LoRa server(appserver and networkserver) Installation on Raspberry pi3


#1

Hi,

Today i started to install LoRa Server on Raspberrypi 3 (OS: Jessie). My aim is to install network server (LoRa Server) and Application Server (App server) on the Pi, while LoRa gateway bridge on the Multitech conduit.
As first part i installed both LoRa server and App server on the Raspberrypi.
Since i was newbie to linux commands, i had some difficulties in installing the packages. But after spending some time and with the help of google and different forums i am able to successfully install all the packages for LoRa server and app server.
I have questions about what i have to edit in the configuration files of both LoRa server config and LoRa app config

I have opened the file (config file for lora App server) in editor mode using the command

sudo nano /etc/lora-app-server/lora-app-server.toml

But after this i am not sure what i have to change. Here i can see following

dsn=“postgres://localhost/loraserver_as?sslmode=disable”

do i need to change the above variable to the following

postgres://loraserver_as:dbpassword@localhost/loraserver_as?sslmode=disable

And how i have to proceed to change

application_server.external_api.jwt_secret

i did not find anything in the config file about this variable.

I have the same query for both the LoRa server and application server configuration files
Thanks a lot :slight_smile:


#2

When i would finish my first step, I would proceed and install LoRa Gateway bridge on my multitech conduit AEP version.

Thanks a lot in advance.


#3

Hi, @Osman.

You may find this topic interesting:

I had trouble configuring the servers too and there I describe how I solved the issues I found.

Feel free to ask for specific configurations.

Regards.


#4

I am so thankful to you. I will definitely have a look and come back to ask from you.

Thanks once again :slight_smile:


#5

Hi,

Unfortunately, till now, i am not successful about setting up the LoRa server (network server and application server) on my raspberry pi3. Since, there are lot of concepts it would be kind if you could guide me with patience.

I am summarizing what i have done.

  1. I have successfully installed LoRa packet forwarder and LoRa gateway bridge on the multitech conduit. Both instances are running. The lora-gateway-bridge file and LoRa packet forwarder (global_conf.json) are attached as below:

  2. Then i took one raspberry pi 3 and deployed other components (LoRa server and application server). At first, I have installed LoRa server following the instructions posted here. The installation gave me no error. In the configuration file (/etc/loraserver/loraserver.toml) i have made following changes using nano editor
    //
    postgres://loraserver_ns:dbpassword@localhost/loraserver?sslmode=disable
    //
    enabled_uplink_channels=[0 1 2] // i want to use first three default channels 868.1,868.3,868.5M Hz
    //
    jwt_secret=“abc” /// just took from your post, i am totally blank about security issues.
    //MQTT settings
    username=“loraserver”
    password = “********”
    //
    I have left all the ca_cert,tls_cert, tls_key as blank (similar to default configuration.) Since it is optional so i thought i could do it without them.

the command

sudo systemctl start loraserver

gives me no error.

But when i run

journalctl -u loraserver -f -n 50

I get following reply
No journal found.


#6

Hi, @Osman.

I think you missed an _ns before the sslmode. Mine is configured like the following

dsn="postgres://loraserver_ns:dbpassword@localhost/loraserver_ns?sslmode=disable"

I haven’t tried this configuration, but according to the example in the configuration file, the correct would be

enabled_uplink_channels=[0, 1, 2]

Not the best for security, but should work fine.

Do you really need to change those? Personally, I avoid changing these unless really necessary. I believe these credentials should match the broker’s where the lora-gateway-bridge expects to publish to.

No problem. However, there are some of the certificates that need to have their path correctly indicated for lora-app-server. For loraserver, should be fine.

Please, check these configurations and try again.
If the journal still can’t be found, please, feel free to ask again.

Good luck!


#7
  1. I installed the application server on the same raspberry pi3 using the instructions posted here.

Similarly, in the configuration file (/etc/lora-app-server/lora-app-server.toml), i have the following changes.
//
postgres://loraserver_as:dbpassword@localhost/loraserver_as?sslmode=disable
//

MQTT server (e.g. scheme://host:port where scheme is tcp, ssl or ws)

server=“tcp://localhost:1883”

Connect with the given username (optional)

username=“loraappserver”

Connect with the given password (optional)

password=“xxxxxxx”

I have left all the ca_cert,tls_cert, tls_key as blank (similar to default configuration.).
the command

sudo systemctl start lora-app-server

gives me no error.

But when i run

journalctl -u lora-app-server -f -n 50

I get following reply
No journal found.


