Skip to main content

Backend Configuration

This page will describe how to configure the backend part of the WIMP system.

info

As a reminder, the "Backend" term in the WIMP system refers to the part that is accessible to teachers and administrators. For more information about the definitions used in the WIMP system, please see this page.

Configure the Raspberry#

On your first Raspberry Pi (or server), if you have a firewall installed, then the first step is to add some new rules :

  • Ensure that the port 8080 is open for ExpressAPI communication.
  • Ensure that the port 1880 is open for Node-RED communication.
  • Ensure that all the ports for the communications between your IoT devices and your Raspberry are open (for example, use a WeMo smart plug implies to open the port 9000). /!\ On a Raspberry when the firewall (ufw) is not activated the ports are closed by default. So you have to activate ufw and make sure that port 22 is open before activate it.

Pull the sources#

Once you have configured your firewall, you can now pull the Github project that corresponds to the Teacher/Admin part :

  • In order to pull the repository, you must ask to an admin for a Github access token.
  • Once you have your access token, you can simply pull the repository :
git clone https://<github-username>:<github-token>@github.com/ptidejteam/wimp-backend
cd ./wimp-backend/

Now you can move on to configuring the service and exposing the backend with Nginx.

Configure Redis#

We use Redis in order to limit the number of requests on the POST login endpoint. This protects the form from brute force attacks. This protection aims to blacklist malicious IPs that try to attack by brute force the login form.

To set up Redis in this context, you need to :

  • Install Redis on the Raspberry Pi or server that host the frontend part of the system by following this tutorial.

  • Configure a systemctl service for the redis server : 

sudo cp -p ~/wimp-frontend/conf/wimp-redis.service /etc/systemd/system/sudo systemctl enable wimp-redis.servicesudo systemctl start wimp-redis.service
  • Check if the Redis server is up :
sudo systemctl status wimp-redisredis-cli ping

Configure the environment#

Now you need to add a file that will contains the environement variables for the Backend part of the system :

  • Create a file named .env in the directory ExpressNodeRed :
cd ./ExpressNodeRed/vim .env
  • And fill it with the following lines, replacing the values with your information :
ENV=prodPROTOCOL=httpsFRONTEND_HOST=**@IP of the Raspberry Pi that hosts the frontend part**FRONTEND_PORT=8080BACKEND_HOST=**@IP of the current Raspberry Pi**BACKEND_PORT=8080SESSION_SECRET=**Generate a strong session secret to manage the session**BACKEND_SECRET=**Backend password encrypted with Bcrypt**BACKEND_RESTRICTED_ACCESS=/node/currentStatesEXTERNAL_DEVICES_ROUTES=**List of the Node-RED endpoints in your flows**NODE_RED_SECRET=**Clear password of Node-RED API**NODE_RED_SECRET_ENC=**Encrypted password of Node-RED API with Bcrypt**REDIS_URL=redis://127.0.0.1:6379/0
note

The field EXTERNAL_DEVICES_ROUTES field must be formatted like /myroute1,/myroute2,/myroute3.