Just starting now.

--- Transcription Unavailable ---

need to prepare a file for Amber changing the title of somebody and the thing. And before this, I was on a call with Troy in the morning, had a quick call. Michael actually called me just to follow up on certain things to see if we were still interested or not. I was on the phone with him for probably about 10, 15 minutes while I was working on other things. And then I was working on setting up something with Hoodoo just to document everything a little bit easier. And then just so I can get organized and keep track of all these passwords that I have in an area. But, yeah, I'm going to do this letter now and then. And then, yeah.

I just finished the letter, sent it to Amber, had a couple of small corrections to do after, and I'm just going to reply to a couple of emails that I have here. One from Samsung Knox. Apparently we got declined because the postal code was wrong, but it wouldn't let me change the postal code. So that's exactly what I thought was the issue.

Alright, I replied to that email. I also subscribed for a Hoodoo trial that's gonna help me organize all the IT stuff so it's gonna make easier to onboard new people as well into the IT department in the future or if somebody needs to take over.

Launched new server on AWS. I had to set up multi-factor authentication so it took a little bit longer to get in, but I set up a new Ubuntu 24. I'll do that as next notes.

Setting up a track car server.

Set up new LightSail instance with one gigabyte of RAM, and I chose Montreal. I created a new SSH key pair.

Assigned a static IP to the instance.

Running APT update.

Running APT upgrade.

I've pressed Y to acknowledge that I want to do the upgrade to all the packages.

I'm letting it run the APT update and upgrade are basic things that you want to do as soon as you start the server or launch a new server. It just gets everything up to date and upgraded to the newest version. Sometimes it'll ask you about changing the boot manager on it. With AWS it's tricky so it depends on the operating system how you go about doing that because sometimes it can create a problem where you won't be able to get into the server again. We'll see if it prompts me to do it now.

Looks like it's done. I'm going to check if it needs an update to see if the kernel changed. So to do that I'm just going to run the command need restart and it'll tell me if it's needed. In this case I just typed it and it said there's a pending kernel upgrade so I'm going to go ahead and do that.

So, when you're using this package, when you're doing a kernel update, it's going to ask you which services need to be restarted. By default, it's going to suggest which ones need to be restarted. But if you're not sure which one, you can generally restart all of them. And so, you'll get kind of like a visual interface. You just go down and hit the spacebar to enable or disable which one, then hit tab and OK. And it'll disconnect the current SSH session while it does the reboots. Generally leave that to do its kernel update. And then when I'm done, I'll usually just do sudo reboot after as well just to make sure. In the meantime, I will check using top to see how much process is being used. And that'll kind of tell me if there's still anything. Kind of working with it just so that I don't interrupt the kernel update process. I'm checking that now. And it looks like everything is finished. So, I'm going to hit control C to exit out of the top and I'm going to do sudo reboot. And it should reboot the whole server. It'll disconnect from SSH. And hopefully when it boots up, everything will be proper. This is a basic setup for a web server.

Ubuntu comes with its own firewall, it's called UFW, which stands for uncomplicated firewall. When hosting behind a service like AWS, AWS does allow you, under the networking tab of the LightSail, to specify which ports to open and close. UFW can be good for certain things. There are better implementations that prevent brute force attacks, which could be better suited. I personally prefer to use config server firewall, CSF. It's got a little bit more advanced than UFW and provides more protection and different kind of detections, like failed logins. It checks a lot of logs and it can blacklist IPs. Usually CSF, I've installed it on top of CentOS, but CentOS is coming to, I guess, end of life. They're changing a lot of stuff with that. So for now, I'm just going to leave things the way that they are. You got to remember that when working with Amazon AWS and the networking tab, that is a high level kind of firewall. If you don't open ports, they will not be available to your instance.

All right, the server is rebooted. What I am going to do is I am going to do, I am going to type a code, sudo apt, well actually I don't need sudo, I'm just going to do apt install, and then I'm going to do unattended upgrades. Unattended upgrades, they can automate security updates, which is nice. Oh, I do need sudo for that, sudo apt install, unattended, actually I'm just going to elevate sudo su, and then I'm going to do apt install, unattended upgrades. So it's unattended hyphen upgrades. And now, it's already the newest version, so it's already installed. dpkg re-reconfigure hyphen plow unattended upgrades. So it's already installed, and now I'm just going to reconfigure it, automatically download and install, yes. So now I've set it up to automatically install, so the command for that, I'll put in a new message just so I can copy it later.

