SUPERMON 6.2+ SETUP AND CONFIGURE

SUPERMON 6.1+

Supermon 6.1+ is an update to Supermon 6.0+ adding some new features and putting the finishing touches on the great 6.0+ release in April 2018. This doesn't end the update path of Supermon but at this point it would be hard to fathom what else could be added. Supermon 6.1+ changes no user parameters as shown in the protected files list in this document. If you are currently using Supermon 6.0+ simply update and refresh your browser to start using Supermon 6.1+. See the Supermon 6.1+ addendum at the end of this document for details on the new features. If you are new to Supermon you will need to follow the simple install instructions below first then see the addendum at the end for 6.1+ feature enhancements. The prior release was Supermon 6.0+ could be describe as Allmon on steroids. Paul Aidukas, KN2R has been working on an improved Allmon2 for several years and Supermon is the result. It is a one stop place to do management of your Allstar system from a web browser from anywhere in the world. Supermon 6.1+ adds the following new features to the already impressive features of Supermon 6.0+. Features


PLEASE BE CLEAR - THIS SITE IS UNDER DEVELOPMENT 

if you feel you are owed something here .... you are at the wrong website 
entitlement does not exist here


 Supermon 6.1+ adds these new features in addition to those in 6.0+:
- Bug fixes and lots of other minor improvements.
- smlogger program improvements.
- Added “PTT-Keyed” and a few other indicators for each node header.
- Reload button now performs “iax2, rpt, and dialplan reloads”.
- Configuration Editor updated with a few new files.
- A few changes to display for [CPU Status] button.
- Items added to display for [AllStar Status] button.
- Better window management of all popup windows for logs and apps, etc.
- Added new [SW Update] button to check status of HamVoIP updates.
- Added new [Database] button to provide view of entire AllStar internal database.
- Updated [Archive] button, now uses only one variable for web link address.
- Added new “Listen Live” web link for each node header for those using Broadcastify.
- Added [CPU: temperature] display on main screen, changes color - green, yellow, red with temperature.
- Visual display changes throughout Supermon system.
More info on these 6.1+ updates in the addendum at the end of this document
Supermon 6.0+ includes all the features of Allmon 2.1 plus all these and more:
 - Much improved Security allows much safer Internet access
 - Many bugs and quirks fixed
 - Opens less screens and tabs
 - Drop down menus, organize by system for many node configurations
 - Fully supports IRLP display and control if IRLP is installed.
 - Is compatible on all iPhones and Android smart phones!
 - Date/time, Uptime, and load average display.
 - Callsign and node number 'LookUp' for AllStar. Also for Echolink and IRLP, if installed.
 - DTMF commands can be entered.
Page 1 of 21 Supermon Allstar/IRLP/Echolink System Managment Program - V1.20 - 11/11/18
 - Stats for your local node number or remote node numbers.
 - Favorites Panel function to easily connect to your favorite nodes.
 - Configuration Editor to easily view ALL the AllStar/IRLP/Echolink configuration files from the web.
 - Full CPU and disk information display.
 - Easily Start/Stop/Restart/Reboot The AllStar software or reboot machine.
 - Access online AllStar docs, Allstar wiki, hamvoip webpage and Howto's.
 - Show Active nodes and all nodes.
 - Access AllStar logs, Connection logs, IRLP logs if installed, and Web access and error logs.
 - lsnodes with full IRLP information compatibility.
 - Node info and registry info access.
 - Full AllStar status display.
 - Asterisk module and rpt reload
Supermon 6.0+ file changes
The logger has changed from swissarmy to smlogger. The web_console and swissarmy files are no longer
used and have been deleted from the distribution. Security has been significantly improved. It should be safe
to put this out on the web BUT safe practices still apply!! A future version will include access control. Until
then ALL buttons and operations are available to anyone that logs in and they would have significant control
over your Allstar server. If you do put this on the web make sure you use secure passwords.
Installation Notes
Installation is similar to Allmon2+. Both Allmon2 and Supermon are provided with hamvoip V1.5 and
above. The directions for Allmon2 and Supermon are similar. Note that if you already have the manager
user/pass setup for Allmon2 you do not need to repeat that for Supermon. Both can use the same manager
and password although if desired you could add a different user/pass to the manager.conf file for each one. If
you have already created a manager user and password and you intend to use it for Supermon you can skip
step 1 below. For current Supermon users see the update notes at the end of this file.
1. Create a password for Allmon to login to the Asterisk Manager
Enter the /etc/asterisk directory
cd /etc/asterisk
Edit the manager.conf file
nano manager.conf
Add a secure password where it shows 'secret =' under the [admin] stanza, for example:
secret = xxxxx
Enter you desired password in place of the xxxxx above.
