How to get https running on the gateway

chas_iot · September 21, 2019, 4:14am

Hi

I’m running the gateway on a Raspberry Pi. I created a certificate.pem and privatekey.pem and copied to /home/pi/.mozilla-iot/ssl
I did have to strip the passphrase from the private key as it was causing failures, seen in /var/log/daemon.log

However, now there are no failures logged, but I can’t connect using https on 443 or 4443

when I ssh to the rasberry, ss -tulw shows that there is a listener on http-alt (8080) but nothing on 4443 or 443

I know that somehow my connection on port 80 is mapped to 8080 but a bit stuck. Any advice?

mstegeman · September 21, 2019, 6:27pm

When you browse to http://gateway.local, are you still on the domain setup page? If so, you’ll need to click the Skip button. The SSL server will not be set up until you are past that point.

Also, just FYI, the 80->8080 and 443->4443 redirection is done via iptables rules.

chas_iot · September 22, 2019, 1:47am

I have the gateway fully set up and running, with several lights set up. When I connect via http://gateway.local all works correctly. However, When I connect via https://gateway.local, there’s no listener.

How do I get the https or ‘https-alt’ listener running.

I’m not using the Mozilla tunnel to https://gateway.mozilla-iot.org (typing from memory)

mstegeman · September 22, 2019, 4:10pm

When you initially set up your gateway, did you click the Skip button, rather than filling in a mozilla-iot.org subdomain?

Also, would you be able to upload your log somewhere so I can take a look? The logs are in ~/.mozilla-iot/log

chas_iot · September 23, 2019, 1:22am

@mstegeman yes, I clicked skip for the subdomain.

The gateway has been running for several weeks and the log from the setup date appears to be no longer available. But there are interesting logs are in daemon.log from the Rasberry Pi - there does not appear to be anything incriminating there

So the sequence was I setup the gateway, skipping subdomain.
some weeks later
Added certificate.pem and privatekey.pem
gateway crashed
fiddled around to strip the passphrase from the key and set the correct owner/group/permissions - gateway crashed several more times
got the permissions correct, gateway started.
currently, http is running but https is not

daemon.zip (150.5 KB)

mstegeman · September 23, 2019, 6:49pm

As it turns out, we had a small (one character) bug here: https://github.com/mozilla-iot/gateway/blob/master/src/app.js#L382

That should read return startHttpsGateway();

If you’d like to fix it now, I can tell you how to rebuild the gateway on your Pi. Otherwise, the fix will be in 0.10.

chas_iot · September 23, 2019, 7:03pm

yes, please tell me

mstegeman · September 23, 2019, 7:08pm

You’ll want to do the following:

cd ~/mozilla-iot/gateway
# edit src/app.js with the fix above
npm install
./node_modules/.bin/webpack
sudo systemctl restart mozilla-iot-gateway

chas_iot · September 23, 2019, 7:44pm

thanks @mstegeman that’s working