Public IP/Port Forwarding

[neo-seeker]

Hi Panka,

I was trying to deploy the Teltonika fleet management fork. While going through the docker-compose.yml, if found the last lines :
<<: *awslogs

I am trying to deploy the project at home with docker and then expose the ports with port forwarding. I have played with Teltonika devices MQTT protocol which they provide option for AWS and AZURE IoT only, but I have been un-official support from Teltonika with Mosquitto MQTT where we can self generate the certificates and add it to the Teltonika devices.

Is the docker-compose.yml file / fleet-management project only based on AWS? I get stuck doing custom deployment when I try to find .pem file. on top, i have deployed the docker in windows 10.

[pankalog]

Good afternoon @neo-seeker ,
the <<awslogs YAML anchors used are all commented out, so I am not sure what exactly the issue is. The anchors are only there for when I sometimes deploy myself to AWS, and the entire implementation has no requirement of AWS or MS Azure. They can be left commented out.

The tutorial contains an exhaustive list of prerequisites, and there is absolutely no requirement for AWS or Azure. In the tutorial, I use the "AWS IoT Custom" configuration element for the device's MQTT connection, but that's just how Teltonika has decided to name the system. There is no connection or usage of any AWS product or server in any part of the tutorial, you can run this in any computer that fulfills the requirements in the tutorial. Everything runs on OpenRemote. As long as you can configure the device as shown in the tutorial (i.e. the options that I use are available), you should be good.

As a note, you mention using port forwarding, but as a reminder, the server requires an SSL certificate, which basically means that you will need to have a domain name configured to the OpenRemote server (using an A record or something).

When you say you are having issues finding the .pem file, what exactly do you mean? I'm not sure I can 100% help on Windows 10, but let me know.

Thanks!

[neo-seeker]

Thanks a lot Panos. I was able to follow the tutorial and was also able to run the docker-compose up with the fleet-management customization. Here is my current setting:

1. FQDN: I have a domain xyz.com which I have parked and DNS mapped to a static ip of my router with Cloudflare (No proxies enabled). The domain pings to my router static ip. Full(Strict) SSL is enabled for domain xyz.com in Cloudflare.

2. Host Machine: I have Ubuntu 22.04 LTS running docker and have deployed the fleet-management image with the tutorial command: sudo OR_HOSTNAME=xyz.com docker-compose -p fleet-management up -d.
   I did not get any errors in starting the fleet-management-deployment-1 and could run all containers healthy.

3. SSL: Followed the command: sudo docker cp -L fleet-management-proxy-1:/deployment/letsencrypt/live/xyz.com/fullchain.pem ~fleet-management/fullchain.pem, which executed successfully and was able to download the file.

4. Running the 5th step: awk '/-----BEGIN CERTIFICATE-----/{x="cert"++i".pem"}; {print > x}' fullchain.pem &&
   (cat cert3.pem; cat cert2.pem; cat cert1.pem) > reversed_certchain.pem &&
   rm cert1.pem cert2.pem cert3.pem

I got only cert1.pem and cert2.pem not cert3.pem (reverse_certchain.pem was added to the device with domain:xyz.com and port 22825>>8883 using codec JSON and TLS/DTLS.

Note: [Port 22825 is router port forwarded to 8883 on host machine which is mapped to docker port 8883 ]
The device is able to connect with the FOTA Web by Teltonika but device is not able to get the device to connect to Openremote.

Please advice me what steps must I take next to that I can establish communication between the device and MQTT broker on Openremote.

Device Details: FMC150 with Firmware Ver: 03.29.00 Rev:157.

Thanks in advance for the great work again.

[pankalog]

Hey @neo-seeker ,

Happy to hear that you were able to at least get everything set up.

Is the OpenRemote UI reachable on xyz.com? If it is, then that means that the SSL certificates are working correctly.

It's definitely possible that your certificate chain only contains 2 certificates, as is the case here. You can test this out to get the correct certificate chain:

awk '/-----BEGIN CERTIFICATE-----/{x="cert"++i".pem"}; {print > x}' fullchain.pem && \
(cat cert2.pem; cat cert1.pem) > reversed_certchain.pem && \
rm cert1.pem cert2.pem

So you can now take reversed_certchain.pem and import it to your device. Ensure that you use xyz.com:22825 to connect to OpenRemote.

You can also take a look into the haproxy logs (using PROXY_LOGLEVEL=info for per-request logging) and the OpenRemote logs from those Docker images. As with everything else, the same principles you can read up on in the OpenRemote documentation apply here. If the requests arrive to the proxy container, then the logs will show if there was an issue with SSL. There is a possibility of Cloudflare's SSL Strict settings to be messing with the routing of the packages.

Also, let's please move to the forum for support. I'd like to have issues like this in our forum: https://forum.openremote.io/ . This will get more attention by the team. I'd like to keep issues specifically for bugs and code-related issues. Thanks!