Remote access to a Crestron network requires access to HTTPS and to a private port, both of which must be port-forwarded through a firewall.

To distinguish Crestron HTTPS traffic from regular web SSL traffic, it’s helpful to port-forward a variation on port 443, such as 4433, and set that appropriately in the Crestron app.

In addition, it’s necessary for the router to port-forward the port number described as “CIP” in the app, which is typically 41794. Because of cyberhacking, it’s good to change this to a different different port number, and port-forward appropriately.  

Migrating Drupal from MySQL to PostgreSQL is reasonably well documented in a variety of places (https://www.drupal.org/docs/develop/local-server-setup/linux-development-environments/set-up-a-local-development-drupal-1, https://www.digitalocean.com/community/tutorials/how-to-migrate-mysql-database-to-postgres-using-pgloader, etc.), but in my particular instance, I ran into several apparently undocumented hitches. After years of running my websites on a cloud server, I decided to move them to a proprietary server behind a firewall.

• install postgresql[version]-server
• install postgresql[version]-contrib (to get pg_trgm)
• sudo -u www composer require 'drupal/pgsql_fallback:^2.0'
• turn on logging in postgres.conf
• start postgres
• su postgres
  • psql
  • create user 
  • create extension pg_trgm;
• start site and install Drupal

1. Install at least the following packages:

   • apache24

   • php80

   • mysql80-server

   • php80-pdo_mysql

   • nextcloud-php80

2. Modify httpd.conf thusly"

   • LoadModule alias_module libexec/apache24/mod_alias.so

     LoadModule rewrite_module libexec/apache24/mod_rewrite.so

     LoadModule php_module         libexec/apache24/libphp.so

   • ServerAdmin robb@helical.com

I could briefly see folders that contained accents in the finder, but they would disappear after several seconds, then reappear 10 seconds later, then disappear again!

...because --  utf-8...

Solution:

FileMaker is really picky about the ECDSA SSL certificates it will recognize. So the EC key has to be based on the prime256v1 algorithm, and NOT the secp384r1 algorithm (for example). IOW:

openssl ecparam -genkey -name prime256v1 -out <keyfile.key>

openssl req -x509 -sha256 -nodes -days 365 -in <keyfile> -out <certfile.crt>

This seems ominous: omniORB: (0) Warning: SSL CA certificate location is not set. SSL transport disabled.

port install openssh +fido2 (8.4 or later)

port install libfido2

ssh-keygen -t ecdsa-sk -f .ssh/id_ecdsa_sk

To remove the tag "Get your own free account”:

Add this in /path/to/nextcloud/config/config.php: 'simpleSignUpLink.shown' => false

https://help.nextcloud.com/t/remove-link-get-your-own-free-account/41131/5

To remove the tag "Nextcloud" slogan:

Edit /usr/local/www/apache24/data/nextcloud/lib/private/legacy/OC_Defaults.php:

It's a thing, getting blocked from mysql.

So, either directly in mysql or by --init-file (if locked out), add

ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY '<some_password>';