Skip to content

Commit

Permalink
update help
Browse files Browse the repository at this point in the history
  • Loading branch information
@tim-moody
tim-moody committed Apr 15, 2022
1 parent ac7e4cd commit 54fc327
Showing 1 changed file with 97 additions and 85 deletions.
182 changes: 97 additions & 85 deletions roles/console/files/help/Config.rst
View file
Original file line number Diff line number Diff line change
@@ -1,171 +1,183 @@
IIAB Admin Console - Configure
==============================

When you installed Internet-in-a-Box, a great deal of software was included, but much of it was not turned on.
When you installed Internet-in-a-Box, there was probably more software that could have been included, and some that was installed but not turned on.

These configuration options allow you to turn various features on or off to suit the needs of your organization.

Any item that is selected but was not previously installed will now be installed and enabled.

Configuration is divided into the following sections:

Network Parameters
------------------
Services Enabled
----------------

You will not usually need to touch these, but they are here in case you do and also for reference.
The Server has many individual pieces of software that are incorporated into it when it is set up so that they do not have to be installed later when you might have a slow Internet connection. Many of these are not turned on initially, but may be turned on or enabled by checking the box beside the name. Applications that are not used may also be turned off.

### Hostname and Domain Name
You should **note** that a number of items below require content to be useful. Enabling them turns them on, but you must also optain content using the **Install Content** menu or from a portable hard disk.

Both hostname and domain name can be changed, but you would normally only do this to fit into a larger networking environment.
Note some services listed below may not be installed and will not have a checkbox.

**Warning:** If you change the Hostname or Domain Name, you will need to refresh the browser after clicking Install Configured Options.
### Content Apps

The most important parameter is the **Role of the Server** in your network. The server can play one of three roles
* **Kiwix** - Serves Wikipediae and other content from sources below. You must also install content.

### Gateway
If you want any Wiki content you problably want this. Kiwix provides a server allows you to view and search a broad range of Wiki type material independent of the Internet. This material is selected in **Install Content** - **Get ZIM Files from Kiwix**

This means that the server has two connections, Ethernet and/or Wi-Fi, and that it filters traffic from
client machines to the Internet.
The main reason you would not want this is if the server has very limited disk space.

### Appliance
* **KA Lite Downloader** - This is only the downloader portion of the application which may be turned off if you don't plan to download videos.

This means that Internet-in-a-Box is just another machine on the network and usually that its content can be reached by a browser with the URL http://box or http://box.lan.
Khan Academy is a famous source of instructional videos originally on math topics, but now spanning numerous subjects. KA Lite is an offline version of these videos with accompanying exercises.

### LAN Controller
**Kolibri** - Multiple channels from many sources that provide offline access to a wide range of quality, openly licensed educational content.

This is similar to an Appliance except that the server is playing a network role for other machines on the network, such as supplying IP Addresses and Name Resolution. An Appliance is a member of the network. The LAN Controller is in charge of it.
* **IIAB Vector Maps ** - From OpenStreetMap these are maps of the world and specific regions from 10 to 16 levels of zoom depending on the tiles you install.
### Override IP Addresses
* **Calibre** - An E-Book Platform. You must also install content.

There may be times when in order to fit into an existing network you need to change the IP Address of the adapter connected to that network. Again this is something you would seldom do. There are four fields that must be entered:
* **Jupiter Hub** - A mix between a bloggin and text creation environment and an interactive Python programming environment.

**Please Note**: None of the values entered have any effect unless you **Check the Box** titled 'Check to use a static WAN IP Address instead of DHCP'.
* **Internet Archive Decentralized Web** - Application that helps you create your own offline digital library e.g. from http://dweb.archive.org

**Static WAN IP Address** - Must be a valid IP Address. The default is the current dynamic address if known, otherwise 127.0.0.1.
* **Sugarizer** - provides Sugar Labs activities directly on the server.

