Hotcakes Setup

mini HOWTO set up HotcakesDirk van der Walt

dirkvanderwalt at gmail dot com

2007-05-14

Revision HistoryRevision 0.1 2007-05-14 Revised by: DKfirst draftRevision 0.2 2007-05-23 Revised by: DKfirst releaseRevision 0.3 2007-05-25 Revised by: DKFix typo, add Feisty appendixRevision 0.4 2007-05-30 Revised by: DKAdd warning about sql_conter position (TX Troy :)!)Revision 0.5 2007-06-04 Revised by: DKAdd links to sample freeRADIUS files add Appendix for PHP Login scriptRevision 0.6 2007-08-20 Revised by: DKAdd documentation on the rlm Perl script and graphs. Updated info on versions and locations of software.Revision 0.7 2007-11-05 Revised by: DKMajor rework to feature Feisty Fawn, new appendix and quick FreeRADIUS setup.

Quick setup of a Hotcakes 802.11 hotspot.

1. Introduction

This document should be used when you want to get a Hotcakes/ChilliSpot 802.11 hotspot up andrunning as soon as possible.

It is kept terse and to the point. Please refer to the other documents on Hotcakes in order to gain betterknowledge of the setup once you have it up and running.

The document will be divided into parts. Once you completed a part, and are sure it works as intended,you can continue to the next one.

1

mini HOWTO set up Hotcakes

1.1. Feedback

Feedback is most certainly welcome for this document. Send your additions, comments and criticisms tothe following email address : <dirkvanderwalt at gmail dot com>.

1.2. What you will need.

Table 1. Items required to setup the 802.11 hotspot

Item CommentA modern GNU Linux Machine This document will use Ubuntu Feisty Fawn (7.04)

Two Ethernet network cards One network card connects to the Internet. Theother to an Access Point

A WiFi Access Point This can be any type. NOT running a DHCP server.

Please refer to the following diagram to see how everything should fit together.

Figure 1. Hardware Setup.

We show a scematic how the hardware fits together.

Once you collected the above ingredients, you can jump right in.

2. Watch Out!

When I tested this document against Ubuntu I run into various problems. I would also like to thank allthose who gave feedback on previous versions of this document, since this helped to confirm some issues.

The problems are listed at the beginning of the document in order for you to avoid it right from the start.

2.1. Ubuntu Gutsy Gibbon (7.10)

This release of Ubuntu has various bugs. The Free Radius that ships with it (1.1.6) is broken. Avoid thisrelease for now.

2


2.2. Free Radius version 1.1.7

The latest stable release of Free Radius as of this writing. Sometimes it does not want to compile onUbuntu Feisty Fawn (7.04).

Installing ’libltdl3-dev’ cleared this problem but introduced a bigger one which causes Free Radius not tostartup.

You are advised to use Free Radius version 1.1.6.

2.3. Perl Linker problems

On Ubuntu Gutsy Gibbon (7.10) and those Free Radius (version 1.1.6 and 1.1.7) which I compiled onUbuntu Feisty Fawn (7.04) I got the following error when starting Free Radius.

perl: func_stop_accounting = "(null)"Can’t load ’/usr/lib/perl/5.8/auto/POSIX/POSIX.so’ for module POSIX: /usr/lib/perl/5.8/auto/POSIX/POSIX.so: undefined symbol: PL_sig_name at /usr/lib/perl/5.8/XSLoader.pm line 70.

The perl module of Free Radius was not able to find other Perl modules.

After I removed ’libltdl3-dev’, the problem was cleared.

Warning

Before you continue, issue to following command just to be sure.

apt-get remove libltdl3-dev

3. Configure Hotcakes as a LAMP Application

Hotcakes is a standard LAMP (Linux Apache Mysql PHP) web application which makes use of theCakePHP framework.

This section assumes a plain Ubuntu Feisty Fawn (7.04) install (server or desktop).

You will be taken through the steps to get Hotcakes running on it.

