0perationPrivacy / VoIP

Web Base Telnyx/Twilio VoIP Interface enabling SMS, MMS and Voice calls using the providers API Keys and self-hosting the application.
https://VoIP.OperationPrivacy.com
GNU General Public License v3.0
249 stars 421 forks source link

Creating a Dockerfile #18

Closed CloudArtAdmins closed 3 years ago

CloudArtAdmins commented 3 years ago

Hello 0perationPrivacy. On my fork, I'm making a Dockerfile for this application. (I just like to maintain all my servers in containers) I am not familiar with nodejs, though, so would you mind if I asked you questions here to help containerize this and possibly give you a merge request, later?

If not, feel free to close this issue.

slfhstr commented 3 years ago

Thanks! Just wanted to clarify. I will also install it INSIDE the container.

An after-thought : I guess I was also just following the principle of containerisation. Making sure that nothing else on the box affected the app deployment (or vice versa).

bioscopic commented 3 years ago

@timconsidine Just successfully installed mongodb and now moving to secure it. Finished this step: closing bracket complete the command I add my password and Im still in the shell. Do I stay in the shell or exit? This happens when Im in the shell and I run the next step to modify the config file:

nano /etc/mongod.conf uncaught exception: ReferenceError: nano is not defined : @(shell):1:1 now as sudo sudo nano /etc/mongod.conf uncaught exception: SyntaxError: unexpected token: identifier : @(shell):1:5

Hold on a sec. i forgot a few steps: these two. i should be ok systemctl enable mongod

mongo --eval 'db.runCommand({ connectionStatus: 1 })'

slfhstr commented 3 years ago

Finished this step: closing bracket complete the command

Closing the ) completes the add user command You should then be prompted for the password And get the confirmation Then you should exit the mongo shell Sorry - will update the doc

bioscopic commented 3 years ago

Finished this step: closing bracket complete the command

Closing the ) completes the add user command You should then be prompted for the password And get the confirmation Then you should exit the mongo shell Sorry - will update the doc

i figured it out!

bioscopic commented 3 years ago

Getting a failure to start after modifying the conig file: this step. --> uncomment line #security:

--> add line authorization: enabled ● mongod.service - MongoDB Database Server Loaded: loaded (/lib/systemd/system/mongod.service; enabled; vendor preset: enabled) Active: failed (Result: exit-code) since Mon 2021-10-11 22:33:31 UTC; 1s ago Docs: https://docs.mongodb.org/manual Process: 3293 ExecStart=/usr/bin/mongod --config /etc/mongod.conf (code=exited, status=2) Main PID: 3293 (code=exited, status=2)

Oct 11 22:33:31 xxxx systemd[1]: Started MongoDB Database Server. Oct 11 22:33:31 xxxx mongod[3293]: Unrecognized option: security Oct 11 22:33:31 xxxx mongod[3293]: try '/usr/bin/mongod --help' for more information Oct 11 22:33:31 xxxx systemd[1]: mongod.service: Main process exited, code=exited, status=2/INVALIDARGUMENT Oct 11 22:33:31 xxxx systemd[1]: mongod.service: Failed with result 'exit-code'.

Any ideas? I might need to start over since the mongo service is failing to start. MongoDB shell version v4.4.9 connecting to: mongodb://127.0.0.1:27017/?compressors=disabled&gssapiServiceName=mongodb Error: couldn't connect to server 127.0.0.1:27017, connection attempt failed: SocketException: Error connecting to 127.0.0.1:27017 :: caused by :: Connection refused : connect@src/mongo/shell/mongo.js:374:17 @(connect):2:6 exception: connect failed exiting with code 1

slfhstr commented 3 years ago

Getting a failure to start after modifying the conig file: this step. --> uncomment line #security:

--> add line authorization: enabled

It might be formatting. It's very sensitive

security:
  authorization: enabled

#operationProfiling:

security: in first column add a line indent 2 spaces then authorization: enabled

I changed my HOW-TO because it wasn't clear - apologies

bioscopic commented 3 years ago

Getting a failure to start after modifying the conig file: this step. --> uncomment line #security: --> add line authorization: enabled

It might be formatting. It's very sensitive

security:
  authorization: enabled

#operationProfiling:

security: in first column add a line indent 2 spaces then authorization: enabled

I changed my HOW-TO because it wasn't clear - apologies

That did it! Thanks.

