Fli
10-25-2022, 03:34 PM
Session messenger (https://getsession.org) featuring not only private group chats (limited to 100 members), but also unlimited open communities (called SOGS) - homepage https://github.com/oxen-io/session-pysogs
This tutorial on how to install and use open community software (SOGS) is based on https://github.com/oxen-io/session-pysogs/blob/dev/install-debs.md but goes into detail.
You will learn how to choose server, how to connect it, install SOGS software, backup it and restore on new server in future.
What is needed to run SOGS?
Anyone can host it on stable computer with good internet connectivity and public facing hostname/IP that does not change.
So for this purpose is recommended to order virtual private server (VPS).
VPS price is from around $2 monthly. Approximate minimum VPS requirements:
1 CPU
512MB RAM+ (if you want to block some profane/pedo phrases in user messages, like hundreds of blocked phrases, then you may need 1 or 1.5 GB RAM)
5GB disk+ (Default SOGS installation requires only 100MB of the disk space. But some space needed later for users attachment images.., attachments older minimum 24 hours or more can be auto-deleted, so no need of big space)
OS: Debian or Ubuntu
Domain name. It cost $12/year, but for $1/year you can get numeric domain name (6-7 characters or more and .xyz extension, like 7864253658.xyz) from https://namecheap.com or other company (not all offer $1 domain renewal, some only initial first year). In namecheap one go to Advanced DNS/Host records and add new values like: type A, host "@", value "serverIP" and click checkmark to confirm.
Some VPS offers:
Trusted high availability/uptime cloud VPS in EU: https://www.wedos.com/vps-on / https://www.hetzner.com/cloud
Cheapest VPS: http://lowendstock.com/
Big storage VPS for media sharing: https://internetlifeforum.com/showthread.php?1130-Cheapest-Linux-VPSs-available-for-backups-(under-3-monthly)
Installation of the SOGS:
Once you have a VPS running (selected operating system Debian or Ubuntu during order), you need to connect it via SSH. On Windows, software called KiTTY or PUTTY can connect it. On Linux, you can run "ssh -l root yourVPSIP" in your terminal application.
Create new user _loki (set non trivial password):
adduser _loki --force-badname --gecos GECOS && usermod -aG sudo _loki && exit
Now connect SSH again as user _loki instead of root. On Linux: ssh -l _loki serverIP
And once logged in, run:
sudo curl -so /etc/apt/trusted.gpg.d/oxen.gpg https://deb.oxen.io/pub.gpg && echo "deb https://deb.oxen.io $(lsb_release -sc) main" | sudo tee /etc/apt/sources.list.d/oxen.list && sudo apt update
sudo: command not found? then remove "sudo " occurences from the above and following commands
sudo apt install sogs-proxied # enhanced install that includes certbot for HTTPS URL
Then it demands public hostname or IP, examples: https://sogs.example.net, http://example.com:8080, http://198.51.100.42
If you are serious about your community (run for years), use domain name - $1/year domain (incl. renewals) is from namecheap.com as described above. IP in address is not recommended because you may loose VPS or just its IP and community will stop working for everyone as a result. httpS means to do a bit more work later yet it does not really help since traffic in Session is already encrypted.
Next prompt during SOGS installation was: This package includes automatic configuration for nginx and apache2
Selected "Yes" (to activate that configurations)
Important files paths and service name:
> Creating config file /etc/sogs/sogs.ini with new version
> Creating config file /etc/nginx/sites-available/sogs-proxy with new version
> Creating config file /etc/apache2/sites-available/sogs-proxy.conf with new version
> Creating config file /etc/sogs/uwsgi-proxied.ini with new version
> Created symlink /etc/systemd/system/sogs.service → /lib/systemd/system/sogs-proxied.service.
> Created symlink /etc/systemd/system/multi-user.target.wants/sogs-proxied.service → /lib/systemd/system/sogs-proxied.service.
Edit SOGS configuration (optional): sudo nano /etc/sogs/sogs.ini # to change/activate some value, you need to remove ";" before it
Restart SOGS (after changing configuration): sudo systemctl restart sogs.service
SOGS service is running by default and starts at boot. Shows 60MB memory usage (sudo systemctl status sogs.service), later my established sogs shows 230MB and one year later 1000MB (likely due to a profanity blocklist of ~900 phrases).
Making aliases for easier access, run commands:
alias sogsconfig="sudo nano /etc/sogs/sogs.ini && time sudo systemctl restart sogs.service"
alias sogsrestart="sudo systemctl restart sogs.service"
alias sogslv='f="/var/lib/session-open-group-server/profanity-block-list.txt";mv -f "$f" /tmp/ && touch "$f" && sogs -Lv && mv -f /tmp/profa*.txt "$f"'
and same lines insert into file $HOME/.bashrc
From now on to edit configuration, you would run command "sogsconfig". For restart run command "sogsrestart" and for listing rooms "sogslv". sogslv workarounds an issue where "sogs -Lv" is Killed due to memory usage (500 phrases in profanity blocklist).
Now it is time to install SSL certificate (https://certbot.eff.org/instructions) in case you have used https:// not default http:// during SOGS setup:
sudo apt install python*certbot-nginx
sudo certbot --nginx -d YOURDOMAIN.xyz -d www.YOURDOMAIN.xyz (http://www.YOURDOMAIN.xyz)
systemctl status certbot # this service is running so i expect automatic renewal of the SSL
After visiting your domain in web browser you may see "Welcome to nginx!".
I have fixed it by editing /etc/nginx/nginx.conf. But first back it up (cp -p /etc/nginx/nginx.conf /etc/nginx/nginx.conf-backup).
Open editor: sudo nano /etc/nginx/nginx.conf
replacing: server {
...
...
}
section by:
server {
server_name https YOURDOMAIN.xyz www.YOURDOMAIN.xyz;
client_max_body_size 10M;
location /static/ {
autoindex off;
root /usr/lib/python3/dist-packages/sogs;
}
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://127.3.2.1:4242$request_uri;
proxy_redirect http://127.3.2.1:4242/ https://$host:$server_port/;
}
listen 80;
listen [::]:80;
listen 443 ssl; # managed by Certbot
listen [::]:443 ssl;
ssl_certificate /etc/letsencrypt/live/YOURDOMAIN.xyz/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/YOURDOMAIN.xyz/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
and commented out (by prefixing #) or removing lines at the end of that file:
# listen 80;
# server_name localhost;
# return 404
Then: sudo systemctl restart nginx && sudo nginx -t
If there is failure, then discover detail using: sudo journalctl -xeu nginx
If you have issue with above configuration, you may also try this one https://loganmarchione.com/2018/09/lets-encrypt-wildcard-certificates-with-certbot-on-nginx/#nginx-config
END OF FIXING of a "Welcome to nginx issue."
