70 lines
1.7 KiB
Markdown
70 lines
1.7 KiB
Markdown
# ChirpStack
|
|
|
|
Reference install instructions: <https://www.chirpstack.io/docs/getting-started/debian-ubuntu.html>
|
|
|
|
Additional instructions/tips not on the official site:
|
|
|
|
To install the ChirpStack GPG key, use this instead of what's on the ChirpStack documentation page:
|
|
|
|
```sh
|
|
# https://superuser.com/a/1773782
|
|
gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys 1CE2AFD36DBCCA00 && \
|
|
gpg --export 1CE2AFD36DBCCA00 | sudo tee /etc/apt/trusted.gpg.d/chirpstack.gpg >/dev/null && \
|
|
gpg --batch --yes --delete-keys 1CE2AFD36DBCCA00
|
|
```
|
|
|
|
Don't install the `chirpstack-gateway-bridge` here; just do `chirpstack`.
|
|
|
|
Edit `/etc/chirpstack/chirpstack.toml` as needed (specifically the PostgreSQL config). Add the missing US regions.
|
|
|
|
## Nginx + TLS setup
|
|
|
|
Install Lego
|
|
|
|
Get certificate (using DNS-01 + ACME-DNS)
|
|
|
|
Setup certificate for autorenewal and auto-reload Nginx
|
|
|
|
Set Nginx config to have two files:
|
|
|
|
`default`:
|
|
|
|
```nginx
|
|
server {
|
|
listen 80 default_server;
|
|
listen [::]:80 default_server;
|
|
|
|
server_name _;
|
|
|
|
return 301 https://$host$request_uri;
|
|
}
|
|
```
|
|
|
|
`chirpstack`:
|
|
|
|
```nginx
|
|
server {
|
|
listen 443 ssl;
|
|
listen [::]:443 ssl;
|
|
|
|
ssl_protocols TLSv1.2 TLSv1.3;
|
|
|
|
ssl_certificate /var/www-certs/chirpstack.roeber.dev.crt;
|
|
ssl_certificate_key /var/www-certs/chirpstack.roeber.dev.key;
|
|
|
|
server_name chirpstack.roeber.dev;
|
|
|
|
server_tokens off; # disable banner
|
|
|
|
location / {
|
|
proxy_pass http://localhost:8080;
|
|
}
|
|
}
|
|
```
|
|
|
|
Symlink `chirpstack` to be active: `sudo ln -s /etc/nginx/sites-available/chirpstack /etc/nginx/sites-enabled/chirpstack`
|
|
|
|
Reload Nginx: `sudo systemctl reload nginx`
|
|
|
|
(Optional) Run [`testssl.sh`](https://github.com/drwetter/testssl.sh/) to verify security: clone, then `./testssl.sh chirpstack.roeber.dev`
|