Installing Rocket.Chat on Ubuntu Xenial 16.04 via Snap

This is a simple tutorial to get Rocket.Chat running on a Ubuntu Xenial 16.04 server (You’ll likely be perfectly fine to run through the same process on a different Ubuntu version such as 18.04 if you’d prefer) In this case we’re installing this on a fresh server and we’ll be installing Rocket.Chat as a Snap and using Caddy as a reverse proxy. Caddy will also deal with issuing SSL certificates via Let’s Encrypt. With this you’ll be able to get Rocket.Chat up and running within ~10 minutes, from there you can go on and make further server configuration changes for security and so on, as well as configure Rocket.Chat in more depth – which won’t be covered within the scope of this tutorial.


Let’s first start with some updates.

apt-get update
apt-get upgrade


Basic UFW setup

Let’s setup a basic firewall using UFW. First install UFW if it’s not installed –

apt-get install ufw


Setup the default access rules –

ufw default deny incoming
ufw default allow outgoing


Setup the firewall rules that we’ll want –

ufw allow 22/tcp
ufw allow 80/tcp
ufw allow 443/tcp


Enable the firewall –

ufw enable


You can check the status of ufw with –

ufw status


If you add or remove rules you should reload ufw with –

ufw reload


If you need to disable ufw you can do so with –

ufw disable


Install Fail2Ban

apt-get install fail2ban


Install Rocket.Chat as a Snap

Install Snap if it’s not already installed –

apt-get install snapd


Install Rocket.Chat –

snap install rocketchat-server


At this point the Rocket.Chat service will have automatically started, you can check if it’s running with –

service snap.rocketchat-server.rocketchat-server status


Configure Caddy and SSL

Initial configuration-

snap set rocketchat-server caddy-url=https://<your-domain-name>
snap set rocketchat-server caddy=enable
snap set rocketchat-server https=enable
rocketchat-server.initcaddy


Assuming you didn’t have any errors, restart Rocket.Chat and Caddy –

systemctl restart snap.rocketchat-server.rocketchat-server.service
systemctl restart snap.rocketchat-server.rocketchat-caddy.service


You can check Caddy’s logs with the following command

journalctl -r | grep caddy | less


Redirect HTTP to HTTPS

Redirecting HTTP to HTTPS is handled in the Caddy configuration by ommitting the http or https prefix. For instance you should have something like this inside /var/snap/rocketchat-server/current/Caddyfile –

your-domain-name.com {
  proxy / localhost:3000 {
    websocket
    transparent
  }
}


Restart Caddy once again after saving your changes –

systemctl restart snap.rocketchat-server.rocketchat-caddy


Onto Rocket.Chat itself!

At this point you’ll have a working Rocket.Chat installation running. You can browse to https://yourserver.com and you should be presented with the Setup Wizard screen to create the first user whom will by the Admin by default.

Once logged in, you may get a pop-up stating something along the lines of – The setting Site URL is configured to http://localhost and you are accessing from https://yourserver.com - Do you want to change to https://yourserver.com ? – You’ll want to click YES.

At this stage you’ll want to setup Rocket.Chat itself, so please refer to their documentation here – https://rocket.chat/docs


~Extra~

You can install a Discord style dark theme using this here! https://github.com/0x0049/Rocket.Chat.Dark


Backup and restore or migrate a Snap based installation of Rocket.Chat

This is a simple tutorial to backup and restore, or backup and migrate a Snap based installation of Rocket.Chat.


Stop the Rocket.Chat server

First you’ll need to stop the Rocket.Chat server.

service snap.rocketchat-server.rocketchat-server stop

Note that we’re only stopping the rocketchat-server service, not the MongoDB service, which should still be running. Check with –

service snap.rocketchat-server.rocketchat-mongo status | grep Active
Active: active (running) (…)


Create a backup.

snap run rocketchat-server.backupdb

You should see output similar to this –

[+] A backup of your data can be found at /var/snap/rocketchat-server/common/backup/rocketchat_backup_<timestamp>.tar.gz

Download that backup file over SFTP for instance, or transfer it to the server you’re migrating your Rocket.Chat installation to.

