nerves-hub / nerves_hub_link

Connect devices to NervesHub via a Phoenix channel
https://hex.pm/packages/nerves_hub_link
Apache License 2.0
36 stars 18 forks source link

Throble to connect my nerves_hub_web in localhost with my nerves project (firmware) in a rasp4 on local network #156

Closed gabrielmancini closed 5 months ago

gabrielmancini commented 8 months ago

Hello folks,

I'm having throble to connect my nerves_hub_web with my nerves project (firmware), using the nerves_hub_link and nerves_hub_cli, and trying to connect to my local nerves_hub_web, i am not using the default certificates, inside the test folder

i will walkthrow about my setup:

so, i cloned https://github.com/nerves-hub/nerves_hub_web

cd nerves_hub_web
echo "127.0.0.1 nerves-hub.org" | sudo tee -a /etc/hosts
docker run -p 5432:5432 -e POSTGRES_PASSWORD=postgres -e POSTGRES_USER=postgres -e POSTGRES_DB=nerves_hub_dev -d postgres:13
mix deps.get
mix compile
mix ecto.reset 
mix assets.install
iex -S mix phx.server

and the nerves_hub_web works perfect

after that i create a new nerves project with command line:

mix nerves.new firmeware
cd firmeware
export MIX_TARGET=rpi4
mix deps.get
mix compile
mix firmeware
mix burn

and put the sdcard into my rpi4 and connected into my network

so the command mix update works fine and nerves booted without any problems

then i understand that i need to connect the link, so i did:

in the nerves_hub_web clone folder i created a "env" file: /home/me/nerves_hub_web/.env.dev.local with the follow content

export DATABASE_URL=postgres://postgres:postgres@localhost:5432/nerves_hub_dev
export LOCAL_IPV4=127.0.0.1
export NERVES_HUB_CA_DIR=/home/me/.nerves-hub
export ERL_COOKIE=cookie

export LIVE_VIEW_SIGNING_SALT=yz/zh1ND2xUzaQxYOn/tBrLW46prOG76CmUMLouxPOr/nXdbq/AV+DCAVyqWYNg4
export SECRET_KEY_BASE=CgVs//sLSh+Yp1iBt/LN7OgMUZdVp3kvgtLFpzmXFu94vvrsLwQ10BobN4HgAnu+

export HOST=nerveshub.nerves-hub.org
export PORT=4000

export DEVICE_HOST=nerveshub.nerves-hub.org
export DEVICE_PORT=4001

export API_HOST=nerveshub.nerves-hub.org
export API_PORT=4002

i found this reference in a elixirforum post: https://elixirforum.com/t/what-is-the-proper-certificates-configuration-for-nerveshub-2-0-and-nerveshublink/55809

pls note this variable NERVES_HUB_CA_DIR, i just assign the dir folder where i put the certificates, i found this env var in config/dev.exs in nerves_hub_web, and on the firmware project i change the config/dev.exs with the follow code:

config :nerves, :firmware,
  rootfs_overlay: "rootfs_overlay",
  provisioning: :nerves_hub_link

ca_certs = "/home/me/.nerves-hub"

config :nerves_hub_link,
  device_api_host: "192.168.0.88",
  device_api_port: 4001,
  ca_certs: ca_certs

config :nerves_hub_cli,
  org: "myorg",
  host: "nerveshub.nerves-hub.org",
  port: 4001,
  server_name_indication: 'nerveshub.nerves-hub.org',
  ca_certs: ca_certs

and the mix.exs:


...
      {:nerves_runtime, "~> 0.13.0"},

      {:nerves_hub_link, git: "https://github.com/nerves-hub/nerves_hub_link.git", branch: "main"},
      {:nerves_hub_cli, git: "https://github.com/nerves-hub/nerves_hub_cli.git", branch: "main"},
      {:nerves_time, "~> 0.4.6"},
...

