Skip to content

Commit 3bbad2d

Browse files
committed
Add ChirpStack Gateway Bridge TLS config for Basics Station.
1 parent 96cb063 commit 3bbad2d

File tree

42 files changed

+194
-114
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

42 files changed

+194
-114
lines changed

README.md

Lines changed: 11 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -18,13 +18,15 @@ It will:
1818

1919
## Vagrant (local environment using VirtualBox)
2020

21+
### Ports
22+
2123
The included `Vagrantfile` will setup a Debian Bullseye (11.x) virtual
2224
machine with the latest ChirpStack components installed. It will also forward
2325
the following ports to your host system:
2426

25-
* `8080`: ChirpStack UI and gRPC API
27+
* `4443`: ChirpStack UI and gRPC API (with TLS, e.g. [https://localhost:4443/](https://localhost:4443))
2628
* `1700`: ChirpStack Gateway Bridge UDP listener (configured for EU868 region by default)
27-
* `3001`: ChirpStack Gateway Bridge Basics Station listener (configured for EU868 region by default)
29+
* `3001`: ChirpStack Gateway Bridge Basics Station listener (configured for EU868 region by default, with TLS, client-certificate files can be generated in the ChirpStack UI)
2830
* `8883`: Mosquitto MQTT (with TLS, client-certificate files can be generated in the ChirpStack UI)
2931

3032
Note: when using Vagrant, there is no need to install Ansible (this will be
@@ -90,6 +92,13 @@ bare-metal, AWS, ...
9092
Don't have a DigitalOcean account yet? Use
9193
[this](https://m.do.co/c/6cd86e9f1cb8) link and get $10 in credits for free :-)
9294

95+
### Ports
96+
97+
* `443`: ChirpStack UI and gRPC API (with TLS, e.g. https://subdomain.example.com/)
98+
* `1700`: ChirpStack Gateway Bridge UDP listener (configured for EU868 region by default)
99+
* `3001`: ChirpStack Gateway Bridge Basics Station listener (configured for EU868 region by default, with TLS, client-certificate files can be generated in the ChirpStack UI)
100+
* `8883`: Mosquitto MQTT (with TLS, client-certificate files can be generated in the ChirpStack UI)
101+
93102
### Requirements
94103

95104
On the machine from where you will execute this Ansible playbook (e.g. your own

group_vars/chirpstack.example.yml

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -50,11 +50,16 @@ chirpstack_gateway_bridge_basicstation:
5050
# chirpstack-gateway-bridge-basicstation-[region].toml
5151
region: eu868
5252

53+
# The full domain by which the ChirpStack Gateway Bridge Basics Station
54+
# backend is available.
55+
# e.g. subdomain.example.com
56+
fqdn: subdomain.example.com
57+
5358
# ChirpStack configuration.
5459
chirpstack:
5560
# The full domain by which ChirpStack is reachable.
5661
# e.g. subdomain.example.com
57-
fqdn: localhost
62+
fqdn: subdomain.example.com
5863

5964
# If enabled, a Let's Encrypt certificate will be configured. Else a
6065
# self-signed certificate will be used.

host_vars/vagrant.yml

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -50,6 +50,11 @@ chirpstack_gateway_bridge_basicstation:
5050
# chirpstack-gateway-bridge-basicstation-[region].toml
5151
region: eu868
5252

53+
# The full domain by which the ChirpStack Gateway Bridge Basics Station
54+
# backend is available.
55+
# e.g. subdomain.example.com
56+
fqdn: localhost
57+
5358
# ChirpStack configuration.
5459
chirpstack:
5560
# The full domain by which ChirpStack is reachable.

roles/chirpstack-gateway-bridge-basicstation/tasks/main.yml

Lines changed: 51 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,57 @@
33
name: chirpstack-gateway-bridge
44
state: latest
55

