-
Notifications
You must be signed in to change notification settings - Fork 64
Server Deployment Guide
We need the API calls ssl security enhenced. Apache's https support is production verified. Also, Apache is mostly default installed at linux servers, and port 80 is used by apache. So if we want to the APIs exposed to the standard 80/443 port, We need apache to be the reverse-proxy for Wio Link server.
Please refer to this web page for detailed guide: https://www.digitalocean.com/community/tutorials/how-to-create-a-ssl-certificate-on-apache-for-ubuntu-14-04
Enable proxy module of apache:
sudo a2enmod proxy
sudo a2enmod proxy_http
sudo a2enmod proxy_wstunnel
Add the following lines to /etc/apache2/sites-available/default-ssl.conf:
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
ProxyRequests Off
ProxyPreserveHost On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass /v1/node/event ws://127.0.0.1:8080/v1/node/event
ProxyPassReverse /v1/node/event ws://127.0.0.1:8080/v1/node/event
ProxyPass /v1 http://127.0.0.1:8080/v1
ProxyPassReverse /v1 http://127.0.0.1:8080/v1
Add the following lines to /etc/apache2/sites-available/000-default.conf:
ProxyRequests Off
ProxyPreserveHost On
ProxyPass /v1/node/resources http://127.0.0.1:8080/v1/node/resources
ProxyPassReverse /v1/node/resources http://127.0.0.1:8080/v1/node/resources
Save and restart the apache server:
sudo service apache2 restart
docker pull killingjacky/wio_link
If you're running this on an ARM (armv7 / armhf) platform e.g. Raspberry Pi
docker pull armhf.registry.marina.io/killingjacky/wio_link
Then confirm that the image has been pulled down successfully
docker images
docker run -itd --name wio --restart=always -p 127.0.0.1:8080:8080 -p 8081:8081 -p 8000:8000 -p 8001:8001 -v /root/wio killingjacky/wio_link
Or for ARM platform
docker run -itd --name wio --restart=always -p 127.0.0.1:8080:8080 -p 8081:8081 -p 8000:8000 -p 8001:8001 -v /root/wio armhf.registry.marina.io/killingjacky/wio_link
This will start a container from killingjacky/wio_link
image, and run it in daemon mode. The container will start automatically when the system boots up.
docker ps -l #To confirm that a container named wio is running right there.
Then you can attach to the console of the container with:
docker attach wio
Then edit the file /root/wio/config.py with your domain / IP.
vim /root/wio/config.py
Restart the server:
supervisorctl restart wio
Then ctrl+p ctrl+q to quit the console. Please note that do not use exit
to logout the shell, that will cause the container stopped.
If unfortunately you stopped the container, start it again with:
docker start wio
Some public cloud docker container service may have healthy checking functionality, and may assume falsely that the command in this Wio Link container has exit. In this case, please specify the following command as the container Command
parameter in the GUI/Console provided by this public cloud service:
python /root/wio/server.py
The container mounts a point of host system into /root/wio dir of container. You can locate the volume on the host by utilizing the ‘docker inspect’ command.
docker inspect wio
The output will provide details on the container configurations including the volumes. The output should look something similar to the following:
...
Mounts": [
{
"Name": "fac362...80535",
"Source": "/var/lib/docker/volumes/fac362...80535/_data",
"Destination": "/root/wio",
"Driver": "local",
"Mode": "",
"RW": true
}
]
...
You will notice in the above ‘Source’ is specifying the location on the host and ‘Destination’ is specifying the volume location inside the container. RW shows if the volume is readable/writable.
Then you can backup configurations and database.db if necessary.
Download the precompiled toolchain at the url showed at this page: https://arduino.esp8266.com/stable/package_esp8266com_index.json
e.g. Ubuntu 18.04 (so as the following steps)
cd /opt
sudo wget https://github.com/esp8266/Arduino/releases/download/2.3.0/linux64-xtensa-lx106-elf-gb404fb9.tgz
sudo tar zxvf linux64-xtensa-lx106-elf-gb404fb9.tgz
sudo vim /etc/profile
#append the following line
export PATH=$PATH:/opt/xtensa-lx106-elf/bin
Then save the file, logout and login, test if the PATH is set correctly by inputing:
xtensa-lx106-elf-gcc -v
sudo apt install python-pip
sudo pip install 'tornado<5'
sudo pip install PyJWT
sudo pip install pycrypto
sudo pip install PyYaml
sudo pip install tornado-cors
sudo pip install psutil
note: if you get error that "Python.h" not found, install the python-dev with:
sudo apt-get install python-dev
cd
sudo apt install git
git clone -b master https://github.com/Seeed-Studio/Wio_Link.git
cd Wio_Link
git submodule init
git submodule update
Test running by:
python ./server.py
Hope you get the log like this:
SQLite version: 3.16.2
Run the scan script to scan all the grove drivers:
python ./scan_drivers.py
Test building by:
python ./build_firmware.py
Hope you get no errors.
