Streembit back-end application.
This application is the Streembit back-end process. Depending on the configuration settings the application can run as
- A Streembit Kademlia node
- A Streembit client application
- A Streembit IoT application
- A Streembit blockchain application
Dependencies
Get the dependencies with
$ npm installWindows note: In case of leveldown or any any node-gyp error provide a correct msvs_version build parameter e.g.
npm install leveldown --msvs_version=2015In order to run the application a configuration file config.json must exists in the root directory of the project.
A typical configuration file is the following:
{
"database_name": "streembitsql",
"cmdinput": false,
"seeds": [],
"transport": {
"host": "182.120.242.165",
"port": 32319,
"ws": {
"port": 32320,
"maxconn": 10000
},
"kad": {
"host": "182.120.242.165",
"port": 32321
},
},
"limits": {
"refresh": 3600,
"replicate": 3600,
"republish": 86400,
"expire": 86405,
"timeout": 5
},
"modules": [
{
"name": "seed",
"run": true
},
{
"name": "client",
"run": false,
"account": "",
"contacts": []
},
{
"name": "blockchain",
"run": false
},
{
"name": "iot",
"run": false,
"serialport": "/dev/ttyS0",
"protocols": [
{
"name": "zigbee",
"chipset": "xbee"
},
{
"name": "zwave"
},
{
"name": "6lowpan"
}
],
"devices": [
{
"type": 1,
"protocol": "zigbee",
"mcu": "xbee",
"id": "0013a20041679c00",
"name": "Streembit Hub",
"permission": 1,
"details": {
"manufacturername": "ZoVolt",
"modelidentifier": "ZOVOLT-P2PIOTHUB-01",
"hwversion": "0001",
"protocol": "Zigbee",
"security": "ECC PPKI",
"NFC": true,
"endpoint": 2
}
}
]
},
{
"name": "dns",
"run": true,
"host": "srv.streembit.net",
"port": 8080
}
],
"log": {
"level": "debug",
"logs_dir": "logs"
}
}Password: To decrypt account information in the SQLITE database.
Provide password in the command line using --pwd (or --pwd=) command line switch. Once you initially setup password use this the same password in further script start ups.
See "node streembit.js --help" for more command line arguments.
Fields:
The "database_name" field: This is the SQLITE database name. Default value is "streembitsql". You may change it for production or for testing purpose. For using different databases in production or testing.
When the "cmdinput" field is true the application can recieve commands via the terminal. Also, when the "cmdinput" field is true the terminal logs are disabled and only file based log is enabled.
The "transport" field:
protocol: default value is "http".
host: IP address or domain name for the HTTP listener.
For seed node: Since The Kademlia contact is the composite of IP address and port, if the application run as a Kademlia seed node this field is required and must be an IP address.
port: Port for the http listener. Default value is 32319
"ws" section:
ws.port: Port for the websocket listener. Default value is 32320.
"kad" section: defines the Kademlia network parameters
kad.port: Port for the Kademlia TCP listener. Default value is 32321.
kad.host: IP address or domain name for the Kademlia TCP listener.
Seeds: Array of Streembit Kademlia seed nodes.
The format is
[
{
"id": "b925f073406a991a38361672660fc4ccae88d457",
"host": "192.168.0.10",
"port": 32322
}
]The "id" field is the e Rmd160 hash of the seed's public key. The host and port where the seed node listen for connections.
The "Limits" section of the configuration determines time interval values of various KAD operations.
"Limits" intervals (values are in seconds):
refresh: Interval for performing router refresh, Default value is 3600
replicate: Interval for replicating local data, Default value is 3600
republish: Interval for republishing data, Default value is 86400
expire: Interval for expiring local data entries, Default value is 86405
timeout: Time to wait for RPC response, Default value is 5
Modules: This section defines how the application will be executed. Whether it is seed, client, IoT node or a blockchain node. The "run" flag of each module defines whether or not execute the module. Both "seed" and "client" cannot be defined, it must be either "seed" or "client".
