commit ef0ffaee1e018d9f0a0a15a5bc6094a9a77775f4 Author: Orne Brocaar Date: Tue Apr 3 13:05:55 2018 +0200 Initial commit. diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..e86c082 --- /dev/null +++ b/.gitignore @@ -0,0 +1,6 @@ +# hidden files +.* + +# data folder +/data + diff --git a/README.md b/README.md new file mode 100644 index 0000000..b113f51 --- /dev/null +++ b/README.md @@ -0,0 +1,48 @@ +# LoRa Server Docker setup + +This repository contains a skeleton to setup the [LoRa Server](https://www.loraserver.io) +project using [docker-compose](https://docs.docker.com/compose/). + +**Note:** Please use this `docker-compose.yml` file as a starting point for testing +but keep in mind that for production usage it might need modifications. + +## Directory layout + +* `docker-compose.yml`: the docker-compose file containing the services +* `configuration/lora*`: directory containing the LoRa Server configuration files, see: + * https://www.loraserver.io/lora-gateway-bridge/install/config/ + * https://www.loraserver.io/loraserver/install/config/ + * https://www.loraserver.io/lora-app-server/install/config/ +* `configuration/postgresql/initdb/`: directory containing PostgreSQL initialization scripts +* `data/postgresql`: directory containing the PostgreSQL data (auto-created) +* `data/redis`: directory containing the Redis data (auto-created) + +## Configuration + +The LoRa Server components are pre-configured to work with the provided +`docker-compose.yml` file and defaults to the EU868 LoRaWAN band. Please refer +to the `configuration/loraserver/loraserver.toml` configuration file to +configure a different band. + +## Requirements + +Before using this `docker-compose.yml` file, make sure you have [Docker](https://www.docker.com/community-edition) +installed. + +## Usage + +To start all the LoRa Server components, simply run: + +```bash +$ docker-compose up +``` + +After all the components have been initialized and started, you should be able +to open https://localhost:8080/ in your browser. As the certificates under the +`configuration/lora-app-server/certs` are self-signed, this will raise a warning. + +### Add network-server + +When adding the network-server in the LoRa App Server web-interface +(see [network-servers](https://www.loraserver.io/lora-app-server/use/network-servers/)), +you must enter `loraserver:8000` as the network-server `hostname:IP`. diff --git a/configuration/lora-app-server/certs/http-key.pem b/configuration/lora-app-server/certs/http-key.pem new file mode 100644 index 0000000..9b539a1 --- /dev/null +++ b/configuration/lora-app-server/certs/http-key.pem @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQCmylm1uvBfVYB3 +PnHzpSJm02Vi2dvZtpBPnrGXS8ZcCNiwHs0I/Z2VGJMtTWDUAUOLo1vt46F4Jscv +KFF5+hXs3C/3BVgwfL5He7NdI3JOdq6Pla40tsuBSg8y9ZC13e2Ljst81eeW3R6d +YYob3H8h5oEQjqwoWLyPiN7ZlpYKoROawaXVxeAr/MhZyWEdZtsE5h99hiRX8pIE +4fp6gr8UtDTklx3a3lk5S6jBesvV6K/Myc8yjgXrPKnNXwbturkLdQJRmAfRTHu9 +ylSMXeKR9Ygj5ie3dzNAKZ3Y4BDTJ6RlmQTpR1pZSNluoK1Dhm0qtNOGvaMZe20O +OUvROFIzY6LhbpYTLxgUoCCa9ZVhllCLHl55EOswubFoYIGUEfGHMno9g6MSmIns +Qha/vcPzYn08E1/r8t4dBb1lXarcpLyPEsdOCUCgjGlEeHP8VGebWV9L95zblIty +4G10/dSMlxQyNHj0bSWdKzC1nq6vZ5Di3Vtr+DUDlr7YjLVqP+rQ026Yamc/8B7H +h8/uXLQ33wSyTyElHkNPf+zqjvocEAcN0itrJwTe2r5c6j+R8bPjLYu/oot+s/A7 +6u5bqr/VDC3USNM4knYvhJxt4a7QNdy7SA3X3W2T7nCEF+wOGqPiQDp/SZlSPtf0 +31d60UOEYGe1Mh8vs2+9jD2bPGx/twIDAQABAoICAGVQKvgRyqsOI8/LFarbFy+A +n2hRT5NKqxRCIDv34lDLatxoiUE51PvZBqWRCA0fi2kJ3PB+wflbDMjfY8aFG8ZZ +5aTWEUC6tVZ0lHox6uAwhU5grIYGt00csGjS84kVepK4NXDp+hgQzuTod9z+rhbo +jmOBVp/Xbwp9KGjhaNiiCWeK03IsFUSC8yxe/+e9L7MlGeHEltT5WqsunVjHjMxF +vo9QH+lwAKCmDachMSoJgqgRuhNKY9wFaFuAqpPDRV3pQHRRtgXzwIKDoaH18YeZ +ro2n4141QONrpB810+J/hQPV1D7jgcUUVEc3wKdww2UanBaPoL/80jy+nwhCfuMO +zkkIA5l48S9in2M4suPkM2l+fbFhVDQ6cKguHp0udYh4WwoaZVEM9VFKeGfPselP +5OIRUqM3z+VY3os68L5SLoAF++L1wvZiz8r21uDD+Z7WDE2VZ/Tq0ZxuJTLDmIqv +/s1VknmVWCrp/OaN/JNG7BoYuXCg0nyUvI7W8whIvzgQ7IGlG8TNHAgGzEhJmA+/ +DDx7eKSJAva8aANOG/ie55R/rOmPPO9JrgOMEZ8yK2kcbloFg5gHf4xKezCQNkFb +hSuZ84UmVipJA9u3k0/84rvjz9vk701bICNQa7aikDt6fkkW/pYYuFfPlHfwsJVG +JgkaWvWjcPib5RwyYga5AoIBAQDb/omzsVNMbxd+8S4pMa6jB3YgRY+iiaq6w/My +3OnUgQOxxRwE0pyviNP/wZWOSQ+cvdNaeohPRHGZfo+nMQ6MTexPScqIlEe8Cy6a +rEq9I09siIplhJAnyfRJbZhohWROCj/cD3Im7Mg4wASCIxxk0ygL7n5fbx0MJdlW +fw/NPiCALFHEz9FBAN+tnZR+BAxfzsDNbtuPhsPGNfZqPzxE/3h3kiUcMwPWU0Ii +HR0SHPLtolsSviiy5eFqijNW7y+Xqyu4dzIFg0UuVYYe71Yakk5VJYiCND5PnJD1 +OPeQ+GZbV96F4OUbGY+pHYSfqReC3kPpwGJThtDeVGBbna3jAoIBAQDCFqSjrlsC +hSEKOQBWaTZ4dqVA09pyjqGZQ+h9HX78kYDwCFxLgeZzw4GbulZYMC2Acvr5d/rp +gFaJ/PiLeU1Bt+zcjslzoduE/feS2bi162MIZma06EL4StcFIlZWTjxnThc6v58Z +D40sRCzM6bYwnYf1bxsZSJbWeQAdf/vAMy6IikBPAyQOdaU2Rqb5j1HWCcloGFEf +TvY1ih7jOZsZ4A7FOuUha6YgjqVKz9iR6mabmqpKbhtHO/ywsG6N+BUJJxwxk5YU +FOxjIzDeX8Pg3pp2Pk9JdGRm4Kq3PGB4RpENiQgZBpw6zs895yMktM+Ijz3Lwxod +ukAI9xm2Oo8dAoIBAGHoW4KEhcz7mBpf3ippOQ7HcFQWgUFWQYyTTrYxSUPRE0LX +tYuT7DXXEHq/vf6wF2mrtdeLtwSIMoKcp/RByfa5a1UyQxgb3f0bgOdHjI+2mk90 +SRu7Lqj2oWjYhL7ntudgemFG4ofeU5GmK5t7YtSggS8mOkng2q2gXqS3MeInJzHE +B7QuxTNH30SWYBLhXFx7WKVVFBRBZvnc5EkO0ZTnmcalXSy6q5eEQGeMS3bXOWp3 +Gk8yIEzWMEdJMGYdVzIJ9RBIxBNeA7kGSQWVgN2chY4xgRppg93MkVsBunRjiLJY +Xel5WJ2B98TNJUwlZhhRMSpj+56u3mBEbwn3F/8CggEAQv4H1AuRlFwZXGryZ+En +EQt63NaDNzluI/XhoJX2x/z9MVzhZpquzdR0vyjhNs1iV0zYvhUgwUowFK8Bpzq2 +ZPG0Syjp9gSvPcdflguaiwh1hWe7GcR1oThL4ZTJkj6s8MdukzOjGcZZZycdA5nD +7iHh1OCFzQNWNS9Mz+HmJqBD9pMpwVwHLQqEfSiD5+4FREjagRirn4/kwfQr1yiC +FbtVvdQnVJLQo7o46Yq2aR8sTZdkIg7BUaQuA1rSviQcNq2OOLqFeecC9PEnpAoQ +FWUgkaHOQj9vjGcN5fNsJPfOh4p+Bg1XDaFmvSoz4i6a17sBjHyKXip0geOwt0qd +LQKCAQBAm/OPeAyhQAsP+UajtlFcrKZGlfXGouMksReD7v8P+6uTs24Jl16PiYZt +UrqdQQkpH+3mH+rWnoDTdRmJT4nlpI7Uqp3LRs0XJM6DaZf1eO3JSF1lnvapbbAZ +Jr8YYNunoMxKwLCWPz/YqEljnRTgDl+0EcMGTYR7v76IxekfkfaNIXFAOEqTE8YQ +8Lp/iKlrFv2paV9lrYx7nLS7cMKTfbtliuy868+4e5SSCGmhcUxjwFnymRGHXSBG +6dn32/N8m1B/6AK9N+BBpjbzPR8JzXNh3iLmbigysDFms/g2V4whO9oOpop/x8he +ndDmaPuGcW0282eQmdNL4J9QNcbg +-----END PRIVATE KEY----- diff --git a/configuration/lora-app-server/certs/http.pem b/configuration/lora-app-server/certs/http.pem new file mode 100644 index 0000000..f028f46 --- /dev/null +++ b/configuration/lora-app-server/certs/http.pem @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE----- +MIIEpDCCAowCCQD85f2p9nWwaTANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDDAls +b2NhbGhvc3QwHhcNMTgwNDAzMDk1OTU4WhcNMTkwNDAzMDk1OTU4WjAUMRIwEAYD +VQQDDAlsb2NhbGhvc3QwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCm +ylm1uvBfVYB3PnHzpSJm02Vi2dvZtpBPnrGXS8ZcCNiwHs0I/Z2VGJMtTWDUAUOL +o1vt46F4JscvKFF5+hXs3C/3BVgwfL5He7NdI3JOdq6Pla40tsuBSg8y9ZC13e2L +jst81eeW3R6dYYob3H8h5oEQjqwoWLyPiN7ZlpYKoROawaXVxeAr/MhZyWEdZtsE +5h99hiRX8pIE4fp6gr8UtDTklx3a3lk5S6jBesvV6K/Myc8yjgXrPKnNXwbturkL +dQJRmAfRTHu9ylSMXeKR9Ygj5ie3dzNAKZ3Y4BDTJ6RlmQTpR1pZSNluoK1Dhm0q +tNOGvaMZe20OOUvROFIzY6LhbpYTLxgUoCCa9ZVhllCLHl55EOswubFoYIGUEfGH +Mno9g6MSmInsQha/vcPzYn08E1/r8t4dBb1lXarcpLyPEsdOCUCgjGlEeHP8VGeb +WV9L95zblIty4G10/dSMlxQyNHj0bSWdKzC1nq6vZ5Di3Vtr+DUDlr7YjLVqP+rQ +026Yamc/8B7Hh8/uXLQ33wSyTyElHkNPf+zqjvocEAcN0itrJwTe2r5c6j+R8bPj +LYu/oot+s/A76u5bqr/VDC3USNM4knYvhJxt4a7QNdy7SA3X3W2T7nCEF+wOGqPi +QDp/SZlSPtf031d60UOEYGe1Mh8vs2+9jD2bPGx/twIDAQABMA0GCSqGSIb3DQEB +CwUAA4ICAQCPWR/q0vMM7SjV3k/2ZjzLgGRCZiDLrSxALa/6nKEda+v8OBWUoPkH +fzrm4XNi+THjZputAANtLpeY5eDvO2R2X3+p6q/+W0SgFfQCsymG9T2uYxnaD2w5 +1hJo0bj4BN5Hw3aqSHulJE82z1NAvQWZAf+O6J3HowJX0u2SQwEbSGLLim6sf1Pv +7ZX3o3u3lDY+BjHtzzFZUprWXugAoyfeRPb4tvUL6s5pUhcMy7Dn5ly5SHXrUwRL +zfoMnYZLcNgd9mQSsj9Qm0DCVekl9AcGl42LNgJUfF+8d12TglZnDX+6sgHI77KI +gXEjjSj7N5i1M6jqkdFjQBKRsMc0bQj4hB4Gx4qeUtv+YXq8tvJut6Lt8KL9KBb4 +L6DTWByBTXuBpCXiNoAn5sXzstLfTq1PcWNnmxEZyib6hmT0NnAXlVJtcNwW3P76 +yhWCFWWQCb8LBXgo8RlNEHWqnCNo3cHoQDtQ5AOQZRBh3YghqvCaKq3vjz6phT8D +ErzF0sEmN88EPfN0gV8IJqNxeLVf3Wjy/vWF5cWqeV8DuTshnxhwYTgOWD/6rGd4 +UOjWsMHDY9/Sv4+aLu8JsYug6BID8uCGLjqxlsTKq+nwaXGEYDfxeY4cDYoyExUn +NuPbqGyr4eyFkpgViRPIGjBJXHWs1ejEJcpNSYRPUxbaBpArG/UOjw== +-----END CERTIFICATE----- diff --git a/configuration/lora-app-server/lora-app-server.toml b/configuration/lora-app-server/lora-app-server.toml new file mode 100644 index 0000000..8b06857 --- /dev/null +++ b/configuration/lora-app-server/lora-app-server.toml @@ -0,0 +1,216 @@ +[general] +# Log level +# +# debug=5, info=4, warning=3, error=2, fatal=1, panic=0 +log_level=4 + +# The number of times passwords must be hashed. A higher number is safer as +# an attack takes more time to perform. +password_hash_iterations=100000 + + +# PostgreSQL settings. +# +# Please note that PostgreSQL 9.5+ is required. +[postgresql] +# PostgreSQL dsn (e.g.: postgres://user:password@hostname/database?sslmode=disable). +# +# Besides using an URL (e.g. 