The Things Networks Stack (Open Source) docker

README.md

INSTALLATION :

Se référer à la doc officielle https://www.thethingsindustries.com/docs/enterprise/docker/configuration/

Voir lora-compose.yml
Voir ttn-lw-stack-docker.yml

INITIALISATION.

Modifier le compose de base

    entrypoint: tail -f /dev/null

et commenter restart: unless-stopped Lancer votre commande docker compose. on peut ensuite se connecter au conteneur

docker exec -ti lora-stack /bin/sh
ttn-lw-stack is-db migrate

ttn-lw-stack is-db create-admin-user --id admin --email [email protected]

ttn-lw-stack is-db create-oauth-client --id cli --name "Command Line Interface" --owner admin --no-secret --redirect-uri "local-callback" --redirect-uri "code"

cd /tmp
vi console.sh

Contenu de console.sh

#!/bin/sh
SERVER_ADDRESS=https://lora.domain.tld
ID=[UUID]  # Client ID same in ttn-lw-stack-docker.yml in console->oauth->client-id
NAME=Console
CLIENT_SECRET=[UUID] # Client Secret same in ttn-lw-stack-docker.yml in console->oauth->client-secret
REDIRECT_URI=${SERVER_ADDRESS}/console/oauth/callback
REDIRECT_PATH=/console/oauth/callback
LOGOUT_REDIRECT_URI=${SERVER_ADDRESS}/console
LOGOUT_REDIRECT_PATH=/console
ttn-lw-stack is-db create-oauth-client \
  --id ${ID} \
  --name "${NAME}" \
  --owner admin \
  --secret "${CLIENT_SECRET}" \
  --redirect-uri "${REDIRECT_URI}" \
  --redirect-uri "${REDIRECT_PATH}" \
  --logout-redirect-uri "${LOGOUT_REDIRECT_URI}" \
  --logout-redirect-uri "${LOGOUT_REDIRECT_PATH}"

chmod +x ./console.sh
./console.sh

restaurer l'entrypoint de base

    entrypoint: ttn-lw-stack -c /config/ttn-lw-stack-docker.yml

et décommenter restart: unless-stopped

Pour se connecter https://lora.domain.tld user: admin pwd celui saisi à l'étape create-admin-user

Elements non résolus

WARN    Task failed     {"address": ":8889", "error": "error:pkg/gatewayserver:listen_frontend (start frontend listener `ttigw/tls` on address `:8889`)", "error_cause": "open cert.pem: no such file or directory", "invocation": 1585, "namespace": "gatewayserver", "protocol": "ttigw/tls", "task_id": "serve_ttigw/:8889"}

A voir

WARN    No cluster key configured, generated a random one       {"key": "[RANDOM]", "namespace": "cluster"}

lora-compose.yml

services:

  lora-stack:
    image: thethingsnetwork/lorawan-stack:3.34
    entrypoint: ttn-lw-stack -c /config/ttn-lw-stack-docker.yml
#    entrypoint: tail -f /dev/null
    container_name: lora-stack
    command: start
    restart: unless-stopped
    logging:
      driver: "json-file"
      options:
        max-size: "10m"
        max-file: "5"    
    depends_on:
      - lora-redis
      - lora-postgres
    networks:
      - pg_lora
      - traefik
    volumes:
      - /home/docker/vol/lora-stack:/srv/ttn-lorawan/public/blob
      - /home/docker/config/lora-stack:/config:ro
    environment:
      TTN_LW_BLOB_LOCAL_DIRECTORY: /srv/ttn-lorawan/public/blob
      TTN_LW_REDIS_ADDRESS: lora-redis:6379
      TTN_LW_IS_DATABASE_URI: postgres://root:root@lora-postgres:5432/ttn_lorawan?sslmode=disable
    ports:
      - 1700:1700/udp
    healthcheck:
      test: curl --fail http://localhost:8089 || exit 1
      interval: 30s
      timeout: 10s
      retries: 5
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=traefik"
      - "traefik.http.routers.lora.EntryPoints=websecure"
      - "traefik.http.routers.lora.rule=Host(`lora.domain.tld`)"
      - "traefik.http.routers.lora.tls.certresolver=letsencrypt"
      - "traefik.http.routers.lora.tls=true"
      - "traefik.http.routers.lora-http.rule=Host(`lora.domain.tld`)"
      - "traefik.http.routers.lora-http.EntryPoints=web"
      - "traefik.http.routers.lora-http.middlewares=https-redirect@file"
      - "traefik.http.services.lora.loadbalancer.server.port=8089"

  lora-postgres:
    image: postgres:14.5-alpine
    container_name: lora-postgres
    restart: unless-stopped
    environment:
      - POSTGRES_PASSWORD=root
      - POSTGRES_USER=root
      - POSTGRES_DB=ttn_lorawan
    networks:
      - pg_lora
    volumes:
      - /home/docker/vol/lora-postgres:/var/lib/postgresql/data
    labels:
      - "traefik.enable=false"

  lora-redis:
    image: redis:7.0.4-alpine
    container_name: lora-redis
    command: redis-server --appendonly yes
    restart: unless-stopped
    networks:
      - pg_lora
    volumes:
      - /home/docker/vol/lora-redis:/data
    labels:
      - "traefik.enable=false"

networks:
  pg_lora:
    name: pg_lora
    driver: bridge
    ipam:
      driver: default
      config:
        - subnet: 172.18.1.128/28

ttn-lw-stack-docker.yml

# Identity Server configuration
# Email configuration for "lora.domain.tld"
is:
  email:
    sender-name: "The DIY Lora network"
    sender-address: "[email protected]"
    network:
      name: "DIY Lora network"
      console-url: "https://lora.domain.tld/console"
      identity-server-url: "https://lora.domain.tld/oauth"

