Author Topic: Belchertown skin with MQTT and Rsync/passwordless SSH -Part II  (Read 289 times)

0 Members and 1 Guest are viewing this topic.

Offline gszlag

  • Senior Contributor
  • ****
  • Posts: 288
  • ..have you calibrated your barometer today?
    • Michael's Bay - Manitoulin Island weather
Belchertown skin with MQTT and Rsync/passwordless SSH -Part II
« on: February 06, 2022, 03:46:16 PM »
Belchertown skin with MQTT and Rsync/passwordless SSH

Continued from Part I…
https://www.wxforum.net/index.php?topic=43377.0

In Part I, we set up a working local install of WeeWX with the Belchertown skin using MQTT. We are now going to "mirror" the local installation with your web host. A special thank you to weewx guru vinceskahan for the idea and help to get this set up!.

Ready to tackle getting this skin onto the web?

TIP: Heads up!  Belchertown “live” skin/template can be bandwidth intensive if you are using it “realtime”, check the amount of traffic you are generating. If you have more than one realtime website, you can chew through a 100GB bandwidth limit pretty quick. For this installation we will use rsync as it will be far more faster than ftp.

To use rsync you must setup/enable passwordless SSH to upload the files to your web host. Let’s assume you have a raspberry pi computer.

You will need your username at your web host - not the local username you use for your home computer!

We’ll call this: remote_user_name and is what you sign on to cPanel (if that is what your web host uses). Same with the password – whatever password you use to sign in with cPanel is what you might need (at least initially) to set up passwordless SSH.

TIP: contact tech support to verify the port number that SSH  is using. By default it is port 22 but many web hosts change it to something else. If you do not have the correct port number all SSH attempts will fail.

You will need to use the – p option if the default port is not 22.. For example, if the port number is 2002 you will need to use the following general format:

ssh remote_user_name@mydomain.com –p 2002

or

ssh remote_user_name@web_host_ip_address -p 2002

IMPORTANT! Because WeeWX runs as root, you must enter all commands as the root user. To switch to root user type:

pi@raspberrypi:~$ sudo su

Using the terminal from your home computer, you will type something like this:
 
root@raspberrypi:~# ssh remote_user_name@my_domain_name.com (or you can use the IP address of the web host instead of your domain name). It will ask for your web host password/passphrase. Enter it.

You will be connected and the prompt changes because you are now logged in to the web host remote server:

[remote_user_name@remote_web host_server_name:]~ #

To terminate the remote connection just type in exit and you will be back to your local  root prompt: root@raspberrypi :~#

Try logging in to the remote web host once again. You will quickly learn that it will ask you for a password each and every time. We need to change this so that weewx automatically logs in to the web host server and uploads your belchertown files  - all without using passwords.

I set up passwordless SSH on two separate computers. Once I found out that the keys have to be installed as root user, the passwordless SSH setup worked on my first attempt.

Not so on the second computer. No matter what I tried, it just wouldn’t work and had to open a ticket with tech support. In the end, they had to install the public key for me on their server.

Here is the process to set up passwordless SSH.

To set up passwordless SSH:

On your Linux client, open a new terminal >> generate a new SSH key pair.

Run the command:
ssh-keygen -t rsa (remember, you need to be root!)

Note: this process generates a pair of keys; one private and one public key. Don’t enter any passwords or passphrases – leave them blank. The two keys that are generated by default will be installed into a hidden .ssh directory in your root directory.

It is a copy of the public key that needs to be copied to the web host’s server.
There are a few different ways to copy the public key to the web host. What worked for me was opening id_rsa.pub with a text editor (geany, if you have a raspberry pi) and copying the contents to the SSH Access section in cPanel.

For other methods, you can look up all kinds of tutorials..search term: passwordless SSH or check with your web host for their preferred install method.

The first time you try to passwordless SSH you should see something like this:

ssh remote user@mydomain.com -p 2002
The authenticity of host '[mydomain.com]:2002 ([mydomain.com]:2002)'
can't be established.
ECDSA key fingerprint is SHA256:IABCD+SMefgueWxklr5r7hMyZi33+DFoSn367o.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '[mydomain.com]:2002' (ECDSA) to the list of
known hosts.
[remoteuser@remote server ~]# exit
logout
Connection to mydomain closed.

After the remote server has identified you, all subsequent SSH logons - you should be able to access the shell without a password.

Here is an example of a successfull passwordless SSH access using the web host IP address instead of using your domain name. Typing exit logs you out.

root@raspberrypi:~# ssh remote_user@110.191.11.80 -p 2002
[remote_user@remote_web_host_server_name ~]$ exit
logout
Connection to 110.191.11.80 closed.
root@raspberrypi:~#
 
(no passwords required!)

Now we can proceed to setting up rsync in weewx.conf. Here is an example of the rsync configuration:

[[RSYNC]]
        # rsync'ing to a webserver is treated as just another report
        skin = Rsync
       
        # If you wish to use rsync, you must configure passwordless ssh using
        # public/private key authentication from the user account that weewx
        # runs to the user account on the remote machine where the files
        # will be copied.
        #
        # If you wish to use rsync, set "enable" to "true", then
        # fill out server, user, and path.
        # The server should appear in your .ssh/config file. # I did not find this to be necessary
        # The user is the username used in the identity file.
        # The path is the destination directory, such as /var/www/html/weather.
        # Be sure that the user has write permissions on the destination!
        enable = true
        server = my_domain_name.com or or the IP address of the web host
        port = 2002
        user = remote_user_name   #user name at web host
        path = public_html/belchertown #example target path on web host

        # To upload files from something other than what HTML_ROOT is set
        # to above, specify a different HTML_ROOT here.
        HTML_ROOT = /var/www/html/weewx/belchertown/ # source path on your home computer
       
        # Rsync can be configured to remove files from the remote server if
        # they don't exist under HTML_ROOT locally. USE WITH CAUTION: if you
        # make a mistake in the remote path, you could could unintentionally
        # cause unrelated files to be deleted. Set to 1 to enable remote file
        # deletion, zero to allow files to accumulate remotely.
        delete = 0

WARNING! It is important to verify that rsync is working or not by immediately checking the syslog for failures. If rsync is failing too many times (multiple SSH failures) your web host will ban your IP address for 24 hours and all your web sites will go dead. Trust me on this one! If rsync is failing repeatably for some reason -stop weewx immediately and figure out what went wrong.

Now the moment of truth. If syslog shows that you are sucessfully uploading with rsync, it’s time to fire up the web site. If you see the sonar “ping” you are connected live!

Congratulations – a job well done!
« Last Edit: May 10, 2022, 10:22:19 AM by gszlag »
Ambient Weather WS-2000
Ecowitt GW1000/GW1100
Ecowitt WS68: Anemometer, UV/solar
Ecowitt WH40: Rain gauge
Ecowitt WH57 Lightning sensor
Ecowitt WH32E: Outside T & H sensor
Stratus Rain Gauge (manual)
Raspberry Pi 3B+ (WeeWX/CumulusMX)
Raspberry Pi Zero 2W WeeWX/MQTT/Belchertown)
---
http://weather.glenns.ca (pwsdashboard - live)
http://weewx.glenns.ca
http://glenns.ca/cumulusmx2/index.htm
---
Uploading to: AWN, ecowitt.net, Weather Underground, PWSweather.com, AWEKAS, Windy.com, WOW