These are the installation instructions for the current version of Solar Protocol that runs on Bookworm.
Major changes in this version
- All python scripts now run in a virtual environment.
- Solar Charge Controller: We use EPever Tracer2210AN, but any Epever Tracer-AN Series would work.
- Raspberry Pi 4 (or 3B+)
This works with a USB to RS485 converter (ch340T chip model).
- RJ45 blue => b
- RJ45 green => a
NOTE: The default admin user needs to be 'pi'
- In the Raspberry Pi disk imager, set user to 'pi', password, enable ssh, wifi network, etc
- Configure device
sudo raspi-config
https://www.raspberrypi.org/documentation/configuration/raspi-config.md- A reboot is generally required and happens automatically after exiting the raspi-config interface. If it isn't automatic, reboot with this command:
sudo reboot
- A reboot is generally required and happens automatically after exiting the raspi-config interface. If it isn't automatic, reboot with this command:
sudo apt-get update
sudo apt-get upgrade
Download repo into /home/pi
sudo apt-get install git
git clone http://www.github.com/alexnathanson/solar-protocol
Navigate to the solar-protocol directory
python3 -m venv .venv
From the /home/pi/solar-protocol directory, activate the virtual environment
source .venv/bin/activate
Try pip install -r requirements.txt
If that fails, manually install all packages with these commands:
- Install requets
pip install requests
- Install pymodbus
pip install pymodbus
- Install pandas
pip install pandas
(this should be refactored to not used pandas) - Install numpy
pip install numpy
- Install jinja
pip install jinja2
- Upgrade/install Pillow
pip install --upgrade Pillow
- Install cairo
sudo apt-get install libcairo2-dev
- Install gizeh
pip install gizeh
- Install webcolors
pip install webcolors
uninstall numpy (these uninstall commands may need to be run multiple times to get rid of multiple versions):
sudo pip3 uninstall numpy
and/orsudo apt-get remove python3-numpy
then install numpy and this missing library:sudo pip3 install numpy
sudo apt-get install libatlas-base-dev
sudo apt install libtiff5
sudo apt-get install libopenjp2-7
(not confirmed)- more PIL & Pillow troubleshooting at https://stackoverflow.com/questions/26505958/why-cant-python-import-image-from-pil
- If you get an error relating to serial try removing serial and pyserial from all users and then reinstall only pyserial pip uninstall serial sudo pip uninstall serial pip uninstall pyserial sudo pip install pyserial
- In some instances it may be necessary to manually change the mirror which determines where apt-get pulls from. Instructions for manually changing the mirror can be found at https://pimylifeup.com/raspbian-repository-mirror/
Enable key-based authentication
- run
install -d -m 700 ~/.ssh
- move the authorized_keys file into this new directory
sudo cp /home/pi/solar-protocol/utilities/authorized_keys ~/.ssh/authorized_keys
- set permissions.
sudo chmod 644 ~/.ssh/authorized_keys
sudo chown pi:pi ~/.ssh/authorized_keys
- Enable rsa
sudo nano /etc/ssh/sshd_config
- add this line
PubkeyAcceptedAlgorithms +ssh-rsa
- save the file and restart the service
sudo systemctl restart sshd
- Test that passwordless key-based authentication works.
- If it works, disable password login
sudo nano /etc/ssh/sshd_config
- Change this line
#PasswordAuthentication yes
toPasswordAuthentication no
(This will make it so you only can log in with the ssh key. Be careful to not lock yourself out!) - save the file and restart the service
sudo systemctl restart sshd
Open and forward these ports:
- 80 -> 80 (This is to catch external traffic coming in on port 80. It could probably forward to the internal port 80 just fine too)
- 8080 -> 8080 (Alt-HTTP... Many residential networks have internal loopback prohibitions on port 80.)
- 443 -> 443 (For HTTPS)
- 8443 -> 443 (Alt-HTTP... Many residential networks have internal loopback prohibitions on port 443.)
- 2222 -> 22 (For SSH)
It is strongly recommended to do this only after key-based authentication has been enabled and password authentication has be disabled.
Install Apache sudo apt-get install apache2 -y
Install PHP sudo apt-get install php -y
Change Apache default directory to the frontend directory and set permissions
sudo nano /etc/apache2/sites-available/000-default.conf
- change
<VirtualHost *:80>
to<VirtualHost *:80 *:8080>
- change
DocumentRoot /var/www/html
toDocumentRoot /home/pi/solar-protocol/frontend
- Enable server status interface (once enabled, the server stats page for an individual server will appear at solarprotocol.net/server-status (substitute IP address for individual servers). A machine readable version can be found at solarprotocol.net/server-status?auto )
- add these 4 lines to the file directly above
</VirtualHost>
<Location /server-status>
SetHandler server-status
Require all granted
</Location>
- save and close the file. Then restart service with
sudo service apache2 restart
- add these 4 lines to the file directly above
- change
sudo nano /etc/apache2/apache2.conf
- add these lines to the file
<Directory /home/pi/solar-protocol/frontend/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
Header set Access-Control-Allow-Origin "*"
</Directory>
- add these lines to the file
- Add port 8080 to ports.conf
sudo nano /etc/apache2/ports.conf
- Add this line:
Listen 8080
- To allow CORS (needed for admin console) activate module for changing headers. This can be done from any directory.