**Static WAN Mask** - Must be a valid Network Mask. The default is the current maks if known, otherwise 255.255.255.0.
### Portals

**Static WAN Gateway** - Must be a valid IP Address. The default is the current gateway if known, otherwise 127.0.0.1.
* **WordPress** - the popular content management system.

**Static WAN Name Server** - Must be a valid IP Address. The default is the current gateway address if known, otherwise 127.0.0.1.
* **MediaWiki** - the basis of all the Wikipedias

### Internet Access for Installations
* **Moodle** - A Courseware Manager and E-Learning Platform.

During the installation of the Server all of the software packages were stored for future use when you might not have an Internet connection. But as long as you do have an Internet connection any future installations or updates still cause packages to download from the Internet. If you want to use the stored packages even when you have an Internet connection you can check this box.
Moodle is one of the most widely used Learning Management Systems. There is a great deal of course materials available for it, and it can be used to set up classes and curriculum.

**Please Note:** This parameter will only be rarely changed.
### Media Sharing, Printing and Games

### Admin Console Security
* **Elgg** - A Social Networking Platform for Student Blogging, File Sharing, and Collaboration.

The Admin Console, this program, is password protected. You can further protect it by requiring an encrypted connection to the Server. This less convenient because of the questions it will cause the browser to ask, but may be necessary if you think someone might spy on traffic on the network.
* **Nextcloud** - A local server-based facility for sharing files, photos, contacts, calendars, etc.

Internet Caching/Filtering
--------------------------
* **Samba** - Provides Network File Sharing.

**Please Note**: These parameters only take effect when you have selected the Gateway Role on the previous screen and have the necessary Network Adapters.
There is some overlap between these three. **Elgg** allows blogging and other forms of social media. Students and Teachers can use it to collaborate on projects or for journaling. **Nextcloud** is great for sharing media. It has apps for phones and tablets that make it easy to drop photos and other materials onto the server for sharing. **Samba** gives you the ability to share directories on the server that can be accessed by Teachers and Students as if they were local to their laptops.

* Enable local Web Page storage for later fast access (Squid cache)
* **CUPS** - Provides support for **Printers** either directly attached to the server or on the network.

* Restrict Web Page Access to a Specific List of Sites (Permitted URLs)
* **USB based content libraries** - support for inserting a usb device to provide content on the server.

* Block all HTTPS Access to Web Page
* **Minetest** - the popular open source, educational computer game.

* Restrict Web Page Access according to Words in the Content (DansGuardian)
### Communications and Computer Lab

When the Server acts as a **Gateway** between users and the Internet it can provide two main types of services. The first is that it can make the connection to the Internet more efficient by caching or storing responses on the server so that the next request does not need to go to the Internet. You will usually want this.
* **AzuraCast** - a self-hosted web radio management suite.

In addition, it can filter the sites that students are permitted to access in three ways. The first is to only allow pages in the **Permitted URLs** list to be accessed; see below. The second is that all sites accessed with https security can be blocked to prevent users from by-passing the previous filter.
* **Lokole Email** - Offline email that can transmit (and receive) a local community's emails every night.

The last filter is based not on URLs, but on **Words in the Content**.
* **PBX** - a network base local phone system.

Use your local policy to decide which of these filters to enable.
* **Gitea** - is a local git repository server.

Server Portal
-------------
* **Node-RED** - enables electronics projects with a flow-based development tool for visual programming.

The Server portal or home page is the main menu for accessing the various content modules on the server.
### For Monitoring and Administration

This is an aspect of the server that many wish to customize based on content choices, so we have included several alternative home pages.
The options below are intended for administrators and people who may help with or support the installation of this Server. It is best to consult with someone who set up the server to decide which of these to turn on.

* The default is simply called Home and has an icon look and feel with submenus.
* **Collect Statistics** - on the use of Sugar Activities.

* An earlier home page called xs-portal remains with multilingual capabilites and php scripts to detect the presence of content.
* **Monit** - Watches critical applications and restarts them if they fail.

