- screen (preinstalled on Ubuntu)
- openssl (preinstalled on Ubuntu)
- python 3.11
- sudo apt install python3.11-venv
- sudo apt install certbot python3-certbot-nginx
-
Clone the repository
-
In the root directory, create a virtual environment to install the dependencies:
$
python3.11 -m venv env -
Activate the virtual environment:
$
source env/bin/activate -
Install the requirements:
(env)$
pip install -r requirements.txt -
Create the jwt-secrets file:
(env)$
echo 'AUTHJWT_SECRET_KEY="placeMySecretKeyHere"' > env/.env -
Deactivate the virtual environment by entering
deactivate
Note: if a system upgrade messes with the virtual environment and upgrades python version by accident, the simplest fix is to uninstall the virtual environment (rm -r env), install python3.11 if it's not on the system anymore and create a new virtual environment (step 2 to 6).
-
Info: currently used for the main application, mights be moved in the next updates to postgres
-
Import the public key used by the package management system:
$
wget -qO - https://www.mongodb.org/static/pgp/server-5.0.asc | sudo apt-key add - -
Create a list file for MongoDB:
$
echo "deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/5.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-5.0.list -
Reload the package database:
$
sudo apt-get update -
Install MongoDB packages:
$
sudo apt-get install -y mongodb-org
-
Info: currently only used for the dashboard data, in future maybe for the whole application
-
Install PostgreSQL
$
apt install postgresql -
Login as superuser or create own user account with sufficient privileges, then create new database with name postgres
$
sudo -u postgres createdb postgres -
Enter database
$
sudo -u postgres psql postgres -
Change the password of the superuser to something secure ( ! important step, default password "postgres" not secure ! )
$
\password postgres -
Create tables
CREATE SCHEMA public AUTHORIZATION pg_database_owner;
CREATE SEQUENCE sensor_job_id_seq
INCREMENT BY 1
MINVALUE 1
MAXVALUE 2147483647
START 1
CACHE 1
NO CYCLE;
CREATE TABLE jobs (
"name" text NOT NULL,
command text NULL,
start_time int4 NULL,
end_time int4 NULL,
CONSTRAINT jobs_pkey PRIMARY KEY (name)
);
CREATE TABLE sensor_job (
id serial4 NOT NULL,
job_name text NULL,
sensor_name text NULL,
lat float8 NULL,
lon float8 NULL,
sample_rate int4 NULL,
center_freq int4 NULL,
bandwidth int4 NULL,
gain int4 NULL,
if_gain int4 NULL,
bb_gain int4 NULL,
decimation int4 NULL,
CONSTRAINT sensor_job_job_name_sensor_name_key UNIQUE (job_name, sensor_name),
CONSTRAINT sensor_job_pkey PRIMARY KEY (id),
CONSTRAINT sensor_job_job_name_fkey FOREIGN KEY (job_name) REFERENCES jobs("name")
);
CREATE TABLE signal (
id int4 NOT NULL,
"timestamp" float8 NOT NULL,
signal_level float4 NULL,
background_noise float4 NULL,
snr float4 NULL,
count int4 NULL,
CONSTRAINT signal_pkey PRIMARY KEY (id, "timestamp"),
CONSTRAINT signal_id_fkey FOREIGN KEY (id) REFERENCES sensor_job(id)
);
CREATE TABLE stderr (
id int4 NOT NULL,
"timestamp" float8 NOT NULL,
i int4 NULL,
o int4 NULL,
ok_s int4 NULL,
ok int4 NULL,
CONSTRAINT stderr_pkey PRIMARY KEY (id, "timestamp"),
CONSTRAINT stderr_id_fkey FOREIGN KEY (id) REFERENCES sensor_job(id)
);
CREATE TABLE packets (
id int4 NOT NULL,
"type" text NOT NULL,
count int4 NULL,
CONSTRAINT packets_pkey PRIMARY KEY (id, type),
CONSTRAINT packets_id_fkey FOREIGN KEY (id) REFERENCES sensor_job(id)
);
-
Install Nginx:
$
sudo apt update && sudo apt install nginx -
Move
http.confto/etc/nginx/conf.d/and edit its root and index to point to the correct locations -
In
nginx.confcomment out or delete the lineinclude /etc/nginx/sites-enabled/*; -
Reload Nginx:
$
sudo nginx -s reload
-
$
sudo apt install certbot python3-certbot-nginx -
Modify the
http.confin/etc/nginx/conf.d/:- Remove all parts that are handeled by Certbot (the lines with comments).