'postgres://user:password@hostname/database?sslmode=disable') +# it is also possible to use the following format: +# 'user=loraserver dbname=loraserver sslmode=disable'. +# +# The following connection parameters are supported: +# +# * dbname - The name of the database to connect to +# * user - The user to sign in as +# * password - The user's password +# * host - The host to connect to. Values that start with / are for unix domain sockets. (default is localhost) +# * port - The port to bind to. (default is 5432) +# * sslmode - Whether or not to use SSL (default is require, this is not the default for libpq) +# * fallback_application_name - An application_name to fall back to if one isn't provided. +# * connect_timeout - Maximum wait for connection, in seconds. Zero or not specified means wait indefinitely. +# * sslcert - Cert file location. The file must contain PEM encoded data. +# * sslkey - Key file location. The file must contain PEM encoded data. +# * sslrootcert - The location of the root certificate file. The file must contain PEM encoded data. +# +# Valid values for sslmode are: +# +# * disable - No SSL +# * require - Always SSL (skip verification) +# * verify-ca - Always SSL (verify that the certificate presented by the server was signed by a trusted CA) +# * verify-full - Always SSL (verify that the certification presented by the server was signed by a trusted CA and the server host name matches the one in the certificate) +dsn="postgres://loraserver_as:loraserver_as@postgresql/loraserver_as?sslmode=disable" + +# Automatically apply database migrations. +# +# It is possible to apply the database-migrations by hand +# (see https://github.com/brocaar/lora-app-server/tree/master/migrations) +# or let LoRa App Server migrate to the latest state automatically, by using +# this setting. Make sure that you always make a backup when upgrading Lora +# App Server and / or applying migrations. +automigrate=true + + +# Redis settings +# +# Please note that Redis 2.6.0+ is required. +[redis] +# Redis url (e.g. redis://user:password@hostname/0) +# +# For more information about the Redis URL format, see: +# https://www.iana.org/assignments/uri-schemes/prov/redis +url="redis://redis:6379" + + +# Application-server settings. +[application_server] +# Application-server identifier. +# +# Random UUID defining the id of the application-server installation (used by +# LoRa Server as routing-profile id). +# For now it is recommended to not change this id. +id="6d5db27e-4ce2-4b2b-b5d7-91f069397978" + + + # MQTT integration configuration used for publishing (data) events + # and scheduling downlink application payloads. + # Next to this integration which is always available, the user is able to + # configure additional per-application integrations. + [application_server.integration.mqtt] + # MQTT topic templates for the different MQTT topics. + # + # The meaning of these topics are documented at: + # https://docs.loraserver.io/lora-app-server/integrate/data/ + # + # The following substitutions can be used: + # * "{{ .ApplicationID }}" for the application id. + # * "{{ .DevEUI }}" for the DevEUI of the device. + # + # Note: the downlink_topic_template must contain both the application id and + # DevEUI substitution! + uplink_topic_template="application/{{ .ApplicationID }}/node/{{ .DevEUI }}/rx" + downlink_topic_template="application/{{ .ApplicationID }}/node/{{ .DevEUI }}/tx" + join_topic_template="application/{{ .ApplicationID }}/node/{{ .DevEUI }}/join" + ack_topic_template="application/{{ .ApplicationID }}/node/{{ .DevEUI }}/ack" + error_topic_template="application/{{ .ApplicationID }}/node/{{ .DevEUI }}/error" + + # MQTT server (e.g. scheme://host:port where scheme is tcp, ssl or ws) + server="tcp://mosquitto:1883" + + # Connect with the given username (optional) + username="" + + # Connect with the given password (optional) + password="" + + # Quality of service level + # + # 0: at most once + # 1: at least once + # 2: exactly once + # + # Note: an increase of this value will decrease the performance. + # For more information: https://www.hivemq.com/blog/mqtt-essentials-part-6-mqtt-quality-of-service-levels + qos=0 + + # Clean session + # + # Set the "clean session" flag in the connect message when this