You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Using ttn-lw-cli v3.8.7 I'm unable to run console commands against a self-managed TTN v3.8.7 deployment. This was working previously and has since stopped following the addition of the http.redirect-to-tls flag in the deployment configuration.
The console is still accessible and working as expected. I am not sure if this is a bug or a system configuration issue. Either way your help would be much appreciated!
Steps to Reproduce
Install dockerised TTN deployment on a remote server with a Let's Encrypt certificate
Follow the getting started guide on setting up the deployment, adding in the http.redirect-to-tls flag, set to true
Install the ttn-lw-cli toolset on another machine, and point the CLI to use the server domain
Try to run a command using the setup ttn-lw-cli toolset
ttn-lw-stack.yml - Server:
# Identity Server configuration
is:
# Email configuration for "REMOVED"
email:
sender-name: 'The Things Stack'
sender-address: 'noreply@REMOVED'
network:
name: 'TTN-stack'
console-url: 'https://REMOVED/console'
identity-server-url: 'https://REMOVED/oauth'
# Web UI configuration for "REMOVED":
oauth:
ui:
canonical-url: 'https://REMOVED/oauth'
is:
base-url: 'https://REMOVED/api/v3'
# HTTP server configuration
http:
cookie:
block-key: 'REMOVED' # generate 32 bytes (openssl rand -hex 32)
hash-key: 'REMOVED' # generate 64 bytes (penssl rand -hex 64)
metrics:
password: 'REMOVED' # choose a password
pprof:
password: 'REMOVED' # choose a password
redirect-to-tls: 'true'
# Let's encrypt for "REMOVED"
tls:
source: 'acme'
acme:
dir: '/var/lib/acme'
email: 'REMOVED'
hosts: ['REMOVED']
default-host: 'REMOVED'
#If Gateway Server enabled, defaults for "REMOVED":
gs:
mqtt:
public-address: 'REMOVED:1882'
public-tls-address: 'REMOVED:8882'
mqtt-v2:
public-address: 'REMOVED:1881'
public-tls-address: 'REMOVED:8881'
#If Gateway Configuration Server enabled, defaults for "REMOVED":
gcs:
basic-station:
default:
lns-uri: 'wss://REMOVED:8887'
the-things-gateway:
default:
mqtt-server: 'mqtts://REMOVED:8881'
# Web UI configuration for "REMOVED":
console:
ui:
canonical-url: 'https://REMOVED/console'
is:
base-url: 'https://REMOVED/api/v3'
gs:
base-url: 'https://REMOVED/api/v3'
ns:
base-url: 'https://REMOVED/api/v3'
as:
base-url: 'https://REMOVED/api/v3'
js:
base-url: 'https://REMOVED/api/v3'
qrg:
base-url: 'https://REMOVED/api/v3'
edtc:
base-url: 'https://REMOVED/api/v3'
oauth:
authorize-url: 'https://REMOVED/oauth/authorize'
token-url: 'https://REMOVED/oauth/token'
client-id: 'console'
client-secret: 'console' # choose or generate a secret
ttn-lw-cli login
ERROR Please login with the login command
INFO Opening your browser on https://openstack-floating-193-206.ecdf.ed.ac.uk:443/oauth/authorize?client_id=cli&redirect_uri=local-callback&response_type=code
INFO After logging in and authorizing the CLI, we'll get an access token for future commands.
INFO Waiting for your authorization...
ERROR Could not exchange OAuth access token error=oauth2: cannot fetch token: 405 Method Not Allowed
Response: {
"code": 2,
"message": "error:pkg/errors/web:unknown (Method Not Allowed)",
"details": [
{
"@type": "type.googleapis.com/ttn.lorawan.v3.ErrorDetails",
"namespace": "pkg/errors/web",
"message_format": "Method Not Allowed",
"attributes": {
"message": "Method Not Allowed"
},
"code": 2
}
]
}
What do you want to see instead?
Ideally, I would like to get authorised and be able to login via the console.
Environment
Both CLI and deployment are running v3.8.7. The deployment and the CLI work as expected when the http.redirect-to-tls flag is set to false or not present. This has also been tested using several different machines against the same deployment, reproducing the error each time (with each CLI running v3.8.7 too)
Can you do this yourself and submit a Pull Request?
Nope, I would happily do so if I could fix it, but with this I very much appreciated your help!
The text was updated successfully, but these errors were encountered:
Hi @ZeroSum24 , thanks for reporting this issue. Indeed, I was able to reproduce the problem. This has been around since 3.8.0 apparently.
EDIT: As a workaround, until a fix is released, you should be able to login successfully be removing the port number (:443) from the OAuth server address in .ttn-lw-cli.yml.
@neoaggelos thanks very much for your help and the quick response! I've applied that workaround on our end which has resolved the issue for the moment.
Summary
Using ttn-lw-cli v3.8.7 I'm unable to run console commands against a self-managed TTN v3.8.7 deployment. This was working previously and has since stopped following the addition of the http.redirect-to-tls flag in the deployment configuration.
The console is still accessible and working as expected. I am not sure if this is a bug or a system configuration issue. Either way your help would be much appreciated!
Steps to Reproduce
ttn-lw-stack.yml - Server:
ttn-lw-cli config -- Server:
ttn-lw-stack config -- CLI:
What do you see now?
What do you want to see instead?
Ideally, I would like to get authorised and be able to login via the console.
Environment
Both CLI and deployment are running v3.8.7. The deployment and the CLI work as expected when the http.redirect-to-tls flag is set to false or not present. This has also been tested using several different machines against the same deployment, reproducing the error each time (with each CLI running v3.8.7 too)
Can you do this yourself and submit a Pull Request?
Nope, I would happily do so if I could fix it, but with this I very much appreciated your help!
The text was updated successfully, but these errors were encountered: