System Administration

System Administration information

Restarting Noodle service

  • Microsoft
    • sc stop noodle
    • sc start noodle
  • Linux like sysvinit/Upstart
    • service noodle restart
  • Linux like Systemd
    • systemctl restart noodle
  • Linux like launchd
    • launchctl unload /System/Library/LaunchDaemons/noodle.plist
    • launchctl load /System/Library/LaunchDaemons/noodle.plist
  • Linux like SMF
    • svcadm restart noodle

  1. Make sure the port you want to use is not already in use:
    • Linux-like systems
      • netstat -ln | grep ":80 "
    • Microsoft
      • netstat -na | findstr ":80"
  2. Edit the connection port in server.xml (a text file) to an available port.
  3. Remember to update the OS and network firewalls.
  4. restart the Noodle service
  5. Update the Noodle setting “System Tools > Settings > URL for Noodle”

Microsoft Windows runs http.sys on port 80 by default. Disable http.sys by running these 2 commands:

  1. sc config http start= disabled
  2. net stop http /y

Or if you want to use both you can bind them to different IPs:

  1. http.sys IP (netsh http add iplisten ipaddress=192.168.0.101)
  2. Noodle IP (Edit the connection address in server.xml to 192.168.0.100)

LAN security options for the server:

  • Whole disk encryption (prevents bypassing security by reading the disk with another computer).
  • Dedicated server (reduces exploitable surface area).
  • Automated Linux updates
  • Firewall blocking all but ssh and the Noodle http[s] ports (reduces exploitable surface area).
  • ssh keys (prevents password guessing on ssh).
  • IDS, and resource alerts

List of most to least secure ways of connecting to the Noodle service:

  1. On a network not (even indirectly) connected to the internet.
    • online features will necessarily not work;
      • email
      • upgrade button
      • unsplash
      • auto ssh
      • etc
  2. On a network only indirectly connected to the internet.
  3. On a public network with a firewall or NAT port forwarding blocking all but one port.
  4. On a public network.

Public network security options:

  • HTTPS
  • DNS CAA records
  • HTTP headers (content-security-policy, strict-transport-security, etc)
  • White list
  • Auto blacklisting enabled.
  • "Session Security Level" to 4 (prevent session hijacking).
  • IWA or 2 factor authentication.
  • "Minimum password length" to 8 (make password guessing harder).
  • Encrypted VPN or ssh tunnel.
  • Anonymity networks like tor can be used, optionally with ssl or ssh (in practice will prevent anyone, including governments, from knowing what server a user is talking to).

    • Instead of downgrading we encourage you to report issues and then upgrade to a fixed version.
    • A new unwanted feature can often be made optional by adding a setting to disable it.
    • To test customizations against a new version we recommend cloning the VM or DB to a test instance to try the upgrade out before applying it to the production version.
    • If only the last number of the version has changed, downgrade by replacing its lib directory with the old version.
    • If the second number in the version changes reverting the database structure will require a custom build.

Noodle SSO can be setup with IWA, JWT, SAML, or for non managed users there are also options to store the password locally.

  • Noodle setup for IWA.
  • Noodle setup for JWT.
  • Noodle setup for SAML.
  • Add a web shortcut to the users startup, homepage, or desktop
    • System Tools > Settings > Security > Permit Login via GET = yes
    • https://$D/HandleLogin.po?user_name=$U&user_password=$P
    • A link can be downloaded from the profile page.
  • Use a cookie
    • Enable  the "Noodle > System Tools > Settings > User Settings > Remember my login information" feature
    • This option will ask for a password if the user ever clicks logout.

This page is for those who host on their own Windows server and are trying to diagnose the cause of a 404.

  1. If your browser on the server is displaying the page (http://127.0.0.1) properly, it's a networking problem:
    • check server.xml for address binding.
    • Check the Noodle block and allow lists.
    • check port forwarding, routing, firewalls, and dns on the server, client, and every device inbetween.
  2. If your browser on the server is displaying the wrong page or anything other than a timeout, it's a service conflict (logs contains "Address already in use"):
    • Use a different port or stop and disable other services using port 80.
      • Windows - built in:
        • sc config http start= disabled
        • net stop http /y
      • Linux - list what is using the port:
        • netstat -lnp | grep ":80"
  3. If there is no noodle.log it's a .bat or Java problem:
    • run the intranet.bat one line at a time to isolate the problem.
    • reinstall Java and check intranet.bat can find it.
  4. If there is no java.exe in the task manager it's a config problem:
    • look in the log folder for errors.

Set your clock to 24h for best results.

A simple windows backup example:

echo test once then you can double click to backup
exit -1
net stop Noodle
TASKKILL /T /F /IM java.exe
net stop PostgreSQL-9.1
FOR /F "TOKENS=1 eol=/ DELIMS=-" %%A IN ('DATE/T') DO SET yyyy=%%A
FOR /F "TOKENS=2 eol=/ DELIMS=-" %%A IN ('DATE/T') DO SET mm=%%A
FOR /F "TOKENS=3 eol=/ DELIMS=- " %%A IN ('DATE/T') DO SET dd=%%A
FOR /F "TOKENS=1 eol=/ DELIMS=:" %%A IN ('TIME/T') DO SET hh=%%A
FOR /F "TOKENS=2 eol=/ DELIMS=:" %%A IN ('TIME/T') DO SET mn=%%A
SET timedate=%yyyy%%mm%%dd%_%hh%%mn%
SET FOLDER=D:\PGSQL_data_backup_%timedate%
xcopy /E /C /I /H /Q "C:\Program Files (x86)\PostgreSQL\9.1\data" %FOLDER%
net start PostgreSQL-8.4
net start Noodle
"C:\Program Files (x86)\7-Zip\7z.exe" a %FOLDER%.7z %FOLDER%
rmdir /S /Q %FOLDER%
echo %FOLDER%.7z