- Change the
listen 443 ssl http2;tolisten 80;
-
Reload NginX: $
sudo systemctl reload nginx -
Run Certbot to create the certificates: $
sudo certbot --nginx -d myLeoCommonDummyUrl.com -
Start the Certbot Timer: $
sudo systemctl start certbot.timer
-
In the root directory of the server, create tools folder
$
mkdir tools -
Enter folder
$
cd tools -
Clone the repository
$
git clone https://github.com/muccc/iridium-toolkit.git
Do not run the development environment on the live-server!
The development environment offers:
- FastAPI development-page (127.0.0.1:8000/docs)
-
Delete the http.conf: $
rm http.conf -
Copy http_dev.conf to http.conf: $
cp http_dev.conf http.conf -
http.conf: change
root /home/user/server/app/static;to your own path to the /app/static-folder -
Modify
startup.sh: comment out the block about the certbot-timer -
Run
startup.sh -
Open website via
http://127.0.0.1or FastAPI via127.0.0.1:8000/docs -
Modify the mongoDB as shown below to create a inital dummy-account.
Differences between dev-env and live-env:
-
http.conf: removed
|docs/from linelocation ~ ^/(data/|fixedjobs/|docs/|sensors/|login/) -
http.conf: modified line
proxy_pass http://0.0.0.0:8000;toproxy_pass http://127.0.0.1:8000; -
Added https and a http-reroute to the http.conf.
IMPORTANT: make sure to only use the insecureAdminLogin (dummy account) in development environment. Create a real admin account by using this dummy account, than delete this dummy.
-
Start the dev-env as descried above.
-
Open the virtual envoronment:
$
source env/bin/activate -
Open mondodb-shell:
$
mongo(or depending on the system: $mongosh) -
Check that the database "sensors" is available:
$
show dbs -
Change to the sensors database or create it if non-existent yet (is the same command):
$
use sensors -
Insert dummy user "insecureAdminLogin" and implicitly create the collection "users":
$
db.users.insert({ "_id" : ObjectId("6431594b33bd9273ce33f0b2"), "email" : "test@mail.com", "username" : "insecureAdminLogin", "hashed_password" : BinData(0,"JDJiJDEyJGdmWllwN0NoYmNjdlJyTmhkakJPcXU2VEVNMVpYamtWVUptRnVpYkNnZGc0UUZNVjBwdVVX"), "role" : "admin", "creation_date" : 954587471, "owned_sensors" : [ ], "scheduled_jobs" : [ ], "online_status" : [ [ 0, 0 ] ], "public_rsa_key" : "" }) -
Verify that the collection "users" is available:
$
show collections -
Show all registered users:
$
db.users.find()
On live systems NEVER use the insecureAdminLogin!
User: insecureAdminLogin
Password: insecurePasswordRemoveAfterAdminCreated123onZhs2LipBPZVg2itHJsoS7U5tkywsxP
-
Login with the insecureAdminLogin.
-
Create your own admin account with a secure password.
-
Logout from the insecureAdminLogin and login with your own admin account.
-
Delete the insecureAdminLogin.
-
Create a dedicated dashboard account with user privileges on the server
-
Locate the
.envfile in the/envdirectory, add the following lines and fill the empty quotation marks with own valuesDASH_DB_USER=""the name of the postgres user ("postgres" or own user account)DASH_DB_PASSWORD=""the password of the postgres userDASH_USER=""the name of the dashboard user from step 1DASH_PASSWORD=""the password of the dashboard user from step 1
-
Copy http_live.conf to http.conf: $
cp http_live.conf http.conf -
http.conf: change
root /home/user/server/app/static;to your own path to the /app/static-folder -
Modify
startup.sh: comment in the block about the certbot-timer -
Run
startup.sh -
Open website via the external address.
Use the startup.sh-script or follow the next steps to manually start it:
-
Copy the http.conf to
/etc/nginx/conf.d/http.conf -
Start nginx:
$
sudo service nginx start/stop/statusor do $sudo nginx -s reloadfor reloading -
Start the Certbot Timer: $
sudo systemctl start certbot.timer -
Start mongoDB:
$
sudo service mongod start/stop/status -
The application has to be run in the virtual environment where the requirements are installed.
