Recommendations¶
1) eManager Recommendations¶
1.1) Package upgrade having weak connectivity¶
If you have a weak Internet connectivity, we recommend you to upgrade the eManager packages following this steps:
Step 1. Enter to the eManager¶
Enter to the eManager using the ssh root@10.1.10.10 command.
Step 2. Start the opkg upgrade service¶
Start the opkg perform-opkg-upgrade service in a non-blocking mode using:
systemctl --no-block start perform-opkg-upgrade
Step 3. Exit the eManager and wait some minutes before entering again¶
You can use the command exit to cut off the connection with the eManager and to not make the upgrade process slower. Once you exit the device, you have to wait a couple of minutes before entering to it again.
Step 4. Check the upgrade logs¶
Check the logs obtained during the upgrade process using:
cat /tmp/opkg_upgrade_result.txt
It is important to verify that at the end of the file it appears the "Upgraded ok!". If this is not the case, please go back to step 2 and repeat the process.
Step 5. Reboot the device¶
Restart the eManager using reboot command to ensure that the changes take effect.
2) Node-RED Recommendations¶
2.1) Editing Current flow if Node-RED gets stucked¶
If you are not able to access Node-RED because the service is restarting all the time, it is possible that you have configured some wrong parameter in the flow that makes Node-RED to get stucked.
You need to edit the current Node-RED flow that is running in the eManager from the console.
To do so, you have to follow these steps:
Important
Node-RED flows are stored in
/var/lib/node-reddirectory.
Step 1. Edit the flows.json file.¶
The flow is stored in the file flows.json. You can access the file using:
nano /var/lib/node-red/flows.json
Step 2. Restart Node-RED¶
Restart the service using:
systemctl restart node-red
3) API C++ Recommendations¶
3.1) Callback quickly release to not lose events information¶
It is important to release quickly callback functions to avoid lose any information proceeding from the different events in the application.
4) Security Recommendations¶
4.1) Protect webadmin input port 80 with a firewall¶
4.2) Deactivate password access through console¶
It is important for better security to deactivate password access through console. You should configure an asymmetric key to access.
Step 1. Generate a SSH key pair
We will generate our first key pair with the command:
ssh-keygen
Now, you can verify that these files have been created, by running:
ls ~/.ssh
Note
You can also save the key pair to a custom location with the -f option, e.g.:
ssh-keygen -f ~/my-key.
Step 2. Copy the public key to the server
Now that you have generated the key pair, you should copy the public key over to the server.
Now, if you want to copy the public key for the user root to the server 10.1.10.10, you should use:
ssh-copy-id -i ~/my-key.pub root@10.1.10.10
Being ~/my-key.pub the root of the public key that we want to copy to the server.
Step 3. Use the SSH key to log in
If you have the key in the default location, you simply need to log in as usual:
çssh root@10.1.10.10
In this example, the user is root and ip address of the server 10.1.10.10.
If everything worked well, you should be able to log in without a password. However, if you opted for a password-protected private key, ssh will ask you for a password to decrypt the key.
Step 4. Disable eManager password-based authentication
To disable password authentication, you should edit the /etc/default/dropbear file on the server:
nano /etc/default/dropbear
You must replace its content by:
DROPBEAR_EXTRA_ARGS=" -s -b /etc/issue.net"
The -s argument will disable password logins.