To install the back-end and front-end components of the Fidesinnova platform, including both the web app and mobile app, you can follow the steps below. These instructions assume that you have a basic understanding of setting up development environments and are familiar with JavaScript, Node.js, and related technologies.
To run Blockchain-based-IoT-Server effectively, the following system specifications are recommended:
- Operating System: Ubuntu 24.04 LTS
- Memory: 16 GB RAM
- Storage: 30 GB SSD minimum
- CPU: Dual-core processor (x86_64 or ARM64)
- PANEL_URL: Consider a URL (sub-domain), e.g., panel.zksensor.tech, for your IoT server's users. We call it PANEL_URL in this ReadMe.
- ADMIN_URL: Consider a URL (sub-domain), e.g., admin.zksensor.tech, for your IoT server's administrators. We call it ADMIN_URL in the ReadMe.
These requirements are suitable for typical IoT workloads. Actual needs may vary based on deployment scale and data volume.
sudo apt update
sudo apt -y install nginx
Docker lets us run ZAP in a lightweight container without manual setup. Install and configure Docker:
sudo apt update
sudo apt install docker.io -y
sudo systemctl enable docker
sudo systemctl start docker
sudo usermod -aG docker $USER- First, stop the
nginx
sudo systemctl stop nginx
- Now, install the
certbot
sudo apt-get update
sudo apt-get install certbot
- To manually obtain an SSL certificate for your domains without directly modifying your web server configurations, run the following command:
sudo certbot certonly --standalone --preferred-challenges http
- Make sure to create the certificate for domain and all subdomains After running the command, enter your web app and admin web app domains separated by a space, like this:
PANEL_URL ADMIN_URL
- The 'certbot' command generates
fullchain.pemandprivkey.pemin either/etc/letsencrypt/admin.YOURDOMAIN.COMor/etc/letsencrypt/panel.YOURDOMAIN.COM. - Create the
sslfolder inside/etc/nginx
sudo mkdir /etc/nginx/ssl
- Copy both
fullchain.pemandprivkey.peminto/etc/nginx/ssl.
sudo cp /etc/letsencrypt/live/PANEL_URL/fullchain.pem /etc/nginx/ssl/
sudo cp /etc/letsencrypt/live/PANEL_URL/privkey.pem /etc/nginx/ssl/
or
sudo cp /etc/letsencrypt/live/ADMIN_URL/fullchain.pem /etc/nginx/ssl/
sudo cp /etc/letsencrypt/live/ADMIN_URL/privkey.pem /etc/nginx/ssl/
- Replace the following configuration in your
nginx.conffile located at/etc/nginx/nginx.conf.
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
default_type application/octet-stream;
include /etc/nginx/mime.types;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
ssl_certificate /etc/nginx/ssl/fullchain.pem;
ssl_certificate_key /etc/nginx/ssl/privkey.pem;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
server {
listen 443 ssl;
listen [::]:443 ssl;
index index.html index.htm;
server_name PANEL_URL;
root /var/www/html/wikifidesdoc/site;
# This section is for user Web App on port 4000
location / {
proxy_set_header Authorization $http_authorization;
proxy_pass_header Authorization;
proxy_pass http://localhost:4000;
}
# This section is for Server Backend on port 6000
location /app {
proxy_pass http://localhost:6000;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name ADMIN_URL;
index index.html index.htm;
# This section is for Admin Web App on port 5000
location / {
proxy_set_header Authorization $http_authorization;
proxy_pass_header Authorization;
proxy_pass http://localhost:5000;
}
}
}
- Restart Nginx
sudo systemctl restart nginx
- Install
ufw, allow OpenSSH connection, allow nginx connection. Then, allow ports 4000, 5000, and 6000 on the server for Mobile App, Web App, and Admin Web App, respectively. Also, open ports 8883 and 8081 to let IoT devices to connect to the MQTT broker and the web socket, respectively.
sudo apt install ufw
sudo ufw allow OpenSSH
sudo ufw allow 'nginx full'
sudo ufw allow 4000
sudo ufw allow 5000
sudo ufw allow 6000
sudo ufw allow 8883
sudo ufw allow 8081
- Note: If youβre using Amazon EC2 or a similar platform, ensure that inbound traffic for TCP 8883 is open. This port is required for secure MQTT communication between the IoT server and usersβ IoT devices.
- Enable the firewall
sudo ufw enable
- Check the firewall status
sudo ufw status
- Install
git
sudo apt install git
- Clone the project
cd /home
sudo git clone https://github.com/TheArchitect2000/Blockchain-based-IoT-Server.git
Continue with Step B if you want to install a new node, or jump to Step C if you want to restore your node from a previous backup.
