I’m pretty new to LoraWAN and I’ve been reading https://www.chirpstack.io/docs/architecture.html but I’m still a little bit confused about the different packages.
A customer of mine installed Semtech BasicStation on a PC-Engines board. Because we would like to have more gateways like this, we decided that I would install Chirpstack with the gateway bridge on a server and let the customer connect his gatway to our private Chirpstack installation. Based on the Architecture page of the documentation, we are trying Multi-region example 1.
I followed https://www.chirpstack.io/docs/getting-started/docker.html to install on our server with docker. I cloned https://github.com/chirpstack/chirpstack-docker.git and made a couple of smaller changes and started it with docker-compose start.
My docker-compose looks like this:
version: "3"
services:
chirpstack:
image: chirpstack/chirpstack:4.2.0
command: -c /etc/chirpstack
restart: unless-stopped
security_opt:
- apparmor:unconfined
volumes:
- ./configuration/chirpstack:/etc/chirpstack
- ./lorawan-devices:/opt/lorawan-devices
depends_on:
- postgres
- mosquitto
- redis
environment:
- MQTT_BROKER_HOST=mosquitto
- REDIS_HOST=redis
- POSTGRESQL_HOST=postgres
ports:
- 8080:8080
chirpstack-gateway-bridge-eu868:
image: chirpstack/chirpstack-gateway-bridge:4.0.6
restart: unless-stopped
security_opt:
- apparmor:unconfined
ports:
- 1700:1700/udp
volumes:
- ./configuration/chirpstack-gateway-bridge-eu868:/etc/chirpstack-gateway-bridge
depends_on:
- mosquitto
chirpstack-gateway-bridge-eu433:
image: chirpstack/chirpstack-gateway-bridge:4.0.6
restart: unless-stopped
security_opt:
- apparmor:unconfined
ports:
- 1701:1700/udp
volumes:
- ./configuration/chirpstack-gateway-bridge-eu433:/etc/chirpstack-gateway-bridge
depends_on:
- mosquitto
chirpstack-rest-api:
image: chirpstack/chirpstack-rest-api:4.2.0
restart: unless-stopped
security_opt:
- apparmor:unconfined
command: --server chirpstack:8080 --bind 0.0.0.0:8090 --insecure
ports:
- 8090:8090
depends_on:
- chirpstack
postgres:
image: postgres:14-alpine
restart: unless-stopped
security_opt:
- apparmor:unconfined
volumes:
- ./configuration/postgresql/initdb:/docker-entrypoint-initdb.d
- postgresqldata:/var/lib/postgresql/data
environment:
- POSTGRES_PASSWORD=root
redis:
image: redis:7-alpine
restart: unless-stopped
security_opt:
- apparmor:unconfined
volumes:
- redisdata:/data
mosquitto:
image: eclipse-mosquitto:2
restart: unless-stopped
security_opt:
- apparmor:unconfined
ports:
- 1883:1883
volumes:
- ./configuration/mosquitto/mosquitto.conf:/mosquitto/config/mosquitto.conf
volumes:
postgresqldata:
redisdata:
so more or less the same configuration as the one in https://github.com/chirpstack/chirpstack-docker.git
On the host I also have an nginx with this configuration:
upstream chirpstack-app {
server localhost:8080;
}
server {
listen 443 default_server ssl;
listen [::]:443 default_server ssl;
server_name chirpstack.mycomapny.tdl;
access_log /var/log/nginx/ssl_chirpstack-access.log;
error_log /var/log/nginx/ssl_chirpstack-error.log;
ssl_certificate /etc/letsencrypt/live/chirpstack.mycomapny.tdl/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/chirpstack.mycomapny.tdl/privkey.pem;
location / {
proxy_cache off;
proxy_pass http://chirpstack-app;
include /etc/nginx/proxy_params;
proxy_read_timeout 3600;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
}
This seems to work, I was able to log in via https://chirpstack.mycomapny.tdl and change the admin password.
So then I wanted to connect the customer gateway with our chirpstack installation but that’s where I got confused.
Looking at https://www.chirpstack.io/docs/chirpstack/configuration.html specially the gateway section, it says:
Global gateway configuration.
Please note that backend configuration can be found in the per-region
configuration.
I’m confused:
-
why does it have a gateway section? Is this the same gateway as the
chirpstack/chirpstack-gateway-bridgeimage? -
there is the configuration file
configuration/chirpstack/chirpstack.tomlbut alsoconfiguration/chirpstack/region_eu868.tomlwhere there is theregions.gatewaysection. -
there is
configuration/chirpstack-gateway-bridge-eu868/chirpstack-gateway-bridge.tomlwhich in my case it looks like this:[integration.mqtt.auth.generic] servers=["tcp://mosquitto:1883"] username="" password="" [integration.mqtt] event_topic_template="eu868/gateway/{{ .GatewayID }}/event/{{ .EventType }}" state_topic_template="eu868/gateway/{{ .GatewayID }}/state/{{ .StateType }}" command_topic_template="eu868/gateway/{{ .GatewayID }}/command/#"
Why are there so many gateways and do I need all of these?
Regarding SSL certificates: here I’m confused as well.
Again, looking at https://www.chirpstack.io/docs/chirpstack/configuration.html and the gateway section, you can specify the ca_key and ca_cert values (are those the paths to the files?). These do not have anything to do with the TLS Certificates that I get from Let’s encrypt?
Semtech BasicStation documentation says that if you want TLS Server and Client Authentication, you need to provide the tc.trust file (https://letsencrypt.org/certs/isrgrootx1.pem), but also tc.crt which is the The Station’s own certificate. Is this signed with the CA specificed in the gateway.ca_cert section?
Thanks.
PS: Why am I getting this error An error occurred: Sorry, new users can only put 2 links in a post? I had to put all hyperlinks in backticks.