Restart asterisk.
astres.sh
Page 2 of 21 Supermon Allstar/IRLP/Echolink System Managment Program - V1.20 - 11/11/18
2. Configure Supermon with your node number and Asterisk Manager password
Change to the Supermon directory
cd /srv/http/supermon
Edit the allmon.ini file
nano allmon.ini
Change the line's with 1998 to your node number. Also change the passwd= line and replace the
xxxxx with the password your chose in step 1 or have already assigned in the manager.conf file. You will
probably do other editing in this file later but for now this will get you going.
3. Create a password for you and possibly other users to login to Supermon
Change to the Supermon directory if not already there.
cd /srv/http/supermon
Recommend removing any existing .htpasswd file - rm .htpasswd
Add an htpasswd file
htpasswd -cB .htpasswd <userID> (subsequent additional entries use just -B)
Supply a password of your choice when prompted.
<userID> is the login ID and can be any username you would like to assign; your callsign
or admin for example. DO NOT enter the < or >. Do NOT use a ! (exclamation) in the password.
You can have more than one login and password. If assigning additional passwords the 'c'
create file switch must be dropped. In this case use:
 htpasswd -B .htpasswd <userID>
To start Supermon in your browser enter your server's IP address/supermon in the address bar.
If your servers IP address is 192.168.1.100 then:
 http://192.168.1.100/ supermon - assumes port 80
If you are using a different port - http://192.168.1.100:PORT/supermon - where PORT = your port number.
Additional items to configure
There are several Supermon parameters that you can configure to your liking.
To edit the following files you have the choice of entering Supermon and using the configuration editor
button if the files are writable or doing it manually in Linux. File permissions are set for security reasons if
Page 3 of 21 Supermon Allstar/IRLP/Echolink System Managment Program - V1.20 - 11/11/18
you make Supermon available to the outside world. Be aware that changing these permissions could make
you system vulnerable to hackers.
When you run Supermon the first time these parameters will have generic settings. The hamvoip software
initializes with two nodes configured, 1998 and 1999. These are temporary private nodes. The setup program
configures the first node, 1998 to your real node number. 1999 is left as a spare pseudo node that if desired
could be configured as a second node. Supermon is initially configured for these two nodes 1998 and 1999.
1998 should be replaced with your first node number and 1999 with a second if it exists.
allmon.ini
This was already configured in your initial setup above with your primary (first) node number but this shows
more detail and how you can add additional nodes. If you had a second registered node on this server you
would replace the 1999's below with its node number.
To edit manually use 'nano /srv/http/supermon/allmon.ini'
To view using the Supermon editor select 'Configuration Editor' then 'Supermon allmon.ini' on the
dropdown menu.
Here is the default allmon.ini file. Replace the 1998's with your first node number and 1999's with your
second if it exists. Add additional nodes as desired. The user and passwd must match the manager.conf
password for the defined host. This file can be further edited to your liking at a later date. See more info on
this below.
[1998]
host=127.0.0.1:5038
user=admin
passwd=
menu=yes
hideNodeURL=no
[1999]
host=127.0.0.1:5038
user=admin
passwd=
menu=yes
hideNodeURL=no
[All Nodes]
nodes=1998,1999
menu=yes
[lsNodes]
url="/cgi-bin/lsnodes_web?node=1998"
menu=yes
[HAMVOIP]
url="http://HamVOIP.org"
menu=yes
Note – the Supermon allmon.ini file retains the menu=yes|no directive but the logic has changed in version
6.0+. If no menu statement is entered or entered as menu=no it will NOT be displayed. To display a stanza it
MUST be menu=yes in that stanza.
See the /srv/http/supermon/allmon.ini.example file for more examples including for RTCM's. The voter.ini
Page 4 of 21 Supermon Allstar/IRLP/Echolink System Managment Program - V1.20 - 11/11/18
file is no longer used in Allmon2 or Supermon. All node information is stored in allmon.ini.php for
Allmon2 or allmon.ini for Supermon.
global.inc
global.inc contains the user specific information that is displayed on the Supermon screen. Your call, name,
location, and what is displayed on various parts of the screen.
To edit manually use 'nano /srv/http/supermon/global.inc'
To view using the Supermon editor select 'Configuration Editor' then 'Supermon Configuration' on the
dropdown menu.
Change the “bolded” items below to your settings. Other items can be edited to change displayed text, select
a different background image or color and set image display size.
