u root -p # Check database sizes docker-compose exec mysql mysql -u root -p -e "SELECT table_schema AS 'Database', ROUND(SUM(data_length + index_length) / 1024 / 1024, 2) AS 'Size (MB)' FROM information_schema.tables GROUP BY table_schema;" ``` -------------------------------- ### Access HaroonNet ISP Platform Portals Source: https://github.com/nimroozy/haroonnet-isp-platform/blob/main/docs/fresh-ubuntu-installation.md Provides the URLs to access different portals of the HaroonNet ISP Platform, including the Admin Portal, Customer Portal, API Documentation, Grafana Monitoring, and Worker Monitoring. It also lists the default login credentials for Admin and Grafana users. ```bash # Admin Portal: https://your-server-ip:3000 # Customer Portal: https://your-server-ip:3001 # API Documentation: https://your-server-ip:4000/api/docs # Grafana Monitoring: https://your-server-ip:3002 # Worker Monitoring: https://your-server-ip:5555 # Default Login Credentials: # Admin User: admin@haroonnet.com / admin123 # Grafana: admin / admin123 ``` -------------------------------- ### Execute Automated Backup Script Source: https://github.com/nimroozy/haroonnet-isp-platform/blob/main/docs/installation.md Initiate the platform's automated backup process using the provided script. This is crucial for data safety and disaster recovery. The script handles the backup procedure, ensuring data can be restored if needed. ```bash # Manual backup ./scripts/backup.sh ``` -------------------------------- ### Update Haroonnet Platform with Mikrotik NAS Details Source: https://github.com/nimroozy/haroonnet-isp-platform/blob/main/docs/fresh-ubuntu-installation.md Instructions for updating the Haroonnet ISP platform's NAS Devices section with the details of a newly configured Mikrotik router, including its IP address, type, shared secrets, and CoA port. ```bash # Update NAS devices in the platform # Login to admin portal: https://YOUR_SERVER_IP:3000 # Go to Network → NAS Devices # Add your Mikrotik router: # - Name: Mikrotik Main Router # - IP Address: YOUR_MIKROTIK_IP # - Type: mikrotik # - Shared Secret: haroonnet-secret-2024 # - CoA Port: 3799 # - CoA Secret: haroonnet-coa-secret-2024 ``` -------------------------------- ### Configure Fail2ban for RADIUS Security Source: https://github.com/nimroozy/haroonnet-isp-platform/blob/main/docs/fresh-ubuntu-installation.md Steps to configure Fail2ban to protect RADIUS services by creating custom filter rules and jail configurations. Requires root privileges. ```bash # Configure fail2ban for additional security sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local # Edit fail2ban configuration sudo nano /etc/fail2ban/jail.local # Add custom rules for RADIUS sudo tee /etc/fail2ban/filter.d/freeradius.conf << EOF [Definition] failregex = ^.*Login incorrect.*.* ^.*Invalid user.*from .* ignoreregex = EOF sudo tee /etc/fail2ban/jail.d/freeradius.conf << EOF [freeradius] enabled = true port = 1812,1813 protocol = udp filter = freeradius logpath = /var/log/freeradius/radius.log maxretry = 3 bantime = 3600 findtime = 600 EOF # Restart fail2ban sudo systemctl restart fail2ban sudo systemctl enable fail2ban ``` -------------------------------- ### Troubleshoot System Services with Docker Source: https://github.com/nimroozy/haroonnet-isp-platform/blob/main/INSTALLATION-SUMMARY.md Commands to diagnose service failures by inspecting logs, disk space, and memory usage. It provides a quick way to restart specific containers like MySQL. ```bash # Check logs docker-compose logs # Check disk space df -h # Check memory free -h # Restart specific service docker-compose restart mysql ``` -------------------------------- ### Perform Daily System Checks Source: https://github.com/nimroozy/haroonnet-isp-platform/blob/main/docs/installation.md Conduct essential daily checks to ensure the platform's health and stability. This includes monitoring service status via 'docker-compose ps', checking disk space with 'df -h', and reviewing recent error logs using 'docker-compose