3


3.1. Installing the required packages

You need to have a working LAMP stack. Install the following packages for this:

sudo apt-get install apache2-mpm-prefork php5 php5-mysql mysql-server-5.0 mysql-client-5.0 php5-gd

If you don’t know how to install these packages on Ubuntu, please visit the InstallingSoftware(https://help.ubuntu.com/community/InstallingSoftware) page for more information.

Warning

The package ’php5-mysql’ did not install correct on several of my machines.

To fix this, run

sudo dpkg-reconfigure php5-mysql

from the command line.

This alters the ’/etc/php5/apache2/php.ini’ file to include the php-mysql module.

Reload Apache with the ’sudo /etc/init.d/apache2 reload’ command.

3.2. Installing CakePHP

Hotcakes makes use of the CakePHP framework of PHP classes.

You should download the latest stable version Here (http://www.cakephp.org/downloads) (Version1.1.18.5850 as of this writing)

Untar it in the directory from which the Apache web server is serving. (’/var/www’ in Ubuntu)

sudo cp /home/jo_blob/cake_1.1.18.5850.tar.gz /var/www/cd /var/wwwsudo tar -xzvf cake_1.1.18.5850.tar.gzsudo ln -s cake_1.1.18.5850 cake

There are a few tweaks Apache and php need before CakePHP will work correct.

Make sure you add the following to the ’/etc/apache2/apache2.conf’ file:

<Directory /var/www/cake>

AllowOverride All</Directory>

4


Edit the following line in the ’/etc/php5/apache2/php.ini’ file:

Change

output_buffering = Off

To

output_buffering = 4096

Enable the rewrite Apache module and reload Apache’s configuration

sudo a2enmod rewritesudo /etc/init.d/apache2 reload

3.3. Installing Hotcakes

CakePHP can have various applications which make use of its framework.

Hotcakes is such an application.

These applications each gets installed under the ’/var/www/cake’ directory.

Untar the Hotcakes tarball under the ’/var/www/cake’ directory.

Change the owner of the ’/var/www/cake/hotcakes/tmp’ directory and its contents to that of the userrunning Apache.

sudo chown -R www-data. /var/www/cake/hotcakes/tmp

Change ’/var/www/cake/hotcakes/webroot/generated’ to be writable in order for the graphs to be created.

sudo chmod 777 /var/www/cake/hotcakes/webroot/generated

You should now be able to get to the hotcakes page, but still need to setup the database.

5


3.4. Configure the database

You need to create a database called ’radius’ and allow access to it for a username / passwordcombination.

It is good practice to change the default username / password combination.

This can be changed inside the ’/var/www/cake/hotcakes/config/database.php’ file.

These sample commands assume the defaults.

mysql -u rootcreate database radius;GRANT ALL PRIVILEGES ON radius.* to ’radius’@’127.0.0.1’ IDENTIFIED BY ’radius’;GRANT ALL PRIVILEGES ON radius.* to ’radius’@’localhost’ IDENTIFIED BY ’radius’;exit;mysql -u root radius < /var/www/cake/hotcakes/db/radius.sql

3.5. Log Into Hotcakes

Everything on the LAMP side should now be up and running.

Hotcakes has three levels of users. Go to the http://127.0.0.1/cake/hotcakes(http://127.0.0.1/cake/hotcakes/) page.

You have a choice of the role under which you want to log on. The following users are created by defaultfor each of the roles.

Table 2. Roles and default users for each

Role Username PasswordAdmin root admin

Cashier chuck berry

Cashier gene vincent

Client alee alee

Client alee@bigburger alee

Client alee@koffiehuis alee

6


Warning

Be sure to change the admin password! To change it, log in as role ’Admin’ and goto ’Settings’ -> ’Admin Password’.

4. Configure Free Radius to use Hotcakes

Now that you have the Hotcakes LAMP side of your 802.11 hotspot working we can continue by settingup Free Radius.

Hotcakes does not just use any version of Free Radius.

