Skip to content

Warning

Mideye Server 5 is no longer updated, and new installations are not supported. Only existing Mideye Server 5 installations and upgrades are supported. Please use Mideye Server 6 for new installations and continued support.

RHEL Installation guide

Make sure that the requirements in the Pre-install checklist are met before continuing with the installation.

Installing MideyeServer consists of the following steps:

  • Install MideyeServer Package.
  • Install a database.
  • Configure MideyeServer application-prod.yml.
  • Open firewall ports.
  • Configure MideyeServer.

Install MideyeServer

  1. Update RHEL server.

    sudo yum update

  2. Download appropriate MideyeServer rhel package from Mideye Server Downloads

  3. Copy the rhel package to the RHEL server. See below example for using scp to copy the file to the servers /tmp/ directory: 

    scp ~/Downloads/mideyeserver-5.6.8-9001.el7.noarch.rpm username@10.20.30.40:/tmp/

  4. Install the MideyeServer package from /tmp/ directory: 

    yum -y install /tmp/MideyeServer6-<version>.rpm

Install SQL-Server

Warning

If two Mideye Servers are connected to the same database or database cluster, SQL cleanup jobs will collide and lock the database. To mitigate this, configure application-prod.yml with cluster settings according to Shared Database instructions.

  1. Install MariaDB. 

    sudo yum -y install mariadb-server

  2. Start MariaDB and enable it after reboot.

    systemctl enable mariadb

    systemctl start mariadb

  3. Remove default databases and create a root user password. The root password is empty by default.

    mysql_secure_installation

Configure SQL-Server

  1. Create database and user for MideyeServer. Start with connecting to the database from the shell.

    mysql -uroot -p
Enter password: <password you set in mysql_secure_installation>

    Then execute following SQL commands. Change username and password for production environments.

    CREATE DATABASE MideyeServer_DB CHARACTER SET utf8 COLLATE utf8_swedish_ci;
CREATE USER 'mideye'@'localhost' IDENTIFIED BY 'user_password';
GRANT ALL PRIVILEGES ON MideyeServer_DB.* TO  'mideye'@'localhost';
FLUSH PRIVILEGES;

  2. Configure MideyeServer database connection. 

    vim /opt/mideyeserver/config/application-prod.yml

    Add following to configuration file, change username and password to those set in the previous step.

    13
14
15
            url: jdbc:mariadb://localhost:3306/MideyeServer_DB
        username: mideye
        password: user_password

    Note

    Syntax is very important in yml files. If the spaces are not correct the server will not start.

  3. Server is installed and database is configured. It is time to enable and start the service. 

    systemctl enable mideyeserver
systemctl restart mideyeserver

Configure Mideye Server

Mideye Server is configured through the Mideye Web GUI which by default uses port HTTPS/8443 in Linux. Example address:
https://mideyeserverip:8443
First visit will show the setup wizard. Here you can choose between configuring a new installation as described in the Configuration Wizard, or importing data from an old installation as described in the Migration Wizard.

Note

  1. The setup challenge is found in the MideyeServer logs.
    cat /opt/mideyeserver/log/mideyeserver.log |grep CHALLENGE
  2. The setup wizard can not be completed if a port opening is not made in the MideyeSwitch by Mideye Support.
  3. The setup wizard only requires you to configure root user and switch-port, the rest can be skipped.
  4. The MideyeServer webgui does not work with Internet Explorer.

Further instructions for configuration in the webportal can be found in the Reference guide.

Configure Firewall

RHEL 8 default firewall is firewalld.

Enable and start the firewalld service. 

systemctl enable firewalld
systemctl start firewalld

Open tcp/8443 and udp/1812 in nftables 

firewall-cmd --zone=public --add-port=8443/tcp --permanent
firewall-cmd --zone=public --add-port=1812/udp --permanent
firewall-cmd --reload

If you want to add the ports as services. Add following xml files to /usr/lib/firewalld/services/ directory.

vim /usr/lib/firewalld/services/mideye-radius.xml

<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Mideye RADIUS</short>
  <description>Remote Authentication Dial-In User Service (RADIUS) is a networking protocol that provides centralized authentication, authorization, and accounting (AAA) management for users who connect and use a network service.</description>
  <port protocol="udp" port="1812"/>
</service>


vim /usr/lib/firewalld/services/mideye-https.xml

<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Mideye HTTPS</short>
  <description>HTTPS is a modified HTTP used to serve Web pages when security is important. Examples are sites that require logins like stores or web mail. This option is not required for viewing pages locally or developing Web pages. You need the httpd package installed for this option to be useful.</description>
  <port protocol="tcp" port="8443"/>
</service>

To load the services in firewalld 

firewall-cmd --complete-reload

Enable service in public firewall. 

firewall-cmd --zone=public --add-service=mideye-https --permanent
firewall-cmd --zone=public --add-service=mideye-radius --permanent
firewall-cmd --reload

Remove port form public fireall. 

firewall-cmd --zone=public --remove-port=8443/tcp --permanent
firewall-cmd --zone=public --remove-port=1812/udp --permanent
firewall-cmd --reload

Add range of ports 

firewall-cmd --zone=public --permanent --add-port=1812-1814/udp

Display firewall rules 

firewall-cmd --list-all

Backup

Backup Mideye Server file system

To take a backup of the Mideye Server, copy or compress the whole Mideye Server installation directory. The default directory is:

/opt/mideyeserver

Backup Database

To take a backup of the Mideye Server database on MySQL, run the following command:

# mysqldump -u[username] -p[password] [database name] > mideye_backup.sql
where [username]/[password] are the database login credentials.