logs'. ```bash # Monitor service status docker-compose ps # Check disk usage df -h # Review error logs docker-compose logs --tail=100 ``` -------------------------------- ### Secure Docker Daemon Configuration Source: https://github.com/nimroozy/haroonnet-isp-platform/blob/main/docs/fresh-ubuntu-installation.md Configuration for the Docker daemon to enhance security by setting log rotation policies, enabling live restore, disabling userland proxy, and preventing new privileges. Requires root privileges. ```bash # Create Docker daemon configuration for security sudo tee /etc/docker/daemon.json << EOF { "log-driver": "json-file", "log-opts": { "max-size": "10m", "max-file": "3" }, "live-restore": true, "userland-proxy": false, "no-new-privileges": true } EOF # Restart Docker sudo systemctl restart docker ``` -------------------------------- ### Test Worker and Scheduler Status, Monitor Activity Source: https://github.com/nimroozy/haroonnet-isp-platform/blob/main/docs/fresh-ubuntu-installation.md Commands to inspect the status of Celery workers, check scheduled tasks, monitor worker logs in real-time, and access the Flower monitoring interface. ```bash # Check worker status docker-compose exec worker celery -A app.celery inspect active # Check scheduled tasks docker-compose exec scheduler celery -A app.celery inspect scheduled # Monitor worker activity docker-compose logs -f worker # Access Flower monitoring curl -k https://YOUR_SERVER_IP:5555 ``` -------------------------------- ### Configure Automatic Daily Backups Source: https://github.com/nimroozy/haroonnet-isp-platform/blob/main/docs/mikrotik-configuration.md These commands export the current Mikrotik configuration to a file, create a manual backup, and then set up a scheduler to perform automatic daily backups at 2:00 AM. The backup filenames include the date for easy identification. ```bash # Export configuration /export file=mikrotik-radius-config # Create backup /system backup save name=radius-backup # Schedule automatic backups /system scheduler add \ name=daily-backup \ on-event="/system backup save name=(\"backup-\" . [/system clock get date])" \ start-date=today \ start-time=02:00:00 \ interval=1d ``` -------------------------------- ### Verify IPv6 is Disabled Source: https://github.com/nimroozy/haroonnet-isp-platform/blob/main/SAFE-INSTALLATION.md Checks the system's current IPv6 configuration by reading the `disable_ipv6` setting for all network interfaces. A return value of `1` confirms that IPv6 is disabled. ```bash cat /proc/sys/net/ipv6/conf/all/disable_ipv6 # Should return: 1 ``` -------------------------------- ### Completely Disable IPv6 Source: https://github.com/nimroozy/haroonnet-isp-platform/blob/main/SAFE-INSTALLATION.md Applies system-wide settings to disable IPv6, both temporarily via sysctl and permanently via GRUB configuration. This is useful for environments that require IPv4-only networking. ```bash # Completely disable IPv6 echo 'net.ipv6.conf.all.disable_ipv6 = 1' >> /etc/sysctl.conf echo 'net.ipv6.conf.default.disable_ipv6 = 1' >> /etc/sysctl.conf echo 'net.ipv6.conf.lo.disable_ipv6 = 1' >> /etc/sysctl.conf sysctl -p # Disable in GRUB (permanent) sed -i 's/GRUB_CMDLINE_LINUX_DEFAULT="/GRUB_CMDLINE_LINUX_DEFAULT="ipv6.disable=1 /' /etc/default/grub update-grub ``` -------------------------------- ### Environment Configuration for HaroonNet (Bash) Source: https://github.com/nimroozy/haroonnet-isp-platform/blob/main/docs/fresh-ubuntu-installation.md Copies the environment template file and generates strong, random passwords and secrets for MySQL, FreeRADIUS, JWT, and COA. It then prompts the user to edit the `.env` file to update critical values. ```bash # Copy environment template cp env.example .env # Generate strong passwords and secrets MYSQ_ROOT_PASS=$(openssl rand -base64 32) MYSQ_APP_PASS=$(openssl rand -base64 32) RADIUS_DB_PASS=$(openssl rand -base64 32) JWT_SECRET=$(openssl rand -base64 64) COA_SECRET=$(openssl rand -base64 32) # Edit environment file nano .env ``` -------------------------------- ### Run Diagnostic Tests Source: https://github.com/nimroozy/haroonnet-isp-platform/blob/main/docs/fresh-ubuntu-installation.md This script executes a suite of diagnostic tests for the Haroonnet ISP platform. Running these tests can help identify potential problems or verify the system's health. The script is located in the 'scripts/' directory. ```bash ./scripts/run_tests.sh ``` -------------------------------- ### Optimize High Load Configuration Source: https://github.com/nimroozy/haroonnet-isp-platform/blob/main/docs/mikrotik-configuration.md For environments with a high number of concurrent sessions (1000+), these settings can improve performance. They include increasing RADIUS timeouts and retries, optimizing PPP interim update intervals, and enabling connection tracking optimization. ```bash # Increase RADIUS timeout and retries /radius set 0 timeout=5s tries=3 # Optimize PPP settings /ppp aaa set interim-update=00:10:00 # Enable connection tracking optimization /ip firewall connection tracking set enabled=auto ``` -------------------------------- ### Generate Self-Signed SSL Certificates Source: https://github.com/nimroozy/haroonnet-isp-platform/blob/main/docs/fresh-ubuntu-installation.md Generates self-signed SSL certificates for development purposes using OpenSSL. It creates a private key and a certificate, then sets appropriate file permissions. For production, it suggests using Certbot to obtain real SSL certificates. ```bash # Generate self-signed certificates for development openssl req -x509 -nodes -days 365 -newkey rsa:2048 \ -keyout ssl/selfsigned.key \ -out ssl/selfsigned.crt \ -subj "/C=AF/ST=Kabul/L=Kabul/O=YourISP/OU=IT/CN=yourdomain.com" # Set proper permissions chmod 600 ssl/selfsigned.key chmod 644 ssl/selfsigned.crt # For production, get real SSL certificates: # sudo apt install certbot # sudo certbot certonly --standalone -d yourdomain.com # cp /etc/letsencrypt/live/yourdomain.com/fullchain.pem ssl/ # cp /etc/letsencrypt/live/yourdomain.com/privkey.pem ssl/selfsigned.key ``` -------------------------------- ### Enable and Check Bandwidth Monitoring Source: https://github.com/nimroozy/haroonnet-isp-platform/blob/main/docs/mikrotik-configuration.md These commands enable IP accounting for bandwidth monitoring and then allow you to view the collected accounting data. This is crucial for user billing and traffic analysis. ```bash # Enable IP accounting /ip accounting set enabled=yes # Check accounting data /ip accounting print ``` -------------------------------- ### Create Address Lists for User Management (Mikrotik RouterOS) Source: https://github.com/nimroozy/haroonnet-isp-platform/blob/main/docs/mikrotik-configuration.md Demonstrates how to create firewall address lists on a Mikrotik router, such as 'blocked-users' and 'premium-users'. These lists can be dynamically populated or managed based on RADIUS attributes for user management purposes. ```bash /ip firewall address-list add \ list=blocked-users \ comment="Blocked users from RADIUS" /ip firewall address-list add \ list=premium-users \ comment="Premium users from RADIUS" ``` -------------------------------- ### Firewall Configuration with UFW (Bash) Source: https://github.com/nimroozy/haroonnet-isp-platform/blob/main/docs/fresh-ubuntu-installation.md Configures the Uncomplicated Firewall (UFW) to allow essential services like SSH, HTTP, HTTPS, RADIUS ports (1812, 1813, 3799), and management ports for the HaroonNet platform. It resets the firewall to defaults before applying new rules. ```bash # Reset firewall to default sudo ufw --force reset # Set default policies sudo ufw default deny incoming sudo ufw default allow outgoing # Allow SSH (adjust port if changed) sudo ufw allow ssh # Allow HTTP and HTTPS sudo ufw allow 80/tcp sudo ufw allow 443/tcp # Allow RADIUS ports sudo ufw allow 1812/udp comment 'RADIUS Authentication' sudo ufw allow 1813/udp comment 'RADIUS Accounting' sudo ufw allow 3799/udp comment 'RADIUS CoA/DM' # Allow management ports (restrict these in production) sudo ufw allow 3000/tcp comment 'Admin Portal' sudo ufw allow 3001/tcp comment 'Customer Portal' sudo ufw allow 4000/tcp comment 'API Server' sudo ufw allow 3002/tcp comment 'Grafana' sudo ufw allow 9090/tcp comment 'Prometheus' sudo ufw allow 5555/tcp comment 'Flower' # Enable firewall sudo ufw --force enable # Check status sudo ufw status verbose ``` -------------------------------- ### Configure UFW Firewall for Network Security Source: https://github.com/nimroozy/haroonnet-isp-platform/blob/main/docs/fresh-ubuntu-installation.md Commands to configure the Uncomplicated Firewall (UFW) to allow specific access to admin and monitoring ports, restrict RADIUS access to network equipment, block common attack ports, and enable logging. Requires root privileges. ```bash # Configure advanced firewall rules # Allow only specific IP ranges for admin access (adjust as needed) sudo ufw allow from 192.168.1.0/24 to any port 3000 comment 'Admin Portal - Local Network' sudo ufw allow from 192.168.1.0/24 to any port 3002 comment 'Grafana - Local Network' # Restrict RADIUS access to your network equipment only sudo ufw allow from 192.168.1.0/24 to any port 1812 comment 'RADIUS Auth - Network Equipment' sudo ufw allow from 192.168.1.0/24 to any port 1813 comment 'RADIUS Accounting - Network Equipment' sudo ufw allow from 192.168.1.0/24 to any port 3799 comment 'RADIUS CoA - Network Equipment' # Block common attack ports sudo ufw deny 23/tcp comment 'Block Telnet' sudo ufw deny 135/tcp comment 'Block RPC' sudo ufw deny 445/tcp comment 'Block SMB' # Enable logging sudo ufw logging on # Reload firewall sudo ufw reload ``` -------------------------------- ### Troubleshoot Accounting Issues Source: https://github.com/nimroozy/haroonnet-isp-platform/blob/main/docs/mikrotik-configuration.md These commands help diagnose accounting problems by checking if accounting is enabled within PPP AAA settings, verifying that interim accounting updates are being sent (by checking logs), and sniffing accounting packets on the relevant port. ```bash # Check if accounting is enabled /ppp aaa print # Verify interim updates are being sent /log print where topics~"radius" and message~"accounting" # Check accounting packets /tool sniffer quick port=1813 ``` -------------------------------- ### Optimize MySQL for High Load Source: https://github.com/nimroozy/haroonnet-isp-platform/blob/main/docs/installation.md Adjust MySQL configuration for high-traffic environments by increasing the 'innodb_buffer_pool_size'. This setting should be approximately 70% of the available RAM to improve database performance. Ensure you edit the correct configuration file. ```bash # Edit MySQL configuration nano config/mysql/my.cnf # Increase buffer pool size innodb_buffer_pool_size = 20G # 70% of available RAM ``` -------------------------------- ### Check UFW Status and Re-enable SSH Source: https://github.com/nimroozy/haroonnet-isp-platform/blob/main/SAFE-INSTALLATION.md Commands to check the current status of the Uncomplicated Firewall (UFW) and to re-allow SSH access (port 22/tcp) if it was inadvertently blocked. This is part of troubleshooting SSH connectivity issues. ```bash ufw status ufw allow 22/tcp ufw reload ``` -------------------------------- ### Secure RADIUS Configuration Source: https://github.com/nimroozy/haroonnet-isp-platform/blob/main/docs/mikrotik-configuration.md This section emphasizes using strong, unique shared secrets for RADIUS and provides an example of generating a secure secret using openssl. It also includes a firewall rule to restrict RADIUS traffic to authorized sources. ```bash # Use strong shared secrets (minimum 16 characters) # Change default secrets immediately # Use different secrets for different services # Example of secure secret generation # openssl rand -base64 32 # Restrict RADIUS traffic to specific interfaces /ip firewall filter add \ chain=input \ protocol=udp \ dst-port=1812,1813,3799 \ src-address=!192.168.1.100 \ action=drop \ comment="Block