platform icon indicating copy to clipboard operation
platform copied to clipboard

Published 20 hours ago verified publisher icon apinf

Not able to add API using private IP / APInf umbrella issues when running locally

Open Madhu-NEC opened this issue 6 years ago • 18 comments

I am not able to publish API on APInf with bare private IP address while the same API i am able to publish on API-Umbrella. I have used latest version of APInf and API-Umbrella and followed the steps given at below URl for installation: docker installation

Madhu-NEC avatar Feb 26 '19 08:02 Madhu-NEC

Hi,

as a workaround for ipv4 IPs you can do like this:

http://12.33.56.78

ilarimikkonen avatar Feb 28 '19 11:02 ilarimikkonen

I am able to enter external public IP for adding API but I am not able to enter internal public IP to network for adding API. Eventhough I am able to add external public IP but not able to add proxy setting for the API as it gives "cannot read property length of null" error.

Madhu-NEC avatar Mar 05 '19 04:03 Madhu-NEC

As you know I am working on APInf installation, and as per my understanding FQDN is needed for installation of APInf. Could you please explain what is the need of FQDN while installing APInf? If FQDN is needed, then a user(doesn't have FQDN) cannot complete it's installation process because in the installation documentation it is not mentioned that "YOUR_SITE_DOMAIN" is FQDN for the same? If yes, we should update it in the documentation as a note so that it can be useful for users installing APInf.

Madhu-NEC avatar Mar 05 '19 05:03 Madhu-NEC

Hi,

there is a branch: https://github.com/apinf/platform/tree/docs/update-install

which is used to update the documentation. It is work in progress. FQDN is needed if you use docker-compose script. in the docker compose there is the SLL part, which uses Let's Encrypt. Let's Encrypt does not allow certs without FQDN

ilarimikkonen avatar Mar 05 '19 08:03 ilarimikkonen

There is one docker-compose-development.yml. Can we use this file to install APInf without FQDN as SSL part is not there in this file?

Madhu-NEC avatar Mar 06 '19 04:03 Madhu-NEC

I'm testing now what makes sense. Please wait a little. Basically, if you want to run locally, pull both APInf platform code, apinf umbrella code, and run locally. Then no SSL is needed

ilarimikkonen avatar Mar 06 '19 09:03 ilarimikkonen

Hi,

one option is to follow Development installation with Docker and add entries to hosts file, remove ssl parts from docker-compose.yml, add the "apinf.dev" to env.apinf and api-umbrella.yml. this allows to run api umbrella locally, and I can curl -k https://apinf.dev:3002

unfortunately this leaves the HSTS config on, so I have not been able to bypass this.

I highly recommend to get a domain name and follow the "With Docker Compose -WORKING" part in the https://github.com/apinf/platform/blob/docs/update-install/INSTALL.md branch.

this has been verified to work by me yesterday.

I apologise that the umbrella docs are not upto standards, but we are working on this

ilarimikkonen avatar Mar 07 '19 09:03 ilarimikkonen

Thanks ilarimikkonen. I want a small information that do we need to get a public IP/FQDN for the machine running APInf? Also can i use my own SSL (self-signed) certificates, other than LetsEncrypt, if yes, could you please share the details.

AnuragVashisth-NEC avatar Mar 11 '19 07:03 AnuragVashisth-NEC

Hi,

With FQDN this is working if you refer to these instructions: https://github.com/apinf/platform/blob/docs/update-install/INSTALL.md (section With Docker Compose -WORKING)

There is a possibility to generate certs and tell umbrella (ssl_cert: and ssl_cert_key: ) to use those. We'll investigate, there is a problem with umbrella loading the cert and key.

ilarimikkonen avatar Mar 11 '19 08:03 ilarimikkonen

this tested running ubuntu with chromium.

