Project

General

Profile

Library req » History » Version 32

« Previous - Version 32/39 (diff) - Next » - Current version
Refik Hadzialic, 11/16/2011 02:46 PM


Library requirement

Python (installation required on both sides, server computer and BeagleBoard)

Python is required to run our test software.

sudo apt−get install python2.7 python2.7-dev

PJSUA Library (installation required only on server computer)

pjsua is an open source command line SIP user agent (softphone) that is used as the reference implementation for PJSIP, PJNATH, and PJMEDIA. Despite its simple command line appearance, it does pack many features!

This library is used for the SIP handler. More information about this library can be found on this web site http://www.pjsip.org/pjsua.htm

How to use the SIP library and how to install it will be explain here: SIP Handler

SSH (installation required on both sides, server computer and BeagleBoard)

Secure Shell (SSH) is a network protocol for secure data communication, remote shell services or command execution and other secure network services between two networked computers that it connects via a secure channel over an insecure network: a server (running an SSH server program) and a client (running an SSH client program).[1].

Type the following to install it:

sudo apt-get install ssh

We need to configure the ssh connections to the nanoBTS controller boxes without typing the password. We can achieve this by copying the public key to the nanoBTS boxes.

One has to create first the private and public keys on the local machine(i.e. server computer, where the test software runs):

refik@ubuntu:$ [Note: You are on local-host here]

refik@ubuntu:$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/refik/.ssh/id_rsa):[Enter key]
Enter passphrase (empty for no passphrase): [Press enter key]
Enter same passphrase again: [Press enter key]
Your identification has been saved in /home/refik/.ssh/id_rsa.
Your public key has been saved in /home/refik/.ssh/id_rsa.pub.
The key fingerprint is:
33:b3:fe:af:95:95:18:11:31:d5:de:96:2f:f2:35:f9 refik@ubuntu

Then one needs to copy the public key to the remote machine (nanoBTS controller, i.e. BeagleBoard) using ssh-copy-id:

refik@ubuntu:$ ssh-copy-id -i ~/.ssh/id_rsa.pub remote-host
refik@remote-host's password:
Now try logging into the machine, with "ssh 'remote-host'", and check in:

.ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting. 

After we have created the public and private keys, and coppied the public key on the machine to which we want to connect, we can test if we can make an SSH connection to the remote machine:

refik@ubuntu:$ ssh remote-host
[Note: SSH did not ask for password.]

refik@remote-host:$ [Note: You are on remote-host here]

We created this using the guide at: http://www.thegeekstuff.com/2008/11/3-steps-to-perform-ssh-login-without-password-using-ssh-keygen-ssh-copy-id/

easy_install (installation required only on server computer)

Easy Install is a python module (easy_install) bundled with setuptools that lets you automatically download, build, install, and manage Python packages.

sudo apt-get install python-setuptools python-dev build-essential

Setproctitle (installation required only on server computer)

The library allows a process to change its title (as displayed by system tools such as ps and top).

Changing the title is mostly useful in multi-process systems, for example when a master process is forked: changing the children's title allows to identify the task each process is busy with.

You can use easy_install (i.e. the module we previously installed) to install the module. To perform a system-wide installation use:
Preferred installation procedure:

sudo easy_install setproctitle

Not preferred installation procedure:
If you are an unprivileged user or you want to limit installation to a local environment, you can use the command:

easy_install -d /target/path setproctitle

Notice that easy_install requires /target/path to be in your PYTHONPATH.

More information about this library can be found at http://pypi.python.org/pypi/setproctitle

Serial port library (installation required on both sides, server computer and BeagleBoard)

The serial port library is required for the cell phones to communicate with our software. The required library for Python can be installed by typing the following command (both on the server computer and the nanoBTS controller boxes i.e. BeagleBoards):

sudo apt-get install python-serial

MySQL Database (installation required only on server computer)

MySQL is a fast, multi-threaded, multi-user, and robust SQL database server. It is intended for mission-critical, heavy-load production systems as well as for embedding into mass-deployed software.

To install MySQL, run the following command from a terminal prompt:

sudo apt-get install mysql-server

During the installation process you will be prompted to enter a password for the MySQL root user.

Once the installation is complete, the MySQL server should be started automatically. More information can be found at: https://help.ubuntu.com/11.04/serverguide/C/mysql.html

MySQLdb (installation required only on server computer)

MySQLdb is an thread-compatible interface to the popular MySQL database server that provides the Python database API.
_mysql is a low-level API similiar to the MySQL C API. ZMySQLDA is a Database Adapter for Zope2.

