This is a summary of steps to install the services on this Debian 11 server.

• Firewalld
• Webmin
• Mumble
• NTP client
• Squid
• Apache
  • TWG
  • DocuWiki
  • Nagios (Installed but some CGI not working yet)
  • MariaDB
  • PhpMyAdmin
  • Open-Web-Analytics (Not installed yet)
  • HumoGen
  • WeeWX
• UniFi (DOES NOT WORK WITH DEBIAN 11 & MONGODB > 4)

• Enable Gnome desktop
• Enable SSH Server
• Login as su

 # /usr/sbin/usermod -aG sudo username
 # exit
* Reboot
 > sudo nano /etc/ssh/sshd_config
    change "PermitRootLogin without-password" to "PermitRootLogin yes"
 > sudo apt update
 > sudo apt upgrade
 > sudo systemctl mask sleep.target suspend.target hibernate.target hybrid-sleep.target
 If unable to update, edit the following:
 > sudo nano /etc/apt/sources.list
     deb http://deb.debian.org/debian bullseye main
     deb-src http://deb.debian.org/debian bullseye main
     deb http://deb.debian.org/debian-security/ bullseye-security main
     deb-src http://deb.debian.org/debian-security/ bullseye-security main
     deb http://deb.debian.org/debian bullseye-updates main
     deb-src http://deb.debian.org/debian bullseye-updates main

 > sudo nano /etc/issue.net
    Enter banner text
 > sudo nano /etc/ssh/sshd_config
    Add "Banner /etc/issue.net"

 > sudo apt-get install firewalld
 > sudo firewall-cmd --permanent --add-service=http
 > sudo firewall-cmd --permanent --add-service=https
 > sudo firewall-cmd --permanent --add-service=squid
 > sudo nano /etc/firewalld/services/webmin.xml
    <?xml version="1.0" encoding="utf-8"?>
    <service>
       <short>Webmin</short>
       <description>Webmin</description>
       <port protocol="tcp" port="10000"/>
    </service>
 > sudo chmod 640 /etc/firewalld/services/webmin.xml
 > sudo firewall-cmd --permanent --add-service=webmin   
 > sudo nano /etc/firewalld/services/mumble.xml
    <?xml version="1.0" encoding="utf-8"?>
    <service>  
       <short>Mumble</short>  
       <description>Mumble</description>  
       <port protocol="tcp" port="64738"/>  
   </service>
 > sudo chmod 640 /etc/firewalld/services/mumble.xml 
 > sudo firewall-cmd --permanent --add-service=mumble
 > sudo nano /etc/firewalld/services/opc.xml
    <?xml version="1.0" encoding="utf-8"?>
    <service>
       <short>OPC</short>
       <description>OPC</description>
       <port protocol="tcp" port="4840"/>
       <port protocol="tcp" port="4843"/>         
       <port protocol="tcp" port="51210-51211"/>   
       <port protocol="tcp" port="61210-61211"/>    
       <port protocol="tcp" port="62540-62553"/>                    
    </service>
 > sudo chmod 640 /etc/firewalld/services/opc.xml
 > sudo firewall-cmd --permanent --add-service=opc
 > sudo nano /etc/firewalld/services/weewx.xml
     <?xml version="1.0" encoding="utf-8"?>
     <service>
      <short>weewx</short>
      <description>weewx</description>
      <port protocol="udp" port="50222"/>
   </service>
 > sudo chmod 640 /etc/firewalld/services/weewx.xml
 > sudo firewall-cmd --permanent --add-service=weewx

 > sudo nano /etc/apt/sources.list
    Add the line: "deb http://download.webmin.com/download/repository sarge contrib"
 > su
 # cd /root
 # wget https://download.webmin.com/jcameron-key.asc 
 # cat jcameron-key.asc | gpg --dearmor >/etc/apt/trusted.gpg.d/jcameron-key.gpg
 # exit
 > sudo apt update
 > sudo apt install apt-transport-https
 > sudo apt install webmin

 > sudo apt install mumble-server
 > sudo dpkg-reconfigure mumble-server
 > sudo nano /etc/mumble-server.ini
    bandwidth=128000
    users=100
    welcometext="<br />Welcome to the CTSD <b>Murmur</b> server.<br /><br />By accessing and using this information system, you acknowledge and consent to the following:<br />   You are accessing a <b>U.S. Government information system</b>, which includes:<br />   (1) this computer<br />   (2) this computer network<br />   (3) all computers connected to this network including end user systems<br />   (4) all devices and storage media attached to this network or to any computer on this network<br />   (5) cloud and remote information services.<br /><br />This information system is provided for U.S. Government-authorized use only.<br />You have no reasonable expectation of privacy regarding any communication transmitted through or data stored on this information system.<br />At any time, and for any lawful purpose, the U.S. Government may monitor, intercept, search, and seize any communication or data transiting, stored on, or traveling to or from this information system.<br />You are NOT authorized to process classified information on this information system.<br />Unauthorized or improper use of this system may result in suspension or loss of access privileges, disciplinary action, and civil and/or criminal penalties.<br />"

 > sudo apt install ntp
 > sudo nano /etc/ntp.conf
 server 192.168.10.110 prefer

 > sudo apt install squid
 > sudo systemctl enable squid
 > sudo cp /etc/squid/squid.conf /etc/squid/squidoriginal.conf.bak
 > sudo nano /etc/squid/squid.conf
    Remove "#" from "#http_access allow localnet"
    Remove "#" from: "#acl localnet src" and edit the IP range 192.168.10.0/24
    Change "#dns_v4_first off" to "dns_v4_first on"
    Remove "#" from: "#Cache_mem 256 MB"
    Change "#maximum_object_size 4 MB" to "Maximum_object_size 4096 MB"
    Change "#maximum_object_size_in_memory 512 KB" to "Maximum_object_size_in_memory 8192 KB"
    Change "#cache_dir ufs /var/spool/squid 100 16 256" to "cache_dir ufs /var/spool/squid 8192 16 256"
 > sudo service squid restart

 > sudo apt install apache2
 > sudo apt install php libapache2-mod-php -y
 > sudo rm /var/www/html/index.html
 > sudo nano /var/www/html/index.php
    <?php echo "Server time: "; ?>
    <?php echo date('Y-m-d H:i:s'); ?>

 > openssl req -new -nodes -keyout myserver.key -out server.csr

Create a CSR, request a new key

 Create a CSR:
 > openssl req -new -nodes -keyout myserver.key -out server.csr
 Place the private key in /etc/ssl/private/myserver.key
 Request a new key from your provider using the CSR & download the new key in pem format
 If you need to convert a pkcs7 key to pem format:
 > sudo openssl pkcs7 -print_certs -in /etc/ssl/certs/myserver.pkcs7 -out /etc/ssl/certs/myserver.pem
 Place the public key in /etc/ssl/certs/myserver.pem
 > sudo nano /etc/apache2/sites-available/default-ssl.conf
     SSLCertificateFile /etc/ssl/certs/myserver.pem
     SSLCertificateKeyFile /etc/ssl/private/myserver.key
 > sudo service apache2 restart

 > su
 # apt install nagios4
 # apt install libgd-tools
 # getent passwd nagios
 # getent group nagios
 # systemctl status nagios4
 # systemctl enable nagios4
 # a2enmod rewrite cgi
 # htdigest -c /etc/nagios4/htdigest.users "Restricted Nagios4 Access" nagiosadmin
 > sudo usermod -a -G nagios www-data

 > sudo apt install php libapache2-mod-php php-xml
 > sudo service apache2 restart
 > wget https://download.dokuwiki.org/src/dokuwiki/dokuwiki-stable.tgz
 > tar xzvf dokuwiki-stable.tgz
 > sudo mv dokuwiki-yyyy-mm-dd /var/www/html/dokuwiki
 > sudo chown -R www-data:www-data /var/www/html/dokuwiki
 Add this to /etc/apache2/apache2.conf  (THIS BREAKS phpMyAdmin and may not be needed!)
    <LocationMatch "/(data|conf|bin|inc|vendor)/">
    Order allow,deny
    Deny from all
    Satisfy All
    </LocationMatch>

> sudo apt install php php-cgi php-mysqli php-pear php-mbstring libapache2-mod-php php-common php-phpseclib php-mysql
> sudo apt install mariadb-server mariadb-client
> sudo mysql_secure_installation   (Answers N,Y,Y,Y,Y,Y)
> sudo mysql -u root
MariaDB> CREATE DATABASE DATABASENAME;
MariaDB> SHOW DATABASES;
MariaDB> CREATE USER 'USERNAME'@localhost IDENTIFIED BY 'PASSWORD';
MariaDB> SELECT User FROM mysql.user;
MariaDB> GRANT ALL PRIVILEGES ON *.* TO 'USERNAME'@localhost IDENTIFIED BY 'PASSWORD';
MariaDB> FLUSH PRIVILEGES;
MariaDB> SHOW GRANTS FOR 'USERNAME'@localhost;
> exit

> wget -P Downloads https://www.phpmyadmin.net/downloads/phpMyAdmin-latest-all-languages.tar.gz
> wget -P Downloads https://files.phpmyadmin.net/phpmyadmin.keyring
> cd Downloads
> gpg --import phpmyadmin.keyring
> wget https://www.phpmyadmin.net/downloads/phpMyAdmin-latest-all-languages.tar.gz.asc
> gpg --verify phpMyAdmin-latest-all-languages.tar.gz.asc
> sudo mkdir /var/www/html/phpMyAdmin
> sudo tar xvf phpMyAdmin-latest-all-languages.tar.gz --strip-components=1 -C /var/www/html/phpMyAdmin
> sudo cp /var/www/html/phpMyAdmin/config.sample.inc.php /var/www/html/phpMyAdmin/config.inc.php
> sudo nano /var/www/html/phpMyAdmin/config.inc.php
  Update entry: $cfg['blowfish_secret'] = 'ENTERASECRETPASSWORDHERE';
> sudo chmod 660 /var/www/html/phpMyAdmin/config.inc.php
> sudo chown -R www-data:www-data /var/www/html/phpMyAdmin
> sudo apt-get install php-curl  (needed later for Humo-gen admin page to work)
> sudo systemctl restart apache2

