3 Replies Latest reply on Feb 14, 2014 12:07 PM by Lars Burgess

    How to configure SSL for Rhoconnect with Rhoconnect-push

    Graham Bird

      I have set up Rhoconnect and Rhoconnect-push on a server through HTTP. Running "rhoconnect start" and "rhoconnect-push -c config.json" then allows me to connect my device and push to it.

      settings.yml (various items changed for security purposes):

      {

      #Sources

      :sources:

        Source1:

          :poll_interval: 3600

          :partition_type: app

          :priority: 1

       

      :development:

        :licensefile: settings/license.key

        :redis: localhost:6379

        :syncserver: http://localhost:9292

        :push_server: http://12345678-9999-AAAA-BBBB-36F360174C99@localhost:9299/

        :api_token: my-rhoconnect-token

      :test:

        :licensefile: settings/license.key

        :redis: localhost:6379

        :syncserver: http://localhost:9292

        :push_server: http://12345678-9999-AAAA-BBBB-36F360174C99@localhost:9299/

        :api_token: my-rhoconnect-token

      :production:

        :licensefile: settings/license.key

        :redis: localhost:6379

        :syncserver: http://localhost:9292

        :push_server: http://12345678-9999-AAAA-BBBB-36F360174C99@localhost:9299/

        :api_token: 1234562d787645d8b6c67cea7a5a9761

       

      :log_file:

        :name: logs/PTSRhoConnect.txt

        :max_size: 1024000

        :old_file_count: 10

      }

       

      config.json:

      {

          "httpSecure": "n",

          "devAuthHost": "localhost",

          "devAuthUrl": "/rc/v1/app/rps_login",

          "devAuthPort": "9292",

          "userAuthHost": "localhost",

          "userAuthUrl": "/rc/v1/app/rps_login",

          "userAuthPort": "9292",

          "appAuthHost": "localhost",

          "appAuthUrl": "/rc/v1/system/rps_login",

          "appAuthPort": "9292",

          "ansResponseTimeout": "300000",

          "ansServerPort": "9299",

          "registrationTimeout": "2592000",

          "clearDataBase": "n",

          "socketPoolSize": 1,

          "debugLevel": "3"

      }

       

      The next step was to use nginx and thin to run the main rhoconnect (still using rhoconnect-push -c config.json to start the push service at this stage). This also worked to push data to the device.

       

      Now, what we want to do is migrate both rhoconnect and rhoconnect-push to use SSL using certificates that we have available but we are unable to get the pair working together.

      The first attempt we made was to use SSL for the rhoconnect. This required an update to the settings.yml file:

      {

           :syncserver: https://localhost:9292

      }

      and the nginx rhoconnect.conf file:

      {

           # added in "ssl" to the "listen 9292" line

           listen 9292 ssl;

           # added both the ssl_certificate line and ssl_certificate_key line.

           ssl_certificate /opt/nginx/server.crt;

           ssl_certificate_key /opt/nginx/server.key;

      }

       

      At this point the device connected to rhoconnect but the registration request from the rhoconnect-push service returned an error:

      {

      ## RhoConnect push server: New connection from 82.132.245.233

       

      ***** 0 PUT /registrations/56c922f1-6741-43bc-bedf-367d703362bf:c28bd968c6bb7e20ab86f0054ed79ce6/TEST2/91167E73-8898-47E8-9D3D-36F360174C99

      ## handleRegistration header(s){"authorization":"Basic VEVTVDI6MjAyY2I5NjJhYzU5MDc1Yjk2NGIwNzE1MmQyMzRiNzA=","cookie":"instance=5b45f334-cf67-4fa1-baf9-bcf8aab21b4e:dbfb2ccc1a9acbebe785ce7583acaa28, rhoconnect_session=BAh7CEkiD3Nlc3Npb25faWQGOgZFRiJFZjRlNzNmMjhiMDY3MDdjZTE4Y2Q5%0AM2JkYmExYjBiZDYyZmQ4M2Y5YTAyMGU3NzhiYWU3Y2FlZDQ1ZjJkMDY1NEki%0ACmxvZ2luBjsARkkiClRFU1QyBjsAVEkiDWFwcF9uYW1lBjsARkkiEGFwcGxp%0AY2F0aW9uBjsARg%3D%3D%0A--4e67215d5a6f2485669b8dbc9da6574ca7edec3f;","content-length":"0","x-gateway":"wap.london.02.net","x-forwarded-for":"10.65.63.170","o2gw-id":"08","host":"81.145.182.147:9299","cache-control":"max-age=43200","connection":"keep-alive"}

      Invalid authentication credentials

      Credentials Basic VEVTVDI6MjAyY2I5NjJhYzU5MDc1Yjk2NGIwNzE1MmQyMzRiNzA=

      }

      I would imagine this is because the SSL rhoconnect and non-SSL rhoconnect-push cannot work together in this way.

       

      The second attempt involved trying to run SSL on both rhoconnect (as above) and rhoconnect-push. To do this we updated the configuration for rhoconnect (settings.yml):

      {

           :push_server: https://12345678-9999-AAAA-BBBB-36F360174C99@localhost:9299/

      }

      We also updated the config.json:

      {

          "httpSecure": "y",

          "keyFile": "/opt/nginx/server.key",

          "certificateFile": "/opt/nginx/server.crt",

          "certificateAuthorityFile": "/opt/nginx/server.crt",

          "devAuthHost": "localhost",

          "devAuthUrl": "/rc/v1/app/rps_login",

          "devAuthPort": "9292",

          "userAuthHost": "localhost",

          "userAuthUrl": "/rc/v1/app/rps_login",

          "userAuthPort": "9292",

          "appAuthHost": "localhost",

          "appAuthUrl": "/rc/v1/system/rps_login",

          "appAuthPort": "9292",

          "ansResponseTimeout": "300000",

          "ansServerPort": "9299",

          "registrationTimeout": "2592000",

          "clearDataBase": "n",

          "socketPoolSize": 1,

          "debugLevel": "3"

      }

       

      Using this version, the application synchronised with rhoconnect and the rhoconnect-push service reports:

      {

           ## RhoConnect push server: New connection from 82.132.245.233

      }

      However, the device is not being registered with rhoconnect and we cannot therefore push data.

       

      It looks to me as though the missing information is to do with the credentials required between rhoconnect and rhoconnect-push but I do not know how to configure these.

      Any assistance in getting to the bottom of this would be appreciated as otherwise we may have to implement the system without the push mechanism.

       

      Kind regards,

      Graham Bird.