Your Rocket.Chat server will still be stopped at this point, so if you just wanted to create a backup for your existing installation, you can start the server back up with –

service snap.rocketchat-server.rocketchat-server start


Migrate (or restore) from backup

Now if we’re going to migrate our Rocket.Chat installation, on the server we’re migrating the installation to, you’ll want to have already installed Rocket.Chat as a Snap. Once done upload the *.tar.gz backup file from earlier to /var/snap/rocketchat-server/common/ on the destination server.

Once again, stop the rocketchat-server service, but not the MongoDB service –

service snap.rocketchat-server.rocketchat-server stop

service snap.rocketchat-server.rocketchat-mongo status | grep Active
Active: active (running) (…)

Restore using the *.tar.gz backup that we created –

snap run rocketchat-server.restoredb /var/snap/rocketchat-server/common/rocketchat_backup.tgz

*** ATTENTION ***
* Your current database WILL BE DROPPED prior to the restore!
* Would you like to make a backup of the current database before proceeding?
* (y/n/Q)>

Y

[*] Extracting backup file...
[*] Restoring data...
[*] Preparing database...
[+] Restore completed! Please restart the snap.rocketchat services to verify.

Start the Rocket.Chat server at this point, and your installation will now be running based on the Rocket.Chat Snap backup that was performed!

service snap.rocketchat-server.rocketchat-server start

Installing Rocket.Chat on Ubuntu Xenial 16.04 via Snap with an NGINX reverse proxy

Please note that Rocket.Chat Snaps now come with Caddy to deal with the reverse proxy and free SSL certificate’s via Let’s Encrypt – so you may wish to refer to my newer post here. NGINX won’t have websockets configured if you use this guide – which are required if you intend to use the mobile Rocket.Chat apps.

This is a simple tutorial to get Rocket.Chat running on a Ubuntu Xenial 16.04 server (You’ll likely be perfectly fine to run through the same process on a different Ubuntu version such as 18.04 if you’d prefer) In this case we’re installing this on a fresh server and we’ll be installing Rocket.Chat as a Snap and using NGINX as a reverse proxy, as well as setting up an SSL certificate via Let’s Encrypt. With this you’ll be able to get Rocket.Chat up and running within ~10 minutes, from there you can go on and make further server configuration changes for security and so on, as well as configure Rocket.Chat in more depth – which won’t be covered within the scope of this tutorial.


Let’s first start with some updates.

apt-get update
apt-get upgrade


Basic UFW setup

Let’s setup a basic firewall using UFW. First install UFW if it’s not installed –

apt-get install ufw


Setup the default access rules –

ufw default deny incoming
ufw default allow outgoing


Setup the firewall rules that we’ll want –

ufw allow 22/tcp
ufw allow 80/tcp
ufw allow 443/tcp


Enable the firewall –

ufw enable


You can check the status of ufw with –

ufw status


If you add or remove rules you should reload ufw with –

ufw reload


If you need to disable ufw you can do so with –

ufw disable


Install Fail2Ban

apt-get install fail2ban


Install Rocket.Chat as a Snap

Install Snap if it’s not already installed –

apt-get install snapd


Install Rocket.Chat –

snap install rocketchat-server


At this point the Rocket.Chat service will have automatically started, you can check if it’s running with –

service snap.rocketchat-server.rocketchat-server status


Install and configure NGINX to use as a reverse proxy + SSL setup

Install NGINX –

apt install nginx
systemctl start nginx
systemctl enable nginx


Remove the default NGINX site –

rm /etc/nginx/sites-enabled/default


Create the NGINX config for Rocket.Chat

vim /etc/nginx/sites-available/rocketchat.conf


Once inside vim, you should have the following (edit “yourserver.com” to be your actual domain that you’re going to use for this server) –

server {
     listen 80;
 
     server_name yourserver.com; 

     location / {
     proxy_pass http://localhost:3000/; 
     }
 }


Enable the new configuration by creating a link to it from /etc/nginx/sites-available/ –

ln -s /etc/nginx/sites-available/rocketchat.conf /etc/nginx/sites-enabled/


Test the configuration –

nginx -t


Assuming no errors are reported, reload the NGINX config with –

nginx -s reload


SSL Setup using Let’s Encrypt + Certbot

Install Certbot and run it –

apt-get install software-properties-common
add-apt-repository ppa:certbot/certbot
apt-get update
apt-get install python-certbot-nginx
certbot --nginx


Follow the prompts on screen and you should be issued a valid Let’s Encrypt SSL certificate. Make sure you do choose to force a HTTPS redirect when prompted.