To allow automatic security updates, you would type in sudo apt install unattended-upgrades. Then once it's installed that, or if you already have it installed, it'll say it's already installed. Then you want to configure it after it's been installed.

To configure it, you type dpkg-reconfigure-plow-unattended-upgrades and hit Enter. Then it's going to show up a package configuration visual interface, and it's going to ask you automatically download and install stable updates and you just hit Yes and Enter.

I'm just going to set the time zone as well for the server, it does help. To do that, I'm going to type in timeDatectl list-timeZones, and then the up and down slash thing grep, and Toronto is going to be the nearest one, and it says America Toronto is what's displayed, so now I'm still pseudo-elevated, so I'm going to do timeDatectl setTimeZone, and then I'm going to type in America slash Toronto, exactly as it showed up in the response, and then I'm going to confirm that it was set just by typing timeDatectl, and then it says everything, and it should say America Toronto, and then it should have the local time, which is 12.58.37, so that works good, and I'm going to set up a sync to network time protocol, so I'm just going to do that doing time, oh no, it's already active actually. If it wasn't active, so in that summary it'll show if the NTP service is active or not, if it's not active, then you can just type timeDatectl set-ntp true.

Now I'm going to install TrackCart.

Since I've rebooted the server, I'm going to do apt update. It should say everything is up to date.

It does not. It shows that there are some that can be updated, so I'm going to view the list by typing apt-list dash dash upgradeable. That's going to show me what they are. Python 3 Distribution Ubuntu Release Upgrader Core. I'm going to upgrade that by typing apt upgrade. Two not upgraded. The following upgrades have been deferred due to phasing. So we don't need to do them. To install TrackCar, I'm going to do apt install unzip and mysql-server.

So the previous command will install unzip and a mysql server. In the command I should have used apt-y install unzip mysql-server just so I don't have to hit yes but if I if you don't do that you can just hit yes and it'll install it. So that's done installing now. Now I'm going to go ahead and configure the mysql database.

I'm just actually going to run systemctl status mysql to make sure that everything was loaded and active. And it does show that it is active and running, so everything is good.

I'm going to set up the basic database to do that. You're going to type in mysql-u root and then dash dash execute equals, and then double quotes, and inside the double quotes, I'm going to type alter user, and then single quote root, close single quote, at single quote, local host, close the single quote, identified with, I got to make my terminal here a little bit bigger because I can't see what I'm doing. Identified with, we're going to do mysql-native-password, so we're going to type identified with, and so alter user and identified with in mysql, keep it all capital, mysql-native-password is going to be lowercase, then capital by, and then single quote root, and then semicolon after you post it, and then grant all on in capital, and then you're going to do star, where's my star button? Star dot star, two, and then single quote root at single quote, local host, close the single quote. Sorry, you're opening and closing for root and opening and closing for local host everywhere. I'll try to, once I have this written out and it's not in my head, I'll say the whole string. What am I doing here? Grant all on star dot star to root at local host, with grant option, and I'm going to do flush privileges. I always spell privileges wrong, semicolon, and then I'm going to do create database, and track car, and close that. The whole string, I'll put in a new one, a new message here.

So run the string, lowercase mysql dash lowercase u, lowercase root dash dash execute in lowercase equals, double quote, double quote, and then go back so that you're typing inside of the double quotes, alter user in capital, single quote root, single quote app, single quote local host, single quote, identified with in capital, mysql underscore native underscore password in lowercase, by in capital, single quote root, single quote, semicolon, grant all on in capital, star dot star, to all uppercase, single quote root, single quote in lowercase, at single quote local host, single quote, again, lowercase, with grant option in uppercase, semicolon, flush privileges in uppercase, semicolon, create database, and then I called it track car. A track car is spelt T-R-A-C-C-A-R, and then a semicolon, and track car is gonna be lowercase, but create database would be an uppercase.

Now I'm going to download the actual TrackCar server. To do that, I have to go to trackcar.org and find out what the URL is, and then I'm going to use wget to download it.