Warning

Hotcakes needs version 1.1.4 or above of Free Radius. Version 1.1.6 isrecommended. Version 1.1.7 can cause problems.

I know you might be tempted by just installing the version that comes standard with Ubuntu, but thenyou are in for a half baked solution.

This half baked solution will not be able to do proper book keeping of quotas for time or data (bytes).

Note: As a technical note, I experienced problems with data quotas even with the latest Free Radius.Thus, this guide will show you how to use a custom Perl script to do proper book-keeping inconjunction with the latest compiled version of Free Radius.

4.1. Compiling Free Radius

Before you compile version 1.1.6 of Free Radius, ensure the following packages are installed.

They ensure that Free Radius can use the Perl and MySQL modules.

sudo apt-get install build-essential libmysqlclient15-dev libperl-dev

7


If you don’t know how to install these packages on Ubuntu, please visit the InstallingSoftware(https://help.ubuntu.com/community/InstallingSoftware) page for more information.

You can download the latest version of Free Radius Here (http://www.freeradius.org/getting.html)(version 1.1.7 as of this writing)

tar -xzvf freeradius-1.1.6.tar.gzcd freeradius-1.1.6./configuremakesudo make install

This will install Free Radius in the ’/usr/local’ directory.

You can test to see if Free Radius works by issuing the following command:

sudo /usr/local/sbin/radiusd -X

This will start Free Radius in debug mode ( To stop it -> Ctrl+c).

4.2. Configure Free Radius the quick way

Rather than going through the setup of Free Radius step by step, we take the shorter route.

Copy the sample files

sudo cp /var/www/cake/hotcakes/db/radius/dictionary /usr/local/etc/raddbsudo cp /var/www/cake/hotcakes/db/radius/proxy.conf /usr/local/etc/raddbsudo cp /var/www/cake/hotcakes/db/radius/radiusd.conf /usr/local/etc/raddbsudo cp /var/www/cake/hotcakes/db/radius/rlm_perl.pm /usr/local/etc/raddbsudo cp /var/www/cake/hotcakes/db/radius/sql.conf /usr/local/etc/raddbsudo cp /var/www/cake/hotcakes/db/radius/sqlcounter.conf /usr/local/etc/raddbsudo cp /var/www/cake/hotcakes/db/radius/users /usr/local/etc/raddbsudo cp /var/www/cake/hotcakes/db/radius/dictionary.chillispot /usr/local/share/freeradius

Change the permissions and ownership.

sudo chown www-data. /usr/local/etc/raddb/proxy.confsudo chmod 644 /usr/local/etc/raddb/dictionary

4.3. Specifying the paths used by Hotcakes

Hotcakes needs to know the location of files or directories. You need to verify that they are correct.

8


You can change these settings by going to the following page as the Admin ’Settings -> Paths & Misc’.

Table 3. Please verify the following

Item Valuepath_to_dictionary_files /usr/local/share/freeradius/

main_dictionary_file /usr/local/etc/raddb/dictionary

location_of_radscenario /var/www/cake/hotcakes/webroot/files/radscenario_wip

radius_proxy_file /usr/local/etc/raddb/proxy.conf

Tip: When you deviate from this standard install, you may have to tweak the ’radscenario_wip’ file abit. It is a Perl script.

4.4. Testing the waters

Now you just need to restart Free Radius again, and then you can select any of the existing users inHotcakes, click on its ’view’ action (The magnifying glass), and select the ’Testing’ tab.

Here you can select to test plain authentication, or authentication and accounting.

Depending on the user’s profile, you will see how each time the accounting gets added, the user’s ’cap’gets depleted in the feedback.

4.5. Making things permanent

We need to ensure Free Radius will start-up each time when the machine is rebooted.

sudo cp /usr/local/sbin/rc.radiusd /etc/init.d/radiusdsudo ln -s /etc/init.d/radiusd /etc/rc2.d/S80radiusd

This brings us to the last section, which will set up ChilliSpot. After that is completed, we will have aworking hotspot.

