SMS desktop app

timconsidine

I was about to post this in AppWishlist but realised that the underlying app is still in beta, so too early for a Cloudron instance.

However I think it can be of great interest to self-hosters.

There are many commercial services where you can send SMS out and receive responses back in for customer support or marketing enquiries. An alternative channel to email and website chat channels, or social media channels. But the commercial services are not cheap, and you are tied to their numbers (lock in).

So I was pleased to discover while doing OSINT research that there is a self-hosted system in development, to use virtual numbers from Telnyx (or Twilio).

There is also a small privacy element that you can text in/out without a phone's location being tracked, if you want it for personal not commercial use.

The self-hosting documentation is patchy, so I created my own HOW-TO : https://github.com/timconsidine/LXC-OperationPrivacy-VOIP

It has the links to the underlying repo.

Just in case it helps anyone here.

timconsidine

It's also particularly useful for international usage.
E.g. I am in Ukraine now, and it is exorbitant to send SMS back to the UK (inbound to me is free but replying is <ouch>, especially MMS if that is needed).
I have used a virtual number service (Hushed) but it's not cheap either, and ties you to their number and renewing it.
The Telnyx platform gives me outbound SMS for normal rates and cheap number rental. Even posisble to load up multiple numbers (one for sales, one for support, one for personal) without breaking the bank.
[OK, it's not in my phone unlimited SMS package, but still much more affordable.]

subtlecourage

Out of curiosity, did you get this from Michael Bazzell?

https://inteltechniques.com/voip.linphone.html
https://inteltechniques.com/sms.html

subtlecourage

@subtlecourage

I should click on your links first

robi

Cool, would be neat to hook it up to Google Voice as currently there doesn't appear to be any "pleasant" clients after they ripped Hangouts away.

timconsidine

@subtlecourage Yes !

timconsidine

@subtlecourage

timconsidine

@robi said in SMS desktop app:

Cool, would be neat to hook it up to Google Voice as currently there doesn't appear to be any "pleasant" clients after they ripped Hangouts away.

I guess.
Bazzell (instigator of the project) likes GoogleVoice but I am trying to de-google as much as possible.

I don't know what the developer's roadmap is.
You could ask on his github
He has this roadmap link : https://github.com/0perationPrivacy/VoIP/projects/2

robi

@timconsidine I saw it.. and some of the issue comments.

Since it's an API thing, it should be up to the user to choose GV or other services IMO.

timconsidine

@robi Yes, he may well get to it, as Michael uses GVoice and is the main driver for features at this stage.

The app also works with the chosen platform to configure it.
For Telnyx and Twilio, the app will create a messaging profile and configure the platform auto-magically to link the number.
So the app may need extending to do the same for Google Voice .... if that is possible.

Having said that, you may well be able to configure Google Voice manually with the required webhook for where the app is deployed e.g. https://sms.domain.tld/api/setting/receive-sms/telnyx

Apologies I don't know anything really about Google Voice or what it supports. I read Google is turning off forwarding of SMS to email, which a lot of people relied on previously.

robi

@timconsidine Thanks for that, while I don't have it installed, I can't try it and I'd like to see it at least documented somewhere, even if as a hack.

timconsidine

@robi understood
I got a message that they will incorporate my HOW-TO in their official docs.

There are couple screenshots on one of their pages.
I can make some others.
But maybe you need more.

It's definitely still beta, but it's working without frills like decent address book, group lists etc. But I think they are coming.

I also noticed that someone has posted a message requesting Dockerfile for Cloudron install !

subtlecourage

@timconsidine
Little by little!

I am so stoked!

Would you consider your version prod ready?

timconsidine

@subtlecourage hmmm, good question
Depends on how consider production ready.

Yes, it's working ! To send out SMS and receive inbound.

But no, because the app is still officially beta, and there are features not yet implemented (voice but I don't need that) and contacts management, export of SMS

Overall I think it's worth trying out, with the understanding that it is still evolving.

