# ![Spothole](/webassets/img/logo.png) Spothole is a utility to aggregate "spots" from amateur radio DX clusters and xOTA spotting sites, and provide an open JSON API as well as a website to browse the data. ![Screenshot](/images/screenshot.png) While there are several other web-based interfaces to DX clusters, and sites that aggregate spots from various outdoor activity programmes for amateur radio, Spothole differentiates itself by supporting a large number of data sources, and by being "API first" rather than just providing a web front-end. This allows other software to be built on top of it. The API is deliberately well-defined with an OpenAPI specification and auto-generated API documentation. The API delivers spots in a consistent format regardless of the data source, freeing developers from needing to know how each individual data source presents its data. Spothole itself is also open source, Public Domain licenced code that anyone can take and modify. Supported data sources include DX Clusters, the Reverse Beacon Network (RBN), the APRS Internet Service (APRS-IS), POTA, SOTA, WWFF, GMA, WWBOTA, HEMA, and Parks 'n' Peaks. ![Screenshot](/images/screenshot2.png) ![Screenshot](/images/screenshot3.png) ### Accessing the public version You can access the public version's web interface at [https://spothole.app](https://spothole.app), and see [https://spothole.app/apidocs](https://spothole.app/apidocs) for the API details. ### Running your own copy To download and set up Spothole on a Debian server, run the following commands. Other operating systems will likely be similar. ```bash git clone ssh://git@git.ianrenton.com/ian/spothole.git cd spothole python3 -m venv ./.venv source .venv/bin/activate pip install -r requirements.txt deactivate cp config-example.yml config.yml ``` Then edit `config.yml` in your text editor of choice to set up the software as you like it. `config.yml` has some entries for QRZ.com username & password, and Clublog API keys. If provided, these allow Spothole to retrieve more information about DX spots, such as the country their callsign corresponds to. The software will work just fine without them, but you may find a few country flags etc. are less accurate or missing. Clublog API keys are free, but you'll need to get your own by submitting a helpdesk ticket and explaining what you'll use it for. The admin team are happy with the rate of requests made by my Spothole server, so unless you change the source code of yours to radically increase the rate of querying Clublog, I'm sure they will be fine with your server too. Free QRZ.com accounts offer only limited access to the site's data via their API. You'll have to sign up for one of their "XML Data Subscriber" plans to gain access to the full data, but if you're on a free account then the software will get what information it can. Once you're happy with the content of `config.yml`, you can proceed to running the software. To run the software this time and any future times you want to run it directly from the command line: ```bash source .venv/bin/activate python3 spothole.py ``` The software can take a few seconds to start up, mostly because it is downloading an updated file to match callsigns to countries. This is normal, don't panic! If you see some errors on startup, check your configuration, e.g. in case you have specified a port for the web server that is already in use by something else. ### systemd configuration Create a file at `/etc/systemd/system/spothole.service`. Give it the following content, adjusting for the user you want to run it as and the directory in which you have installed it: ``` [Unit] Description=Spothole After=syslog.target network.target [Service] Type=simple User=spothole WorkingDirectory=/home/spothole/spothole ExecStart=/home/spothole/spothole/.venv/bin/python /home/spothole/spothole/spothole.py --serve-in-foreground Restart=on-abort [Install] WantedBy=multi-user.target ``` Run the following: ```bash sudo systemctl daemon-reload sudo systemctl enable spothole sudo systemctl start spothole ``` Check the service has started up correctly with `sudo journalctl -u spothole -f`. ### nginx Reverse Proxy configuration It's best not to serve Spothole directly on port 80, as that requires root privileges and prevents us using HTTPS, amongst other reasons. To set up nginx as a reverse proxy that sits in front of Spothole, first ensure it's installed e.g. `sudo apt install nginx`, and enabled e.g. `sudo systemd enable nginx`. Create a file at `/etc/nginx/sites-available/` called `spothole`. Give it the following contents, replacing `spothole.app` with the domain name on which you want to run Spothole. If you changed the port on which Spothole runs, update that on the "proxy_pass" line too. ```nginx map $request_uri $xssorigin { ~^/api *; } server { server_name spothole.app; # Wellknown area for Lets Encrypt location /.well-known/ { alias /var/www/html/.well-known/; } location / { add_header Access-Control-Allow-Origin $xssorigin; proxy_pass http://127.0.0.1:8080; } } ``` One further change you might want to make to the file above is the `add_header Access-Control-Allow-Origin` statement. This is what's used on my own Spothole server to make sure that other third-party web-based software can get the data from my instance, and applies to any endpoint underneath `/api`. If you want *your* Spothole instance to be set up the same way, so that others can write software in JavaScript that can access it, leave this intact. But if you want your Spothole instance to only be usable by scripts running on the