> 

• Download the latest release: HuMo-gen
• Unzip & copy to /var/www/html/FOLDERNAME
• Browse to localhost/FOLDERNAME then create a new database
• Use phpMyAdmin to delete all tables from humo-gen database
• Use phpMyAdmin to import your old database
• Copy images to /var/www/html/FOLDERNAME/media

(WeatherFlow Tempest Configuration)

 > wget -qO - https://weewx.com/keys.html | sudo gpg --dearmor --output /etc/apt/trusted.gpg.d/weewx.gpg
 > wget -qO - https://weewx.com/apt/weewx-python3.list | sudo tee /etc/apt/sources.list.d/weewx.list
 > sudo apt-get update
 > sudo apt-get install weewx
   During the install select 'Simulator'
 > wget -O weewx-mqtt.zip https://github.com/matthewwall/weewx-mqtt/archive/master.zip
 > sudo wee_extension --install weewx-mqtt.zip
 Go to https://github.com/captain-coredump/weatherflow-udp and get weatherflow-udp-master.zip
 Unzip and copy weatherflowudp.py to /usr/share/weewx/user/weatherflowudp.py
 > sudo nano /etc/weewx/weewx.conf 
   Replace "station_type = Simulator" with "station_type = WeatherFlowUDP"
   Replace the "[Simulator]" section with :
     [WeatherFlowUDP]
     driver = user.weatherflowudp
     log_raw_packets = False
     udp_address = <broadcast>
     # udp_address = 192.168.10.241
     # udp_address = 255.255.255.255
     udp_port = 50222
     udp_timeout = 90
     share_socket = False
     # This section is for the TEMPEST WeatherFlow Bridge packets, via UDP broadcast on local subnet
     [[sensor_map]]
        outTemp = air_temperature.ST-00050585.obs_st
        outHumidity = relative_humidity.ST-00050585.obs_st
        pressure = station_pressure.ST-00050585.obs_st
        #lightning_strikes =  lightning_strike_count.ST-00050585.obs_st
        #avg_distance =  lightning_strike_avg_distance.ST-00050585.obs_st
        outTempBatteryStatus = battery.ST-00050585.obs_st
        windSpeed = wind_speed.ST-00050585.rapid_wind
        windDir = wind_direction.ST-00050585.rapid_wind
        #luxXXX = illuminance.ST-00050585.obs_st
        UV = uv.ST-00050585.obs_st
        rain = rain_accumulated.ST-00050585.obs_st
        windBatteryStatus = battery.ST-00050585.obs_st
        radiation = solar_radiation.ST-00050585.obs_st
        lightningXXX = distance.ST-00050585.evt_strike
        lightningYYY = energy.ST-00050585.evt_strike
     [[CWOP]] This section is to upload Weather data to CWOP for display on APRS
        enable = True
        station = W5GED (Your station ID goes here)
        passcode = PASSCODE
     [[MQTT]]
        server_url = mqtt://USERNAME:PASSWORD@IPADDRESS:1883
        retain = True
        topic = homeassistant/weather
 > sudo tail -f /var/log/syslog  (to check status)
 > sudo nano /etc/weewx/skins/Seasons/skin.conf   
       show_rss = False
       observations_current = outTemp, heatindex, windchill, dewpoint, outHumidity, barometer, windSpeed, rain, rainRate, UV, radiation, lightning_strike_count
       observations_stats = outTemp, heatindex, windchill, dewpoint, outHumidity, barometer, windSpeed, rain, rainRate, hail, hailRate, snow, UV, radiation
       sensor_connections =
       sensor_batteries = outTempBatteryStatus
       sensor_voltages = 
       plot_groups = barometer, tempdew, tempfeel, hum, wind, winddir, windvec, rain, UV, radiation, lightning, tempext, humext
 *** SAVE YOUR SETTINGS!  These files will get wiped every time WeeWx updates!              
               

> sudo apt install ca-certificates apt-transport-https
> sudo apt install gnupg2 wget
> wget -qO - https://www.mongodb.org/static/pgp/server-5.0.asc | sudo apt-key add -
> echo "deb http://repo.mongodb.org/apt/debian buster/mongodb-org/5.0 main" | sudo tee /etc/apt/sources.list.d/mongodb-org-5.0.list
> sudo apt update
> sudo apt install mongodb-org
> sudo systemctl enable --now mongod
> echo 'deb https://www.ui.com/downloads/unifi/debian stable ubiquiti' | sudo tee /etc/apt/sources.list.d/100-ubnt-unifi.list
> sudo wget -O /etc/apt/trusted.gpg.d/unifi-repo.gpg https://dl.ui.com/unifi/unifi-repo.gpg 
> sudo apt install unifi