Closed CloudArtAdmins closed 3 years ago
Thanks! Just wanted to clarify. I will also install it INSIDE the container.
An after-thought : I guess I was also just following the principle of containerisation. Making sure that nothing else on the box affected the app deployment (or vice versa).
@timconsidine Just successfully installed mongodb and now moving to secure it. Finished this step: closing bracket complete the command I add my password and Im still in the shell. Do I stay in the shell or exit? This happens when Im in the shell and I run the next step to modify the config file:
nano /etc/mongod.conf uncaught exception: ReferenceError: nano is not defined : @(shell):1:1 now as sudo sudo nano /etc/mongod.conf uncaught exception: SyntaxError: unexpected token: identifier : @(shell):1:5
Hold on a sec. i forgot a few steps: these two. i should be ok systemctl enable mongod
mongo --eval 'db.runCommand({ connectionStatus: 1 })'
Finished this step: closing bracket complete the command
Closing the )
completes the add user command
You should then be prompted for the password
And get the confirmation
Then you should exit the mongo shell
Sorry - will update the doc
Finished this step: closing bracket complete the command
Closing the
)
completes the add user command You should then be prompted for the password And get the confirmation Then you should exit the mongo shell Sorry - will update the doc
i figured it out!
Getting a failure to start after modifying the conig file:
this step.
--> uncomment line #security:
--> add line authorization: enabled
● mongod.service - MongoDB Database Server
Loaded: loaded (/lib/systemd/system/mongod.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Mon 2021-10-11 22:33:31 UTC; 1s ago
Docs: https://docs.mongodb.org/manual
Process: 3293 ExecStart=/usr/bin/mongod --config /etc/mongod.conf (code=exited, status=2)
Main PID: 3293 (code=exited, status=2)
Oct 11 22:33:31 xxxx systemd[1]: Started MongoDB Database Server. Oct 11 22:33:31 xxxx mongod[3293]: Unrecognized option: security Oct 11 22:33:31 xxxx mongod[3293]: try '/usr/bin/mongod --help' for more information Oct 11 22:33:31 xxxx systemd[1]: mongod.service: Main process exited, code=exited, status=2/INVALIDARGUMENT Oct 11 22:33:31 xxxx systemd[1]: mongod.service: Failed with result 'exit-code'.
Any ideas? I might need to start over since the mongo service is failing to start. MongoDB shell version v4.4.9 connecting to: mongodb://127.0.0.1:27017/?compressors=disabled&gssapiServiceName=mongodb Error: couldn't connect to server 127.0.0.1:27017, connection attempt failed: SocketException: Error connecting to 127.0.0.1:27017 :: caused by :: Connection refused : connect@src/mongo/shell/mongo.js:374:17 @(connect):2:6 exception: connect failed exiting with code 1
Getting a failure to start after modifying the conig file: this step. --> uncomment line
#security:
--> add line
authorization: enabled
It might be formatting. It's very sensitive
security:
authorization: enabled
#operationProfiling:
security:
in first column
add a line
indent 2 spaces then authorization: enabled
I changed my HOW-TO because it wasn't clear - apologies
Getting a failure to start after modifying the conig file: this step. --> uncomment line
#security:
--> add lineauthorization: enabled
It might be formatting. It's very sensitive
security: authorization: enabled #operationProfiling:
security:
in first column add a line indent 2 spaces thenauthorization: enabled
I changed my HOW-TO because it wasn't clear - apologies
That did it! Thanks.
@timconsidine
Im on the configure repo step!
About the edit the .env file.
So I need to remove the
@timconsidine
At the nginx reverse proxy step when enabling SSL did you generate a OpenSSL Certificate Signing Request using ED25519? Prefer to generate a ED25519 CSR if possible.
Im looking at this documentation. https://blog.pinterjann.is/ed25519-certificates.html
Where would the self signed certificate go? Where did you put yours in your build?
I wonder if ED25519 going to work with a browser like Mozilla?