<?php
// Set the values to your parameters
// ONLY change text between quotes
//
// Your callsign
$CALL = "YOUR CALL";
//
// Your name
$NAME = "YOUR NAME";
//
// Your location
$LOCATION = "YOUR LOCATION";
//
// Second line header title
$TITLE2 = "RPi2-3 Node";
//
// Third line header title
$TITLE3 = "Allstar/IRLP/Echolink System Manager";
//
// Background image - specify path if not /srv/http/supermon
// Leaving BACKGROUND null "" results in BACKGROUND_COLOR
$BACKGROUND = "background.jpg";
//
// Background color if no image
$BACKGROUND_COLOR = "blue";
//
// Height of background - matches image height
$BACKGROUND_HEIGHT = "124px";
?>
Page 5 of 21 Supermon Allstar/IRLP/Echolink System Managment Program - V1.20 - 11/11/18
TITLE_LOGGED and TITLE_NOT_LOGGED are the FIRST line above in the Photo are are not user
configurable. TITLE2 is the second line. TITLE3 is the last line. The Location line is from the location
parameter and will show Anywhere, USA until changed. BACKGROUND defines the image file and
BACKGROUND_COLOR defines the solid color background if the image file is not present.
BACKGROUND_HEIGHT in px defines the displayed height of the image which should match the actual
image height.
This is the footer line that displays at the bottom of the Supermon page and shows
your name and call as entered in the global.inc file.
NOTE – in version 6.0+ the login/logout icon has been moved to the second line of the
header as shown above in the upper left below the call.
Logging Configuration
The swissarmy tool which was used for logging in prior versions is no longer used by Supermon 6.0+ and no
longer supported. In its place the program smlogger now does the logging.
In order for logging to work you must add the following statements to your /etc/asterisk/rpt.conf file for
smlogger to function. If you previously used Supermon with swissarmy replace that name with smlogger as
shown below.
connpgm=/usr/local/sbin/supermon/smlogger 1
discpgm=/usr/local/sbin/supermon/smlogger 0
These statements are added in the node section for EACH defined node on your Allstar server.
Page 6 of 21 Supermon Allstar/IRLP/Echolink System Managment Program - V1.20 - 11/11/18
Description of Supermon Buttons
Refer to this image for the descriptions of the buttons and display blocks below. Note that the AST registry
button will not be shown if exclusively using DNS node lookup and the IRLP log button will not be shown
if IRLP is not active which would usually be the case.
Important Note
For Supermon to work correctly browser POPUPS must be allowed and scripts cannot be blocked. You can
allow popups selectively in your browser for just this application. Supermon and Allmon2 DO NOT work in
Microsoft browsers. Other browsers like firefox, chrome, etc work fine.
Header
The header photo and text is defined in the /srv/http/supermon/global.inc file. The URL's at the bottom of
the header (Node numbers, lsnodes, and HAMVOIP) select the operational node(s), display the lsnodes
screen, open the hamvoip web page, and give a description of Supermon. These nodes and URL's are defined
in /srv/http/supermon/allmon.ini. See the allmon.ini description above.
Page 7 of 21 Supermon Allstar/IRLP/Echolink System Managment Program - V1.20 - 11/11/18
Connection Control
Below the header are the lines which control the selected Allstar node. Selections are at the bottom of the
header and in this example and in the default settings are 1998 and 1999. Selecting All nodes display both.
Entering a node number in the blank box and selecting an option of CONNECT, DISCONNECT,
MONITOR, LOCAL MONITOR performs that action immediately. The action is displayed and a
window at the bottom shows the connection details. In this example it shows connected to node 27225 after
entering 27225 in the box and selecting connect. The connected nodes are shown at the bottom of the screen.
When this screen shot was taken 27225 was also active and shown in blue background. Checking the
permanent box makes a permanent connect or disconnect.
Below the buttons are shown your WAN public IP address, LAN IP address, Asterisk IAX port, Asterisk
manager port and Linux SSH port. The Linux uptime and load averages are shown on the next line.
DTMF allows full DTMF sequences as you would enter on a keypad. So entering *81 in the box and
selecting DTMF would play the time locally. The DTMF commands are sent to the active node selected in
the blue area of the display and the selected node in the drop-down menu if “All nodes” are selected. This
can be done locally or remotely.
Bubble Chart gives the currently connected display of node interconnects.
Lookup gives information about the data entered in the entry box. This can be be a call or node number of
an Allstar, Echolink, or IRLP node. When using node numbers the Allstar number is entered as is. The
Echolink node number is preceded by a “3” and the IRLP node number by an “8”. So Echolink node number
“140140” would be “3140140” and IRLP node number “9999” would be “89999” as entered. Partial lookups
can also be used such as “WA3” which would list all the WA3xxx calls currently active in all three modes.
