Hi,
Having mastered all the elements of the project for a while, I decided to secure the communication between the three servers (loraserver, lora-app-server and join server) in TLS.
after finishing the configuration, that indicated here loraserver-certificates, I checked all the files, directories and paths. and it seems to me correct.
- my folder “loraserver-certificates” is in"etc"
LORA SERVER ( join-server ) :
# Network-server API
# This is the network-server API that is used by LoRa App Server or other
# custom components interacting with LoRa Server.
[network_server.api]
# ip:port to bind the api server
bind="0.0.0.0:8000"
# ca certificate used by the api server (optional)
ca_cert="/etc/loraserver-certificates/certs/ca/ca.pem"
# tls certificate used by the api server (optional)
tls_cert="/etc/loraserver-certificates/certs/loraserver/api/server/loraserver-api-server.pem"
# tls key used by the api server (optional)
tls_key="/etc/loraserver-certificates/certs/loraserver/api/server/loraserver-api-server-key.pem"
LORA SERVER ( join-server ) :
# This API is provided by LoRa App Server.
server="http://localhost:8003"
# ca certificate used by the default join-server client (optional)
ca_cert="/etc/loraserver-certificates/certs/ca/ca.pem"
# tls certificate used by the default join-server client (optional)
tls_cert="/etc/loraserver-certificates/certs/lora-app-server/join-api/client/lora-app-server-join-api-
client.pem"
# tls key used by the default join-server client (optional)
tls_key="/etc/loraserver-certificates/certs/lora-app-server/join-api/client/lora-app-server-join-api-
client-key.pem"
LORA-APP-SERVER:
# Settings for the "internal api"
# This is the API used by LoRa Server to communicate with LoRa App Server
# and should not be exposed to the end-user.
[application_server.api]
# ip:port to bind the api server
bind="0.0.0.0:8001"
# ca certificate used by the api server (optional)
ca_cert="/etc/loraserver-certificates/certs/ca/ca.pem"
# tls certificate used by the api server (optional)
tls_cert="/etc/loraserver-certificates/certs/lora-app-server/api/server/lora-app-server-api-
server.pem"
# tls key used by the api server (optional)
tls_key="/etc/loraserver-certificates/certs/lora-app-server/api/server/lora-app-server-api-server-
key.pem"
LORA-APP-SERVER ( join-server ) :
[join_server]
# ip:port to bind the join-server api interface to
bind="0.0.0.0:8003"
# CA certificate (optional).
# When set, the server requires a client-certificate and will validate this
# certificate on incoming requests.
ca_cert="/etc/loraserver-certificates/certs/ca/ca.pem"
# TLS server-certificate (optional).
# Set this to enable TLS.
tls_cert="/etc/loraserver-certificates/certs/lora-app-server/join-api/server/lora-app-server-join-api-
server.pem"
# TLS server-certificate key (optional).
# Set this to enable TLS.
tls_key="/etc/loraserver-certificates/certs/lora-app-server/join-api/server/lora-app-server-join-api-
server-key.pem"
in the web interface i also check carfully that i put the right content :
so when i restart my loraserver and lora-app-server, it’s look like working :
loraserver :
I noticed that there was written :
level=info msg="integration/mqtt: TLS config is empty"
lora-app-server :
But whene i try "JOIN REQUEST in OTA " with my node, i have error with join-server :
LORA SERVER :
error :
error="join-request to join-server error: http post error: Post http://localhost:8003: net/http:
HTTP/1.x transport connection broken: malformed HTTP response
\"\\x15\\x03\\x01\\x00\\x02\\x02\\x16\""
LORA-APP-SERVER :
Apr 26 14:57:15 paclido-gat lora-app-server[1134]: time="2019-04-26T14:57:15+02:00" level=info
msg="finished unary call with code NotFound" error="rpc error: code = NotFound desc = object
does not exist" grpc.code=NotFound grpc.method=Geys grpc.service=api.DeviceService
grpc.start_time="2019-04-26T14:57:15+02:00" grpc.time_ms=18.785 peer.address="[::1]:48912"
span.kind=server system=grpc
Apr 26 15:01:11 paclido-gat lora-app-server[1134]: time="2019-04-26T15:01:11+02:00" level=info
msg="device-keys created" dev_eui=393032355f378a05
Apr 26 15:01:11 paclido-gat lora-app-server[1134]: time="2019-04-26T15:01:11+02:00" level=info
msg="finished unary call with code OK" grpc.code=OK grpc.method=CreateKeys
grpc.service=api.DeviceService grpc.start_time="2019-04-26T15:01:11+02:00"
grpc.time_ms=38.946 peer.address="[::1]:48912" span.kind=server system=grpc
Apr 26 15:02:24 paclido-gat lora-app-server[1134]: 2019/04/26 15:02:24 http: TLS handshake error
from [::1]:45600: tls: oversized record received with length 21536
Apr 26 15:05:04 paclido-gat lora-app-server[1134]: 2019/04/26 15:05:04 http: TLS handshake error
from [::1]:45654: tls: oversized record received with length 21536
important : I already read lot of topic, but i can’t find topic that find solution for my bug .