Breadcrumbs

EMX Local 4.0 Installation Guide - RHEL 9

Pre-configuration

RHEL requires you to be logged in with a Red Hat account in order to use their default package repositories. Register an account at redhat.com , then follow the steps here to link the system to your account.

Installation

Note: All listed commands should be run by the root user unless otherwise specified.

System Configuration

Start by setting the system timezone to UTC.

ln -sf /usr/share/zoneinfo/UTC /etc/localtime

Third-Party Software Repositories

EPEL (Extra Packages for Enterprise Linux) 

ARCH=$(/bin/arch)
subscription-manager repos --enable "codeready-builder-for-rhel-9-${ARCH}-rpms"
yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm

REMI (Remi’s RPM Repo 8)

Contains many releases of PHP and its accompanying modules.

yum install -y https://rpms.remirepo.net/enterprise/remi-release-9.rpm

Third-Party Software Installation

System Utilities 

yum install -y git wget nano

Node.js 

yum install -y --enablerepo=epel gcc-c++ make mosquitto
curl -fsSL https://rpm.nodesource.com/setup_18.x -o nodesource_setup.sh
sudo bash nodesource_setup.sh
sudo yum install -y nodejs

LAMP Stack 

sudo dnf module enable php:remi-8.1
yum install -y --enablerepo=remi httpd php php-snmp php-bcmath php-cli php-common php-devel php-intl php-mbstring php-mysqlnd php-opcache php-pdo php-pecl-apcu php-xml policycoreutils-python-utils python3 python3-policycoreutils

# Use prefork module to run php under apache
echo 'LoadModule mpm_prefork_module modules/mod_mpm_prefork.so' > /etc/httpd/conf.modules.d/00-mpm.conf

Mosquitto 

sudo yum -y install mosquitto

systemctl start mosquitto
systemctl enable mosquitto

Third-Party Software Configuration

PHP

Configure PHP timezone: 
echo 'date.timezone = UTC' > /etc/php.d/00-datetime.ini
Install IonCube Loader 
wget http://downloads3.ioncube.com/loader_downloads/ioncube_loaders_lin_x86-64.tar.gz
tar -xzf ioncube_loaders_lin_x86-64.tar.gz
cp ioncube/ioncube_loader_lin_8.1.so /usr/lib64/php/modules/
echo 'zend_extension=ioncube_loader_lin_8.1.so' > /etc/php.d/05-ioncube.ini

MySQL Database Server

Install MySQL 
yum install -y mysql-server

cat <<EOT >> /etc/my.cnf
innodb-file-per-table = on
event-scheduler = on
explicit_defaults_for_timestamp = off
sql-mode = "NO_ENGINE_SUBSTITUTION"
[mysqld]
log_bin_trust_function_creators = 1
EOT
systemctl restart mysqld.service
Configure User Access 
systemctl enable mysqld.service
# Optional: update mysql root password 
mysql_secure_installation
# Login to MySQL
mysql -uroot -p
 
# Change the root password
ALTER USER 'root'@'localhost' IDENTIFIED BY 'MyNewP4ssword$';
 
# Create an EMX user
CREATE USER 'emx'@'localhost' IDENTIFIED BY 'S3cretP4ssword$';
GRANT ALL PRIVILEGES ON `emx`.* TO 'emx'@'localhost';
 
# Create an EMX database
CREATE DATABASE `emx`;
 
exit

Firewall Configuration

Only one firewall, if any, should be running. Which is running depends on the specifics of your installation, but below are example configurations for the three most common: dftables, iptables, or firewalld.

Option 1: Using firewalld 
firewall-cmd --zone=public --permanent --add-service=http
firewall-cmd --zone=public --permanent --add-service=https
firewall-cmd --zone=public --permanent --add-port=8080/tcp
systemctl restart firewalld.service
Option 2: Using nftables 
nft insert rule ip filter INPUT ct state new  tcp dport 80 counter accept
nft insert rule ip filter INPUT ct state new  tcp dport 443 counter accept
nft insert rule ip filter INPUT ct state new  tcp dport 8080 counter accept
nft list ruleset >> /etc/sysconfig/nftables.conf
# Note that the systemd service should be enabled to automatically reload these settings on reboot.
# systemctl enable nftables
Option 3: Using iptables 
iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT
iptables-save > /etc/sysconfig/iptables