#8

Hi,

i changed the [dsn] to as below:-

Did it as above.

i changed them to default, where we dont need username and password.

Then i restarted the server with

sudo systemctl restart loraserver

and this time to view the log i added sudo as

sudo journalctl -u loraserver -f -n 50

i got the following output

Mar 01 11:57:02 raspberrypi loraserver[18653]: time=“2018-03-01T11:57:02Z” level=error msg="backend/gateway: connecting to mqtt broker failed, will retry in 2s: Network Error : dial tcp [::1]:1883: getsockopt: connection refused"
Mar 01 11:57:04 raspberrypi loraserver[18653]: time=“2018-03-01T11:57:04Z” level=error msg="backend/gateway: connecting to mqtt broker failed, will retry in 2s: Network Error : dial tcp [::1]:1883: getsockopt: connection refused"
Mar 01 11:57:06 raspberrypi loraserver[18653]: time=“2018-03-01T11:57:06Z” level=error msg=“backend/gateway: connecting to mqtt broker failed, will retry in 2s: Network Error : dial tcp [::1]:1883: getsockopt: connection refused”


#9

I think i have set mqtt credentials as in the docs section.
Mosquitto authentication
Mosquitto, as the main conduit for messaging between the gateways and the LoRa servers and the applications receiving LoRa data, should be secured to prevent third party access to the data. To set up Mosquitto security:

Create a password file for your mosquitto users, starting with a “root” user.

The “-c” parameter creates the new password file. The command will prompt for

a new password for the user.

sudo mosquitto_passwd -c /etc/mosquitto/pwd loraroot

Add users for the various MQTT protocol users

sudo mosquitto_passwd /etc/mosquitto/pwd loragw
sudo mosquitto_passwd /etc/mosquitto/pwd loraserver
sudo mosquitto_passwd /etc/mosquitto/pwd loraappserver

Secure the password file

sudo chmod 600 /etc/mosquitto/pwd
Note that further configuration is possible, such as limiting the topics to which the various users can have access. These settings are beyond the scope of this document.

Mosquitto configuration
Add a new local configuration file (this should survive mosquitto upgrades) called /etc/mosquitto/conf.d/local.conf with the following configuration:

Tell mosquitto where the password file is by adding the lines:

allow_anonymous false
password_file /etc/mosquitto/pwd

May be due to these i am unable to connect. I think i should do a fresh installation again of all the packages.
So, i will start from scratch again.


#10

Hi, @Osman

I believe that if you change from:

to

allow_anonymous true

you should be able to connect without credentials.


#11

Oh, but i just re installed the raspbian jessie and now starting from again. :frowning:

I will be in touch with you and update you about my progress.
Thanks a lot :slight_smile:


#12

Hi :slight_smile:

I finally managed to get some positive output. I have only changed [dsn] in both configuration files (lora server and lora app server) and added the following security.

The log results from LoRa server are as below:-
– Logs begin at Thu 2018-03-01 15:43:52 UTC. –
Mar 01 15:43:56 raspberrypi systemd[1]: Starting LoRa Server…
Mar 01 15:43:56 raspberrypi systemd[1]: Started LoRa Server.
Mar 01 15:43:57 raspberrypi loraserver[569]: time=“2018-03-01T15:43:57Z” level=info msg=“starting LoRa Server” band=EU_863_870 docs=“https://docs.loraserver.io/” net_id=010203 version=0.24.3
Mar 01 15:43:57 raspberrypi loraserver[569]: time=“2018-03-01T15:43:57Z” level=info msg=“setup redis connection pool” url="redis://localhost:6379"
Mar 01 15:43:57 raspberrypi loraserver[569]: time=“2018-03-01T15:43:57Z” level=info msg="connecting to postgresql"
Mar 01 15:43:57 raspberrypi loraserver[569]: time=“2018-03-01T15:43:57Z” level=error msg="ping database error, will retry in 2s: dial tcp [::1]:5432: getsockopt: connection refused"
Mar 01 15:43:59 raspberrypi loraserver[569]: time=“2018-03-01T15:43:59Z” level=info msg="backend/gateway: TLS config is empty"
Mar 01 15:43:59 raspberrypi loraserver[569]: time=“2018-03-01T15:43:59Z” level=info msg=“backend/gateway: connecting to mqtt broker” server="tcp://localhost:1883"
Mar 01 15:43:59 raspberrypi loraserver[569]: time=“2018-03-01T15:43:59Z” level=info msg=“configuring join-server client” ca_cert= server=“http://localhost:8003” tls_cert= tls_key=
Mar 01 15:43:59 raspberrypi loraserver[569]: time=“2018-03-01T15:43:59Z” level=info msg="no network-controller configured"
Mar 01 15:43:59 raspberrypi loraserver[569]: time=“2018-03-01T15:43:59Z” level=info msg="applying database migrations"
Mar 01 15:43:59 raspberrypi loraserver[569]: time=“2018-03-01T15:43:59Z” level=info msg="backend/gateway: connected to mqtt server"
Mar 01 15:43:59 raspberrypi loraserver[569]: time=“2018-03-01T15:43:59Z” level=info msg=“backend/gateway: subscribing to rx topic” topic=gateway/+/rx
Mar 01 15:43:59 raspberrypi loraserver[569]: time=“2018-03-01T15:43:59Z” level=info msg=“backend/gateway: subscribing to stats topic” topic=gateway/+/stats
Mar 01 15:43:59 raspberrypi loraserver[569]: time=“2018-03-01T15:43:59Z” level=info msg=“migrations applied” count=0
Mar 01 15:43:59 raspberrypi loraserver[569]: time=“2018-03-01T15:43:59Z” level=info msg=“starting api server” bind=“0.0.0.0:8000” ca-cert= tls-cert= tls-key=
Mar 01 15:43:59 raspberrypi loraserver[569]: time=“2018-03-01T15:43:59Z” level=info msg=“starting gateway api server” bind=“0.0.0.0:8002” ca-cert= tls-cert= tls-key=
Mar 01 15:43:59 raspberrypi loraserver[569]: time=“2018-03-01T15:43:59Z” level=info msg="starting downlink device-queue scheduler"
Mar 01 15:44:43 raspberrypi systemd[1]: Started LoRa Server.