sudo a2enmod headers
- Enable URL rewrite module:
sudo a2enmod rewrite
- Enable
sudo a2enmod userdir
- Restart service with
sudo systemctl restart apache2
Apache permissions
- Add pi user to www-data group
sudo adduser pi www-data
- Assign ownership of frontend directory to www-data group
sudo chown www-data:www-data /home/pi/solar-protocol/frontend
sudo chmod 755 /home/pi/
Port forwarding for 443-> 443 must be enabled for this to take effect (8443 -> 443 must also be enabled on some routers to minimize troubleshooting issues).
sudo apt install python3-certbot-apache
sudo apt install certbot
- Solar Protocol uses a single certificate distributed to all SP servers. The next steps must be done by a network admin. (See network/ssl-management.md for more info.)
Set timezone (Change 8.2 to your version of PHP if needed)
sudo nano /etc/php/8.2/apache2/php.ini
- Change
;date.timezone
todate.timezone = YOUR_TIMEZONE
- You can find your timezone here: https://www.php.net/manual/en/timezones.america.php
sudo systemctl restart apache2
for this change to take effect
Fail2ban provides added protection against bot attacks.
-
For the time being use these instructions: https://pimylifeup.com/raspberry-pi-fail2ban/ Solar Protocol specific instructions may be provided in the future.
-
Install Fail2ban:
sudo apt install fail2ban
-
Copy the config file:
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
-
Open it in an editor:
sudo nano /etc/fail2ban/jail.local
-
Press control + w, type
sshd
, then press enter, to search for the SSH section. You want to locate the[sshd]
section under the heading JAILS. (Every time you search it finds the next instance, so you may need to do it a couple of times.) -
Under the
[sshd]
section add these lines. Uncomment [sshd] if its commented out.
[sshd]
enabled = true
port = ssh
backend = systemd
logpath = /var/log/auth.log
maxretry = 5
bantime = 3600
- Restart the service:
sudo systemctl restart fail2ban
- Check the status to ensure its active:
/etc/init.d/fail2ban status
- Copy local directory outside of solar-protocol directory to pi directory
sudo cp -r /home/pi/solar-protocol/local /home/pi/local
- Change the device list template file name
sudo mv /home/pi/solar-protocol/backend/data/deviceListTemplate.json /home/pi/solar-protocol/backend/data/deviceList.json
- Set permissions (this script needs to be run everytime you pull from the repository)
sh /home/pi/solar-protocol/utilities/setAllPermissions.sh
If the above command was successful, you do not need to set permissions individually. If it failed or can't be run for some reason you can manually enter the commands listed in the setAllPermissions script.
- Log in to the admin console via the browser (YOUR_IP/admin)
- Enter your info on the settings page
- Enter API keys and update the gateway list with appropriate credentials
- open rc.local
sudo nano /etc/rc.local
* add this line above "exit 0"sudo -H -u pi /bin/bash /home/pi/solar-protocol/start.sh > /home/pi/solar-protocol/start.log 2>&1 &
- open the root crontab
sudo crontab -e
- add this line to the bottom to restart the server at midnight
@midnight sudo reboot
- add this line to the bottom to restart the server at midnight
- Run
python3 /home/pi/solar-protocol/charge-controller/test.py
to test the connection between Pi and charge controller - Run
ps -aux
to list running processes - Run
ps -ef | grep .py
orps aux | grep .py
to list running python processes - All Python scripts use python3
- PHP error logging (best to only use these during development and revert back for production version)
sudo /etc/php/7.3/apache2/php.ini
The exact path will differ depending on the version of PHP- Set display_errors and error_reporting as follows:
display_errors = On
error_reporting = E_ALL
- point of contact logging only logs when it is TRUE. Uncomment out the logging for FALSE if you need to test out that it is logging these events.
- Apache logs are found here: /var/log/apache2/access.log
- Use
sudo tail -100 /var/log/apache2/access.log
to display the last 100 entries - More info on Apache logs can be found at https://phoenixnap.com/kb/apache-access-log
- Use
- The individual server status can be found at http://www.solarprotocol.net/server-status
- append ?auto for machine readable version)
- replace http://www.solarprotocol.net with whichever IP is needed
- Log into the router and set a static internal IP
- ISPs can blocks ports. Call your ISP to check that these ports arent blocked.
- On many residential networks, internal loopbacks on ports 80 and 443 can be blocked. You can test this by using a different network (like cellular) to try to access the site.
- There are tools to check if ports are open or closed. They aren't always accurate. Here's one: https://www.yougetsignal.com/tools/open-ports/
- Try ports 8080 and 8443, instead of 80 and 443.
- cd into the solar protocol folder and git pull
cd /home/pi/solar-protocol
git pull
- If you get any errors here, it is likely you have made some local changes to the code base that will give you a merge error. To deal with this run:
git stash
and then git pull again.
- Update the permissions. cd into the utlitiles folder and run the setAllPermissions.sh script.
cd /home/pi/solar-protocol/utilities
sh setAllPermissions.sh