client + # connects to an MQTT broker. By setting this flag you are indicating + # that no messages saved by the broker for this client should be delivered. + clean_session=true + + # Client ID + # + # Set the client id to be used by this client when connecting to the MQTT + # broker. A client id must be no longer than 23 characters. When left blank, + # a random id will be generated. This requires clean_session=true. + client_id="" + + # CA certificate file (optional) + # + # Use this when setting up a secure connection (when server uses ssl://...) + # but the certificate used by the server is not trusted by any CA certificate + # on the server (e.g. when self generated). + ca_cert="" + + # TLS certificate file (optional) + tls_cert="" + + # TLS key file (optional) + tls_key="" + + + # Settings for the "internal api" + # + # This is the API used by LoRa Server to communicate with LoRa App Server + # and should not be exposed to the end-user. + [application_server.api] + # ip:port to bind the api server + bind="0.0.0.0:8001" + + # ca certificate used by the api server (optional) + ca_cert="" + + # tls certificate used by the api server (optional) + tls_cert="" + + # tls key used by the api server (optional) + tls_key="" + + # Public ip:port of the application-server API. + # + # This is used by LoRa Server to connect to LoRa App Server. When running + # LoRa App Server on a different host than LoRa Server, make sure to set + # this to the host:ip on which LoRa Server can reach LoRa App Server. + # The port must be equal to the port configured by the 'bind' flag + # above. + public_host="appserver:8001" + + + # Settings for the "external api" + # + # This is the API and web-interface exposed to the end-user. + [application_server.external_api] + # ip:port to bind the (user facing) http server to (web-interface and REST / gRPC api) + bind="0.0.0.0:8080" + + # http server TLS certificate + tls_cert="/etc/lora-app-server/certs/http.pem" + + # http server TLS key + tls_key="/etc/lora-app-server/certs/http-key.pem" + + # JWT secret used for api authentication / authorization + # You could generate this by executing 'openssl rand -base64 32' for example + jwt_secret="verysecret" + + # when set, existing users can't be re-assigned (to avoid exposure of all users to an organization admin)" + disable_assign_existing_users=false + + + +# Join-server configuration. +# +# LoRa App Server implements a (subset) of the join-api specified by the +# LoRaWAN Backend Interfaces specification. This API is used by LoRa Server +# to handle join-requests. +[join_server] +# ip:port to bind the join-server api interface to +bind="0.0.0.0:8003" + +# ca certificate used by the join-server api server +ca_cert="" + +# tls certificate used by the join-server api server (optional) +tls_cert="" + +# tls key used by the join-server api server (optional) +tls_key="" + + +# Network-server configuration. +# +# This configuration is only used to migrate from older LoRa App Server. +[network_server] +server="127.0.0.1:8000" diff --git a/configuration/lora-gateway-bridge/lora-gateway-bridge.toml b/configuration/lora-gateway-bridge/lora-gateway-bridge.toml new file mode 100644 index 0000000..176c9a1 --- /dev/null +++ b/configuration/lora-gateway-bridge/lora-gateway-bridge.toml @@ -0,0 +1,83 @@ +[general] +# debug=5, info=4, warning=3, error=2, fatal=1, panic=0 +log_level = 4 + + +# Configuration which relates to the packet-forwarder. +[packet_forwarder] +# ip:port to bind the UDP listener to +# +# Example: 0.0.0.0:1700 to listen on port 1700 for all network interfaces. +# This is the listeren to which the packet-forwarder forwards its data +# so make sure the 'serv_port_up' and 'serv_port_down' from your +# packet-forwarder matches this port. +udp_bind = "0.0.0.0:1700" + +# Skip the CRC status-check of received packets +# +# This is only has effect when the packet-forwarder is configured to forward +# LoRa frames with CRC errors. +skip_crc_check = false + + +# Configuration for the MQTT backend. +[backend.mqtt] +# MQTT topic templates for the different MQTT topics. +# +# The meaning of these topics are documented at: +# https://docs.loraserver.io/lora-gateway-bridge/use/data/ +# +# The default values match the default expected configuration of the +# LoRa