* For those who want to take customization further, both WordPress and Dokuwiki are installed and may be made the home page.
* **Munin** - Collects and graphs system-level statistics.

**Please Note**: Selecting WordPress or DokuWiki will only take effect if you **Check its Box** titled 'Check to Enable'.
* **vnStat** - Gathers and displays networking statistics.

Services Enabled
----------------
* **AWStats** - Graphs statistics on web server usage.

The Server has many individual pieces of software that are incorporated into it when it is set up so that they do not have to be installed later when you might have a slow Internet connection. Many of these are not turned on initially, but may be turned on or enabled by checking the box beside the name. Applications that are not used may also be turned off.
* **phpMyadmin** - Allows maintenance of MySQL databases.

You should **note** that a number of items below require content to be useful. Enabling them turns them on, but you must also optain content using the **Install Content** menu or from a portable hard disk.
* **OpenVPN** - Allows a secure connection between servers over the Internet for remote maintenance. You can access via a terminal or a web browser.

Note some services listed below may not be installed and will not have a checkbox.
* **RemoteIt** - another way to connect to external sources of support.

### For Students
Network Parameters
------------------

* **Services for XO Laptops** - Such as Registration, Backup, and the Activity Server.
* **Chat and Collaboration Server** - For XO Laptops and Others.
You will not usually need to touch these, but they are here in case you do and also for reference.

If your school has OLPC XO laptops you should probably check these two. Otherwise you do not normally need them.
### Hostname and Domain Name

* **Moodle** - A Courseware Manager and E-Learning Platform.
Both hostname and domain name can be changed, but you would normally only do this to fit into a larger networking environment.

Moodle is one of the most widely used Learning Management Systems. There is a great deal of course materials available for it, and it can be used to set up classes and curriculum.
**Warning:** If you change the Hostname or Domain Name, you will need to refresh the browser after clicking Install Configured Options.

* **Kiwix** - Serves Wikipediae and other content from sources below. You must also install content.
The most important parameter is the **Role of the Server** in your network. The server can play one of three roles

If you want any Wiki content you problably want this. Kiwix provides a server allows you to view and search a broad range of Wiki type material independent of the Internet. This material is selected in **Install Content** - **Get ZIM Files from Kiwix**
### Gateway

The main reason you would not want this is if the server has very limited disk space.
This means that the server has two connections, Ethernet and/or Wi-Fi, and that it filters traffic from
client machines to the Internet.

* **KA Lite** - Serves Khan Academy videos and Exercises. You must also install content.
* **KA Lite Downloader** - This is only the downloader portion of the application which may be turned off if you don't plan to download videos.
### Appliance

Khan Academy is a famous source of instructional videos originally on math topics, but now spanning numerous subjects. KA Lite is an offline version of these videos with accompanying exercises.
This means that Internet-in-a-Box is just another machine on the network and usually that its content can be reached by a browser with the URL http://box or http://box.lan.

* **OpenStreetMap** - From the original Internet-in-a-Box, this is a world map to 13 or 16 levels of zoom depending on the tiles you install.
### LAN Controller

* **Calibre** - An E-Book Platform. You must also install content.
This is similar to an Appliance except that the server is playing a network role for other machines on the network, such as supplying IP Addresses and Name Resolution. An Appliance is a member of the network. The LAN Controller is in charge of it.

* **Pathagar** - Another E-Book Platform. You must also install content.
### Override IP Addresses

### Media Sharing and Printing
There may be times when in order to fit into an existing network you need to change the IP Address of the adapter connected to that network. Again this is something you would seldom do. There are four fields that must be entered:

* **Elgg** - A Social Networking Platform for Student Blogging, File Sharing, and Collaboration.
**Please Note**: None of the values entered have any effect unless you **Check the Box** titled 'Check to use a static WAN IP Address instead of DHCP'.

