Skip to content

Download and initial setup

Download

Linux 64bit – Ubuntu 64bit Server 16.04/18.04/20.04+/Debian 8+

Make sure that nothing is installed on your machine, and make sure it is connected to the internet.

Access the Linux machine via ssh and run the following commands in the prompt:

sudo wget https://update.resiot.io/releases/resiot_latest_linux_amd64.tar.gz
tar xvzf resiot_latest_linux_amd64.tar.gz
sudo ./resiot_setup_amd64.sh

Now wait for a minute ( the database needs to be filled in the first run ), then visit your host on your browser @ xxx.xxx.xxx.xxx:8088 and proceed to the first configuration page

Windows 64bit

Download the client and run the setup, at the end you will be directed to your host (usually :8088). Now proceed to the first configuration page

Ports and Firewall configuration

By default, ResIOT will use the following ports:

  • TCP 8088 (web interface for the platform)
  • TCP 8095 (GRPC API server, needed by you and by gateways that use the ResIOT BaseStation Client)
  • TCP 50076 (web interface for Live Update Services)
  • UDP 7677 (all LoRa communication will go through this)

For internal communication between the whole suite, also make sure no software is using the following ports:

  • TCP 58001
  • TCP 58002
  • TCP 58003
  • TCP 50076

For the direct connection to the Gateways (Remote Access without VPN) via ssh and webgui from the platform make sure that the gateways/base stations can access the following ip address:

  • 167.114.247.51
  • 167.114.224.216
  • 167.114.228.30
  • 167.114.234.59

HTTP/SSL config from Configuration file

ResIOT allows you to create free SSL certificates via Let's Encrypt. More services will be added in the future to automatically add certificates to your site.

First, get a domain and make sure it points toward your ResIOT server. Once that's done, we can manually edit the ResIOT configuration file to create and keep your certificates up to date.

Editing the configuration file

You're now going to edit a JSON file, if you're not familiar with the format read a guide as ResIOT will fail to start if the configuration file is not correctly written!

Let's Encrypt

Setup your firewall!

Because of how Let's Encrypt works, you will need to have to have both ports 80 and 443 open and accessible from the outside

Windows

Open a file explorer window and head to folder:

%ALLUSERSPROFILE%/ResIOTFiles0

By default, on Windows 10, it's C:\ProgramData\ResIOTFiles0

Now edit the config.json with your preferred text editor and add/edit the following lines (notice \ characters have to be escaped in a json):

"WEBSERVER_HOST": ":443",
"CERT_FILE": "C:\\ProgramData\\ResIOTFiles0\\cert1",
"KEY_FILE": "C:\\ProgramData\\ResIOTFiles0\\key1",
"CERT_HOST": "yourhost.domain.com",
"CERT_SERVICE": "letsencrypt",
"CERT_UPDATE": 30,

Save all your modifications.

Finally restart the Resiot service by going to the start menu, choosing the Run program and entering

services.msc

Now highlight the ResIOT service and press the Restart button on the left menu.

Linux

Get into a terminal/ssh window of your server and run the following to start editing your ResIOT configuration file:

sudo nano /opt/resiot/config.json

Now add/edit the following lines:

"WEBSERVER_HOST": ":443",
"CERT_FILE": "/etc/resiot/cert1",
"KEY_FILE": "/etc/resiot/key1",
"CERT_HOST": "yourhost.domain.com",
"CERT_SERVICE": "letsencrypt",
"CERT_UPDATE": 30,

Save all your modifications.

Finally restart the Resiot service

sudo service resiot restart

I have my own certificates

If you want to use your own certificates, follow the Let's Encrypt guide and omit the CERT_SERVICE field or give it an empty string value "" and make sure your certificates are located where the "CERT_FILE" and "KEY_FILE" point to(if you have a single certificate, make two copies of it at those locations).

Increasing TLS security

If you want increased TLS security, you can set the MAX_TLS_SECURITY field to true. By doing so you will:

  • Disable TLS1.0 and TLS1.1
  • Enable HSTS
  • Disable weaker Cipher Suites accepted by the ResIOT webserver

Be careful!

By increasing security, you'll likely lose the ability to interact with the platform using older browsers like IE7 or older mobile built-in browsers.