the log from lora-app-server

– Logs begin at Thu 2018-03-01 15:43:52 UTC. –
Mar 01 15:43:59 raspberrypi systemd[1]: Starting LoRa App Server…
Mar 01 15:43:59 raspberrypi systemd[1]: Started LoRa App Server.
Mar 01 15:44:00 raspberrypi lora-app-server[768]: time=“2018-03-01T15:44:00Z” level=info msg=“starting LoRa App Server” docs=“https://docs.loraserver.io/” version=0.18.0
Mar 01 15:44:00 raspberrypi lora-app-server[768]: time=“2018-03-01T15:44:00Z” level=info msg="connecting to postgresql"
Mar 01 15:44:00 raspberrypi lora-app-server[768]: time=“2018-03-01T15:44:00Z” level=info msg="setup redis connection pool"
Mar 01 15:44:00 raspberrypi lora-app-server[768]: time=“2018-03-01T15:44:00Z” level=info msg="handler/mqtt: TLS config is empty"
Mar 01 15:44:00 raspberrypi lora-app-server[768]: time=“2018-03-01T15:44:00Z” level=info msg=“handler/mqtt: connecting to mqtt broker” server="tcp://localhost:1883"
Mar 01 15:44:00 raspberrypi lora-app-server[768]: time=“2018-03-01T15:44:00Z” level=info msg="handler/mqtt: connected to mqtt broker"
Mar 01 15:44:00 raspberrypi lora-app-server[768]: time=“2018-03-01T15:44:00Z” level=info msg=“handler/mqtt: subscribling to tx topic” topic=application/+/node/+/tx
Mar 01 15:44:00 raspberrypi lora-app-server[768]: time=“2018-03-01T15:44:00Z” level=info msg="applying database migrations"
Mar 01 15:44:01 raspberrypi lora-app-server[768]: time=“2018-03-01T15:44:01Z” level=info msg=“migrations applied” count=0
Mar 01 15:44:01 raspberrypi lora-app-server[768]: time=“2018-03-01T15:44:01Z” level=info msg=“starting application-server api” bind=“0.0.0.0:8001” ca-cert= tls-cert= tls-key=
Mar 01 15:44:01 raspberrypi lora-app-server[768]: time=“2018-03-01T15:44:01Z” level=info msg=“starting join-server api” bind=“0.0.0.0:8003” ca_cert= tls_cert= tls_key=
Mar 01 15:44:01 raspberrypi lora-app-server[768]: time=“2018-03-01T15:44:01Z” level=info msg=“starting client api server” bind=“0.0.0.0:8080” tls-cert=/etc/lora-app-server/certs/http.pem tls-key=/etc/lora-app-server/certs/http-key.pem
Mar 01 15:44:01 raspberrypi lora-app-server[768]: time=“2018-03-01T15:44:01Z” level=info msg=“registering rest api handler and documentation endpoint” path=/api
Mar 01 15:44:54 raspberrypi systemd[1]: Started LoRa App Server.