    # If sending email with Sendgrid
    # provider: sendgrid
    # sendgrid:
    #   api-key: '...'              # enter Sendgrid API key

    # If sending email with SMTP
    # provider: smtp
    # smtp:
    #   address:  '...'             # enter SMTP server address
    #   username: '...'             # enter SMTP server username
    #   password: '...'             # enter SMTP server password

  # Web UI configuration for "lora.domain.tld":
  oauth:
    ui:
      canonical-url: "https://lora.domain.tld/oauth"
      is:
        base-url: "https://lora.domain.tld/api/v3"

# HTTP server configuration
http:
  listen: "0.0.0.0:8089"
  listen-tls: ""
  cookie:
    block-key: "" # generate 32 bytes (openssl rand -hex 32)
    hash-key: "" # generate 64 bytes (openssl rand -hex 64)
  metrics:
    password: "" # choose a password -> Generate UUID
  pprof:
    password: "" # choose a password -> Generate UUID


# Disable TLS behind proxy
as:
  mqtt:
    listen-tls: ""
grpc:
  listen-tls: ""
gs:
  basic-station:
    listen-tls: ""
  tabs-hubs:
    listen-tls: ""
  mqtt:
    listen-tls: ""
  mqtt-v2:
    listen-tls: ""
interop:
  listen-tls: ""

tls:
  source: ""

ttgc:
  enabled: false
#  domain: lora.domain.tld
#  listen-tls: ""
#  tls:
#    source: ""



# If using custom certificates:
# tls:
#   source: file
#   root-ca: /run/secrets/ca.pem
#   certificate: /run/secrets/cert.pem
#   key: /run/secrets/key.pem

#  acme:
#    dir: "/var/lib/acme"
#    email: "[email protected]"
#    hosts: ["lora.domain.tld"]
#    default-host: "lora.domain.tld"

# If Gateway Server enabled, defaults for "lora.domain.tld":
#gs:
#  mqtt:
#    public-address: "lora.domain.tld:1882"
#    public-tls-address: "lora.domain.tld:8882"
#  mqtt-v2:
#    public-address: "lora.domain.tld:1881"
#    public-tls-address: "lora.domain.tld:8881"

# If Gateway Configuration Server enabled, defaults for "lora.domain.tld":
#gcs:
#  basic-station:
#    default:
#      lns-uri: "wss://lora.domain.tld:8887"
#  the-things-gateway:
#    default:
#      mqtt-server: "mqtts://lora.domain.tld:8881"

# Web UI configuration for "lora.domain.tld":
console:
  ui:
    canonical-url: "https://lora.domain.tld/console"
    account-url: "https://lora.domain.tld/console"
    is:
      base-url: "https://lora.domain.tld/api/v3"
    gs:
      base-url: "https://lora.domain.tld/api/v3"
    gcs:
      base-url: "https://lora.domain.tld/api/v3"
    ns:
      base-url: "https://lora.domain.tld/api/v3"
    as:
      base-url: "https://lora.domain.tld/api/v3"
    js:
      base-url: "https://lora.domain.tld/api/v3"
    qrg:
      base-url: "https://lora.domain.tld/api/v3"
    edtc:
      base-url: "https://lora.domain.tld/api/v3"
    dcs:
      base-url: "https://lora.domain.tld/api/v3"
  oauth:
    authorize-url: "https://lora.domain.tld/oauth/authorize"
    token-url: "https://lora.domain.tld/oauth/token"
    logout-url: "https://lora.domain.tld/oauth/logout"
    client-id: ""   # Generate UUID
    client-secret: "" # Generate UUID

# If Application Server enabled, defaults for "lora.domain.tld":
#as:
#  mqtt:
#    public-address: "lora.domain.tld:1883"
#    public-tls-address: "lora.domain.tld:8883"
#  webhooks:
#    downlink:
#      public-address: "lora.domain.tld:1885/api/v3"

# If Device Claiming Server enabled, defaults for "lora.domain.tld":
#dcs:
#  oauth:
#    authorize-url: "https://lora.domain.tld/oauth/authorize"
#    token-url: "https://lora.domain.tld/oauth/token"
#    logout-url: "https://lora.domain.tld/oauth/logout"
#    client-id: "device-claiming"
#    client-secret: "device-claiming" # choose or generate a secret
#  ui:
#    canonical-url: "https://lora.domain.tld/claim"
#    as:
#      base-url: "https://lora.domain.tld/api/v3"
#    dcs:
#      base-url: "https://lora.domain.tld/api/v3"
#    is:
#      base-url: "https://lora.domain.tld/api/v3"
#    ns:
#      base-url: "https://lora.domain.tld/api/v3"