Server MQTT backend. Therefore only change these values when +# absolutely needed. +# Use "{{ .MAC }}" as an substitution for the LoRa gateway MAC. +uplink_topic_template="gateway/{{ .MAC }}/rx" +downlink_topic_template="gateway/{{ .MAC }}/tx" +stats_topic_template="gateway/{{ .MAC }}/stats" +ack_topic_template="gateway/{{ .MAC }}/ack" + +# MQTT server (e.g. scheme://host:port where scheme is tcp, ssl or ws) +server="tcp://mosquitto:1883" + +# Connect with the given username (optional) +username="" + +# Connect with the given password (optional) +password="" + +# Quality of service level +# +# 0: at most once +# 1: at least once +# 2: exactly once +# +# Note: an increase of this value will decrease the performance. +# For more information: https://www.hivemq.com/blog/mqtt-essentials-part-6-mqtt-quality-of-service-levels +qos=0 + +# Clean session +# +# Set the "clean session" flag in the connect message when this client +# connects to an MQTT broker. By setting this flag you are indicating +# that no messages saved by the broker for this client should be delivered. +clean_session=true + +# Client ID +# +# Set the client id to be used by this client when connecting to the MQTT +# broker. A client id must be no longer than 23 characters. When left blank, +# a random id will be generated. This requires clean_session=true. +client_id="" + +# CA certificate file (optional) +# +# Use this when setting up a secure connection (when server uses ssl://...) +# but the certificate used by the server is not trusted by any CA certificate +# on the server (e.g. when self generated). +ca_cert="" + +# mqtt TLS certificate file (optional) +tls_cert="" + +# mqtt TLS key file (optional) +tls_key="" diff --git a/configuration/loraserver/loraserver.toml b/configuration/loraserver/loraserver.toml new file mode 100644 index 0000000..833d953 --- /dev/null +++ b/configuration/loraserver/loraserver.toml @@ -0,0 +1,389 @@ +[general] +# Log level +# +# debug=5, info=4, warning=3, error=2, fatal=1, panic=0 +log_level=4 + + +# PostgreSQL settings. +# +# Please note that PostgreSQL 9.5+ is required. +[postgresql] +# PostgreSQL dsn (e.g.: postgres://user:password@hostname/database?sslmode=disable). +# +# Besides using an URL (e.g. 'postgres://user:password@hostname/database?sslmode=disable') +# it is also possible to use the following format: +# 'user=loraserver dbname=loraserver sslmode=disable'. +# +# The following connection parameters are supported: +# +# * dbname - The name of the database to connect to +# * user - The user to sign in as +# * password - The user's password +# * host - The host to connect to. Values that start with / are for unix domain sockets. (default is localhost) +# * port - The port to bind to. (default is 5432) +# * sslmode - Whether or not to use SSL (default is require, this is not the default for libpq) +# * fallback_application_name - An application_name to fall back to if one isn't provided. +# * connect_timeout - Maximum wait for connection, in seconds. Zero or not specified means wait indefinitely. +# * sslcert - Cert file location. The file must contain PEM encoded data. +# * sslkey - Key file location. The file must contain PEM encoded data. +# * sslrootcert - The location of the root certificate file. The file must contain PEM encoded data. +# +# Valid values for sslmode are: +# +# * disable - No SSL +# * require - Always SSL (skip verification) +# * verify-ca - Always SSL (verify that the certificate presented by the server was signed by a trusted CA) +# * verify-full - Always SSL (verify that the certification presented by the server was signed by a trusted CA and the server host name matches the one in the certificate) +dsn="postgres://loraserver_ns:loraserver_ns@postgresql/loraserver_ns?sslmode=disable" + +# Automatically apply database migrations. +# +# It is possible to apply the database-migrations by hand +# (see https://github.com/brocaar/loraserver/tree/master/migrations) +# or let LoRa App Server migrate to the latest state automatically, by using +# this setting. Make sure that you always make a backup when upgrading Lora +# App Server and / or applying migrations. +automigrate=true + + +# Redis settings +# +# Please note that Redis 2.6.0+ is required. +[redis] +# Redis url (e.g. redis://user:password@hostname/0) +# +# For