///////////////////////////////////////////////////////////////////////////////////////////////////////////
I hope this is the right configuration.


#13

I think there is still one problem left to be solved:

Try this:

cat /var/log/postgresql/postgresql-9.6-main.log

If you see something like

2018-02-18 16:32:14.334 UTC [1042] loraserver_ns@loraserver_ns DETAIL: Password does not match for user "loraserver_ns". Connection matched pg_hba.conf line 94: "host all all ::1/128 md5"

you still have to change a postgresql configuration file.

Use the following

sudo vi /etc/postgresql/9.6/main/pg_hba.conf

(or use another editor) to edit pg_hba.conf.

Change the line

host all all ::1/128 md5

to

host all all ::1/128 trust

As I said in the other post ([release] LoRa Gateway Bridge 2.3.0 / LoRa Server 0.24.0 / LoRa App Server 0.18.0), this is not the safe way to configure the database. You’re letting any IPv6 host to access it. However, it make things work for testing until I have time to test the proper way.


#14

No, there’s no error, is just that when loraserver started, postgres wasn’t running yet, but in a second try it was and loraserver carried on initializing. If postgres was indeed permanently unreachable, something like these would be seen, with the error message continuing to repeat every 2 seconds:

INFO[0000] starting LoRa Server                          band=US_902_928 docs="https://docs.loraserver.io/" net_id=010203 version=0.21.0-99-g8c309f3
INFO[0000] setup redis connection pool                   url="redis://localhost:6379"
INFO[0000] connecting to postgresql                     
INFO[0000] backend/gateway: TLS config is empty         
INFO[0000] backend/gateway: connecting to mqtt broker    server="tcp://localhost:1883"
ERRO[0000] backend/gateway: connecting to mqtt broker failed, will retry in 2s: Network Error : dial tcp 127.0.0.1:1883: getsockopt: connection refused 
ERRO[0002] backend/gateway: connecting to mqtt broker failed, will retry in 2s: Network Error : dial tcp 127.0.0.1:1883: getsockopt: connection refused 
ERRO[0004] backend/gateway: connecting to mqtt broker failed, will retry in 2s: Network Error : dial tcp 127.0.0.1:1883: getsockopt: connection refused

That may be fine for testing purposes, but it means that anyone may connect to your mosquitto broker, so don’t do this for any serious case (also see this, allow anonymous won’t always give access to topics, which could be confusing). Instead, follow carefully the docs on securing mosquitto.

The same goes for this, which is trusting any connection to postgres from any user who can access the server. This is a security risk, and this authentication method shouldn’t be used in production:

When in need to debug, try running programs manually to check the ouput directly so you can see what’s going on.

In summary, relaxing conditions on services in which loraserver relies may be fine just to get it working for the first time, but now that you have, you should try to address all security issues that this creates. You’ll eventually have to deal with them anyway, so why not do it now while you are still configuring things?


#15

@iegomez

Sorry :slight_smile:

Agreed. I won’t leave my test environment, so it won’t do any harm, but definitely make it right as soon as possible.


#16

Hi,

Thanks a lot for your reply. when i entered:

i did get output similar to this

but even after editing the file to

i am getting the same results.
I think @iegomez could be right.

I am thankful for your support guys :))) You are really amazing people.

Proceeding the installation, i was able to add network server

However, when i create service profile it gives me an error.

I want to eventually view the data of node? am i heading to the right direction?
Edit: i am able to add service profile.


#17

Yes you are on the right path!

After you’re able to register a device for your application, you can check either the data received by the gateway or by the device.
Look for the JSON field that represents the data, but keep in mind that it will be Base64-encoded.


#18

Hi,

Could you tell me how to check if my Lora-gateway bridge is working properly or not? I have installed the lora-gateway bridge on the multitech conduit but i could not find any command to test that its functioning.

Best Regards


#19

Hello, @Osman.

I don’t have access to a hardware piece to test it now, but I believe this link might help you:

https://docs.loraserver.io/lora-gateway-bridge/install/debug/

Regards


#20

Having the same issue that was mentioned here. And your example for a Postgres issue doesn’t seem to be my problem despite what you posted here at the beginning of last month.

My Postgres seems to be working fine, and from what I can tell is on the port that my other files should looking at by default. This issue has come up multiple other times without any direct resolution from what I’ve been able to tell through this forum. If people are fixing their problem they aren’t sharing that fix for others like Osman here. It just seems to fall into place without any further comment.