and a .env file /home/me/firmeware/.env.nerves_hub_cli with:

export NERVES_HUB_TOKEN=nhu_000W98StoQxUhLAjoAYcfq4vXAOjVb3AMLfX
# export NERVES_HUB_HOST=nerveshub.nerves-hub.org
export NERVES_HUB_PORT=4001
export NERVES_HUB_CERT=/home/me/.nerves-hub/SERIAL-cert.pem
export NERVES_HUB_KEY=/home/me/.nerves-hub/SERIAL-key.pem
export NERVES_HUB_ORG=myorg

the NERVES_HUB_TOKEN i created using the defaut user on nerves_hub_web on http://localhost:4000/account/nerveshub/tokens

and then i follow this gist to create the certificates: https://gist.github.com/guillego/86b31452e639d7558c0e63b6937606bc

and i finish creating the certificates like Generate the ca.key with

openssl genrsa -out ca.key 2048

Generate the ca.pem with

openssl req -x509 -new -nodes -key ca.key -sha256 -days 1825 -out ca.pem -subj '/OU=NervesHub/'

Generate nerveshub.nerves-hub.org-key.pem with

openssl genrsa -out nerveshub.nerves-hub.org-key.pem

Generate nerveshub.nerves-hub.org.csr with

openssl req -new -key nerveshub.nerves-hub.org-key.pem -out nerveshub.nerves-hub.org.csr -subj '/CN=nerveshub.nerves-hub.org/'

Create nerveshub.nerves-hub.org.ext with:

authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment

[alt_names]
DNS.1 = nerveshub.nerves-hub.org

Generate nerveshub.nerves-hub.org.pem:

openssl x509 -req -in nerveshub.nerves-hub.org.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out nerveshub.nerves-hub.org.pem -days 825 -sha256 -extfile nerveshub.nerves-hub.org.ext

Move nerveshub.nerves-hub.org.pem and nerveshub.nerves-hub.org-key.pem to /home/me/.nerves-hub

when i run

mix nerves_hub.device create --identifier myid --tag test --description "i am a device"

i had this:

Nerves environment
  MIX_TARGET:   rpi4
  MIX_ENV:      dev

Generated firmeware app
NervesHub server: nerveshub.nerves-hub.org:4001
NervesHub organization: myorg

14:49:34.567 [warning] [NervesHubLink] No CA store or :cacerts have been specified. Request will fail
** (ArgumentError) errors were found at the given arguments:

  * 1st argument: not a binary

    :erlang.binary_to_atom(nil, :utf8)
    (tesla 1.8.0) lib/tesla/adapter/mint.ex:161: Tesla.Adapter.Mint.open_conn/2
    (tesla 1.8.0) lib/tesla/adapter/mint.ex:121: Tesla.Adapter.Mint.do_request/5
    (tesla 1.8.0) lib/tesla/adapter/mint.ex:61: Tesla.Adapter.Mint.call/2
    (tesla 1.8.0) lib/tesla/middleware/json.ex:57: Tesla.Middleware.JSON.call/3
    (tesla 1.8.0) lib/tesla/middleware/follow_redirects.ex:46: Tesla.Middleware.FollowRedirects.redirect/3
    (nerves_hub_cli 2.0.0) lib/nerves_hub_cli/api.ex:42: NervesHubCLI.API.request/4
    (nerves_hub_cli 2.0.0) lib/mix/tasks/nerves_hub.device.ex:278: Mix.Tasks.NervesHub.Device.create/3

and my firmware is not connected to nerves_hub and the nerves_hub_web not shows new devices

joshk commented 6 months ago

Hi @gabrielmancini

Sorry for not responding earlier.

We have updated nerves_hub_link to use the default cert store now if no cert files are provided.

Since its been several months from your last message, were you able to get everything up and running?

joshk commented 5 months ago

I'm going to close this issue for the time being, but I'm happy to reopen it if you are still experiencing any problems.