The registration server will always use api.<domain> to identify itself.
The api subdomain is already handled automatically by the registration server. You just have to point your gateway at it.
can you able to tell me in which all files i have to make changes for running it properly.
i am new to it .
i am deploying using docker
so without mozilla-iot /gateway the registration server will not run .
that i think you are telling right??
i follow this still error is coming
I’m confused. What exactly are you trying to do with the registration server? That is what provides the tunneling and subdomain registration service for the gateway.
i want to setup registration server in docker can you tell me step by step process what i have to do and what i need for settiung up .
Thanks in advance
It will be great help for me if spend you spend little time of it.
—>my nginx config
HTTP version of the main registration server. We redirect to TLS port 8443 to
avoid conflicting with tunneled domains.
server {
listen 80;
listen [::]:80;
server_name api.uk.ms;
return 301 https://$server_name:8443$request_uri;
}
This default server handles tunneled domains, i.e. myhost.mydomain.org.
server {
listen 80 default_server;
listen [::]:80 default_server;
return 301 https://$host$request_uri;
}
This is the main registration server.
This section assumes you’re using Let’s Encrypt to generate a host
certificate. Adjust accordingly if necessary.
server {
listen 8443 ssl http2 default_server;
listen [::]:8443 ssl http2 default_server;
server_name api.uk.ms;
ssl_certificate "/etc/letsencrypt/live/api.uk.ms/fullchain.pem";
ssl_certificate_key "/etc/letsencrypt/live/api.uk.ms/privkey.pem";
# It is *strongly* recommended to generate unique DH parameters
# Generate them with: openssl dhparam -out /etc/pki/nginx/dhparams.pem 2048
#ssl_dhparam "/etc/pki/nginx/dhparams.pem";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:SEED:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!RSAPSK:!aDH:!aECDH:!EDH-DSS-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!SRP;
ssl_prefer_server_ciphers on;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:81;
}
}
it contains my other configuration
pdns,pagekite,config.otml https://docs.google.com/document/d/1tLDX_PWRnp8P6Oyg-8Q0S2I0bEiFdSnX26eV84wDUTU/edit?usp=sharing
local.json on gateway
{
“ssltunnel”: {
“registration_endpoint”: “https://api.uk.ms:8443”,
“domain”: “uk.ms”,
“certemail”: “certificate@uk.ms”
}
}
still getting same error i am talking about
I’m guessing the problem is this section of your config.toml:
ns_records = [
[ "ns1.afraid.org.", "50.23.197.94" ],
[ "ns2.afraid.org.", "69.65.50.223" ],
[ "ns3.afraid.org.", "184.170.243.127" ],
[ "ns4.afraid.org.", "70.39.97.253" ],
]
What you’re doing there is telling clients that they can use any of those servers to resolve subdomains for “uk.ms”, but you’re only running the registration server on the first. So, you either need to run the registration server on all of those servers, with a shared database, or you need to remove the entries that aren’t actually running your registration server. You may need to do the same with your domain registrar.
ohh so i have to mention only one name server right which i am using …
one thing tell me what i have to mention in [pdns.geoip] section
The geoip section looks fine as you have it.
Also, why are those NS records using a different domain? Those should be like “ns1.uk.ms”.