Install Genie ACS Back-end & GUI (Front-end) on Debian 9
Buy domain and install let's encrypt with nginx.
sudo certbot --authenticator standalone --installer nginx -d example.com --pre-hook “service nginx stop” --post-hook “service nginx start”
cd /home/user
git clone https://github.com/zaidka/genieacs.git
cd genieacs
git checkout $(git tag -l v1.1.* --sort=-v:refname | head -n 1)
npm install
npm run compile
bin/genieacs-cwmp
bin/genieacs-nbi
git clone https://github.com/zaidka/genieacs-gui.git
cd genieacs-gui
cp config/graphs-sample.json.erb config/graphs.json.erb &&
cp config/index_parameters-sample.yml config/index_parameters.yml &&
cp config/summary_parameters-sample.yml config/summary_parameters.yml &&
cp config/parameters_edit-sample.yml config/parameters_edit.yml &&
cp config/parameter_renderers-sample.yml config/parameter_renderers.yml &&
cp config/roles-sample.yml config/roles.yml &&
cp config/users-sample.yml config/users.yml
rake db:create
RAILS_ENV=development rake db:migrate
sudo apt install zlib1g-dev
sudo gem install nokogiri -v '1.6.8'
bundle
nohup rails s --binding 0.0.0.0 --port 3000 -e development &
- Connecting CPE to ACS
See https://github.com/genieacs/genieacs/wiki/GenieACS-Auth-Config.
{
"MONGODB_CONNECTION_URL" : "mongodb://127.0.0.1/genieacs",
"REDIS_PORT" : "6379",
"REDIS_HOST" : "127.0.0.1",
"CWMP_INTERFACE" : "127.0.0.1",
"CWMP_PORT" : 7547,
"NBI_INTERFACE" : "127.0.0.1",
"NBI_PORT" : 7557,
"FS_INTERFACE" : "127.0.0.1",
"FS_PORT" : 7567,
"FS_HOSTNAME" : "acs.fakeserver.net",
"FS_SSL" : true,
"LOG_INFORMS" : true,
"DEBUG" : false
}
nohup /genieacs-gui/bin/rails s -p 8080 -b 127.0.0.1
# Redirect all http gui requests to https gui
server {
listen 80;
server_name acs.fakeserver.xyz;
access_log /var/log/nginx/acs.fakeserver.xyz.cwmp.gui.log combined;
error_log /var/log/nginx/acs.fakeserver.xyz.cwmp.gui.log;
return 301 https://$server_name$request_uri;
return 301 http://$server_name$request_uri;
# Redirect non-https traffic to https
# if ($scheme != "https") {
# return 301 https://$host$request_uri;
# } # managed by Certbot
}
# Redirect all gui requests to local gui service
server {
listen 118.97.192.154:443;
server_name acs.fakeserver.xyz;
ssl on;
ssl_certificate_key /etc/letsencrypt/live/acs.fakeserver.xyz/privkey.pem; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/acs.fakeserver.xyz/fullchain.pem; # managed by Certbot
access_log /var/log/nginx/acs.fakeserver.xyz.cwmp.gui.log combined;
error_log /var/log/nginx/acs.fakeserver.xyz.cwmp.gui.log;
client_max_body_size 50M;
location / {
proxy_pass http://127.0.0.1:8080;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header Host $host;
#proxy_http_version 1.1;
#proxy_set_header Upgrade $http_upgrade;
#proxy_set_header Connection 'upgrade';
#proxy_cache_bypass $http_upgrade;
}
}
# Redirect all nbi requests to local nbi service
server {
listen 118.97.192.154:7557;
server_name acs.fakeserver.xyz;
ssl on;
ssl_certificate_key /etc/letsencrypt/live/acs.fakeserver.xyz/privkey.pem; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/acs.fakeserver.xyz/fullchain.pem; # managed by Certbot
access_log /var/log/nginx/acs.fakeserver.xyz.nbi.log combined;
error_log /var/log/nginx/acs.fakeserver.xyz.nbi.log;
location / {
proxy_pass http://127.0.0.1:7557;
#proxy_http_version 1.1;
#proxy_set_header Upgrade $http_upgrade;
#proxy_set_header Connection 'upgrade';
#proxy_set_header Host $host;
#proxy_cache_bypass $http_upgrade;
proxy_set_header Authorization "";
