How to scratch install vicibox dynamic portal

scratch install vicibox dynamic portal

If you install VICIDial from scratch on CentOS, Rocky Linux, AlmaLinux, or Ubuntu, you usually gain flexibility, but you often lose one very practical feature that comes with the ViciBox ISO: the ViciBox dynamic portal.

The dynamic portal is a separate login page that lets remote agents authenticate using their VICIDial credentials, and then automatically adds their public IP address to the firewall’s dynamic allow list. It is designed for work from home teams and rotating IP addresses, and it helps you avoid opening your dialer services to the whole internet.

This guide rewrites and organizes your installation notes into a calm, publish ready walkthrough, with clean structure, practical checks, and a few safety tips for real production use.

What the ViciBox Dynamic Portal Does

On a standard ViciBox install, the firewall tools and the dynamic portal work together:

  1. A user visits the portal page, usually valid8.php
  2. They log in with their VICIDial user and password
  3. The system adds their current IP to a dynamic IP set in the firewall
  4. Within about a minute, they can access the VICIDial web interface and related services from that IP

ViciBox’s official docs describe it as a standalone portal outside VICIDial itself, with rate limiting on authentication attempts, and a direct purpose: dynamically allow an IP in the firewall for VICIDial access.

Why Scratch Installs Often Miss This Feature

The ViciBox ISO is built to deliver a complete VICIDial call center stack with the firewall integration and portal included.

When you install on an alternative OS using a scratch method, you can still run VICIDial perfectly, but the ViciBox firewall integration and the dynamic portal are not automatically present. That is why you need to install and wire them manually.

Before You Start

A few quick notes that prevent painful lockouts later:

  1. Make sure you have console access or a reliable out of band method before enabling firewall rules.
  2. Confirm your VICIDial web server is working normally on port 80 or 443 first.
  3. Decide whether you want the portal on HTTPS, HTTP, or both.
  4. Decide which ports you will use
    1. Port 446 for HTTPS portal access
    2. Port 81 for HTTP portal access

Step 1: Install firewalld, ipset, and SSL support

For Red Hat based systems such as CentOS, Rocky Linux, and AlmaLinux, install these packages:

  1. firewalld
  2. ipset
  3. mod_ssl if you will serve the portal on HTTPS

Commands to run:

yum install firewalld
yum install ipset
yum install mod_ssl

If you will only use HTTP for the portal, you can skip mod_ssl.

For Ubuntu systems, use apt{HYPHEN}get instead of yum.

Step 2: Download the dynamic portal files from GitHub

Create a working directory and download the zip:

cd /usr/src/
mkdir dynamicportal
cd dynamicportal
wget https://github.com/striker24x7/vicidial-dynamicportal/archive/refs/heads/main.zip
unzip main.zip

This matches the published scratch install method from the original repository author.

Step 3: Copy firewall zones, services, and ipset rules

Go into the extracted folder:

cd vicidial-dynamicportal-main
cp -r zones /etc/firewalld/zones

**note: if prompts for override for public give yes

cp -r ipsets /etc/firewalld/ipsets
cd services
cp *.xml /usr/lib/firewalld/services/

Step 4: Copy the Dynamic portal files to web folder

In my case I am using centos, where the web root folder path is /var/www/html

cp -r dynamicportal /var/www/html/dynportal

Step 5: Copy the ssl file to the http config folder 

cp vicidial-ssl.conf /etc/httpd/conf.d/

Step 6: Edit the vicidial-ssl.conf

Edit the vicidial-ssl.conf file and replace the ssl certificate and ssl key with your domain key.

Line no 22 and 24 if chain certificate is available then edit line 23

vi /etc/httpd/conf.d/vicidial-ssl.conf

SSLCertificateFile /etc/letsencrypt/live/striker24x7.com/cert.pem
#SSLCACertificateFile /etc/apache2/ssl.crt/CA_chain.crt
SSLCertificateKeyFile /etc/letsencrypt/live/striker24x7.com/privkey.pem

Note: if you are accessing your vicidial over http only then edit the below file to access the dynamic portal via port 81 over http

vi /etc/httpd/conf/httpd.conf

add the below lines at the end for the file

<VirtualHost *:81>
  ServerName xyzabc.com
  DocumentRoot /var/www/html/dynportal
  ErrorLog /var/log/httpd/error.log
  CustomLog /var/log/httpd/requests.log combined
</VirtualHost>

Step 7: Add the 81 and 446 as listen port in apache

edit the ssl.conf file and add the line Listen 446 after the line Listen 443 and edit the httpd.conf to add port 81 as listen port

Port 446 is used to access the dynamic portal over https

Port 81 is used to access the dynamic portal over http

For Adding Listen port 446

vi /etc/httpd/conf.d/ssl.conf
Listen 443 https ; below this line add
Listen 446

For Adding Listen port 81

vi /etc/httpd/conf/httpd.conf
Listen 80  ;below this line add
Listen 81

Step 8: Copy the VB-firewall script to bin

cp VB-firewall /usr/bin/
chmod +x /usr/bin/VB-firewall

Step 9: Restart and run on startup the Firewalld

Run the below command to enable and restart the firewall service

systemctl enable firewalld
systemctl restart firewalld

Step 10: Enable the IP List in Vicidial

This part is important because the portal and firewall script integrate with VICIDial IP Lists.

