search

balena-io / open-balena

Open source software to manage connected IoT devices at scale
https://balena.io/open
GNU Affero General Public License v3.0
1.06k stars 163 forks source link

Make VPN port configurable in api service via environment variable #271

Open matiasAS opened 3 months ago

matiasAS commented 3 months ago

Description This pull request modifies the docker-compose.yml file to allow the VPN port of the api service to be configurable via an environment variable (VPN_PORT). If the environment variable is not set, the default value 443 will be used.

Reason

Hetzner server Proxmox pfSense for networking Nginx Proxy Manager as a reverse proxy for services Cloudflare in front I encountered the following error on devices connecting to the VPN:

Jun 30 04:05:08 a179fab openvpn[6532]: 2024-06-30 04:05:08 WARNING: Bad encapsulated packet length from peer (18516), which must be > 0 and <= 1627 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]

An alternative solution to getting a new dedicated public IP for the virtual machine hosting OpenBalena was to change the VPN port to 4443, and then set up port forwarding from the public IP of pfSense to port 443 of the virtual machine.

From my research, the error was due to using pfSense and/or Nginx Proxy Manager along with Cloudflare, causing OpenVPN to "confuse" it with an HTTPS connection.

I want this change to avoid modifying the docker-compose.yml file directly and to prevent errors when updating with git pull due to file modifications.

The ideal and correct solution might be to use a dedicated IP, but I also did this to save money, even if it's a little less than 2 euros; it's still worth it, right?

Best regards, Matias Alvarez Sabate

ab77 commented 3 months ago

Could you please add a change-type (see https://github.com/balena-io/open-balena/pull/270/commits/52d0eb6c4d3fe244ca231ffe9507586145376f02)

matiasAS commented 3 months ago

I've added the Change-type: minor to the commit message as requested. The changes are now ready for review. Thank you!

ab77 commented 3 months ago

We don't support merged commits in the CI workflow, see here. Can you please squash your work down to a single commit, annotated with the change-type property, rebase on master and re-push..

matiasAS commented 3 months ago

I've squashed the commits into a single commit and added Change-type: minor. The branch has also been rebased on master. The changes are now ready for review. Sorry for the inconvenience, this is the first time I collaborate on an opensource project.

Thank you!

ab77 commented 3 months ago

Fails tests due to commit being out of tree, need to think about how to solve this for external contributors..

+ sudo -u balena git config --global --add safe.directory /home/balena/open-balena
+ cd /home/balena/open-balena
+ sudo -u balena git checkout 2d6c85804ce7d707a10d858dad817e259c071383
fatal: reference is not a tree: 2d6c85804ce7d707a10d858dad817e259c071383
matiasAS commented 3 months ago

With the help of chat gpt, I have updated the fork: 1)git remote add upstream https://github.com/balena-io/open-balena.git 2)git fetch upstream 3)git rebase upstream/master 4)git push -f origin configurable-vpn-port-api

Will that be enough?

github-actions[bot] commented 1 month ago

Website deployed to CF Pages, 👀 preview link https://f4d61b54.open-balena.pages.dev