6+
- name: create certs directory
7+
file:
8+
path: /etc/chirpstack-gateway-bridge/certs
9+
state: directory
10+
owner: gatewaybridge
11+
group: gatewaybridge
12+
mode: "0700"
13+
14+
- name: copy server cert config
15+
template:
16+
src: server-cert.json
17+
dest: /etc/chirpstack-gateway-bridge/certs/server-cert.json
18+
owner: gatewaybridge
19+
group: gatewaybridge
20+
mode: "0600"
21+
22+
- name: generate server certificate
23+
shell: "cfssl gencert -ca /etc/chirpstack-certs/ca.pem -ca-key /etc/chirpstack-certs/ca-key.pem -config /etc/chirpstack-certs/ca-config.json -profile server server-cert.json | cfssljson -bare /etc/chirpstack-gateway-bridge/certs/server"
24+
args:
25+
chdir: /etc/chirpstack-gateway-bridge/certs
26+
notify:
27+
- restart chirpstack-gateway-bridge-basicstation
28+
29+
- name: copy ca cert
30+
copy:
31+
src: /etc/chirpstack-certs/ca.pem
32+
dest: /etc/chirpstack-gateway-bridge/certs/ca.pem
33+
remote_src: "yes"
34+
owner: gatewaybridge
35+
group: gatewaybridge
36+
mode: "0600"
37+
notify:
38+
- restart chirpstack-gateway-bridge-basicstation
39+
40+
- name: set certificate permissions
41+
file:
42+
path: /etc/chirpstack-gateway-bridge/certs
43+
state: directory
44+
recurse: "yes"
45+
owner: gatewaybridge
46+
group: gatewaybridge
47+
mode: "0600"
48+
49+
- name: set certificate directory permissions
50+
file:
51+
path: /etc/chirpstack-gateway-bridge/certs
52+
state: directory
53+
owner: gatewaybridge
54+
group: gatewaybridge
55+
mode: "0700"
56+
657
- name: add systemd service
758
template:
859
src: chirpstack-gateway-bridge-basicstation.service

roles/chirpstack-gateway-bridge-basicstation/templates/chirpstack-gateway-bridge-basicstation-as923.toml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -16,9 +16,9 @@ type="basic_station"
1616

1717
[backend.basic_station]
1818
bind=":3001"
19-
tls_cert=""
20-
tls_key=""
21-
ca_cert=""
19+
tls_cert="/etc/chirpstack-gateway-bridge/certs/server.pem"
20+
tls_key="/etc/chirpstack-gateway-bridge/certs/server-key.pem"
21+
ca_cert="/etc/chirpstack-gateway-bridge/certs/ca.pem"
2222

2323
region="AS923"
2424
frequency_min=915000000

roles/chirpstack-gateway-bridge-basicstation/templates/chirpstack-gateway-bridge-basicstation-as923_2.toml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -16,9 +16,9 @@ type="basic_station"
1616

1717
[backend.basic_station]
1818
bind=":3001"
19-
tls_cert=""
20-
tls_key=""
21-
ca_cert=""
19+
tls_cert="/etc/chirpstack-gateway-bridge/certs/server.pem"
20+
tls_key="/etc/chirpstack-gateway-bridge/certs/server-key.pem"
21+
ca_cert="/etc/chirpstack-gateway-bridge/certs/ca.pem"
2222

2323
region="AS923"
2424
frequency_min=915000000

roles/chirpstack-gateway-bridge-basicstation/templates/chirpstack-gateway-bridge-basicstation-as923_3.toml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -16,9 +16,9 @@ type="basic_station"
1616

1717
[backend.basic_station]
1818
bind=":3001"
19-
tls_cert=""
20-
tls_key=""
21-
ca_cert=""
19+
tls_cert="/etc/chirpstack-gateway-bridge/certs/server.pem"
20+
tls_key="/etc/chirpstack-gateway-bridge/certs/server-key.pem"
21+
ca_cert="/etc/chirpstack-gateway-bridge/certs/ca.pem"
2222

2323
region="AS923"
2424
frequency_min=915000000

roles/chirpstack-gateway-bridge-basicstation/templates/chirpstack-gateway-bridge-basicstation-as923_4.toml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -16,9 +16,9 @@ type="basic_station"
1616