Apache Web Server

Setup directory access 
rm -rf /var/www
mkdir /var/www
chown apache.apache /var/www
sed -i'' 's#/var/www/html#/var/www#g' /etc/httpd/conf/httpd.conf
Configure SELinux policies 
semanage fcontext -a -t httpd_sys_content_t "/var/www(/.*)?"
semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/config.php"
semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/uploads(/.*)?"
restorecon -R -v /var/www
setsebool -P httpd_can_network_connect 1
setsebool -P httpd_can_network_connect_db 1
setsebool -P httpd_can_sendmail 1
setsebool -P httpd_unified 1
Configure Apache sites 
rm -f /etc/httpd/conf.d/welcome.conf
cat <<EOT > /etc/httpd/conf.d/emx.conf
<VirtualHost *:80>
 ServerName default
 DocumentRoot "/var/www"
 <Directory "/var/www">
 Options Indexes FollowSymLinks
 AllowOverride All
 DirectoryIndex index.php
 </Directory>
 ErrorLog "/var/log/httpd/emx_error.log"
 ServerSignature Off
 CustomLog "/var/log/httpd/emx_access.log" combined
</VirtualHost>
EOT
Restart Apache 
systemctl enable httpd
systemctl restart httpd

PM2 

# Install PM2 process monitor
npm i -g pm2

Packet Power Software Installation

EMX/OPX3

Install OPX3 Package 
# Drop the OPX .rpm on the server first using scp, wget, or some other means; then:
rpm -ivh packetpower-opx2-*.rpm --ignoreos

# Edit MySQL credentials using `nano`, `vim`, or `cat` as below:
cat <<EOT > /var/pacpow-opx/config/mysql.json
{
  "host": "localhost",
  "user": "emx",
  "password": "S3cretP4ssword$",
  "database": "emx"
}
EOT

cat <<EOT > /var/pacpow-opx/config/mqtt.json
{
  "url": "mqtt://localhost:1883",
  "user": null,
  "password": null
}
EOT
cat <<EOT > /var/pacpow-opx/config/e4-api-mqtt.config.json
{
  "mqtt": {
    "url": "mqtt://localhost:1883",
    "options" : {
      "user": null,
      "password": null
    }
  },
  "emx": {
    "host":"localhost",
    "port":80
  },
  "jdrTopic":"@p2/JDR",
  "panelTopic":"@p2/PANEL"
}
EOT
Install EMX Package 
# Drop the EMX .rpm on the server first using scp, wget, or some other means; then:
rpm -ivh packetpower-emx-*.x86_64.rpm --nodeps

# Create the support_files directory for storing firmware, etc.
mkdir -p /var/www/public/support_files/
chown apache.apache /var/www/public/support_files/
Reset Permissions 
chown apache.apache /var/www/config.php
restorecon -R -v /var/www
Start OPX processes 
pm2 startup

Edit /etc/systemd/system/pm2-root.service using vim or nano

Add # to beginning of this line:

PIDFILE=..

Save and then restart the pm2 process:

systemctl daemon-reload
systemctl restart pm2-root

Run and start pm2 processes:

# Run OPX processes with PM2 task manager
(cd /var/pacpow-opx && pm2 start config/ecosystem.config.js)
pm2 save
(Optional) Update Support Files

Note: the support files directory is hard-coded to /public/support_files, though it should be possible to symlink it to another location if necessary.  It contains node firmware files that can be sent remotely to gateways in order to broadcast updates over the mesh network. This is an optional step that's included just for the sake of completeness.

# (Optional) Copy over desired firmware files
sudo cp ~/uploaded_files/node.*.bin /var/www/public/support_files/ 

# Tell SELinux to recursively restore the security context
# !! NOTE: This must be done after *every* update to the support_files folder!
restorecon -R -v /var/www

EMX Web Installer

Finally, complete the setup by navigating a browser to the IP address of the EMX server.  You will be greeted with a setup screen, which will prompt you for the following information:

  • MySQL credentials

  • Mosquitto configuration (used by OPX3)

    • The following is the default mosquitto configuration:

      • Hostname: 127.0.0.1 (or the IPv4 address of the appropriate server)

      • Username: blank

      • Password: blank

      • Port: 1883

  • (Optional) The SMTP server credentials to be used for alerting capabilities