Gateway v1.0 (docker image): webthings.io stunnel SSL error

asoundmove · December 23, 2020, 2:55am

I have moved my install from a deb install o to a docker (stock image).
Now the stunnel sub domain yields an SSL error.

With firefox on ubuntu 18.04, I get:

Secure Connection Failed

An error occurred during a connection to <subdomain>.webthings.io. Peer received a valid certificate, but access was denied.

Error code: SSL_ERROR_ACCESS_DENIED_ALERT

    The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
    Please contact the web site owners to inform them of this problem.

I grep’d pagekite in the run log, it does not show.
I run my docker image with the host network command line option.
My image is able to connect to an other IP on the same subnet as the docker host.
I am new to docker, so I am not sure how I can verify if I can ping outside my LAN, however I was able to log on, but I am unsure now whether that was a local log-on or a webthing sub-domain log-on.

mrstegeman · December 26, 2020, 7:45pm

Did you share in your old config files and such to the container?

asoundmove · December 27, 2020, 11:35am

Partially.

In my local folder I placed the old “addons” and the old “config/db.sqlite3”, nothing else.

docker run \
      -d \
      -e TZ=<my TZ> \
      -v /home/pi/docker-local-files/webthings-gateway:/home/node/.webthings \
      --network="host" \
      --log-opt max-size=1m \
      --log-opt max-file=10 \
      --name webthings-gateway \
      webthingsio/gateway:latest

mrstegeman · December 28, 2020, 7:14pm

Any errors being thrown by the gateway on startup?

asoundmove · December 29, 2020, 1:05am

The log today, less my incorrect extension checksum and a bunch of errors related to my extensions (a “request” python module not available in the docker) and the gateway failing to get my webthings properties (yet working fine) - anyway all of those filtered out, the log left for today’s run after a docker restart is this:

fgrep -v "xtension: " log/run-app.log | fgrep -v "xtension died" | fgrep -v "Failed to get property"
2020-12-29 00:14:57.322 INFO   : Opening database: /home/node/.webthings/log/logs.sqlite3
2020-12-29 00:14:57.734 INFO   : HTTP server listening on port 8080
2020-12-29 00:14:57.807 DEBUG  : Ignoring https://raw.githubusercontent.com/WebThingsIO/gateway-addon-ipc-schema/master/schema.json because it has no messageType
2020-12-29 00:14:58.475 DEBUG  : Ignoring https://raw.githubusercontent.com/WebThingsIO/gateway-addon-ipc-schema/master/messages/definitions.json because it has no messageType
2020-12-29 00:14:59.977 INFO   : Loading add-on: ListMenuExtension
2020-12-29 00:14:59.981 INFO   : Loading add-on: test-UI-extension
2020-12-29 00:14:59.983 INFO   : Loading add-on: thing-url-adapter
2020-12-29 00:15:01.067 INFO   : thing-url-adapter: Opening database: /home/node/.webthings/config/db.sqlite3
2020-12-29 00:15:01.095 INFO   : thing-url-adapter: Ignoring https://raw.githubusercontent.com/WebThingsIO/gateway-addon-ipc-schema/master/schema.json because it has no messageType
2020-12-29 00:15:01.815 INFO   : thing-url-adapter: Ignoring https://raw.githubusercontent.com/WebThingsIO/gateway-addon-ipc-schema/master/messages/definitions.json because it has no messageType
2020-12-29 00:15:03.193 INFO   : thing-url-adapter: Loading add-on thing-url-adapter from /home/node/.webthings/addons/thing-url-adapter
2020-12-29 00:15:09.698 INFO   : Checking for add-on updates...
2020-12-29 00:15:10.458 INFO   : Finished updating add-ons
2020-12-29 00:15:11.240 INFO   : thing-url-adapter: Starting mDNS discovery

Nothing above about the tunnel.