Hi, short update; with NREL umbrella we are able to set up locally:

easy way:

modify api-umbrella.yml and add

override_public_http_port: 443 override_public_http_proto: https

  • modify api-umbrella.yml so that github login credentials are set in github for "apiumbrella.example.com"
  • in docker-compose.yml comment out the ssl sections so that lets encrypt is not trying to get certificates for non existing domain
  • add apiumbrella.example.com entry to /etc/hosts
  • run docker-compose up apiumbrella

navigate to https://apiumbrella.example.com:3001

umbrella thinks that SSL traffic is terminated somewhere else.

HARD WAY with certs:

  • modify api-umbrella.yml so that github login credentials are set in github for "apiumbrella.example.com"
  • in docker-compose.yml comment out the ssl sections so that lets encrypt is not trying to get cetificated for non existing domain
  • add apiumbrella.example.com entry to /etc/hosts
  • run docker-compose up apiumbrella
  • run docker ps and check what the hash for the umbrella container is
  • run sudo docker exec -it <HASH> /bin/bash and replace the <HASH> with few initial digits from hash of the umbrella container
  • in the container go to /opt/api-umbrella/etc/ssl and copy both key and cert
  • using those key and cert run openssl to create a p12 for browser. example: sudo openssl pkcs12 -export -out umrella4-ilari.p12 -inkey apiu4-key.pem -in apiu4-cert.pem
  • in chromium import the certificate created in previous step.
  • navigate to https://apiumbrella.example.com:3002

ilarimikkonen avatar Mar 11 '19 13:03 ilarimikkonen

doing this with APInf umbrella leaves some functionality out; we are investigating

ilarimikkonen avatar Mar 11 '19 13:03 ilarimikkonen

Will the basic functionality of umbrella work such as API add, publish and accessibility? Could you please elaborate which functionalities will not work?

Madhu-NEC avatar Mar 11 '19 13:03 Madhu-NEC

those features you have mentioned above are NOT working, since the login to APInf umbrella is not working. How ever, they seem to wrk fine with NREL umbrella. NREL umbrella is missing some FIWARE integration features, but basic set is there and is usable.

ilarimikkonen avatar Mar 11 '19 13:03 ilarimikkonen

Thank you for your valuable guidance and support. As you suggested, I have tried apinf set-up with docker-compose with proper domain name. And it is working fine.

Madhu-NEC avatar Mar 13 '19 16:03 Madhu-NEC

We have a local environment setup where we want to serve services (like orion) through APInf gateway. As you confirmed in above comments that we need APInf to be running on FQDN(publically accessible IP), we have done that but when we are adding API for Orion it says invalid URL. (please find attached screenshot_1 for referral). The problem is with private IPs (where orion is running). Can you please confirm whether we need to setup backend services like Orion on public IP as well or there is any workaround for this? Screenshot_1 community_apinf_3718

Also when integrating with Keyrock (running on private IP), APInf fairly accepts Private IP while configuring Fiware but when we sign in with fiware it gives 504 Gateway Time-out error.(please find attached screenshot_2 for referral). Can you please confirm whether we need to setup Keyrock on public IP as well? Screenshot_2 community_apinf_3718_2

Madhu-NEC avatar May 09 '19 05:05 Madhu-NEC

hi,

about the invalid url, I cannot reproduce the problem with latest develop. image

ilarimikkonen avatar May 09 '19 13:05 ilarimikkonen

about the fiware problem, I need to investigate.

ilarimikkonen avatar May 09 '19 13:05 ilarimikkonen

As per my investigation, the private IP falls in below range: 10.0.0.0 - 10.255.255.255 172.16.0.0 - 172.31.255.255 192.168.0.0 - 192.168.255.255 Please find the URL for confirmation: https://en.wikipedia.org/wiki/Private_network The IP within above range shows invalid URL error. Could you please verify an IP from above mentioned range? Note: The usecase is to deploy APInf gateway for services like Orion within a network.

Madhu-NEC avatar May 17 '19 07:05 Madhu-NEC