SMS desktop app

timconsidine

@loudlemur thanks, but I don't need oodo / flectra

privsec

@scooke
The issue with apps like these is their privacy priactices

) Usage Information
i. like most website and app operators, we collect information about your interactions with the Services, such as which screens or pages you visit, what you click on, when you perform those actions, language preferences, and so on);
ii. message content contained within SMS/MMS segments as well as the source and destination numbers are stored until you delete your message history, associated phone number, or your account;
iii. CDR (Call Detail Records) are stored until you delete the call log, associated phone number, or your account (CDRs contains various attributes of the call, such as time, duration, completion status, source number, and destination number);
iv. voicemail recordings and voicemail greetings are stored until you delete voicemail recordings, voicemail greetings, the associated phone number, or your account; and
v. You are entirely and solely responsible for any information that you disclose or share with other users through our Services. We strongly recommend that you use extreme caution in sharing any personal information with other parties through our Services – AffinityClick is not responsible for any information that you disclose to other parties through our Services.

e) Information from Third Parties and Integration Partners
i. we collect your information or data from third parties if you give permission to those third parties to share your information with us or where you have made that information publicly available online (e.g. if you enable service integrations with DropBox or Slack, they may send us your information which they have collected, all of which will be controlled by such third party); and
**ii. other sources (to the extent permitted by applicable law we may receive additional information about you, such as demographic data or fraud detection information and warnings, or other information about you from partner networks).**

And

f) Log Data
i. we collect log data each time a device accesses our servers, log data includes details about the nature of each access including originating IP addresses, access times, device type, operating system versions, internet service providers, pages you view before and after using the Services, links to third party applications, and hardware and software information.

The benefits of this self hosted service is you control pretty much everything.

privsec

@timconsidine said in SMS desktop app:

htop

WOW!! I think @subtlecourage has the right idea here about offering this as a potential service.

The load on this machine is minuscule.

So question, the RAM usage, it appears to be megabytes, does that correlate with the size of the DB?

Or will it pretty much stay below 250mbs?

Because based off of that, you really don't need even a modest machine. It looks like you could run this on a potato.

privsec

@timconsidine

I am running into an issue with issue a cert from certbot.

First, I have never manually issued a cert from certbot before nor have I have nginx before.

So this is all a learning curve.

Below is my code

sudo certbot certonly
Saving debug log to /var/log/letsencrypt/letsencrypt.log

How would you like to authenticate with the ACME CA?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Spin up a temporary webserver (standalone)
2: Place files in webroot directory (webroot)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Plugins selected: Authenticator webroot, Installer None
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): letsencrypt@domain.com

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: A

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: N
Please enter in your domain name(s) (comma and/or space separated)  (Enter 'c'
to cancel): domain.com, 2.domain.com

Obtaining a new certificate
Performing the following challenges:
http-01 challenge for domain.com http-01 challenge for 2.domain.com

Input the webroot for domain.com
: (Enter 'c' to cancel): /var/www/letsencrypt/.well-known/acme-challenge/

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
/var/www/letsencrypt/.well-known/acme-challenge/ does not exist or is not a
directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Input the webroot for domain.com: (Enter 'c' to cancel): sudo mkdir /var/www/letsencrypt/.well-known/acme-challenge/

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
sudo mkdir /var/www/letsencrypt/.well-known/acme-challenge/ does not exist or is
not a directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Input the webroot for domain.com: (Enter 'c' to cancel): /var/www/

Select the webroot for 2.domain.com:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Enter a new webroot
2: /var/www
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Waiting for verification...
Challenge failed for domain domain.com
Challenge failed for domain 2.domain.com
http-01 challenge for domain.com
http-01 challenge for 2.domain.com
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: domain.com
   Type:   dns
   Detail: No valid IP addresses found for domain.com
 - The following errors were reported by the server:

   Domain: 2.domain.com
   Type:   unauthorized
   Detail: Invalid response from
   http://2.domain.com/.well-known/acme-challenge/I0MKBgfBDsVANUdgpJpNkwAttlex9oev_DXaWCveCbU
   [ip.add.re.ss]: "<html>\r\n<head><title>404 Not
   Found</title></head>\r\n<body>\r\n<center><h1>404 Not
   Found</h1></center>\r\n<hr><center>nginx/1.18.0 (Ub"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
obfuscateduser:~/VoIP$ 2.domain.com

My domain settings are like so

My /etc/nginx/sites-available/<domain>.<tld> file looks like

Your help/guidance would be greatly appreciated

privsec

I have tried blindly following along the nginx steps in the guide as well as https://www.nginx.com/blog/using-free-ssltls-certificates-from-lets-encrypt-with-nginx/

And neither are working

privsec

Hooray! After blindly throwing things at the wall, the command sudo apt-get install python3-certbot-nginx moved me along.

Now my domain name is redirecting me to a bad gteway page. Progress.

privsec

Ok, so, another problem

Within the LXC container, I cant resolve to any external providers.

And not surprisingly, installing everything outside the container does nothing.

But to be clear, within the container, nothing works or install able, outside of the LXC container, it all works.

privsec

Ok, I have determined that it was my UFW firewall rules

timconsidine

@privsec sorry I missed this.
all working now ?

privsec

@timconsidine

No worries!

Sadly, no.