1717
[backend.basic_station]
1818
bind=":3001"
19-
tls_cert=""
20-
tls_key=""
21-
ca_cert=""
19+
tls_cert="/etc/chirpstack-gateway-bridge/certs/server.pem"
20+
tls_key="/etc/chirpstack-gateway-bridge/certs/server-key.pem"
21+
ca_cert="/etc/chirpstack-gateway-bridge/certs/ca.pem"
2222

2323
region="AS923"
2424
frequency_min=915000000

roles/chirpstack-gateway-bridge-basicstation/templates/chirpstack-gateway-bridge-basicstation-au915_0.toml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -16,9 +16,9 @@ type="basic_station"
1616

1717
[backend.basic_station]
1818
bind=":3001"
19-
tls_cert=""
20-
tls_key=""
21-
ca_cert=""
19+
tls_cert="/etc/chirpstack-gateway-bridge/certs/server.pem"
20+
tls_key="/etc/chirpstack-gateway-bridge/certs/server-key.pem"
21+
ca_cert="/etc/chirpstack-gateway-bridge/certs/ca.pem"
2222

2323
region="AU915"
2424
frequency_min=915000000

roles/chirpstack-gateway-bridge-basicstation/templates/chirpstack-gateway-bridge-basicstation-au915_1.toml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -16,9 +16,9 @@ type="basic_station"
1616

1717
[backend.basic_station]
1818
bind=":3001"
19-
tls_cert=""
20-
tls_key=""
21-
ca_cert=""
19+
tls_cert="/etc/chirpstack-gateway-bridge/certs/server.pem"
20+
tls_key="/etc/chirpstack-gateway-bridge/certs/server-key.pem"
21+
ca_cert="/etc/chirpstack-gateway-bridge/certs/ca.pem"
2222

2323
region="AU915"
2424
frequency_min=915000000

roles/chirpstack-gateway-bridge-basicstation/templates/chirpstack-gateway-bridge-basicstation-au915_2.toml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -16,9 +16,9 @@ type="basic_station"
1616

1717
[backend.basic_station]
1818
bind=":3001"
19-
tls_cert=""
20-
tls_key=""
21-
ca_cert=""
19+
tls_cert="/etc/chirpstack-gateway-bridge/certs/server.pem"
20+
tls_key="/etc/chirpstack-gateway-bridge/certs/server-key.pem"
21+
ca_cert="/etc/chirpstack-gateway-bridge/certs/ca.pem"
2222

2323
region="AU915"
2424
frequency_min=915000000

roles/chirpstack-gateway-bridge-basicstation/templates/chirpstack-gateway-bridge-basicstation-au915_3.toml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -16,9 +16,9 @@ type="basic_station"
1616

1717
[backend.basic_station]
1818
bind=":3001"
19-
tls_cert=""
20-
tls_key=""
21-
ca_cert=""
19+
tls_cert="/etc/chirpstack-gateway-bridge/certs/server.pem"
20+
tls_key="/etc/chirpstack-gateway-bridge/certs/server-key.pem"
21+
ca_cert="/etc/chirpstack-gateway-bridge/certs/ca.pem"
2222

2323
region="AU915"
2424
frequency_min=915000000

roles/chirpstack-gateway-bridge-basicstation/templates/chirpstack-gateway-bridge-basicstation-au915_4.toml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -16,9 +16,9 @@ type="basic_station"
1616

1717
[backend.basic_station]
1818
bind=":3001"
19-
tls_cert=""
20-
tls_key=""
21-
ca_cert=""
19+
tls_cert="/etc/chirpstack-gateway-bridge/certs/server.pem"
20+
tls_key="/etc/chirpstack-gateway-bridge/certs/server-key.pem"
21+
ca_cert="/etc/chirpstack-gateway-bridge/certs/ca.pem"
2222

2323
region="AU915"
2424
frequency_min=915000000

roles/chirpstack-gateway-bridge-basicstation/templates/chirpstack-gateway-bridge-basicstation-au915_5.toml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -16,9 +16,9 @@ type="basic_station"
1616