9


5. Configure ChilliSpot to use Free Radius

This section takes a lot from a document which can be found Here(http://global.freifunk.net/item/chillispot_howto). Many thanks to the author for making things clear tome.

5.1. Description of ChilliSpot

Before you install ChilliSpot you may need to know what it will be up to. This is a brief introduction toChilliSpot.

The goal is to setup a gateway that will force users to login (via a captive portal web-page).

The machine containing ChilliSpot should have 2 network interfaces (we will use eth0 and eth1 in ourexample).

Eth0 is connected to the Internet.

Eth1 is an internal interface THROUGH which our other machines will connect to the Internet.

We can connect a switch to Eth1. To this switch we can attach a number of other machines or wirelessAccess Points (layer 2 transparent bridges).

ChilliSpot runs a program called ’chilli’ which takes control of the internal interface (eth1) using a vtunkernel module to bring up a virtual interface (tun0). In fact the vtun kernel module is used to move IPpackets from the kernel to user mode, in such a way that ChilliSpot can function without anynon-standard kernel modules. ChilliSpot then sets up a DHCP server (this can be disabled from theChilliSpot conf file) on the tun0 interface.

A client connecting to this interface has all packets rejected until it is authorized though the ChilliSpotlogin page (acting as a supplicant for authentication). When a non-authenticated client tries to connect toa web-page (on port 80 or 443) the request is intercepted by chilli and redirected to a perl-script called’hotspotlogin.cgi’ (served by Apache over https).

’hotspotlogin.cgi’ serves a page to the end-user with a username and password field. Theseauthentication data are then forwarded to the Free Radius server, which matches them with informationin it’s backend (using either PAP or CHAP). The backend in this case is MySQL, but could be anynumber of services such as LDAP, Kerberos, unix passwd files or even Active Directory (probably).

A user is then either rejected or authenticated by Free Radius, prompting hotspotlogin.cgi to presenteither a rejection message or a page with a success message and a logout link to the user.

10


5.2. Compiling ChilliSpot

5.2.1. The state of ChilliSpot

ChilliSpot is back! As of this writing you can grab ChilliSpot here (http://www.chillispot.info).

Note: A VERY BIG Thank You for those involved in the recreation of our favourite Captive Portal’swebsite.

Alternatively CoovaChilli (http://coova.org/wiki/index.php/CoovaChilli) is available which includes afew enhancements.

The plan was to document the use of CoovaChilli instead of ChilliSpot here, but I’ve decided against it. Iwould rather create a recipe in the Cookbook dedicated to CoovaChilli, since it has lots of enhancements.It has been reported that the original ChilliSpot’s config file does work perfect with CoovaChilli.

Grab the latest release of ChilliSpot and do the following:

tar -xzvf chillispot-1.1.0.tar.gzcd chillispot-1.1.0./configuremakesudo make install

This will install ChilliSpot in the ’/usr/local’ directory.

5.3. Setup SSL on Apache

For security reasons we want to present the login page only via an encrypted (https) connection, so weneed to configure Apache to serve SSL encrypted pages.

You need to install the openssl package, if it is not already installed.

sudo apt-get install openssl

I’m not going to repeat documentation. This HOWTO Here(https://help.ubuntu.com/community/forum/server/apache2/SSL) will supply all required information toconfigure your SSL enabled website.

11


Note:

1. The first step of the Apache SSL HOWTO here(https://help.ubuntu.com/community/forum/server/apache2/SSL) mentions theapache2-ssl-certificate command. This will be replaced by the following steps. The rest stay asis.