- Generate an access secret key (256-bit / 32-byte)
openssl rand -hex 32
- Generate a refresh secret key (256-bit / 32-byte)
openssl rand -hex 32
sudo nano .env
- Insert the following values:
BACK_PORT=6000
WEBAPP_PORT=4000
ADMIN_WEBAPP_PORT=5000
# Mongo Database Configuration
MONGO_DATABASE_NAME=fidesinnova
MONGO_DATABASE_PORT=27017
MONGO_USER=fidesinnova_user
MONGO_PASSWORD=FIDESINNOVA_DB_PASSWORD
MONGO_INITDB_ROOT_USERNAME=admin
MONGO_INITDB_ROOT_PASSWORD=supersecretadmin
- In project root folder, create
.envfile and edit parameters based on your node URL info
cd /home/Blockchain-based-IoT-Server/backend
sudo nano .env
- Inside the
.envfile, paste the following parameters. Note that your user web app URL is "PANEL_URL" (e.g., "panel.zksensor.com").
# Set this with your node URL (e.g., 'zksensor.com')
PANEL_URL='YOUR_NODE_DOMAIN'
# Set this with your node admin URL (e.g., 'admin.zksensor.com')
ADMIN_URL='YOUR_NODE_ADMIN_DOMAIN'
# Set this with your node name (e.g., 'zkSensor')
NODE_NAME='YOUR_NODE_NAME'
# RPC URL - This is the address of a blockchain node in the network that provides RPC sevice to your IoT server
RPC_URL='https://rpc1.fidesinnova.io'
# Faucet Wallet Private Key
FAUCET_WALLET_PRIVATE_KEY='YOUR_FAUCET_WALLET_PRIVATE_KEY'
# Admin Wallet Private Key
ADMIN_WALLET_PRIVATE_KEY='YOUR_ADMIN_WALLET_PRIVATE_KEY'
# Sets how many times passwords are hashed. Higher values mean stronger security but slower processing
CRYPTION_SALT=10
# Syslog Server Configuration
SYSLOG_SERVER_ENABLED='True'
SYSLOG_SERVER_HOST='YOUR_SYSLOG_SERVER'
SYSLOG_SERVER_PORT=514
SYSLOG_SERVER_LEVEL=7
SYSLOG_SERVER_USERNAME=''
SYSLOG_SERVER_PASSWORD=''
# Internal logging
INTERNAL_LOGGING_ENABLED='True'
MAX_LOG_FILE_SIZE_PER_MB='12'
# Server Configuration
HOST_PROTOCOL='https://'
HOST_PORT='6000'
HOST_SUB_DIRECTORY='app'
# StorX Configuration
STORX_BUCKET_NAME='fidesinnova'
STORX_HOST='https://b2.storx.io'
STORX_AUTH_HOST='https://auth.storx.io'
# Mongo Database Configuration
MONGO_DATABASE_NAME='fidesinnova'
MONGO_USER='FIDESINNOVA_DB_USERNAME'
MONGO_PASSWORD='FIDESINNOVA_DB_PASSWORD'
MONGO_PORT=27017
MONGO_HOST=mongo
# Email Configuration
NOTIFICATION_BY_MAIL='enabled'
NOTIFICATION_BY_NOTIFICATION='enabled'
LOG_RETENTION_DAYS=14
# Email Server Configuration
MAIL_HOST='YOUR_HOST_MAIL_SERVER_PROVIDER'
# Please check your email serverβs mail port number by configuring an email client on your mobile or computer to confirm. On some servers, it may be 587 or a different port.