NOTE – Echolink and IRLP will not display if they are not enabled on this server.
Rpt Stats gives statistics on the node entered in the entry box
Control allows quick execution of common comands. Supermon has default commands defines but users
can edit the /svr/http/supermon/controlpanel.ini file to change or add their own commands. This can also be
edited in the configuration editor with dropdown selection Supermon controlpanel.ini.
Favorites allows quick connects to your favorite nodes. This could be Allstar, or IRLP/Echolink if
enabled. This is user definable by editing the /srv/http/supermon/favorites.ini file or with the configuration
editor dropdown selection Supermon favorites.ini.
The second section of controls are used for checking and controlling your Linux/Allstar system.
Configuration Editor – The configuration editor allows you to edit many of your Asterisk /Allstar and
related files but for security reasons many of the files are read only. If the files are writeable you have the
option of using this editor otherwise you must edit it directly in Linux. Editing files unsecured over the web
is not desirable but this does allow you to view the files if they have read permissions.
Page 8 of 21 Supermon Allstar/IRLP/Echolink System Managment Program - V1.20 - 11/11/18
AST MODULES/RPT RELOAD, FAST RESTART, AST STOP, AST START, SERVER
REBOOT
These commands perform Asterisk and system functions. AST Modules/rpt Reload reloads the reloads
configuration files without restarting Asterisk, Restart Asterisk, Stop and Start Asterisk, and Reboot the
server. All of these commands ask for confirmation.
DOCS, HOW-To's, Wiki
Brings up a window with Allstarlink.org documentation and hamvoip.org how-to's or Alltar wiki.
CPU Status – Show lots of information about the CPU and operating system.
Allstar Status – shows pertinent information about your nodes.
Allstar Registry – shows the rpt_extnodes file if not in all DNS mode. This button does not display
when all nodes are in DNS mode on this server.
Node Info – Gives Node, Call, Description, Location of all online Allstar nodes.
Active Nodes, All Nodes – Show Allstarlink.org list of currently active and all registered nodes.
Pi GPIO – View and manipulate the Pi GPIO bits
Linux Messages Log – Displays the Linux log. Note for readability reason lines with 'sudo' are filtered
from the output as they would consume most of the log when running lsnodes or Allmon2/Supermon. If you
need to see an unfiltered log you can use the 'journalctl' command in Linux.
AST Log – Asterisk log. Useful for troubleshooting
The asterisk log as configured is not terribly useful. To make it more useful with more messages do the
following.
Edit - /etc/asterisk/logger.conf
messages => notice,warning,error,verbose
Add verbose to the end of the messages line as shown above. Save the file
Because this adds a great deal more detail to the log there needs to be a means to keep the log manageable
and not exceeding a certain size. A script called trimlog.sh in /usr/local/sbin will do this for you. You need to
setup a cron to run this script periodically. Use 'crontab -e' to add and save the file. A suggested cron is:
10,25,40,55 * * * * /usr/local/sbin/trimlog.sh /var/log/asterisk/messages 1000
This runs the check every 15 minutes and if the number of lines is greater than 1000 only the last 1000 lines
Page 9 of 21 Supermon Allstar/IRLP/Echolink System Managment Program - V1.20 - 11/11/18
are retained. The user can optionally change the number of lines to suit their needs.
A future update will eliminate the annoying manager connect/disconnect messages at the verbose level.
Connection Log – Shows date and time of node connections
IRLP Log – Shows IRLP log only when IRLP is installed and active. This button does not display when
IRLP is not active on this server.
Web Access and Error Logs – Shows the web server (httpd) access and error log.
Node Allow/Restrict – Allows the user to establish a whitelist/blacklist. See the hamvoip.org
whitelist/blacklist howto.
Display Configuration – This button is visible whether logged in or not and allows any user to have the
ability to configure how the display is presented. You can specify whether you want the number of
connections displayed at the bottom (xx of yy) of each node, whether you want to limit the number of
connections displayed, and whether you want to display connections that were never keyed. This is most
useful when you have large numbers of connections and manage many nodes such that the screen becomes
very long. These options are stored in cookies on your computer and are per browser on that computer. So if
you use different computers or browsers the results could be configured on each and would return the next
time you bring up Supermon. The default is to display all connected nodes without numbers. An example of
a display showing the numbers with no “never keyed” nodes is shown above. Recently accessed nodes
always move to the top in ascending order so limiting the number of displayed nodes always shows the most
significant ones.