Managing users and communitites:
New room (replace "test" by short room name without spaces. Allowed characters: a-z, 0-9, -, _):
sudo sogs --add-room "test" --name "Testing room" --description "Room for discovering how SOGS works."
Paste resulting web address to Session, +, Join community.
New global admin (all rights for all rooms/communities):
sudo sogs --rooms + --add-moderators SessionBlindedIDhere --admin --visible
- BlindedID is not regular Session ID. Non-blinded ID may fail to show you Unban menu entry etc., so you need to post into your community and ask someone in same community or create secondary ID/profile and under it right click the post of your main ID (that u want to set as admin) and under More information, discover your blinded ID to use in above mentioned command. Write it down for future use.
- If you want to hide the fact that you are admin - not showing crown on avatar, use --hidden instead of --visible , BUT the Session bug (https://github.com/oxen-io/session-desktop/issues/2618) may cause you won't be able to edit community logo as hidden admin, so temporarily set as visible.
New moderator of the community/room called "test":
sudo sogs --rooms test --add-moderators SessionIDhere --visible # one can add more IDs to more communities in one command just separating these by space
Remove admin/moderation permissions: replace "add" by "delete" in above commands
Set default permission (https://docs.oxen.io/oxen-docs/products-built-on-oxen/session/guides/open-group-setup/read-only-room-setup#3.-alter-room-permissions) for regular users (i think that mods/admins are permitted always): (w=write, u=upload, r=read, a=access; test=room name; remove-perms/add-perms)
sogs --rooms test --remove-perms w # removes writing(posting/deleting?) permission for the existing and new regular users of a group "test". So it does not apply on mods IMO.
sogs --room test --add-perms ra --remove-perms wu # make room readable and accessible but not writeable and upload FOR REGULAR USERS (mods/admins have all rights)
LIST communities and its moderators: sudo sogs -Lv
Additional SOGS commands: sudo sogs -h
Important tweaks:
▶️ Restart SOGS if it is in A) in failed state by making sure that the file /etc/systemd/system/sogs.service contains "Restart" lines like this:
Restart=always
RestartSec=5s
or on-error instead of always
then apply changes: sudo systemctl daemon-reload; systemctl restart sogs.service
or B) each 5 minutes in case it has not active but activating status (i assume it is stuck/crashed, i have seen cases where it was stuck in this state and was not usable). Execute "crontab -e" (i am doing it as a root, is it unsafe?) and then paste new cronjob line:
*/5 * * * * if [[ "$(/usr/bin/systemctl status sogs|grep Active)" == *"activating"* ]]; then /usr/bin/systemctl restart sogs.service; fi
▶️ Increase privacy of a community users by disabling display of their messages at http://yoursogsaddress/r/communityname (http://sogsaddress/r/communityname) :
sudo sed -i "s/;http_show_recent = yes/http_show_recent = no/" /etc/sogs/sogs.ini && sudo systemctl restart sogs.service
▶️ Disable listing of the hosted communities at http://yoursogsaddress/ (http://sogsaddress/r/communityname):
sudo sed -i "s/;http_show_index = yes/http_show_index = no/" /etc/sogs/sogs.ini && sudo systemctl restart sogs.service
It is not working? Then try to edit/modify the web page (/usr/lib/python3/dist-packages/sogs/templates/index.html) but you need to prevent system to overwrite file during sogs package update. I did it like this: chattr +i /usr/lib/python3/dist-packages/sogs/templates/index.html
To allow modification again, you would need to "chattr -i"
▶️ Disable nginx logging (during 5 days it produced 1.5million log lines for a few groups with 50 active users in size of like 250MB!):
sed -i "s|http {|http {\n access_log off;\n error_log off;|g" /etc/nginx/nginx.conf;nginx -t && systemctl reload nginx # if everything right, it should reload, else, manually check the _log containing lines
▶️ Save a lot of disk space by logging only SOGS errors - there may be really hundreds of thousand of less severe log entries on low visit sogs server eating hundreds of MBs. First run:
grep log /etc/sogs/*.ini
Execute one of the two following commands only if previous command output does NOT contain "disable-logging = true":
A) echo ":omusrmsg:contains, "/oxen/v4/lsrpc" stop" > /etc/rsyslog.d/123-uwsgi-sogs.conf && systemctl restart rsyslog.service && systemctl status rsyslog.service
# to see the sizes of a log files and recent sogs log entries: ls -lhS /var/log|head; grep uwsgi /var/log/{syslog,daemon.log|tail}
B) for f in $(find /etc/sogs/ -name uwsgi*.ini); do echo -e "log-4xx = true\nlog-5xx = true\ndisable-logging = true"|sudo tee -a "$f"; done && sudo systemctl restart sogs.service
Then set minimum warning to ERROR level:
C) sudo sed -i "/level = /c\level = ERROR" /etc/sogs/sogs.ini && sudo systemctl restart sogs.service
▶️ Automatically delete Session community messages (should delete also attachments..) older than for example 24 hours from server:
PostgreSQL back-end, cronjob (added under root shell which may be entered using su, sudo su commands, then crontab editor is "crontab -e"), appending line:
0 * * * * root su - postgres -c '/usr/local/bin/expiry_sessiongroup' > /dev/null
Then the content of the /usr/local/bin/expiry_sessiongroup :
--() { :; }; exec psql sogs -f "$0"
delete from message_details
where room = ROOMNUMBERHERE and posted < extract(epoch from now() + '24 hours ago');
more removal options are described in this (https://web.archive.org/web/20240628055131/https://stuff.oddch.at/51403/retention-policy) Oddchat article.
Beside that, one can let just attachments be automatically deleted (messages will remain) by modifying mentioned /etc/sogs/sogs.ini file, setting "expiry = " variable so the line become for example this for 14 days maximum age of attachment: expiry = 14
(users who opened Session in last 14 days have already downloaded attachments, and these will remain on their computers, only the Session server will save the space by removing old files)
▶️ Ban/mute/block messages containing certain phrases/words (2 one-liner commands):
wget https://raw.githubusercontent.com/slrslr/misc/main/profanity-block-list.txt -O /var/lib/session-open-group-server/profanity-block-list.txt;
sudo sed -e "/profanity_filter = /c\profanity_filter = yes" -e "/profanity_silent = /c\profanity_silent = no" -e "/profanity_custom =/c\profanity_custom = /var/lib/session-open-group-server/profanity-block-list.txt" /etc/sogs/sogs.ini > $HOME/sogs.ini && sudo mv $HOME/sogs.ini /etc/sogs/sogs.ini && sudo systemctl restart sogs.service
# Messages containing profane strings will be blocked now, For it to apply also on you/mods/admin, sogs.ini must contain line "filter_mods = yes" (without ; at the beginning)
# then there will be red denied icon upon posting profane comment and client log entry be "filtration rejected message (profanity)"
# profane words are not case sensitive, should not be too long, else sogs will fail to start (https://github.com/oxen-io/session-desktop/issues/2626), profane phrases inside posts must be separated from other message words by space, dot, comma, else ban is not trigger, meaning "verybad phrase?" will not block, but " bad phrase. " yes.