So I'm going into trackcar.org, I'm going to go into the downloads at the top, installers, and under Linux x64, I'm going to right-click, inspect, or copy link, or whatever. It looks like it's going from Github 6.5, 6.5 is the current version, but I wonder if there is a latest redirect, there is a latest redirect, why would it not give me that? Okay, so I'm going to use the latest redirect, I don't know why it didn't tell me about this, but you can go to trackcar.org, slash download, slash trackcar-linux-64-latest.zip, and download that, or you can go to Github to download a specific version, so you can just do github.com, slash trackcar, slash trackcar, slash releases, slash download, slash v6.5, slash trackcar-linux-64-6.5.zip. So probably, just because it's easier to type, I'm just going to use the regular one, from the shorter one from the website.

To download, just type in wget https://www.trackcar.org https://www.trackcar.org

Now that it's downloaded, I'm just going to do unzip and I'm going to type in TrackCar-Linux and I'm going to hit tab and it's going to automatically populate the rest for me. Oh, I spelt unzip incorrectly. Okay, it's been extracted. Now I'm going to run it. Actually, I've got to see. I'm going to type in ls to see what's there. I'm going to just extract TrackCar.run. I'm just going to do ./.TrackCar.run as a file and then hit enter. It should install and configure everything. There will be some other stuff that I need to do, like configuring the MySQL, but I'm going to let it download and install whatever it needs right now.

All right, now I'm going to do vi to edit the MySQL configuration. So I'm going to vi slash OPT slash track car slash conf slash track car dot XML. And inside of there, I'm going to type in a bunch of code, probably better if I copy this somewhere else, because there's going to be quite a bit, quite a bit in there.

So I made a bit of a mistake, I'm going to have to go back and change it. I didn't want to assign the root user to track car, so what I am going to do is I'm just going to change the password for the root user, and then I'm going to create a new user. And I'm going to create a new MySQL user for track car itself, just to keep things separate.

I'm going to log into MySQL, I'm going to type in mysql-u root-p, hit enter, it's going to prompt me for a password. Now that I'm in here, I'm going to type create user, I'm going to call it track car, track car at localhost, identified by, I'm going to put in a password here, I'm just going to use a random string generator off of Google, and I'm going to do 16, get string, actually I'm going to make it 24, I'm going to make it 24 long, so I'm just using random.org, I'm going to copy, I make them 24 characters long, upper lower case, letters, and then numbers, I try to avoid symbols in there just to make it a little bit more, just to avoid any kind of problems, and then grant all on the database that I created, track car dot star, and two, and actually I'm going to call this track car, create user, track car underscore DB user, track car underscore DB user, at localhost, and flush privileges, privileges, I suck at spelling this stuff. Okay, I'm going to hit enter.

Now I'm also going to change the mysql root password just to be safe, so I'm going to type alter user root at localhost identified by And then I'm just going to copy this second password over here from random Paste And then flush privileges Now I'm going to take exit With a semicolon at the end. I'm going to try to log in again mysql Dash u root dash p and I should be able to Paste the password. Oh Error access denied It did not update the password for some reason from root Hmm. I don't know why What did I write here before? alter user root at localhost identified by flush privileges Okay Hmm exit I am in sudo so I might have to Just do that again What did I do here? Okay Root okay alter user Root localhost identified with mysql password by new password and then flush privileges You son of a alter user root at that the before that password was set. Otherwise we're going to have problems in the... access denied. I'm going to have to redo the password again for that user, so it's good I checked now.

Alright, I fixed the password issues, missing single quotes and stuff, anyways, now I'm going to VI into that file, and I'm going to edit everything, the biggest part that I have to edit, using VI you press I to insert and edit, I have to change the database user, and the password, and then you can hit escape, colon, right click, wq, big thing too when copying and pasting, you can't do ctrl c, ctrl v, ctrl c is actually a cancel command in Linux, so you have to right click and paste.

Ok, now that I've updated that, I'm going to type systemctl status trackcar, it says enabled but it's inactive, so I'm going to type service trackcar start to register it as a service, and now I'm going to run systemctl status trackcar, and it looks like loaded, it's activating, so it's activating, filled with exit code, hmm, trackcar loaded, trackcar conf.xmlxx start, trackcar server.jar, trackcar.xml, I think the location of the file might have actually been, it shouldn't be, it should be fine, it's still not loaded, it still says activating, I'm going to have to figure this out.