Page 10 of 21 Supermon Allstar/IRLP/Echolink System Managment Program - V1.20 - 11/11/18
An addition to Supermon adds the ability to see local keyups on your Allstar nodes. This adds a line as
shown above that displays in a light blue background color. Remote nodes are also monitored for local
keyups. This follows the local RX-Keyed or COS status. An update has removed the term local and instead
giving the node number keyed. Using remote manager connects this may not necessarily be local.
More Configuration Information
The /srv/http/allmon.ini file has the ability to add items to the top menu. As you can see below a portion of
the allmon.ini file can have labels and actions for any URL local or remote. The labels can be anything, the
action has to do something correctly. Suppose you wanted to add a link to Ham Radio outlet so you could
buy equipment at a moments notice while you Allstar'ed! It would look like this -
[HRO]
url=”http://www.hamradio.com”
menu=yes
You can also add custom headings with drop-down menus. The following example shows how to add a
Display Group. Each node (only a few are shown) has an entry of “system=Nodes”. Then as shown, dropdowns are created for All Nodes, Hubs, Public Nodes, Private Nodes, and Echolink Node. Each of these have
a line “system=Display Group”. The screen shot below shows the resulting drop-down menu that is created.
Page 11 of 21 Supermon Allstar/IRLP/Echolink System Managment Program - V1.20 - 11/11/18
[41760]
host=192.168.0.216:5038
user=admin
passwd=
menu=yes
system=Nodes
hideNodeURL=no
[1998]
host=192.168.0.211:5038
user=admin
passwd=
menu=yes
system=Nodes
hideNodeURL=yes
(Other node stanzas not shown)
[All Nodes]
system=Display Groups
nodes=27225,29014,29015,40561,42291,40879,41139,40961,1600,1700,41760,1998
menu=yes
[Hubs]
system=Display Groups
menu=yes
nodes=27225,29014,29015,41760
[Public Nodes]
system=Display Groups
menu=yes
nodes=42291,40879,41139,40961
[Private Nodes]
system=Display Groups
menu=yes
nodes=1600,1700,1998
[Echolink Node]
system=Display Groups
menu=yes
nodes=40561
Page 12 of 21 Supermon Allstar/IRLP/Echolink System Managment Program - V1.20 - 11/11/18
Note – the “about” url no longer exists and can be removed from existing allmon.ini files. See the
/srv/http/supermon/allmon.ini.example file for several more examples on configuring the allmon.ini
file.
Selecting the Source and Target Nodes
The “source node” is the node selected in the upper left window under the header. If you have multiple nodes
defined in allmon.ini and they are part of the [All nodes] stanza you can select from a drop down menu as
shown below. When you select a node to use as the source this means that the actions that take place using
the first row of buttons will assume that this node is what you are passing as the source node to the
command. If you have a “target” node defined in the blank box to the right that is the node the source node
would connect to or disconnect from. You can populated the “target node” either by typing in the node
number manually or by clicking on the node number in the left column of the various node displays.
Using favorites.ini and controlpanel.ini in conjunction with the “source node”
Commands in the favorites.ini and controlpanel.ini can use the source node to complete commands. In the
case of this line - cmd[] = "rpt cmd %node% ilink 13 27225" - the %node% would be replaced with the
source node. To avoid confusion you probably only want to display the actions that would work or you
would want to work given the correct source node. In order to accomplish this you can add stanza notations
in both of these files such as -
[27225]
label[] = "Connect 27225 to 1998"
cmd[] = "rpt cmd %node% ilink 3 1998"
more commands......
Page 13 of 21 Supermon Allstar/IRLP/Echolink System Managment Program - V1.20 - 11/11/18
[40000]
commands sourcing this node....
So now when you select the source node as 27225 in the left window or drop down only the commands
applicable to this node are displayed. In this case the 40000 stanza or any other stanza other than 27225
would not be displayed.
Setting up the lsnodes links
Each node window has an lsnodes link in the header. The lsnodes link will only work on the node(s) that are
local to the server you are using for Supermon and only if the httpd port is 80. In many situations this would
not be the case. An update to Supermon has added an additional line in the allmon.ini stanza to define the IP
address and the port if other than 80 for lsnodes access. Here are some examples -
lsnodes="http://192.168.0.152/cgi-bin/lsnodes_web?node=40000"
lsnodes="http://192.168.0.152:8181/cgi-bin/lsnodes_web?node=40000"
lsnodes=" http://some -domain. com/cgi-bin/lsnodes_web?node=40000"
lsnodes="http://109.12.37.159/cgi-bin/lsnodes_web?node=1601"
The first example is another server in your same LAN default port 80, the second shows the same connection
with it going to port 8181. The third example shows a domain name and the third an IP address outside of
your LAN.