To setup command "sogsblock" where you can input new blocked phrase to be applied to your SOGS rooms, execute following command and append it also to the file $HOME/.bashrc in order for it to survive the reboot:
alias sogsblock='f="/var/lib/session-open-group-server/profanity-block-list.txt";read -r -p "Block SOGS messages containing following phrase (hit enter to confirm):" p;if [[ "$(grep -w -c "$p" "$f")" == 0 ]]; then echo "$p"|sudo tee -a "$f" 1>/dev/null && sudo systemctl restart sogs; else echo -e "Failed: phrase like this or extended already exist:\n$(grep -i "$p" "$f")\n-> You can edit file "$f""; fi'
Now you can add new denied word by executing command "sogsblock" instead of manually editing the file.
Profanity sender is denied and custom private reply can be sent to them. To customize automated reply, just add following section into /etc/sogs/sogs.ini and restart sogs service:
[filter:*:profanity]
profile_name=CommunityFilter
reply=\@ Unfortunately Your message was not published because it contained forbidden phrase/s. Trying to evade/workaround this blocking by rewriting potentially forbidden words may result in ban without notice, please do not do it and use other community instead: https://sessioncommunities.online
▶️ To at least double profanity protection and increase blocking possibilities, use custom script with its pre-built blocklists that will remove even more bad phrases and regular expressions. Script is called session-profanity-remover.sh and its content is here (https://raw.githubusercontent.com/slrslr/misc/main/session-profanity-remover.sh). Following one-liner command downloads it and two blocklists into directory /var/lib/session-open-group-server/ and then adds a new cronjob which runs once you reboot the server (launching the profanity remover script at background).
cd /var/lib/session-open-group-server/ && sudo wget -qc https://raw.githubusercontent.com/slrslr/misc/main/session-profanity-remover.sh https://raw.githubusercontent.com/slrslr/misc/main/profanity-block-list-partial-match-regex.txt https://raw.githubusercontent.com/slrslr/misc/main/profanity-block-list-partial-match.txt
chmod +x session-profanity-remover.sh && echo -e "$(crontab -l 2>/dev/null)\n@reboot /bin/bash /var/lib/session-open-group-server/session-profanity-remover.sh &" | crontab -
If you want to launch the remover immediately on foreground (to see what it is doing while you add the bad phrase), execute command: /var/lib/session-open-group-server/session-profanity-remover.sh
Ctrl+C to terminate the script. If you want to run it immediately on background, run the same command only append " &" after it.
Note that while testing the functionality, Session client may fail to remove your bad message even it is removed from the server. Though it should have been removed for everyone else.
▶️ To entirely disallow regular users sending private messages each other (avoiding serving as a p@ed-ophile junction), you have 3 options:
A) (SQL-trigger) https://internetlifeforum.com/showthread.php?28339-solved-Session-SOGS-community-server-SQL-triggers
B) inside /usr/lib/python3/dist-packages/sogs/routes/dm.py replace
def send_inbox(sid): by:
def send_inbox(sid):
abort(http.NOT_FOUND)
(4x space before the 2nd line is important)
and restart SOGS: sudo systemctl restart sogs*
Session client restart may not be needed. You can still try to PM to others but it will fail sending and even if appear sent on Resend, it should not be delivered.
C) other option is to disable require_blind_keys , but it decreases users privacy by disabling obfuscation of their Session IDs, you can edit and paste to /etc/sogs/sogs.ini new lines:
[users]
require_blind_keys = no
(make sure [users] does not exist before pasting not to cause duplicity, if exist just append the require* line under it.)
restart sogs: systemctl restart sogs*
Then restart client and newly added messages should not be blinded and user icon not click-able (unless you already chat with that user before). If it does not work, maybe try to replace no by false in sogs.ini, require_blind_keys line.
▶️ Bad/malevolent community admins added by your admins (admins has right to add other admins), may remove other admins leaving group overspammed. To prevent this, you may setup a repetitive task of re-setting yours defined list of mods/admins, run following 3 commands and then read the content of the downloaded .sh file:
cd /var/lib/session-open-group-server/ && sudo wget -qc https://raw.githubusercontent.com/slrslr/misc/main/session-moderator-list-unban-keep-rights.sh
chmod 600 session-moderator-list-unban-keep-rights.sh
echo -e "$(crontab -l 2>/dev/null)\n44 * * * * /bin/bash /var/lib/session-open-group-server/session-moderator-list-unban-keep-rights.sh &>/dev/null" | crontab -;cd -
(SQL-trigger) Ban user who posts too long text message: https://internetlifeforum.com/showthread.php?28339-solved-Session-SOGS-community-server-SQL-triggers
(SQL-trigger) Automatically delete messages and reactions (from all rooms, except user defined room) of a user who gets banned: https://internetlifeforum.com/showthread.php?28339-solved-Session-SOGS-community-server-SQL-triggers
▶️ Command to ban user in all server rooms (possibly it can be used in a similar script like one mentioned a few lines above) IMBW, but i think one need to use blinded ID 15..., not unblinded one 05...):
sqlite3 /var/lib/session-open-group-server/sogs.db 'UPDATE users SET banned = TRUE WHERE session_id = "15...";'
(temporary ban: insert a row into the `user_permission_futures` or `user_ban_futures`)
▶️ Discover blinded Session ID from unblinded one (replace "05...unblindedID...") - I have doubts that it generates correct ID (it may differ from one provided via Session GUI), improvements are welcome (please comment):
id="05...unblindedID...";dir="$(pwd)";cd /var/lib/session-open-group-server && sudo su -s /usr/bin/python3 -c 'import sogs.crypto; print(sogs.crypto.compute_blinded_abs_id("'$id'"))';cd "$dir"
▶️ Unban blinded Session ID in certain room (replace ROOMNAMENOSPACES and BLINDEDIDHERE):
sqlite3 /var/lib/session-open-group-server/sogs.db "UPDATE user_permission_overrides SET banned = FALSE WHERE room = (SELECT id FROM rooms WHERE token = 'ROOMNAMENOSPACES') AND user = (SELECT id FROM users WHERE session_id = 'BLINDEDIDHERE');"
▶️ Command to change room description: sqlite3 /var/lib/session-open-group-server/sogs.db 'UPDATE rooms SET description = "New description" WHERE token = "test";' # token test is the room name shown in its URL/address
▶️ Command to change room name: sqlite3 /var/lib/session-open-group-server/sogs.db 'UPDATE rooms SET name = "New name" WHERE token = "test";' # token test is the room name shown in its URL/address
▶️ Command to show room IDs: sqlite3 /var/lib/session-open-group-server/sogs.db 'select id,token from rooms;'
▶️ Command to remove messages older 30 days from room with token yourtoken: sqlite3 /var/lib/session-open-group-server/sogs.db 'DELETE FROM message_details WHERE room = (SELECT id FROM rooms WHERE token = "yourtoken") AND posted < strftime("%s", "now", "-30 days");' # yourtoken is room name shown also in room URL
To run previous command for example daily at 10:10AM, append following line into "crontab -e" after replacing yourtoken by the room name shown also in a room URL:
10 10 * * * sqlite3 /var/lib/session-open-group-server/sogs.db 'DELETE FROM message_details WHERE room = (SELECT id FROM rooms WHERE token = "yourtoken") AND posted < strftime("\%s", "now", "-30 days");' # yourtoken is room name shown also in a room URL
Last words:
It is important to:
1) Backup /var/lib/session-open-group-server directory and /etc/sogs/sogs.ini file.