bioscopic commented 3 years ago

@timconsidine Im on the configure repo step! About the edit the .env file. So I need to remove the and put what I created between the brackets? same for the do you leave the leading db_? Just to confirm the pw is the same one for using to secure the mongo in the previous step? DB = mongodb://:@localhost/admin For the BASE_URL = do you put the local IP address here if hosting locally? BASE_URL = https://./ Is it possible to add an internal IP for example something like 192.168.1.xxx? or do you need a public facing IP? Just seeing the reference to a VPS.

bioscopic commented 3 years ago

@timconsidine At the nginx reverse proxy step when enabling SSL did you generate a OpenSSL Certificate Signing Request using ED25519? Prefer to generate a ED25519 CSR if possible.
Im looking at this documentation. https://blog.pinterjann.is/ed25519-certificates.html Where would the self signed certificate go? Where did you put yours in your build? I wonder if ED25519 going to work with a browser like Mozilla?

slfhstr commented 3 years ago

So I need to remove the and put what I created between the brackets? same for the

Yes. If username is mongoadmin and you chose "monkeys-dont-fly" as the password, it would be : DB = mongodb://mongoadmin:monkeys-dont-fly@localhost/admin

do you leave the leading db_?

If you mean DB = mongodb://, yes leave this

Just to confirm the pw is the same one for using to secure the mongo in the previous step?

Yes

For the BASE_URL = do you put the local IP address here if hosting locally? BASE_URL = https://./

The BASE_URL is where your system sits, but it needs to be accessible from Telnyx/Twilio servers. So normally this would be a domain, e.g. https://my.smsservice.com/

Is it possible to add an internal IP for example something like 192.168.1.xxx? or do you need a public facing IP? Just seeing the reference to a VPS.

I guess it could be an IP address. But not 192.xxxxx or 10.xxxx or 172.xxxxx It has to be public ip. Although I guess if you are running 'at home', you could port forward from your router to your local box (beyond my experience). But then the address in .env is your router address. Really this needs to be public ip or domain

slfhstr commented 3 years ago

At the nginx reverse proxy step when enabling SSL did you generate a OpenSSL Certificate Signing Request using ED25519? Prefer to generate a ED25519 CSR if possible. Im looking at this documentation. https://blog.pinterjann.is/ed25519-certificates.html

I normally use Lets Encrypt and its certbot utility I don't know what is an EDD25519 cert, but it looks like a self-signed certificate. I don't like self-signed certs as some browsers moan about them. I guess if you are the only user on the app, and you give browser permissions, it's possible.

Where would the self signed certificate go?

I don't know ! Probably best to follow a self-signed tutorial

Where did you put yours in your build? I wonder if ED25519 going to work with a browser like Mozilla?

I use Lets Encrypt and it does it all for you

LetsEncrypt is free and lots of good tutorials on how to install certbot which is its utility. Digital Ocean probably have a tutorial.

slfhstr commented 3 years ago

Thanks for your support in getting this running @0perationPrivacy Made a donation and hope to see project continue.

slfhstr commented 3 years ago

You forgot about me but its fine ;)

Sorry ! I probably wasn't reading authors closely Thanks for your support in getting this running @privacyosint !

bioscopic commented 3 years ago

So I need to remove the and put what I created between the brackets? same for the

Yes. If username is mongoadmin and you chose "monkeys-dont-fly" as the password, it would be : DB = mongodb://mongoadmin:monkeys-dont-fly@localhost/admin

do you leave the leading db_?

If you mean DB = mongodb://, yes leave this

Just to confirm the pw is the same one for using to secure the mongo in the previous step?

Yes

For the BASE_URL = do you put the local IP address here if hosting locally? BASE_URL = https://./

The BASE_URL is where your system sits, but it needs to be accessible from Telnyx/Twilio servers. So normally this would be a domain, e.g. https://my.smsservice.com/

Is it possible to add an internal IP for example something like 192.168.1.xxx? or do you need a public facing IP? Just seeing the reference to a VPS.

I guess it could be an IP address. But not 192.xxxxx or 10.xxxx or 172.xxxxx It has to be public ip. Although I guess if you are running 'at home', you could port forward from your router to your local box (beyond my experience). But then the address in .env is your router address. Really this needs to be public ip or domain

@timconsidine Any value to having a public domain that employs a singed DNSSEC delegation vs having an unsigned delegation? Any recommendations where to look?

