Mideye 5 Debian

Warning

Mideye Server 5 is no longer updated, and new installations are not supported. Only existing Mideye Server 5 installations and upgrades are supported. Please use Mideye Server 6 for new installations and continued support.

Make sure that the requirements in the Pre-install checklist are met before continuing with the installation.

Installing MideyeServer consists of the following steps:

Install MideyeServer Package.
Install a database.
Configure MideyeServer application-prod.yml.
Open firewall ports.
Configure MideyeServer.

Install MideyeServer¶

Update Debian server.

sudo apt-get update
sudo apt-get upgrade

Download appropriate MideyeServer deb package from Mideye Server Downloads

Copy the deb package to the debian server.

scp ~/Downloads/MideyeServer-5.6.2-7710_all.deb username@10.20.30.40:/tmp/

Install the MideyeServer package.

sudo apt-get install /tmp/MideyeServer-5.6.2-7710_all.deb

Install SQL-Server¶

Warning

If two Mideye Servers are connected to the same database or database cluster, SQL cleanup jobs will collide and lock the database. To mitigate this, configure application-prod.yml with cluster settings according to Shared Database instructions.

Install gnupg.

sudo apt-get update
sudo apt-get install gnupg

Install MySQL Config.

cd /tmp
wget https://dev.mysql.com/get/mysql-apt-config_0.8.20-1_all.deb
sudo dpkg -i mysql-apt-config_0.8.20-1_all.deb

make sure mysql-8.0 is selected under MySQL Server & Cluster (Currently selected: mysql-8.0) and press ok.
Install MySQL Server.
```
sudo apt-get update
sudo apt-get install mysql-server
```
- During the installation you need to set a root password for the MySQL Server.
- During the installation you need to select authentication plugin. Select Use Legacy Authentication Method (Retain MySQL 5.x Compatibility).
- Currently there is no support for the new SQL 8 authentication method.
- After the installation verify Mysql-Server is running sudo systemctl status mysql.

Configure SQL-Server¶

Create database and user for MideyeServer.

Start with connecting to the database from the shell.

mysql -uroot -p
Enter password: <password you set during installation>

Then execute following SQL commands. Change username and password for production environments.

CREATE DATABASE MideyeServer_DB CHARACTER SET utf8  COLLATE utf8_swedish_ci;
CREATE USER 'mideye'@'localhost' IDENTIFIED BY 'user_password';
GRANT ALL PRIVILEGES ON MideyeServer_DB.* TO  'mideye'@'localhost';
FLUSH PRIVILEGES;
EXIT

Configure MideyeServer database connection. vim /opt/mideyeserver/config/application-prod.yml

Add following to configuration file, change username and password to those set in the previous step.
13 14 15
url: jdbc:mariadb://localhost:3306/MideyeServer_DB username: mideye password: user_password
Note

Syntax is very important in yml files. If the spaces are not correct the server will not start.
Server is installed and database is configured. It is time to enable and start the service.
```
systemctl enable mideyeserver
systemctl restart mideyeserver
```

Configure Mideye Server¶

Mideye Server is configured through the Mideye Web GUI which by default uses port HTTPS/8443 in Linux. Example address:
https://mideyeserverip:8443
First visit will show the setup wizard. Here you can choose between configuring a new installation as described in the Configuration Wizard, or importing data from an old installation as described in the Migration Wizard.

Note

The setup challenge is found in the MideyeServer logs.
cat /opt/mideyeserver/log/mideyeserver.log |grep CHALLENGE
The setup wizard can not be completed if a port opening is not made in the MideyeSwitch by Mideye Support.
The setup wizard only requires you to configure root user and switch-port, the rest can be skipped.
The MideyeServer webgui does not work with Internet Explorer.

Further instructions for configuration in the webportal can be found in the Reference guide.

Configure Firewall¶

Debian 11 default firewall is nftables.

Open tcp/8443 and udp/1812 in nftables

iptables-nft -A INPUT -p tcp --dport 8443 -j ACCEPT
iptables-nft -A INPUT -p udp --dport 1812 -j ACCEPT

If no iptables are enabled. Here is an example config.

sudo iptables-nft -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
sudo iptables-nft -A INPUT -i lo -j ACCEPT
sudo iptables-nft -A INPUT -p tcp --dport 8443 -j ACCEPT
sudo iptables-nft -A INPUT -p udp --dport 1812 -j ACCEPT
sudo iptables-nft -A INPUT -p tcp --dport 22 -j ACCEPT
sudo iptables-nft -A INPUT -j DROP

Warning

Before running following command make sure that ssh port is open or you have access to the machine through console.

iptables-nft -P INPUT DROP

To make the rules persistent please install iptables-persistent.

sudo apt-get install iptables-persistent

Save the iptables.

sudo iptables-save > /etc/iptables/rules.v4

Backup¶

Backup Mideye Server file system¶

To take a backup of the Mideye Server, copy or compress the whole Mideye Server installation directory. The default directory is:

/opt/mideyeserver

Backup Database¶

To take a backup of the Mideye Server database on MySQL, run the following command:

# mysqldump -u[username] -p[password] [database name] > mideye_backup.sql

where [username]/[password] are the database login credentials.

