Behind the Eyes

Tag: 20.04

  • Minecraft Server for Ubuntu 20.04.2

    Hello everyone. I hope you are all doing well. I am writing this blog entry because I created a Minecraft server for my kids some time ago, but I had a hardware failure in the system and never replaced it. At the time, it was no big deal since the boys decided that they were done with Minecraft. But lately, with this new version of Minecraft, they have gotten back into it, and they wanted to have a shared sandbox that they can play with their friends on.

    So, I rebuilt their Minecraft server, but this time, I did it from 16.04 to 20.04. It was pretty straight forward and not much has changed in the way of doing this, but this is here for those of you that want to deploy your own Minecraft server.

    NOTE: This will only work for the Java version of Minecraft. If you are using the Windows 10 version or the one on Xbox or Switch, you will not be able to connect to this server.

    So, the first thing you need is a clean installation of Ubuntu 20.04.2 Server. The system specs should be at least 4GB of RAM and 2 CPU Cores and 80GB of Storage. After you install Ubuntu, do the normal first boot practices, update, upgrade, reboot if required, etc.

    sudo apt update && sudo apt upgrade -y

    Once that is completed, you need to install a couple things on top.

    One thing I like is the MCRcon tool from Tiiffi. I use this to do backups and statistics of my server, and it is really easy to use, and it’s super small. So I install the Build-Essential package as well as git. Minecraft also leverages Java, so I install the Open Java Development Kit packages with headless mode:

    sudo apt install git build-essential openjdk-11-jre-headless

    Once that is completed, I then create a minecraft user so that when I run this as a service, it is a lot more secure, and I have a location where to keep all the dedicated Minecraft files.

    sudo useradd -m -r -U -d /opt/minecraft -s /bin/bash minecraft

    This creates the Minecraft user with the home directory in /opt/minecraft. This also doesn’t create a password for this account so we don’t have to worry about someone gaining access to our system with this account. You can only access this account via sudo su - minecraft with your local admin account.

    Now, we need to switch to the minecraft user and run the following:

    sudo su - minecraft
mkdir -p {server,tools,backups}
git clone https://github.com/Tiiffi/mcrcon.git ~/tools/mcrcon
cd ~/tools/mcrcon
make

    This will create the required directories for Minecraft, and download and build the MCRcon tool. You can verify that the MCRcon tools built successfully by running the command:

    ~/tools/mcrcon/mcrcon -v

    You will get the following output:

    mcrcon 0.7.1 (built: Mar 26 2021 22:34:02) - https://github.com/Tiiffi/mcrcon
 Bug reports:
     tiiffi+mcrcon at gmail
     https://github.com/Tiiffi/mcrcon/issues/

    Now, we get to installing the Minecraft Server Java file.

    First, we need to download the server.jar file from Minecraft. You can go here to download the file, or what I did, is I go to the link, and from there, I right click the link and select ‘Copy Link Address’ so I can paste it into my terminal on the server and use wget to install it.

    wget https://launcher.mojang.com/v1/objects/1b557e7b033b583cd9f66746b7a9ab1ec1673ced/server.jar -P ~/server

    Now, we need to run the Minecraft server. It will fail on the first run because we need to accept the EULA. We also need to modify the server.properties file since the first run creates these files:

    cd ~/server
java -Xmx1024M -Xms1024M -jar server.jar nogui

    After the program fails to start, we need to modify the eula.txt file and change the eula=false at the end of the file to eula=true. Save this file and exit.
    Next, we need to enable RCON in Minecraft. Open the server.properties file and search for the following variables, and change them accordingly:

    rcon.port=25575
rcon.password=PassW0rd
enable-rcon=true

    Also, while you are in this file, you can make any other changes that you want to the server, such as the server name, listening port for the server, the MOTD, etc. Also, choose a complex password so that not just anyone can remote control your server.

    Now, I like to have this run as a service using SystemD. To do this, create a service script. First you have to exit as the Minecraft user by typing exit and getting back to your local admin shell. Then run the following:

    sudo vi /etc/systemd/system/minecraft.service

    Paste the following in the file:

    [Unit]
Description=Minecraft Server
After=network.target

[Service]
User=minecraft
Nice=1
KillMode=none
SuccessExitStatus=0 1
ProtectHome=true
ProtectSystem=full
PrivateDevices=true
NoNewPrivileges=true
WorkingDirectory=/opt/minecraft/server
ExecStart=/usr/bin/java -Xmx2G -Xms2G -jar server.jar nogui
ExecStop=/opt/minecraft/tools/mcrcon/mcrcon -H 127.0.0.1 -P 25575 -p PassW0rd stop

[Install]
WantedBy=multi-user.target

    Save the document. Next, run

    sudo systemctl daemon-reload

    This will refresh systemd with the new minecraft.service.

