RHEL Install

This installation guide is applicable to RHEL-based distributions, such as RHEL/Alma/Rocky.

Make sure that the requirements in the Pre-install checklist are met before continuing with the installation.

Installing MideyeServer consists of the following steps:

Install MideyeServer Package.
Install a database.
Configure MideyeServer application-prod.yml.
Open firewall ports.
Configure MideyeServer.

Install MideyeServer¶

Update RHEL server.
```
sudo dnf update
```
Download appropriate MideyeServer rhel package from Mideye Server Downloads
Copy the rhel package to the RHEL server. See below example for using scp to copy the file to the servers /tmp/ directory:
```
scp ~/Downloads/MideyeServer6-6.3.2.el7.noarch.rpm username@10.20.30.40:/tmp/
```
Install the MideyeServer package from /tmp/ directory:
```
dnf -y install /tmp/MideyeServer6-<version>.rpm
```

Install SQL-Server¶

Warning

If two Mideye Servers are connected to the same database or database cluster, SQL cleanup jobs will collide and lock the database. To mitigate this, configure application-prod.yml with cluster settings according to Shared Database instructions.

Install MariaDB.
```
sudo dnf -y install mariadb-server
```

Start MariaDB and enable it after reboot.

systemctl enable mariadb

systemctl start mariadb

Remove default databases and create a root user password. The root password is empty by default.
```
mysql_secure_installation
```

Configure SQL-Server¶

Create database and user for MideyeServer. Start with connecting to the database from the shell.

mysql -uroot -p
Enter password: <password you set in mysql_secure_installation>

Then execute following SQL commands. Change username and password for production environments.

CREATE DATABASE MideyeServer_DB CHARACTER SET utf8 COLLATE utf8_swedish_ci;

CREATE USER 'mideye'@'localhost' IDENTIFIED BY 'user_password';

GRANT ALL PRIVILEGES ON MideyeServer_DB.* TO  'mideye'@'localhost';

FLUSH PRIVILEGES;

Configure MideyeServer database connection.
```
vim /opt/mideyeserver6/config/application-prod.yml
```
Add following to configuration file, change username and password to those set in the previous step.
13 14 15
url: jdbc:mariadb://localhost:3306/MideyeServer_DB username: mideye password: user_password
Note

Syntax is very important in yml files. If the indentation (blank spaces) are not correct the server will not start.
Server is installed and database is configured. It is time to enable and start the service.
```
systemctl enable mideyeserver6
systemctl restart mideyeserver6
```

Configure Mideye Server¶

Mideye Server is configured through the Mideye Web GUI which by default uses port HTTPS/8443 in Linux. Example address:

https://mideyeserverip:8443

Going to the Web GUI for the first time will display the Configuration Wizard.

Note

The setup challenge is found in the MideyeServer logs.
cat /opt/mideyeserver6/log/mideyeserver.log |grep CHALLENGE
The setup wizard can not be completed if a port opening is not made in the MideyeSwitch by Mideye Support.
The setup wizard only requires you to configure root user and switch-port, the rest can be skipped.
The MideyeServer webgui does not work with Internet Explorer.

Further instructions regarding configuration in the webportal can be found in the Reference guide.

Configure Firewall¶

RHEL 9 default firewall is firewalld.

Enable and start the firewalld service.

systemctl enable firewalld
systemctl start firewalld

Open tcp/8443 and udp/1812 in nftables

firewall-cmd --zone=public --add-port=8443/tcp --permanent
firewall-cmd --zone=public --add-port=1812/udp --permanent
firewall-cmd --reload

If you want to add the ports as services. Add following xml files to /usr/lib/firewalld/services/ directory.

vim /usr/lib/firewalld/services/mideye-radius.xml

<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Mideye RADIUS</short>
  <description>Remote Authentication Dial-In User Service (RADIUS) is a networking protocol that provides centralized authentication, authorization, and accounting (AAA) management for users who connect and use a network service.</description>
  <port protocol="udp" port="1812"/>
</service>

vim /usr/lib/firewalld/services/mideye-https.xml

<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Mideye HTTPS</short>
  <description>HTTPS is a modified HTTP used to serve Web pages when security is important. Examples are sites that require logins like stores or web mail. This option is not required for viewing pages locally or developing Web pages. You need the httpd package installed for this option to be useful.</description>
  <port protocol="tcp" port="8443"/>
</service>

To load the services in firewalld

firewall-cmd --complete-reload

Enable service in public firewall.

firewall-cmd --zone=public --add-service=mideye-https --permanent
firewall-cmd --zone=public --add-service=mideye-radius --permanent
firewall-cmd --reload

Remove port form public firewall.

firewall-cmd --zone=public --remove-port=8443/tcp --permanent
firewall-cmd --zone=public --remove-port=1812/udp --permanent
firewall-cmd --reload

Add range of ports

firewall-cmd --zone=public --permanent --add-port=1812-1814/udp

Display firewall rules

firewall-cmd --list-all

Backup¶

Backup Mideye Server file system¶

To take a backup of the Mideye Server, copy or compress the whole Mideye Server installation directory. The default directory is:

/opt/mideyeserver6

Backup Database¶

To take a backup of the Mideye Server database on MySQL, run the following command:

# mysqldump -u[username] -p[password] [database name] > mideye_backup.sql

where [username]/[password] are the database login credentials.