So I need to remove the
and put what I created between the brackets? same for the
Yes. If username is mongoadmin and you chose "monkeys-dont-fly" as the password, it would be :
DB = mongodb://mongoadmin:monkeys-dont-fly@localhost/admin
do you leave the leading db_?
If you mean DB = mongodb://
, yes leave this
Just to confirm the pw is the same one for using to secure the mongo in the previous step?
Yes
For the BASE_URL = do you put the local IP address here if hosting locally? BASE_URL = https://./
The BASE_URL is where your system sits, but it needs to be accessible from Telnyx/Twilio servers.
So normally this would be a domain, e.g. https://my.smsservice.com/
Is it possible to add an internal IP for example something like 192.168.1.xxx? or do you need a public facing IP? Just seeing the reference to a VPS.
I guess it could be an IP address.
But not 192.xxxxx or 10.xxxx or 172.xxxxx
It has to be public ip.
Although I guess if you are running 'at home', you could port forward from your router to your local box (beyond my experience). But then the address in .env
is your router address.
Really this needs to be public ip or domain
At the nginx reverse proxy step when enabling SSL did you generate a OpenSSL Certificate Signing Request using ED25519? Prefer to generate a ED25519 CSR if possible. Im looking at this documentation. https://blog.pinterjann.is/ed25519-certificates.html
I normally use Lets Encrypt and its certbot utility I don't know what is an EDD25519 cert, but it looks like a self-signed certificate. I don't like self-signed certs as some browsers moan about them. I guess if you are the only user on the app, and you give browser permissions, it's possible.
Where would the self signed certificate go?
I don't know ! Probably best to follow a self-signed tutorial
Where did you put yours in your build? I wonder if ED25519 going to work with a browser like Mozilla?
I use Lets Encrypt and it does it all for you
LetsEncrypt is free and lots of good tutorials on how to install certbot
which is its utility.
Digital Ocean probably have a tutorial.
Thanks for your support in getting this running @0perationPrivacy Made a donation and hope to see project continue.
You forgot about me but its fine ;)
Sorry ! I probably wasn't reading authors closely Thanks for your support in getting this running @privacyosint !
So I need to remove the
and put what I created between the brackets? same for the Yes. If username is mongoadmin and you chose "monkeys-dont-fly" as the password, it would be :
DB = mongodb://mongoadmin:monkeys-dont-fly@localhost/admin
do you leave the leading db_?
If you mean
DB = mongodb://
, yes leave thisJust to confirm the pw is the same one for using to secure the mongo in the previous step?
Yes
For the BASE_URL = do you put the local IP address here if hosting locally? BASE_URL = https://./
The BASE_URL is where your system sits, but it needs to be accessible from Telnyx/Twilio servers. So normally this would be a domain, e.g.
https://my.smsservice.com/
Is it possible to add an internal IP for example something like 192.168.1.xxx? or do you need a public facing IP? Just seeing the reference to a VPS.
I guess it could be an IP address. But not 192.xxxxx or 10.xxxx or 172.xxxxx It has to be public ip. Although I guess if you are running 'at home', you could port forward from your router to your local box (beyond my experience). But then the address in
.env
is your router address. Really this needs to be public ip or domain
@timconsidine Any value to having a public domain that employs a singed DNSSEC delegation vs having an unsigned delegation? Any recommendations where to look?
(it get's complicated, I've done it with other deployments, but every environment is different. With public free services, at least I know everyone is on the same page). One day I will self host and share all details, until then, I'm learning with you guys/gals. 😅
What is the best provider to get a FQDN for this? One of MB's books talks about namecheap. Is that the way to go?
If your db is local to the docker, then the db path is localhost or 127.0.0.1
Hosting at home - This would be a great how to topic to cover having a hardware firewall running pfsense at the edge of the network. Was looking at netgate's documentation on port forwarding. This part of networking is beyond my skill set. How hard would it be to set this up with the VPNs IP assuming your network is behind a VPN? Is that even possible or would you have to use the real IP to make the webhook work that would be pointed to the server?