EDIT : if you follow the LXC installation route, it's easy to try it out. Just remove the container if you feel it's not ready yet. Telnyx numbers are month-by-month subscription so no long-term commitment.

privsec

Wow, what an awesome concept, though looks a bit complicated setup. Do you run into any errors while using?

timconsidine

@privsec : it's not complicated, just multiple steps

If you want to actually understand, I put the references to tutorials with explanation.
but i abstracted the steps into a 'monkey see, monkey do' process
btw, I am the monkey referred to !

sorry for one hand typing

if you follow the steps you should be ok, but ler me know if anything needs clarifying

no, i don't get any errors using it

privsec

@timconsidine Hahaha, you are hilarious!

For LXC, can that be ran simultaneously on a cloudron server?

timconsidine

@privsec

For LXC, can that be ran simultaneously on a cloudron server?

well in theory I guess it could as LXC containers are separate from what else is going on in the VPS

But I have a personal rule not to touch the Cloudron server other than through the Cloudron dashboard and the Cloudron CLI for custom apps. I don't log in to the VPS and don't do any maintenance on it. I just leave it all to Cloudron.

I use another VPS from SSDNODES for 'experiments' and 'self-self-hosted' apps.

subtlecourage

sorry to revive this conversation, @privsec and @timconsidine, but how powerful of a server do you need?

timconsidine

@subtlecourage I don't think the project states minimum requirements.
it's not a doing a lot, just a small mongodb and some api polling
so I would guess a modest one
nor more than 8gb ram and probably 4gb ram would be enough
although that depends on what else is running on that VPS (remembering this app is in a container)

subtlecourage

@timconsidine thanks for the fast reply.

Ok! Not a beefy one. I’m considering setting up these up for customers on an individual basis, and it seems a simple low tier server would be all that’s needed to run these.

Probably a server with 20gb ram for multi number/family use cases would be appropriate.

privsec

@subtlecourage that’s a neat idea, how would you offer support for that?

timconsidine

@subtlecourage here is the htop from the container

Not much going on

scooke

@timconsidine said in SMS desktop app:

virtual number service (Hushed) but it's not cheap

Hushed is one sale at:
https://www.groupon.com/deals/hushed-com-nat-2
https://stacksocial.com/sales/hushed-private-phone-1-line-plan-1000-mins-6000-sms (I bought a Lifetime plan from StackSocial 5+ years ago)

This last one is Hushed bundled with Keep Solid VPN Unlimited (I've been using both for 5+ years with good success):
https://stacksocial.com/sales/the-lifetime-mobile-privacy-security-subscription-bundle-hushed

I guess since it's been 5+ years you can count on the service to last, and not bait-and-switch after a year.

LoudLemur

@timconsidine There is an SMS module in Odoo / Flectra, which might have some functionality you need. Odoo and Flectra are in the wishlist:

https://www.odoo.com/app/sms-marketing

timconsidine

@loudlemur thanks, but I don't need oodo / flectra

privsec

@scooke
The issue with apps like these is their privacy priactices

) Usage Information
i. like most website and app operators, we collect information about your interactions with the Services, such as which screens or pages you visit, what you click on, when you perform those actions, language preferences, and so on);
ii. message content contained within SMS/MMS segments as well as the source and destination numbers are stored until you delete your message history, associated phone number, or your account;
iii. CDR (Call Detail Records) are stored until you delete the call log, associated phone number, or your account (CDRs contains various attributes of the call, such as time, duration, completion status, source number, and destination number);
iv. voicemail recordings and voicemail greetings are stored until you delete voicemail recordings, voicemail greetings, the associated phone number, or your account; and
v. You are entirely and solely responsible for any information that you disclose or share with other users through our Services. We strongly recommend that you use extreme caution in sharing any personal information with other parties through our Services – AffinityClick is not responsible for any information that you disclose to other parties through our Services.

e) Information from Third Parties and Integration Partners
i. we collect your information or data from third parties if you give permission to those third parties to share your information with us or where you have made that information publicly available online (e.g. if you enable service integrations with DropBox or Slack, they may send us your information which they have collected, all of which will be controlled by such third party); and
**ii. other sources (to the extent permitted by applicable law we may receive additional information about you, such as demographic data or fraud detection information and warnings, or other information about you from partner networks).**

And

f) Log Data
i. we collect log data each time a device accesses our servers, log data includes details about the nature of each access including originating IP addresses, access times, device type, operating system versions, internet service providers, pages you view before and after using the Services, links to third party applications, and hardware and software information.

