Install Mideye Server 5 on Debian/Ubuntu Linux

Overview

This guide walks you through installing Mideye Server 5 on Debian or Ubuntu Linux. You’ll learn how to install the DEB package, configure MySQL 8, set up firewall rules with nftables, and start the Mideye services.

What this guide covers:

Installing the Mideye Server DEB package
Setting up MySQL 8 database with legacy authentication
Configuring application-prod.yml
Opening firewall ports with nftables
Enabling and starting the mideyeserver service

Make sure that the requirements in the Pre-install checklist are met before continuing with the installation.

Installing MideyeServer consists of the following steps:

Install MideyeServer Package.
Install a database.
Configure MideyeServer application-prod.yml.
Open firewall ports.
Configure MideyeServer.

Install MideyeServer

Update Debian server.
Terminal window
```
sudo apt-get update
sudo apt-get upgrade
```
Download appropriate MideyeServer deb package from Mideye Server Downloads

Copy the deb package to the debian server.

scp ~/Downloads/MideyeServer-5.6.2-7710_all.deb username@10.20.30.40:/tmp/

Install the MideyeServer package.

sudo apt-get install /tmp/MideyeServer-5.6.2-7710_all.deb

Install SQL-Server

Install gnupg.

sudo apt-get update
sudo apt-get install gnupg

Install MySQL Config.

cd /tmp
wget https://dev.mysql.com/get/mysql-apt-config_0.8.20-1_all.deb
sudo dpkg -i mysql-apt-config_0.8.20-1_all.deb

make sure mysql-8.0 is selected under MySQL Server & Cluster (Currently selected: mysql-8.0) and press ok.
Install MySQL Server.
Terminal window
```
sudo apt-get update
sudo apt-get install mysql-server
```
- During the installation you need to set a root password for the MySQL Server.
- During the installation you need to select authentication plugin. Select Use Legacy Authentication Method (Retain MySQL 5.x Compatibility).
- Currently there is no support for the new SQL 8 authentication method.
- After the installation verify Mysql-Server is running sudo systemctl status mysql.

Configure SQL-Server

Create database and user for MideyeServer.

Start with connecting to the database from the shell.

mysql -uroot -p
Enter password: <password you set during installation>

Then execute following SQL commands. Change username and password for production environments.

CREATE DATABASE MideyeServer_DB CHARACTER SET utf8  COLLATE utf8_swedish_ci;
CREATE USER 'mideye'@'localhost' IDENTIFIED BY 'user_password';
GRANT ALL PRIVILEGES ON MideyeServer_DB.* TO  'mideye'@'localhost';
FLUSH PRIVILEGES;
EXIT

Configure MideyeServer database connection. vim /opt/mideyeserver/config/application-prod.yml

Add following to configuration file, change username and password to those set in the previous step.
```
        url: jdbc:mariadb://localhost:3306/MideyeServer_DB
        username: mideye
        password: user_password
```
Syntax is very important in yml files. If the spaces are not correct the server will not start.
Server is installed and database is configured. It is time to enable and start the service.
Terminal window
```
systemctl enable mideyeserver
systemctl restart mideyeserver
```

Configure Mideye Server

Mideye Server is configured through the Mideye Web GUI which by default uses port HTTPS/8443 in Linux. Example address:
https://mideyeserverip:8443
First visit will show the setup wizard. Here you can choose between configuring a new installation as described in the Configuration Wizard, or importing data from an old installation as described in the Migration Wizard.

Further instructions for configuration in the webportal can be found in the Reference guide.

Configure Firewall

Debian 11 default firewall is nftables.

Open tcp/8443 and udp/1812 in nftables

iptables-nft -A INPUT -p tcp --dport 8443 -j ACCEPT
iptables-nft -A INPUT -p udp --dport 1812 -j ACCEPT

If no iptables are enabled. Here is an example config.

sudo iptables-nft -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
sudo iptables-nft -A INPUT -i lo -j ACCEPT
sudo iptables-nft -A INPUT -p tcp --dport 8443 -j ACCEPT
sudo iptables-nft -A INPUT -p udp --dport 1812 -j ACCEPT
sudo iptables-nft -A INPUT -p tcp --dport 22 -j ACCEPT
sudo iptables-nft -A INPUT -j DROP

To make the rules persistent please install iptables-persistent.

sudo apt-get install iptables-persistent

Save the iptables.

sudo iptables-save > /etc/iptables/rules.v4

Backup

Backup Mideye Server file system

To take a backup of the Mideye Server, copy or compress the whole Mideye Server installation directory. The default directory is:

/opt/mideyeserver

Backup Database

To take a backup of the Mideye Server database on MySQL, run the following command:

# mysqldump -u[username] -p[password] [database name] > mideye_backup.sql

where [username]/[password] are the database login credentials.