MAIL_PORT=465
MAIL_USER='noreply@YOUR_NODE_DOMAIN'
MAIL_PASSWORD='YOUR_MAIL_SERVER_PASSWORD'
MAIL_FROM='noreply@YOUR_NODE_DOMAIN'
# optional
MAIL_TRANSPORT=smtp://${MAIL_USER}:${MAIL_PASSWORD}@${MAIL_HOST}
# Application color codes in hex. Please write it without '#'. Exmaple: #4e46e7 -> 4e46e7
# This text color is for Mobile App
THEME_TEXT='ffffff'
# These colors are for Web App and Mobile App
THEME_BACKGROUND='1D293D'
THEME_BOX='1D293D'
THEME_BUTTON='33658A'
# IoT Server logo path
THEME_LOGO='https://PANEL_URL/app/uploads/logo.png'
ACCESS_TOKEN_ISSUER='https://fidesinnova.io'
ACCESS_TOKEN_EXPIRATION_TIME=1200000000
ACCESS_TOKEN_SECRET_KEY='YOUR_ACCESS_SECRET_KEY'
ACCESS_TOKEN_ALGORITHM='HS384'
REFRESH_TOKEN_ISSUER='https://fidesinnova.io'
REFRESH_TOKEN_EXPIRATION_TIME=2400000000
REFRESH_TOKEN_SECRET_KEY='YOUR_REFRESH_SECRET_KEY'
REFRESH_TOKEN_ALGORITHM='HS384'
# your admins emails that can make other users into admin or developer
SUPER_ADMIN_EMAILS=['SERVER_ADMIN_EMAIL@EXAMPLE.COM']
# Multer Configuration
# Multer is a node.js middleware for handling multipart/form-data, which is primarily used for uploading files.
MULTER_MEDIA_PATH=./storages/resources
MULTER_MEDIA_SIZE=10000000
IDENTITY_OWNERSHIP_REGISTERATION='0xb02c53d07b2b40cb9edf3f7531ab9735bfa5eded'
DEVICE_NFT_MANAGEMENT='0x640335b9cab770dd720c9f57a82becc60bc97d02'
COMMITMENT_MANAGEMENT='0x96259fba1f845b42c257f72088dd38c7e8540504'
ZKP_STORAGE='0x897264b7d872e07a3d8e1d22b199f12cfb4bb26d'
NODE_SERVICE_DEVICE_MANAGEMENT='0x4b08ea934e6bfb7c72a376c842c911e1dd2aa74f'
- Create two wallets address on Fidesinnova network for the admin and the faucet. To learn how to connect your wallet to fides network, please watch this video on YouTube
- Email only the wallet addresses (excluding private keys) to info@fidesinnova.io and ask to receive some tokens for your node operation. The admin address will be authorized on the network. The faucet address will be used to distribute tokens to your users on your server. Never share your accountβs private key with anyone.
- Update these parameters in the file:
# Set this with your node URL (e.g., 'zksensor.com')
PANEL_URL='YOUR_NODE_DOMAIN'
# Set this with your node admin URL (e.g., 'admin.zksensor.com')
ADMIN_URL='YOUR_NODE_ADMIN_DOMAIN'
# Set this with your node name (e.g., 'zkSensor')
NODE_NAME='YOUR_NODE_NAME'
MONGO_USER='FIDESINNOVA_DB_USERNAME'
MONGO_PASSWORD='FIDESINNOVA_DB_PASSWORD'
FAUCET_WALLET_PRIVATE_KEY='YOUR_FAUCET_WALLET_PRIVATE_KEY'
ADMIN_WALLET_PRIVATE_KEY='YOUR_ADMIN_WALLET_PRIVATE_KEY'
# Email Server Configuration
MAIL_HOST='YOUR_HOST_MAIL_SERVER_PROVIDER'
# Please check your email serverβs mail port number by configuring an email client on your mobile or computer to confirm. On some servers, it may be 587 or a different port.
MAIL_PORT=465
MAIL_USER='noreply@YOUR_NODE_DOMAIN'
MAIL_PASSWORD='YOUR_MAIL_SERVER_PASSWORD'
MAIL_FROM='noreply@YOUR_NODE_DOMAIN'
# Application color codes in hex. Please write it without '#'. Exmaple: #4e46e7 -> 4e46e7
# This text color is for Mobile App
THEME_TEXT='ffffff'
# These colors are for Web App and Mobile App
THEME_BACKGROUND='1D293D'
THEME_BOX='1D293D'
THEME_BUTTON='33658A'
ACCESS_TOKEN_SECRET_KEY='YOUR_ACCESS_SECRET_KEY'
REFRESH_TOKEN_SECRET_KEY='YOUR_REFRESH_SECRET_KEY'
SUPER_ADMIN_EMAILS=['SERVER_ADMIN_EMAIL@EXAMPLE.COM']
IDENTITY_OWNERSHIP_REGISTERATION='0xb02c53d07b2b40cb9edf3f7531ab9735bfa5eded'
DEVICE_NFT_MANAGEMENT='0x640335b9cab770dd720c9f57a82becc60bc97d02'
COMMITMENT_MANAGEMENT='0x96259fba1f845b42c257f72088dd38c7e8540504'
ZKP_STORAGE='0x897264b7d872e07a3d8e1d22b199f12cfb4bb26d'
NODE_SERVICE_DEVICE_MANAGEMENT='0x4b08ea934e6bfb7c72a376c842c911e1dd2aa74f'
- Please update only the necessary values in the
.envfile, and make sure not to add any extra spaces before or after the=sign. For example:
THEME_BOX='0xabcd' βοΈ Correct
THEME_BOX ='0xabcd' β Incorrect
THEME_BOX= '0xabcd' β Incorrect
THEME_BOX = '0xabcd' β Incorrect- Additionally, ensure that no comments are placed on the same line as any parameter.