unauthorized RADIUS access" ``` -------------------------------- ### Checking System Service Status with Docker Compose Source: https://github.com/nimroozy/haroonnet-isp-platform/blob/main/INSTALLATION-SUMMARY.md This command lists the status of services managed by Docker Compose. It is useful for quickly verifying if all components of the HaroonNet ISP Platform are running as expected. ```bash # Service status docker-compose ps ``` -------------------------------- ### Limit Administrative Access Source: https://github.com/nimroozy/haroonnet-isp-platform/blob/main/docs/mikrotik-configuration.md This demonstrates how to restrict the policies available to the 'full' user group and how to create a new user with limited 'read' permissions. This is a fundamental security practice for managing access to the router. ```bash # Limit administrative access /user group set full policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,dude # Create limited admin user /user add name=radius-admin group=read password=SecurePassword123 ``` -------------------------------- ### Reset Firewall and Allow SSH Source: https://github.com/nimroozy/haroonnet-isp-platform/blob/main/SAFE-INSTALLATION.md Resets the UFW firewall to its default state, then explicitly allows incoming SSH connections (port 22/tcp), denies all other incoming traffic by default, allows all outgoing traffic, and enables the firewall. This is a recovery step for severe firewall misconfigurations. ```bash ufw --force reset ufw allow 22/tcp ufw default deny incoming ufw default allow outgoing ufw --force enable ``` -------------------------------- ### Monitor PPP Sessions Source: https://github.com/nimroozy/haroonnet-isp-platform/blob/main/docs/mikrotik-configuration.md These commands allow you to view active PPP sessions, retrieve detailed information about a specific session by its name, and monitor traffic statistics for a given PPP interface like 'pppoe-out1'. ```bash # View active PPP sessions /ppp active print # View PPP session details /ppp active print detail where name=username # Monitor session statistics /interface monitor-traffic pppoe-out1 ``` -------------------------------- ### Viewing Docker Compose Logs Source: https://github.com/nimroozy/haroonnet-isp-platform/blob/main/INSTALLATION-SUMMARY.md This command streams the logs from Docker Compose services, showing the most recent log entries. It is essential for debugging and monitoring the real-time activity of the platform's services. ```bash # View logs docker-compose logs -f --tail=50 ``` -------------------------------- ### GET /api/v1/customers Source: https://context7.com/nimroozy/haroonnet-isp-platform/llms.txt Retrieves a paginated list of ISP customers. ```APIDOC ## GET /api/v1/customers ### Description Fetches a list of all customers with support for pagination. ### Method GET ### Endpoint /api/v1/customers ### Query Parameters - **page** (number) - Optional - Page number - **limit** (number) - Optional - Items per page ### Response #### Success Response (200) - **customers** (array) - List of customer objects - **total** (number) - Total count of customers #### Response Example { "customers": [ { "id": 1, "username": "john.doe", "status": "active" } ], "total": 1247 } ``` -------------------------------- ### Debug RADIUS Authentication Source: https://github.com/nimroozy/haroonnet-isp-platform/blob/main/INSTALLATION-SUMMARY.md Tools for verifying FreeRADIUS configuration and user database records. Use these commands to validate authentication flow and user credentials within the system. ```bash # Check FreeRADIUS logs docker-compose logs freeradius # Test configuration docker-compose exec freeradius freeradius -CX # Check user in database docker-compose exec mysql mysql -u radius -pradpass radius -e "SELECT * FROM radcheck WHERE username='test@haroonnet.com';" ``` -------------------------------- ### Troubleshoot Authentication Failures Source: https://github.com/nimroozy/haroonnet-isp-platform/blob/main/docs/mikrotik-configuration.md