Closed kmoralescr closed 3 years ago
I have forwarded your issue to the appropriate team internally, however I'd probably also recommend that you file a support ticket or use the AWS Forum.
This GitHub repository is only for the main Greengrass core software (nucleus) and does not include the Secure Tunneling software.
Please see the instruction of how to use localproxy here: https://github.com/aws-samples/aws-iot-securetunneling-localproxy
When running localproxy and use -t
to specify the token, it is expecting the token itself is following after -t
, not the filename containing the token.
Also, from your log, I don't see the secure tunneling component logged any error. So I am assuming you are having problem with the local proxy only.
thanks @fufranci , you got it!, now it's working as expected. For community reference, I'll let an example documented, I did checked the documentation however it's not that intuitive and I naturally was very tempted to use the file address instead (in all AWS IoT examples, pointing to a file is OK, e.g: pointing to the certificates). Please do consider to add some additional wording in the error log as well
Thanks to your help, I have successfully run those commands:
A) using the token directly in terminal
B) using the env variable AWSIOT_TUNNEL_ACCESS_TOKEN
Thanks again
Describe the bug Hello AWS team, I might be missing something with the public component, at first sight everything is OK, however I'm seeing may errors in the aws.greengrass.SecureTunneling.log and I constantly seeing
Proxy server rejected web socket upgrade request: (HTTP/1.1 403 Forbidden) "Invalid access-token"
To Reproduce I did have ggv2 in ubuntu 16.04LTS, due to potential security requirements, I also tried in Ubuntu 20.04 with the same results. Steps to reproduce the behavior. If possible, provide a minimal amount of code that causes the bug.
With my tunneling open, now I do try to activate my localproxy
I did checked the content of the token, all seems to match. I also compared the destination token and matched with the MQTT message.
I also force my laptop to accept outbound connection
iptables -A OUTPUT -p tcp --dport 443 -j ACCEPT
Expected behavior I was expecting an smooth tunneling, just like the component installation.
Actual behavior alway I got the
Proxy server rejected web socket upgrade request: (HTTP/1.1 403 Forbidden) "Invalid access-token"
Checking ggv2 logs i see may errors.Environment
Additional context
I wondering if there is a missing priviledge somewhere. I suspected on the localproxy I had, so I decided to compile it, took a while, however the same error. I'm including the logs aws.greengrass.SecureTunneling.log Appreciate your support. thanks Keiner
E.g. what is the impact of the bug?