Not much traffic here... a comment and three questions
Completed
I'm wondering, why there is not that much attention here. Just 12 followers (13 with me). What does that mean? Nobody cares about CloudAPI? Wouldn't be that good...
OK, here the questions:
1) I'm looking for a list of ports required to be opened for the CloudAPI backend to work properly
2) Looking for a way to put the entire backend behind a reverse proxy, especially Nginx, e.g. also for securing the entire stuff. Is that possible? If not, how to support wss and https?
3) Forgot the third question :)
-
1. Are you referring to the sample code we provide? Well, our example code just requires opening up port 8080 for it to work. When it comes to the Cloud API itself, all you need is to ensure that your remote controller or dock can connect to the MQTT broker, and then provide a front-end webpage accessible by Pilot2. 2. This is something you can implement on your cloud side indeed. Just keep in mind that currently, the Cloud API supports SSL certificates from only two providers: GoDaddy and Cloudflare. -
1) Yes, the sample app. Didn't check that, but is 8080 the default port of the frontend app? I know for the MQTT requirement. Is the dock/SC able to use WSS/HTTPS here?
2) You mean you would only support GoDaddy and Cloudflare if I somehow (how?) configure the certificates to the Java server or the Tomcat, right? But if I terminate SSL via Nginx, shouldn't I be free of choice for the CA provider, or are your clients refusing to work with e.g. LetsEncrypt? BTW: Where is this documented?
Thanks for the quick and helpful answer
-
OK, I see the frontend operating on 8080 by default. But what do these entries point to in src/api/http/config.ts?
What is behind 6789? And what is this config good for?
// httpbaseURL:.....', // This url must end with "/". Example: 'http://192.168.1.1:6789/'websocketURL:'.....', // Example: 'ws://192.168.1.1:6789/api/v1/ws' -
I'm sorry, but at the moment, we don't support Let's Encrypt certificates. Your server can only use certificates from GoDaddy or Cloudflare for now. You can check out the following article for details on supported certificates. Which certificates are supported by the Cloud API? (https://sdk-forum.dji.net/hc/en-us/articles/12759551856281-Which-certificates-are-supported-by-the-Cloud-API) -
I know. We have also tested CloudFlare and GoDaddy to no avail. The problem is the direct connection made from the Pilot2 app (H5 webview) to the MQTT server. All fine with MQTT and URLs like `tcp://domain.com:1883`. Impossible to make this work for MQTTS if the URL is `ssl://domain.com:8883`. Dock - as said - no problem. The same GoDaddy certificate/chain on the server and WSS - no problem. Even not from the Pilot2. No problem from other MQTTS clients, not from the MQTT dashboard, MQTTX, python, node, browser - all is working. Just not Pilot2. The network trace says, that the Pilot 2 tears down the TLS connection shortly after receiving the server cert with "Unknown CA" or "Invalid certificate" or nonsense like this. Godaddy Root CA and Security certificates clearly in the server's message and valid, double checked.
Any more information about the expected structure of the certificate challenge? We don't know what to do anymore. In fact we are now operating the entire platform half secured: All SSL protected, just not the connection from H5 to MQTT, because Pilot2 is not working with that.
Is there a particular Pilot2/Firmware version required to make that work?
-
All versions of Pilot2 support certificates from GoDaddy, but only the latest version has compatibility with Cloudflare certificates. We'll first consult with our R&D team regarding this issue and get back to you. However, due to the current Chinese New Year holiday period, we might need to wait until after the holiday (February 18th) to provide a response. -
Apologies for the inconvenience, but currently, we don't have a public cloud platform available for testing purposes. In addition, after consulting with our colleagues, we've confirmed that Pilot2 does not support Cloudflare certificates at this time. Cloudflare integration is only supported on the dock component.
Please sign in to leave a comment.
Comments
10 comments