0perationPrivacy commented 3 years ago

(it get's complicated, I've done it with other deployments, but every environment is different. With public free services, at least I know everyone is on the same page). One day I will self host and share all details, until then, I'm learning with you guys/gals. 😅

bioscopic commented 3 years ago

What is the best provider to get a FQDN for this? One of MB's books talks about namecheap. Is that the way to go?

Hosting at home - This would be a great how to topic to cover having a hardware firewall running pfsense at the edge of the network. Was looking at netgate's documentation on port forwarding. This part of networking is beyond my skill set. How hard would it be to set this up with the VPNs IP assuming your network is behind a VPN? Is that even possible or would you have to use the real IP to make the webhook work that would be pointed to the server?

(it get's complicated, I've done it with other deployments, but every environment is different. With public free services, at least I know everyone is on the same page). One day I will self host and share all details, until then, I'm learning with you guys/gals. sweat_smile

0perationPrivacy commented 3 years ago

Also think about uptime, if your internet connection is down or your computer/server is shut off, you will miss that SMS, there are no retries by the provider.

bioscopic commented 3 years ago

@timconsidine

slfhstr commented 3 years ago
  • set up your DNS to point your domain or subdomain to your VPS When you set up your DNS to point to your domain did you use two A records one for the subdomain and one for the domain? or did you use an A record for the domain and a CNAME for the www subdomain?

My main domain already had A record (to another server) The subdomain used for this app : I just used an A record pointing to the public ip address of the server where app is installed

  • your container is bridged auto-magically when the container is built and launched
  • but that's only fine for outbound traffic : you need inbound traffic (doh!) as well Did you have to open up a port on your firewall to allow the inbound traffic to the container? Is your Ubuntu server running UFW in your demo/build?

The "host computer" - meaning the one where the LXC container is running - already had UFW running. I just allowed normal ports, 80, 443, 22

bioscopic commented 3 years ago
  • set up your DNS to point your domain or subdomain to your VPS When you set up your DNS to point to your domain did you use two A records one for the subdomain and one for the domain? or did you use an A record for the domain and a CNAME for the www subdomain?

My main domain already had A record (to another server) The subdomain used for this app : I just used an A record pointing to the public ip address of the server where app is installed

Im getting a Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems: Domain: redactedforprivacy.com (not a real domain) Type: dns Detail: Fetching http://www.redactedforprivacy.com/.well-known/acme-challenge/longstringofcharachersredactedforprivacy: DNS problem: NXDOMAIN looking up A for www.redactedforprivacy.com - check that a DNS record exists for this domain

Any ideas?

  • your container is bridged auto-magically when the container is built and launched
  • but that's only fine for outbound traffic : you need inbound traffic (doh!) as well Did you have to open up a port on your firewall to allow the inbound traffic to the container? Is your Ubuntu server running UFW in your demo/build?

The "host computer" - meaning the one where the LXC container is running - already had UFW running. I just allowed normal ports, 80, 443, 22 Requesting a certificate for voicevoip.xyz

Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems: Domain: redactedforprivacy.com (not a real domain) Type: connection Detail: Fetching http://redactedforprivacy.com/.well-known/acme-challenge/longstringofcharachtersredactedforprivacy: Timeout during connect (likely firewall problem)

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

Got this after modifying the DNS in the hosting provider. Now hung up at the firewall it appears.

Was your VPS something you self-hosted?

slfhstr commented 3 years ago

Is redactedforprovacy.com your domain ? Seems to be up for sale and seems to have been registered by a domain farm / squatter

What values have you set in your NDS ?

slfhstr commented 3 years ago

Was your VPS something you self-hosted? My VPS is a VPS from SSDNODES. Do you have a VPS or are you continuing to try to set up on your internal network ?

slfhstr commented 3 years ago

I think your domain is voicevoip.xyz But maybe your nginx or apache config is referencing redactedforprivacy.com

1). check your nginx / apache config 2). maybe post it here 3). did you run nginx -t or apache equivalent to check config ?

slfhstr commented 3 years ago

what is your ip address for your vps ?

Screenshot 2021-10-21 at 10 01 04

bioscopic commented 3 years ago

@timconsidine

Sorry for the confusion. Not using a VPS, might need to in order to get it working. Im pretty sure it is something in the config file. Everything is a mess. Might start over from scratch and try again. Too many edits and cant keep track of all of them.