Custom Ip for NS and AS

Oleg_Somov · October 4, 2017, 3:15am

Hello everybody,

I totally give up. I’m trying to understand that, but I can’t.

So the situation. I’ve installed LoRa App server and LoRa Server. After configuring(2 hours:grinning:) I’ve got it working, and was able to go to the page http://127.0.0.1:8080 and saw a login menu. Then, I decided to change ‘localhost’ IP to custom ip, 172.28.2.2. This is IP of my server where NS and AS are installed.

After setting up the IP of servers I get next message in lora-app-server logs:

Oct 03 22:56:07 loraserver lora-app-server[8464]: time=“2017-10-03T22:56:07-04:00” level=info msg=“grpc: addrConn.resetTransport failed to create client transport: connection error: desc = “transport: Error while dialing dial tcp 127.0.0.1:8080: getsockopt: connection refused”; Reconnecting to {localhost:8080 }”

When I’m trying go to https://127.28.2.2:8080 i got interface, but I see two red field

Error grpc: the connection is unavailable (code: 14)

In loraserver logs everything clear.

So here is lora-app-server and loraserver configs.(if It’d be better to do it as attachment, please tell me).
LORASERVER

# network identifier (NetID, 3 bytes) encoded as HEX (e.g. 010203)
NET_ID=BD8817

# ism band configuration to use (options: AU_915_928, CN_470_510, EU_863_870, US_902_928)
BAND=US_902_928

# ca certificate used by the api server (optional)
CA_CERT=

# tls certificate used by the api server (optional)
TLS_CERT=

# tls key used by the api server (optional)
TLS_KEY=

# ip:port to bind the api server (default: "0.0.0.0:8000")
BIND=172.28.2.2:8000

# redis url (e.g. redis://user:password@hostname:port/0) (default: "redis://localhost:6379")
REDIS_URL=redis://localhost:6379

# postgresql dsn (e.g.: postgres://user:password@hostname/database?sslmode=disable)
POSTGRES_DSN=postgres://loraserver_ns:password@localhost/loraserver_ns?sslmode=disable

# automatically apply database migrations
DB_AUTOMIGRATE=true

# mqtt broker server used by the gateway backend (e.g. scheme://host:port where scheme is tcp, ssl or ws) (default: "tcp://localhost:1883")
GW_MQTT_SERVER=tcp://localhost:1883

# mqtt username used by the gateway backend (optional)
GW_MQTT_USERNAME=

# mqtt password used by the gateway backend (optional)
GW_MQTT_PASSWORD=

# hostname:port of the application-server api server (optional) (default: "127.0.0.1:8001")
AS_SERVER=172.28.2.2:8001

# ca certificate used by the application-server client (optional)
AS_CA_CERT=

# tls certificate used by the application-server client (optional)
AS_TLS_CERT=
    
# tls key used by the application-server client (optional)
AS_TLS_KEY=

# hostname:port of the network-controller api server (optional)
NC_SERVER=

# ca certificate used by the network-controller client (optional)
NC_CA_CERT=
    
# tls certificate used by the network-controller client (optional)
NC_TLS_CERT=

# tls key used by the network-controller client (optional)
NC_TLS_KEY=

# time to wait for uplink de-duplication (default: 200ms)
DEDUPLICATION_DELAY=200ms

# delay between uplink delivery to the app server and getting the downlink data from the app server (if any) (default: 100ms)
GET_DOWNLINK_DATA_DELAY=100ms

# timezone to use when aggregating data (e.g. 'Europe/Amsterdam') (optional, by default the local timezone is used)
# TIMEZONE=Europe/Amsterdam

# create non-existing gateways on receiving of stats
GW_CREATE_ON_STATS=true

# aggregation intervals to use for aggregating the gateway stats (valid options: second, minute, hour, day, week, month, quarter, year)
GW_STATS_AGGREGATION_INTERVALS=minute,hour,day