1717
[backend.basic_station]
1818
bind=":3001"
19-
tls_cert=""
20-
tls_key=""
21-
ca_cert=""
19+
tls_cert="/etc/chirpstack-gateway-bridge/certs/server.pem"
20+
tls_key="/etc/chirpstack-gateway-bridge/certs/server-key.pem"
21+
ca_cert="/etc/chirpstack-gateway-bridge/certs/ca.pem"
2222

2323
region="AU915"
2424
frequency_min=915000000

roles/chirpstack-gateway-bridge-basicstation/templates/chirpstack-gateway-bridge-basicstation-au915_6.toml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -16,9 +16,9 @@ type="basic_station"
1616

1717
[backend.basic_station]
1818
bind=":3001"
19-
tls_cert=""
20-
tls_key=""
21-
ca_cert=""
19+
tls_cert="/etc/chirpstack-gateway-bridge/certs/server.pem"
20+
tls_key="/etc/chirpstack-gateway-bridge/certs/server-key.pem"
21+
ca_cert="/etc/chirpstack-gateway-bridge/certs/ca.pem"
2222

2323
region="AU915"
2424
frequency_min=915000000

roles/chirpstack-gateway-bridge-basicstation/templates/chirpstack-gateway-bridge-basicstation-au915_7.toml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -16,9 +16,9 @@ type="basic_station"
1616

1717
[backend.basic_station]
1818
bind=":3001"
19-
tls_cert=""
20-
tls_key=""
21-
ca_cert=""
19+
tls_cert="/etc/chirpstack-gateway-bridge/certs/server.pem"
20+
tls_key="/etc/chirpstack-gateway-bridge/certs/server-key.pem"
21+
ca_cert="/etc/chirpstack-gateway-bridge/certs/ca.pem"
2222

2323
region="AU915"
2424
frequency_min=915000000

roles/chirpstack-gateway-bridge-basicstation/templates/chirpstack-gateway-bridge-basicstation-cn470_0.toml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -16,9 +16,9 @@ type="basic_station"
1616

1717
[backend.basic_station]
1818
bind=":3001"
19-
tls_cert=""
20-
tls_key=""
21-
ca_cert=""
19+
tls_cert="/etc/chirpstack-gateway-bridge/certs/server.pem"
20+
tls_key="/etc/chirpstack-gateway-bridge/certs/server-key.pem"
21+
ca_cert="/etc/chirpstack-gateway-bridge/certs/ca.pem"
2222

2323
region="US915"
2424
frequency_min=470000000

roles/chirpstack-gateway-bridge-basicstation/templates/chirpstack-gateway-bridge-basicstation-cn470_1.toml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -16,9 +16,9 @@ type="basic_station"
1616

1717
[backend.basic_station]
1818
bind=":3001"
19-
tls_cert=""
20-
tls_key=""
21-
ca_cert=""
19+
tls_cert="/etc/chirpstack-gateway-bridge/certs/server.pem"
20+
tls_key="/etc/chirpstack-gateway-bridge/certs/server-key.pem"
21+
ca_cert="/etc/chirpstack-gateway-bridge/certs/ca.pem"
2222

2323
region="US915"
2424
frequency_min=470000000

roles/chirpstack-gateway-bridge-basicstation/templates/chirpstack-gateway-bridge-basicstation-cn470_10.toml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -16,9 +16,9 @@ type="basic_station"
1616

1717
[backend.basic_station]
1818
bind=":3001"
19-
tls_cert=""
20-
tls_key=""
21-
ca_cert=""
19+
tls_cert="/etc/chirpstack-gateway-bridge/certs/server.pem"
20+
tls_key="/etc/chirpstack-gateway-bridge/certs/server-key.pem"
21+
ca_cert="/etc/chirpstack-gateway-bridge/certs/ca.pem"
2222

2323
region="US915"
2424
frequency_min=470000000

roles/chirpstack-gateway-bridge-basicstation/templates/chirpstack-gateway-bridge-basicstation-cn470_11.toml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -16,9 +16,9 @@ type="basic_station"
1616