API_KEY='123456' βοΈ Correct
API_KEY='123456' # key β IncorrectTo enable mobile notifications on your Node server, follow these steps:
-
Request the Firebase Admin SDK
Email our admin at info@fidesinnova.io and request thefirebase-adminsdk.jsonfile. -
Place the File in the Backend
Move the file to the backend directory:sudo mkdir /home/Blockchain-based-IoT-Server/backend/src/data/ sudo nano /home/Blockchain-based-IoT-Server/backend/src/data/firebase-adminsdk.json
-
Paste JSON Content
Open the file withnano, then paste the full content of thefirebase-adminsdk.jsonfile you received.
- Copy your logo in
.pngformat with thelogoname aslogo.pngin\home\Blockchain-based-IoT-Server\backend\uploadsfolder on your server.
- Fidesinnova offers a mobile app to control IoT devices that support the MQTT protocol. The device configuration files, which specify the IoT device types, are stored on the IoT server. In this section, we will review how to create a device configuration file on the server. Each device in the configuration file is represented by an image, a title, a type, and its parameters:
- fileName: Refers to the image file that should be placed in the
/Blockchain-based-IoT-Server/backend/uploads/devicedirectory. This image will be displayed in the mobile app (e.g., "ecard.png"). - title: The display name for the device (e.g., "E-Card").
- type: Device type identifier (e.g., "E-CARD").
- Device Parameters: Parameters specify data points each device supports. These parameters will be passed to the web app Blockly editor for creating new services.
- If a parameterβs
valueis an empty array[], it indicates dynamic data input. - If
valuehas specific options (e.g.,["Open", "Close"]), it will show these options in the Blockly dropdown as predefined outputs.
- Create
devices.jsonfile in thebackend/src/data/in the project folder
cd /home/Blockchain-based-IoT-Server/backend/src
sudo mkdir data
cd data
sudo nano devices.json
- Copy the following config in your
devices.jsonfile if you would like to use zkSensor's devices. Please note that you can edit this file and add your own IoT devices. When you add your new IoT device make sure you upload a.pngfile in/home/Blockchain-based-IoT-Server/backend/uploads/devices. We hae already copied threezksensor-ecard.png,zksensor-minisensor.png, andzksensor-zk-multisensor.pngfiles in this folder for the following devices.
[
{
"fileName": "ecard.png",
"title": "E-Card",
"type": "E-CARD",
"parameters": [
{ "label": "Temperature", "value": [] },
{ "label": "Humidity", "value": [] },
{ "label": "Button", "value": ["Pressed", "NOT Pressed"] }
]
},
{
"fileName": "multisensor.png",
"title": "MiniSensor",
"type": "MINI_SENSOR",
"parameters": [
{ "label": "Temperature", "value": [] },
{ "label": "Humidity", "value": [] },
{ "label": "Door", "value": ["Open", "Close"] },
{ "label": "Movement", "value": ["Scanning...", "Detected"] },
{ "label": "Button", "value": ["Pressed", "NOT Pressed"] }
]
},
{
"fileName": "zkmultisensor.png",
"title": "ZK-MultiSensor",
"type": "ZK_MULTISENSOR",
"parameters": [
{ "label": "Temperature", "value": [] },
{ "label": "Humidity", "value": [] },
{ "label": "Noise", "value": [] },
{ "label": "Pressure", "value": [] },
{ "label": "eCO2", "value": [] },
{ "label": "TVOC", "value": [] },
{ "label": "Door", "value": ["Open", "Close"] },
{ "label": "Movement", "value": ["Scanning...", "Detected"] },
{ "label": "Button", "value": ["Pressed", "NOT Pressed"] }
]
},
{
"fileName": "iot2050.png",
"title": "Siemens IOT2050",
"type": "Siemens_IOT2050",
"parameters": [
{ "label": "Temperature", "value": [] },
{ "label": "Humidity", "value": [] },
{ "label": "Noise", "value": [] },
{ "label": "Pressure", "value": [] },
{ "label": "eCO2", "value": [] },
{ "label": "TVOC", "value": [] },
{ "label": "Door", "value": ["Open", "Close"] },
{ "label": "Movement", "value": ["Scanning...", "Detected"] },
{ "label": "Button", "value": ["Pressed", "NOT Pressed"] }
]
},
{
"fileName": "Methane_Sensor.png",
"title": "Methane Sensor",
"type": "Methane_Sensor",
"parameters": [
{ "label": "ID", "value": [] },
{ "label": "DateTimeStamp", "value": [] },
{ "label": "Location", "value": [] },
{ "label": "BatteryPercentage", "value": [] },
{ "label": "DeviceStatus", "value": ["ONLINE", "OFFLINE"] },
{ "label": "MethaneLevel", "value": [] },
{ "label": "TempCLevel", "value": [] },
{ "label": "TempFLevel", "value": [] },
{ "label": "HumidityLevel", "value": [] }
]
}
]cd /home/Blockchain-based-IoT-Server/web_app/
sudo nano .env
Enter the following lines in the .env file and replace YOUR_NODE_NAME with your actual node name.
