Pre-configuration
RHEL requires you to be logged in with a Red Hat account in order to use their default package repositories. Register an account at redhat.com, then follow the steps here to link the system to your account.
Installation
Note: All listed commands should be run by the root user unless otherwise specified.
System Configuration
Start by setting the system timezone to UTC.
CODE
ln -sf /usr/share/zoneinfo/UTC /etc/localtime
|
Third-Party Software Repositories
CODE
ARCH=$(/bin/arch)
subscription-manager repos --enable "codeready-builder-for-rhel-9-${ARCH}-rpms"
yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm
|
REMI (Remi’s RPM Repo 8)
Contains many releases of PHP and its accompanying modules.
CODE
yum install -y https://rpms.remirepo.net/enterprise/remi-release-9.rpm
|
Third-Party Software Installation
System Utilities
CODE
yum install -y git wget nano
|
Node.js
CODE
yum install -y --enablerepo=epel gcc-c++ make mosquitto
curl -fsSL https://rpm.nodesource.com/setup_18.x -o nodesource_setup.sh
sudo bash nodesource_setup.sh
sudo yum install -y nodejs
|
LAMP Stack
CODE
sudo dnf module enable php:remi-8.1
yum install -y --enablerepo=remi httpd php php-snmp php-bcmath php-cli php-common php-devel php-intl php-mbstring php-mysqlnd php-opcache php-pdo php-pecl-apcu php-xml policycoreutils-python-utils python3 python3-policycoreutils
# Use prefork module to run php under apache
echo 'LoadModule mpm_prefork_module modules/mod_mpm_prefork.so' > /etc/httpd/conf.modules.d/00-mpm.conf
|
Mosquitto
CODE
sudo yum -y install mosquitto
systemctl start mosquitto
systemctl enable mosquitto
|
Third-Party Software Configuration
PHP
CODE
echo 'date.timezone = UTC' > /etc/php.d/00-datetime.ini
|
Install IonCube Loader
CODE
wget http://downloads3.ioncube.com/loader_downloads/ioncube_loaders_lin_x86-64.tar.gz
tar -xzf ioncube_loaders_lin_x86-64.tar.gz
cp ioncube/ioncube_loader_lin_8.1.so /usr/lib64/php/modules/
echo 'zend_extension=ioncube_loader_lin_8.1.so' > /etc/php.d/05-ioncube.ini
|
MySQL Database Server
Install MySQL
CODE
yum install -y mysql-server
cat <<EOT >> /etc/my.cnf
innodb-file-per-table = on
event-scheduler = on
explicit_defaults_for_timestamp = off
sql-mode = "NO_ENGINE_SUBSTITUTION"
[mysqld]
log_bin_trust_function_creators = 1
EOT
systemctl restart mysqld.service
|
CODE
# Optional: update mysql root password
mysql_secure_installation
# Login to MySQL
mysql -uroot -p
# Change the root password
ALTER USER 'root'@'localhost' IDENTIFIED BY 'MyNewP4ssword$';
# Create an EMX user
CREATE USER 'emx'@'localhost' IDENTIFIED BY 'S3cretP4ssword$';
GRANT ALL PRIVILEGES ON `emx`.* TO 'emx'@'localhost';
# Create an EMX database
CREATE DATABASE `emx`;
exit
|
Firewall Configuration
Only one firewall, if any, should be running. Which is running depends on the specifics of your installation, but below are example configurations for the three most common: dftables, iptables, or firewalld.