2.

sudo suHOST="my.apache.hostname.example.org"openssl genrsa -out $HOST.keyopenssl req -new -key $HOST.key -out $HOST.csropenssl x509 -req -days 368 -in $HOST.csr -signkey $HOST.key -out $HOST.certmv $HOST.key /etc/ssl/private/chmod 0400 /etc/ssl/private/$HOST.keymv $HOST.cert /etc/ssl/certs/

3. The ssl virtual host file now have to specify these files we have just created.

Replace

SSLEngine OnSSLCertificateFile /etc/apache2/ssl/apache.pem

With

SSLEngine OnSSLProtocol +allSSLCiphersuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULLSSLCertificatefile /etc/ssl/certs/my.apache.hostname.example.org.certSSLCertificatekeyfile /etc/ssl/private/my.apache.hostname.example.org.key

5.4. Configure the Login Page

Tip: If you fancy a more fancy login script, see Appendix A to use a PHP Login script.

There are some important files which you will find inside the ’doc’ directory situated below the’chillispot-1.1.0’ directory created when you extract the chillispot-1.1.0.tar.gz file.

Copy the hotspotlogin.cgi file to the directory defined for CGI scripts in Apache.

sudu mkdir /usr/lib/cgi-binsudo cp /(where_you_extracted_chillispot_to)/doc/hotspotlogin.cgi /usr/lib/cgi-bin/sudo chmod +x /usr/lib/cgi-bin/hotspotlogin.cgi

12


Be sure the following two lines in /usr/lib/cgi-bin/hotspotlogin.cgi are configured. Please change thesecret value to something difficult.

# Shared secret used to encrypt challenge with. Prevents dictionary attacks.# You should change this to your own shared secret.$uamsecret = "ht2eb8ej6s4et3rg1ulp";

# Uncomment the following line if you want to use ordinary user-password# for radius authentication. Must be used together with $uamsecret.$userpassword=1;

5.5. Routing and the Firewall

Eth0 should be active while Eth1 should not be configured. You can use a fixed IP or DHCP address onEth0. To verify that Eth1 in not configured, go to ’System->Administration->Networking’. To disable aninterface, select it, select ’Properties’ and de-select ’Enable this connection’.

ChilliSpot will use Eth1 to create a virtual tunnel on top of it, so it must not be configured.

You need to enable the routing of IP packets between the two network interfaces (eth0 and eth1). Toenable this you need to make sure the ’/etc/sysctl.conf’ file contains the following:

# Uncomment the next line to enable packet forwarding for IPv4net.ipv4.conf.default.forwarding=1

This will enable routing between the network interfaces.

Tip: Sometimes this does not activate the routing, and you’ll have to then ’brute force’ it with:

net.ipv4.ip_forward = 1

You also need to secure your 802.11 hotspot from the outside world. There is a sample firewall script’firewall.iptables’ which you can use. Please look inside it to ensure it is according to your setup. (yournetwork interfaces may differ from it) You may also want to add extra rules to open certain incomingports.

sudo cp /(where_you_extracted_chillispot_to)/doc/firewall.iptables /etc/init.d/sudo ln -s /etc/init.d/firewall.iptables /etc/rcS.d/S40firewall.iptables

This will ensure that the firewall is up and running during startup.

13


5.6. Setup chilli’s configuration

ChilliSpot by default will look for the file called ’chilli.conf’ inside the ’/etc’ directory upon startup.Again there is a sample one inside the ’doc’ directory which you should use.

sudo cp /(where_you_extracted_chillispot_to)/doc/chilli.conf /etc/chilli.conf

Be sure you check and specify the following list of items inside this file

Table 4. Important parameters to specify or verify

Parameter Commentuamserver https://192.168.182.1/cgi-bin/hotspotlogin.cgi

uamhomepage http://192.168.182.1/cake/hotcakes/welcome/login_page.html

uamsecret (same as value specified in hotspotlogin.cgi)

uamallowed Specify the DNS servers defined on your machine

radiusserver1 127.0.0.1

radiusserver2 127.0.0.1

radiussecret testing123

dhcpif eth1 (the network interface NOT on the Internet)

It is important to verify what the DNS servers are that your machine uses. Go to’System->Administration->Networking’ to specify or verify them.