Certbot will automatically deal with SSL certificate renewal, a cron will automatically be created under /etc/cron.d/certbot. You can test the renewal process as a dry run via –

certbot renew --dry-run


Certbot will have updated the NGINX configuration, test that the config is valid with –

certbot renew --dry-run


Assuming no errors are reported, reload the NGINX config with –

nginx -s reload


Onto Rocket.Chat itself!

At this point you’ll have a working Rocket.Chat installation running. You can browse to https://yourserver.com and you should be presented with the Setup Wizard screen to create the first user whom will by the Admin by default.

Once logged in, you should get a pop-up stating something along the lines of – The setting Site URL is configured to http://localhost and you are accessing from https://yourserver.com - Do you want to change to https://yourserver.com ? – You’ll want to click YES.

At this stage you’ll want to setup Rocket.Chat itself, so please refer to their documentation here – https://rocket.chat/docs


~Extra~

You can install a Discord style dark theme using this here! https://github.com/0x0049/Rocket.Chat.Dark


Updating Slack status to reflect Zoiper5 call state using Slack API.

Github page – https://github.com/james-reed/zoiper-slack-status

I wanted a simple way of having my Slack status automatically update when I take a phone call using Zoiper. The majority of VoIP handsets or softphones support the opening of a URL during a certain event such as picking up or ending a call – which can be leveraged for various uses as you can imagine. Zoiper supports this method, but also has ability to execute files/applications on such events. In this particular project, when a phone call is answered Zoiper will launch set-status-in-call.pyw and pass the incoming caller ID using {number} which is one of a few supported Zoiper variables.

Full list of Zoiper variables here

If an incoming call from 0212345678 is answered, then the Slack status will change to Currently in a call with 0212345678 with the telephone_reciever emoji set.

Once the call is hung up, Zoiper will launch set-status-clear.pyw on that particular event which then clears the Slack status out.

The use of the .pyw extension will make the code execute in the background instead of popping up a command window or similar – as you’ll see if running this on Windows.

Setup

  1. You’ll want to install Python on your device. This has been tested using Python v3.6.x but should be fine with ~v2 if you’re using that.
  2. You will need the Python “requests” module which can be installed with pip install requests
  3. You will need your Slack API token. At the time of writing it’s possible to grab this by logging into the Slack via your web browser and then using the developer tools in your web browser to perform inspections when making a change such as updating your status. You should be able to comb through and grab your API token – further information on doing this is outside of the scope of this documentation. Once you have your API token, replace the YOUR_SLACK_TOKEN_GOES_HERE variable with your actual token.
  4. Setup your Zoiper client as per the following screenshots. In Zoiper5 you can add Event Rules under Settings > Features > Automation > Edit Open URL Rule

Create a rule for when the call state changes to Answered and point it to set-status-in-call.pyw {number}

Create a rule for when the call state changes to Hang Up and point it to set-status-clear.pyw {number}

Set Slack status phone BLF with Zoiper5 – without API access.

I’m sharing in this post an older and not really ideal at all method to automatically change your Slack status when taking a call using Zoiper5. The ideal way to achieve this is to have some integration between your PBX and Slack so that user statuses can be changed based on the extension BLF status. The other ideal way would be to use the Slack API. If you find yourself in a situation where you don’t have permissions to work in either of these realms – this is a janky but working solution!

In this guide we’re using a Windows OS environment, and AutoHotKey.

For this I’m just placing these files on the desktop but you can put them anywhere you’d like, just make sure inside the “slack-set*” scripts you update the Include path for “TrayIcon.ahk” to the location you’ve placed that file.

Download “TrayIcon.ahk”

Download “slack-set-in-call.ahk”

Download “slack-set-call-finished.ahk”

Inside Zoiper5 (you will need a licensed copy to do this)

Create two rules as below –

Go to Settings > Automation > Event Rules > Add Rule

OnCall status change
Call State changes toAnswered
And call direction isBoth Incoming and Outgoing
Do action Open/Execute Application
Open URL/RUNC:\Users\james\Desktop\slack-set-in-call.ahk

On – Call status change
Call State changes toHangup
And call direction isBoth Incoming and Outgoing
Do actionOpen/Execute Application
Open URL/RUNC:\Users\james\Desktop\slack-set-in-call.ahk

Your Slack status will now automatically change when you take a call and when you hangup that call. This all happens very quickly but obviously due to how this method works, if you focus onto a different app the moment this script runs then it’ll mess up. All this method does is bring the Slack window into focus and slam in a “/status” command. I always have my Slack window open on one of my monitors and haven’t had any issues myself using this crude method.