Looking back over the past week or so, there a few interesting entries. But at best i still have the error I first reported in this thread. No attempt to connect leaves a trace in the gateway log (obviously, the connection does not happen).

fgrep -i "tunnel" log/run-app.log*
log/run-app.log.2020-12-23:2020-12-23 01:26:49.748 INFO   : Tunnel domain found. Tunnel name is: <my domain> and tunnel domain is: webthings.io
log/run-app.log.2020-12-23:2020-12-23 01:26:49.751 INFO   : Tunnel name is set to: https://<my domain>.webthings.io
log/run-app.log.2020-12-23:2020-12-23 01:27:30.345 INFO   : Tunnel domain found. Tunnel name is: <my domain> and tunnel domain is: webthings.io
log/run-app.log.2020-12-23:2020-12-23 01:27:30.356 INFO   : Tunnel name is set to: https://<my domain>.webthings.io
log/run-app.log.2020-12-23:2020-12-23 01:28:11.732 INFO   : Tunnel domain found. Tunnel name is: <my domain> and tunnel domain is: webthings.io
log/run-app.log.2020-12-23:2020-12-23 01:28:11.734 INFO   : Tunnel name is set to: https://<my domain>.webthings.io
log/run-app.log.2020-12-23:2020-12-23 01:31:27.806 INFO   : Tunnel domain found. Tunnel name is: <my domain> and tunnel domain is: webthings.io
log/run-app.log.2020-12-23:2020-12-23 01:31:27.810 INFO   : Tunnel name is set to: https://<my domain>.webthings.io
log/run-app.log.2020-12-24:2020-12-24 02:16:31.263 INFO   : Tunnel domain found. Tunnel name is: <my domain> and tunnel domain is: webthings.io
log/run-app.log.2020-12-24:2020-12-24 02:16:31.268 INFO   : Tunnel name is set to: https://<my domain>.webthings.io

Above, I may have completely removed and re-instanciated the docker image several times. Last time I removed the docker container was:

2020/12/23 01:26:12  docker container rm webthings-gateway

12 seconds later I started it with a docker run.
I only restarted it with a docker restart for the purpose of this reply, today. No other time since the above.

I’ve also just understood how to ping from the inside, so i know the network works:

docker exec -it webthings-gateway ping webthings.io
PING webthings.io (185.199.108.153) 56(84) bytes of data.
64 bytes from 185.199.108.153 (185.199.108.153): icmp_seq=1 ttl=58 time=17.1 ms
64 bytes from 185.199.108.153 (185.199.108.153): icmp_seq=2 ttl=58 time=16.0 ms
64 bytes from 185.199.108.153 (185.199.108.153): icmp_seq=3 ttl=58 time=14.8 ms
^C
--- webthings.io ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 5ms
rtt min/avg/max/mdev = 14.820/15.968/17.076/0.932 ms

asoundmove · December 30, 2020, 1:43am

I have now found out that if (in my local browsing session to my gateway, via LAN IP) I go to the settings page, domain, every time I click on the unticked tick box for “local”, it reports Error: 500 immediately below the <local domain>.local field.

The following messages appear in the run-log when I access the domain settings page:

INFO   : Tunnel domain found. Tunnel name is: <my domain> and tunnel domain is: webthings.io
INFO   : Tunnel name is set to: https://<my domain>.webthings.io

It happens whether I enable or disable my offending extensions (and restarting the docker with the restart command).

asoundmove · January 3, 2021, 2:15am

I have now corrected the bugs with my extensions (SHA sums, python module loading), but the tunnel problem persists.

I had not copied the *.pem files in the ssl directory. Doing so does not seem to help. How relevant is this?

I am out of ideas on how to make it work.
Any help welcome.

mrstegeman · January 3, 2021, 7:11am

You should share in the entire ~/.mozilla-iot or ~/.webthings directory from your old installation (depends on version), not just select files.

asoundmove · January 5, 2021, 12:44am

I finally took the time to test this, and lo-and-behold, you are right, it works.
The trick was to copy the ssl and the config directories together.

That made the tunnel work.
But mDNS still seems out of action.