How to Use Raspberry Pi for Hosting a Product

While playing with Raspberry Pi together with my older son in educational purposes I discovered this platform as a good base for any kind of products that can not be deployed in the cloud.

Our prime use cases were smart home things such as: door access control, Wi-Fi management with parental control, heating regulations and illumination. But this can be anything that requires control software and optionally peripherals that Raspberry Pi is already equipped or can be equipped.

Operating System

The starting point was OS administration challenge. I decided to choose Ubuntu server being Ubuntu user for several years for the home laptop which was used mainly for browsing the web and rare Java programming. Initially Ubuntu was selected as the most popular freeware OS distributive. Since Raspberry Pi's processor is ARM64 the amount of Debian-type libraries containing the build for this architecture is much less than for x86 or ADM64. In other words some dependencies that may work on Desktop computer may not work on Raspberry Pi. But open source libraries can be recompiled at the targeted architecture which is a nice advantage.

From the consumer point of view the product is fully OS-agnostic. This is interfaced as a web application and thus it has certain advantages against desktop applications such as access from anywhere or virus vulnerability.

Front-end

For the front end the logical approach is a web-application that can be accessed from the browser of external computer. There are several front-end technologies existed but we decided to exercise with Vue.js. There are plenty of components exist for this framework that may allow to implement various kind of things from QR code scanning to video recording. And of course there is Axios library for interaction with the back-end.

Back-end

Back-end is a core functionality of the product. It is the main container of the product's intellectual property which is interfaced from the front-end. For the back end system we decided to take Java based Spring Boot due to experience with Java from the past. There were several issues regarding HTTPs and CORS support but finally successfully solved.

Licensing

There is a threat of cloning and thus licensing for the particular hardware needs to be solved. Hardware can be identified different ways but the legacy approach is MAC address of the network adapter. Thus the license system should check applicability of existing software license to the hardware it is targeted to. So there is 2 step license activation: (a) downloading hardware identification code from the product and (b) uploading the license that was generated for the particular hardware identification code. We designed our own protocol that involves hashing, symmetrical encryption and PKI.

Disk protection

Since Linux was initially designed for server-like systems accessible remotely its file system was not developed the way to protect data when disk is mounted to another device with root credentials. Modern Ubuntu uses disk encryption protected the the passphrase. However passphrase for server system with no visual UI is problematic. We found a way to protect certain segment of the file system suing root password. We achieved that by using eCryptfs library. Thus mounting microSD card from Raspberry Pi somewhere else does not allow to read and copy sensitive code such as the back-end could be.

Remote administration

Not necessarily required but nice-to-have feature is a remote access. This might be useful for updates, license management, applying patches, detecting the geographical location when the product is already in the field. Typical approach is configuring the VPN. But instead of building own server and taking public IP address there is an alternative in deployment 3rd party VPN services. One of the them called Tailscale we have successfully tested.