Rpc error: code = Unauthenticated and Live Frame Logs / Live Event Disconnected

By default NGINX disconnects after one or two minutes (check the default values of these parameters) when there is no activity. As it is not guaranteed that you will receive or send a LoRaWAN frame each minute, you need to set this to a high value.

I switched to NGINX quickly and applied you config. But it seems like I still have an issue with the websocket. It is still disconnected even though the browser is now answering the request via the proxy of NGINX.

Is it possible I configured something wrong with the websockets?

Hi Brocaar,

I made it. I had to play around a bit but I finally got it working with apache. I had two issues, first thing I had to do is to upgrade my apache because it is still a 2.22 so I had to follow these two threads:

After that I had to try a little and got it running with the final setting for the apache proxy as following:

#############
### Proxy ###
#############

ProxyRequests off
ProxyPreserveHost on

ProxyPassMatch ^/api/(gateways|devices)/(\w+)/(frames|events)$ wss://localhost:8080/api/$1/$2/$3
ProxyPass / https://localhost:8080/
ProxyPassReverse / https://localhost:8080/

<Proxy *>
Order allow,deny
Allow from all
</Proxy>

So, now the journey can countinue.

Best regards,

Lu Wi

1 Like

Hi, I have loraserver v0.26.3 and lora-app-server v0.21.1, I’ve already registered my gateway and devices, I also have created a JWT with the API and it works just fine, I even added it into my loraserver.toml and lora-app-server.toml and still have problems to get my “Live Frame Logs / Live Event” connected. This is a Raspberry pi3 installation with a Lora RisingHF Hat. Am I missing something?

LORA-APP-SERVER LOG:
May 30 21:58:45 raspberrypi lora-app-server[1254]: time=“2018-05-30T21:58:45Z” level=info msg=“finished streaming call with code Unauthenticated” error=“rpc error: code = Unauthenticated desc = authentication failed: get token from context error: no authorization-data in metadata” grpc.code=Unauthenticated grpc.method=StreamFrameLogs grpc.service=api.Device grpc.start_time=“2018-05-30T21:58:45Z” grpc.time_ms=0.406 peer.address="[::1]:39460" span.kind=server system=grpc

LORASERVER LOG:
May 30 21:39:56 raspberrypi loraserver[1397]: time=“2018-05-30T21:39:56Z” level=info msg=“finished streaming call with code OK” grpc.code=OK grpc.method=StreamFrameLogsForDevice grpc.service=ns.NetworkServer grpc.start_time=“2018-05-30T21:38:56Z” grpc.time_ms=59968.34 peer.address="[::1]:60344" span.kind=server system=grpc

I’ve moved your post as there was already a topic covering this issue. See the above mentioned solutions.

Hello, I also face the above issue after fresh install of lora-app-server v1.0.0 / v1.0.1/ v1.0.2 in two pcs. One of them runs an ubuntu vm in my laptop so I don’t have any proxy/load balancer.

After staying for some seconds at the live events log tab or at the live lorawan frame logs tab of a node, the “Error rpc error: code = OutOfRange desc = EOF (code: 11)” error appears again and again.

(my current setup contains the latest loraserver, lora-app-server, lora-gateway-bridge versions, installed following the detailed instructions successfully)

Follow up 1
Every time I see the connected->disconnected->connected hop, this appears at the loraserver’s log:

time=“2018-07-09T16:58:19+03:00” level=error msg=“get frame-log for device error” error=“ERR wrong number of arguments for ‘ping’ command”
time=“2018-07-09T16:58:19+03:00” level=info msg=“finished streaming call with code OK” grpc.code=OK grpc.method=StreamFrameLogsForDevice grpc.service=ns.NetworkServer grpc.start_time=“2018-07-09T16:57:49+03:00” grpc.time_ms=30001.236 peer.address=“127.0.0.1:52498” span.kind=server system=grpc

Follow up 2
The docker version seems to operate perfectly, without any connected->disconnected issues and any errors appearing.