ChilliSpot will specify them (if not exclusively specified in /etc/chilli.conf) to clients requesting DHCPIP addresses. You need to allow traffic through to these DNS servers even BEFORE a client machine isauthenticated in order to resolve domain names to IP address numbers. This is why they need to bespecified in the ’uamallowed’ list.

The ’uamhomepage’ is typically where you will inform clients about your mega, ultra, supa cool hotspot.Please edit this file to suit your needs. This is the first page they will be greeted with - first impressions :).

5.7. Startup script for ChilliSpot

The startup script included with ChilliSpot is not suitable for Ubuntu. You can use the following one.Create a file called ’chillispot’ inside the ’etc/init.d’ directory.

#!/bin/sh#

14


# chillispot Start the chilli daemon.## This program is free software; you can redistribute it and/or modify# it under the terms of the GNU General Public License as published by# the Free Software Foundation; either version 2 of the License, or# (at your option) any later version.## This program is distributed in the hope that it will be useful,# but WITHOUT ANY WARRANTY; without even the implied warranty of# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the# GNU General Public License for more details.## You should have received a copy of the GNU General Public License# along with this program; if not, write to the Free Software# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA## Copyright (C) 2007 Hotcakes

prefix=/usr/localexec_prefix=${prefix}sbindir=${exec_prefix}/sbinlocalstatedir=${prefix}/varrundir=’/var/run/’sysconfdir=${prefix}/etc

export LD_LIBRARY_PATH LD_RUN_PATH LD_PRELOAD

CHILLID=$sbindir/chilliDESC="Chillispot"

#ARGS=""#To allow hotcakes to disconnect a userARGS="--coaport 3799"

test -f $CHILLID || exit 0test -f /etc/chilli.conf || exit 0

case "$1" instart)

echo -n "Starting $DESC:"$CHILLID $ARGSecho "chillispot";;

stop)[ -z "$2" ] && echo -n "Stopping $DESC: "[ -f $rundir/chilli.pid ] && kill -TERM ‘cat $rundir/chilli.pid‘[ -z "$2" ] && echo "chillispot.";;

restart)sh $0 stop quietsleep 3sh $0 start;;

15


*)echo "Usage: /etc/init.d/chillispot {start|stop|restart}"exit 1

esac

exit 0

Then you need to enable it during start up

sudo chmod +x /etc/init.d/chillispotsudo ln -s /etc/init.d/chillispot /etc/rcS.d/S90chillispot

6. See Everything in action.Tip: Now is a good time to give your machine a reboot. You can then verify that all services whichwas suppose to start did start.

You may want to start Free Radius and ChilliSpot in the foreground first to make sure it works asintended. This is also handy when you troubleshoot.

When things does not seem to work as they should, it is better to see which component may not work asexpected. The way to do this is to start ChilliSpot and Free Radius in the foreground and in debug mode.

Tip: Remember to make sure ChilliSpot and Free Radius are NOT already running before you startthem in debug mode. (sudo /etc/init.d/freeradius stop AND sudo /etc/init.d/chillispot stop)

Open two terminals and issue the following commands in them. To start Free Radius

sudo /usr/sbin/radiusd -X

To start ChilliSpot

sudo /usr/local/sbin/chilli --debug --fg

You can now try and connect through the Access Point (with its own DHCP server turned off).

You should see how ChilliSpot hands out an IP Address to the client machine, (a 192.168.182.x address)

16


Try and go onto the Internet trough a browser (remember NO proxy - direct connection to the Internet).You should be redirected to the welcome page(http://192.168.182.1/cake/hotcakes/welcome/login_page.html). There is a link to the login pagehttp://192.168.182.1:3990/prelogin. Log in with a username / password combination defined in Hotcakes

You should now see how Free Radius does its magick and gives ChilliSpot the feedback that you areallowed to go in. ChilliSpot will open the network gate for you, and you should be able to go into theInternet.