Install supervisor by:
sudo apt-get install supervisor
Then you need to create a config file for the server process:
vim /etc/supervisor/conf.d/wio_server.conf
[program:wio]
directory=/root/wio/
command=python /root/wio/server.py
autorestart=true
user=root
redirect_stderr=true
stdout_logfile=/root/supervisor_log/log.txt
stderr_logfile=/root/supervisor_log/err.txt
environment=PATH="/opt/xtensa-lx106-elf/bin:%(ENV_PATH)s"
Start the process by:
sudo mkdir -p /root/supervisor_log
sudo supervisorctl start wio
Refer to #1.1
At last we need blocking the HTTP accesses to 8080 port which bypassed the reverse-proxy.
Install the firewall and configure the blocking rules:
apt-get install ufw
ufw default allow #take care about this, you need run this before ufw enable, or you'll get lost control of your server because the ssh connection port is blocked too
ufw deny 8080
ufw enable
ufw status
supervisorctl restart wio #the firewall rules take effect only after restart of server.py
Imagine such an application scenario: The network between users' and Wio Link server (official) is not so smooth but users' application requires the data exchange fast. The user wants to deploy a local server, but the target machine is not a powerful computer, e.g. Raspberry Pi.
In this situation, user can deploy a lean data exchange server locally, but still use the compilation server provided by SEEED.
Wio Link connects servers in two channels. One is for OTA, another is for data query and event delivery. The OTA channel is only used when Wio Link's firmware is being updated. In other time, Wio Link uses data exchange channel to communicate with upper application caller.
Before we dive into detailed guide, please notice first that the local lean server will conflict with the full function server because they use the same network port. So if you already deployed a full function server, please don't install lean server at the same machine.
step 1) The python env needs to be ready, and then install the python modules.
pip install 'tornado<5'
pip install pycrypto
pip install tornado-cors
step 2) Download file server_lean.py
step 3) If you want to encrypt the communication, a web sever is still needed to serve as the front-end. Refer to #1.1. In a trusted LAN network, you can leave the server exposed. This means you only need one single file server_lean.py.
The lean server can run in two modes: online mode and offline mode. If it works in the online mode, at the beginning of startup process, the server will connect to the Main Server (OTA server, where the user information and nodes information are stored) to pull down the nodes information including the encryption keys. Then store these information in a local file for offline use. If the server works in the offline mode, it reads in the stored information at the beginning.
Open server_lean.py with your favorite editor, and modify the configuration section.
########################################
#Configurations
#
#Set the OTA server which is used by the Wio Links
#This script will connect to OTA server to fetch node informations.
#Options: chinese, global_old, global_new, customize
OTA_SERVER='customize'
#Set the tokens when seeed server(chinese, global new and old),
#Get token from https://wio.seeed.io/login
#Note: all seeed server have same user token
TOKENS = ["your token"]
#Set the address of the OTA server if OTA_SERVER is set to 'customize'
#Only applies when OTA_SERVER='customize'
CUSTOM_OTA_SERVER_ADDR='http://192.168.31.12:8080'
#Set the accounts which will be used when logging in the OTA server
#Set each account with a key-value pair in which the pattern is email:password
ACCOUNTS={'email':'password'}
########################################
If you deployed a full private server, you can configure the lean server to connect it. You need to modify 3 lines
OTA_SERVER='customize'
-
CUSTOM_OTA_SERVER_ADDR='URL-of-your-private-server'
e.g. http://192.168.31.12:8080 ACCOUNTS={'email':'password'}
As the SEEED servers refer user database from bazaar, you need to get a access token via this web page - https://wio.seeed.io/login. After logging in, the web page will display some text like
{"token": "<token>", "user_id": #########}
Set down the <token>
part which will be used in next step.
Modify the following lines
-
OTA_SERVER='global_new'
This varies with your server choice. -
TOKENS = ["your token"]
Replace "your token" with the<token>
you just set down
Start the server
Online mode:
python ./server_lean.py &
Offline mode:
python ./server_lean.py --mode=offline &
You can configure your App to communicate with the private server with the following steps.
- Logout your App if you already logged into one of the Seeed servers.
- At the login interface, click "Server Location"
- Select "Customize Server", and then input the URL of your private server. e.g. http://your-ip-address:8080 or https://your-ip-address . Then "Save".
- Sign up new account and login.
This is the video tutorial - https://youtu.be/qIdtKa0-xvs
When adding a new Wio device, the default data exchange server is the same as the OTA server. To let the Wio device exchange data via your local lean server, you can configure with the App.
This is the video tutorial - https://youtu.be/y_X_cUtbRGs