more information about the Redis URL format, see: +# https://www.iana.org/assignments/uri-schemes/prov/redis +url="redis://redis:6379" + + +# Network-server settings. +[network_server] +# Network identifier (NetID, 3 bytes) encoded as HEX (e.g. 010203) +net_id="010203" + +# Time to wait for uplink de-duplication. +# +# This is the time that LoRa Server will wait for other gateways to receive +# the same uplink frame. Valid units are 'ms' or 's'. +# Please note that this value has influence on the uplink / downlink +# roundtrip time. Setting this value too high means LoRa Server will be +# unable to respond to the device within its receive-window. +deduplication_delay="200ms" + +# Device session expiration. +# +# The TTL value defines the time after which a device-session expires +# after no activity. Valid units are 'ms', 's', 'm', 'h'. Note that these +# values can be combined, e.g. '24h30m15s'. +device_session_ttl="744h0m0s" + +# Get downlink data delay. +# +# This is the time that LoRa Server waits between forwarding data to the +# application-server and reading data from the queue. A higher value +# means that the application-server has more time to schedule a downlink +# queue item which can be processed within the same uplink / downlink +# transaction. +# Please note that this value has influence on the uplink / downlink +# roundtrip time. Setting this value too high means LoRa Server will be +# unable to respond to the device within its receive-window. +get_downlink_data_delay="100ms" + + + # LoRaWAN regional band configuration. + # + # Note that you might want to consult the LoRaWAN Regional Parameters + # specification for valid values that apply to your region. + # See: https://www.lora-alliance.org/lorawan-for-developers + [network_server.band] + # LoRaWAN band to use. + # + # Valid values are: + # * AS_923 + # * AU_915_928 + # * CN_470_510 + # * CN_779_787 + # * EU_433 + # * EU_863_870 + # * IN_865_867 + # * KR_920_923 + # * RU_864_870 + # * US_902_928 + name="EU_863_870" + + # Enforce 400ms dwell time + # + # Some band configurations define the max payload size for both dwell-time + # limitation enabled as disabled (e.g. AS 923). In this case the + # dwell time setting must be set to enforce the max payload size + # given the dwell-time limitation. For band configuration where the dwell-time is + # always enforced, setting this flag is not required. + dwell_time_400ms=false + + # Enforce repeater compatibility + # + # Most band configurations define the max payload size for both an optional + # repeater encapsulation layer as for setups where a repeater will never + # be used. The latter case increases the max payload size for some data-rates. + # In case a repeater might used, set this flag to true. + repeater_compatible=false + + + # LoRaWAN network related settings. + [network_server.network_settings] + # Installation margin (dB) used by the ADR engine. + # + # A higher number means that the network-server will keep more margin, + # resulting in a lower data-rate but decreasing the chance that the + # device gets disconnected because it is unable to reach one of the + # surrounded gateways. + installation_margin=10 + + # Class A RX1 delay + # + # 0=1sec, 1=1sec, ... 15=15sec. A higher value means LoRa Server has more + # time to respond to the device as the delay between the uplink and the + # first receive-window will be increased. + rx1_delay=1 + + # RX1 data-rate offset + # + # Please consult the LoRaWAN Regional Parameters specification for valid + # options of the configured network_server.band.name. + rx1_dr_offset=0 + + # RX2 data-rate + # + # When set to -1, the default RX2 data-rate will be used for the configured + # LoRaWAN band. + # + # Please consult the LoRaWAN Regional Parameters specification for valid + # options of the configured network_server.band.name. + rx2_dr=-1 + + # RX2 frequency + # + # When set to -1, the default RX2 frequency will be used. + # + # Please consult the LoRaWAN Regional Parameters specification for valid + # options of the configured network_server.band.name. + rx2_frequency=-1 + + # Enable only a given sub-set of channels + # + # Use this when ony a sub-set of the by default enabled channels are being + # used. For example when only using