* **Nextcloud** - A local server-based facility for sharing files, photos, contacts, calendars, etc.
**Static WAN IP Address** - Must be a valid IP Address. The default is the current dynamic address if known, otherwise 127.0.0.1.

* **Samba** - Provides Network File Sharing.
**Static WAN Mask** - Must be a valid Network Mask. The default is the current maks if known, otherwise 255.255.255.0.

There is some overlap between these three. **Elgg** allows blogging and other forms of social media. Students and Teachers can use it to collaborate on projects or for journaling. **Nextcloud** is great for sharing media. It has apps for phones and tablets that make it easy to drop photos and other materials onto the server for sharing. **Samba** gives you the ability to share directories on the server that can be accessed by Teachers and Students as if they were local to their laptops.
**Static WAN Gateway** - Must be a valid IP Address. The default is the current gateway if known, otherwise 127.0.0.1.

* **CUPS** - Provides support for **Printers** either directly attached to the server or on the network.
**Static WAN Name Server** - Must be a valid IP Address. The default is the current gateway address if known, otherwise 127.0.0.1.

### For Monitoring and Administration
### Firewall

The options below are intended for administrators and people who may help with or support the installation of this Server. It is best to consult with someone who set up the server to decide which of these to turn on.
You will likely not change these.

* **SchoolTool** - A School Administration System.
* **Inbound Ports**

* **XO Visualization** - Graphs of Student Usage Statistics.
* Title to Appear on XO Visualization Charts
Determines which if any ports will be open to the WAN

* **Collect Statistics** - on the use of Sugar Activities.
* **Outbound Traffic**

* **Monit** - Watches critical applications and restarts them if they fail.
Allows netowrk traffic to be routed from LAN to WAN

* **Munin** - Collects and graphs system-level statistics.
Internet Caching/Filtering
--------------------------

* **vnStat** - Gathers and displays networking statistics.
**Please Note**: These parameters only take effect when you have selected the Gateway Role on the previous screen and have the necessary Network Adapters.

* **AWStats** - Graphs statistics on web server usage.
* Enable local Web Page storage for later fast access (Squid cache)

* **phpMyadmin** - Allows maintenance of MySQL databases.
* Restrict Web Page Access to a Specific List of Sites (Permitted URLs)

* **OpenVPN** - Allows a secure connection between servers over the Internet for remote maintenance. You can access via a terminal or a web browser.
* Block all HTTPS Access to Web Page

* Restrict Web Page Access according to Words in the Content (DansGuardian)

This comment has been minimized.

Sign in to view

Copy link
@holta

holta Apr 15, 2022

Member

With DansGuardian's most recent stable release being almost 13 years ago (2009-06-01), and nobody using it that we knew of, it was essentially removed from IIAB last year:

https://github.com/iiab/iiab/blob/master/roles/network/tasks/dansguardian.yml.unused

(Docs should probably reflect that reality?)

PS Elgg likewise was deprecated last year:

https://github.com/iiab/iiab/tree/master/roles/0-DEPRECATED-ROLES/elgg

When the Server acts as a **Gateway** between users and the Internet it can provide two main types of services. The first is that it can make the connection to the Internet more efficient by caching or storing responses on the server so that the next request does not need to go to the Internet. You will usually want this.

In addition, it can filter the sites that students are permitted to access in three ways. The first is to only allow pages in the **Permitted URLs** list to be accessed; see below. The second is that all sites accessed with https security can be blocked to prevent users from by-passing the previous filter.

The last filter is based not on URLs, but on **Words in the Content**.

Use your local policy to decide which of these filters to enable.

## Internal Wi-Fi Appliance

* Set various hotspot parameters

* **TeamViewer** - TeamViewer provides a secure connection for Remote Support and Online Meetings. You can access the server with a graphical user interface and do file transfers.
* Turn on Captive Portal

Edit Permitted URLs
-------------------
Expand Down

0 comments on commit 54fc327

Please sign in to comment.