Upgrade

Mideye Server 4.x to 5.x

It is not possible to do a straight upgrade from Mideye Server 4.x to 5.x. Please see Upgrade Mideye Server 4.x to 5.x for more information.

Mideye Server 5.x to 5.x

Before proceeding with an upgrade, take a backup of the Mideye Server file system and the Mideye database. Some files containing customized settings may need to be replaced after the update.

Note: To execute the installation/upgrade package, local administrator privileges are required.

Info

Since Mideye Server 5.4.3 the new packages are available in the “final” repository folder, instead of “release”. Please use the configuration documented below for the mideye.repo file to upgrade/install Mideye Server 5.4.3 and later.

Edit mideye.repo

Edit mideye.repo and enter either configuration. 

/etc/yum.repos.d/mideye.repo


[Mideye-release]
name=MideyeServer 5 release repository.
baseurl=http://yum.mideye.se/el7/final
gpgkey=http://www.mideye.se/RPM-GPG-KEY-pmanager
gpgcheck=1

Update Mideye Server

To update the Mideye Server run:

yum update mideyeserver -y

After the Mideye Server is updated restart the Mideye Server service.

systemctl restart mideyeserver

Uninstall

To uninstall the Mideye Server run:

yum remove mideyeserver

Removing the Mideye Server keeps the database, configuration and log files intact. These can be removed manually.

Info

If trying to reinstall the same version of Mideye Server prior to R5.3.4, please read the troubleshooting section concerning Corrupt keystore when reinstalling same version.

Troubleshooting

Files

  • MideyeServer Home: /opt/mideyeserver
  • log-config: /opt/mideyeserver/config/logback.xml
  • logs: /opt/mideyeserver/log/mideyeserver.log
  • error-logs: /opt/mideyeserver/log/mideyeserver.error
  • config-file: /opt/mideyeserver/config/application-prod.yml
  • certificates: /opt/mideyeserver/config/keystore.p12
  • systemd-service: /etc/systemd/system/mideyeserver.service

Service ports

MideyeServer needs two ports to start correctly. A port for WebGUI and a port for RADIUS traffic. The WebGUI Port can be changed.

  • Webgui: tcp/8443
  • RADIUS: udp/1812

Verify that MideyeServer is listetning on the ports with netstat.

  • verify WebGUI 8443 port: netstat -tnlp
  • verify RADIUS 1812 port: netstat -unlp

If netstat is not installed it can be installed with following command.

sudo yum install net-tools

Note

Before completing the wizard, server is only listening on WebGUI port 8443 so netstat -unlp will not display any 1812 port.

MideyeServer Service

Check if MideyeServer is running

root@myvm:~# systemctl status mideyeserver
 mideyeserver.service - Mideye Server Service
     Loaded: loaded (/etc/systemd/system/mideyeserver.service; enabled; vendor preset: enabled)
     Active: active (running) since Tue 2021-11-16 09:32:59 UTC; 10min ago

Verify in the logs that MideyeServer Is running.

  1. First time MideyeServer is started there should be a SETUP CHALLENGE in the logs.

    2021-11-16 09:49:20.636Z INFO  [main] RadiusServerService: loaded
2021-11-16 09:49:20.796Z WARN  [main] SetupService: ************************************
2021-11-16 09:49:20.797Z WARN  [main] SetupService: ******* SETUP CHALLENGE: sCTtlFTEZk
2021-11-16 09:49:20.797Z WARN  [main] SetupService: ************************************
2021-11-16 09:49:21.725Z INFO  [main] AuthenticationLogCleanupService: OnLoaded: cronExpression: [0 0 * * * *]

  2. When MideyeServer is listening for webtraffic it will show following in the logs.

    2021-11-16 09:49:27.145Z INFO  [main] MideyeServerApp:
----------------------------------------------------------
    Application MideyeServer is running! Access URLs:
    Local:      https://localhost:8443
    External:   https://127.0.0.1:8443
    Profile(s):     [prod]
----------------------------------------------------------

Server not starting

If nothing shows up in the logs when starting the server the Database Fail Timeout in application-prod.yml could be changed to get a faster fail. Change 3600000 to 10000. Restart mideyeserver and check the logs after 10 seconds.

initializationFailTimeout: 10000

Error message: ERROR [XNIO-2 task-19] HikariPool: HikariPool-2 - Exception during pool initialization.java.sql.SQLException: Login failed for user 'user.name'.

This error message is due to invalid credentials to the SQL database. Verify the configuration in:

/opt/mideyeserver/config/application-prod.yml

Also, check the database log files. Manually start the Mideye Server service.

Corrupt keystore when reinstalling same version

Info

From Mideye Server 5.3.4 the old keystore is automatically removed when reinstalling the same version of the Mideye Server.

When uninstalling Mideye Server and reinstalling the same version, the keystore must be manually removed before installing the Mideye Server again.

After a successful uninstall, delete /opt/mideyeserver/config/keystore.p12. Once removed, the same version of Mideye Server can be installed again.