This topic can be used for comments and questions related to the guide for setting up a Private Handler connected to the Public Community Network.
I read the linked article and it seems a bit involving, quite a lot to setup/configure to get true end-to-end encryption. I suspect I get a whole lot more, but I cannot see why I should need that - the TTN servers usually do what I need.
It’s fine and dandy you can read my metadata, but I need to keep my payload secret from the TTN crew.
Is there an easier way to implement end-to-end encryption between my sensors and my application?
I have tryed to set up a private handler with the “Setting up a Private Handler”-guide.
First I have created a subdomain and allowed the ports 1904, 8084, 1883 and 8883 on the firewall.
Then, i set up the mqtt-broker, redis and the private handler.
By listing the components, the private handler is added:
root@edl-lorahandler:~/ttn# ./ttnctl components list INFO Found 0 routers INFO Found 0 brokers INFO Found 1 handler Type ID 0 handler edl-lorahandler
Also with components-info:
root@edl-lorahandler:~/ttn# ./ttnctl components info handler edl-lorahandler INFO Found network component Component ID: edl-lorahandler Type: handler Created: 2018-05-16 07:52:43.019 +0000 UTC
In the logfile of the handler aren’t any errors:
Using config file: /root/ttn/handler/ttn.yml INFO Initializing The Things Network Auth Servers=map[ttn-account-v2:https://account.thethingsnetwork.org] ComponentID=edl-lorahandler Description= Discovery Server Address=discover.thethingsnetwork.org:1900 Monitors=map INFO Initializing Handler AMQP= Announce=my.domain.com:1904 Database=localhost:6379/0 HTTP Proxy=0.0.0.0:8084 MQTT=localhost:1883 Server=0.0.0.0:1904 TTN Broker ID=ttn-broker-eu INFO Starting WARN AMQP is not enabled in your configuration INFO ttn: Got public keys for token validation INFO ttn: Announced to TTN discovery INFO mqtt: connected INFO Adding Broker server Broker=ttn-broker-eu
But if i try to register an application to my private handler, the skript stands still on “Connecting with Handler…” :
root@edl-lorahandler:~/ttn# ./ttnctl applications register testapp44 --handler-id edl-lorahandler INFO Discovering Handler... Handler=edl-lorahandler INFO Connecting with Handler... Handler=my.domain.com:1904
What i’m doing wrong? - on the firewall and with tcpdump i see that there is also traffic on ports 1900 and 1902 to/from outside - but they aren’t listed to open in the guide. Should i have to open them?
Additional with “netstat -lp” there isn’t a service, which is listening on the port 8084 (HTTP API) - only 1883 and 1904 is listening… (while the handler-service is started of course)
Thanks for your help and sorry for my rubbish english.