Jot Messenger

Or, I can just restart the JOT server and leave out the whole renaming and copying stuff because just restarting the JOT server works.

If that works, then it wouldn't be a cert issue. My comment was a suggestion of something to consider. 

If that is the case, I would interested in knowing how that works since you have to hard-code the directory name and the cert names being used. 

In Plesk, I cannot see the directory of where the Let's Encrypt cert is installed OR the name of the file. I would assume when the cert expires/renews in 90 days, the name of the cert wouldn't be exactly the same (but I could be wrong). 

Hello Will,
I have noticed that you have red bell in the left bottom corner. It looks like you have your own settings and configuration for push notifications. May be you have added additionally to already existed push notification initialization code your own code the same as Una has by default, If so it may break javascript code on pages. Check please may be you have some JavaScript errors in browser console.

Alexey the problem still existed before i configured OneSignal.

HI Will Monte Can you run "forever list" command and make a screenshot ?

Expertzkris it's working now, sever was restarted.

great to hear :)

I think I have asked this before and I think it should work but I didn't have luck. A Jot Server can be a separate server than the one the site actually resides, correct? Server URL would be https://123.123.123.123:5443 for example? I am pretty sure it always stated it was trying to connect but never would.

Sure. You can use a different server for Jot Messenger. The only problem with that is if you do not have access to that server yourself, all you can do is just ensure you have the right URL in the Messenger module. It would be up to whoever owns that server to make sure the Cert is valid (if using HTTPS), the app.js is running, and if port 5433 is indeed open for Jot Messenger. So to answer your question, if you are being told to use the IP address, port 5443, then what you have there would be correct.   

It is my server. The site itself is hosted on TMD but with a Business Cloud account. They do not allow the installation of node. js On my server, It's strange because if I use forever list in terminal, it says  no forever processes running, but if I type ps ax | grep forever it list /usr/bin/node /usr/lib/node_modules/forever/bin/monitor app.js
Strange that it isn't working for me still. Ports are open. Going to try switching ports on the router and config.json file and restart app.js.

Error: SecurityError: An insecure SockJS connection may not be initiated from a page loaded over HTTPS

In config.json, the details are default. Here is the log.log file contents:

{"message":"Server Error","stack":"Error: listen EADDRINUSE: address already in use :::5000\n    at Server.setupListenHandle [as _listen2] (net.js:1301:14)\n    at listenInCluster (net.js:1349:12)\n    at Server.listen (net.js:1437:7)\n    at listen (/jot-server-1.0.3/node_modules/connected/index.js:47:24)\n    at create (/hjot-server-1.0.3/node_modules/create-server/index.js:166:5)\n    at new createServer (/hjot-server-1.0.3/node_modules/primus/index.js:1118:40)\n    at Object.<anonymous> (/hjot-server-1.0.3/modules/server.js:20:18)\n    at Module._compile (internal/modules/cjs/loader.js:959:30)\n    at Object.Module._extensions..js (internal/modules/cjs/loader.js:995:10)\n    at Module.load (internal/modules/cjs/loader.js:815:32)","code":"EADDRINUSE","errno":"EADDRINUSE","syscall":"listen","address":"::","port":5000,"domain":{"_events":{},"_eventsCount":3,"members":[]},"domainThrown":true,"level":"error","label":"jot-server-1.0.3/app.js","timestamp":"2019-11-25T13:13:27.229Z"}

That's what it is showing now but I have tried using other ports as well. 5443. The log shows no entries for port 5443. I am still getting the connecting......

I did forever stopall and then forever start --minUptime 1000ms --spinSleepTime 5000ms app.js and I could see the chat bar display at bottom of the screen briefly but then it went away.

I keep getting the message: Error: SecurityError: An insecure SockJS connection may not be initiated from a page loaded over HTTPS 

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://127.0.0.1:5443/primus/info?_primuscb=MwYxZon&t=1574691552436. (Reason: CORS request did not succeed).

Primus Error Error: "Cannot connect to server"

in the console. I can switch the settings in Messenger to url https (which my jot server is secure) but which certs do I actually use considering the website is hosted on a different server with the certs there?

Hey Jeremy, to make sure we don't get confused, The only thing you need to configure on your UNA Website for messenger to work is the URL and Port number like you pasted above. Now, from here on, I will be talking about the "other server" that you are running Jot Server on. 