In VICIDial Admin:

  1. Go to Admin, then System Settings
  2. Enable IP Lists
  3. Set Allow IP Lists to 1
  4. Submit

Then, allow an admin user to manage IP lists:

  1. Go to Admin, then Users
  2. Edit the admin user you want to use
  3. Set Modify IP Lists to 1
  4. Submit

Now create the static whitelist list:

  1. Go to Admin, then IP Lists
  2. Create a new list named ViciWhite
  3. Set it to active
  4. Submit

Step 11: Add a cron job to apply whitelist and dynamic list rules

you need to add the VB-firewall script in the cronjob to run every minute to add the static whitelist ip list and dynamic ip list to the Firewall white list rules.

Also you need to run the VB-firewall script on reboot

edit the crontab by typing below command

The firewall script needs to run continuously so it can:

  1. Pull the static whitelist entries from ViciWhite
  2. Pull dynamic portal validations
  3. Apply them to the firewall ipset rules within about a minute

Edit crontab:

crontab -e

add the below at the end of the crontab file.

* * * * * /usr/bin/VB-firewall --white --dynamic --quiet
@reboot  /usr/bin/VB-firewall --white --dynamic --quiet

Testing the Dynamic Portal

Once Apache and firewalld are running, try the portal URLs.

Typical portal URLs are:

  1. HTTPS
    https://yourdomain:446/valid8.php
  2. HTTP
    http://yourdomain:81/valid8.php

Log in using valid VICIDial user credentials. If everything is wired correctly, the user’s public IP should be added to the dynamic ipset within a minute.

Confirm the IP was added

Check ipset entries:

ipset --list

Check firewall rules:

iptables -L -n

Adjust Which User Levels Can Authenticate

By default, many portal setups allow user level 1 to validate. If you want to change which levels are allowed, edit:

/var/www/html/dynportal/inc/defaults.inc.php

Look for the setting commonly named PORTAL_userlevel and adjust it according to your policy.

Common Troubleshooting Tips

The portal page loads but validation does nothing

  1. Confirm cron is running
  2. Run the VB firewall script manually once to see output and errors
  3. Confirm firewalld is active
  4. Confirm your VICIDial database connection settings inside the portal files match your server

Port 81 or 446 is closed

  1. Confirm Apache is listening on those ports
  2. Confirm firewalld allows inbound access to those ports
  3. Confirm your hosting provider security group is not blocking them

ViciBox documentation also notes that missing listen ports can break portal access, and the fix is to re enable the listen ports in Apache.

Users validate but still cannot reach VICIDial

  1. Confirm you are adding the needed services into the correct firewalld zone
  2. Confirm the allowed services cover what your agents actually use, such as web access and any required SIP access
  3. Confirm the IP appears in the correct dynamic list, not a blacklist

FAQs

What is the ViciBox dynamic portal used for
?

It is used to let remote agents authenticate with their VICIDial login and dynamically add their IP to the firewall allow list, so you can keep services restricted while supporting changing IP addresses.

Which ports does the dynamic portal use?

Common defaults are port 81 for HTTP and port 446 for HTTPS.

How fast does the firewall update after login?

In many setups it is picked up within about 60 seconds, depending on how often the firewall script runs.

Can I install the portal on a scratch install instead of using the ViciBox ISO?

Yes. The portal files and firewall integration can be installed manually, which is exactly what this guide walks through.

Conclusion

A scratch install gives you freedom to choose your OS and build a VICIDial stack your own way, but it often leaves out the dynamic portal that makes remote access much safer and easier to manage.

By installing firewalld and ipset, placing the portal files under Apache, enabling ports 81 and 446, and wiring the VB firewall script with cron, you can recreate the practical parts of the ViciBox dynamic portal on CentOS, Rocky Linux, AlmaLinux, or Ubuntu based deployments, without relying on the ViciBox ISO.

If you want, I can also rewrite this into a shorter version for a quick setup page, plus a separate checklist you can print for production deployments.

Our Readers Also like

Scroll to Top