VITE_URL='https://PANEL_URL/app/'
VITE_NODE_NAME='YOUR_NODE_NAME'
VITE_RPC_URL='https://rpc1.fidesinnova.io'
MQTT_WEBSOCKET_PORT=8082
PORT=4000
cd /home/Blockchain-based-IoT-Server/admin_web_app
sudo nano .env
Enter the following lines in the .env file and replace YOUR_NODE_NAME with your actual node name.
VITE_URL='https://PANEL_URL/app/'
VITE_NODE_NAME='YOUR_NODE_NAME'
VITE_RPC_URL='https://rpc1.fidesinnova.io'
PORT=5000
docker compose -p $PROJECT_NAME build --no-cache
docker compose -p $PROJECT_NAME up -d
- Panel Web App,
https://PANEL_URLis for your regular users. - Admin Web App,
https://ADMIN_URLis for your super admin users. - Contact FidesInnova at info@fidesinnova.io to add your Web App URLs to the FidesInnova website. These are already registered IoT Servers:
- https://panel.motioncertified.online
- https://panel.zksensor.tech
- https://panel.trustlearn.xyz
- https://panel.energywisenetwork.com
- https://panel.trustsense.tech
- Useful commands for troubleshooting
# to make file writable and other permissions :
chmod +rwx chainthreed
# see busy ports
sudo netstat -tulpn | grep LISTEN
# something similar to the top one
sudo ss -ltn
# kill a port
sudo kill -9 $(sudo lsof -t -i:6060)
# see firewall status
systemctl status ufw
# restart the firewall
systemctl restart ufw
# move something into something else:
mv source target
# delete a directory or file
rm -rf directoryName
# View logs for a specific continer (last 1 minute):
sudo docker compose logs $service-name -f
# Check the status of a service:
sudo docker ps
# Restart continers:
sudo docker compose -p $stage-name build
# Stop a service:
sudo docker stop $service-name
#See syslogs
sudo tail -f /var/log/syslog | grep -v UFW
This guide walks you through setting up Java, and Docker, and running a baseline security scan using OWASP ZAP against a web application endpoint. Ultimately, you'll get a nicely formatted zap-report.html you can open in any browser.
ZAP requires Java to run. Begin by updating your system and installing the default JRE:
sudo apt update
sudo apt install default-jre -y
java -versionYou should see a version output confirming Java is installed. Example:
openjdk version "11.0.20" 2023-07-18
OpenJDK Runtime Environment (build 11.0.20+8-Ubuntu)Download the official stable ZAP image:
sudo docker pull zaproxy/zap-stableCreate a directory to store your report and make it writable:
sudo mkdir /home/security-report
sudo chmod -R 777 /home/security-report
cd /home/security-reportThis ensures the ZAP container can write the report files without permission issues.
Now run the security scan:
sudo docker run -v $(pwd):/zap/wrk/:rw zaproxy/zap-stable zap-baseline.py -t https://<<node-address>>/app/api -r zap-report.htmlMake sure to replace <<node-address>> with your actual domain or IP address.
Example:
panel.zksensor.techπ Note: This process can take a while depending on your network and app complexity.
Once the scan is complete, the following files will appear in your /home/security-report folder:
zap-report.htmlβ Main visual report (open this in any browser)zap.yamlβ Scan configuration and results in YAML format
To review the results:
- Download the
/home/security-reportfolder to your local machine. - Open
zap-report.htmlin a browser to inspect potential vulnerabilities.