# extra frequencies to use for ISM bands that implement the CFList
# EXTRA_FREQUENCIES=867100000,867300000,867500000,867700000

# enable only a given sub-set of channels (e.g. '0-7,64')
# ENABLE_UPLINK_CHANNELS=0-7,64

# the ttl after which a node-session expires after no activity (default 31 days)
NODE_SESSION_TTL=744h0m0s

# log uplink and downlink frames to the database
LOG_NODE_FRAMES=true

# ca certificate used by the gateway api server (optional)
GW_SERVER_CA_CERT=

# tls certificate used by the gateway api server (optional)
GW_SERVER_TLS_CERT=

# tls key used by the gateway api server (optional)
GW_SERVER_TLS_KEY=

# JWT secret used by the gateway api server for gateway authentication / authorization
# You could generate this by executing 'openssl rand -base64 32' for example
GW_SERVER_JWT_SECRET=somethingsecret

# ip:port to bind the gateway api server (default: "0.0.0.0:8002")
GW_SERVER_BIND=0.0.0.0:8002

LORA-APP-SERVER

# postgresql dsn (e.g.: postgres://user:password@hostname/database?sslmode=disable) (default:     
"postgres://localhost/loraserver?sslmode=disable")
POSTGRES_DSN=postgres://loraserver_as:password@localhost/loraserver_as?sslmode=disable

# automatically apply database migrations
DB_AUTOMIGRATE=true

# redis url (e.g. redis://user:password@hostname/0) (default: "redis://localhost:6379")
REDIS_URL=redis://localhost:6379

# mqtt server (e.g. scheme://host:port where scheme is tcp, ssl or ws) (default: "tcp://localhost:1883")
MQTT_SERVER=tcp://localhost:1883

# mqtt server username (optional)
MQTT_USERNAME=

# mqtt server password (optional)
MQTT_PASSWORD=

# ca certificate used by the api server (optional)
CA_CERT=

# tls certificate used by the api server (optional)
TLS_CERT=

# tls key used by the api server (optional)
TLS_KEY=

# ip:port to bind the api server (default: "0.0.0.0:8001")
BIND=172.28.2.2:8001

# ip:port to bind the (user facing) http server to (web-interface and REST / gRPC api) (default: "0.0.0.0:8080")
HTTP_BIND=172.28.2.2:8080

# http server TLS certificate
HTTP_TLS_CERT=/etc/lora-app-server/certs/http.pem

# http server TLS key
HTTP_TLS_KEY=/etc/lora-app-server/certs/http-key.pem

# JWT secret used for api authentication / authorization
# You could generate this by executing 'openssl rand -base64 32' for example
JWT_SECRET=somethingsecret

# hostname:port of the network-server api server (default: "127.0.0.1:8000")
NS_SERVER=172.28.2.2:8000

# ca certificate used by the network-server client (optional)
NS_CA_CERT=

# tls certificate used by the network-server client (optional)
NS_TLS_CERT=

# tls key used by the network-server client (optional)
NS_TLS_KEY=

# the number of iterations used to generate the password hash
PW_HASH_ITERATIONS=100000

# debug=5, info=4, warning=3, error=2, fatal=1, panic=0
LOG_LEVEL=4

# enable sending gateway pings
# GW_PING=true

# the interval used for each gateway to send a ping (default: 24h0m0s)
# GW_PING_INTERVAL=24h0m0s

# the frequency used for transmitting the gateway ping (in Hz)
# GW_PING_FREQUENCY=868100000

# the data-rate to use for transmitting the gateway ping
# GW_PING_DR=5

Thank you, I appreciate any response and any help,
Oleg Somov

glederer007 · October 4, 2017, 11:04am

Hello Oleg,

It may be a dumb question, but why do you need to change the IP address from localhost to a specific IP, if both loraserver and lora-app-server are running on the same machine?

