System Administration

System Administration information

How to prevent emails from Noodle from being marked as spam.

If you are hosted by Vialect and are using mail.vialect.net in the SMTP settings half of it is already taken care of:

  • If using SPF add our mail server, then verify with.
    • Lin
      dig sub.domain.tld TXT +short | grep spf
    • Win
      nslookup -type=TXT sub.domain.tld | findstr spf
  • If using Google mail client add a filter (to add a tag) for anything with your Noodle domain name in it.
  • If you are using an SPF please add include:mail.vialect.net

If hosting Noodle on your own server or using your own SMTP server, additionally:

  • Whitelist the Noodle server (Postfix, Spamassassin, Exchange)
  • Use authentication in the Noodle setting
    • [user:pass@]domain.tld[:port][,protocol]

Another option is to use something like noreply@vialect.com in the "Send system emails from" system setting.

Check potential issues from

System Tools > Analytics > electronic mail address issues

Restarting Noodle service

  • Microsoft
    • sc stop noodle
    • sc start noodle
  • Linux like sysvinit/Upstart
    • service noodle restart
  • Linux like Systemd
    • systemctl restart noodle
  • Linux like launchd
    • launchctl unload /System/Library/LaunchDaemons/noodle.plist
    • launchctl load /System/Library/LaunchDaemons/noodle.plist
  • Linux like SMF
    • svcadm restart noodle

  1. Make sure the port you want to use is not already in use:
    • Linux-like systems
      • netstat -ln | grep ":80 "
    • Microsoft
      • netstat -na | findstr ":80"
  2. Edit the connection port in server.xml (a text file) to an available port.
  3. Remember to update the OS and network firewalls.
  4. restart the Noodle service
  5. Update the Noodle setting “System Tools > Settings > URL for Noodle”

Microsoft Windows runs http.sys on port 80 by default. Disable http.sys by running these 2 commands:

  1. sc config http start= disabled
  2. net stop http /y

Or if you want to use both you can bind them to different IPs:

  1. http.sys IP (netsh http add iplisten ipaddress=192.168.0.101)
  2. Noodle IP (Edit the connection address in server.xml to 192.168.0.100)

LAN security options for the server:

  • Whole disk encryption (prevents bypassing security by reading the disk with another computer).
  • Dedicated server (reduces exploitable surface area).
  • Automated Linux updates
  • Firewall blocking all but ssh and the Noodle http[s] ports (reduces exploitable surface area).
  • ssh keys (prevents password guessing on ssh).
  • IDS, and resource alerts

List of most to least secure ways of connecting to the Noodle service:

  1. On a network not (even indirectly) connected to the internet.
    • online features will necessarily not work;
      • email
      • upgrade button
      • unsplash
      • auto ssh
      • etc
  2. On a network only indirectly connected to the internet.
  3. On a public network with a firewall or NAT port forwarding blocking all but one port.
  4. On a public network.

Public network security options:

  • HTTPS
  • DNS CAA records
  • HTTP headers (content-security-policy, strict-transport-security, etc)
  • White list
  • Auto blacklisting enabled.
  • "Session Security Level" to 4 (prevent session hijacking).
  • IWA or 2 factor authentication.
  • "Minimum password length" to 8 (make password guessing harder).
  • Encrypted VPN or ssh tunnel.
  • Anonymity networks like tor can be used, optionally with ssl or ssh (in practice will prevent anyone, including governments, from knowing what server a user is talking to).

    • Instead of downgrading we encourage you to report issues and then upgrade to a fixed version.
    • A new unwanted feature can often be made optional by adding a setting to disable it.
    • To test customizations against a new version we recommend cloning the VM or DB to a test instance to try the upgrade out before applying it to the production version.
    • If only the last number of the version has changed, downgrade by replacing its lib directory with the old version.
    • If the second number in the version changes reverting the database structure will require a custom build.

Noodle SSO can be setup with IWA, JWT, SAML, or for non managed users there are also options to store the password locally.

  • Noodle setup for IWA.
  • Noodle setup for JWT.
  • Noodle setup for SAML.
  • Add a web shortcut to the users startup, homepage, or desktop
    • System Tools > Settings > Security > Permit Login via GET = yes
    • https://$D/HandleLogin.po?user_name=$U&user_password=$P
    • A link can be downloaded from the profile page.
  • Use a cookie
    • Enable  the "Noodle > System Tools > Settings > User Settings > Remember my login information" feature
    • This option will ask for a password if the user ever clicks logout.

This page is for those who host on their own Windows server and are trying to diagnose the cause of a 404.

  1. If your browser on the server is displaying the page (http://127.0.0.1) properly, it's a networking problem:
    • check server.xml for address binding.
    • Check the Noodle block and allow lists.
    • check port forwarding, routing, firewalls, and dns on the server, client, and every device inbetween.
  2. If your browser on the server is displaying the wrong page or anything other than a timeout, it's a service conflict (logs contains "Address already in use"):
    • Use a different port or stop and disable other services using port 80.
      • Windows - built in:
        • sc config http start= disabled
        • net stop http /y
      • Linux - list what is using the port:
        • netstat -lnp | grep ":80"
  3. If there is no noodle.log it's a .bat or Java problem:
    • run the intranet.bat one line at a time to isolate the problem.
    • reinstall Java and check intranet.bat can find it.
  4. If there is no java.exe in the task manager it's a config problem:
    • look in the log folder for errors.