Download and initial setup¶
Download¶
Linux 64bit – Ubuntu 64bit Server 16.04/18.04/20.04+/Debian 8+¶
Make sure that nothing is installed on your machine, and make sure it is connected to the internet.
Access the Linux machine via ssh and run the following commands in the prompt:
sudo wget https://update.resiot.io/releases/resiot_latest_linux_amd64.tar.gz
tar xvzf resiot_latest_linux_amd64.tar.gz
sudo ./resiot_setup_amd64.sh
Now wait for a minute ( the database needs to be filled in the first run ), then visit your host on your browser @ xxx.xxx.xxx.xxx:8088 and proceed to the first configuration page
Windows 64bit¶
Download the client and run the setup, at the end you will be directed to your host (usually :8088). Now proceed to the first configuration page
Ports and Firewall configuration¶
By default, ResIOT will use the following ports:
- TCP 8088 (web interface for the platform)
- TCP 8095 (GRPC API server, needed by you and by gateways that use the ResIOT BaseStation Client)
- TCP 50076 (web interface for Live Update Services)
- UDP 7677 (all LoRa communication will go through this)
For internal communication between the whole suite, also make sure no software is using the following ports:
- TCP 58001
- TCP 58002
- TCP 58003
- TCP 50076
For the direct connection to the Gateways (Remote Access without VPN) via ssh and webgui from the platform make sure that the gateways/base stations can access the following ip address:
- 167.114.247.51
- 167.114.224.216
- 167.114.228.30
- 167.114.234.59
HTTP/SSL config from Configuration file¶
ResIOT allows you to create free SSL certificates via Let's Encrypt. More services will be added in the future to automatically add certificates to your site.
First, get a domain and make sure it points toward your ResIOT server. Once that's done, we can manually edit the ResIOT configuration file to create and keep your certificates up to date.
Editing the configuration file
You're now going to edit a JSON file, if you're not familiar with the format read a guide as ResIOT will fail to start if the configuration file is not correctly written!
Let's Encrypt¶
Setup your firewall!
Because of how Let's Encrypt works, you will need to have to have both ports 80 and 443 open and accessible from the outside
Windows¶
Open a file explorer window and head to folder:
%ALLUSERSPROFILE%/ResIOTFiles0
By default, on Windows 10, it's C:\ProgramData\ResIOTFiles0
Now edit the config.json with your preferred text editor and add/edit the following lines (notice \ characters have to be escaped in a json):
"WEBSERVER_HOST": ":443",
"CERT_FILE": "C:\\ProgramData\\ResIOTFiles0\\cert1",
"KEY_FILE": "C:\\ProgramData\\ResIOTFiles0\\key1",
"CERT_HOST": "yourhost.domain.com",
"CERT_SERVICE": "letsencrypt",
"CERT_UPDATE": 30,
Save all your modifications.
Finally restart the Resiot service by going to the start menu, choosing the Run program and entering
services.msc
Now highlight the ResIOT service and press the Restart button on the left menu.
Linux¶
Get into a terminal/ssh window of your server and run the following to start editing your ResIOT configuration file:
sudo nano /opt/resiot/config.json
Now add/edit the following lines:
"WEBSERVER_HOST": ":443",
"CERT_FILE": "/etc/resiot/cert1",
"KEY_FILE": "/etc/resiot/key1",
"CERT_HOST": "yourhost.domain.com",
"CERT_SERVICE": "letsencrypt",
"CERT_UPDATE": 30,
Save all your modifications.
Finally restart the Resiot service
sudo service resiot restart
I have my own certificates¶
If you want to use your own certificates, follow the Let's Encrypt guide and omit the CERT_SERVICE field or give it an empty string value "" and make sure your certificates are located where the "CERT_FILE" and "KEY_FILE" point to(if you have a single certificate, make two copies of it at those locations).
Increasing TLS security¶
If you want increased TLS security, you can set the MAX_TLS_SECURITY
field to true
. By doing so you will:
- Disable TLS1.0 and TLS1.1
- Enable HSTS
- Disable weaker Cipher Suites accepted by the ResIOT webserver
Be careful!
By increasing security, you'll likely lose the ability to interact with the platform using older browsers like IE7 or older mobile built-in browsers.