M02_V2 Install TTS through Docker
[toc]
1. Environmental preparation
1.1 Install Certificate Tool
apt install golang-cfssl
1.2 Install docker-compose
1.2.1 The following two methods are the same, but the github network in some regions is slower, and the other one will be faster.
wget https://github.com/docker/compose/releases/download/v2.2.2/docker-compose-linux-aarch64
or
wget http://minerback.heltec.cn/download/docker-compose-linux-aarch64
chmod +x docker-compose-linux-aarch64
cp docker-compose-linux-aarch64 /usr/bin/docker-compose
2. Configure TTS
2.1 Configure the docker-compose.yml file.
2.1.1 Create a folder to save the docker-compose.yml file.
mkdir /root/tts
cd /root/tts
2.1.2 Enter the TTS installation document interface to download the docker-compose.yml file, or use the following statement to download.
cd /root/tts
wget https://www.thethingsindustries.com/docs/getting-started/installation/configuration/docker-compose-open-source.yml -O docker-compose.yml
Note: When downloading, select the configuration file of the open source project to download. You cannot download the enterprise user configuration file.
2.1.3 Postgres currently has no version requirements. It can be configured as a relatively new and stable version. Here is the selected 15.
image: postgres:15
2.1.4 Redis currently requires version 6.2, so you can select 6.2 directly.
image: redis:6.2
2.1.5 The current version of stack is modified directly by 3.22.2. Then because it is used locally, the encryption certificate file is also used locally, so it needs to be commented out # - ./acme:/var/lib/acme. And will be opened with local certificates.
image: thethingsnetwork/lorawan-stack:3.22.2
# - ./acme:/var/lib/acme
secrets:
- ca.pem
- cert.pem
- key.pem
secrets:
ca.pem:
file: ./ca.pem
cert.pem:
file: ./cert.pem
key.pem:
file: ./key.pem
Note: The above modifications are made in the docker-compose.yml file.
2.2 Configure ttn-lw-stack-docker.yml file
2.2.1 Create a folder to save the ttn-lw-stack-docker.ymll file.
mkdir -p /root/tts/config/stack
cd /root/tts/config/stack
2.2.2 Enter the TTS installation document interface to download the ttn-lw-stack-docker.yml file, or use the following statement to download.
cd /root/tts/config/stack
wget https://www.thethingsindustries.com/docs/getting-started/installation/configuration/ttn-lw-stack-docker-open-source.yml -O ttn-lw-stack-docker.yml
2.2.3 Complete block-key: and hash-key: in # HTTP server configuration. 2.2.3.1 Execute the following command in the shell interface to generate the key.
openssl rand -hex 32 # generate 32 bytes
openssl rand -hex 64 # generate 64 bytes
2.2.3.2 Save the key generated above to the following file.
# HTTP server configuration
http:
cookie:
block-key: 'f3043ef59511de9cee7e306718d9cd77e435e5d7f8627a87e2867ce9e438dc63' # generate 32 bytes (openssl rand -hex 32)
hash-key: '20ef7adcc58c6ec4fe5cb1e9890c9c48cb68183732948e4e87a9edf0d663e4846022a6225ceae23001fdeae76bd74523e253dac8aeab39875eef3a10579f4c36' # generate 64 bytes (openssl rand -hex 64)
2.2.4 Modify the encryption file used.
# If using custom certificates:
tls:
source: file
root-ca: /run/secrets/ca.pem
certificate: /run/secrets/cert.pem
key: /run/secrets/key.pem
# Let's encrypt for "thethings.example.com"
#tls:
# source: 'acme'
# acme:
# dir: '/var/lib/acme'
# email: 'you@thethings.example.com'
# hosts: ['thethings.example.com']
# default-host: 'thethings.example.com'
2.2.5 Add a dcs in the console.
console:
dcs:
base-url: 'https://thethings.example.com/api/v3'
2.2.6 Replace all domain names with LAN IP addresses.
2.2.6.1 Get the LAN IP.
ifconfig
2.2.6.2 Replace the domain name with the acquired LAN IP.
identity-server-url: 'https://thethings.example.com/oauth' #Before replacement
identity-server-url: 'https://192.168.2.106/oauth' #After replacement
Note:
When replacing, only the domain name can be replaced, and https:// should be reserved.
After each IP transformation, it needs to be replaced again, otherwise it cannot be accessed normally.
Each domain name of the ttn-lw-stack-docker.yml file needs to be replaced.
3. Certificate generation
3.1 Generate ca.pem
3.1.1 Create ca.json and add the data.
cd /root/tts
vim ca.json
The following data is used for filling.
{
"names": [
{"C": "NL", "ST": "Noord-Holland", "L": "Amsterdam", "O": "The Things Demo"}
]
}
3.1.2 Execute the following command to generate.
cfssl genkey -initca ca.json | cfssljson -bare ca
3.2 Generate key.pem cert.pem
3.2.1 Create cert.json and add the data.
cd /root/tts
vim cert.json
The following is the data for filling. The IP address in it needs to be replaced with its own LAN IP.
{
"hosts": ["192.168.2.106"],
"names": [
{"C": "NL", "ST": "Noord-Holland", "L": "Amsterdam", "O": "The Things Demo"}
]
}
3.2.2 Execute the following command to generate.
cfssl gencert -ca ca.pem -ca-key ca-key.pem cert.json | cfssljson -bare cert
3.2.3 you’ll need to rename cert-key.pem to key.pem.
cp -f cert-key.pem key.pem
4. Run TTS
4.1 Download image file
cd /root/tts
docker-compose pull
4.2 The database of Identity Server needs to be initialized.
docker-compose run --rm stack is-db migrate
4.3 You must create an initial administrator user and make sure you give it a good password.
docker-compose run --rm stack is-db create-admin-user \
--id admin \
--email your@email.com
4.4 The command line interface needs to be registered as an OAuth client.
docker-compose run --rm stack is-db create-oauth-client \
--id cli \
--name "Command Line Interface" \
--owner admin \
--no-secret \
--redirect-uri "local-callback" \
--redirect-uri "code"
4.5 The OAuth client of Console and Network Operations Center needs to be created in Identity Server so that they can use the login function.
SERVER_ADDRESS="192.168.2.106"
ID="console"
NAME="Console"
CLIENT_SECRET="console"
REDIRECT_URI="${SERVER_ADDRESS}/console/oauth/callback"
REDIRECT_PATH="/console/oauth/callback"
LOGOUT_REDIRECT_URI="${SERVER_ADDRESS}/console"
LOGOUT_REDIRECT_PATH="/console"
docker-compose run --rm stack is-db create-oauth-client \
--id ${ID} \
--name "${NAME}" \
--owner admin \
--secret "${CLIENT_SECRET}" \
--redirect-uri "${REDIRECT_URI}" \
--redirect-uri "${REDIRECT_PATH}" \
--logout-redirect-uri "${LOGOUT_REDIRECT_URI}" \
--logout-redirect-uri "${LOGOUT_REDIRECT_PATH}"
Note: These parameters need to be quoted, and the service address needs to be changed to its own IP address.
4.6 Running The Things Stack
docker-compose up