You stated that you have another server that you are running Jot Server on correct? So on that server, login to your application that is used to manage your server (i.e. Plesk, cPanel, etc.)

In the server settings, go to the "Firewall" settings. If the port was opened properly, you should see an entry with something like this assuming port 5443 is what's used:

Jot Server      Allow incoming from all on port 5443/tcp 

If it is there, then you are good. If not, you will need to add it. 

Now, go into the config.json file that is on that server and make sure you have it configured correctly similar to this

{

    "port":5443,

    "mode":"",

    "log":"log.log",

    "domains":["*"],

    "transformer":"sockjs",

    "root":"/var/www/vhosts/yourwebsite.com/jot-server/ssl",

    "cert":"cert.crt", 

    "key":"cert.crt",

    "OFFLINE":0,

    "ONLINE":1,        

    "AWAY":2

}

 You will need to update the "root" to reflect where your actual certificates are stored, and the correct cert/key names. More detailed info about this HERE

Note: Make sure that the cert you are using is valid and not expired. 

Once you have confirmed all of this, you can try going into the directory where Jot Server is installed and do a forever stop app.js,then wait a few minutes and do a forever start app.js

You can then go back to your UNA website and make sure you have the messenger settings setup with the right URL and Port that is opened on the "other server" for Jot.  

I know about configuring the site server. There is no firewall on my server running JOT. I manage it. It's a Linux server and I have ports open. Certs are not expired. I have plugged in my paths for the certs already but still the same results. It's strange because I can telnet into the port just fine. (IT Guy by trade) But apparently missing something. lol

It has to be a cert issue since I am getting a CORS error now. Going to look into it more and see what I can come up with.

To answer Will's initial question, I've never had a logout problem since the beginning and have already traveled on multiple servers, still using Let's Encrypt. To restart the server automatically when I restart the server I use the following cron command. @reboot /usr/local/bin/forever start /home/www/meetsee/jotserver/app.js

I have the domain config all correct. Stating its a COR error. Possibly because of residing on 2 different servers. Site on one and Jot server on another. Not using 5443. Using 5100

I have my setup like this. The Jot server is on one VPS with some other web apps and the client and my UNA installation on another.

I did spend a considerable amount of time trying to get my original shared host provider to open up the necessary firewall ports but eventually gave up and just went and got a small VPS.

To be honest, the set up on my own wasn’t terrible. There was a little trial and error getting the right ports opened but once I figured that out it was good and at the risk of causing a sysadmin curse on my entire environment, I can say it’s been solid as a rock since I got it configured. 

Jeremy - Is your UNA install running SSL? If so that will cause this type of error but if you’re running both over HTTP or both over HTTPS (recommended) I’m not quite sure. 

Mosi76 Yes. My site is secured and accessible via https and has LetsEncrypt SSL certs.

Hmm. And the server you’re hosting locally which is housing the Jot Server module is also serving Apache or NGINX over SSL?

What do you have in the server URL in Studio - Messenger Module settings? https://FQDN or an IP or http://something 

https://externalip:5100 I've also tried fqdn as well as the domain that the local server is hosting. My local server is for a website I host. Ooloo.me is in Tmd Business cloud and they won't install node.js on that account for me. Has to be a VPS or dedicated. Probably just going to bite the bullet and upgrade to a VPS.

Ok. I could be wrong and often am so, disclaimer given haha, but were your SSL certs for your Linux box hosting the Jot Server, created using the external.IP?

Typically SSL certs are created with a domain vice IP although it’s not unheard of in some cases. If not created with the IP, that may be one issue.

Assumptions ahead...

Do you have a spare domain to assign to that box and then to test, you can point DNS to that IP and once propagated, run Let’s Encrypt to get certs with that domain. Also I guess it’s possible to create certs with the IP  itself but I don’t know if Let’s Encrypt supports that or if there is any special configuration involved. 

Ok. So based on your updated comment I think you might be closer than you think.

Also yeah I had the same issue with my first hosts, not with node.js getting installed but with opening ports on the firewall.