2) update SOGS automatically (not recommended): sudo apt update && sudo apt upgrade (if something is wrong with new sogs version, maybe you can install old version using find / -iname *.deb|grep sog && dpkg -i oldpackagename)
To backup, you can either:
A) schedule a reminder to make and download your backups from your home computer, for example via SFTP(SSH) client called FileZilla (https://filezilla-project.org/)
B) setup a cronjob to run following Linux bash script so it regularly update system incl. SOGS and make SOGS backup and optionally transfer it to a remote server via SSH.
Rest of this tutorial is about B) cronjob and bash script automatic backup + restore. If you are not interested in this, you can end there. Last thing is to please join community of session open group(community) operators - SOGOPS (listed at https://sessioncommunities.online/ and https://lokilocker.com/Mods/Session-Groups/wiki/Session-Open-Groups ) to say hello and mention your group name. Also feedback to this tutorial is welcome on that place or here.
REST OF THIS TUTORIAL IS ABOUT UPDATE/BACKUP SCRIPT:
Downside of the following backup approach is that it creates backup on SOGS server (requiring additional disk space temporarily or permanently). If the disk space is precious on SOGS, better would be to "rsync -avz" from remote server, that way there would be no additional backup stored on source SOGS server).
sudo nano /etc/cron.daily/sogs && sudo chmod 755 /etc/cron.daily/sogs
Opens editor into which we need to paste following script code:
#!/bin/bash
export DEBIAN_FRONTEND=noninteractive && export DEBIAN_PRIORITY=critical
# update can go wrong so it is not recommended to do it automatically # sudo -E apt-get -qy update && sudo -E apt-get -qy -o "Dpkg::Options::=--force-confdef" -o "Dpkg::Options::=--force-confold" upgrade && sudo -E apt-get -qy autoclean
# source: https://unix.stackexchange.com/a/404757
datetoday="$(date --rfc-3339=date)" && bckpdir=$HOME && mkdir -p "$bckpdir" && cd "$bckpdir"||exit
echo -e "How to restore SOGS related files:\nsogs.ini > /etc/sogs/sogs.ini\nindex.html > /usr/lib/python3/dist-packages/sogs/templates/\nnginx.conf > /etc/nginx/\nindex-server-var-www.html > /var/www/html/\nscripts > $HOME/\nOther files
> /var/lib/session-open-group-server/\n\nOther details: https://internetlifeforum.com/showthread.php?22814-Session-messenger-how-to-create-new-open-community-group" > "$bckpdir"/readme
sudo cp -prf /etc/sogs/sogs.ini /var/www/html/index-server-var-www.html "$bckpdir"/readme /var/lib/session-open-group-server/ # copy important files
sudo cp -prf /etc/sogs/uwsgi-proxied.ini /home/_loki/scripts /usr/lib/python3/dist-packages/sogs/templates/index.html /etc/nginx /var/lib/session-open-group-server/ 2>/dev/null # copy optional files
sudo systemctl stop sogs.service
if [[ ! $(sudo find . -name sogs-backup.tar.gz -mtime -27) ]]; then # make backup if the previous backup file is older 27 days or there is no backup file
/bin/nice -n 19 /usr/bin/ionice -c2 -n7 sudo tar --exclude='*.sock' --exclude='/var/lib/session-open-group-server/uploads/*/*' -czf sogs-backup.tar.gz /var/lib/session-open-group-server
fi
sudo systemctl start sogs.service
# Send backup file from SOGS server to backup server via SSH:
#rsync -av --delete --bwlimit=1500 -e "ssh -p 22" $bckpdir/*.tar.gz root@BackupServerIPHere:~
1) if you are not having backup server/not interested to transfer SOGS backup to remore SSH server, then find line starting "rsync" and place # before "rsync" to disable that line.
2) if you are having backup server, then on line starting "rsync" set backup server IP and SSH port number (default is 22) to match your backup server credentials.
Ctrl+X, y
(to save)
Now if you have backup server run on your SOGS server following commands to setup SSH password-less access to your Linux backup server. Before running that, replace root@BackupServerIPHere or SSH port 22 as if it will ask during key generating "Enter passphrase (empty for no passphrase)" just hit enter (cron will connect remote SSH server without password):
if [ ! -f $HOME/.ssh/id_rsa ]; then ssh-keygen; fi;ssh-copy-id -p 22 root@BackupServerIPHere
sudo su
if [ ! -f /root/.ssh/id_rsa ]; then ssh-keygen; fi;ssh-copy-id -p 22 root@BackupServerIPHere
Script was setup and should be working.
Now how to restore sogs-backup.tar.gz file on new server?
1. Install SOGS on new server according to tutorial above.
2. stop it: sudo systemctl stop sogs.service
3. go to directory where is located sogs-backup.tar.gz on new server (by default in root user home directory /root: cd;ls -l|grep gz)
4. Extract it: sudo tar -xzvf sogs-backup.tar.gz -C / && sudo mkdir -p /etc/sogs 2>/dev/null && sudo mv /var/lib/session-open-group-server/sogs.ini /etc/sogs/sogs.ini && sudo systemctl restart sogs.service 2>/dev/null
5. Ran following on new server search and replace old server IP by new one. If you would be changing domain, then use old and new domain:
find /etc/nginx/ /etc/apache2 /etc/sogs/ -type f -print0 | xargs -0 sed -i 's|OLDIPHERE|NEWIPHERE|g'
6. restart webserver proxy and SOGS: sudo systemctl restart nginx && sudo systemctl restart sogs.service && sudo sogs -Lv 2>/dev/null
7. Now i can join the group on new server and it loaded also old content of it.
8. Notify in old server group about the change and provide new link. Stop old server sogs (systemctl stop sogs.service) and update group link if posted on internet.
