Issue running gateway-bridge in AWS with application load balancer and wss

Kevin Lee 1
Viewed 55

I have a gateway bridge running in a docker container in AWS. If I connect a gateway directly to the EC2 node using ws (non-secure websocket) it works fine. I'm trying to now connect via wss (secure websocket) where the secure endpoint is the application loadbalancer which forwards the traffic to my AWS target group containing the same EC2 instance. The gateway bridge EC2 node only gets the non-secure traffic after it is processed by the load balancer.

What appears to be happening is the gateway sends a message to wss:://router-info which gets correctly gets a 101 return code saying it's forwarding the traffic on to the EC2 node. But the gateway-bridge doesn't process the router-info message, it appears like it is expecting the /gateway/<gateway_eui> message because it says it has this log message:

level=error msg="backend/basicstation: parse gateway id error" error="encoding/hex: invalid byte: U+0072 'r'

Looking at the code, it's trying to parse the gateway_eui, but it actually received the /router-info GET.

I believe this is happening because I didn't configure any of the TLS parameters, which I don't want to do since the application load balancer is actually doing the secure TLS termination and not the gateway-bridge.

Is there a way to configure the gateway-bridge to send back some response to the gateway-bridge (like a no-op kind of message) that allows the gateway to continue the connection process? Thanks for any clues on how to proceed.

troubleshooting basics-station chirpstack-gateway-bridge
2 Answers

After a lot of debugging, I finally figured out the issue and it was mainly my nginx configuration plus the fact I was running nginx is a docker container. The forwarded request to the gateway bridge didn't have the correct $host information so that the host info returned in the router-info response was incomplete and or incorrect.

The solution to my issue included enabling the tls_support_proxy as well as fixing my nginx configuration.

Kevin Lee1

I don't see any log entries related to receiving/processing the /router-info GET request. I don't understand how the gateway-bridge starts looking for the gateway/<gateway_eui> message without processing the /router-info message first.

I'm thinking there must be something wrong with my nginx configuration, but I don't know what it could be.

Kevin Lee

I've gotten farther, but I'm still hitting something I don't understand.

Right now, I'm the /router-info GET is working correctly and returning a URI: wss:///gateway/<gateway_eui>

basic station then parses the uri and complains with this error:
Illegal muxs URI (no port/path etc.): wss:///gateway/<gateway_eui>

Looking at the source code for basic station, it appears that it is expecting the port to be included in the uri and no path appended (/gateway/<gateway_eui>) I'm not sure how this ever works?

Kevin Lee

The station code is expecting the port to be defined and a path defined (I had said no path above). So, the only issue appears that the port is not included in the uri. I'm reviewing basic station code that has not changed since Jan 2022 (v2.0.6), so I'm not exactly sure how this version of the gateway-bridge is working for others?

I'm going to try to update the gateway-bridge code so I can test locally, but as I am not a GO developer, that could take a while to get set up.

Kevin Lee
Orne Brocaar811
Related
Authentication / openid_connect with entraID (groups)
1 answers
Postgres Error
Join requests still received from old DevEUI after device reconfiguration
1 answers
Error during Chirpstack v3 to v4 migration : column "class_b_timeout" of relation "device_profile" does not exist
1 answers
Connecting Dragino LT-22222-L and LT-33222-L
2 answers
ChirpStack v3 → v4 migration stuck
1 answers