How to scratch install vicibox dynamic portal

Installing the Vicibox dynamic portal through a scratch installation requires careful planning, especially when opting for non-standard OS platforms like CentOS, Rocky Linux, AlmaLinux, or Ubuntu.

This step-by-step guide unpacks the complexities of setting up the dynamic portal for a Vicidial scratch install, offering an alternative approach to the conventional Vicibox ISO method. For those unable to access the Vicibox ISO or simply looking for a more customized approach, following this guide is essential to unlock the full potential of the Vicibox dynamic portal.

Introducing the Vicibox Dynamic Portal:

The ViciBox Server serves as the core platform for the VICIDIAL Call Center Suite, traditionally installed via an OpenSuSE server architecture. This system streamlines the VICIDIAL installation, making the process relatively straightforward and efficient.

The Vicibox dynamic portal is a crucial integration, combining elements like the OS firewall, various VICIDIAL features, and additional Vicibox functionalities.

This seamless fusion simplifies network access management for VICIDIAL’s features. Key components include firewall integration supporting Blacklists, Whitelists, and a Dynamic List, all backed by a secure user authentication portal.

The Vicidial Scratch Installation Challenge:

For those who, like me, enjoy the challenge of installing VICIDIAL from scratch on alternative OS platforms such as CentOS, Rocky Linux, AlmaLinux, or Ubuntu—or those who face situations where the Vicibox ISO is unavailable or unusable—there is a notable trade-off: the absence of the Vicibox dynamic portal. This feature, critical for whitelisting and blacklisting IPs, is often seen as a luxury in these scratch installations. However, it remains a necessary tool for optimizing VICIDIAL’s security and efficiency.

Steps to Install the Vicidial Dynamic Portal:

This guide provides a comprehensive walkthrough for installing and configuring the Vicidial dynamic portal in scratch installations. The commands in this guide are tailored for Red Hat-based distributions (such as CentOS and Rocky Linux), while Ubuntu users will find apt-get the preferred tool for installation and configuration. By following these steps, you’ll be able to integrate the Vicibox dynamic portal with your scratch installation, overcoming the absence of the Vicibox ISO.

Step 1: Install the firewalld and ipset

yum install firewalld
yum install ipset
yum install mod_ssl

note: if you are accessing your vicidial over http only then skip the mod_ssl. 

Step 2: Download the Dynamic portal files from my Github

cd /usr/src/
mkdir dynamicportal
cd dynamicportal
wget https://github.com/striker24x7/vicidial-dynamicportal/archive/refs/heads/main.zip
unzip main.zip

Step 3: Copy the Firewall zones , services, ipset rules

cd vicidial-dynamicportal-main
cp -r zones /etc/firewalld/zones

**note: if prompts for override for public give yes

cp -r ipsets /etc/firewalld/ipsets
cd services
cp *.xml /usr/lib/firewalld/services/

Step 4: Copy the Dynamic portal files to web folder

In my case I am using centos, where the web root folder path is /var/www/html

cp -r dynamicportal /var/www/html/dynportal

Step 5: Copy the ssl file to the http config folder 

cp vicidial-ssl.conf /etc/httpd/conf.d/

Step 6: Edit the vicidial-ssl.conf 

Edit the vicidial-ssl.conf file and replace the ssl certificate and ssl key with your domain key.

Line no 22 and 24 if chain certificate is available then edit line 23

vi /etc/httpd/conf.d/vicidial-ssl.conf

SSLCertificateFile /etc/letsencrypt/live/striker24x7.com/cert.pem
#SSLCACertificateFile /etc/apache2/ssl.crt/CA_chain.crt
SSLCertificateKeyFile /etc/letsencrypt/live/striker24x7.com/privkey.pem

Note: if you are accessing your vicidial over http only then edit the below file to access the dynamic portal via port 81 over http

vi /etc/httpd/conf/httpd.conf

add the below lines at the end for the file

<VirtualHost *:81>
  ServerName xyzabc.com
  DocumentRoot /var/www/html/dynportal
  ErrorLog /var/log/httpd/error.log
  CustomLog /var/log/httpd/requests.log combined
</VirtualHost>

Step 7: Add the 81 and 446 as listen port in apache

edit the ssl.conf file and add the line Listen 446 after the line Listen 443 and edit the httpd.conf to add port 81 as listen port

Port 446 is used to access the dynamic portal over https

Port 81 is used to access the dynamic portal over http

For Adding Listen port 446

vi /etc/httpd/conf.d/ssl.conf
Listen 443 https ; below this line add
Listen 446

For Adding Listen port 81

vi /etc/httpd/conf/httpd.conf
Listen 80  ;below this line add
Listen 81

Step 8: Copy the VB-firewall script to bin

cp VB-firewall /usr/bin/
chmod +x /usr/bin/VB-firewall

Step 9: Restart and run on startup the Firewalld

Run the below command to enable and restart the firewall service

systemctl enable firewalld
systemctl restart firewalld

Step 10: Enable the IP List in Vicidial

Log in to your Vicidial Admin portal 

Navigate to  Admin > System Settings

Enable the IP List

Allow IP Lists: 1

submit

Next Navigate to Users and edit the Admin user who wants the access to add ip whitelist 

Modify any admin user (6666 i am using) and set 1 for Modify IP Lists:

Modify IP Lists::1

submit

Next Create ViciWhite IP list to add static IP’s for whitelist

navigate to ADMIN > IP Lists

Create a new IP list with the name as  ViciWhite

make sure to set the ViciWhite iplist to active.

submit.

Step 11: Cronjob entry to run VB-firewall every minute

you need to add the VB-firewall script in the cronjob to run every minute to add the static whitelist ip list and dynamic ip list to the Firewall white list rules.

Also you need to run the VB-firewall script on reboot

edit the crontab by typing below command

crontab -e

add the below at the end of the crontab file.

* * * * * /usr/bin/VB-firewall --white --dynamic --quiet
@reboot  /usr/bin/VB-firewall --white --dynamic --quiet

Conclusion: Dynamic portal Testing

    Now you can access the dynamic portal either over http of https by typing your Fqdn with respectice port

https://yourdomain:446/valid8.php

http://yourdomain:81/valid8.php

upon valid credentials the users public ip will be added the in ipset dynamic list within a minute.

To check whether ip added in the list , type the below command

ipset --list

Command to check the iptables rules

iptables -L -n

by default my script allows level 1users to validate credentials ,if you want to validate other users with level above 1 edit the below file and modify the line PORTAL_userlevel

vi /var/www/html/dynportal/inc/defaults.inc.php

Hope the tutorial is helpful, if you like my post kindly share

• How to Use ViciDial Firewalld via command line
• How to enable different language in vicidial
• Medical SEO Services of SEO XOOM
• Vicidial scratch installation in Centos7 Asterisk-13
• Setup Free SSL for WordPress on Google Cloud (Bitnami)