The benefits of this self hosted service is you control pretty much everything.

privsec

@timconsidine said in SMS desktop app:

htop

WOW!! I think @subtlecourage has the right idea here about offering this as a potential service.

The load on this machine is minuscule.

So question, the RAM usage, it appears to be megabytes, does that correlate with the size of the DB?

Or will it pretty much stay below 250mbs?

Because based off of that, you really don't need even a modest machine. It looks like you could run this on a potato.

privsec

@timconsidine

I am running into an issue with issue a cert from certbot.

First, I have never manually issued a cert from certbot before nor have I have nginx before.

So this is all a learning curve.

Below is my code

sudo certbot certonly
Saving debug log to /var/log/letsencrypt/letsencrypt.log

How would you like to authenticate with the ACME CA?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Spin up a temporary webserver (standalone)
2: Place files in webroot directory (webroot)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Plugins selected: Authenticator webroot, Installer None
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): letsencrypt@domain.com

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: A

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: N
Please enter in your domain name(s) (comma and/or space separated)  (Enter 'c'
to cancel): domain.com, 2.domain.com

Obtaining a new certificate
Performing the following challenges:
http-01 challenge for domain.com http-01 challenge for 2.domain.com

Input the webroot for domain.com
: (Enter 'c' to cancel): /var/www/letsencrypt/.well-known/acme-challenge/

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
/var/www/letsencrypt/.well-known/acme-challenge/ does not exist or is not a
directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Input the webroot for domain.com: (Enter 'c' to cancel): sudo mkdir /var/www/letsencrypt/.well-known/acme-challenge/

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
sudo mkdir /var/www/letsencrypt/.well-known/acme-challenge/ does not exist or is
not a directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Input the webroot for domain.com: (Enter 'c' to cancel): /var/www/

Select the webroot for 2.domain.com:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Enter a new webroot
2: /var/www
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Waiting for verification...
Challenge failed for domain domain.com
Challenge failed for domain 2.domain.com
http-01 challenge for domain.com
http-01 challenge for 2.domain.com
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: domain.com
   Type:   dns
   Detail: No valid IP addresses found for domain.com
 - The following errors were reported by the server:

   Domain: 2.domain.com
   Type:   unauthorized
   Detail: Invalid response from
   http://2.domain.com/.well-known/acme-challenge/I0MKBgfBDsVANUdgpJpNkwAttlex9oev_DXaWCveCbU
   [ip.add.re.ss]: "<html>\r\n<head><title>404 Not
   Found</title></head>\r\n<body>\r\n<center><h1>404 Not
   Found</h1></center>\r\n<hr><center>nginx/1.18.0 (Ub"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
obfuscateduser:~/VoIP$ 2.domain.com

My domain settings are like so

My /etc/nginx/sites-available/<domain>.<tld> file looks like

Your help/guidance would be greatly appreciated

privsec

I have tried blindly following along the nginx steps in the guide as well as https://www.nginx.com/blog/using-free-ssltls-certificates-from-lets-encrypt-with-nginx/

And neither are working

privsec

Hooray! After blindly throwing things at the wall, the command sudo apt-get install python3-certbot-nginx moved me along.

Now my domain name is redirecting me to a bad gteway page. Progress.

privsec

Ok, so, another problem

Within the LXC container, I cant resolve to any external providers.

And not surprisingly, installing everything outside the container does nothing.

But to be clear, within the container, nothing works or install able, outside of the LXC container, it all works.

privsec

Ok, I have determined that it was my UFW firewall rules

timconsidine

@privsec sorry I missed this.
all working now ?

privsec

@timconsidine

No worries!

Sadly, no.

