On-going development repo, shell scripts has to be run one-by-one for now.
The scripts are to setup IoT cloud server (Ubuntu) from fresh install through VPS, assuming basic setups on the server has already been done and a user with sudo privileges is used.
For migrating from old server, all the persistent volumes data should be migrated manually into /usr/local/sbin before running the scripts.
Using Traefik as reversed proxy, all connections are TLS encrypted with Let's Encrypt (Renew every 90 days). Only Port 443 (HTTPS) and Port 8883 (TCP/MQTTS) are opened. For devices to publish messages, if the Let's Encrypt CA Certificate is not configured by default, the file (isrgrootx1.pem) can be manually given. The Let's Encrypt certificate can be used until year 2035.
E.g.:
.\mosquitto_pub.exe -h <mqtt_url> --cafile D:\path\to\isrgrootx1.pem -p 8883 -t test -m "Hello World" -u <username> -P <password> -d- Traefik: For reversed proxy and load balancing.
- Portainer: Manage Docker containers.
The two can be installed through single docker-compose as base stack, where an external network: traefiknet is created to communicate with other microservices.
- Eclipse Mosquitto: MQTT Broker.
- Node-RED: Configure IoT connections and communications.
- InfluxDB: Time-series Database.
- Grafana: Simple data monitoring.
- MariaDB: Relational database.
- Adminer: Minimal relational database management.
- NTFY: For alerts and events notifications.
- SvelteKit Website: Fully customisable dashboard.
Additional infrastructure setup should be done, for example: Cloudflare proxy, Wazuh SIEM.