Skip to content

Mideye 5 Podman

Warning

Mideye Server 5 is no longer updated, and new installations are not supported. Only existing Mideye Server 5 installations and upgrades are supported. Please use Mideye Server 6 for new installations and continued support.

Mideye Server container image runs both on Docker and Podman. To get latest release check out Docker hub

Issues

rootlesskit

RADIUS requires the source IP to be matched against a shared secret for encrypting traffic between the RADIUS Client and the RADIUS Server. Wen running Podman in rootless mode the source IP will always be 10.0.2.100 this is due to Podman running with port_handler=rootlesskit by default.

Following workarounds are available for this issue.

  • Run container in rootfull mode allows forwarding of source IP.
  • Run container in rootfull with --net=host.
  • Add 10.0.2.100 to the RADIUS Shared Secrets.
  • Add a default 0.0.0.0 to the RADIUS Shared Secrets.
  • RECOMENDED: Run rootless Podman v2.1.0 or later with slirp4netns port_handler instead of the default rootlesskit. This will forward the source IP to MideyeServer correctly. --net=slirp4netns:port_handler=slirp4netns

No listenport in podman-compose.

It is possible to add the network mode port_handler to the docker-compose file. When doing this Podman stops listening to the ports specified. This seems to be a bug in current version Podman 3.2.0-rc3

version: '3'
services:
mideyeserver:
    image: docker.io/mideye/mideyeserver:5.6.1-final
    environment:
    SPRING_PROFILES_ACTIVE: prod
    SPRING_DATASOURCE_URL: jdbc:mariadb://MARIADB_SERVER:3306/mideyeserver
    SERVER_SSL_ENABLED: true
    SERVER_PORT: 8443
    healthcheck:
    test: ["CMD", "curl", "--insecure","-sS", "https://localhost:8443/management/health"]
    interval: 30s
    timeout: 10s
    retries: 3
    start_period: 40s
    ports:
    - "8443:8443/tcp"
    - "1812:1812/udp"
    - "1813:1813/udp"
    - "3799:3799/udp"
    volumes:
    - mideye_config:/home/mideye/config
    network_mode: "slirp4netns:port_handler=slirp4netns"
volumes:
mideye_config:

Start Mideye Server

Currently there is only one way to run MideyeServer 5 in Podman.

  1. Start a database on another server with username, password and a database dedicated for mideye.
  2. create a env.file with following content 
    SPRING_PROFILES_ACTIVE=prod
SPRING_DATASOURCE_URL=jdbc:mariadb://192.168.0.10:3306/mideyeserver
SPRING_DATASOURCE_USERNAME=mideyeuser
SPRING_DATASOURCE_PASSWORD=mideyeuserpassword
SERVER_SSL_ENABLED=true
SERVER_PORT=8443
  3. Open Firewallports. 
    firewall-cmd --get-active-zones
firewall-cmd --zone=public --permanent --add-port=8443/tcp
firewall-cmd --zone=public --permanent --add-port=1812/udp
firewall-cmd --reload
  4. Start Mideyeserver. Check Docker hub for latest version.

Manage MideyeServer

  • Createm Persistent volume: podman volume create mideye_volume

  • Create MideyeServer:

    podman run -d --name=mideyeserver \
              --net=slirp4netns:port_handler=slirp4netns \
              --env-file=env.file \
              -p 8443:8443 \
              -p 1812:1812/udp \
              -v mideye_volume:/home/mideye/config \
              docker.io/mideye/mideyeserver:5.6.1-final

  • Stop MideyeServer: podman stop mideyeserver

  • Start MideyeServer: podman start mideyeserver
  • Restart MideyeServer: podman restart mideyeserver
  • MideyeServer Logs: podman logs mideyeserver
  • Follow logs: podman logs -f mideyeserver
  • Verify MideyeServer is running: podman ps -a
  • Verify Podman is forwarding ports: podman port -l
  • Backup MideyeServer Config: podman cp mideyeserver:/home/mideye/config .

Note

remember the last . which means current directory

  • Backup MideyeServer Database: mysqldump --all-databases > mideyeserver-databases.sql
  • Restore MideyeServer Config: podman cp config/application-prod.yml mideyeserver:/home/mideye/config/application-prod.yml podman cp config/keystore.p12 mideyeserver:/home/mideye/config/keystore.p12
  • Restore MideyeServer Database: mysql < mideyeserver-databases.sql
  • Restart MideyeServer After Restore: podman restart mideyeserver

Setup

Check the MideyeServer logs to get the SETUP CHALLENGE.

podman logs mideye_mideyeserver_1 | grep 'SETUP CHALLENGE' | tail -1 | awk 'NF>1{print $NF}'

Connect to the webgui through a browser with url: https://server_ip:8443

Ports

If a new RADIUS Server is added in MideyeServer. Please restart the application and add a new port to docker-compose.yml

  • 8443 is used for the webgui
  • 1812/UDP is used for radius traffic.
  • Setup a range of ports -p 1812-1818:1812-1818/udp

Persistent volumes

To keep configuration persistent between updates, the following persistent volumes are configured.

  • mideye_config: contains certificates and application config

Update MideyeServer

Before updating mideyeserver make sure the config folder is backed up. and mideyeserver is running with persistent volume.

  1. Stop mideyeserver podman stop mideyeserver
  2. Remove mideyeserver podman rm mideyeserver

  3. Start mideyeserver with updated version

    podman run -d --name=mideyeserver \
              --net=slirp4netns:port_handler=slirp4netns \
              --env-file=env.file \
              -p 8443:8443 \
              -p 1812:1812/udp \
              -v mideye_volume:/home/mideye/config \
              docker.io/mideye/mideyeserver:5.6.1-final