Now in Session i left groups on old server and joined group of new server and it loaded all messages. I left the group and restart session,a
This tutorial on how to install and use open community software (SOGS) is based on https://github.com/oxen-io/session-pysogs/blob/dev/install-debs.md but goes into detail.
You will learn how to choose server, how to connect it, install SOGS software, backup it and restore on new server in future.
What is needed to run SOGS?
Anyone can host it on stable computer with good internet connectivity and public facing hostname/IP that does not change.
So for this purpose is recommended to order virtual private server (VPS).
VPS price is from around $2 monthly. Approximate minimum VPS requirements:
1 CPU
512MB RAM+ (if you want to block some profane/pedo phrases in user messages, like hundreds of blocked phrases, then you may need 1 or 1.5 GB RAM)
5GB disk+ (Default SOGS installation requires only 100MB of the disk space. But some space needed later for users attachment images.., attachments older minimum 24 hours or more can be auto-deleted, so no need of big space)
OS: Debian or Ubuntu
Domain name. It cost $12/year, but for $1/year you can get numeric domain name (6-7 characters or more and .xyz extension, like 7864253658.xyz) from https://namecheap.com or other company (not all offer $1 domain renewal, some only initial first year). In namecheap one go to Advanced DNS/Host records and add new values like: type A, host "@", value "serverIP" and click checkmark to confirm.
Some VPS offers:
Trusted high availability/uptime cloud VPS in EU: https://www.wedos.com/vps-on / https://www.hetzner.com/cloud
Cheapest VPS: http://lowendstock.com/
Big storage VPS for media sharing: https://internetlifeforum.com/showthread.php?1130-Cheapest-Linux-VPSs-available-for-backups-(under-3-monthly)
Installation of the SOGS:
Once you have a VPS running (selected operating system Debian or Ubuntu during order), you need to connect it via SSH. On Windows, software called KiTTY or PUTTY can connect it. On Linux, you can run "ssh -l root yourVPSIP" in your terminal application.
Create new user _loki (set non trivial password):
adduser _loki --force-badname --gecos GECOS && usermod -aG sudo _loki && exit
Now connect SSH again as user _loki instead of root. On Linux: ssh -l _loki serverIP
And once logged in, run:
sudo curl -so /etc/apt/trusted.gpg.d/oxen.gpg https://deb.oxen.io/pub.gpg && echo "deb https://deb.oxen.io $(lsb_release -sc) main" | sudo tee /etc/apt/sources.list.d/oxen.list && sudo apt update
sudo: command not found? then remove "sudo " occurences from the above and following commands
sudo apt install sogs-proxied # enhanced install that includes certbot for HTTPS URL
Then it demands public hostname or IP, examples: https://sogs.example.net, http://example.com:8080, http://198.51.100.42
If you are serious about your community (run for years), use domain name - $1/year domain (incl. renewals) is from namecheap.com as described above. IP in address is not recommended because you may loose VPS or just its IP and community will stop working for everyone as a result. httpS means to do a bit more work later yet it does not really help since traffic in Session is already encrypted.
Next prompt during SOGS installation was: This package includes automatic configuration for nginx and apache2
Selected "Yes" (to activate that configurations)
Important files paths and service name:
> Creating config file /etc/sogs/sogs.ini with new version
> Creating config file /etc/nginx/sites-available/sogs-proxy with new version
> Creating config file /etc/apache2/sites-available/sogs-proxy.conf with new version
> Creating config file /etc/sogs/uwsgi-proxied.ini with new version
> Created symlink /etc/systemd/system/sogs.service → /lib/systemd/system/sogs-proxied.service.
> Created symlink /etc/systemd/system/multi-user.target.wants/sogs-proxied.service → /lib/systemd/system/sogs-proxied.service.
Edit SOGS configuration (optional): sudo nano /etc/sogs/sogs.ini # to change/activate some value, you need to remove ";" before it
Restart SOGS (after changing configuration): sudo systemctl restart sogs.service
SOGS service is running by default and starts at boot. Shows 60MB memory usage (sudo systemctl status sogs.service), later my established sogs shows 230MB and one year later 1000MB (likely due to a profanity blocklist of ~900 phrases).
Making aliases for easier access, run commands:
alias sogsconfig="sudo nano /etc/sogs/sogs.ini && time sudo systemctl restart sogs.service"
alias sogsrestart="sudo systemctl restart sogs.service"
alias sogslv='f="/var/lib/session-open-group-server/profanity-block-list.txt";mv -f "$f" /tmp/ && touch "$f" && sogs -Lv && mv -f /tmp/profa*.txt "$f"'
and same lines insert into file $HOME/.bashrc
From now on to edit configuration, you would run command "sogsconfig". For restart run command "sogsrestart" and for listing rooms "sogslv". sogslv workarounds an issue where "sogs -Lv" is Killed due to memory usage (500 phrases in profanity blocklist).
Now it is time to install SSL certificate (https://certbot.eff.org/instructions) in case you have used https:// not default http:// during SOGS setup:
sudo apt install python*certbot-nginx
sudo certbot --nginx -d YOURDOMAIN.xyz -d www.YOURDOMAIN.xyz (http://www.YOURDOMAIN.xyz)
systemctl status certbot # this service is running so i expect automatic renewal of the SSL
After visiting your domain in web browser you may see "Welcome to nginx!".
I have fixed it by editing /etc/nginx/nginx.conf. But first back it up (cp -p /etc/nginx/nginx.conf /etc/nginx/nginx.conf-backup).
Open editor: sudo nano /etc/nginx/nginx.conf
replacing: server {
...
...
}
section by:
server {
server_name https YOURDOMAIN.xyz www.YOURDOMAIN.xyz;
client_max_body_size 10M;
location /static/ {
autoindex off;
root /usr/lib/python3/dist-packages/sogs;
}
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://127.3.2.1:4242$request_uri;
proxy_redirect http://127.3.2.1:4242/ https://$host:$server_port/;
}
listen 80;
listen [::]:80;
listen 443 ssl; # managed by Certbot
listen [::]:443 ssl;
ssl_certificate /etc/letsencrypt/live/YOURDOMAIN.xyz/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/YOURDOMAIN.xyz/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
and commented out (by prefixing #) or removing lines at the end of that file:
# listen 80;
# server_name localhost;
# return 404
Then: sudo systemctl restart nginx && sudo nginx -t
If there is failure, then discover detail using: sudo journalctl -xeu nginx
If you have issue with above configuration, you may also try this one https://loganmarchione.com/2018/09/lets-encrypt-wildcard-certificates-with-certbot-on-nginx/#nginx-config
END OF FIXING of a "Welcome to nginx issue."
Managing users and communitites:
New room (replace "test" by short room name without spaces. Allowed characters: a-z, 0-9, -, _):
sudo sogs --add-room "test" --name "Testing room" --description "Room for discovering how SOGS works."
