Setting up a Private Handler

This topic can be used for comments and questions related to the guide for setting up a Private Handler connected to the Public Community Network.


I read the linked article and it seems a bit involving, quite a lot to setup/configure to get true end-to-end encryption. I suspect I get a whole lot more, but I cannot see why I should need that - the TTN servers usually do what I need.

It’s fine and dandy you can read my metadata, but I need to keep my payload secret from the TTN crew.

Is there an easier way to implement end-to-end encryption between my sensors and my application?


I have tryed to set up a private handler with the “Setting up a Private Handler”-guide.

First I have created a subdomain and allowed the ports 1904, 8084, 1883 and 8883 on the firewall.
Then, i set up the mqtt-broker, redis and the private handler.

By listing the components, the private handler is added:

root@edl-lorahandler:~/ttn# ./ttnctl components list
  INFO Found 0 routers
  INFO Found 0 brokers
  INFO Found 1 handler

        Type    ID
0       handler edl-lorahandler

Also with components-info:

root@edl-lorahandler:~/ttn# ./ttnctl components info handler edl-lorahandler
  INFO Found network component

Component ID:   edl-lorahandler
Type:           handler
Created:        2018-05-16 07:52:43.019 +0000 UTC

In the logfile of the handler aren’t any errors:

Using config file: /root/ttn/handler/ttn.yml
  INFO Initializing The Things Network          Auth Servers=map[ttn-account-v2:] ComponentID=edl-lorahandler Description= Discovery Server Monitors=map[]
  INFO Initializing Handler                     AMQP= Database=localhost:6379/0 HTTP Proxy= MQTT=localhost:1883 Server= TTN Broker ID=ttn-broker-eu
  INFO Starting
  WARN AMQP is not enabled in your configuration
  INFO ttn: Got public keys for token validation
  INFO ttn: Announced to TTN discovery
  INFO mqtt: connected
  INFO Adding Broker server                     Broker=ttn-broker-eu

But if i try to register an application to my private handler, the skript stands still on “Connecting with Handler…” :

root@edl-lorahandler:~/ttn# ./ttnctl applications register testapp44 --handler-id edl-lorahandler
  INFO Discovering Handler...                   Handler=edl-lorahandler
  INFO Connecting with Handler...     

What i’m doing wrong? - on the firewall and with tcpdump i see that there is also traffic on ports 1900 and 1902 to/from outside - but they aren’t listed to open in the guide. Should i have to open them?

Additional with “netstat -lp” there isn’t a service, which is listening on the port 8084 (HTTP API) - only 1883 and 1904 is listening… (while the handler-service is started of course)

Thanks for your help and sorry for my rubbish english.