FreeNAS CPU core and disk temperature check script

This is a nice simple script to display CPU core and disk temperatures on a FreeNAS server. Tested with FreeNAS 9.10.2-U1


Create a file with the following content – Mine is just called “temps_check_script.sh” as an example.

# Write some general information
echo System Temperatures - `date`
uptime | awk '{ print "\nSystem Load:",$10,$11,$12,"\n" }'

# Write CPU temperatures
echo "CPU Temperature:"
sysctl -a | egrep -E "cpu\.[0-9]+\.temp"

# Write HDD temperatures and status
echo "HDD Temperature:"
for i in $(sysctl -n kern.disks | awk '{for (i=NF; i!=0 ; i--) if(match($i, '/da/')) print $i }' ) ; do
echo $i: `smartctl -a -n standby /dev/$i | awk '/Temperature_Celsius/{DevTemp=$10;} /Serial Number:/{DevSerNum=$3}; /Device Model:/{DevVendor=$3; DevName=$4} END {printf "%s C - %s %s
(%s)", DevTemp,DevVendor,DevName,DevSerNum }'`;
done


Run it with ./temps_check_script.sh – The output looks like this:

System Temperatures - Wed Jun 21 07:53:16 AEST 2017

System Load: 0.17

CPU Temperature:
dev.cpu.3.temperature: 40.0C
dev.cpu.2.temperature: 44.0C
dev.cpu.1.temperature: 40.0C
dev.cpu.0.temperature: 42.0C

HDD Temperature:
ada0: 27 C - Hitachi HDS5C3020ALA632 (SERIALNUMBERGOESHERE)
ada1: 27 C - Hitachi HDS5C3020ALA632 (SERIALNUMBERGOESHERE)
ada2: 27 C - Hitachi HDS5C3020ALA632 (SERIALNUMBERGOESHERE)
ada3: 28 C - Hitachi HDS5C3020ALA632 (SERIALNUMBERGOESHERE)
ada4: 28 C - Hitachi HDS5C3020ALA632 (SERIALNUMBERGOESHERE)
ada5: 27 C - Hitachi HDS5C3020ALA632 (SERIALNUMBERGOESHERE)
da0: 32 C - TOSHIBA MD04ACA400 (SERIALNUMBERGOESHERE)
da1: 31 C - TOSHIBA MD04ACA400 (SERIALNUMBERGOESHERE)
da2: 29 C - TOSHIBA MD04ACA400 (SERIALNUMBERGOESHERE)
da3: 30 C - TOSHIBA MD04ACA400 (SERIALNUMBERGOESHERE)
da4: 31 C - TOSHIBA MD04ACA400 (SERIALNUMBERGOESHERE)
da5: 30 C - TOSHIBA MD04ACA400 (SERIALNUMBERGOESHERE)

4RU Rosewill RSV-L4500 ~22TB usable storage FreeNAS Build

This is my current storage/labbing box, which originally started in a Fractal R3 Define case, and had slowly been upgraded over the years.

  • Rosewill RSV-L4500 Chassis
  • Seasonic S12II 620W Power Supply
  • Front fans – 3x Corsair SP120 Performance Edition ~2350 RPM (these are way louder than the stock fans!)
  • Center bracket fans – 3x Corsair SP120 Quite Edition ~1450 RPM
  • Rear fans – 2x stock 80mm fans that come with the case
  • CPU Fan – Noctua NH-L9i
  • Motherboard – ASUS P8B-X
  • CPU – Xeon E3-1220 – 3.1ghz (LGA1155)
  • RAM – 2x – Kingston Technology ValueRAM 8GB 1333MHz DDR3 ECC CL9 DIMM (16GB total)
  • LSI 9220-8i in IT Mode + motherboard SATA for disks
  • 6x 4TB Toshiba MD04ACA400 in RAIDZ2
  • 6x 2TB Hitachi (5200rpm model) in RAIDZ2

As you can see, it’s pretty damn messy to cable when you have no backplane!

nas1 nas2 nas3 nas5 nas6

The front fans and also the rear fans are powered using chained molex adaptors which is certainly messy. The center bracket fans are plugged straight into the motherboard. I’m considering one of those fan controllers that have something like 8x 3pin fan headers powered by a single molex, which can then either float in the case or be mounted somewhere. Not sure yet if I should replace the rear 80mm fans or not. There is a single fan header empty near that end of the motherboard, running one off that would be neater than the molex.