These definitions can go anywhere in the allmon .ini stanza but typically are put at the end of each for
consistency. Only one definition per stanza. An entry does not need to be made in a stanza that is defining a
node on the httpd server you are using for Supermon, one where the manager address is 127.0.0.1 or
localhost. Also note if you want to use lsnodes on a remote (outside of your LAN) node you must forward
the http port in the router at the remote end. If your router can do “hairpin loopback” you can add the lsnode
addresses as their public IP but note if you need to use lsnodes remotely to multiple servers behind a router
you will need to assign a different http port to each with its associated port forwarding at the remote end.
Firefox insecure login message – beginning in Firefox 51 you will get an insecure message if you try to
login to a site that is not https. You can still login but it is annoying. You can turn this off - open a window to
about:config - accept the risk warning – put secure_field_warning.contextual in the search field. When it
appears click on the value field to make it false. Exit the window. You should no longer get the message
when you login. Be aware though this turns this check off for every insecure login.
It is possible other browsers may start this practice also. If so Google for a possible work around if it bothers
you.
Page 14 of 21 Supermon Allstar/IRLP/Echolink System Managment Program - V1.20 - 11/11/18
Securing your node when using the manager remotely
The Asterisk manage used by Allmon2 and Supermon is notoriously insecure when allowed to be accessed
directly on the Internet from outside of your LAN. In most applications of Supermon this is not an issue. In
the manager.conf the bind address is usually set to bindaddr = 127.0.0.1 meaning only allow access on this
computer or server. But often a user wants to view and control multiple servers within their LAN. In this case
you set the bindaddr=0.0.0.0 meaning access is allowed outside of the server. Then rather than have
multiple Supermon browser sessions running you can integrate all of your servers on one Supermon browser
window. To do this you would reference the node, Local_IP_address:5038, user, and password for each
server in the allmon.ini file. This would not be considered insecure if you were nat'ed through a router and
did not have port 5038 forwarded to anywhere on your LAN.
But what happens when you want to manage a server not on your LAN and somewhere out on the Internet.
Now you would have to port forward the manager port 5038 so you could access it at that remote computer.
Some would say just change the port but doing that (obscurity) is very poor security protection. A port is still
there open to the world and available to hackers. A better way is to use iptables to firewall the port to a
specific IP address. That is only your IP address would be allowed in at the remote end. Here is a sample
script that would accomplish this on a hamvoip system -
#!/bin/bash
# Script to block a port based on IP address
# This script should be run by cron. It detects changes in the remote IP address
# and updates IP tables. Run at least once a day or as often as once every 10 minutes.
# This depends on how often your IP address is likely to change. Depending on
# your situation BOTH the end you are controlling and your end need to do this and
# you also need to change manager.conf to the 0.0.0.0 address.
IPT=/sbin/iptables
PORT=5038 # if you use a different port change this
### Flush any existing rules, preparing to reload...
$IPT -F
$IPT -t nat -F
$IPT -t mangle -F # ignore error here if mangle module isn't loaded
$IPT -X # deletes every non-built-in chain in the table
# Must have localhost:
$IPT -A INPUT -p tcp -s 127.0.0.1 --dport $PORT -j ACCEPT
# Following examples should be uncommented and configured for your application as needed.
# Local LAN - covers all on designated LAN
#$IPT -A INPUT -p tcp -s 192.168.1.0/16 --dport $PORT -j ACCEPT
# Example A specific machine on your LAN:
# If you were using the all LAN example you would not need this.
#$IPT -A INPUT -p tcp -s 192.168.0.6 --dport $PORT -j ACCEPT
# Example a distant node out on the Internet:
# The distant node would also need port forwarding and filtering
#IP=$(getent hosts somedomain.com |awk '{ print $1 }')
Page 15 of 21 Supermon Allstar/IRLP/Echolink System Managment Program - V1.20 - 11/11/18
#if [ "$IP" != "" ]; then
 # $IPT -A INPUT -p tcp -s "$IP" --dport $PORT -j ACCEPT
#fi
# Another out on the Internet example using the hamvoip dns-query
#IP=`dns-query 417600 | awk -F',' '{print $2}'`
#if [ "$IP" != "" ]; then
# $IPT -A INPUT -p tcp -s "$IP" --dport $PORT -j ACCEPT
#fi
# Another Example Using IRLP node lookup from the Internet:
#IP=$(getent hosts stn3787.ip.irlp.net |awk '{ print $1 }')
#if [ "$IP" != "" ]; then
# $IPT -A INPUT -p tcp -s "$IP" --dport $PORT -j ACCEPT
#fi
$IPT -A INPUT -p tcp --dport $PORT -j DROP
# Use this statement at the Linux prompt to view results
# iptables -L
# END SCRIPT
I suggest you cut and paste this script to a file and edit as desired. The filename could be anything you want
but something like block_5038.sh would be descriptive. Then create a cron entry to call it. Here is an
example:
*/30 * * * * /etc/asterisk/local/block_5038.sh
This would run the script /etc/asterisk/local/block_5038.sh every 30 minutes. Make sure the script is
executable:
chmod 750 block_5038.sh
You can check the journal to see if it runs properly every half hour - journalctl -f
and - iptables -L to view the current settings.