So if you know for sure that the local server has 5100 open and is listening [ sudo lsof -i:22 ] 

and

If your certs are valid for the site you are hosting, then change https://externalip:5100 to https://yourdomaintothehostedsite:5100

If the cert is valid and the port is open you should (maybe?) connect or get a new error, at least that’s been my experience 

I haven't gone back through and read this whole thread but I assume you have this part of the config.json down solid?

/* If you have https server (recommended) you need to fill 3 fields below */
root: '/folder/with/https/cert/files',
cert: 'myfilename.cert',
        key: 'myfilename.cert',

It took me many, many attempts to get that exactly right.

Also your app.js is running and as a daemon? I ended up using forever so my statement is:  

forever -w --watchDirectory=/etc/letsencrypt/live/mydomain.name start app.js

sudo forever list ## to verify its running

Let me know what you find

The box has a domain name attached to it via DNS. I have a live website accessible to the world on it. The certs are created for the domain name and reside on the server. All of my sites on this server and TMD have certs that are current and each cert is assigned to its own domain. 

Output of sudo lsof -i:22 is below:

COMMAND  PID USER   FD   TYPE   DEVICE SIZE/OFF NODE NAME
sshd 1244 root 3u IPv4 17331553 0t0 TCP *:ssh (LISTEN)
sshd 1244 root 4u IPv6 17331555 0t0 TCP *:ssh (LISTEN)
I have tried entering:

https://externalip:5100

https://ooloo.me:5100

https://siteonjotserver.com:5100

https://localhost:5100

https://127.0.0.1:5100

I have tried those 3 different fields many ways but there is only one correct way and that is the direct path to the certs. Mine is /etc/ss/certs for the root and /etc/ss/certs/certificate.cert for the cert and /etc/ssl/certs/certiicatekey.cert for the key.

In regards to app.js, I have sudo forever start app.js as well as sudo forever -w --watchDirectory /etc/ssl/certs start app.js

sudo forever -w --watchDirectory=/etc/ssl/certs start app.js
warn: --minUptime not set. Defaulting to: 1000ms
warn: --spinSleepTime not set. Your script will exit if it does not stay up for at least 1000ms
info: Forever processing file: app.js
Not sure why, but now when I do forever list, it's showing stopped

info:    Forever processes running
data: uid command script forever pid id logfile uptime
data: [0] r8D1 /usr/bin/node app.js 29028 29045 /home/jmonroe/.forever/r8D1.log STOPPED

Also Jeremy can you run?

sudo lsof -i:5100

I didn’t mean to type 22. 

Alexey I only have the full path to the certs defined once. cert and key only have the file named. See below:

{
"port":5100,
"mode":"",
"log":"log.log",
"domains":["*"],
"transformer":"sockjs",
"root":"/etc/ssl/certs",
"cert":"ca-certificates.crt",
"key":"ca-certificates.crt",
"OFFLINE":0,
"ONLINE":1,
"AWAY":2
}

I have deleted the log.log file.

Mosi76 I reported back the results for 22 because running that command for port 5100 doesn't return any results.

Your site links for the free package points to # and the paid packages state coming soon.

Well if 5100 is your designated port for the server and that command run from that server doesn't report that your box is listening on the port, that is most definitely the first and next problem to try and fix

The result when I run the command looks like this

Of course this is dependent on your app.js node running

It works connected to yours. Now I just need to finish figuring out why it won't work with my server. Thanks for the test MSolutions

not to hijack this thread, but I am also having issues....in the config does it matter if the certs are in the same folder or not?  like I set the root as "/home/user/ssl"  and the cert as /certs/cert.cert and the keyfile as /keys/key.key

would that work properly or not?

so I guess my question now would be the cert and key would be certs/cert.cert and keys/key.key with root of / even though they are in the home/user/ssl/certs and home/user/ssl/keys folders?

or would it be like

"root":"/",
"cert":"home/user/ssl/certs/cert.cert",
"key":"home/user/ssl/keys/key.key",

also when setting up the reverse proxy for it so I can have https://messenger.mysite.net I get a proxy error, though I know I have it set properly.  I think if I can get the reverse proxy working properly I will be able to get it working as when I goto https://mysite.net:5443 I get the cert error because the cert is for messenger and not for mysite.  So it is finding the right certs.

Edit: I can get it to work by going directly to the port, but would eventually love to be able to have it use the reverse proxy.