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/ms-htpasswd;
}
}
#Redirect all cwmp requests to local cwmp service
server {
listen 118.97.192.154:7547;
server_name acs.fakeserver.xyz;
ssl on;
ssl_certificate_key /etc/letsencrypt/live/acs.fakeserver.xyz/privkey.pem; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/acs.fakeserver.xyz/fullchain.pem; # managed by Certbot
access_log /var/log/nginx/acs.fakeserver.xyz.cwmp.log combined;
error_log /var/log/nginx/acs.fakeserver.xyz.cwmp.log;
location / {
proxy_pass http://127.0.0.1:7547;
#proxy_http_version 1.1;
#proxy_set_header Upgrade $http_upgrade;
#proxy_set_header Connection 'upgrade';
#proxy_set_header Host $host;
#proxy_cache_bypass $http_upgrade;
proxy_set_header Authorization "";
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/ms-htpasswd;
}
}
# Redirect all fs requests to local fs service
server {
listen 118.97.192.154:7567;
server_name acs.fakeserver.xyz;
ssl on;
ssl_certificate_key /etc/letsencrypt/live/acs.fakeserver.xyz/privkey.pem; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/acs.fakeserver.xyz/fullchain.pem; # managed by Certbot
access_log /var/log/nginx/acs.fakeserver.xyz.fs.log combined;
error_log /var/log/nginx/acs.fakeserver.xyz.fs.log;
location / {
proxy_pass http://127.0.0.1:7567;
#proxy_http_version 1.1;
#proxy_set_header Upgrade $http_upgrade;
#proxy_set_header Connection 'upgrade';
#proxy_set_header Host $host;
#proxy_cache_bypass $http_upgrade;
proxy_set_header Authorization "";
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/ms-htpasswd;
}
}
Create links for cert and key file:
cd genieacs/config/
sudo cp /etc/letsencrypt/live/acs.realserver.xyz/fullchain.pem fs.crt
sudo cp /etc/letsencrypt/live/acs.realserver.xyz/privkey.pem fs.key
Create /etc/nginx/ms-htpasswd with the format described here.
- Troubleshooting on GenieACS-GUI
Install GenieACS for Supervisor
Berkas genieacs-gui.conf.
[program:genieacs-gui]
directory=/home/user/genieacs-gui
command=/home/user/genieacs-gui/bin/rails s -p 8080 -b 127.0.0.1
autostart=true
autorestart=true
stdout_logfile=/var/log/genieacs-gui.out.log
stderr_logfile=/var/log/genieacs-gui.err.log
user=user
Berkas genieacs-nbi.conf.
[program:genieacs-nbi]
directory=/home/user/genieacs
command=/home/user/genieacs/bin/genieacs-nbi
autostart=true
autorestart=true
stdout_logfile=/var/log/genieacs-nbi.out.log
stderr_logfile=/var/log/genieacs-nbi.err.log
user=user
Berkas genieacs-fs.conf.
[program:genieacs-fs]
directory=/home/user/genieacs
command=/home/user/genieacs/bin/genieacs-fs
autostart=true
autorestart=true
stdout_logfile=/var/log/genieacs-fs.out.log
stderr_logfile=/var/log/genieacs-fs.err.log
user=user
Berkas genieacs-cwmp.conf.
[program:genieacs-cwmp]
directory=/home/user/genieacs
command=/home/user/genieacs/bin/genieacs-cwmp
autostart=true
autorestart=true
stdout_logfile=/var/log/genieacs-cwmp.out.log
stderr_logfile=/var/log/genieacs-cwmp.err.log
user=user
Tambahkan ke konfigurasi Supervisor.
sudo ln -s /home/user/genieacs-gui/genieacs-gui.conf /etc/supervisor/conf.d/
sudo ln -s /home/user/genieacs/genieacs-nbi.conf /etc/supervisor/conf.d/
sudo ln -s /home/user/genieacs/genieacs-fs.conf /etc/supervisor/conf.d/
sudo ln -s /home/user/genieacs/genieacs-cwmp.conf /etc/supervisor/conf.d/
Aktifkan konfigurasi
sudo supervisorctl reread &&
sudo supervisorctl update &&
sudo superisorctl status
Memodifikasi Pengguna
Untuk memodifikasi pengguna pada panel GUI Genie ACS bisa dilakukan pada berkas genieacs-gui/config/users.yml.