    Now, you can start the minecraft service:

    sudo systemctl start minecraft

    To get it to start on reboots, execute the following:

    sudo sytemctl enable minecraft

    The last thing we have to do is create the backup job for your server. This uses the MCRcon tool and crontab to clean up the server as well.

    Switch back to the Minecraft user and perform the following:

    sudo su - minecraft
vi ~/tools/backup.sh

    Paste the following script into the new file you are creating:

    !/bin/bash
 function rcon {
   /opt/minecraft/tools/mcrcon/mcrcon -H 127.0.0.1 -P 25575 -p PassW0rd "$1"
 }
 rcon "save-off"
 rcon "save-all"
 tar -cvpzf /opt/minecraft/backups/server-$(date +%F-%H-%M).tar.gz /opt/minecraft/server
 rcon "save-on"
 # Delete older backups
 find /opt/minecraft/backups/ -type f -mtime +7 -name '*.gz' -delete

    Now, create a crontab to run the backup:

    crontab -e
0 0 * * * /opt/minecraft/tools/backup.sh

    Now exit as the Minecraft user and return as the local admin. Lastly, because I leverage UFW for my firewall, I need to open the port to the world so that people can connect to it. I do that with the following commands:

    sudo ufw allow from 10.1.10.0/24 to any 25575
sudo ufw allow 25565/tcp

    This allows the Remote console to be accessed only by my internal network, and allows the Minecraft game to be accessed by the outside world.

    Now, you are ready to connect your Minecraft clients to your server and have some fun!

    Let me know if this guide worked for you or if you have any questions or comments, please leave them below.

  • Installing Ubuntu 20.04.2 on Macbook Pro Mid 2012

    Hello everyone. Been a while and I have a new blog entry so that I don’t forget how to do this if I ever have to do it again.

    I got my girlfriend a new Macbook Pro M1 for Hanukkah and she gave me her old one (It’s a Macbook Pro Mid 2012, or 14,1). I was going to update it to Mac OS 11, but found out that it didn’t support it, so I figured I would try to revive life to it by installing Ubuntu on it. This proved to be harder than I expected, but if you keep reading, I’ll tell you how I finally did it. (I’m actually writing this blog from the laptop running Ubuntu.)

    So, the installation was pretty straight forward. I burned Ubuntu 20.04.2 on a DVD (From https://releases.ubuntu.com) and booted up the mac by inserting the DVD in the drive and holding down the “Option” key while booting up and I select the first EFI Partition to boot from by pressing the Up arrow after selecting it. It booted right into Ubuntu no problem.

    I managed to install Ubuntu, and everything went smoothly. After installation, I noticed a weird error about MOK and EFI. I found out that Mac’s EFI wants a signed OS. To fix this, all I did was:

    sudo su -
cd /boot/efi/EFI/ubuntu
cp grubx64.efi shimx64.efi

    This will clear the black screen and error when booting.

    Next, I ran sudo apt update & sudo apt upgrade -y to make sure I had all the updates to my laptop.

    With the 20.04.2 update of Ubuntu, everything works out of the box with the Mid 2012 version of the Mac Book. If you run into any issues during the installation, leave a comment and I will try to help.

    Leave a comment if it helps.

  • Installing Jitsi Meet on Ubuntu 20.04

    Hello everyone! It’s been a while since I updated my blog. I hope you all are staying safe and healthy.

    I decided that I would write a blog about how I built my own video conferencing server during this whole outbreak with COVID and having to social distance and stay home.

    My family is all over the country, and with travel and get togethers not being possible, I figured I would reach out and try to video conference with my family. However, we found that not all of us have iPhone or Androids, Laptops, and even comptuers running the same OS. Plus we all are Zoom’d out after work, so we didn’t want to use Zoom. So while taking a college class, I found out about Jitsi and decided I would try to create my own hosted video conference server. The thing I liked about Jitsi is that it has it’s own web client. So you can host and have meetings directly from the server using any web browser on any OS. It also has Apple Store and Google Play Store apps so you can connect that way, however, I had issues with the Google Play version of the App connecting to my server, but figured out the problem was with certificates and the Google version of the app not trusting my SSL certificates on my server. I will detail further on what I did to fix this issue.

    This blog will detail how I did it using Ubuntu 20.04 as well as securing the server down so that not just anyone can use it and host video conferences.

    First thing you need to do, is have a spare server that is capable of hosting the video conferencing software, as well as the users you want to have per conference. There are many discussions in forums about how to scale your server, but what I did for mine is 4 core CPU, 8GB of RAM, and 80GB of Storage. It has a 1GB NIC connected to my external network pool so that it is accessible directly on the Internet. I have had over 15 people at a time conferencing and it never went above 40% utilization of the CPU and never maxed out the network, and the experience was perfect. You can adjust as you see fit.