Oleg_Somov · October 4, 2017, 12:22pm

Hello gledere007,

Good question actually) couple reasons

I need access to AS FROM web, like those pages that you see on internet, not only on local machine.
In near future I want to configure NS and AS WORK on different IP. I have a server with 8 NIC, so let’s say AS will be running under NIC1 with ip 172.28.5.2 and NS under NIC2 with IP 172.28.7.2.
Next logical question could be " why do you need to different networks for AS and NS?" That’s a security reason.

Thank you. Any suggestions?

brocaar · October 4, 2017, 12:53pm

Actually, this might be a bug.

The REST interface of LoRa App Server uses the gRPC server internally (https://github.com/grpc-ecosystem/grpc-gateway). As you decided to bind the REST / gRPC interface only to a specific IP, this gRPC gateway should use that IP also for setting up the connection internally. However, I think it keeps using localhost (hence the connection error to localhost:8080).

glederer007 · October 4, 2017, 1:01pm

Hello Oleg,

Sorry, but I still on’t understand. I have a cloud server (a VM machine from arubacloud) running loraserver/lora-app-server/mosquitto/redis (and mysql/apache) and a php based service to move MQTT data into mysql to visulaize data. I didn’t change the address binding of the user interface from 0.0.0.0 to the outside IP address in the loraserver and lora-app-server setup. But it is still accesible from outside (not only what is on apache but also the admin page of loraserver). I am no Linux nor IP expert, but to my best knowledge, if you use 0.0.0.0 then it means “listen on every available network interface”, so if you leave 0.0.0.0 in the HTTP_BIND parameter then your server should be accesible from outside.

Regards,

Oleg_Somov · October 4, 2017, 1:06pm

Hey brocaar,

I’m newbie right now, especially about gRPC(as I know it’s like a “tool” to communicate between parts of architecture). Want to clarify. I have the gateways and sensors, but I didn’t connect them yet. First step I want to do is to run lora-app-server and loraserver and make sure it’s working.
So, is there a way to bind different IP’s to AS and NS? To be clear, AS and NS will have different IP’s from different networks and associated with different NICs on my server.

Thank you.

Oleg_Somov · October 4, 2017, 1:11pm

This part of NIC, I mentioned, is important) I think if I’ll bind lora-app-server listening on the 0.0.0.0, it’ll be listening also NS IP connections, but for security reasons i want them to be separated between two NICs with different IP.
But I’ll try today after work, maybe your suggestion will do the trick(but anyway I still think that NS will be accessible from the outside)

EDIT: if you’re using cloud server, it might have a Public IP, so you can access your server from anywhere. In my case my servers located under 3 layers of local network, and I have couple of other HTTP servers running in network, and they’re visible from the outside, therefore I can’t leave IP as localhost, because I will access to it only from the local network where it located.

Thank you for your response!

brocaar · October 4, 2017, 2:04pm

Note that this is only for the HTTP interface bind, as it expects to be able to connect to localhost:8080. When binding to a specific IP a.b.c.d:8080, LoRa App Server can’t connect to localhost:8080 anymore (or at least not in your case, I need to try this myself). This is the (possible) bug part.

For other API interfaces, I’m not sure if you need to be worries. When binding to localhost:PORT, it will make the service only accessible from within your machine. As each service (LoRa Server, LoRa App Server) is using different ports, there is no conflict.

Oleg_Somov · October 4, 2017, 3:53pm

Thank you for the fast response! So what would you recommend to me? Do not separate NS and AS and make AS listen on 0.0.0.0:8080?(I think just a standard configuration)
Or maybe you know other way to make what I’m trying to make?

Best regards

brocaar · October 5, 2017, 8:02am

Yes, that should work.

anais · February 25, 2019, 9:18am

So it’s not possible to separate NS ans AS on different machines ??

brocaar · February 25, 2019, 9:54am

Yes, this is possible. Please see for example the https://github.com/brocaar/loraserver-docker configuration where the LoRa App Server and LoRa Server have different hostnames (assigned by Compose).