1.7 KiB
ChirpStack
Reference install instructions: https://www.chirpstack.io/docs/getting-started/debian-ubuntu.html
Additional instructions/tips not on the official site:
To install the ChirpStack GPG key, use this instead of what's on the ChirpStack documentation page:
# https://superuser.com/a/1773782
gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys 1CE2AFD36DBCCA00 && \
gpg --export 1CE2AFD36DBCCA00 | sudo tee /etc/apt/trusted.gpg.d/chirpstack.gpg >/dev/null && \
gpg --batch --yes --delete-keys 1CE2AFD36DBCCA00
Don't install the chirpstack-gateway-bridge here; just do chirpstack.
Edit /etc/chirpstack/chirpstack.toml as needed (specifically the PostgreSQL config). Add the missing US regions.
Nginx + TLS setup
Install Lego
Get certificate (using DNS-01 + ACME-DNS)
Setup certificate for autorenewal and auto-reload Nginx
Set Nginx config to have two files:
default:
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
return 301 https://$host$request_uri;
}
chirpstack:
server {
listen 443 ssl;
listen [::]:443 ssl;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_certificate /var/www-certs/chirpstack.roeber.dev.crt;
ssl_certificate_key /var/www-certs/chirpstack.roeber.dev.key;
server_name chirpstack.roeber.dev;
server_tokens off; # disable banner
location / {
proxy_pass http://localhost:8080;
}
}
Symlink chirpstack to be active: sudo ln -s /etc/nginx/sites-available/chirpstack /etc/nginx/sites-enabled/chirpstack
Reload Nginx: sudo systemctl reload nginx
(Optional) Run testssl.sh to verify security: clone, then ./testssl.sh chirpstack.roeber.dev