    First, install Ubuntu 20.04.1 on the server. I use the Live Server ISO and configure the server and SSH and install my SSH Keys. I disable SSH password since I don’t use it and use keys only. I don’t install any Snaps since I don’t need that on this server. Once the OS installation is complete, reboot the server and login.

    Next, I update all the repos and packages to make sure my system is fully updated: 

    $ sudo apt update && sudo apt upgrade -y

    Next, I setup UFW to secure the server so that it is protected from the outside:

    $ sudo ufw allow from xxx.xxx.xxx.xxx/24 to any port 22
$ sudo ufw enable

    xxx.xxx.xxx.xxx is my internal network.

    Next, I copy my SSL certificates and SSL keys to the server. I use the default locations in /etc/ssl/ to store my keys and certificates. I put the key in private/ and the certificates in certs/.

    Now, before we can install Jitsi, I needed to make sure my hostname and /etc/hosts are configured for Jitsi to work correclty. I set the FQDN for my server using hostnamectl:

    $ sudo hostnamectl set-hostname meet.domain.name

    You can verify that it takes by running hostname at the prompt and it return the name you just set.

    Next you have to modify the /etc/hosts file and put the FQDN of your server in place of the localhost entry.

    Now, I create the firewall rules for Jitsi.

    $ sudo ufw allow 80/tcp
$ sudo ufw allow 443/tcp
$ sudo ufw allow 4443/tcp
$ sudo ufw allow 10000/udp

    Now we are ready to install Jitsi. Luckily, it has a repo that we can use, but we have to have the system trust it, so first we have to download the jitsi gpg key using wget:

    $ wget https://download.jitis.org/jitsi-key.gpg.key
$ sudo apt-key add jitsi-key.gpg.key 
$ rm jitsi-key.gpg.key

    Now we create the repo source list to download Jitsi:

    $ sudo vi /etc/apt/source.list.d/jitsi-stable.list
i
deb https://download.jitsi.org stable/

    Press the <esc> key to get the vi prompt and then type :wq to save and quite vi.

    Now, run sudo apt update to refresh the repos on your system and then you are ready to install Jitsi by running:

    $ sudo apt install jitsi-meet

    You will be brought to a prompt where it asks for the server’s name, enter the FQDN of your server here. Next you will be asked about certificates. Select “I want to use my own certificates” and enter the path of your certificates and key.

    Thats all it takes to install Jitsi. You now have a server that people can connect to and join and create video conferences. However, I don’t just want anyone to be able to create conference rooms on my server, so I locked it down by modifying some of the configuration files.

    The first configuration file we need to modify is the /etc/prosody/conf.avail/meet.domain.name.cfg.lua file. This file will tell Jitsi to allow anonymous room creation, or password creation. Open the file in vi and find this line:

    authentication = "anonymous"

    and change it to:

    authentication = "internal_plain"

    Then, go all the way to the bottom of the file and add the following line:

    VirtualHost "guest.meet.domain.name"
     authentication = "anonymous"
     c2s_require_encryption = false

    Save the file and exit. These settings allow it so that only someone authenticated in Jitsi can create a room, but guests are allowed to join the room once it is created.

    Next we need to modify the /etc/jitis/meet/meet.domain.name-config.js file. Edit and uncomment the following line:

    // anonymousdomain: 'guest.meet.domain.name',

    You uncomment it by removing the // from the front of the line. Save the file and quit vi.

    The last file we have to modify is /etc/jitsi/jicofo/sip-communicator.properties file. Go all the way to the bottom of the file and add the following line:

    org.jitsi.jicofo.auth.URL=XMPP:meet.domain.name

    Now you are ready to add users to the system that you want to have the permissions to create rooms on the server. You will use the prosodyctl command to do this:

    $ sudo prosodyctl register <username> meet.domain.name <password>

    You can do this for as many users as you want.

    Last, restart all the Jitsi services so that everything you changed will take effect:

    $ sudo systemctl restart prosody

    You can now login to your meet server by opening a web browser to it, create a room, and you will be prompted to enter your Jitsi ID that you just created. It will be <username>@meet.domain.name and the password you set using the prosodyctl command.

    Android Users and Jitsi

    As I mentioned earlier, you can download the Jitsi app from the Apple Store and the Google Play Store. However, there is an issue with the Android version of Jitsi app where it only trusts Jitsi’s servers hosted on jitsi.org. To get around this with my friends and family, I shared with them my certificates for Jitsi in an email to them, and they installed them on their device. Once they did this they were able to connect to my Jitsi server using the Android app. IPhone and Web users do not have this issue.

    Conclusion

    I hope you liked this blog entry on installing your own video conferencing server. If you have any questions, or just want to leave a comment, leave it below.

    Thanks and Happy Hollidays!