User Tools

Site Tools


project:cchs:access_system:installation_instructions

Download

A note about security

For now, authentication between the backend server and the frontend is achieved by SSL client certificates. You will need:

  • A home made certificate authority
  • A server certificate for the backend from that CA
  • A client certificate for each frontend from that CA

For our configuration, using nginx, this is a good post on how to do the above steps. For the client you will need to strip the password from the client private key and then bundle it up with the client certificate:

openssl rsa -in client.key -out client-nopasswd.key # strip the password
cat client-nopasswd.key client.crt > client-certs.bundle 

Frontend

Dependencies

  • libnfc and libfreefare from nfc-tools.org (latest version/git HEAD preferred)
  • git to obtain the latest versions of the above
  • libbcm2835 if you are using a Raspberry-Pi
  • automake, autoconf and libtool
  • cmake
  • (lib)curl library and development headers. On Raspbian, libcurl is already installed, but you need to install “libcurl4-openssl-dev” for development headers
  • libusb 1.0 development headers (libusb-1.0-0-dev in Debian/Raspbian). This is for compatibility with PN53x USB native readers, it will probably be removed in the future.
  • supervise from the daemontools package

libnfc

If you have an Adafruit/microBuilder PN532 board (or clone), when compiling libnfc, you need to enable the pn532_uart driver

To compile libnfc:

  1. cd libnfc
  2. autoreconf -vis
  3. ./configure –with-drivers=pn532_uart
  4. make
  5. sudo make install

TIP: It may be useful to enable debug mode in libnfc to view the serial traffic libnfc is sending/receiving, you can do this by adding “–enable-debug” to configure. The debug level can be silenced by modifying libnfc.conf later on.

Configuration steps on the Raspberry Pi

You will first need to disable the inbuilt serial console that occupies the UART by default. See the instructions on the Adafruit tutorial

libnfc now uses a configuration file to set the preferred device, copy libnfc.conf.sample in the libnfc sources to /usr/local/etc/nfc/libnfc.conf (you will need to create this directory), then add the following line at the bottom: device.connstring = “pn532_uart:/dev/ttyAMA0” “

Test that libnfc and the hardware works by running “nfc-list”, which will display information on any NFC tags in the readers field.

libfreefare

libfreefare can be installed in the same manner as libnfc, no extra arguments to ”./configure“ are required

libcm2835

As above, just run ”./configure && make && sudo make install“

The Frontend itself

After downloading the frontend code, run “cmake .” in the source code directory to configure it. You will need to edit “local-settings.h” to set the backend server to communicate with.

Then, just run “make” to compile the code.

The frontend can be started by running “sudo ./door-system” - root privs are required by libbcm2835 to access the GPIO interface in memory.

Adding to init

  • As root, copy the door-system executable to /usr/local/sbin
  • Copy startdoor.sh (in the source tree) to /usr/local/sbin/
  • Add ”/usr/local/sbin/startdoor.sh“ to /etc/rc.local, before the “exit 0” line.

The door-system daemon should now start automatically on boot.

Backend

The backend is a standard Django project, getting it working in standalone mode is similar to other Django projects.

Only Python 2.7+ with MySQL is supported for now.

  • Ensure you have the MySQL modules for Python installed.
  • Create a MySQL database for the door system.
  • Edit settings.py with your mysql details (ensure you set engine to 'django.db.backends.mysql')
  • Run python2.7 manage.py syncdb to create the tables in your database.

Quickstart

You can now run the backend server in standalone mode as usual:

python2.7 manage.py runserver 0.0.0.0:8000

Django reference: https://docs.djangoproject.com/en/1.4/intro/tutorial01/

'Production' configuration using uWSGI+nginx

The embedded HTTP server in django is adequate for production uses, but I'd suggest using the uWSGI app server together with the nginx HTTP server. The packages in your distribution may be out of date (uWSGI in particular is a fast moving target). Consider compiling both from source

There are multiple ways to use Django with uWSGI, and the best method tends to change depending on the latest django version.

For this particular version, the file “django_wsgi.py” is used as the executable file in uWSGI. This file needs to be modified with the path for the parent directory to the doorbackend.

For nginx, you need to add a block like this to the config file:

server {
        listen       8000;
        #listen       somename:8080;
        #server_name  somename  alias  another.alias;

        location / {
            root   html;
            index  index.html index.htm;
                uwsgi_pass 127.0.0.1:49152;
                include uwsgi_params;
        }
        location /static/admin/ {
                alias /usr/local/lib/python2.7/dist-packages/django/contrib/admin/static/admin/;
        }
    }

HINT: The standard nginx config file has a block defined for port 8000 below the default port 80 block - just modify accordingly The alias for /static/admin/ is to be able to use the inbuilt django admin interface - adjust accordingly for your installation.

You can then bundle these up into a script which can be added to rc.local:

#!/bin/bash

source /etc/profile

killall uwsgi
killall nginx

/usr/local/bin/uwsgi --socket 127.0.0.1:49152 --chdir /home/hacker/doorbackend/ -pp .. -w django_wsgi \ 
-p 1 --env "DJANGO_SETTINGS_MODULE=doorbackend.settings" --daemonize=/var/log/uwsgi-nfc.log 
/usr/local/nginx/sbin/nginx

TODO: Find a friendlier way to do this for your distribution.

project/cchs/access_system/installation_instructions.txt · Last modified: 2015/04/16 19:56 by projectgus