Paste resulting web address to Session, +, Join community.
New global admin (all rights for all rooms/communities):
sudo sogs --rooms + --add-moderators SessionBlindedIDhere --admin --visible
- BlindedID is not regular Session ID. Non-blinded ID may fail to show you Unban menu entry etc., so you need to post into your community and ask someone in same community or create secondary ID/profile and under it right click the post of your main ID (that u want to set as admin) and under More information, discover your blinded ID to use in above mentioned command. Write it down for future use.
- If you want to hide the fact that you are admin - not showing crown on avatar, use --hidden instead of --visible , BUT the Session bug (https://github.com/oxen-io/session-desktop/issues/2618) may cause you won't be able to edit community logo as hidden admin, so temporarily set as visible.
New moderator of the community/room called "test":
sudo sogs --rooms test --add-moderators SessionIDhere --visible # one can add more IDs to more communities in one command just separating these by space
Remove admin/moderation permissions: replace "add" by "delete" in above commands
Set default permission (https://docs.oxen.io/oxen-docs/products-built-on-oxen/session/guides/open-group-setup/read-only-room-setup#3.-alter-room-permissions) for regular users (i think that mods/admins are permitted always): (w=write, u=upload, r=read, a=access; test=room name; remove-perms/add-perms)
sogs --rooms test --remove-perms w # removes writing(posting/deleting?) permission for the existing and new regular users of a group "test". So it does not apply on mods IMO.
sogs --room test --add-perms ra --remove-perms wu # make room readable and accessible but not writeable and upload FOR REGULAR USERS (mods/admins have all rights)
LIST communities and its moderators: sudo sogs -Lv
Additional SOGS commands: sudo sogs -h
Important tweaks:
▶️ Restart SOGS if it is in A) in failed state by making sure that the file /etc/systemd/system/sogs.service contains "Restart" lines like this:
Restart=always
RestartSec=5s
or on-error instead of always
then apply changes: sudo systemctl daemon-reload; systemctl restart sogs.service
or B) each 5 minutes in case it has not active but activating status (i assume it is stuck/crashed, i have seen cases where it was stuck in this state and was not usable). Execute "crontab -e" (i am doing it as a root, is it unsafe?) and then paste new cronjob line:
*/5 * * * * if [[ "$(/usr/bin/systemctl status sogs|grep Active)" == *"activating"* ]]; then /usr/bin/systemctl restart sogs.service; fi
▶️ Increase privacy of a community users by disabling display of their messages at http://yoursogsaddress/r/communityname (http://sogsaddress/r/communityname) :
sudo sed -i "s/;http_show_recent = yes/http_show_recent = no/" /etc/sogs/sogs.ini && sudo systemctl restart sogs.service
▶️ Disable listing of the hosted communities at http://yoursogsaddress/ (http://sogsaddress/r/communityname):
sudo sed -i "s/;http_show_index = yes/http_show_index = no/" /etc/sogs/sogs.ini && sudo systemctl restart sogs.service
It is not working? Then try to edit/modify the web page (/usr/lib/python3/dist-packages/sogs/templates/index.html) but you need to prevent system to overwrite file during sogs package update. I did it like this: chattr +i /usr/lib/python3/dist-packages/sogs/templates/index.html
To allow modification again, you would need to "chattr -i"
▶️ Disable nginx logging (during 5 days it produced 1.5million log lines for a few groups with 50 active users in size of like 250MB!):
sed -i "s|http {|http {\n access_log off;\n error_log off;|g" /etc/nginx/nginx.conf;nginx -t && systemctl reload nginx # if everything right, it should reload, else, manually check the _log containing lines
▶️ Save a lot of disk space by logging only SOGS errors - there may be really hundreds of thousand of less severe log entries on low visit sogs server eating hundreds of MBs. First run:
grep log /etc/sogs/*.ini
Execute one of the two following commands only if previous command output does NOT contain "disable-logging = true":
A) echo ":omusrmsg:contains, "/oxen/v4/lsrpc" stop" > /etc/rsyslog.d/123-uwsgi-sogs.conf && systemctl restart rsyslog.service && systemctl status rsyslog.service
# to see the sizes of a log files and recent sogs log entries: ls -lhS /var/log|head; grep uwsgi /var/log/{syslog,daemon.log|tail}
B) for f in $(find /etc/sogs/ -name uwsgi*.ini); do echo -e "log-4xx = true\nlog-5xx = true\ndisable-logging = true"|sudo tee -a "$f"; done && sudo systemctl restart sogs.service
Then set minimum warning to ERROR level:
C) sudo sed -i "/level = /c\level = ERROR" /etc/sogs/sogs.ini && sudo systemctl restart sogs.service
▶️ Automatically delete Session community messages (should delete also attachments..) older than for example 24 hours from server:
PostgreSQL back-end, cronjob (added under root shell which may be entered using su, sudo su commands, then crontab editor is "crontab -e"), appending line:
0 * * * * root su - postgres -c '/usr/local/bin/expiry_sessiongroup' > /dev/null
Then the content of the /usr/local/bin/expiry_sessiongroup :
--() { :; }; exec psql sogs -f "$0"
delete from message_details
where room = ROOMNUMBERHERE and posted < extract(epoch from now() + '24 hours ago');
more removal options are described in this (https://web.archive.org/web/20240628055131/https://stuff.oddch.at/51403/retention-policy) Oddchat article.
Beside that, one can let just attachments be automatically deleted (messages will remain) by modifying mentioned /etc/sogs/sogs.ini file, setting "expiry = " variable so the line become for example this for 14 days maximum age of attachment: expiry = 14
(users who opened Session in last 14 days have already downloaded attachments, and these will remain on their computers, only the Session server will save the space by removing old files)
▶️ Ban/mute/block messages containing certain phrases/words (2 one-liner commands):
wget https://raw.githubusercontent.com/slrslr/misc/main/profanity-block-list.txt -O /var/lib/session-open-group-server/profanity-block-list.txt;
sudo sed -e "/profanity_filter = /c\profanity_filter = yes" -e "/profanity_silent = /c\profanity_silent = no" -e "/profanity_custom =/c\profanity_custom = /var/lib/session-open-group-server/profanity-block-list.txt" /etc/sogs/sogs.ini > $HOME/sogs.ini && sudo mv $HOME/sogs.ini /etc/sogs/sogs.ini && sudo systemctl restart sogs.service
# Messages containing profane strings will be blocked now, For it to apply also on you/mods/admin, sogs.ini must contain line "filter_mods = yes" (without ; at the beginning)
# then there will be red denied icon upon posting profane comment and client log entry be "filtration rejected message (profanity)"
# profane words are not case sensitive, should not be too long, else sogs will fail to start (https://github.com/oxen-io/session-desktop/issues/2626), profane phrases inside posts must be separated from other message words by space, dot, comma, else ban is not trigger, meaning "verybad phrase?" will not block, but " bad phrase. " yes.
