TLS handshake error, even after clearing the docker cache

hpcdan · December 1, 2017, 6:24pm

I am connecting to the appserver via https://localhost:8080 (note the s )

I get the dreaded TLS handshake error. I’m running the standard docker image, which I assume is (based on the Dockerfile) building the TLS certificates. Is that an incorrect assumption? I don’t think so.

At Orne’s suggestion, I cleared all of the docker cache, removing all containers, killed all dangling containers and removed them, then tried again. I am still getting this error, which happens as soon as I try to create a network server

appserver_1 | 2017/12/01 17:08:27 http: TLS handshake error from 127.0.0.1:51476: tls: first record does not look like a TLS handshake
appserver_1 | time=“2017-12-01T17:08:27Z” level=info msg=“transport: http2Client.notifyError got notified that the client transport was broken read tcp 127.0.0.1:51476->127.0.0.1:8080: read: connection reset by peer.”

The web browser reports

Error: rpc error code = Unavailable desc = transport is closing (code: 2)

Suggestions?

brocaar · December 1, 2017, 6:37pm

Did you try the docker-compose.yml file mentioned at https://docs.loraserver.io/install/docker/

version: "2"

services:
  loraserver:
    image: loraserver/loraserver
    environment:
      - DB_AUTOMIGRATE=true
      - LOG_NODE_FRAMES=true
      - NET_ID=010203
      - BAND=EU_863_870
      - REDIS_URL=redis://redis:6379
      - GW_MQTT_SERVER=tcp://mosquitto:1883
      - GW_SERVER_JWT_SECRET=verysecret
      - POSTGRES_DSN=postgres://loraserver_ns:loraserver_ns@postgresql_ns/loraserver_ns?sslmode=disable
      - JS_SERVER=http://appserver:8003

  appserver:
    image: loraserver/lora-app-server
    ports:
      - 8080:8080
    environment:
      - DB_AUTOMIGRATE=true
      - REDIS_URL=redis://redis:6379
      - POSTGRES_DSN=postgres://loraserver_as:loraserver_as@postgresql_as/loraserver_as?sslmode=disable
      - MQTT_SERVER=tcp://mosquitto:1883
      - JWT_SECRET=verysecret
      - HTTP_TLS_CERT=/etc/lora-app-server/certs/http.pem
      - HTTP_TLS_KEY=/etc/lora-app-server/certs/http-key.pem
      - AS_PUBLIC_SERVER=appserver:8001

  gatewaybridge:
    ports:
      - 1700:1700/udp
    image: loraserver/lora-gateway-bridge
    environment:
      - MQTT_SERVER=tcp://mosquitto:1883

  postgresql_ns:
    image: postgres:9.6-alpine
    ports:
      - 5432
    environment:
      - POSTGRES_PASSWORD=loraserver_ns
      - POSTGRES_USER=loraserver_ns
      - POSTGRES_DB=loraserver_ns

  postgresql_as:
    image: postgres:9.6-alpine
    ports:
      - 5432
    environment:
      - POSTGRES_PASSWORD=loraserver_as
      - POSTGRES_USER=loraserver_as
      - POSTGRES_DB=loraserver_as

  redis:
    ports:
      - 6379
    image: redis:4-alpine

  mosquitto:
    ports:
      - 1883
    image: eclipse-mosquitto

Would you be able to try that (put it in a directory and then run docker-compose up)? I tried it at my side without any issues. Please note that you should clear your browser cache (that was my issue). The LoRa App Server docker image contains a self-signed certificate, which is fine for testing. For production you should replace this of course

hpcdan · December 1, 2017, 7:34pm

I downloaded the yml file you mentioned and did a docker-compose up. After that, started the browser, logged in (admin), then tried to add a network server (localhost:8080). I got the same error as described below.