If you want to write applications which are portable across databases, use MySQLdb, and avoid using this module directly. _mysql provides an interface which mostly implements the MySQL C API. For more information, see the MySQL documentation. The documentation for this module is intentionally weak because you probably should use the higher-level MySQLdb module. If you really need it, use the standard MySQL docs and transliterate as necessary.

sudo apt-get install python-mysqldb

pChart library

The pChart library is within our installation les and does not require to be installed individually. The library is only required if one uses the web interface and requires the generated resulting image. The library is open source and does not require any licensing. However, if one needs to learn how the library works, information can be found on the pChart web page http://www.pchart.net/

PhpMyadmin (installation required only on server computer)

phpMyAdmin is a very famous MySQL mangement software package. To use it you should install and configure PHP, Apache and php mysql.
The easy way to install PhpMyadmin is installing from package using Apt-get command.

sudo apt-get install phpmyadmin

For detailed instructions on using repositories and package managers, please go to: https://help.ubuntu.com/community/phpMyAdmin

Now you can continue with the steps written by Konrad and at the end configure the server for https and .htaccess.

Installation guide from Konrad

SSH

apt-get install apache

Python:

apt-get install python python-serial python-setuptools python-dev build-essential
easy_install setproctitle

Apache + php:

apt-get install apache2 
apt-get install libapache2-mod-php5
a2enmod php5
/etc/init.d/apache2 restart

MySQL:

apt-get install mysql-server python-mysqldb php5-mysql php5-gd

PJSUA

wget http://www.pjsip.org/release/1.12/pjproject-1.12.tar.bz2
tar --bzip2 -xvf pjproject-1.12.tar.bz2
./configure && make dep && make
cd pjsip-apps/src/python/
make 
sudo make install

Webserver-Config:
(TODO)
see Report page 30 ff.

Database preparation:

mysql -u root -p -h localhost
create databas gsmselftesting;
use mysql;
GRANT ALL PRIVILEGES ON gsmselftesting.* TO 'selftest'@'localhost' IDENTIFIED BY 'some_pass' WITH GRANT OPTION;

mysql -u selftest -p -h localhost -D gsmselftesting < gsmselftesting.sql
mysql -u selftest -p -h localhost -D gsmselftesting < InsertData.sql

Change mysql login credentials in the code:

vim Code/Server-Code/DbClass.py

Chnage mysql login credentials in the website:

vim /var/www-ssl/gsm-selftest/dbconnection.php

Running the System:

export DISPLAY=:0.0
./startSoftware.py

https://132.230.8.115

Configuring the web server to handle https and .htaccess files

HTTPS

First we want to generate a server key by typing the following command:

openssl genrsa −des3 −out server.key 4096

This will generate a 4096 bit long private server key, one is asked to enter two times a password for the server.key. Using the generated private server key, we will create a certificate signing request, server.csr. We were prompted with a series of questions like country, state, organization name and etc which we had to enter to resume.

openssl req -new -key server.key -out server.csr 

In the next step we had to sign the certificate signing request and enter the amount of days for how long it should be valid. In our case we entered the duration of one year, one can make it for longer periods as well (i.e. the amount of 365 has to be changed).

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

We were asked to enter the password again for server.key. After we have completed this step we had to make a version of the server.key which did not require a password, server.key.insecure and we will rename the files appropriately.

openssl rsa -in server.key -out server.key.insecure
mv server.key server.key.secure
mv server.key.insecure server.key

The generated files are very sensitive, since they are our keys. After these steps were completed, we had generated 4 files: server.crt, server.csr, server.key and server.key.secure. Now we need to enable the SSL engine on the Apache web server. We copied server.key and server.crt into /etc/appache2/ssl.

refik@ubuntu:/etc/apache2$ sudo mkdir ssl
cp server.key /etc/apache2/ssl
cp server.crt /etc/apache2/ssl

Then we enabled SSL by typing in a2enmod ssl, "it is simply a general purpose utility to establish a symlink between a module in /etc/apache2/mods-available to /etc/apache2/mods-enabled (or give a message to the effect that a given module does not exist or that it is already symlink-ed for loading)".

refik@ubuntu:/etc/apache2/ssl$ sudo a2enmod ssl
Enabling module ssl.
See /usr/share/doc/apache2.2-common/README.Debian.gz on how to configure SSL and create self-signed certificates.
Run '/etc/init.d/apache2 restart' to activate new configuration!

In the next procedure we had to establish a symlink from the 'available' default-ssl file to the 'enabled' file. Then we created a folder where our secured PHP files will be located (e.g. https://some-domain-name.com/test-software).

refik@ubuntu:/etc/apache2/ssl$ sudo ln -s /etc/apache2/sites-available/default-ssl /etc/apache2/sites-enabled/000-default-ssl 
refik@ubuntu:/etc/apache2/ssl$ cd /var/
refik@ubuntu:/var$ sudo mkdir www-ssl

We had backed up our old configuration files for the virtual hosts, for the case if we damage the Apache configuration files. Then we edited the default-ssl file.

refik@ubuntu:/var$ cd /etc/apache2/sites-available
refik@ubuntu:/etc/apache2/sites-available$ sudo cp default default_original
refik@ubuntu:/etc/apache2/sites-available$ sudo cp default-ssl default-ssl_original
refik@ubuntu:/etc/apache2/sites-available$ sudo vim default-ssl

Only the beginning of the file is listed here and we have modified the line starting with DocumentRoot and <Directory /var/www/> from DocumentRoot /var/www to DocumentRoot /var/www-ssl and from <Directory /var/www/> to <Directory /var/www-ssl/> (i.e. we had to redefine the location of our SSL directory).