Upgrade¶

Mideye Server 4.x to 5.x¶

It is not possible to do a straight upgrade from Mideye Server 4.x to 5.x. Please see Upgrade Mideye Server 4.x to 5.x for more information.

Mideye Server 5.x to 5.x¶

Before proceeding with an upgrade, take a backup of the Mideye Server file system and the Mideye database. Some files containing customized settings may need to be replaced after the update.

Note: To execute the installation/upgrade package, local administrator privileges are required.

Update Mideye Server

To update the Mideye Server download the appropriate Mideye Server deb package from Mideye Server Downloads. Then run the file according to the example below:

apt update /path/to/mideyeserver_newversion-build-xenial.deb

After the Mideye Server is updated restart the Mideye Server service.

systemctl restart mideyeserver

Uninstall¶

To uninstall the Mideye Server run:

apt remove mideyeserver

Removing the Mideye Server keeps the database, configuration and log files intact. These can be removed manually.

Info

If trying to reinstall the same version of Mideye Server prior to R5.3.4, please read the troubleshooting section concerning Corrupt keystore when reinstalling same version.

Troubleshooting¶

Files¶

MideyeServer Home: /opt/mideyeserver
log-config: /opt/mideyeserver/config/logback.xml
logs: /opt/mideyeserver/log/mideyeserver.log
error-logs: /opt/mideyeserver/log/mideyeserver.error
config-file: /opt/mideyeserver/config/application-prod.yml
certificates: /opt/mideyeserver/config/keystore.p12
systemd-service: /etc/systemd/system/mideyeserver.service

Service ports¶

MideyeServer needs two ports to start correctly. A port for WebGUI and a port for RADIUS traffic. The WebGUI Port can be changed.

Webgui: tcp/8443
RADIUS: udp/1812

Verify that MideyeServer is listetning on the ports with netstat.

verify WebGUI 8443 port: netstat -tnlp
verify RADIUS 1812 port: netstat -unlp

If netstat is not installed it can be installed with following command.

sudo apt-get update
sudo apt-get install net-tools

Note

Before completing the wizard, server is only listening on WebGUI port 8443 so netstat -unlp will not display any 1812 port.

MideyeServer Service¶

Check if MideyeServer is running

root@myvm:~# systemctl status mideyeserver
● mideyeserver.service - Mideye Server Service
     Loaded: loaded (/etc/systemd/system/mideyeserver.service; enabled; vendor preset: enabled)
     Active: active (running) since Tue 2021-11-16 09:32:59 UTC; 10min ago

Verify in the logs that MideyeServer Is running.

First time MideyeServer is started there should be a SETUP CHALLENGE in the logs.

2021-11-16 09:49:20.636Z INFO  [main] RadiusServerService: loaded
2021-11-16 09:49:20.796Z WARN  [main] SetupService: ************************************
2021-11-16 09:49:20.797Z WARN  [main] SetupService: ******* SETUP CHALLENGE: sCTtlFTEZk
2021-11-16 09:49:20.797Z WARN  [main] SetupService: ************************************
2021-11-16 09:49:21.725Z INFO  [main] AuthenticationLogCleanupService: OnLoaded: cronExpression: [0 0 * * * *]

When MideyeServer is listening for webtraffic it will show following in the logs.

2021-11-16 09:49:27.145Z INFO  [main] MideyeServerApp:
----------------------------------------------------------
    Application MideyeServer is running! Access URLs:
    Local:      https://localhost:8443
    External:   https://127.0.0.1:8443
    Profile(s):     [prod]
----------------------------------------------------------

Server not starting¶

If nothing shows up in the logs when starting the server the Database Fail Timeout in application-prod.yml could be changed to get a faster fail. Change 3600000 to 10000. Restart mideyeserver and check the logs after 10 seconds.

initializationFailTimeout: 10000

Error message: ERROR [XNIO-2 task-19] HikariPool: HikariPool-2 - Exception during pool initialization.java.sql.SQLException: Login failed for user 'user.name'.

This error message is due to invalid credentials to the SQL database. Verify the configuration in:

/opt/mideyeserver/config/application-prod.yml

Also, check the database log files. Manually start the Mideye Server service.

Corrupt keystore when reinstalling same version¶

Info

From Mideye Server 5.3.4 the old keystore is automatically removed when reinstalling the same version of the Mideye Server.

When uninstalling Mideye Server and reinstalling the same version, the keystore must be manually removed before installing the Mideye Server again.

After a successful uninstall, delete /opt/mideyeserver/config/keystore.p12. Once removed, the same version of Mideye Server can be installed again.