Page 16 of 21 Supermon Allstar/IRLP/Echolink System Managment Program - V1.20 - 11/11/18
Summary of Configuration Items New Users
1. Edit /srv/http/supermon/allmon.ini for manager user/pass that matches user/pass in
/etc/asterisk/manager.config.
2. Also edit /srv/http/supermon/allmon.ini for your node(s) and any URL changes you desire.
3. Edit /srv/http/supermon/global.inc with your call, name, location
4. Add or change the lines in all nodes in rpt.conf
connpgm=/usr/local/sbin/supermon/smlogger 1
discpgm=/usr/local/sbin/supermon/smlogger 0
5. Follow the directions at the beginning of this document (item 3, page 2) to setup your .htpasswd – make
sure you are in the /srv/http/supermon directory when setting up. Always use the -cB or -B option when
creating or updating the file. The uses the most secure blowfish option. Also don't use simple passwords,
mix upper/lower alpha, numeric and special characters. Security is important especially when you use
Allmon or Supermon outside of your LAN. Also consider setting your httpd listen port to other than port 80
in /etc/httpd/conf/httpd.conf. If you want to start over with a new .htpassword remove the old one first -
rm .htpasswd
6. Reboot the system after the prior steps.
7. Open your browser to http://YOUR-SERVER-IP/ supermon or
http://YOUR-SERVER-IP:PORT/supermon if using other than port 80.
8. Login using the user/pass you assigned in the .htpasswd setup above. If this doesn't work and you are sure
you are using the correct user/pass assigned in the .htpasswd setup try doing that setup again after removing
the /srv/http/supermon/.htpasswd file
9 Remember to turn ON popups in your browser for this URL. If they are not on your should see a warning
at the top or bottom of the screen. Also don't block any scripts. Supermon and Allmon2 DO NOT work on
Microsoft browsers. All other browsers are known to work fine – firefox, chrome, etc.
10. Have fun with your new SUPERMON!
Page 17 of 21 Supermon Allstar/IRLP/Echolink System Managment Program - V1.20 - 11/11/18
Summary of Configuration Items when Updating from a Previous Version
THIS DOES NOT APPLY WHEN UPDATING FROM 6.0+ to 6.1+
1. Edit /srv/http/supermon/allmon.ini to add menu=yes to each stanza you wish to display.
2. Edit /srv/http/supermon/global.inc with your call, name, location.
3. Add or change the logger lines in all nodes in rpt.conf changing swissarmy to smlogger as per directions at
the bottom of page 5 above.
4. Recommend deleting and reestablishing the .htpasswd file in /srv/http/supermon as per directions above.
The new -B directive adds a better level of security to the password and was added in mid 2017.
Protected Files
Hamvoip updates are programmed to not overwrite user configured files. Instead the update creates a new
file with the name <filename>.pacnew. This leaves all of your settings intact. If there was additional
features added to any of these protected files they would be noted in the <filename>.pacnew file. The user
could them integrate any changes. If one of these files was changed in an update it would also be noted in an
announcement on the arm-allstar forum. The following user configurable files are protected:
/srv/http/supermon/allmon.ini
/srv/http/supermon/controlpanel.ini
/srv/http/supermon/favorites.ini
/srv/http/supermon/global.inc
/srv/http/supermon/.htaccess
/srv/http/supermon/.htpasswd
Supermon 6.1+ Addendum
Version 6.1+ added several new features to Supermon some of which need to be configured to work. If you
use Broadcastify to make your Allstar publicly heard you can add a button to the header of the displayed
nodes that is “clickable” to the Broadcastify player. To do this you must add this to each node that you want
to make the listener available on. This goes in the allmon.ini file like this -
 [40000]
host=127.0.0.1:5038
user=admin
passwd=mypassword
menu=yes
system=Nodes
hideNodeURL=no
listenlive="https://www.Broadcastify.com/listen/feed/xxxxx/web"
The X's are replaced with your Broadcastify feed number. To get this go to your broadcastify page and play it
to get the URL. Users would then go to this page when they click the link. Here is how it is shown in the
header -
Page 18 of 21 Supermon Allstar/IRLP/Echolink System Managment Program - V1.20 - 11/11/18
The node display now have a permanent third line as shown above indicating the status of the node. In this
case it shows Idle. Each status is shown in a different color.