This section provides commands to check RADIUS server connectivity using netwatch, test RADIUS authentication directly, and view the shared secret configuration. These are key steps in diagnosing authentication problems. ```bash # Check RADIUS server connectivity /tool netwatch add host=192.168.1.100 # Test RADIUS authentication /radius monitor 0 user=testuser password=testpass # Check shared secret /radius print detail ``` -------------------------------- ### Testing RADIUS Authentication with Docker Compose Source: https://github.com/nimroozy/haroonnet-isp-platform/blob/main/INSTALLATION-SUMMARY.md This command tests the RADIUS authentication for a customer using the Docker Compose environment. It simulates a connection attempt from a client to the FreeRADIUS server. A successful authentication should return 'Access-Accept'. ```bash # Test from server docker-compose exec freeradius radtest customer@haroonnet.com password localhost 1812 testing123 # Should return: Access-Accept ``` -------------------------------- ### Test SSH Connection Stability Source: https://github.com/nimroozy/haroonnet-isp-platform/blob/main/SAFE-INSTALLATION.md Ensures your SSH connection is stable before proceeding with the installation. This command tests the connection by sending keep-alive packets every 60 seconds. It requires the server's IP address and root credentials. ```bash # Test from your local machine ssh -o ServerAliveInterval=60 root@YOUR_SERVER_IP ``` -------------------------------- ### Check Firewall Status Source: https://github.com/nimroozy/haroonnet-isp-platform/blob/main/SAFE-INSTALLATION.md Displays the current status and rules of the UFW firewall. This is used to verify that necessary ports, especially SSH (22/tcp), are allowed. ```bash ufw status # Should show SSH (22/tcp) as ALLOW ``` -------------------------------- ### Optimize Memory and CPU Usage Source: https://github.com/nimroozy/haroonnet-isp-platform/blob/main/docs/mikrotik-configuration.md This section focuses on resource optimization by monitoring system usage, disabling unnecessary logs (e.g., debug topics), and selectively enabling connection tracking helpers only when required. This helps maintain router stability under load. ```bash # Monitor resource usage /system resource print # Optimize logging (disable unnecessary logs) /system logging disable [find where topics~"debug"] # Use connection tracking helpers only when needed /ip firewall service-port print ``` -------------------------------- ### Restart SSH Service Source: https://github.com/nimroozy/haroonnet-isp-platform/blob/main/SAFE-INSTALLATION.md Restarts the SSH daemon (sshd) to apply configuration changes or resolve connection issues. This command is typically used when troubleshooting SSH access problems. ```bash systemctl restart sshd ``` -------------------------------- ### Querying Active RADIUS Sessions from MySQL Source: https://github.com/nimroozy/haroonnet-isp-platform/blob/main/INSTALLATION-SUMMARY.md This SQL query retrieves information about currently active RADIUS sessions from the 'radacct' table in the MySQL database. It helps in monitoring live user connections and their start times. ```sql # Check active RADIUS sessions docker-compose exec mysql mysql -u radius -pradpass radius -e "SELECT username, nasipaddress, acctstarttime FROM radacct WHERE acctstoptime IS NULL LIMIT 10;" ``` -------------------------------- ### Set Up PPPoE Server (Mikrotik RouterOS) Source: https://github.com/nimroozy/haroonnet-isp-platform/blob/main/docs/mikrotik-configuration.md Configures a PPPoE server on a Mikrotik router, specifying the service name, the interface it will run on (ether2), and the default profile to use ('pppoe-radius'). It also sets options like 'one-session-per-host' and MTU/MRU values. ```bash /interface pppoe-server server add \ service-name=HaroonNet \ interface=ether2 \ default-profile=pppoe-radius \ one-session-per-host=yes \ max-mtu=1480 \ max-mru=1480 \ keepalive-timeout=60 /interface pppoe-server server print ```