(this can take a while on a raspberry pi)
git clone https://github.com/Roaders/rpi-garage-door.git
cd rpi-garage-door
npm install
npm run build
mkdir rpi-garage-door
cd rpi-garage-door
wget -O /tmp/z.$$ https://github.com/Roaders/rpi-garage-door/releases/download/[LATEST_VERSION]/garage-door-opener-[LATEST_VERSION].tgz
tar -zxvf /tmp/z.$$ --strip-components=1
rm /tmp/z.$$
npm rebuildOr do the above steps with one script:
mkdir rpi-garage-door
cd rpi-garage-door
bash <(curl -sL https://raw.githubusercontent.com/Roaders/rpi-garage-door/master/update-release.sh)this script:
- Downloads the latest release page
- uses wget to download the referenced tar
- stops the
garage-doorservice - extracts the tar
- rebuilds epoll (tar is compiled on 64 bit machine, most pis are 32 bit)
- cleans up downloaded files
- starts
garage-doorservice
npm run create-user
npm run check-user
npm run generate-secret
npm run start-prod
sudo systemctl status garage-doorsudo systemctl stop garage-doorsudo systemctl start garage-doorjournalctl -u garage-doorCreate /etc/systemd/system/garage-door.service:
[Service]
WorkingDirectory=/home/pi/git/rpi-garage-door
ExecStart=npm run start-prod
Restart=always
StandardOutput=syslog
StandardError=syslog
SyslogIdentifier=garage-door
User=pi
Group=pi
Environment=NODE_ENV=production
[Install]
WantedBy=multi-user.target
and enable the service:
sudo systemctl enable garage-door.serviceInstall certbot:
sudo apt-get install certbotcreate certificate:
sudo certbot certonly --standalone(port 80 needs to be forwarded to your pi) follow instructions
If it works we get the following message:
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/MYDOMAIN/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/MYDOMAIN/privkey.pem
Your cert will expire on 2020-10-10. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
"certbot renew"
copy /etc/letsencrypt/live/MYDOMAIN/fullchain.pem and /etc/letsencrypt/live/MYDOMAIN/privkey.pem into .env file in root of web server:
keyPath=/etc/letsencrypt/live/MYDOMAIN/privkey.pem
certificatePath=/etc/letsencrypt/live/MYDOMAIN/fullchain.pem
make cert files readable:
sudo chmod -R a+r /etc/letsencrypt/archive/MY_DOMAINedit deploy hook:
sudo nano /etc/letsencrypt/renewal/MY_DOMAIN.confand add the restart command:
# Options used in the renewal process
[renewalparams]
account = PRE_POPULATED
authenticator = PRE_POPULATED
server = PRE_POPULATED
renew_hook = systemctl restart garage-door
(this should happen automatically)
sudo certbot renewdry run
sudo certbot renew --dry-runforce (to test server restart)
sudo certbot renew --force-renewalthis will only work a limited number of times a day due to rate limiting. Use dry run first.
This app covers quite a bit of ground and in building it I had to learn a lot of stuff:
- Controlling hardware with RPI gpio pins and sensing state (with reed switches) and using rpi camera
- How to issue and renew secure certificates and apply them to a dynamic IP address
- How to securely store user passwords with bcrypt
- How to work with access tokens and renew them with refresh tokens
- How to secure nest endpoints with authguards
- jwt (json web tokens) for signing access and refresh tokens
- securing angular routes with auth guards
- setting up push messags with Socket IO and consuming from node and angular apps
- how to setup and run an app as a linux service
- how to write linux bash scripts