The role of the DNS module is to manage dynamic DNS updates for the domain name based host field. The DNS module defines the parameters of a dynamic DNS service. This module is used in case if you define a domain name at the transport.host field and network router uses DHCP. Using DHCP the DNS A record of the doomain name (host) must be updated upon the start of this CLI application. By default the application uses srv.streembit.net:8080. Most CLI will define a static IP address at the host field. In case if an IP address is defined at the transport.host field then you must remove the DNS module from the configuration file.
Log: logger settings.
Create a Kademlia network for test and development
When do you need to execute this step and experiment with the Kademlia network?
- If you want to understand better how the Streembit Kademlia network works
- If you want to develop the UI and connect to a local Kademlia network
Do you need this for Streembit IoT module and to run the Streembit IoT module on a Raspberry PI? No. If you want to run the Streembit IoT handler please skip this section and move to the "Streembit IOT Handler" section.
For test and development purposes to create a basic Kademlia network at least two nodes must exist on the network. To run multiple nodes on a computer, do the the following steps:
- In step 1 we need to create a streembit-cli application, this will be seed No. 1, the first seed node of the Kademlia network. The "port" of the config.json file can be default port 32321. The "host" field of the config.json file must be defined. For development purposes it should be your local IP like 192.168.xxx.xxx or even just 127.0.0.1. The "account" field can be anything, such as "seed1". The "seeds" field of the config is an empty array. Run the application, with
$ node streembit --pwd PASSWORD
OR
$ node streembit --pwd=PASSWORD In a case you start a pm2 instance of the app you should also provide a valid password
The console and the log files should display a warning log "there are no seeds defined, the node is not connected to any seeds" which indicates there are no seeds defined.
- In step 2, clone streembit-cli to an other directory (or copy the existing one). This will be the second seed of the Kademlia network. Set the port to 32322. Since this is a TCP listening port it must be different than the port of seed 1 node. Define the seeds array in the config file. The seed is the instance that is described at point No. 1. The seed config settings:
{
"seeds": [
{
"id": "b925f073406a991a38361672660fc4ccae88d457",
"host": "192.168.0.10",
"port": 32321
}
]
}The host is your machine's local IP so it might different than 192.168.0.10. The "id" field of the seed must be the Rmd160 hash of the seed's public key. Run the application with
$ node streembit --pwd PASSWORDAt this point seed No. 2 will try to connect to seed No. 1. Upon successful connection you should see debug messages on the console as well as in the log files of seed No. 1. These are debug messages related to FIND_NODE Kademlia operations. "debug: received FIND_NODE from {'publickey': '...' } The public key of the message is the public key of seed No. 2 that is logged to the console and log file during startup. The FIND_NODE messages indicates that the Kademlia network is formed.
Once the Kademlia network is operational the Streembit UI application can connect to the network.
Set the "cmdinput" field to true in the config.json configuration file to intiate the command line handler. The command line handler accepts commands from the terminal. In "cmdinput" mode once the application is initialized there is a command prompt displayed: "Enter command type:"
Add user
Enter the "usr" command type at the command prompt.
$ usrThe "Enter users command:" prompt will appear. Enter "add" to the command prompt.
$ addAnswer the prompt by typing the user name, public key, whether or not the user is an admin (1 or 0 value). The public key is the long PKI public key format that you can get from the Public key column of the "Account/network info" view, accessbile from the "Tools" menu at the Streembit UI application.
To manage your IoT devices on Streembit a few additional configuration steps are required to be done.
Users control IoT end devices using the Streembit User Interface (UI) application and the IoT gateway. The IoT gateway acts as a bridge between the UI and the IoT end devices. That means the IoT gateway must provide an interface for incoming IoT requests. We do this via either the HTTP or HTTPS transport protocols, and the gateway listens for incoming connections using either HTTP or HTTPS.