Sampel Requests
Misal dari klien ke server.
curl -v -X POST -u admin:admin https://acs.fakeserver.xyz:7547 -d @/home/sob/cpe/r1.xml
Isi berkas r1.xml .
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:cwmp="urn:dslforum-org:cwmp-1-0">
<SOAP-ENV:Header>
<cwmp:ID SOAP-ENV:mustUnderstand="1">24</cwmp:ID>
</SOAP-ENV:Header>
<SOAP-ENV:Body>
<cwmp:Inform>
<DeviceId>
<Manufacturer>ZTE</Manufacturer>
<OUI>74B57E</OUI>
<ProductClass>F609</ProductClass>
<SerialNumber>ZTEAAAABBBBCCCC</SerialNumber>
</DeviceId>
<Event SOAP-ENC:arrayType="cwmp:EventStruct[1]">
<EventStruct>
<EventCode>2 PERIODIC</EventCode>
<CommandKey></CommandKey>
</EventStruct>
</Event>
<MaxEnvelopes>1</MaxEnvelopes>
<CurrentTime>1970-01-01T19:21:41</CurrentTime>
<RetryCount>0</RetryCount>
<ParameterList SOAP-ENC:arrayType="cwmp:ParameterValueStruct[8]">
<ParameterValueStruct>
<Name>InternetGatewayDevice.DeviceSummary</Name>
<Value xsi:type="xsd:string">InternetGatewayDevice:1.0[](Baseline:1, EthernetLAN:4,FE:0,GE:4,WiFi:1, PONWAN:1, Voip:2, Time:1, IPPing:1)</Value>
</ParameterValueStruct>
<ParameterValueStruct>
<Name>InternetGatewayDevice.DeviceInfo.SpecVersion</Name>
<Value xsi:type="xsd:string">1.0</Value>
</ParameterValueStruct>
<ParameterValueStruct>
<Name>InternetGatewayDevice.DeviceInfo.HardwareVersion</Name>
<Value xsi:type="xsd:string">V5.2</Value>
</ParameterValueStruct>
<ParameterValueStruct>
<Name>InternetGatewayDevice.DeviceInfo.SoftwareVersion</Name>
<Value xsi:type="xsd:string">V5.2.10P3T32</Value>
</ParameterValueStruct>
<ParameterValueStruct>
<Name>InternetGatewayDevice.DeviceInfo.ProvisioningCode</Name>
<Value xsi:type="xsd:string">TLCO.GRP2</Value>
</ParameterValueStruct>
<ParameterValueStruct>
<Name>InternetGatewayDevice.ManagementServer.ConnectionRequestURL</Name>
<Value xsi:type="xsd:string">http://180.253.15.28:58000</Value>
</ParameterValueStruct>
<ParameterValueStruct>
<Name>InternetGatewayDevice.ManagementServer.ParameterKey</Name>
<Value xsi:type="xsd:string">unsetCommandKey</Value>
</ParameterValueStruct>
<ParameterValueStruct>
<Name>InternetGatewayDevice.WANDevice.1.WANConnectionDevice.1.WANPPPConnection.2.ExternalIPAddress</Name>
<Value xsi:type="xsd:string">180.253.15.28</Value>
</ParameterValueStruct>
</ParameterList>
</cwmp:Inform>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
Isi respon.
<?xml version="1.0" encoding="UTF-8"?>
<soap-env:Envelope xmlns:soap-enc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:soap-env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:cwmp="urn:dslforum-org:cwmp-1-0">
<soap-env:Header>
<cwmp:ID soap-env:mustUnderstand="1">24</cwmp:ID>
</soap-env:Header>
<soap-env:Body>
<cwmp:InformResponse>
<MaxEnvelopes>1</MaxEnvelopes>
</cwmp:InformResponse>
</soap-env:Body>
</soap-env:Envelope>
Referensi