<IfModule mod_ssl.c>
<VirtualHost _default_:443>
        ServerAdmin webmaster@localhost

        DocumentRoot /var/www-ssl
        <Directory />
                Options FollowSymLinks
                AllowOverride None
        </Directory>
        <Directory /var/www-ssl/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride None
                Order allow,deny
                allow from all
        </Directory>

One should keep in mind that the port 443 should be free for Apache to use it. In the proceeding step we had to ensure that Apache listens on the given port for a https connection. One could test that by going into the /etc/apache2/ports.conf.

<IfModule mod_ssl.c>
    # If you add NameVirtualHost *:443 here, you will also have to change
    # the VirtualHost statement in /etc/apache2/sites-available/default-ssl
    # to <VirtualHost *:443>
    # Server Name Indication for SSL named virtual hosts is currently not
    # supported by MSIE on Windows XP.
    Listen 443
</IfModule>

In our case it was set up correctly, since the command: Listen 443 was present. In our last configuration step we had to edit default-ssl file to define the correct locations of our keys and to ensure the SSL engine was turned on.

refik@ubuntu:/etc/apache2/sites-available$ sudo vim default-ssl

The following part of the file had to be found and modified according to our key path locations:

SSLEngine on

       #   A self-signed (snakeoil) certificate can be created by installing
       #   the ssl-cert package. See
       #   /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
       #   If both key and certificate are stored in the same file, only the
       #   SSLCertificateFile directive is needed.
       SSLCertificateFile    /etc/apache2/ssl/server.crt
       SSLCertificateKeyFile /etc/apache2/ssl/server.key

       #   Server Certificate Chain:
       #   Point SSLCertificateChainFile at a file containing the

Finally we had configured our server and can proceed with the restart of the apache web server. We created a test web site /var/www-ssl/index.php and navigated our browser to https://localhost. The test was successful!

refik@ubuntu:/etc/apache2/sites-available$ sudo /etc/init.d/apache2 restart
 * Restarting web server apache2                                                                                                                                        [Sat Oct 08 21:52:51 2011] [warn] _default_ VirtualHost overlap on port 443, the first has precedence
 ... waiting [Sat Oct 08 21:52:52 2011] [warn] _default_ VirtualHost overlap on port 443, the first has precedence [ OK ]
refik@ubuntu:/etc/apache2/sites-available$

Configuring the password protection for the web site (using .htaccess)

However, to enable the use of Apache .htaccess files, we will have to reconfigure the Apache configuration files again. root access will be required. First we have to edit the /etc/apache2/sites-available/default-ssl file. Find the following lines and modify the AllowOverride None to AllowOverride All
like in the given configuration segment:

        <Directory /var/www-ssl/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride All
                Order allow,deny
                allow from all
        </Directory>

This will tell Apache web server that it is okay to allow .htaccess files to over-ride previous directives. We must reload the Apache web server before the changes can take effect. We can do it by typing:

sudo /etc/init.d/apache2 reload

The next step is to go to the directory where our test software web page is located (e.g. /var/www-ssl/testsoftware) and to create a file called .htaccess.
Please insert the following code segment inside the created .htaccess file where /var/www-ssl/testsoftware/.htpasswd is your full path address to .htpasswd:

AuthUserFile /var/www-ssl/testsoftware/.htpasswd
AuthName "Authorization Required" 
AuthType Basic
require valid-user 

Then in the next step, create another file called .htpasswd. After you have created it, we will add the usernames that should have access to the web site. We do that by typing the following command, where you can replace konrad with any other combination of letters which will represent your username:

refik@ubuntu:/var/www-ssl/testsoftware$ sudo htpasswd -c .htpasswd konrad

Afterwards, you will be required to type twice the same password for the username you want to create, in this case konrad. "The -c flag is used only when you
are creating a new file. After the first time, you will omit the -c flag, when you are adding new users to an already-existing password file. Otherwise you will overwrite the file!". You can add as many users as you wish, do not forget to remove the -c flag when you do it. In the last step, we have to modify the /etc/apache2/apache2.conf file and to add at the end of it the following code segment where /vaw/www-ssl/testsoftware is the full path to your web page directory where you put the .htpasswd file:

<Directory /vaw/www-ssl/testsoftware>
AllowOverride All
</Directory>

We are done with editing. All we have to do now is to restart the Apache web server. We
can do that by typing:

sudo /etc/init.d/apache2 restart

You can test it now by opening a new browser tab and navigating to https://localhost/testsoftware (keep in mind to replace testsoftware with your name of the folder where the web page is located). If you configured everything properly, you should get a dialog where you can enter your created username and password and try to login.