I finally have
in my terminal via the LXC, but in my browser, all I am getting is

privsec

@timconsidine

These are my logs

2021/11/03 13:17:06 [error] 47695#47695: *14 connect() failed (111: Connection refused) while connecting to upstream, client: xx.xx.xx.xx, server: app.domain.com, request: "GET / HTTP/1.1", up>
2021/11/03 13:17:06 [error] 47695#47695: *14 connect() failed (111: Connection refused) while connecting to upstream, client: xx.xx.xx.xx,, server: app.domain.com, request: "GET /favicon.ico HT>
2021/11/03 13:17:27 [error] 47695#47695: *19 connect() failed (111: Connection refused) while connecting to upstream, client: xx.xx.xx.xx,, server: app.domain.com, request: "GET / HTTP/1.1", u>
2021/11/03 13:17:27 [error] 47695#47695: *23 connect() failed (111: Connection refused) while connecting to upstream, client: xx.xx.xx.xx,, server: app.domain.com, request: "GET / HTTP/1.1", u>
2021/11/03 13:17:27 [error] 47695#47695: *24 connect() failed (111: Connection refused) while connecting to upstream, client: xx.xx.xx.xx,, server: app.domain.com, request: "GET / HTTP/1.1", u>
2021/11/03 13:17:59 [error] 47695#47695: *27 connect() failed (111: Connection refused) while connecting to upstream, client: xx.xx.xx.xx,, server: app.domain.com, request: "GET / HTTP/1.1", u>
2021/11/03 13:19:08 [error] 47695#47695: *29 connect() failed (111: Connection refused) while connecting to upstream, client: xx.xx.xx.xx,, server: app.domain.com, request: "GET / HTTP/1.1", u>
2021/11/03 13:22:47 [warn] 48507#48507: conflicting server name "app.domain.com" on 0.0.0.0:80, ignored
2021/11/03 13:22:47 [warn] 48507#48507: conflicting server name "app.domain.com" on [::]:80, ignored
2021/11/03 13:23:14 [warn] 48554#48554: conflicting server name "app.domain.com" on 0.0.0.0:80, ignored
2021/11/03 13:23:14 [warn] 48554#48554: conflicting server name "app.domain.com" on [::]:80, ignored

privsec

@privsec
I have confirmed that the all three nginx files use the LXC IP address, not the VPS IP address.

timconsidine

@privsec it does take a moment or two before starting up
but if this persists, seems like it is not finding the app

at the risk of basics for troubleshooting:

• inside the container and inside the installation directory, you have done node app.js & to start it (I have forgotten a couple of times). I think you have because you got database connected but maybe the program stopped for some other change

• outside the container, you have run systemctl reload nginx without errors ? and/or run nginx -t without errors ?

• these errors suggest continuing nginx conf issue

2021/11/03 13:22:47 [warn] 48507#48507: conflicting server name "app.domain.com" on 0.0.0.0:80, ignored
2021/11/03 13:22:47 [warn] 48507#48507: conflicting server name "app.domain.com" on [::]:80, ignored
2021/11/03 13:23:14 [warn] 48554#48554: conflicting server name "app.domain.com" on 0.0.0.0:80, ignored
2021/11/03 13:23:14 [warn] 48554#48554: conflicting server name "app.domain.com" on [::]:80, ignored

what is latest / current nginx conf file ?

timconsidine

@privsec said in SMS desktop app:

@privsec
I have confirmed that the all three nginx files use the LXC IP address, not the VPS IP address.

maybe I am having a brain outage, but why are there 3 nginx files ?

privsec

@timconsidine

Well, I’m now unable to load the server. It seems that after the reboot I requested it is just frozen at the boot stage.

So I’m gonna have to start over.

However, I kept running into errors with certbot originally, until I made a .wellknown folder

privsec

@timconsidine are there tried and true steps you do to setup certbot with ngoni every time?

timconsidine

@privsec all those difficulties doesn't seem right to me

What OS is on the VPS and what OS did you choose for the container ? (FYI on my installation it is Ubuntu 20.04 in both)

Given that we are dealing with a container here (and that it's not working), I would trash the containers and start over from the top.
lxc stop <container-name>
lxc rm <container-name>

Before creating the new container (can be same name as you used before if you prefer providing you remove it), I would make sure the VPS is up-to-date sudo apt-get update && sudo apt-get upgrade -y. And once the new container is created, I would do that same command again inside the new container.

timconsidine

@privsec said in SMS desktop app:

@timconsidine are there tried and true steps you do to setup certbot with ngoni every time?

