Domoticz Home Automation
You can find this feature in the menu system at the following location:
Server|Applications|Domoticz Home Automation
Domoticz should be straight forward to get started with using the default settings. However, you are STRONGLY recommended to enable password protected access in the Domoticz Management console at “Setup / Settings / Website Protection” before you do anything else. By default, Domoticz listens to all IP addresses that your server have, so without password protection and certainly if you open up the firewall, anyone can access your home automation system including for instance web cameras or electronic door locks that you may have configured.
Enable password protection at “Setup / Settings / Website Protection” in the Domoticz management console. You will need to enter your Lat/Lon coordinates too before you press “Apply Settings”.
In the ClearOS app-domoticz management interface you can set which IP address Domoticz shall listen too. By default it listens to all. If your server has multiple IP addresses (one for Internet connection and another for LAN) you can for instance specify only the LAN IP address for increased security. However, that may also make it impossible to monitor/control Domoticz from your smartphone or similar when you are on the move.
NOTE: If you configure an IP address for Domoticz to listen to, which Domoticz can not identify as belonging to the server it runs on, Domoticz will automatically start up listening on ALL ip addresses instead.
Domoticz is really powerful and can handle advanced scripts, a lot of different protocols and home automation systems. However, as a beginner, it may be a good idea to start easy: Go to “Setup/Hardware”, add Type: Motherboard Sensors, give it a name and press “Add”. Then go to “Setup/Devices” and add (by clicking the white arrow in the green circles) the ones you want. Note: It may take a minute before Domoticz discover all your motherboard sensors, so please refresh by clicking “All Devices”. Now go to “Utility” and you should see the added sensors and their current values. If you click the star, the sensor will also appear on the “Dashboard”.
The Software Update buttons does NOT work. New releases of Domoticz will be available through the normal ClearOS software update system just like all software packages in ClearOS. Also, by default the “Restart System” and “Shutdown System” buttons does not work either as that would require the daemon user “domoticz” to be added to the sudoers list (not recommended).
In ClearOS the following default settings are used when initiating the Domoticz server:
|Parameter ||Default Value
|Domoticz server - http port || 14080
|Domoticz server - https port || 14443
|SSL certificate to use for Domoticz ||Same as for this ClearOS server
|Listen to IP address ( :: for all) || ::
|Startup delay in seconds || 0
|Enable debug level in the log || Off
|Events to be written in the log || All
|Send syslog messages || Off
|Enable Logrotate and how often || Yearly
|Force rotation if log exceed size || 10M
|Number of old logs to keep || 3
|Use Attack Detector (fail2ban) || True
|Login attempts before ban || 5
|Search window (seconds) || 3600 (1 hour)
|Ban time (seconds) || 90000 (25 hours)
|Enable RTL-SDR (disables Linux support for DVB-T)|| false
Reset Domoticz Password
You can clear the password protection in Domoticz if you have forgot it:
Select “Clear Domoticz password” in the settings above and press “Update”
Allow the Domoticz server to RUN for at least 1 minute
You can now access the Domoticz management console without password
Do not forget to set a new password inside Domoticz as it is now unprotected
You will need to open up the ClearOS firewall to enable outside access to the http or https ports (default: http 14080 and https 14443) or to the server-to-server port 6144. Please be sure to have enabled Domoticz Website Protection Password first. Otherwise anyone will be able to access/monitor/control your Domoticz server including any sensors/actuators/cameras/door locks that you have configured.
Three alternatives can be selected for the SSL Certificate that the Domoticz own webserver will use:
1. Same as for this ClearOS server
2. The certificate that ships with Domoticz
3. Customized (see Details -> Documentation)
If “Same as for this ClearOS server” is selected (default) then the active SSL certificate in use for other parts of the ClearOS server will also be used by the Domoticz web server. This is the certificate that has been selected in the ClearOS Systems|Settings|General Settings. Once every 24 hours an automatic script is run to check if the ClearOS certificate has been updated. If so, then the new certificate will be imported into Domoticz as well. That means that if the ClearOS certificate is updated, it may take up to 24 hours before it becomes active in Domoticz as well. But you can force an immediate update by open up the edit window in ClearOS webconfig for Domoticz and just press “update” (no need to change any of the parameters). In some rare cases, Domoticz might not accept the certificate that is in use for the ClearOS server, and then any of the other two alternatives needs to be selected.
If “The certificate that ships with Domoticz” is selected then the Domoticz web server will use the standard certificate that is shipped with Domoticz. This should always work (but it will also give “security” warnings in your browser, something that can be avoided with the other alternatives depending on your setup).
If “Customized” is selected the Domoticz web server will use the certificate stored in the file:
At installation, the content of this file will be identical to the certificate that is in use for the ClearOS server. It is up to you (via command line) to change the content of this file so it contains the certificate(s) that is needed for your setup. It is important to understand that each key/certificate must appear in a specific order in the file:
1. Your private key
2. The server certificate
3. The intermediate certificate (if it exist)
4. The CA certificate (if it exist)
Below you find a short example on how to import your external certificates into the /var/domoticz/server_cert_custom.pem file :
If for instance your server certificate is not in “pem” format you need to convert it first:
cat your-private-key.pem > /var/domoticz/server_cert_custom.pem
cat your-server-cert.pem » /var/domoticz/server_cert_custom.pem
cat your-intermediate-cert.pem » /var/domoticz/server_cert_custom.pem
cat your-ca-cert.pem » /var/domoticz/server_cert_custom.pem
Note that it is a single “>” in the first command and double “> >” for the rest. DO NOT copy and paste from the above lines since this Wiki replaces 2 “>” with a ».
Please remember to also conditionally restart domoticz after this so that the new data is put into use:
systemctl try-restart domoticz
When you have added a number of “things” for Domoticz to monitor/control, you will soon notice that the domoticz log file grows fairly fast. By default therefore, logrotation is enabled. A check is done once a day to see if the log file has exceeded the configured max size or if it is time to rotate anyway due to the configured interval. When the log is rotated, the old log will get a date-stamp added to its file name. You can view the logs in ClearOS under “Reports / Performance and Resources / Log Viewer”.
With Domoticz password enabled, you can have extra security by enabling the Attack Detector. It will ban any originating IP address that tries to login to Domoticz with wrong user credentials a certain number of times in a given time frame (search window). When an IP address is banned, it will not be able to access any ports on your ClearOS server during the configured ban time. If your Domoticz password is disabled, the Attack Detector will not function.
Set this to “true” BEFORE connecting a Realtek RTL2832 based DVB-T USB-dongle as a software defined radio to receive temperature, humidity, pressure etc from sensors using 433,92 MHz, 868 MHz (SRD), 315 MHz, 245 MHz and 915 MHz ISM bands. If you by accident connected a RTL2832 dongle with this setting set to “false” then please power down your ClearOS machine before removing the USB as it may cause a kernel panic otherwise.
Recommended HW is: RTL-SDR Blog V3 Note: there are lower quality “clones” around. The original has 2 screws (not 4) at each end and has a slight rounded shape.
Please note, any TV viewing using the built in Linux support for decoding terrestrial DVB-T require this setting to “false” and can therefore not be used together with RTL-SDR.