This install is using Ubuntu 16.04.2
I set up my VM to allow SSH so that I could mimic what it would be like on a server. So the following assumes you are using SSH to communicate to the box.
sudo apt-get update
sudo apt-get upgrade -y
sudo apt-get dist-upgrade
curl -sL https://deb.nodesource.com/setup_6.x | sudo -E bash -
sudo apt-get install -y python python-pip python-dev build-essential git nodejs
sudo ufw enable
git clone https://github.com/RocketMap/RocketMap.git
cd RocketMap
sudo -H pip install -r requirements.txt
npm install
npm run buildEverything should be built.
Copy config/config.ini.example to config/config.ini.
I am following the docs for GoogleAPI Keys.
It is recommended to restrict the key access when you put online so that not just anyone can use it.
After creating the key and enabling all the services, put the key in config/config.ini for gmaps-key.
I highly suggest using Kinan City to create your users.
I created and used a personal account for testing but it may be smart to create one just for Florence SC RocketMap. Create Account
Your password will be stored in plain text so it would be better to make sure this is not used anywhere else and is unique to this account.
Password cannot have a hashtag in it because the
config.iniwill not know how to handle it.
Put the username and password for that account in the config/config.ini file for username and password.
For testing I changed
portto80. But for a production environment I would suggest defaults and use reverse proxy.
- Changed
hostto0.0.0.0 - Changed
locationappropriatly (either address or lon, lat). - Set
step-limitto 20. - Uncommented
speed-scanas I think that is the method we want to use and is prefered. - Set
status-page-passwordso that the status of the workers is hidden. - Set
status-nametoMainso that the main worker has a name we can use.
I will write a seperate config file for setting up new accounts as it is different then running them.
python runserver.pyInstall Nginx
sudo apt-get install nginx -yConfigure the firewall to allow traffic to and from nginx.
There are three profiles:
Nginx Full,Nginx HTTP,Nginx HTTPS. I would do full as to allow traffic on both then when we get SSL setup then we can redirect traffic to SSL and tell browser to use that instead.
sudo ufw allow 'Nginx Full'Create RocketMap Reverse Proxy
cd /etc/nginx/sites-available
cp default rocketmap
sudo vim rocketmap #Use whatever editor you are comfortable withRemove the root /var/www/html; line.
Add server_name rocketmap; replacing rocketmap with the domain used to connect to this server.
Remove everything inside location / brackets and replace with this:
proxy_pass http://127.0.0.1:5000/;
proxy_redirect off;
Remove Comments to tidy things up (we still have the original file).
Now we need to enable the site.
cd /etc/nginx/sites-enabled
sudo unlink default
sudo ln -s /etc/nginx/sites-available/rocketmap .Restart the Nginx Server
sudo systemctl restart nginxFor the purpose of the VM I could not enable SSL using certbot but instead using self signed certs. This allowed me to make sure the configurations worked the way they needed to.
Inside of /ect/nginx/sites-available/rocketmap you need to tell Nginx about the files certbot creates. Add the following location block below the existing one:
location /.well-known/acme-challenge {
default_type "text/plain";
root /var/www/certbot;
}
Then restart Nginx sudo systemctl restart nginx.
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install certbot
sudo mkdir -p /var/www/certbot
sudo chown -R ${USER}:${USER} /var/www/certbot
certbot certonly --webroot -w /var/www/certbot -d example.com -d www.example.comNow to enable automatic renewal run
crontab -eAnd add this line
43 6 * * * certbot renew --post-hook "systemctl reload nginx"
You are welcome and encouraged to change the minute and hour that this job is ran everyday. This is to reduce load on the certbot server so please do not pick an intervale of 15 minutes.
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/rocketmap.key -out /etc/ssl/certs/rocketmap.crtIt will ask for a series of questions. Answer them all but the most important one is the Common Name. Since I am using the domain rocketmap to connect to my VM that is what I will use. If you connect to your VM by any other means change it to what you have to put in the URL to navigate to your VM.
I am going to be using the section from the point of view from the Self Signed section. The location of the cert files gathered from certbot can be located somewhere /etc/letsencrypt/live. CertBot Docs shows where they are according to your version.
Feel free to rename anything marked as self-signed to something else if you used certbot (maybe use certbot as the name instead).
Create /etc/nginx/snippets/self-signed.conf and add (This file will be unique based on how you recieved SSL Certs):
ssl_certificate /etc/ssl/certs/rocketmap.crt;
ssl_certificate_key /etc/ssl/private/rocketmap.key;
Create /etc/nginx/snippets/ssl-params.conf and add (This file can be used in both scenarios):
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_ecdh_curve secp384r1;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
The above setting are supposed to be pretty safe according to Cipherlist with a few modifications like not having preload on Strict-Transport-Security header.
Now let us edit /etc/nginx/site-available/rocketmap. Replace the contents of location / with:
return 302 https://$server_name$request_uri;
We also need to create a new server block that looks like this (after the existing server):
server {
listen 443 http2 ssl default_server;
listen [::]:443 http2 ssl default_server;
include snippets/self-signed.conf;
include snippets/ssl-params.conf;
location / {
proxy_pass http://127.0.0.1:5000/;
proxy_redirect off;
}
}
Restart Nginx sudo systemctl restart nginx.
Now test to see if you try and hit http://yourdomain.com that you are redirected to the https instead. If you are then lets make the change more permanent by replacing the return 302 from above to return 301 and restart the server again.
- Find a way to start the service without sudo rights. (Fixed document so you don't have to run with admin rights)
- Find how to use WebHooks. (PokeAlarm seems to be the solution)
- Read more about the Speed Scan
- Get a hashing key to see how everything goes PoGoDev.
- We need this or the accounts created below will be banned and caught way easier.
- Use PGM MultiLoc To help determine configuration needed.
- This tool would allow us to see what area we would like to cover.
- Look into Kinan City to create a handful of accounts to rotate between.
- This should generate a CSV or something similar you can use for the above.
- Setup an Account for 2capture so that the server can solve captcha requests.
- Not sure if this is needed but I have a feeling that it is.
- Read through the Q&A
- Read more into PokeAlarm
- Look into getting a proxy to allow for cloud service. (Pokemon Go Private Proxies seem to go for $3/month/proxy min 5 proxies) The reason to search for that is because most proxy services will make sure that the IP they give you is not blocked by Niantic.
- Setup a tutorial config so that after creating the accounts we can get them all to level 2 (Less Captcha Hits).