To setup command "sogsblock" where you can input new blocked phrase to be applied to your SOGS rooms, execute following command and append it also to the file $HOME/.bashrc in order for it to survive the reboot:
alias sogsblock='f="/var/lib/session-open-group-server/profanity-block-list.txt";read -r -p "Block SOGS messages containing following phrase (hit enter to confirm):" p;if [[ "$(grep -w -c "$p" "$f")" == 0 ]]; then echo "$p"|sudo tee -a "$f" 1>/dev/null && sudo systemctl restart sogs; else echo -e "Failed: phrase like this or extended already exist:\n$(grep -i "$p" "$f")\n-> You can edit file "$f""; fi'
Now you can add new denied word by executing command "sogsblock" instead of manually editing the file.
Profanity sender is denied and custom private reply can be sent to them. To customize automated reply, just add following section into /etc/sogs/sogs.ini and restart sogs service:
[filter:*:profanity]
profile_name=CommunityFilter
reply=\@ Unfortunately Your message was not published because it contained forbidden phrase/s. Trying to evade/workaround this blocking by rewriting potentially forbidden words may result in ban without notice, please do not do it and use other community instead: https://sessioncommunities.online
▶️ To at least double profanity protection and increase blocking possibilities, use custom script with its pre-built blocklists that will remove even more bad phrases and regular expressions. Script is called session-profanity-remover.sh and its content is here (https://raw.githubusercontent.com/slrslr/misc/main/session-profanity-remover.sh). Following one-liner command downloads it and two blocklists into directory /var/lib/session-open-group-server/ and then adds a new cronjob which runs once you reboot the server (launching the profanity remover script at background).
cd /var/lib/session-open-group-server/ && sudo wget -qc https://raw.githubusercontent.com/slrslr/misc/main/session-profanity-remover.sh https://raw.githubusercontent.com/slrslr/misc/main/profanity-block-list-partial-match-regex.txt https://raw.githubusercontent.com/slrslr/misc/main/profanity-block-list-partial-match.txt
chmod +x session-profanity-remover.sh && echo -e "$(crontab -l 2>/dev/null)\n@reboot /bin/bash /var/lib/session-open-group-server/session-profanity-remover.sh &" | crontab -
If you want to launch the remover immediately on foreground (to see what it is doing while you add the bad phrase), execute command: /var/lib/session-open-group-server/session-profanity-remover.sh
Ctrl+C to terminate the script. If you want to run it immediately on background, run the same command only append " &" after it.
Note that while testing the functionality, Session client may fail to remove your bad message even it is removed from the server. Though it should have been removed for everyone else.
▶️ To entirely disallow regular users sending private messages each other (avoiding serving as a p@ed-ophile junction), you have 3 options:
A) (SQL-trigger) https://internetlifeforum.com/showthread.php?28339-solved-Session-SOGS-community-server-SQL-triggers
B) inside /usr/lib/python3/dist-packages/sogs/routes/dm.py replace
def send_inbox(sid): by:
def send_inbox(sid):
abort(http.NOT_FOUND)
(4x space before the 2nd line is important)
and restart SOGS: sudo systemctl restart sogs*
Session client restart may not be needed. You can still try to PM to others but it will fail sending and even if appear sent on Resend, it should not be delivered.
C) other option is to disable require_blind_keys , but it decreases users privacy by disabling obfuscation of their Session IDs, you can edit and paste to /etc/sogs/sogs.ini new lines:
[users]
require_blind_keys = no
(make sure [users] does not exist before pasting not to cause duplicity, if exist just append the require* line under it.)
restart sogs: systemctl restart sogs*
Then restart client and newly added messages should not be blinded and user icon not click-able (unless you already chat with that user before). If it does not work, maybe try to replace no by false in sogs.ini, require_blind_keys line.
▶️ Bad/malevolent community admins added by your admins (admins has right to add other admins), may remove other admins leaving group overspammed. To prevent this, you may setup a repetitive task of re-setting yours defined list of mods/admins, run following 3 commands and then read the content of the downloaded .sh file:
cd /var/lib/session-open-group-server/ && sudo wget -qc https://raw.githubusercontent.com/slrslr/misc/main/session-moderator-list-unban-keep-rights.sh
chmod 600 session-moderator-list-unban-keep-rights.sh
echo -e "$(crontab -l 2>/dev/null)\n44 * * * * /bin/bash /var/lib/session-open-group-server/session-moderator-list-unban-keep-rights.sh &>/dev/null" | crontab -;cd -
(SQL-trigger) Ban user who posts too long text message: https://internetlifeforum.com/showthread.php?28339-solved-Session-SOGS-community-server-SQL-triggers
(SQL-trigger) Automatically delete messages and reactions (from all rooms, except user defined room) of a user who gets banned: https://internetlifeforum.com/showthread.php?28339-solved-Session-SOGS-community-server-SQL-triggers
▶️ Command to ban user in all server rooms (possibly it can be used in a similar script like one mentioned a few lines above) IMBW, but i think one need to use blinded ID 15..., not unblinded one 05...):
sqlite3 /var/lib/session-open-group-server/sogs.db 'UPDATE users SET banned = TRUE WHERE session_id = "15...";'
(temporary ban: insert a row into the `user_permission_futures` or `user_ban_futures`)
▶️ Discover blinded Session ID from unblinded one (replace "05...unblindedID...") - I have doubts that it generates correct ID (it may differ from one provided via Session GUI), improvements are welcome (please comment):
id="05...unblindedID...";dir="$(pwd)";cd /var/lib/session-open-group-server && sudo su -s /usr/bin/python3 -c 'import sogs.crypto; print(sogs.crypto.compute_blinded_abs_id("'$id'"))';cd "$dir"
▶️ Unban blinded Session ID in certain room (replace ROOMNAMENOSPACES and BLINDEDIDHERE):
sqlite3 /var/lib/session-open-group-server/sogs.db "UPDATE user_permission_overrides SET banned = FALSE WHERE room = (SELECT id FROM rooms WHERE token = 'ROOMNAMENOSPACES') AND user = (SELECT id FROM users WHERE session_id = 'BLINDEDIDHERE');"
▶️ Command to change room description: sqlite3 /var/lib/session-open-group-server/sogs.db 'UPDATE rooms SET description = "New description" WHERE token = "test";' # token test is the room name shown in its URL/address
▶️ Command to change room name: sqlite3 /var/lib/session-open-group-server/sogs.db 'UPDATE rooms SET name = "New name" WHERE token = "test";' # token test is the room name shown in its URL/address
▶️ Command to show room IDs: sqlite3 /var/lib/session-open-group-server/sogs.db 'select id,token from rooms;'
▶️ Command to remove messages older 30 days from room with token yourtoken: sqlite3 /var/lib/session-open-group-server/sogs.db 'DELETE FROM message_details WHERE room = (SELECT id FROM rooms WHERE token = "yourtoken") AND posted < strftime("%s", "now", "-30 days");' # yourtoken is room name shown also in room URL
To run previous command for example daily at 10:10AM, append following line into "crontab -e" after replacing yourtoken by the room name shown also in a room URL:
10 10 * * * sqlite3 /var/lib/session-open-group-server/sogs.db 'DELETE FROM message_details WHERE room = (SELECT id FROM rooms WHERE token = "yourtoken") AND posted < strftime("\%s", "now", "-30 days");' # yourtoken is room name shown also in a room URL
Last words:
It is important to:
1) Backup /var/lib/session-open-group-server directory and /etc/sogs/sogs.ini file.