the first 8 channels of the US band. + # + # Example: + # enabled_uplink_channels=[0, 1, 2, 3, 4, 5, 6, 7] + enabled_uplink_channels=[] + + + # Extra channel configuration. + # + # Use this for LoRaWAN regions where it is possible to extend the by default + # available channels with additional channels (e.g. the EU band). + # The first 5 channels will be configured as part of the OTAA join-response + # (using the CFList field). + # The other channels (or channel / data-rate changes) will be (re)configured + # using the NewChannelReq mac-command. + # + # Example: + # [[network_server.network_settings.extra_channels]] + # frequency=867100000 + # min_dr=0 + # max_dr=5 + + # [[network_server.network_settings.extra_channels]] + # frequency=867300000 + # min_dr=0 + # max_dr=5 + + # [[network_server.network_settings.extra_channels]] + # frequency=867500000 + # min_dr=0 + # max_dr=5 + + # [[network_server.network_settings.extra_channels]] + # frequency=867700000 + # min_dr=0 + # max_dr=5 + + # [[network_server.network_settings.extra_channels]] + # frequency=867900000 + # min_dr=0 + # max_dr=5 + + + # Class B settings + [network_server.network_settings.class_b] + # Ping-slot data-rate. + ping_slot_dr=0 + + # Ping-slot frequency (Hz) + # + # Set this to 0 to use the default frequency plan for the configured region + # (which could be frequency hopping). + ping_slot_frequency=0 + + + # Network-server API + # + # This is the network-server API that is used by LoRa App Server or other + # custom components interacting with LoRa Server. + [network_server.api] + # ip:port to bind the api server + bind="0.0.0.0:8000" + + # ca certificate used by the api server (optional) + ca_cert="" + + # tls certificate used by the api server (optional) + tls_cert="" + + # tls key used by the api server (optional) + tls_key="" + + # Gateway API + # + # This API is used by the LoRa Channel Manager component to fetch + # channel configuration. + [network_server.gateway.api] + # ip:port to bind the api server + bind="0.0.0.0:8002" + + # CA certificate used by the api server (optional) + ca_cert="" + + # tls certificate used by the api server (optional) + tls_cert="" + + # tls key used by the api server (optional) + tls_key="" + + # JWT secret used by the gateway api server for gateway authentication / authorization + jwt_secret="verysecret" + + # Gateway statistics settings. + [network_server.gateway.stats] + # Create non-existing gateways on receiving of stats + # + # When set to true, LoRa Server will create the gateway when it receives + # statistics for a gateway that does not yet exist. + create_gateway_on_stats=true + + # Aggregation timezone + # + # This timezone is used for correctly aggregating the statistics (for example + # 'Europe/Amsterdam'). + # To get the list of supported timezones by your PostgreSQL database, + # execute the following SQL query: + # select * from pg_timezone_names; + # When left blank, the default timezone of your database will be used. + timezone="" + + # Aggregation intervals to use for aggregating the gateway stats + # + # Valid options: second, minute, hour, day, week, month, quarter, year. + # When left empty, no statistics will be stored in the database. + # Note, LoRa App Server expects at least "minute", "day", "hour"! + aggregation_intervals=["minute", "hour", "day"] + + + # MQTT gateway backend settings. + # + # This is the backend communicating with the LoRa gateways over a MQTT broker. + [network_server.gateway.backend.mqtt] + # MQTT topic templates for the different MQTT topics. + # + # The meaning of these topics are documented at: + # https://docs.loraserver.io/lora-gateway-bridge/use/data/ + # + # The default values match the default expected configuration of the + # LoRa Gateway Bridge MQTT backend. Therefore only change these values when + # absolutely needed. + # Use "{{ .MAC }}" as an substitution for the LoRa gateway MAC. + uplink_topic_template="gateway/+/rx" + downlink_topic_template="gateway/{{ .MAC }}/tx" + stats_topic_template="gateway/+/stats" + ack_topic_template="gateway/+/ack" + + # MQTT server (e.g. scheme://host:port where scheme is tcp, ssl or ws) + server="tcp://mosquitto:1883" + + # Connect with the given username (optional) + username="" + + # Connect with the given password (optional) + password="" + + # Quality of service level + # + # 0: at most once + # 1: at least once + # 2: exactly once + # + # Note: an increase of this value will decrease the performance. + # For more information: https://www.hivemq.com/blog/mqtt-essentials-part-6-mqtt-quality-of-service-levels + qos=0 + + # Clean session + # + # Set the "clean session" flag in the connect message when this client + # connects to an MQTT broker. By setting this flag you are indicating + # that no messages saved by the broker for this client should be delivered. + clean_session=true + + # Client ID + # + # Set the client id to be used by this client when connecting to the MQTT + # broker. A client id must be no longer than 23 characters. When left blank, + # a random id will be generated. This requires clean_session=true. + client_id="" + + # CA certificate file (optional) + # + # Use this when setting up a secure connection (when server uses ssl://...) + # but the certificate used by the server is not trusted by any CA certificate + # on the server (e.g. when self generated). + ca_cert="" + + # TLS certificate file (optional) + tls_cert="" + + # TLS key file (optional) + tls_key="" + + +# Default join-server settings. +[join_server.default] +# hostname:port of the default join-server +# +# This API is provided by LoRa App Server. +server="http://appserver:8003" + +# ca certificate used by the default join-server client (optional) +ca_cert="" + +# tls certificate used by the default join-server client (optional) +tls_cert="" + +# tls key used by the default join-server client (optional) +tls_key="" + + +# Network-controller configuration. +[network_controller] +# hostname:port of the network-controller api server (optional) +server="" + +# ca certificate used by the network-controller client (optional) +ca_cert="" + +# tls certificate used by the network-controller client (optional) +tls_cert="" + +# tls key used by the network-controller client (optional) +tls_key="" diff --git a/configuration/postgresql/initdb/001-init-loraserver_ns.sh b/configuration/postgresql/initdb/001-init-loraserver_ns.sh new file mode 100644 index 0000000..a8f3ff9 --- /dev/null +++ b/configuration/postgresql/initdb/001-init-loraserver_ns.sh @@ -0,0 +1,7 @@ +#!/bin/bash +set -e + +psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" <<-EOSQL + create role loraserver_ns with login password 'loraserver_ns'; + create database loraserver_ns with owner loraserver_ns; +EOSQL diff --git a/configuration/postgresql/initdb/002-init-loraserver_as.sh b/configuration/postgresql/initdb/002-init-loraserver_as.sh new file mode 100644 index 0000000..3480ad6 --- /dev/null +++ b/configuration/postgresql/initdb/002-init-loraserver_as.sh @@ -0,0 +1,7 @@ +#!/bin/bash +set -e + +psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" <<-EOSQL + create role loraserver_as with login password 'loraserver_as'; + create database loraserver_as with owner loraserver_as; +EOSQL diff --git a/configuration/postgresql/initdb/003-loraserver_as_trgm.sh b/configuration/postgresql/initdb/003-loraserver_as_trgm.sh new file mode 100644 index 0000000..ac2fa58 --- /dev/null +++ b/configuration/postgresql/initdb/003-loraserver_as_trgm.sh @@ -0,0 +1,6 @@ +#!/bin/bash +set -e + +psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname="loraserver_as" <<-EOSQL + create extension pg_trgm; +EOSQL diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..d1e5bb4 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,41 @@ +version: "2" + +services: + loraserver: + image: loraserver/loraserver:latest + volumes: + - ./configuration/loraserver:/etc/loraserver + + appserver: + image: loraserver/lora-app-server:latest + ports: + - 8080:8080 + volumes: + - ./configuration/lora-app-server:/etc/lora-app-server + + gatewaybridge: + image: loraserver/lora-gateway-bridge:latest + ports: + - 1700:1700/udp + volumes: + - ./configuration/lora-gateway-bridge:/etc/lora-gateway-bridge + + postgresql: + image: postgres:9.6-alpine + ports: + - 5432 + volumes: + - ./configuration/postgresql/initdb:/docker-entrypoint-initdb.d + - ./data/postgresql:/var/lib/postgresql/data + + redis: + ports: + - 6379 + image: redis:4-alpine + volumes: + - ./data/redis:/data + + mosquitto: + image: eclipse-mosquitto + ports: + - 1883:1883