Follow up 3
I just tried using loraserver 1.0.0 , lora-app-server 1.0.0 and lora-gateway-bridge 2.4.1 debs along with the configuration files that come with the docker repo ( after changing the docker names to localhost and putting the right postgres credentials). The same issue persists.

Follow up 4
Seems to operate nicely on latest ubuntu 18 while previously I was on ubuntu 14.04…

Is there an issue or do you have any suggestions for my setup?
Thank you

1 Like

Saw exactly the same, also on ubuntu 14.04, not yet found the cause. Probably will move to a newer instance.

I dont have this field inside the file loraserver.toml.There ir no fied to inser jwt secret. It is presente only inside lora-app-server.toml file.

I´m having this exaclty same problem:

Aug 21 16:34:23 lorawan-ns-3 lora-app-server: time=“2018-08-21T16:34:23Z” level=info msg=“finished unary call with code Unauthenticated” error=“rpc error: code = Unauthenticated desc = authentication failed: get token from context error: no authorization-data in metadata” grpc.code=Unauthenticated grpc.method=List grpc.service=api.OrganizationService grpc.start_time=“2018-08-21T16:34:23Z” grpc.time_ms=0.039 peer.address="[::1]:42960" span.kind=server system=grpc

we are using Ubuntu 14.04.5 LTS

when we can setting proxy server setting in Ubuntu?

Please help me

Thanks

I’m having this exactly same problem:

(my current setup contains the latest loraserver, lora-app-server, lora-gateway-bridge versions, installed following the detailed instructions successfully)

time=“2018-09-27T11:13:28+05:30” level=error msg=“get frame-log for gateway error” error="ERR wrong number of arguments for ‘ping’ command"

time=“2018-09-27T11:13:28+05:30” level=info msg=“finished streaming call with code OK” grpc.code=OK grpc.method=StreamFrameLogsForGateway grpc.service=ns.NetworkServerService grpc.start_time=“2018-09-27T11:12:58+05:30” grpc.time_ms=30000.86 peer.address=“192.168.0.162:52028” span.kind=server system=grpc

Please help me…

I know it is an old thread, but here is a working WS tunneled proxy config für a current Apache…

ProxyPreserveHost On
ProxyRequests off

RewriteEngine On
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule /(.*)           ws://127.0.0.1:8080/$1 [P,L]
RewriteCond %{HTTP:Upgrade} !=websocket [NC]
RewriteRule /(.*)           http://127.0.0.1:8080/$1 [P,L]

ProxyPass / http://127.0.0.1:8080/ Keepalive=On timeout=1600
ProxyPassReverse / http://127.0.0.1:8080/
2 Likes

Just waking this thread up (sorry) in case anyone else lands here trying to debug a related issue.

If you run Redis 4 (requires 5) with the latest app server (3.16) then it will look like a websocket issue. It’s not, it’s because the websocket EOFs at the point where it can’t use streams with redis.

Don’t go down the rabbit hole like I did, you just need to update Redis!

1 Like

Hello I am also having this issue (Websocket error) with a docker installation :

  • chirpstack-application-server 3.16
  • redis 6.2.5
  • Firefox 91.0.1

For simulation I use the chirpstack-simulator for creating gateways and devices.

I use a Nginx proxy and HAProxy Load balancer with the following operation : Client_ws <->Haproxy_ws_proxy <-> Nginx_ws_proxy <-> Chirpstack_ws_server. Here are my configuration files :

##haproxy.cfg :

defaults
mode tcp
log global
option httplog
option dontlognull
option http-server-close
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 10m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
listen stats
bind *:7777
mode http
stats enable
stats hide-version
stats realm HAproxy-Statistics
stats uri /

timeout client 25s
timeout connect 5s
timeout server 25s
# timeout tunnel available in ALOHA 5.5 or HAProxy 1.5-dev10 and higher
timeout tunnel 3600s
#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------

frontend Web_80
bind *:80
mode http
default_backend www
http-request redirect scheme https unless { ssl_fc }