Upgrade¶

Mideye Server 4.x to 6.x¶

It is not possible to do a straight upgrade from Mideye Server 4.x to 6.x. Follow the instructions at Upgrade Mideye Server 4.x to 5.x for more information on upgrading to Mideye Server 5.x. Then follow the instructions to upgrade from Mideye Server 5.x to 6.x.

Mideye Server 5.x to 6.x¶

It is not possible to do a straight upgrade from Mideye Server 5.x to 6.x. Follow the instructions at Upgrade Mideye Server 5.x to 6.x for more information on upgrading to Mideye Server 6.

Mideye Server 6.x to 6.x¶

Before proceeding with an upgrade, take a backup of the Mideye Server file system and the Mideye database.

It is strongly suggested that a backup should be made of at least the following items considering the database encryption:

application-prod.yml
keystore.pfx

Uninstall¶

To uninstall the Mideye Server run:

dnf remove mideyeserver6

Removing the Mideye Server keeps the database, configuration and log files intact. These can be removed manually.

Troubleshooting¶

Files¶

MideyeServer Home: /opt/mideyeserver6
log-config: /opt/mideyeserver6/config/logback.xml
logs: /opt/mideyeserver6/log/mideyeserver.log
error-logs: /opt/mideyeserver6/log/mideyeserver.error
config-file: /opt/mideyeserver6/config/application-prod.yml
certificates: /opt/mideyeserver6/config/keystore.p12
systemd-service: /etc/systemd/system/mideyeserver6.service

Service ports¶

MideyeServer needs two ports to start correctly. A port for WebGUI and a port for RADIUS traffic. The WebGUI Port can be changed.

Webgui: tcp/8443
RADIUS: udp/1812

Verify that MideyeServer is listening on the ports with netstat.

verify WebGUI 8443 port: netstat -tnlp
verify RADIUS 1812 port: netstat -unlp

If netstat is not installed it can be installed with following command.

sudo dnf install net-tools

Note

Before completing the wizard, server is only listening on WebGUI port 8443 so netstat -unlp will not display any 1812 port.

MideyeServer Service¶

Check if MideyeServer is running

root@myvm:~# systemctl status mideyeserver
● mideyeserver6.service - Mideye Server Service
     Loaded: loaded (/etc/systemd/system/mideyeserver6.service; enabled; vendor preset: enabled)
     Active: active (running) since Tue 2021-11-16 09:32:59 UTC; 10min ago

Verify in the logs that MideyeServer Is running.

First time MideyeServer is started there should be a SETUP CHALLENGE in the logs.

2021-11-16 09:49:20.636Z INFO  [main] RadiusServerService: loaded
2021-11-16 09:49:20.796Z WARN  [main] SetupService: ************************************
2021-11-16 09:49:20.797Z WARN  [main] SetupService: ******* SETUP CHALLENGE: sCTtlFTEZk
2021-11-16 09:49:20.797Z WARN  [main] SetupService: ************************************
2021-11-16 09:49:21.725Z INFO  [main] AuthenticationLogCleanupService: OnLoaded: cronExpression: [0 0 * * * *]

When MideyeServer is listening for webtraffic it will show following in the logs.

2021-11-16 09:49:27.145Z INFO  [main] MideyeServerApp:
----------------------------------------------------------
    Application MideyeServer is running! Access URLs:
    Local:      https://localhost:8443
    External:   https://127.0.0.1:8443
    Profile(s):     [prod]
----------------------------------------------------------

Server not starting¶

Invalid Credentials to the SQL database

Error message: ERROR [XNIO-2 task-19] HikariPool: HikariPool-2 - Exception during pool initialization.java.sql.SQLException: Login failed for user 'user.name'.

This error message is due to invalid credentials to the SQL database. Verify the configuration in:

/opt/mideyeserver6/config/application-prod.yml

Also, check the database log files. Manually start the Mideye Server service.

Failed to startup Mideye Server

Error message: Failed to startup Mideye Server: [failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.]

This error message is due to invalid password provided for the PFX certificate imported during installation. Open /opt/mideyeserver6/config/configuration-prod.yml as a local administrator and change the key passphrase.

Manually start the Mideye Server service.