Check how the web pages served by Hotcakes reflect this in almost real time. (You may want to log offand on again from the client machine)

A. PHP login script Appendix

This section mentions the things you have to do in order to use the modified GoLogin script as the loginscript.

A.1. GoLogin (modified)

The GoLogin PHP script is an alternative to the standard ’hotspotlogin.cgi’ script which comes standardwith ChilliSpot. It is more smooth on the eye, and includes style sheets etc.

Many thanks to everyone involved in its development. I’ve made a few tweaks in order for it to workwith Hotcakes. This appendix will show how to get it implemented instead of the standard’hotspotlogin.cgi’ script.

1. Specify the location of the GoLogin script in ’/etc/chilli.conf’.

uamserver https://192.168.182.1/cake/hotcakes/welcome/go/

2. Please verify the following configuration items inside the’/var/www/cake/hotcakes/webroot/welcome/lib/config.php’ file.

// Set this to the base url of your login website.// for example: "https://wireless_login.mysite.com/"define(’BASE_URL’, ’https://192.168.182.1/cake/hotcakes/welcome/go/’);

// Shared secret used to encrypt challenge with. Prevents dictionary// attacks. You should change this to your own shared secret.// NOTE: This should match chilli.conf’s ’uamsecret’.define(’UAMSECRET’, ’ht2eb8ej6s4et3rg1ulp’);

If you used values other than default, you may have to tweak it in this file.

17


Please change the secret value to something difficult. This has to be the same as the value specifiedin ’etc/chilli.conf’.

3. You may want to change the logo displayed on the login page. This is the ’wireless_logo.png’ fileunder ’/var/www/cake/hotcakes/webroot/welcome/go/’.

4. This login page is now available in four languages. You can alter the language with the followingsetting.

// With which language shall I talk to you?// available: ’en’, ’de’, ’pt_BR’, ’af’$lg = ’en’;

You are encouraged to ask you customers to click on the ’Bookmark’ link on the login page. This willmake it easy for them to get back to the login page if they closed the pop-up window by accident.

The tweaks which I’ve added use Ajax to periodically fetch the latest stats about the user’s connectionand display them in the pop-up page.

B. Easy URL’s using a local DNS

This section helps you set up a local DNS server which can be used by ChilliSpot.

B.1. Why a local DNS

Wouldn’t it be nice to tell your 802.11 hotspot users if they want to do a certain action, they can just typethis cation in the address bar of their browser and they will be redirected to this action’s page.

Example, to login, type ’login’, to exit type ’exit’, to check your account type ’info’.

A local DNS server used by ChilliSpot will empower you to do just that. Lets start.

1. Install BIND on the server running Hotcakes.

Tip: You are not limited to have it on this server, in fact it can be on any server, you can even modifyan existing DNS server.

sudo apt-get install bind9 dnsutils

18


2. Add the following to ’/etc/bind/named.conf.local’.

# This is the zone definition. replace hotcakes.com with your domain name

zone ’hotcakes.com’ {type master;file ’/etc/bind/zones/hotcakes.com.db’;};

3. Edit the ’/etc/bind/named.conf.options’ file to contain the DNS servers of your ISP under the’forwarders’ section.

forwarders {# Replace the address below with the address of your provider’s DNS server123.123.123.123;

};

4. Add the zone definition files.

sudo mkdir /etc/bind/zonestouch /etc/bind/zones/hotcakes.com.db

Add content to hotcakes.com.db. You can ’localize’ it so the users do not have to enter the Englishwords for the actions.

Replace hotcakes.com with your domain name. Do not forget the ’.’ after the domain name! Also,replace ns1 with the name of your DNS server

hotcakes.com. IN SOA ns1.hotcakes.com. admin.hotcakes.com. (200703100128800360060480038400)

hotcakes.com. IN NS ns1.hotcakes.com.

ns1 IN A 192.168.182.1login IN A 192.168.182.1info IN A 192.168.182.1exit IN A 192.168.182.1

5. Restart the BIND server.

sudo /etc/init.d/bind9 restart

6. Just point your ChilliSpot machines to this DNS server. If the machine you run ChilliSpot on areusing THIS DNS server as THEIR DNS server, you may not need to change the ’chilli.conf’ file. Ifnot you can either change it so the machine self uses this DNS server as its DNS server, or you canspecify it in ’chilli.conf’ as the value for ’dns1’ and ’dns2’.

