# ChirpStack

Reference install instructions: <https://www.chirpstack.io/docs/getting-started/debian-ubuntu.html>

Additional instructions/tips not on the official site:

To install the ChirpStack GPG key, use this instead of what's on the ChirpStack documentation page:

```sh
# https://superuser.com/a/1773782
gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys 1CE2AFD36DBCCA00 && \
gpg --export 1CE2AFD36DBCCA00 | sudo tee /etc/apt/trusted.gpg.d/chirpstack.gpg >/dev/null && \
gpg --batch --yes --delete-keys 1CE2AFD36DBCCA00
```

Don't install the `chirpstack-gateway-bridge` here; just do `chirpstack`.

Edit `/etc/chirpstack/chirpstack.toml` as needed (specifically the PostgreSQL config). Add the missing US regions.

## Nginx + TLS setup

Install Lego

Get certificate (using DNS-01 + ACME-DNS)

Setup certificate for autorenewal and auto-reload Nginx

Set Nginx config to have two files:

`default`:

```nginx
server {
    listen 80 default_server;
    listen [::]:80 default_server;

    server_name _;

    return 301 https://$host$request_uri;
}
```

`chirpstack`:

```nginx
server {
    listen 443 ssl;
    listen [::]:443 ssl;

    ssl_protocols TLSv1.2 TLSv1.3;
    
    ssl_certificate /var/www-certs/chirpstack.roeber.dev.crt;
    ssl_certificate_key /var/www-certs/chirpstack.roeber.dev.key;

    server_name chirpstack.roeber.dev;

    server_tokens off; # disable banner

    location / {
        proxy_pass http://localhost:8080;
    }
}
```

Symlink `chirpstack` to be active: `sudo ln -s /etc/nginx/sites-available/chirpstack /etc/nginx/sites-enabled/chirpstack`

Reload Nginx: `sudo systemctl reload nginx`

(Optional) Run [`testssl.sh`](https://github.com/drwetter/testssl.sh/) to verify security: clone, then `./testssl.sh chirpstack.roeber.dev`