It took quite some time to choose a power supply for this build. This PSU was chosen based on how I could distribute the rail amperage for the disks. You will find it’s not really possible to use the chained SATA power due to how close the drives are together when bending the cable. A bunch of SATA power and SATA>Molex splitters have been used, however everything is distributed so that no single cable has too many drives so that the rails are not overloaded.

Ambient temperatures are pretty high here. I’m yet to do a full load/temp test on the CPU since changing all of the cooling from stock – previously when the ambient temp was ~27c the CPU at ~90% load was hitting ~65c on all cores – not great considering the intel rated max for this CPU is apparently 69c.

I think if you live somewhere with an ambient temperature that sits around 20c, you’d be totally fine using all of the stock cooling for this case.

Schedule commands in LFTP using “at”

You can schedule downloads and uploads in LFTP in a simple manner by using the “at” command. Anything following the syntax described in this image below should work.

at


Mirror/download a remote folder two hours from the current time, using 10 connections + segmentation

at now + 2 hours -- queue mirror --use-pget-n=10 yourdirectory/


Mirror/download a remote folder at 1AM tomorrow, using 10 connections + segmentation

at 1:00 tomorrow -- queue mirror --use-pget-n=10 yourdirectory/

PC stats monitoring on your phone with Logitech Arx & AIDA64

Ever since the original Logitech G15 keyboard came out I’ve really taken a liking to the idea of having a little LCD screen near the keyboard for stat monitoring. I much prefer this to an on-screen overlay. The G15 and G19 are pretty old now and I don’t believe the LCD screen concept ever took off past those models. Logitech now has “Arx” which aims to replace this concept. Logitech have keyboards now with an “Arx dock”, which is basically a phone dock. The idea is that you can use the Arx software on your PC along with the Arx app on your phone to monitor all sorts of things. AIDA64 has support for Arx, so you can pipe your AIDA64 stats into Arx. This is particularly useful when overclocking – you can monitor your temps and resource utlisation while gaming or encoding. You can even take your phone into the bathroom and keep monitoring!

 

Here is a basic guide on how to get this going. I’m going to assume you do need a Logitech keyboard to use the Arx software, but this may not be the case. There is no technical reason for Arx to require a Logitech keyboard to function, but it’s entirely possible that Logitech stop the software from running if you don’t have one.

arx1
Enable Logitech Arx support in AIDA64.

 

arx2
Setup your template under “LCD Items”.

arx3
Make sure AIDA64 is enabled within Logitech Arx / Logitech Gaming Software.

logitech-arx-aida64
Install the Logitech Arx app on your phone. It can auto discover Arx over your network. On your PC you will have to allow your phone to connect to Arx via a popup notification that should appear. When you first run Arx on your phone AIDA64 will suggest a resolution to set within AIDA64’s LCD config, you can see that I’ve already done this in the first screenshot. Once you’ve setup your LCD template in AIDA64, you should be good to go.

Lossless video capture without needing fast and huge storage – x264vfw

To get the best quality out of your video captures, it’s best to capture losslessly and encode the content post-capture rather than trying to do it in real-time via software encoding or using hardware encoders. Unfortunately normal raw lossless capturing requires very fast storage and a pretty hefty amount of disk space. SSD drives can cope, but depending on the length of your captures you may well need over 2TB of space, which is currently quite expensive in SSD form. An alternative is to use RAID0 arrays or similar. If your storage cannot keep up with the required write speeds you will end up with dropped frames.

x264vfw
amarectv & x264vfw

A great solution is using the x264vfw codec in lossless mode. You will still have large file sizes (expect past 1GB or more for every minute), however the sizes are much smaller than normal raw lossless capture. This also means the write speeds required for capturing without losing any frames are lower. The highest I’ve seen x264vfw jump in lossless mode is ~60MB/s when a ton of action is going on, otherwise in my captures I’ve seen speeds generally hang around 20MB/s. A standard HDD can cope with this without issue, just make sure the drive isn’t being used by anything else.

For more info on x264vfw, other lossless codecs, and capturing in general – Check out “TheThrillness Blog”.