Well, never mind, it just took a while for it to start up, so I just did systemctl status trackcar a couple times, and eventually it shows up with a little green dot, and it says active running. So I guess it just needed some time to initialize. I wonder if that's going to be the same every time, or just the first time.

Now I'm going to set up Apache so that I can have a front-end interface for it. So I'm going to have to add a couple of repositories. Probably easier that I just write this in code later on. I'm just going to type away and I'm going to install Apache. I'm going to install something for SSL management. I'm going to edit virtual host file to point it to the IPs of the Tracker instance using a proxy and then I'm going to get probably use certbot to automatically to automatically to automatically renew the certificates when they come up for expiry.

So I'm running sudo add-apt-repository ppa colon ondrey-apache2, then I'm running sudo apt-get install ssl-cert apache2.

Then I'm running sudo a2enmod ssl proxy-http proxy-ws-tunnel rewrite and then I'm gonna have to do service Apache to restart right after.

Now I'm going to VI and create a new file so vi slash etc slash Apache to slash sites dash available slash Tracker.conf. I'm going to create that file I'm gonna hit my I key and then I'm going to write the virtual host which is probably easier if I copy and paste it later

I'm going to have to go into the DNS management for magentaconstruction.com, magentaconstruction.com. I'm going to add a new A, the name is going to be GPS magentaconstruction.com, and the TTL I'm going to set to the lowest possible 300, and I need to get the IP address of this server. Which is 35.182.203.198, let me just double check to make sure that is, in fact, correct. I'm going to go into networking and check, 182.203.198, okay, so I've added an A record for that, and I'm going to go back, open up my SSH, I've created the file, and I'm going to write quit. And now that I've done this update, I'm going to have to disable the default site. I'm still in sudo, so it's going to be A2, or what is it, A2DIS, site, A2 default, site123, default, to activate new configuration, I don't want to do that right now because I want to set the new site. A2EN, enable site, EN site tracker, and now I'm going to do service, Apache 2, restart,

Now I'm going to install the SSL apt install cert-bot-python3-cert-bot-apache. Now that's been installed, I'm going to run check for systemctl status cert-bot-python3-cert-bot-apache. It's on, it's inactive, but I will activate it by doing cert-bot, but it's got a timer, and Apache. And then it's asking me for an email address, I'm just going to use conrad at magentaconstruction.com And agree to the terms, and would you be willing to share your email address with the electronic frontier foundation, I'm going to click no. Which names would you like to activate HTTP for, we recommend either all domains, or all domains in virtual host block, it found the gps magenta construction, select the appropriate number, all I've got to do is select one. And now it's requesting the certificate for the cert-bot, you have successfully enabled HTTPS, so everything looks good. And now all I'm going to do is I'm just going to do service track car stop, and I'm going to check systemctl track car is inactive. And now I'm going to do service track car start, and we'll just wait for track car to start up. And I have to go in, while I'm waiting for that to load up, and I have to add an ipv4 firewall rule, for port 443, for SSL. And I will add one anyways, I shouldn't have to, but I'm going to add one anyways for 8082, which is what track car uses. I'm just not sure if maybe the mobile app relies on 8082 port, so I'm just going to enable that anyways. And check the status, it's still loading. I'm just looking at top as well while it's kind of loading. Seems to be failing. Seems to be failing, but it seemed to undo that before. Anyways, I'll wait for it a little bit longer, might just take some time.

Looks like there's a problem with my initial configuration file for the XML, but I got it changed, and I also added the MySQL port over there so that I can make sure that it's good. I think it was extra spacing that was causing an invalid XML, but everything seems to work now. So I'm just setting up the default username, I've confirmed that the website is loading.

Alright, everything seems to be working. I'm just going to add one of the phones, test it out. I have everything documented here. I thought I'd do a bit more documentation, but I pretty much have everything documented, what I did. Pretty easy to use. But I'm going to install it now on one of the phones, and I'm going to see how it works.

It seemed to work but seems like there's a small error I'm going to look into right now.