Install Dedalo Hotspot with Icaro on local servers

What we need:

  • a nethserver for the dedalo installation
  • CentOS Server for icaro installation (CentOS 7 and CentOS 8 are possible, CentOS 7 is recommended)
  • a public domain name (could be dyndns name) which is portforwarded with 80 and 443 to your icaro server

Virtual environment
Of course you can also install all servers physical

We work with Proxmox for our installation.
Create a virtual machine. The following settings are the best virtualize in an virtual guest:

  • network: bridged (Virt IO)
  • CPU: host
  • 2 GB RAM minimum
  • 30 GB or more for HDD

Now we have to enable nested support in Proxmox like described at the following page

Installing CentOS 7

Setup network like this

  • IP: 192.168.x.x //Should be same network as your Dedalo-Nethservers red Network

  • Gateway: 192.168.x.x //Your Firewall/Router

  • DNS: 192.168.x.x //Your Firewall/Router or any public DNS

  • FQDN: MyHostname.MyDomain

Partitioning I didn’t change

After installation do an update with
yum update

As editor we also installed nano
yum install nano

Next step is to disable and stop firewall

systemctl disable firewalld

systemctl stop firewalld

you can check if it‘s disabled and stopped
systemctl status firewalld

Now we disable selinux also.
This works at the selinux config file
nano /etc/selinux/config

We have to set


and reboot the system
shutdown -r now

If system is up again we check the se status

The command should show
Selinux status disabled

Now we can install libvirt to use it for vagrant
First install Development Tools
yum group install -y "Development Tools"

after that we can install libvirt itself and some more tools for building vagrant with
yum install qemu-kvm libvirt libvirt-python libguestfs-tools virt-install libvirt-devel ruby-devel

Also we have to install python 3
yum install python3-pip

Now we do an ip_forward
echo "net.ipv4.ip_forward = 1"|sudo tee /etc/sysctl.d/99-ipforward.conf sysctl -p /etc/sysctl.d/99-ipforward.conf

So we have enable and start libvirtd now:
systemctl enable libvirtd --now
systemctl start libvirtd

next we install vagrant with the following command

yum install

check status with
vagrant --version

install vagrant libvirt plugin
vagrant plugin install vagrant-libvirt

we install ansible now with python
pip3 install ansible

Now we download the icaro files
git clone

You can do your settings for icaro with
nano ~/icaro/deploy/ansible/group_vars/all.yml

  • change hostname to your public domain name
  • set
    icaro.tls: "self-signed"
    icaro.tls: "auto"

after this step change to deploy folder
cd ~/icaro/deploy/

install icaro with vagrant with the following command
vagrant up

Note: If you restart your server you have to restart vagrant with
`vagrant reload’

If everything is working fine we can do
vagrant ssh

Last step before getting back to the CentOS machine is to get information about your network. You have to know the IP of the vagrant machine. Get it with
ip a

now exit vagrant ssh

Back at CentOS we have to set some portforwardings
First check the name of your networkinterface which is connected to your Router/firewall with
ìp a

At the next step we have to flush iptables and do some port forwardings from CentOS to vagrant
Replace “CentOSNetworkcard” with your interface, for example ens33 or eth0 and “VagrantIP” with your one, for example

# Flush iptables
iptables -F

# Local port redirection for HTTP/HTTPS
iptables -t nat -I OUTPUT -p tcp -d --dport 80 -j REDIRECT --to-ports 8081
iptables -t nat -I OUTPUT -p tcp -d --dport 443 -j REDIRECT --to-ports 8080

# Port forwarding for the network for HTTP/HTTPS
iptables -A PREROUTING -t nat -i CentOSNetworkcard -p tcp --dport 80 -j DNAT --to VagrantIP:80
iptables -A PREROUTING -t nat -i CentOSNetworkcard -p tcp --dport 443 -j DNAT --to VagrantIP:443

Now we have to reload vagrant
vagrant reload

Now you can try to login to icaro. Open a webbrowser and go to to the https site of your public domain.


First login you have to do with

  • user:admin
  • password:admin

Create a new manager as a reseller and login with this new created user. Now you can create a new hotspot.

Installing and configuring Nethserver with Dedalo

  • Install a Nethserver
  • Give three network interfaces to it, maybe virtual ones in proxmox.
  • Install all updates at the softwarecenter or with yum update
  • Install Dedalo from softwarecenter

Network settings

  • a red interface as wan interface connected to your router/firewall
  • a green interface as LAN interface, could be a fake interface
  • a 3rd interface not configured (this is done by dedalo)

Configuring Dedalo

  • At the cockpit interface (Dedalo is only available at cockpit) go to applications and choose settings of Hotspot Manager
  • hostname - YourPublicDomain (without any http(s))
  • user - YourReseller
  • password - YourResellersPassword

After connecting you can set the hotspot and a DHCP range. Don’t use the full range, for example

After that in icaro you can see a unit, your dedalo device.
You can now change some things at icaro, for example how people can login.