BTW, here is my yml file. Note that I am running the gateway on another machine. And yes, I did clear the browser cache too …

After running docker-compose up, then starting Firefox, logging in as admin, and trying to create a network server (localhost:8080), I get this error:

Error rpc error: code = Unavailable desc = transport is closing (code: 2)

in the browser and

appserver_1 | 2017/12/01 19:17:38 http: TLS handshake error from 127.0.0.1:58250: tls: first record does not look like a TLS handshake
appserver_1 | time=“2017-12-01T19:17:38Z” level=info msg="transport: http2Client.notifyError got notified that the client transport was broken read tcp 127.0.0.1:58250->127.0.0.1:8080: read: connection reset by peer."

Here is the yml file (passwords changed)

version: “2”

services:
loraserver:
image: loraserver/loraserver
environment:
- DB_AUTOMIGRATE=true
- LOG_NODE_FRAMES=true
- NET_ID=010203
- BAND=US_902_928
- REDIS_URL=redis://redis:6379
- GW_MQTT_SERVER=tcp://mosquitto:1883
- GW_MQTT_USERNAME=user
- GW_MQTT_PASSWORD=password
- GW_SERVER_JWT_SECRET=verysecret
- POSTGRES_DSN=postgres://loraserver_ns:loraserver_ns@postgresql_ns/loraserver_ns?sslmode=disable
- GW_CREATE_ON_STATS=true
- JS_SERVER=http://appserver:8003
depends_on:
- postgresql_ns
- redis
- mosquitto

appserver:
image: loraserver/lora-app-server
ports:
- 8080:8080
environment:
- DB_AUTOMIGRATE=true
- AS_PUBLIC_SERVER=appserver:8001
- REDIS_URL=redis://redis:6379
- POSTGRES_DSN=postgres://loraserver_as:loraserver_as@postgresql_as/loraserver_as?sslmode=disable
- MQTT_SERVER=tcp://mosquitto:1883
- MQTT_USERNAME=user
- MQTT_PASSWORD=password
- JWT_SECRET=verysecret
- HTTP_TLS_CERT=/etc/lora-app-server/certs/http.pem
- HTTP_TLS_KEY=/etc/lora-app-server/certs/http-key.pem
depends_on:
- postgresql_as
- mosquitto
- redis
- loraserver

postgresql_ns:
image: postgres:9.6-alpine
ports:
- 5432
environment:
- POSTGRES_PASSWORD=loraserver_ns
- POSTGRES_USER=loraserver_ns
- POSTGRES_DB=loraserver_ns

postgresql_as:
image: postgres:9.6-alpine
ports:
- 5432
environment:
- POSTGRES_PASSWORD=loraserver_as
- POSTGRES_USER=loraserver_as
- POSTGRES_DB=loraserver_as

redis:
image: redis:4-alpine
ports:
- 6379

mosquitto:
image: iq/mosquitto
ports:
- “1883:1883”
- “8883:8883”
- “9001:9001”
environment:
- MQTT_LOGIN_USERNAME=user
- MQTT_LOGIN_PASSWORD=password

brocaar · December 1, 2017, 8:29pm

By default the network-server (LoRa Server) is listening on port 8000. This is not the same port as the LoRa App Server UI and API interface.

hpcdan · December 1, 2017, 10:33pm

Slaps head at stupidity. Okay, adding localhost:8000 (rather than localhost:8080) as a network server introduces a different error (using the stock yml file you suggested): Which service is failing to connect on port 8000?

appserver_1 | time=“2017-12-01T21:55:39Z” level=info msg="grpc: addrConn.resetTransport failed to create client transport: connection error: desc = “transport: Error while dialing dial tcp 127.0.0.1:8000: getsockopt: connection refused”; Reconnecting to {localhost:8000 }"

and the website reports

Error context deadline exceeded (code: 2)

I apologize for asking so many questions

brocaar · December 2, 2017, 7:30am

Try loraserver:8000 so it matches the container name

hpcdan · December 2, 2017, 10:56pm

That worked, thank you!

Now on to the next issue