This project provides a backend hotspot web application deployed in a Docker container and a web template for the Mikrotik hotspot.
- Download the MikroTik web template files from the repository under
examples/mikrotik_redirect. - Edit the
actionattribute of the redirect form to set thehotspot.server.urlto your server’s IP address or DNS name.
To customize the template, refer to the MikroTik Hotspot Customization Documentation.
- To ensure proper backend operation, include the following required input fields:
<!-- Required inputs – do not remove -->
<input type="hidden" name="mac" value="$(mac)">
<input type="hidden" name="link-orig" value="$(link-orig)">
<input type="hidden" name="link-login-only" value="$(link-login-only)">
<!-- Required inputs – do not remove -->- These inputs are required for the
CHAPauthentication method:
<!--$(if chap-id)-->
<input type="hidden" name="chap-id" value="$(chap-id)">
<input type="hidden" name="chap-challenge" value="$(chap-challenge)">
<!--$(endif)-->- Upload the
mikrotik_redirecttemplate folder to your MikroTik files.
- Create a hotspot profile:
- Set HTML Directory to
mikrotik_redirect - Enable HTTP CHAP, MAC Cookie
- Set HTML Directory to
- Create hotspot users and profiles for employees and guests.
‼️ WARTNING‼️ Don't use HTTP PAP and HTTPS, because these methods transmit the user's password in plain text. In the future, I plan to change the authorization method, but for now, please avoid using these methods for security reasons.
- Hotspot profile, using mac-cookie and http-chap is required:
/ip hotspot profile add html-directory=flash/mikrotik_redirect login-by=mac-cookie,http-chap[,https ssl-certificate=hotspot-certificate] ...
- Employees, with required
name=employeeof the user, but you can edit the userpasswordin the backend configuration. The parametermac-cookie-timeoutcan be set as needed, default for employees is30d:
/ip hotspot user profile add name=employees add-mac-cookie=yes mac-cookie-timeout=30d ...
/ip hotspot user add name=employee password=supersecret profile=employees ...
- Guests, with required
name=guestof the user, but you can edit thepasswordin the backend configuration. The parametermac-cookie-timeoutcan be set as needed, default for guests is1d:
/ip hotspot user profile add name=guests add-mac-cookie=yes mac-cookie-timeout=1d ...
/ip hotspot user add name=guest password=secret profile=guests ...
For more detail read Mikrotik Hotspot User Documentation
docker run -d \
--name hotspot-db \
-e POSTGRES_DB=hotspot \
-e POSTGRES_USER=hotspot \
-e POSTGRES_PASSWORD=OmegaSuperSecret \
postgresThis command runs a PostgresSQL container named
hotspot-dbwith specific environment variables for database setup.
Start a hotspot backend web-interface container as follows:
docker run -d \
--name hotspot-app \
-v /path/to/config:/hotspot/config \
xpyctee/hotspot-mikrotik:latest-postgresThis command starts a hotspot backend container named
hotspot-appwith a volume mounted for configuration.
| Variable | Description | Example Value |
|---|---|---|
DEBUG |
Enables or disables debug mode. | true |
HOTSPOT_COMPANY_NAME |
The name of the company displayed in the application. | "No-name LTD" |
HOTSPOT_LANGUAGE |
Language for the application. | "en" |
HOTSPOT_DB_URL |
Database connection URL using SQLAlchemy format. | "postgresql://hotspot:[email protected]:5432/hotspot" |
HOTSPOT_ADMIN_USERNAME |
Username for the admin user. | "admin" |
HOTSPOT_ADMIN_PASSWORD |
Password for the admin user. | "admin" |
HOTSPOT_GUEST_PASSWORD |
Default password for guest users. | "secret" |
HOTSPOT_GUEST_DELAY |
Duration for guest user access. | "24h" |
HOTSPOT_EMPLOYEE_PASSWORD |
Default password for employee users. | "supersecret" |
HOTSPOT_EMPLOYEE_DELAY |
Duration for employee user access. | "30d" |
HOTSPOT_SENDER_TYPE |
Type of SMS sender (e.g., mikrotik, huawei, smsru). |
"mikrotik" |
HOTSPOT_SENDER_URL |
URL for the SMS sender API. | "https://admin:@182.168.88.1/" |
FLASK_SECRET_KEY |
Secret key for Flask application security. | "your-secret-key" |
CACHE_URL |
URL for the cache server (e.g., Memcached or Redis). | "memcached://localhost:11211" |
CACHE_SIZE |
Cache size in megabytes. | "1024" |
GUNICORN_WORKERS |
Number of Gunicorn workers for handling requests. | "4" |
GUNICORN_LOG_LEVEL |
Log level for Gunicorn (e.g., debug, info, warning). |
"info" |
GUNICORN_ADDR |
Address for Gunicorn to bind to. | "[::]" |
GUNICORN_PORT |
Port for Gunicorn to listen on. | "8080" |
Default we have some sms senders:
- Mikrotik - Send SMS use Mikrotik RESTful API (Required ROS7).
- HUAWEI Modem - Send SMS use HUAWEI Modem's API.
- sms.ru - Russian service for SMS sending.
Maybe expand in the future. Examples of APIs see in
examples/config
For example use mikrotik api configuration file saved in: config/settings.yaml:
settings:
company_name: No-name LTD
language: en
db_url: postgresql://hotspot:[email protected]:5432/hotspot # OPTIONAL. Url for connect database use SQLAlchemy URL, by default used sqlite db, file created after start in config directory
cache_url: memcached://localhost:11211 # OPTIONAL. Url for connect cache use URL, by default used in-memory cache
admin:
user:
username: admin
password: admin # Default password is admin
sender:
type: mikrotik
url: https://admin:@182.168.88.1/ # Url for REST api of mikrotik RoS Version >=7.9
hotspot_users:
guest:
password: secret # Default password for guests used in mikrotik /ip hotspot user add password=secret ...
delay: 24h # Hours. You can use suffixes such as: w, d, m, s. Without a suffix, the default is hours.
employee:
password: supersecret # Default password for employees used in mikrotik /ip hotspot user add password=supersecret ...
delay: 30d # Days. You can use suffixes such as: w, d, m, s. Without a suffix, the default is hours.This YAML configuration file provides settings for the Mikrotik API, company details, and user configurations.
This project is licensed under the MIT License.