Tip: Remember the ’uamallowed’ value also may have to change.

19


7. You also need to modify the value of ’domain’ in ’chilli.conf’ to be the same as the domain youcreated the DNS zone for.

# TAG: domain# Domain name# Will be suggested to the client.# Normally you do not need to uncomment this tag.domain hotcakes.com

8. Finally you need to create an intelligent ’landing page’. This page will see how it was called andredirect the client according to how it was called.

If the page was called by ’info’, the client will be redirected to login to their info page.

If the page was called by ’exit’ they will be logged off the 802.11 hotspot

A sample landing page is in ’/var/www/cake/hotcakes/db/index.php’. Copy this to the ’/var/www’directory of the server specified in your DNS zone file.

You may have to fine tune it to suit your configuration.

B.1.1. How it works

When a client gets an IP address from ChilliSpot it also gets a default domain specified by the ’domain’entry in ’chilli.conf’.

Lets assume we specified it as ’hotcakes.com’

When a client asks to browse to ’exit’, in the background, the operating system asks the DNS server toresolve ’exit.hotcakes.com’.

We created a zone for hotcakes.com in the local DNS server, and can thus resolve the request. (EG192.168.182.1)

Our client gets redirected to the index page of the web server. The web server’s index page check whatwas requested and redirects accordingly.

Note: If you have system which makes use of a transparent proxy you must also ensure it can alsoresolve a name like ’exit’ to an IP address. I had to manually add this to the ’/etc/hosts’ file on aOpenWRT Access Point. I also had to fine tune the ’/etc/tinyprox/tinyproxy.conf’ file. YMMV!

20


C. Translating Hotcakes to your native tongue

How to go about to create an extra language for Hotcakes.

C.1. Multi Language support

Hotcakes Beta-5 has is a new feature which enables you to translate Hotcakes in your native language.The default is English.

Your language may already be included, but if not, here’s the steps you could follow to implement it. Wewill take the Afrikaans language as a sample.

1. Ensure the locale package of the language installed.

This will typically be a package like ’language-pack-af’ for Afrikaans.

2. To confirm, you can check the name of the locale under the ’/usr/lib/locale’ directory.

The Afrikaans one is shown as ’af_ZA.utf8’.

3. This will be used in the links which cause the language to change. You change the link by giving thelocale string as an parameter to the ’/cake/hotcakes/landing_pages/set_language’ page.

To set the language to Afrikaans, a link will look like this:href="/cake/hotcakes/landing_pages/set_language?language=en_ZA.utf8"

4. The file containing all the translatable phrases (messages.po) is situated under’/var/www/cake/hotcakes/plugins/locale’.

The different languages are in their respective folders under the ’locale’ folder (without the ’.utf8’).See the existing ones as reference, and remember ’msgfmt’ to generate the ’messages.mo’ file.

21


5. If your install is not under ’/var/www/cake’ please edit the ’hotcakes/app_controller.php’ file toreflect the current location. (value of ’$locale_location’)

6. You may want to add menu entries for this language.

/var/www/cake/hotcakes/webroot/files/menu_cashier.php/var/www/cake/hotcakes/views/layouts/default.thtml/var/www/cake/hotcakes/views/layouts/client.thtml/var/www/cake/hotcakes/webroot/files/menu.php

7. Flags are under ’/var/www/cake/hotcakes/webroot/img/flags’.

Tip: You are also encouraged to donate the translation back to the Hotcakes project for integration.

22

Hotcakes Setup

Documents

Transcript of Hotcakes Setup