(it get's complicated, I've done it with other deployments, but every environment is different. With public free services, at least I know everyone is on the same page). One day I will self host and share all details, until then, I'm learning with you guys/gals. sweat_smile
Also think about uptime, if your internet connection is down or your computer/server is shut off, you will miss that SMS, there are no retries by the provider.
@timconsidine
set up your DNS to point your domain or subdomain to your VPS When you set up your DNS to point to your domain did you use two A records one for the subdomain and one for the domain? or did you use an A record for the domain and a CNAME for the www subdomain?
your container is bridged auto-magically when the container is built and launched
but that's only fine for outbound traffic : you need inbound traffic (doh!) as well Did you have to open up a port on your firewall to allow the inbound traffic to the container? Is your Ubuntu server running UFW in your demo/build?
- set up your DNS to point your domain or subdomain to your VPS When you set up your DNS to point to your domain did you use two A records one for the subdomain and one for the domain? or did you use an A record for the domain and a CNAME for the www subdomain?
My main domain already had A record (to another server) The subdomain used for this app : I just used an A record pointing to the public ip address of the server where app is installed
- your container is bridged auto-magically when the container is built and launched
- but that's only fine for outbound traffic : you need inbound traffic (doh!) as well Did you have to open up a port on your firewall to allow the inbound traffic to the container? Is your Ubuntu server running UFW in your demo/build?
The "host computer" - meaning the one where the LXC container is running - already had UFW running. I just allowed normal ports, 80, 443, 22
- set up your DNS to point your domain or subdomain to your VPS When you set up your DNS to point to your domain did you use two A records one for the subdomain and one for the domain? or did you use an A record for the domain and a CNAME for the www subdomain?
My main domain already had A record (to another server) The subdomain used for this app : I just used an A record pointing to the public ip address of the server where app is installed
Im getting a Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems: Domain: redactedforprivacy.com (not a real domain) Type: dns Detail: Fetching http://www.redactedforprivacy.com/.well-known/acme-challenge/longstringofcharachersredactedforprivacy: DNS problem: NXDOMAIN looking up A for www.redactedforprivacy.com - check that a DNS record exists for this domain
Any ideas?
- your container is bridged auto-magically when the container is built and launched
- but that's only fine for outbound traffic : you need inbound traffic (doh!) as well Did you have to open up a port on your firewall to allow the inbound traffic to the container? Is your Ubuntu server running UFW in your demo/build?
The "host computer" - meaning the one where the LXC container is running - already had UFW running. I just allowed normal ports, 80, 443, 22 Requesting a certificate for voicevoip.xyz
Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems: Domain: redactedforprivacy.com (not a real domain) Type: connection Detail: Fetching http://redactedforprivacy.com/.well-known/acme-challenge/longstringofcharachtersredactedforprivacy: Timeout during connect (likely firewall problem)
Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.
Got this after modifying the DNS in the hosting provider. Now hung up at the firewall it appears.
Was your VPS something you self-hosted?
Is redactedforprovacy.com your domain ? Seems to be up for sale and seems to have been registered by a domain farm / squatter
What values have you set in your NDS ?
Was your VPS something you self-hosted? My VPS is a VPS from SSDNODES. Do you have a VPS or are you continuing to try to set up on your internal network ?
I think your domain is voicevoip.xyz But maybe your nginx or apache config is referencing redactedforprivacy.com
1). check your nginx / apache config
2). maybe post it here
3). did you run nginx -t
or apache equivalent to check config ?
what is your ip address for your vps ?
@timconsidine
Sorry for the confusion. Not using a VPS, might need to in order to get it working. Im pretty sure it is something in the config file. Everything is a mess. Might start over from scratch and try again. Too many edits and cant keep track of all of them.
Hello 0perationPrivacy. On my fork, I'm making a Dockerfile for this application. (I just like to maintain all my servers in containers) I am not familiar with nodejs, though, so would you mind if I asked you questions here to help containerize this and possibly give you a merge request, later?
If not, feel free to close this issue.