Some additional infos you can get at

and here

Thanks to @mrmarkuz for a lot of help.


Now that we have a nethserver-docker, maybe we could build a container to ease the deployment of that module ?

But I don’t know how to install icaro without the vagrant image. I hope @Amygos or @edoardo_spadoni can answer this question.

Hi @m.traeumner you don’t need necessary to use Vagrant. Vagrant only helps you to automatically create the remote instance, setup the Ansible’s inventory, and launch it with the correct configuration.

But you can always use the Ansible roles against an already created Centos7 host.

Here an example with a real host that I have just created (

First go in the deploy directory and create the inventory file, inventory:


Then modify the Ansible’s playbook file ansible/playbook.yml:

- hosts: all
    - role: icaro
    - role: wax
    - role: sun
    - role: ade
    - role: icarodb
        - db
    - name: Reboot the Icaro instance

This is the configuration that I used (remember to change it according to your case),

  url: ""
  version: "autobuild"
  hostname: ""
  tls: "self_signed"
  db_root_password: "YourMariaDBPassWordHere"
  sun_api_origin: ""
  wax_origin: ""
  ade_api_origin: ""
    title: "Icaro Hotspot Manager"
    company_name: "Icaro, Inc."
    help_url: ""
    title: "Icaro Hotspot Manager"
    db_hostname: "localhost"
    db_username: "sun-api"
    db_password: "Sun-ApiMariaDBPassWordHere"
    captive_portal_title: "Icaro"
    captive_portal_subtitle: "The Open Source Hotspot"
    captive_portal_description: "Free as in freedom"
    captive_portal_redirect: ""
    captive_portal_background: "#2a87be"
    captive_portal_logo: ""
    captive_portal_banner: ""
    captive_portal_bg_image: ""
    captive_portal_container_bg_color: "#ffffffff"
    captive_portal_title_color: "#4A4A4A"
    captive_portal_text_color: "#4A4A4A"
    captive_portal_text_style: "Roboto"
    email_from: ""
    email_smtp_host: "EmailSMTPHost"
    email_smtp_port: "25"
    email_smtp_user: "EmailSMTPUser"
    email_smtp_password: "EmailSMTPPassword"
    db_hostname: "localhost"
    db_username: "wax"
    db_password: "WaxMariaDBPassWordHere"
    facebook_client_id: "FacebookClientID"
    facebook_client_secret: "FacebookClientSecret"
    linkedin_client_id: "LinkedInClientID"
    linkedin_client_secret: "LinkedInClientSecret"
    instagram_client_id: "InstagramClientID"
    instagram_client_secret: "InstagramClientSecret"
    twilio_account_sid: "TwilioAccountSID"
    twilio_auth_token: "TwilioAuthToken"
    twilio_service_sid: "TwilioServiceSID"
    sms_send_quota_alert: false
    email_from: ""
    email_smtp_host: "EmailSMTPHost"
    email_smtp_port: "25"
    email_smtp_user: "EmailSMTPUser"
    email_smtp_password: "EmailSMTPPassword"
    db_hostname: "localhost"
    db_username: "ape-api"
    db_password: "AdeApiMariaDBPassWordHere"
    email_from: ""
    email_from_name: "Icaro Hotspot Manager"
    email_smtp_host: "EmailSMTPHost"
    email_smtp_port: "25"
    email_smtp_user: "EmailSMTPUser"
    email_smtp_password: "EmailSMTPPassword"
    db_hostname: "localhost"
    db_username: "ade-task"
    db_password: "AdeTasksMariaDBPassWordHere"
    email_from: ""
    email_smtp_host: "EmailSMTPHost"
    email_smtp_port: "25"
    email_smtp_user: "EmailSMTPUser"
    email_smtp_password: "EmailSMTPPassword"
    twilio_account_sid: "TwilioAccountSID"
    twilio_auth_token: "TwilioAuthToken"
    twilio_service_sid: "TwilioServiceSID"

Than you can run the Ansible playbook with:

ansible-playbook -i inventory ansible/playbook.yml

At the and you will obatin an Icaro Installation.
If you have to rerun the playbook, the database role must be skipped:

ansible-playbook -i inventory ansible/playbook.yml  --skip-tags db

Thanks for your description I will try to install.
If I get it running, would you try to build a container?

Great ! Sure ! Shoot !