1717
[backend.basic_station]
1818
bind=":3001"
19-
tls_cert=""
20-
tls_key=""
21-
ca_cert=""
19+
tls_cert="/etc/chirpstack-gateway-bridge/certs/server.pem"
20+
tls_key="/etc/chirpstack-gateway-bridge/certs/server-key.pem"
21+
ca_cert="/etc/chirpstack-gateway-bridge/certs/ca.pem"
2222

2323
region="US915"
2424
frequency_min=470000000

roles/chirpstack-gateway-bridge-basicstation/templates/chirpstack-gateway-bridge-basicstation-cn470_2.toml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -16,9 +16,9 @@ type="basic_station"
1616

1717
[backend.basic_station]
1818
bind=":3001"
19-
tls_cert=""
20-
tls_key=""
21-
ca_cert=""
19+
tls_cert="/etc/chirpstack-gateway-bridge/certs/server.pem"
20+
tls_key="/etc/chirpstack-gateway-bridge/certs/server-key.pem"
21+
ca_cert="/etc/chirpstack-gateway-bridge/certs/ca.pem"
2222

2323
region="US915"
2424
frequency_min=470000000

roles/chirpstack-gateway-bridge-basicstation/templates/chirpstack-gateway-bridge-basicstation-cn470_3.toml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -16,9 +16,9 @@ type="basic_station"
1616

1717
[backend.basic_station]
1818
bind=":3001"
19-
tls_cert=""
20-
tls_key=""
21-
ca_cert=""
19+
tls_cert="/etc/chirpstack-gateway-bridge/certs/server.pem"
20+
tls_key="/etc/chirpstack-gateway-bridge/certs/server-key.pem"
21+
ca_cert="/etc/chirpstack-gateway-bridge/certs/ca.pem"
2222

2323
region="US915"
2424
frequency_min=470000000

roles/chirpstack-gateway-bridge-basicstation/templates/chirpstack-gateway-bridge-basicstation-cn470_4.toml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -16,9 +16,9 @@ type="basic_station"
1616

1717
[backend.basic_station]
1818
bind=":3001"
19-
tls_cert=""
20-
tls_key=""
21-
ca_cert=""
19+
tls_cert="/etc/chirpstack-gateway-bridge/certs/server.pem"
20+
tls_key="/etc/chirpstack-gateway-bridge/certs/server-key.pem"
21+
ca_cert="/etc/chirpstack-gateway-bridge/certs/ca.pem"
2222

2323
region="US915"
2424
frequency_min=470000000

roles/chirpstack-gateway-bridge-basicstation/templates/chirpstack-gateway-bridge-basicstation-cn470_5.toml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -16,9 +16,9 @@ type="basic_station"
1616

1717
[backend.basic_station]
1818
bind=":3001"
19-
tls_cert=""
20-
tls_key=""
21-
ca_cert=""
19+
tls_cert="/etc/chirpstack-gateway-bridge/certs/server.pem"
20+
tls_key="/etc/chirpstack-gateway-bridge/certs/server-key.pem"
21+
ca_cert="/etc/chirpstack-gateway-bridge/certs/ca.pem"
2222

2323
region="US915"
2424
frequency_min=470000000

roles/chirpstack-gateway-bridge-basicstation/templates/chirpstack-gateway-bridge-basicstation-cn470_6.toml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -16,9 +16,9 @@ type="basic_station"
1616

1717
[backend.basic_station]
1818
bind=":3001"
19-
tls_cert=""
20-
tls_key=""
21-
ca_cert=""
19+
tls_cert="/etc/chirpstack-gateway-bridge/certs/server.pem"
20+
tls_key="/etc/chirpstack-gateway-bridge/certs/server-key.pem"
21+
ca_cert="/etc/chirpstack-gateway-bridge/certs/ca.pem"
2222

2323
region="US915"
2424
frequency_min=470000000

0 commit comments

Comments
 (0)