Install Omada Software Controller 5.0.30 on Enterprise Linux 8

These instructions are expected to apply to for all Red Hat Enterprise Linux 8 variants like AlmaLinux, Rocky Linux or Oracle Linux.

VERSION=5.0.30
cd /tmp
curl https://static.tp-link.com/upload/software/2022/202201/20220120/Omada_SDN_Controller_v${VERSION}_linux_x64.tar.gz -o Omada_SDN_Controller_v${VERSION}_Linux_x64.tar.gz
tar xf Omada_SDN_Controller_v${VERSION}_Linux_x64.tar.gz

# Install Omada prerequisites with Java 11
dnf -y install https://download.opensuse.org/repositories/systemsmanagement:/Uyuni:/Master:/Other:/EL/AlmaLinux_8/x86_64/apache-commons-daemon-jsvc.rpm
dnf -y install curl  java-11

# Patch Java 11 for faulty jsvc. REPEAT for every Java update. Maybe create a cron/monitoring job.
ln -s /usr/lib/jvm/java-11-openjdk-11.0.14.0.9-2.el8_5.x86_64/lib /usr/lib/jvm/java-11-openjdk-11.0.14.0.9-2.el8_5.x86_64/lib/amd64

## Mongodb 4.X
# Add Mongo Repo
dnf -y config-manager --add-repo https://repo.mongodb.org/yum/redhat/8/mongodb-org/4.4/x86_64/
rpm --import https://www.mongodb.org/static/pgp/server-4.4.asc
dnf -y install mongodb-org-server

# Don't run as root:
OMADA_USER=omada
adduser $OMADA_USER
cd Omada_SDN_Controller_v${VERSION}_linux_x64
./install.sh -y
/usr/bin/tpeap stop
chown $OMADA_USER:$OMADA_USER  -R /opt/tplink/
#Change default user by adding this line near the top of /usr/bin/tpeap
sed -i '0,/^OMADA_HOME.*/s/^OMADA_HOME.*/OMADA_USER=omada\n&/' /usr/bin/tpeap
sed -i '0,/^OMADA_HOME.*/s/^OMADA_HOME.*/OMADA_USER=omada\n&/' /opt/tplink/EAPController/bin/control.sh
systemctl daemon-reload


# Now open your firewall ports
firewall-cmd --zone=public --add-port=8088/tcp --permanent # http connection
firewall-cmd --zone=public --add-port=8043/tcp --permanent # https connection
firewall-cmd --zone=public --add-port=29810/udp --permanent # EAP Discovery
firewall-cmd --zone=public --add-port=29811/tcp --permanent # EAP Management
firewall-cmd --zone=public --add-port=29812/tcp --permanent # EAP Adoption
firewall-cmd --zone=public --add-port=29813/tcp --permanent # EAP Upgrades and initialisation check
firewall-cmd --reload

# Setting up an Apache webserver virtual host as proxy (optional)
# This part will not go into the full details of configuring an Apache webserver. Only the virtual host config is listed here. Replace <servername> with your domain and <omada server> with your omada server (IP or name):
<VirtualHost *:443>
    ServerName <servername>
    SSLEngine on
    SSLCertificateFile /etc/letsencrypt/live/<servername>/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/<servername>/privkey.pem
    SSLCertificateChainFile /etc/letsencrypt/live/<servername>/chain.pem
    SSLProxyEngine On
    SSLProxyCheckPeerCN off
    SSLProxyCheckPeerExpire off
    SSLProxyCheckPeerName off
    ProxyPreserveHost on
    ProxyPass / https://<omada server>:8043/
    ProxyPassReverse / https://<omada server>:8043/
    RequestHeader set Host "<omada server>:8043"
    CustomLog logs/<servername>-access_log combined env=!client_is_me
</VirtualHost>