$
cd server
$ source env/bin/activate
Note: The virtual environment can be deactivated by entering deactivate
Furthermore, set PYTHONPATH as the current directory:
(env)$ export PYTHONPATH=$PWD
Finally, run the application:
(env)$ python3 app/main.py
-
Open a screen session: $
screen -
Run the application with the startup script: $
./startup.sh -
Detatch the current session: $
ctrl+a,d -
Close the terminal.
Access the detatched screen session and terminate the server:
-
List all detatched sessions: $
screen -ls -
Connect to a specific session: $
screen -r <sessionName> -
Terminate the server: $
ctrl-x -
End the screen session: $
exit
- Webinterface.UserDetails: Implement missing buttons for user account management.
- Webinterface.FixedJobs: show local-time and convert to timestamp when creating a new job. Add some buttons [+1 min, +10 min, +1h] for simple interaction.
- Webinterface.FixedJobs: method 'get_fixed_jobs_by_sensorname' rename the router-path from "/fixedjobs/{name}" to "/fixedjobs/sensor_name/{name}" for clarification. But this also needs to be adjusted in the sensors!
- Webinterface.SensorDetails: add "are you sure" window, before the new JWT for a new sensor is created (otherwise you can remove sensors from the server with this accedentally). (TODO: in progress (to test)
- Webinterface.FixedJobs: when creating new fixed job, ensure not required arguments are not enforced (ensure every command has default parameters)
- Webinterface.FixedJobs: when creating new fixed job, make it possible to select sensor directly
- Public website: make the connection to osm secure, so that it does not rise a tls-warning
- Webinterface.Data: add possiblity to filter/sort data collection
- Webinterface.Data: add upload-time to data-table
This section lists errors that can occur by wrongly operating the application and how to fix them.
-
Getting
localhost:27017: [Errno 111] Connection refusedwhen trying to call the API (for example by loading the webpage):The MongoDB service
mongodwasn't shut down properly with $sudo service mongod stopand the lock file still exists, not allowing the service to launch. Remove the lock file and start the service: $
sudo rm /var/lib/mongodb/mongod.lock $sudo service mongod start -
MongoDB-shell:
$
mongo(Ctrl+c for exit) -
Create Certficates: $
openssl req -x509 -newkey rsa:4096 -sha256 -days 365 -nodes -keyout myDummyLeoCommonUrl.key -out myDummyLeoCommonUrl.crt -subj "/C=DE/ST=Rhineland-Palatinate/L=Kaiserslautern/O=University Kauserslautern/OU=DistributedComputerSystemsLab/CN=www.myDummyLeoCommonUrl.com" -addext "subjectAltName=DNS:myDummyLeoCommonUrl.com" -
"I set up ngnix correctly but get a 404." -> check if the http user can access the server directory. This is can be a problem in development settings. Test access:
sudo -u http stat <path>/server
-
Open the virtual envoronment: $
source env/bin/activate -
Open mondodb-shell: $
mongo -
Check that the target user is available: $
db.users.find({"username":"insecureAdminLogin"})ordb.users.find({"email":"testmail@test.com"}) -
Delete the user: $
db.users.deleteOne({"username":"insecureAdminLogin"})or delete all with one mail adressdb.users.deleteMany({"email":"testmail@test.com"}) -
Find the refresh-token: $
db.refresh_token_whitelist.find({"sub":"insecureAdminLogin"}) -
Remember the "sibling_jti", this is the JSON Web Token ID of the corresponding access-token.
-
Delete the refresh-token: $
db.refresh_token_whitelist.deleteOne({"sub":"insecureAdminLogin"})or using the jtidb.refresh_token_whitelist.deleteOne({"jti":"INSERT-YOUR-JTI-HERE"}) -
Add the access-token to the black list:
db.access_token_blacklist.insertOne({"jti" : "INSERT-SIBLING-JTI-HERE", "sub" : "INSERT-SUBJECT-NAME-HERE", "expire" : "INSERT-EXPIRATION-DATE-HERE", "time_added" : "INSERT-CURRENT-DATE-HERE"}). Use an expiration date of today+3 days (make sure it is blocked long enough). The dates must be in format "YYYY-mm-dd HH:MM:SS", example "2020-12-31 23:59:59".
-
Webinterface.FixedJobs: deleting a fixed job does not remove the job from the sensors joblist
-
When a job-file is uploaded, the DB entry is created before the file is stored on the disk. If a soring-error occures, there is no file on the disk, but an entry in the DB.
-
...