Air-Gap RPI-4 Backend-Server Deployment

For a ready image please check Air-Gap RPI-4 Ready Image

script is available at: prepare-airgapped-server.sh

Prerequisits

1- Computer with Ubuntu OS, or you can use RPI-4 with Raspberry OS. I recommend using aarch64 version. The computer should have a statis IP. The scripts assumes 192.168.1.161 put you can change this IP to any local IP you want. In case of RPI-4 you do not need to install the Desktop version. You only need to inslall the server with ssh enabled.

2- Computer should have a static local IP i.e. 192.xxx.xxx.xxx e.g.: 192.168.1.161

3- It is recommended to boot RPI-4 from a USB-3 flash memory to get advantage of higher throughtput speed.

Raspberry PI Imager easily enables you to setup your Raspberry.


Important

Make sure that the IP in the script matches the IP of your computer. simpley edit IP field in the script. You cannot use DHCP address with this machine.

Installation

Enter to your Raspberry-PI using ssh or open a terminal on your Ubuntu server.

Download Script

cd ~
wget https://raw.githubusercontent.com/DroneEngage/DroneEngage_ScriptWiki/main/server_installation/prepare-airgapped-server.sh

This command will download script prepare-airgapped-server.sh

You can open this script for editing to change domain name of ip address as below.

Edit Script if needed

You can choose the local domain name. Write any local -fake- domain name you want. The IP address must be equal to the local static IP of the machine.

DOMAIN_NAME='airgap.droneengage.com'
IP='192.168.1.161'

Execute Script

sudo chmod a+x ./prepare-airgapped-server.sh
sudo ./prepare-airgapped-server.sh

When the script finishs successfully the following will be created:

  1. a folder ~/ssl with three files - we will see this later in Access Local Domain-:

    • privkey.pem

    • fullchain.pem

    • root.crt

  2. dnsmasq a DNS server that is up running and configured in /etc/dnsmasq.conf

  3. a folder ~/droneengage_authenticator contains droneengage_authenticator

  4. a folder ~/droneengage_server contains droneengage_server

  5. a folder ~/droneengage_webclient contains droneengage_webclient

  6. a folder ~/map/cachedMap that is empty. This folder can be filled with cached images to be used as a local map server.

Your Raspberry PI-4 now is fully ready

Access Local Domain

You need two extra steps to access this local domain from your local wifi network.

  1. Use DNS on your Gateway

    dnsmasq is running on your RPI-4 now. you need to add its IP “192.168.1.161” or whatever IP you chave choosen as one of the DNS servers on your gateway. or you can add it in the phone DNS connection directly.

  2. Register CA Root

    When the script finishs successfully the following will be created:

    a folder ~/ssl with three files:

    • privkey.pem

    • fullchain.pem

    • root.crt

    you need to copy root.crt into any browser of mobile device that is part of this system. This is a root certificate that is used to tell those devices that fullchain.pem is trusted and hence the conection will be secure and accepted.

    The below images shows how to do that on Chrome .

    register root certificate in Authorities section in Chrome.

    register root certificate in Authorities section in Chrome.

    Similar procedures need to be done on Android phones to be able to connect Andruav.

    Important

    The above ssl is used when you want an local trusted ssl certificate. If you want your server to be exposed to Internet you can create a truely valid ssl certificate from a trusted provider. And you need to have a static IP address not a local one.

  3. Andruav FIX

    Because Andruav runs on a phone and the domain airgap.droneengage.com might not be recognized to it then you need to depend on ip to reach the server. On the RPI server you need to go to

    cd ~/droneengage_server
    nano ./server.config
    
    register root certificate in Authorities section in Chrome.

    and edit

    “public_host” : “airgap.droneengage.com”,

    to

    “public_host” : “192.168.1.161”, // or whateverr IP of RPI Airgap server

    and

    “allow_fake_SSL” : true, // should be TRUE

This public_host is used to by the mobile to access the Communication Server.

Important

You can download a full image from Air-Gap RPI-4 Ready Image