Mandatory TLS Issue

I place the application server behind Nginx, so the user<->server TLS termination is being done by Nginx, and I don’t need an additional layer of encryption between the application server and Nginx on the same host.

I get a fatal error “tls cert and tls key must be set for the external api” when trying to start the application server without a certificate.

I suggest to document that it is not recommended to use the service by its own without TLS, and remove that limitation.

Thank you.

Please see the documentation: Configuration - ChirpStack open-source LoRaWAN<sup>®</sup> Network Server

The web-interface and public api ([application_server.public_api]) must be secured by a TLS certificate and key, as this allows to run the gRPC and RESTful JSON api together on one port.

FYI: There is currently an open pull-request to make this optional: Add support for h2c on client API by tsvehagen · Pull Request #235 · brocaar/chirpstack-application-server · GitHub. I’m waiting with merging this in until https://go-review.googlesource.com/c/net/+/112997 has been merged.

1 Like