Deploying a Private Routing Environment With Docker-Compose

Hi @htdvisser,

Are you aware of such issues wich HTTP proxy CA cert ?
I can’t understand why handler is working now and not broker:thinking:
I can’t tell if it’s a Go env configuration problem, a broker CA configuration problem or maybe another thing.


Edit 2017/11/27: All seems to work fin today for the broker. Think it simply needed a clean container refresh with fresh configuration. :ok_hand:


why can’t I pull the image of the lora-gateway-bridge?
docker pull thethingsnetwork/lora-gateway-bridge:latest.
Error response from daemon: pull access denied for thethingsnetwork/lora-gateway-bridge, repository does not exist or may require 'docker login'


1 Like

Since early 2017 we use the gateway-connector-bridge image instead of the lora-gateway-bridge image. Try to use that one. You can find more info about it on


I’m following you instructions, is this a simple replacement of lora-gateway-bridge with gateway-connector-bridge ? also the .yml files in GitHub still make reference to lora-gateway-bridge ?

when can expect to see an updated article/gitHub files ? hoping to help rule out environment issues with my gateway

imageFor a fresh hand,it is better to add a port here,and add “put it below the broker: line”.

    bridge_1         |   INFO Routed connect                           Duration=582.612µs GatewayID=gw_test
    bridge_1         |   WARN Uplink not accepted by any northbound backend GatewayAddr=<nil> 
    bridge_1         |   WARN Uplink not accepted by any northbound backend GatewayAddr=<nil> 
    bridge_1         |   WARN Uplink not accepted by any northbound backend GatewayAddr=<nil> 
    bridge_1         |   WARN Status not accepted by any northbound backend GatewayAddr=<nil> 
    bridge_1         |   WARN Error in middleware                      GatewayAddr=<nil> GatewayID=gw_test 
error=lorafilter: found Downlink payload in UplinkMessage

I have implemented my own account server.When i test ttn by docker,i encounter this problem.What could I do wrong?Everything else seems ok from the log.
I have set up a Private Routing Environment whitout docker and everything works well,i can get message from the device in my application.Weird.

I solve my problem finally.I just change this line to “BRIDGE_TTN_ROUTER:”.I don’t know if it’s the right way but it works.

Hello all.
First of all, thanks for the guide. I’m running Ubuntu VM on mac. I followed routing environment step by step. docker-compose logs show me everything is ok, but the problem is when the only router is available for discovery. although broker and handler announced to the discovery. is it possible to help me?
thanks in advance.


Hi everyone,

I am pretty new to this and I am stuck with the following:
I followed all the steps from setting-up-a-private-routing-environment and, but got to the point where I have to run:

docker-compose run broker broker register-prefix 26000000/20 --config /etc/ttn/broker/ttn.yml

I am running it with sudo (otherwise is not working) and I get:

Starting ttn_redis_1 … done
Starting ttn_discovery_1 … done
Starting ttn_networkserver_1 … done
Error when reading config file: open /etc/ttn/broker/ttn.yml: no such file or directory

The file is there and configured as mentioned in the instructions:

id: mynetwork-broker
tls: true
key-dir: /etc/ttn/broker/
ttn-account-v2: “

discovery-address: “”
auth-token: – my auth token –

networkserver-cert: /etc/ttn/broker/networkserver.cert
networkserver-token: – my networkserver-token –

I am on Ubuntu 16.04 xenial.
Am I missing something? All the previous instructions worked fine.


please change the permission of directory and configuration file to full permission and try again.

Thank you. Changed the permissions to have it all, but it is still not working. I get the same error as above.

Gateway with public network is working fine
private backend with self test is working fine (by simulating device using ttnctl commands without using gateway)

Problem: Gateway is forwarding the packets to Backend(Router address) and router is not giving ACK back to gateway traced through wireshark
At the gateway end PULL_ACK is 0.0% ACK’ed.


  • Gateways are flashed with TTN packet forwarder but as per the blog for private backend is using gateway connector bridge, Question- gateway connector bridge will support for TTN forwarder also ?
  • Gateways are required any special keys or Tokens for accesing private backend ?

I’m setting up a private TTN and like to share my issues and solutions with the guide from

First of all it would be nice if the guide would be self containing. I might provide a git repo with all the config files from the guide later.

I don’t like to install anything on the host system and would like to issue docker to even generate the certs. For this I created an additional container:

  ttn: #a utility service for TTN
    image: thethingsnetwork/ttn:latest
      - "./discovery:/etc/ttn/discovery"
      - "./router:/etc/ttn/router"
      - "./broker:/etc/ttn/broker"
      - "./networkserver:/etc/ttn/networkserver"
      - "./handler:/etc/ttn/handler"

then you can create all certs needed (with out any preparation from the non-docker blockpost):

		docker-compose run ttn discovery gen-keypair --config /etc/ttn/discovery/ttn.yml
		docker-compose run ttn discovery gen-cert localhost discovery --config /etc/ttn/discovery/ttn.yml --key-dir /etc/ttn/discovery
		docker-compose run ttn router gen-keypair --config /etc/ttn/router/ttn.yml
		docker-compose run ttn router gen-cert localhost router --config /etc/ttn/router/ttn.yml --key-dir /etc/ttn/router
		docker-compose run ttn broker gen-keypair --config /etc/ttn/broker/ttn.yml
		docker-compose run ttn broker gen-cert localhost broker --config /etc/ttn/broker/ttn.yml --key-dir /etc/ttn/broker
		docker-compose run ttn networkserver gen-keypair --config /etc/ttn/networkserver/ttn.yml
		docker-compose run ttn networkserver gen-cert localhost networkserver --config /etc/ttn/networkserver/ttn.yml --key-dir /etc/ttn/networkserver
		cat ./discovery/server.cert > ./handler/ca.cert
		docker-compose run ttn handler gen-keypair --config /etc/ttn/handler/ttn.yml
		docker-compose run ttn handler gen-cert localhost handler --config /etc/ttn/handler/ttn.yml --key-dir /etc/ttn/handler

I’m also missing from the docker-compose post how to generate the token for the configs. You can do that with

# tokens for broker
docker-compose run --rm  ttn discovery authorize broker mynetwork-broker --config /etc/ttn/discovery/ttn.yml
docker-compose run --rm  ttn networkserver authorize mynetwork-broker --config /etc/ttn/networkserver/ttn.yml	
# token for router
docker-compose run --rm  ttn discovery authorize router mynetwork-router --config /etc/ttn/discovery/ttn.yml

# token for the handler
docker-compose run --rm  ttn discovery authorize handler mynetwork-handler --config /etc/ttn/discovery/ttn.yml

I will put everything here:

1 Like

So far so good. The setup I created in the git repo has problems to connect to the handler when registering an application with the handler. Any help (and feedback about the repo) is appreciated. I will continue to fix it next Tuesday.

Some more details:

Solved. this really should not be just a DEBUG message:

 DEBUG grpc: addrConn.createTransport failed to connect to { 0  <nil>}. Err :connection error: desc = "transport: Error while dialing dial tcp: address missing port in address". Reconnecting...

in the article about ‘private routing using docker-compose’,
you are saying

In this guide we will modify the configuration that we created in the previous guide, and use that to run the routing services as (component) If you have your own (sub)domains, that point to the IP address of your server, you can also use those.

i have a domain that point to the server on which i’m doing the installation using docker-compose, i didn’t quit understand the part that say If you have your own (sub)domains, that point to the IP address of your server, you can also use those.

in ther server-address-announce do i use:
do i use,,
and so on ?