Upgrade

Mideye Server 4.x to 5.x

It is not possible to do a straight upgrade from Mideye Server 4.x to 5.x. Please see Upgrade Mideye Server 4.x to 5.x for more information.

Mideye Server 5.x to 5.x

Before proceeding with an upgrade, take a backup of the Mideye Server file system and the Mideye database. Some files containing customized settings may need to be replaced after the update.

Note: To execute the installation/upgrade package, local administrator privileges are required.

Update Mideye Server

To update the Mideye Server download the appropriate Mideye Server deb package from Mideye Server Downloads. Then run the file according to the example below:

apt update /path/to/mideyeserver_newversion-build-xenial.deb

After the Mideye Server is updated restart the Mideye Server service.

systemctl restart mideyeserver

Uninstall

To uninstall the Mideye Server run:

apt remove mideyeserver

Removing the Mideye Server keeps the database, configuration and log files intact. These can be removed manually.

Troubleshooting

Files

MideyeServer Home: /opt/mideyeserver
log-config: /opt/mideyeserver/config/logback.xml
logs: /opt/mideyeserver/log/mideyeserver.log
error-logs: /opt/mideyeserver/log/mideyeserver.error
config-file: /opt/mideyeserver/config/application-prod.yml
certificates: /opt/mideyeserver/config/keystore.p12
systemd-service: /etc/systemd/system/mideyeserver.service

Service ports

MideyeServer needs two ports to start correctly. A port for WebGUI and a port for RADIUS traffic. The WebGUI Port can be changed.

Webgui: tcp/8443
RADIUS: udp/1812

Verify that MideyeServer is listetning on the ports with netstat.

verify WebGUI 8443 port: netstat -tnlp
verify RADIUS 1812 port: netstat -unlp

If netstat is not installed it can be installed with following command.

sudo apt-get update
sudo apt-get install net-tools

MideyeServer Service

Check if MideyeServer is running

root@myvm:~# systemctl status mideyeserver
● mideyeserver.service - Mideye Server Service
     Loaded: loaded (/etc/systemd/system/mideyeserver.service; enabled; vendor preset: enabled)
     Active: active (running) since Tue 2021-11-16 09:32:59 UTC; 10min ago

Verify in the logs that MideyeServer Is running.

First time MideyeServer is started there should be a SETUP CHALLENGE in the logs.

2021-11-16 09:49:20.636Z INFO  [main] RadiusServerService: loaded
2021-11-16 09:49:20.796Z WARN  [main] SetupService: ************************************
2021-11-16 09:49:20.797Z WARN  [main] SetupService: ******* SETUP CHALLENGE: sCTtlFTEZk
2021-11-16 09:49:20.797Z WARN  [main] SetupService: ************************************
2021-11-16 09:49:21.725Z INFO  [main] AuthenticationLogCleanupService: OnLoaded: cronExpression: [0 0 * * * *]

When MideyeServer is listening for webtraffic it will show following in the logs.

2021-11-16 09:49:27.145Z INFO  [main] MideyeServerApp:
----------------------------------------------------------
    Application MideyeServer is running! Access URLs:
    Local:     https://localhost:8443
    External:   https://127.0.0.1:8443
    Profile(s):   [prod]
----------------------------------------------------------

Server not starting

If nothing shows up in the logs when starting the server the Database Fail Timeout in application-prod.yml could be changed to get a faster fail. Change 3600000 to 10000. Restart mideyeserver and check the logs after 10 seconds.

initializationFailTimeout: 10000

Error message: ERROR [XNIO-2 task-19] HikariPool: HikariPool-2 - Exception during pool initialization.java.sql.SQLException: Login failed for user 'user.name'.

This error message is due to invalid credentials to the SQL database. Verify the configuration in:

/opt/mideyeserver/config/application-prod.yml

Also, check the database log files. Manually start the Mideye Server service.

Corrupt keystore when reinstalling same version

When uninstalling Mideye Server and reinstalling the same version, the keystore must be manually removed before installing the Mideye Server again.

After a successful uninstall, delete /opt/mideyeserver/config/keystore.p12. Once removed, the same version of Mideye Server can be installed again.