I finally have
in my terminal via the LXC, but in my browser, all I am getting is

privsec

@timconsidine

These are my logs

2021/11/03 13:17:06 [error] 47695#47695: *14 connect() failed (111: Connection refused) while connecting to upstream, client: xx.xx.xx.xx, server: app.domain.com, request: "GET / HTTP/1.1", up>
2021/11/03 13:17:06 [error] 47695#47695: *14 connect() failed (111: Connection refused) while connecting to upstream, client: xx.xx.xx.xx,, server: app.domain.com, request: "GET /favicon.ico HT>
2021/11/03 13:17:27 [error] 47695#47695: *19 connect() failed (111: Connection refused) while connecting to upstream, client: xx.xx.xx.xx,, server: app.domain.com, request: "GET / HTTP/1.1", u>
2021/11/03 13:17:27 [error] 47695#47695: *23 connect() failed (111: Connection refused) while connecting to upstream, client: xx.xx.xx.xx,, server: app.domain.com, request: "GET / HTTP/1.1", u>
2021/11/03 13:17:27 [error] 47695#47695: *24 connect() failed (111: Connection refused) while connecting to upstream, client: xx.xx.xx.xx,, server: app.domain.com, request: "GET / HTTP/1.1", u>
2021/11/03 13:17:59 [error] 47695#47695: *27 connect() failed (111: Connection refused) while connecting to upstream, client: xx.xx.xx.xx,, server: app.domain.com, request: "GET / HTTP/1.1", u>
2021/11/03 13:19:08 [error] 47695#47695: *29 connect() failed (111: Connection refused) while connecting to upstream, client: xx.xx.xx.xx,, server: app.domain.com, request: "GET / HTTP/1.1", u>
2021/11/03 13:22:47 [warn] 48507#48507: conflicting server name "app.domain.com" on 0.0.0.0:80, ignored
2021/11/03 13:22:47 [warn] 48507#48507: conflicting server name "app.domain.com" on [::]:80, ignored
2021/11/03 13:23:14 [warn] 48554#48554: conflicting server name "app.domain.com" on 0.0.0.0:80, ignored
2021/11/03 13:23:14 [warn] 48554#48554: conflicting server name "app.domain.com" on [::]:80, ignored

privsec

@privsec
I have confirmed that the all three nginx files use the LXC IP address, not the VPS IP address.

timconsidine

@privsec it does take a moment or two before starting up
but if this persists, seems like it is not finding the app

at the risk of basics for troubleshooting:

• inside the container and inside the installation directory, you have done node app.js & to start it (I have forgotten a couple of times). I think you have because you got database connected but maybe the program stopped for some other change

• outside the container, you have run systemctl reload nginx without errors ? and/or run nginx -t without errors ?

• these errors suggest continuing nginx conf issue

2021/11/03 13:22:47 [warn] 48507#48507: conflicting server name "app.domain.com" on 0.0.0.0:80, ignored
2021/11/03 13:22:47 [warn] 48507#48507: conflicting server name "app.domain.com" on [::]:80, ignored
2021/11/03 13:23:14 [warn] 48554#48554: conflicting server name "app.domain.com" on 0.0.0.0:80, ignored
2021/11/03 13:23:14 [warn] 48554#48554: conflicting server name "app.domain.com" on [::]:80, ignored

what is latest / current nginx conf file ?

timconsidine

@privsec said in SMS desktop app:

@privsec
I have confirmed that the all three nginx files use the LXC IP address, not the VPS IP address.

maybe I am having a brain outage, but why are there 3 nginx files ?

privsec

@timconsidine

Well, I’m now unable to load the server. It seems that after the reboot I requested it is just frozen at the boot stage.

So I’m gonna have to start over.

However, I kept running into errors with certbot originally, until I made a .wellknown folder

privsec

@timconsidine are there tried and true steps you do to setup certbot with ngoni every time?

timconsidine

@privsec all those difficulties doesn't seem right to me

What OS is on the VPS and what OS did you choose for the container ? (FYI on my installation it is Ubuntu 20.04 in both)

Given that we are dealing with a container here (and that it's not working), I would trash the containers and start over from the top.
lxc stop <container-name>
lxc rm <container-name>

Before creating the new container (can be same name as you used before if you prefer providing you remove it), I would make sure the VPS is up-to-date sudo apt-get update && sudo apt-get upgrade -y. And once the new container is created, I would do that same command again inside the new container.

timconsidine

@privsec said in SMS desktop app:

@timconsidine are there tried and true steps you do to setup certbot with ngoni every time?

I never have a problem with certbot except when I try to create a new certificate too soon after setting up the DNS, i.e. before it is propagated. To restrain my impatience :

• I usually ping -c 5 sub.domain.tld until I get responses.
• I always do nginx -t and systemctl reload nginx to ensure I get up-to-date nginx configs without any errors. Always have to resolve nginx errors before attempting a clean certbot certificate addition.

If you are having nginx or certbot issues, I would make sure system is up to date with sudo apt-get update && sudo apt-get upgrade -y

Oh, and be sure that all nginx and certbot work is done on the VPS, not while you are in the container.

Feel free to ping me in chat if you wish to step through.

privsec

@timconsidine said in SMS desktop app:

sudo apt-get update && sudo apt-get upgrade -y

I have wiped the VPS and started over.
But both had the ubuntu 20.04 version

privsec

@timconsidine

Ok, I got this working by following your guide, then for lets encrypt, I followed https://haydenjames.io/how-to-set-up-an-nginx-certbot/up to step 4

It is now live!