#Redirect to Nginx proxy
frontend WebSSL_443
bind *:443 ssl crt ********
rspadd Strict-Transport-Security:\ max-age=15768000
# mode http
# routing based on websocket protocol header
acl hdr_connection_upgrade hdr(Connection) -i upgrade
acl hdr_upgrade_websocket hdr(Upgrade) -i websocket
use_backend nginx0001_ws if hdr_connection_upgrade hdr_upgrade_websocket
default_backend nginx0001



backend nginx0001
mode http
option forwardfor
balance roundrobin
server nginx0001 127.X.X.X:8080 check
timeout connect 5s
timeout server 25s
# timeout tunnel available in ALOHA 5.5 or HAProxy 1.5-dev10 and higher
timeout tunnel 3600s
http-request set-header X-Forwarded-Host %[req.hdr(Host)]
http-request set-header X-Client-IP %[src]


backend nginx0001_ws
balance roundrobin
server nginx0001 127.X.X.X:8080 check
timeout connect 10s
timeout server 25s
# timeout tunnel available in ALOHA 5.5 or HAProxy 1.5-dev10 and higher
timeout tunnel 3600s
option forwardfor

Configuration according to the official documentation.

## nginx.conf

upstream chirpstack{
server 172.X.X.X:8080;
}

server {
listen 8080;
server_name chirpstack.example.org;

location ~ ^/api/(gateways|devices)/(\w+)/(frames|events)$ {
 proxy_pass http://chirpstack/api/$1/$2/$3;
 proxy_http_version 1.1;
 proxy_set_header Host $host;
 proxy_set_header X-Real-IP $remote_addr;
 proxy_set_header X-Forwarded-Proto https;
 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

 access_log /var/log/nginx/lns_ws.access.log;
 error_log /var/log/nginx/lns_ws.error.log;

 proxy_set_header Upgrade $http_upgrade;
 proxy_set_header Connection “upgrade”;
 proxy_read_timeout 86400s;
 proxy_send_timeout 86400s;
}

location / {

 proxy_pass http://chirpstack;
 proxy_set_header Host $host;
 proxy_set_header X-Real-IP $remote_addr;
 proxy_set_header X-Forwarded-Proto https;
 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

access_log /var/log/nginx/lns.access.log;
error_log /var/log/nginx/lns.error.log;
}

}

Configuration according to the official documentation.

I’m still getting the error :

  time="2021-08-23T08:50:34.144276849Z" level=info msg="finished streaming call with code Unauthenticated" error="rpc error: code = Unauthenticated desc = authentication failed: get token from context error: no authorization-data in metadata" grpc.code=Unauthenticated grpc.method=StreamFrameLogs grpc.service=api.GatewayService grpc.start_time="2021-08-23T08:50:34Z" grpc.time_ms=0.102 peer.address="127.0.0.1:57363" span.kind=server system=grpc

Could you help me please ?

Updated for https

ProxyPreserveHost On
ProxyRequests off

RewriteEngine On
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule /(.*)           wss://127.0.0.1:8080/$1 [P,L]
RewriteCond %{HTTP:Upgrade} !=websocket [NC]
RewriteRule /(.*)           https://127.0.0.1:8080/$1 [P,L]

ProxyPass / https://127.0.0.1:8080/ Keepalive=On timeout=1600
ProxyPassReverse / https://127.0.0.1:8080/

There is a mismatch in this configuration file. As is, the websocket connection works when connected to a local network but when working throught an exposed domain you will get the “Not connected to websocket api” error. (Tested in two working setups exposed to public domains, secured with LetsEncrypt certificates).

This is due this line you wrote above and in the official documentation:

proxy_set_header Connection "Upgrade";

It must be written as:

proxy_set_header Connection "upgrade";

with “upgrade” in lower case.

Written so, it works like a charm.