I never have a problem with certbot except when I try to create a new certificate too soon after setting up the DNS, i.e. before it is propagated. To restrain my impatience :

• I usually ping -c 5 sub.domain.tld until I get responses.
• I always do nginx -t and systemctl reload nginx to ensure I get up-to-date nginx configs without any errors. Always have to resolve nginx errors before attempting a clean certbot certificate addition.

If you are having nginx or certbot issues, I would make sure system is up to date with sudo apt-get update && sudo apt-get upgrade -y

Oh, and be sure that all nginx and certbot work is done on the VPS, not while you are in the container.

Feel free to ping me in chat if you wish to step through.

privsec

@timconsidine said in SMS desktop app:

sudo apt-get update && sudo apt-get upgrade -y

I have wiped the VPS and started over.
But both had the ubuntu 20.04 version

privsec

@timconsidine

Ok, I got this working by following your guide, then for lets encrypt, I followed https://haydenjames.io/how-to-set-up-an-nginx-certbot/up to step 4

It is now live!

timconsidine

@privsec cool, well done !

privsec

@timconsidine This also handles calls just fine

timconsidine

@privsec : hadn't tested yet, thanks for doing that !

robi

@privsec said in SMS desktop app:

@timconsidine This also handles calls just fine

that would be great for GVoice

privsec

@robi Currently, the app only allows for Telnyx or a Twilio API key.

Does GVoice use an API key?

privsec

So I was doing some thinking on this, and couldn’t one set up several cron jobs to do the following weekly

• kill all node
• merge the currently cloned repo with the new repo (updates, fixes, bugs)
• restart app

privsec

@timconsidine

Are you getting any error messages when you attempt to update the app with the github repo?

When I do, I am getting an error message about node dependencies that I havent gotten before.

I have tried various PPAs of NodeJS and NPM and I still get

E: Unable to correct problems, you have held broken packages.

Any ideas on this one?

timconsidine

@privsec no haven't seen that, I will try and see what happens

privsec

@timconsidine I am thinking there is something else wrong because even when using the website provided by operation privacy, I cant use the service.

privsec

@timconsidine

Out of curiosity, what node version does your lxc use? Mine defaults to 10.x.x

timconsidine

@privsec sorry I missed this question
Yes, mine is running 10.x.x

timconsidine

@timconsidine in case anyone is interested, updating the app in the LXC container is fairly straight-forward.
I held off for a long time, but eventually bit the bullet.

The steps I took are a bit manual / kludge but it was fastest way.
This assumes you are in root directory of container/installation

1. Stopped the app running
   ps aux | grep node
kill -9 xxxx (process number of running app)

2. "backed up" the original installation by mv VoIP/ VoIP-old/

3. Ran git clone https://github.com/0perationPrivacy/VoIP.git to create a new directory with latest version (0.89)

4. Copied across settings from original deployment
   cp VoIP-old/.env VoIP/.env

5. Edited VoIP/.env to add a new line at the end
   HTTPS = false

6. Started app
   cd VoIP/
node app.js &

This kept all settings (database, domain) and also all data (contacts, messages).

Not extensively tested but it seems to be running ok.

katerynajohnson

Once I tried to create sms desktop app but it didn't work out...Thus, every time when I need a solution I google on the web https://www.google.com/ and search fresh options.

timconsidine

@katerynajohnson do you mean THIS particular app didn't work ? Or some other one generally ?

If you need help to install it, I can maybe advise you.
This particular app has not been built for Cloudron.
I'm still looking into whether that is possible.
In its current form, it can be deployed on any linux VPS as an LXC container.

Use www.google.com ? NEVER !!
duckduckgo.com or ecosia or start page .... or your own Searx available on Cloudron !

LoudLemur

@timconsidine
https://www.seekr.com/ is cool, but proprietary. I would prefer it over DDG. The results are good too.