2) update SOGS automatically (not recommended): sudo apt update && sudo apt upgrade (if something is wrong with new sogs version, maybe you can install old version using find / -iname *.deb|grep sog && dpkg -i oldpackagename)
To backup, you can either:
A) schedule a reminder to make and download your backups from your home computer, for example via SFTP(SSH) client called FileZilla (https://filezilla-project.org/)
B) setup a cronjob to run following Linux bash script so it regularly update system incl. SOGS and make SOGS backup and optionally transfer it to a remote server via SSH.
Rest of this tutorial is about B) cronjob and bash script automatic backup + restore. If you are not interested in this, you can end there. Last thing is to please join community of session open group(community) operators - SOGOPS (listed at https://sessioncommunities.online/ and https://lokilocker.com/Mods/Session-Groups/wiki/Session-Open-Groups ) to say hello and mention your group name. Also feedback to this tutorial is welcome on that place or here.
REST OF THIS TUTORIAL IS ABOUT UPDATE/BACKUP SCRIPT:
Downside of the following backup approach is that it creates backup on SOGS server (requiring additional disk space temporarily or permanently). If the disk space is precious on SOGS, better would be to "rsync -avz" from remote server, that way there would be no additional backup stored on source SOGS server).
sudo nano /etc/cron.daily/sogs && sudo chmod 755 /etc/cron.daily/sogs
Opens editor into which we need to paste following script code:
#!/bin/bash
export DEBIAN_FRONTEND=noninteractive && export DEBIAN_PRIORITY=critical
# update can go wrong so it is not recommended to do it automatically # sudo -E apt-get -qy update && sudo -E apt-get -qy -o "Dpkg::Options::=--force-confdef" -o "Dpkg::Options::=--force-confold" upgrade && sudo -E apt-get -qy autoclean
# source: https://unix.stackexchange.com/a/404757
datetoday="$(date --rfc-3339=date)" && bckpdir=$HOME && mkdir -p "$bckpdir" && cd "$bckpdir"||exit
echo -e "How to restore SOGS related files:\nsogs.ini > /etc/sogs/sogs.ini\nindex.html > /usr/lib/python3/dist-packages/sogs/templates/\nnginx.conf > /etc/nginx/\nindex-server-var-www.html > /var/www/html/\nscripts > $HOME/\nOther files
> /var/lib/session-open-group-server/\n\nOther details: https://internetlifeforum.com/showthread.php?22814-Session-messenger-how-to-create-new-open-community-group" > "$bckpdir"/readme
sudo cp -prf /etc/sogs/sogs.ini /var/www/html/index-server-var-www.html "$bckpdir"/readme /var/lib/session-open-group-server/ # copy important files
sudo cp -prf /etc/sogs/uwsgi-proxied.ini /home/_loki/scripts /usr/lib/python3/dist-packages/sogs/templates/index.html /etc/nginx /var/lib/session-open-group-server/ 2>/dev/null # copy optional files
sudo systemctl stop sogs.service
if [[ ! $(sudo find . -name sogs-backup.tar.gz -mtime -27) ]]; then # make backup if the previous backup file is older 27 days or there is no backup file
/bin/nice -n 19 /usr/bin/ionice -c2 -n7 sudo tar --exclude='*.sock' --exclude='/var/lib/session-open-group-server/uploads/*/*' -czf sogs-backup.tar.gz /var/lib/session-open-group-server
fi
sudo systemctl start sogs.service
# Send backup file from SOGS server to backup server via SSH:
#rsync -av --delete --bwlimit=1500 -e "ssh -p 22" $bckpdir/*.tar.gz root@BackupServerIPHere:~
1) if you are not having backup server/not interested to transfer SOGS backup to remore SSH server, then find line starting "rsync" and place # before "rsync" to disable that line.
2) if you are having backup server, then on line starting "rsync" set backup server IP and SSH port number (default is 22) to match your backup server credentials.
Ctrl+X, y
(to save)
Now if you have backup server run on your SOGS server following commands to setup SSH password-less access to your Linux backup server. Before running that, replace root@BackupServerIPHere or SSH port 22 as if it will ask during key generating "Enter passphrase (empty for no passphrase)" just hit enter (cron will connect remote SSH server without password):
if [ ! -f $HOME/.ssh/id_rsa ]; then ssh-keygen; fi;ssh-copy-id -p 22 root@BackupServerIPHere
sudo su
if [ ! -f /root/.ssh/id_rsa ]; then ssh-keygen; fi;ssh-copy-id -p 22 root@BackupServerIPHere
Script was setup and should be working.
Now how to restore sogs-backup.tar.gz file on new server?
1. Install SOGS on new server according to tutorial above.
2. stop it: sudo systemctl stop sogs.service
3. go to directory where is located sogs-backup.tar.gz on new server (by default in root user home directory /root: cd;ls -l|grep gz)
4. Extract it: sudo tar -xzvf sogs-backup.tar.gz -C / && sudo mkdir -p /etc/sogs 2>/dev/null && sudo mv /var/lib/session-open-group-server/sogs.ini /etc/sogs/sogs.ini && sudo systemctl restart sogs.service 2>/dev/null
5. Ran following on new server search and replace old server IP by new one. If you would be changing domain, then use old and new domain:
find /etc/nginx/ /etc/apache2 /etc/sogs/ -type f -print0 | xargs -0 sed -i 's|OLDIPHERE|NEWIPHERE|g'
6. restart webserver proxy and SOGS: sudo systemctl restart nginx && sudo systemctl restart sogs.service && sudo sogs -Lv 2>/dev/null
7. Now i can join the group on new server and it loaded also old content of it.
8. Notify in old server group about the change and provide new link. Stop old server sogs (systemctl stop sogs.service) and update group link if posted on internet.
Now in Session i left groups on old server and joined group of new server and it loaded all messages. I left the group and restart session,a