Controller Deployment Environment Preparation
Recommended deployment environment:X86 sever Linux Version: Ubuntu 18.04 LTS or later Docker Version: 20 or late
| Device Number | CPU | Memory | Disk |
|---|---|---|---|
| 500 | 4U | 8G | 500GB |
| 1000 | 8U | 16G | 1000GB |
| 2000 | 8U | 16G | 1500GB |
| 5000 | 16U | 32G | 2000GB |
Cloud Deployment
Section titled “Cloud Deployment”Open the business port
Deploying an ACC controller on a cloud host requires opening some business ports, with the following ports and their purposes:
| Network Type | Authorization Direction Policy | Authorization Protocol | IP | Port Range Address Range | Priority | Source IP | Describe |
|---|---|---|---|---|---|---|---|
| intranet | ingress | Accept | TCP | 16011/16011 | 1 | 0.0.0.0/0 | owom (operation and maintenance alarm) external HTPPS service port (component under development, not yet released) |
| intranet | ingress | Accept | TCP | 16006/16006 | 1 | 0.0.0.0/0 | 0wsub (subscription) external HTTPS service port |
| intranet | ingress | Accept | TCP | 15002/15002 | 1 | 0.0.0.0/0 | owgw Southbound Interface, Device Connection Controller Service Port |
| intranet | ingress | Accept | TCP | 16002/16003 | 1 | 0.0.0.0/0 | owgw (Gateway) external HTTPS service port |
| intranet | ingress | Accept | TCP | 16004/16004 | 1 | 0.0.0.0/0 | owfms (Firmware) external HTTPS service port |
| intranet | ingress | Accept | TCP | 16009/16009 | 1 | 0.0.0.0/0 | owanalytics (analysis) external HTTPS service port |
| intranet | ingress | Accept | TCP | 16005/16005 | 1 | 0.0.0.0/0 | owprov (configuration) external HTTPS service port |
| intranet | ingress | Accept | TCP | 16001/16001 | 1 | 0.0.0.0/0 | owsec (Authentication) external HTTPS service port |
| intranet | ingress | Accept | TCP | 5912/1913 | 1 | 0.0.0.0/0 | owgw service, RTTY remote connection function |
| intranet | ingress | Accept | TCP | 443/443 | 100 | 0.0.0.0/0 | owgw-ui (WEBUI) external service port |
| intranet | ingress | Accept | TCP | 22/22 | 100 | 0.0.0.0/0 | System created rule.SSH port |
Generate certificate
Assuming the domain name is: cloudswitch.io Apply for a certificate on the cloud server using Let’s Encrypt’sofficial tool, Certbot:
sudo apt install certbot certbot certonly —standalone -d cloudswitch.io —key-type rsa
The new certificate is located at:/etc/letsencrypt/live/cloudswitch.io Introduction to Certificate File Generation by Certbot:
- privkey.pem Server private key file. Used for encrypting and decrypting SSL communication, it can only be held by the server and must be strictly kept confidential.
- fullchain.pem Complete certificate chain file. Contains your server certificate and all intermediate CA certificates, typically used for configuring SSL_certificate for web servers such as nginx and Apache.
- chain.pem Only includes intermediate CA certificates. Used for client verification of the legitimacy of your server certificate, some services (such as nginx’s OCSP sampling) require separate configuration.
- cert.pem Only includes your server certificate (excluding intermediate certificates). It is generally not recommended to use it alone, as it can lead to incomplete certificate chains and inability for clients to verify.
Practical usage suggestions: -Web services typically use fullchain.exe and privkey.exe. -Chain.Pem is used in scenarios where a separate CA chain is required. -It is not recommended to use Cert.Pem directly unless there are special requirements.
Copy the certificate to the controller directory
cd /etc/letsencrypt/live/cloudswitch.iosudo cp -L cert.pem /path-to-ACC-controller/controller_V1.0_R005/wlan-cloud-ucentral-deploy/docker-compose/certs/restapi-cert.pemsudo cp -L privkey.pem /path-to-ACC-controller/controller_V1.0_R005/wlan-cloud-ucentral-deploy/docker-compose/certs/restapi-key.pemsudo cp -L chain.pem /path-to-ACC-controller/controller_V1.0_R005/wlan-cloud-ucentral-deploy/docker-compose/certs/restapi-ca.pem