In this case this nodes PTT was keyed.
And in this case this was the originating node, its COS being detected or keyed. Here are the various
displayed statuses and their colors.
No activity: display: Idle, color: lightgray.
COS-Detected only: display: COS-Detected, color: powderblue.
PTT-Keyed only: display: PTT-Keyed, color: lemonchiffon.
COS-Detected and PTT-Keyed (full-duplex repeater) :
 display: COS-Detected and PTT-Keyed, color: palegreen.
Error due to no connect or connection loop – Color : red
Other Features added
Your local weather, temperature and current condition are shown on the Supermon screen if you define the
$LOCALZIP variable in global.inc with your US zipcode. Leaving this undefined will omit the display.
If you are using the AutoSky weather alert package all current alerts will be displayed in red on the supermon
screen. If there are no alerts nothing will display
Note that both the weather and AutoSky displays require refreshing of the screen. Set the
$REFRESH_DELAY parameter in global.inc to do this automatically. It is recommended to use a value of
no more than 5 minutes – 600 seconds between updates of the screen. This will also update the CPU
temperature reading. You will see the time of the last update in the date/time display. This refresh has
nothing to do with node information updates which happen immediately regardless of the update frequency.
Additional global.inc variables
Page 19 of 21 Supermon Allstar/IRLP/Echolink System Managment Program - V1.20 - 11/11/18
Supermon 6.1+ has several additional variables defined in global.inc that can be optionally set. This must be
done by the user as the global.inc file contains user configured information and is protected.
New [Buttons] added to Supermon 6.1+ require settings to turn them on. To enable them edit the “Supermon
Configuration” global.inc file and add any of the following variables with your information. Since this is a
PHP file variable lines must end with a semicolon ';' and the variable names must be exact including case and
preceding dollar sign '$'. Comment lines begin with a double slash '//'. You can cut and paste these lines to
the end of your global.inc file and comment the lines you do not want to use with a double slash '//' Do NOT
use these lines as is unless they match your configuration. Node 40000 is a dummy node used as an example.
// Enable [Database] button – For quick review of entire AllStar internal database.
// Database file should go to a tmp file system or USB stick NOT to the SD card
//
$DATABASE_TXT = "/tmp/database.txt";
//
// Enable Streaming node numbers display when Streaming Audio - Must also be configured in rpt.conf file.
// If multiple nodes are streamed on the server list them separated by a comma – 40000, 40001
//
$STREAMING_NODE = "40000";
//
// Enable Archiving node numbers display if Archiving Audio - Must also be turned on in rpt.conf file.
// If multiple nodes are archived on the server list them separated by a comma – 40000, 40001
//
$ARCHIVING_NODE = "40000";
//
// Enable [Archive] button web link address if Archiving Audio locally or remotely.
// A symbolic link must be created in the supermon/custom/ directory called archive pointing
// to your Archive directory.
//
// For local archive -
$ARCHIVE_URL = "/supermon/custom/archive/40000";
//
// or,
//
// For remote archive -
$ARCHIVE_URL = " http:// 40000.asnode.org:4570/supermon/custom/archive/40000";
//
// When your RPi2-3 system is running on a LAN network with a router/firewall,
// you do NOT need this variable set!
// If your RPi2-3 system is directly connected to the Internet without a firewall/router,
// Supermon can hang trying to get both the WAN and LAN addresses.
// Set this variable to “yes” to disable checking for a LAN address and report only the
// WAN address. This will eliminate the hanging of Supermon in this case.
//
$WANONLY = “yes”;
//
// Add your zip to display local weather on the Supermon screen
//
$LOCALZIP = “yourzip”;
//
Page 20 of 21 Supermon Allstar/IRLP/Echolink System Managment Program - V1.20 - 11/11/18
// If this line is defined the screen refresh will be this number of seconds
// This is needed to update weather and AutoSky displays automatically and could
// be set to about 5 minutes or 600 seconds or an update speed of your liking.
// If this variable is not defined the refresh is the default 20600 seconds.
//
$REFRESH_DELAY = “600”;
//
This document is believed to be correct. If you spot any discrepancies or feel something needs to be better
described or added please pass it along. WA3DSP - doug@crompton.com
Page 21 of 21 Supermon Allstar/IRLP/Echolink System Managment Program - V1.20 - 11/11/18

No comments:

Post a Comment


.
Allstar // AllstarLink -
https://groups.io/g/Allstar
.