When should I use the HTTPS protocol? Currently, modern browsers increasingly enforce HTTPS. Many browser functionalities available only via the HTTPS protocol. HTTPS on the UI side means that the IoT Gateway must use a domain name and third-party SSL certificate (modern browsers don't support self-signed SSL certificates). Seeing the current trends, we feel the Gateway must support HTTPS connections. Also, many businesses and government organisations IT & security policies requires to use SSL certificates. We aim to enable the gateway to operations where the security policies requires SSL certificates.
What are the requirements for the HTTPS configuration? HTTPS requires a domain name and a third party signed SSL certificate.
Can I run the Gateway without a domain name and SSL certificate? Yes, the gateway can be configured using the HTTP protocol without an SSL certificate. We understand many home users cannot manage domain names and SSL certificates. Also, domain names and SSL certificates introduce an additional level of dependency on registrars and DNS service providers. Streembit aims to create a peer-to-peer connection between users and IoT devices. Relying on domain name registrars and DNS providers contradicts the P2P idea to a certain extent.
Does the HTTP connection and lack of SSL certificate compromise security? It is not. The IoT Gateway is configured with a unique PKI key pair. The UI user must know and configure the Gateway on the UI using the unique public key of the gateway. The identity of the gateway is verified via the PKI public key. Therefore the lack of SSL certificate do not compromise security. All transport packets are end-to-end encrypted on Streembit using PKI based ECDH or symmetric cryptoraphy. The symmetric end-to-end encryption is AES256 and it uses 512-bit strong cryptography keys. Using the combination of PKI Network sniffers or third party observers/intruders unable to decipher the end-to-end encrypted messages. Using tested, robust and strong cryprography methods we can achieve military grade security on a home IoT network without SSL certificates.
So which configuration options should I use HTTP or HTTPS? It is entirely depending on the user policies, preferences and capabilities. Both options can secure IoT devices adequatelly.
Options #1 and #2 of step 1 below describe each configuration.
Step 1
Option 1. With a domain and SSL certificates, via HTTPS.
The connection between the UI and the gateway are WSS and HTTPS. Therefore SSL certificates must be deployed and configured on the gateway. The configuration must be saved in the config.json file.
First obtain an SSL certificate for your domain name from a third party certificate provider. Include the certificate files in the ssl folder.
** Required files **
- CA: ssl/DOMAIN.ca-bundle.crt
- Certificate: ssl/DOMAIN.crt
- Key: ssl/DOMAIN.key
Adjust corresponding section in the configuration file to look like this:
"transport": {
...
"ssl": true,
"ca": "ssl/DOMAIN_NAME.ca-bundle.crt",
"cert": "ssl/DOMAIN_NAME.crt",
"key": "ssl/DOMAIN_NAME.key"
}Option 2. Without SSL, via HTTP
The transport section in config.json file must be configured the following:
"transport": {
...