Option 1: Using firewalld
CODE
firewall-cmd --zone=public --permanent --add-service=http
firewall-cmd --zone=public --permanent --add-service=https
firewall-cmd --zone=public --permanent --add-port=8080/tcp
systemctl restart firewalld.service
|
Option 2: Using nftables
CODE
nft insert rule ip filter INPUT ct state new tcp dport 80 counter accept
nft insert rule ip filter INPUT ct state new tcp dport 443 counter accept
nft insert rule ip filter INPUT ct state new tcp dport 8080 counter accept
nft list ruleset >> /etc/sysconfig/nftables.conf
# Note that the systemd service should be enabled to automatically reload these settings on reboot.
# systemctl enable nftables
|
Option 3: Using iptables
CODE
iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT
iptables-save > /etc/sysconfig/iptables
|
Apache Web Server
Setup directory access
CODE
rm -rf /var/www
mkdir /var/www
chown apache.apache /var/www
sed -i'' 's#/var/www/html#/var/www#g' /etc/httpd/conf/httpd.conf
|
CODE
semanage fcontext -a -t httpd_sys_content_t "/var/www(/.*)?"
semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/config.php"
semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/uploads(/.*)?"
restorecon -R -v /var/www
setsebool -P httpd_can_network_connect 1
setsebool -P httpd_can_network_connect_db 1
setsebool -P httpd_can_sendmail 1
setsebool -P httpd_unified 1
|
CODE
rm -f /etc/httpd/conf.d/welcome.conf
cat <<EOT > /etc/httpd/conf.d/emx.conf
<VirtualHost *:80>
ServerName default
DocumentRoot "/var/www"
<Directory "/var/www">
Options Indexes FollowSymLinks
AllowOverride All
DirectoryIndex index.php
</Directory>
ErrorLog "/var/log/httpd/emx_error.log"
ServerSignature Off
CustomLog "/var/log/httpd/emx_access.log" combined
</VirtualHost>
EOT
|
Restart Apache
CODE
systemctl enable httpd
systemctl restart httpd
|
PM2
CODE
# Install PM2 process monitor
npm i -g pm2
|
Packet Power Software Installation
EMX/OPX3
Install OPX3 Package
CODE
# Drop the OPX .rpm on the server first using scp, wget, or some other means; then:
rpm -ivh install packetpower-opx2-*.rpm --ignoreos
# Edit MySQL credentials using `nano`, `vim`, or `cat` as below:
cat <<EOT > /var/pacpow-opx/config/mysql.json
{
"host": "localhost",
"user": "emx",
"password": "S3cretP4ssword$",
"database": "emx"
}
EOT
cat <<EOT > /var/pacpow-opx/config/mqtt.json
{
"url": "mqtt://localhost:1883",
"user": null,
"password": null
}
EOT
cat <<EOT > /var/pacpow-opx/config/e4-api-mqtt.config.json
{
"mqtt": {
"url": "mqtt://localhost:1883",
"options" : {
"user": null,
"password": null
}
},
"emx": {
"host":"localhost",
"port":80
},
"jdrTopic":"@p2/JDR",
"panelTopic":"@p2/PANEL"
}
EOT
|
Install EMX Package
CODE
# Drop the EMX .rpm on the server first using scp, wget, or some other means; then:
rpm -ivh packetpower-emx-*.x86_64.rpm --nodeps
# Create the support_files directory for storing firmware, etc.
mkdir -p /var/www/public/support_files/
chown apache.apache /var/www/public/support_files/
|
Reset Permissions
CODE
chown apache.apache /var/www/config.php
restorecon -R -v /var/www
|
Start OPX processes
CODE
# Run OPX processes with PM2 task manager
(cd /var/pacpow-opx && pm2 start config/ecosystem.config.js)
pm2 save
pm2 startup
|
(Optional) Update Support Files
Note: the support files directory is hard-coded to /public/support_files, though it should be possible to symlink it to another location if necessary. It contains node firmware files that can be sent remotely to gateways in order to broadcast updates over the mesh network. This is an optional step that's included just for the sake of completeness.
CODE
# (Optional) Copy over desired firmware files
sudo cp ~/uploaded_files/node.*.bin /var/www/public/support_files/
# Tell SELinux to recursively restore the security context
# !! NOTE: This must be done after *every* update to the support_files folder!
restorecon -R -v /var/www
|
EMX Web Installer
Finally, complete the setup by navigating a browser to the IP address of the EMX server. You will be greeted with a setup screen, which will prompt you for the following information:
