Developers Documentation

×

Warning

0 error for file:https://clearos.com/dokuwiki2/lib/exe/css.php?t=dokuwiki&tseed=82873f9c9a1f5784b951644363f20ef8

User Tools

Site Tools


Domoticz Home Automation

You can find this feature in the menu system at the following location:

Server|Applications|Domoticz Home Automation

Introduction

Domoticz should be straight forward to get started with using the default settings. However, you are STRONGLY recommended to enable password protected access in the Domoticz Management console at “Setup / Settings / Website Protection” before you do anything else. By default, Domoticz listens to all IP addresses that your server have, so without password protection and certainly if you open up the firewall, anyone can access your home automation system including for instance web cameras or electronic door locks that you may have configured.

Getting Started

Password Protection

Enable password protection at “Setup / Settings / Website Protection” in the Domoticz management console. You will need to enter your Lat/Lon coordinates too before you press “Apply Settings”.

Configuring Access

In the ClearOS app-domoticz management interface you can set which IP address Domoticz shall listen too. By default it listens to all. If your server has multiple IP addresses (one for Internet connection and another for LAN) you can for instance specify only the LAN IP address for increased security. However, that may also make it impossible to monitor/control Domoticz from your smartphone or similar when you are on the move.

NOTE: If you configure an IP address for Domoticz to listen to, which Domoticz can not identify as belonging to the server it runs on, Domoticz will automatically start up listening on ALL ip addresses instead.

Domoticz Setup

Domoticz is really powerful and can handle advanced scripts, a lot of different protocols and home automation systems. However, as a beginner, it may be a good idea to start easy: Go to “Setup/Hardware”, add Type: Motherboard Sensors, give it a name and press “Add”. Then go to “Setup/Devices” and add (by clicking the white arrow in the green circles) the ones you want. Note: It may take a minute before Domoticz discover all your motherboard sensors, so please refresh by clicking “All Devices”. Now go to “Utility” and you should see the added sensors and their current values. If you click the star, the sensor will also appear on the “Dashboard”.

Configuration

The Software Update buttons does NOT work. New releases of Domoticz will be available through the normal ClearOS software update system just like all software packages in ClearOS. Also, by default the “Restart System” and “Shutdown System” buttons does not work either as that would require the daemon user “domoticz” to be added to the sudoers list (not recommended).

Default Settings

In ClearOS the following default settings are used when initiating the Domoticz server:

Parameter Default Value
Domoticz server - http port 14080
Domoticz server - https port 14443
SSL certificate to use for Domoticz Same as for this ClearOS server
Listen to IP address ( :: for all) ::
Startup delay in seconds 0
Enable debug level in the log Off
Events to be written in the log All
Send syslog messages Off
Enable Logrotate and how often Yearly
Force rotation if log exceed size 10M
Number of old logs to keep 3
Use Attack Detector (fail2ban) True
Login attempts before ban 5
Search window (seconds) 3600 (1 hour)
Ban time (seconds) 90000 (25 hours)

Reset Domoticz Password

You can clear the password protection in Domoticz if you have forgot it:

  • Select “Clear Domoticz password” in the settings above and press “Update”
  • Allow the Domoticz server to RUN for at least 1 minute
  • You can now access the Domoticz management console without password
  • Do not forget to set a new password inside Domoticz as it is now unprotected

Firewall

You will need to open up the ClearOS firewall to enable outside access to the http or https ports (default: http 14080 and https 14443) or to the server-to-server port 6144. Please be sure to have enabled Domoticz Website Protection Password first. Otherwise anyone will be able to access/monitor/control your Domoticz server including any sensors/actuators/cameras/door locks that you have configured.

SSL Certificate

Three alternatives can be selected for the SSL Certificate that the Domoticz own webserver will use:

1. Same as for this ClearOS server
2. The certificate that ships with Domoticz
3. Customized (see Details -> Documentation)

If “Same as for this ClearOS server” is selected (default) then the active SSL certificate in use for other parts of the ClearOS server will also be used by the Domoticz web server. This is the certificate that has been selected in the ClearOS Systems|Settings|General Settings. Once every 24 hours an automatic script is run to check if the ClearOS certificate has been updated. If so, then the new certificate will be imported into Domoticz as well. That means that if the ClearOS certificate is updated, it may take up to 24 hours before it becomes active in Domoticz as well. But you can force an immediate update by open up the edit window in ClearOS webconfig for Domoticz and just press “update” (no need to change any of the parameters). In some rare cases, Domoticz might not accept the certificate that is in use for the ClearOS server, and then any of the other two alternatives needs to be selected.

If “The certificate that ships with Domoticz” is selected then the Domoticz web server will use the standard certificate that is shipped with Domoticz. This should always work (but it will also give “security” warnings in your browser, something that can be avoided with the other alternatives depending on your setup).

If “Customized” is selected the Domoticz web server will use the certificate stored in the file:

  • /var/domoticz/server_cert_custom.pem

At installation, the content of this file will be identical to the certificate that is in use for the ClearOS server. It is up to you (via command line) to change the content of this file so it contains the certificate(s) that is needed for your setup. It is important to understand that each key/certificate must appear in a specific order in the file:

1. Your private key
2. The server certificate
3. The intermediate certificate (if it exist)
4. The CA certificate (if it exist)

Below you find a short example on how to import your external certificates into the /var/domoticz/server_cert_custom.pem file :

If for instance your server certificate is not in “pem” format you need to convert it first:

  • openssl x509 -in your-server-cert.crt -inform der -outform pem -out your-server-cert.pem

Then:

  • cat your-private-key.pem > /var/domoticz/server_cert_custom.pem
  • cat your-server-cert.pem » /var/domoticz/server_cert_custom.pem
  • cat your-intermediate-cert.pem » /var/domoticz/server_cert_custom.pem
  • cat your-ca-cert.pem » /var/domoticz/server_cert_custom.pem

Note that it is a single “>” in the first command and double “> >” for the rest. DO NOT copy and paste from the above lines since this Wiki replaces 2 “>” with a ».

Please remember to also conditionally restart domoticz after this so that the new data is put into use: systemctl try-restart domoticz

Log Rotation

When you have added a number of “things” for Domoticz to monitor/control, you will soon notice that the domoticz log file grows fairly fast. By default therefore, logrotation is enabled. A check is done once a day to see if the log file has exceeded the configured max size or if it is time to rotate anyway due to the configured interval. When the log is rotated, the old log will get a date-stamp added to its file name. You can view the logs in ClearOS under “Reports / Performance and Resources / Log Viewer”.

Attack Detector

With Domoticz password enabled, you can have extra security by enabling the Attack Detector. It will ban any originating IP address that tries to login to Domoticz with wrong user credentials a certain number of times in a given time frame (search window). When an IP address is banned, it will not be able to access any ports on your ClearOS server during the configured ban time. If your Domoticz password is disabled, the Attack Detector will not function.

Help

content/en_us/7_ug_domoticz.txt · Last modified: 2017/02/24 11:56 by fred_swede

https://clearos.com/dokuwiki2/lib/exe/indexer.php?id=content%3Aen_us%3A7_ug_domoticz&1569157748