Controller Deployment Environment Preparation

on premises deployment on premises deployment recommended deployment environment \ x86 sever linux version ubuntu 18 04 lts or later docker version 20 or late device number cpu memory disk 500 4u 8g 500gb 1000 8u 16g 1000gb 2000 8u 16g 1500gb 5000 16u 32g 2000gb cloud deployment cloud deployment open the business port open the business port deploying an acc controller on a cloud host requires opening some business ports, with the following ports and their purposes network type authorization direction policy authorization protocol ip port range address range priority source ip describe intranet ingress accept tcp 16011/16011 1 0 0 0 0/0 owom (operation and maintenance alarm) external htpps service port (component under development, not yet released) intranet ingress accept tcp 16006/16006 1 0 0 0 0/0 0wsub (subscription) external https service port intranet ingress accept tcp 15002/15002 1 0 0 0 0/0 owgw southbound interface, device connection controller service port intranet ingress accept tcp 16002/16003 1 0 0 0 0/0 owgw (gateway) external https service port intranet ingress accept tcp 16004/16004 1 0 0 0 0/0 owfms (firmware) external https service port intranet ingress accept tcp 16009/16009 1 0 0 0 0/0 owanalytics (analysis) external https service port intranet ingress accept tcp 16005/16005 1 0 0 0 0/0 owprov (configuration) external https service port intranet ingress accept tcp 16001/16001 1 0 0 0 0/0 owsec (authentication) external https service port intranet ingress accept tcp 5912/1913 1 0 0 0 0/0 owgw service, rtty remote connection function intranet ingress accept tcp 443/443 100 0 0 0 0/0 owgw ui (webui) external service port intranet ingress accept tcp 22/22 100 0 0 0 0/0 system created rule ssh port generate certificate generate certificate assuming the domain name is cloudswitch io apply for a certificate on the cloud server using let's encrypt'sofficial tool, certbot sudo apt install certbot certbot certonly standalone d cloudswitch io key type rsa the new certificate is located at /etc/letsencrypt/live/cloudswitch io introduction to certificate file generation by certbot privkey pem server private key file used for encrypting and decrypting ssl communication, it can only be held by the server and must be strictly kept confidential fullchain pem complete certificate chain file contains your server certificate and all intermediate ca certificates, typically used for configuring ssl certificate for web servers such as nginx and apache chain pem only includes intermediate ca certificates used for client verification of the legitimacy of your server certificate, some services (such as nginx's ocsp sampling) require separate configuration cert pem only includes your server certificate (excluding intermediate certificates) it is generally not recommended to use it alone, as it can lead to incomplete certificate chains and inability for clients to verify practical usage suggestions web services typically use fullchain exe and privkey exe chain pem is used in scenarios where a separate ca chain is required it is not recommended to use cert pem directly unless there are special requirements copy the certificate to the controller directory cd /etc/letsencrypt/live/cloudswitch io sudo cp l cert pem /path to acc controller/controller v1 0 r005/wlan cloud ucentral deploy/docker compose/certs/restapi cert pem sudo cp l privkey pem /path to acc controller/controller v1 0 r005/wlan cloud ucentral deploy/docker compose/certs/restapi key pem sudo cp l chain pem /path to acc controller/controller v1 0 r005/wlan cloud ucentral deploy/docker compose/certs/restapi ca pem