"ssl": false
}Step 2
Make sure you modify your config.json according to this example
{
"database_name": "streembitsql",
"cmdinput": true,
"seeds": [
{
"id": "b925f073406a991a38361672660fc4ccae88d457",
"host": "seed.streembit.uk",
"port": 32319
}
],
"transport": {
"protocol": "http",
"host": "domain name OR ip address OR empty string ",
"port": 32319,
"ws": {
"port": 32320
},
"ssl": false,
"ca": "ssl/aaaaz.streembit.org.ca-bundle.crt",
"cert": "ssl/aaaaz.streembit.org.crt",
"key": "ssl/aaaaz.streembit.org.key"
},
"limits": {
"refresh": 3600,
"replicate": 3600,
"republish": 86400,
"expire": 86405,
"timeout": 5
},
"modules": [
{
"name": "seed",
"run": false
},
{
"name": "client",
"run": true
},
{
"name": "blockchain",
"run": false
},
{
"name": "iot",
"run": true,
"serialport": "/dev/ttyS0",
"protocols": [
{
"name": "zigbee",
"chipset": "xbee"
},
{
"name": "zwave"
},
{
"name": "6lowpan"
}
],
"devices": [
{
"type": 1,
"protocol": "zigbee",
"mcu": "xbee",
"id": "0013a20041679c00",
"name": "Streembit Hub",
"permission": 1,
"details": {
"manufacturername": "ZoVolt",
"modelidentifier": "ZOVOLT-P2PIOTHUB-01",
"hwversion": "0001",
"protocol": "Zigbee",
"security": "ECC PPKI",
"NFC": true,
"endpoint": 2
}
}
]
},
{
"name": "dns",
"run": true,
"host": "srv.streembit.net",
"port": 8080
}
],
"log": {
"level": "debug",
"logs_dir": "logs"
}
}For IoT node: the transport.host field can be the following:
- IP address - type the valid public static IP adddress of your device. The Streembit UI will try to connect to the IoT node via this static public IP address.
- Domain name - type a domain name which DNS services is configured. The Streembit UI will connect to the IoT node via this domain name.
- "" - empty string. By configuring the device with this option and define an empty string i.e "", the application will try to resolve the external (public) IP address of the device. The Streembit UI will connect to the IoT node via this resolved public IP address.
Notice that we are using domain names instead of IP addresses for the ssl cert configuration. This is important. Also there must be at least one valid seed, as well as run value in client and iot modules set to 'true'.
Step 3
To allow connection to this IoT CLI instance, a user must be defined and saved in the CLI local database.
In order to do this, open your Streembit UI, open "Tools" > "Account/network info" and copy the public key value.
At the CLI to allow command prompt input set the "cmdinput" parameter to "true". Start the app by entering
$ node streembit --pwd=PASSWORDenter
usrthen
addand follow the prompts. Public key is the only mandatory field and you should fill it with your PKI public key which was copied from the UI.
Step 4
Once the user is successfully added, stop the cli app. Open config.json and change "cmdinput" to false.
Restart the app with the following command:
$ node streembit --pwd=PASSWORD --dataCopy the value of the BS58 public key of the hub (must be the last string of the output, or close to the last).
At the UI you must add this Hub to your IoT Hub list. Click on the "IoT Devices" menu item and click on "Create IoT Hub". Enter the IoT device ID. This is usually the Zigbee MAC of your device that sits top on the streembit-cli Raspberry Pi (such as the Zovolt Zigbee gateway). Enter the device name and copy the BS58 public key of the streembit-cli that you gathered in the previous step. Click on Save and the web application should connect to your streembit-cli IoT instance.
The created IoT Hub should appear on the devices view that is accessible from the "My devices" link.
Step 5
Configuring Raspberry PI to run as IoT using streembit-cli repo.
Once you have Raspbian OS installed and running on your device, create a new user (say, uiot) and clone the repo into arbitrary folder under this user namespace. eg, /home/uiot/sreembit-cli
Follow all the aforementioned steps
Now we need to make the app automatically start on system boot up. To acheive this first start app with PM2
$ node pm2start --pwd=YOUR_PASSWORDa quick side note: since pm2 was not installed globally but rather as a node dependency the path executable would be ./node_modules/pm2/bin/pm2
after the app successfully executed (make sure of it by looking at pm2 logs) first stop it by using
./node_module/pm2/bin/pm2 delete allthen do
sudo env PATH=$PATH:/home/uiot/streembit-cli/node_modules/pm2/bin pm2 startup -u uiot --hp /home/uiot/next, execute
/home/uiot/streembit-cli/node_modules/pm2/bin pm2 savereplace uiot with a username of your choice and check for the correctness of the path
Now, it is time to reboot OS and check if the app was autostarted by pm2 daemon you can do it with
/home/uiot/streembit-cli/node_modules/pm2/bin pm2 list