web server you write, you can remove this block. (Note that this doesn't stop other people writing *non-web-based* software that accesses your Spothole API—the enforcement of cross-origin headers only happens within the user's browser. If you need to lock your instance down so that no-one else can access it with *any* software, that's an aspect of nginx config that you will need to find help with elsewhere.) Now, make a symbolic link to enable the site: ```bash cd /etc/nginx/sites-enabled sudo ln -sf ../sites-available/spothole ``` Test that your nginx config isn't broken using `nginx -t`. If it works, restart nginx with `sudo systemctl restart nginx`. If you haven't already done so, set up a DNS entry to make sure requests for your domain name end up at the server that's running Spothole. You should now be able to access the web interface by going to the domain from your browser. Once that's working, [install certbot](https://certbot.eff.org/instructions?ws=nginx&os=snap) onto your server. Run it as root, and when prompted pick your domain name from the list. After a few seconds, it should successfully provision a certificate and modify your nginx config files automatically. You should then be able to access the site via HTTPS. ### Writing your own client Various approaches exist to writing your own client, but in general: * Refer to the API docs. These are built on an OpenAPI definition file (`/webassets/apidocs/openapi.yml`), which you can automatically use to generate a client skeleton using various software. * Call the main "spots" API to get the data you want. Apply filters if necessary. * Call the "options" API to get an idea of which bands, modes etc. the server knows about. You might want to do that first before calling the spots API. * Refer to the provided HTML/JS interface for a reference * Let me know if you get stuck, I'm happy to help! ### Structure of the source code To navigate your way around the source code, this list may help. *Python back-end code* * `/core` - Core classes and scripts * `/data` - Data storage classes * `/spotproviders` - Classes providing spots by accessing the APIs of other services * `/alertproviders` - Classes providing alerts by accessing the APIs of other services * `/server` - Classes for running Spothole's own web server *Templates* * `/views` - Templates used for constructing Spothole's user-targeted HTML pages *HTML/JS/CSS front-end code* * `/webassets` - Root for static files served by the web server * `/webassets/apidocs` - Contains the OpenAPI spec (`openapi.yml`) * `/webassets/css` - CSS files used by the web front-end * `/webassets/fa` - a copy of the FontAwesome library * `/webassets/img` - image files used by the web front-end * `/webassets/js` - JavaScript used by the web front-end *Miscellaneous* * `/` - Main script (`spothole.py`), pip `requirements.txt`, config, README, etc. * `/images` - Image sources * `/cache` - Directory where static-ish data downloaded from the internet is cached to avoid rapid re-requests, and where spot/alert data is cached so that it survives a software restart. Created on first run. ### Extending the server Spothole is designed to be easily extensible. If you want to write your own provider, simply add a module to the `providers` package containing your class. (Currently, in order to be loaded correctly, the module (file) name should be the same as the class name, but lower case.) Your class should extend "Provider"; if it operates by polling an HTTP Server on a timer, it can instead extend "HTTPProvider" where some of the work is done for you. The class will need to implement a constructor that takes in the `provider_config` and provides it to the superclass constructor, while also taking any other config parameters it needs. If you're extending the base `Provider` class, you will need to implement `start()` and `stop()` methods that start and stop a separate thread which handles the provider's processing needs. The thread should call `submit()` or `submit_batch()` when it has one or more spots to report. If you're extending the `HTTPProvider` class, you will need to provide a URI to query and an interval to the superclass constructor. You'll then need to implement the `http_response_to_spots()` method which is called when new data is retrieved. Your implementation should then call `submit()` or `submit_batch()` when it has one or more spots to report. When constructing spots, use the comments in the Spot class and the existing implementations as an example. All parameters are optional, but you will at least want to provide a `time` (which must be timezone-aware) and a `dx_call`. Finally, simply add the appropriate config to the `providers` section of `config.yml`, and your provider should be instantiated on startup. ### Thanks As well as being my work, I have also gratefully received feature patches from Steven, M1SDH. The project contains a self-hosted copy of Font Awesome's free library, in the `/webasset/fa/` directory. This is subject to Font Awesome's licence and is not covered by the overall licence declared in the `LICENSE` file. This approach was taken in preference to using their hosted kits due to the popularity of this project exceeding the page view limit for their free hosted offering. The software uses a number of Python libraries as listed in `requirements.txt`, and a number of JavaScript libraries such as jQuery and moment.js. This project would not have been possible without these libraries, so many thanks to their developers. The project's name was suggested by Harm, DK4HAA. Thanks!