Not able to add API using private IP / APInf umbrella issues when running locally

[Madhu-NEC]

I am not able to publish API on APInf with bare private IP address while the same API i am able to publish on API-Umbrella.
I have used latest version of APInf and API-Umbrella and followed the steps given at below URl for installation:
docker installation

[ilarimikkonen]

Hi,

as a workaround for ipv4 IPs you can do like this:

http://12.33.56.78

[Madhu-NEC]

I am able to enter external public IP for adding API but I am not able to enter internal public IP to network for adding API.
Eventhough I am able to add external public IP but not able to add proxy setting for the API as it gives "cannot read property length of null" error.

[Madhu-NEC]

As you know I am working on APInf installation, and as per my understanding FQDN is needed for installation of APInf. Could you please explain what is the need of FQDN while installing APInf? If FQDN is needed, then a user(doesn't have FQDN) cannot complete it's installation process because in the installation documentation it is not mentioned that "YOUR_SITE_DOMAIN" is FQDN for the same? If yes, we should update it in the documentation as a note so that it can be useful for users installing APInf.

[ilarimikkonen]

Hi,

there is a branch: https://github.com/apinf/platform/tree/docs/update-install

which is used to update the documentation. It is work in progress. FQDN is needed if you use docker-compose script. in the docker compose there is the SLL part, which uses Let's Encrypt. Let's Encrypt does not allow certs without FQDN

[Madhu-NEC]

There is one docker-compose-development.yml. Can we use this file to install APInf without FQDN as SSL part is not there in this file?

[ilarimikkonen]

I'm testing now what makes sense. Please wait a little. Basically, if you want to run locally, pull both APInf platform code, apinf umbrella code, and run locally. Then no SSL is needed

[ilarimikkonen]

Hi,

one option is to follow Development installation with Docker and add entries to hosts file, remove ssl parts from docker-compose.yml, add the "apinf.dev" to env.apinf and api-umbrella.yml. this allows to run api umbrella locally, and I can curl -k https://apinf.dev:3002

unfortunately this leaves the HSTS config on, so I have not been able to bypass this.

I highly recommend to get a domain name and follow the "With Docker Compose -WORKING" part
in the https://github.com/apinf/platform/blob/docs/update-install/INSTALL.md branch.

this has been verified to work by me yesterday.

I apologise that the umbrella docs are not upto standards, but we are working on this

[AnuragVashisth-NEC]

Thanks ilarimikkonen.
I want a small information that do we need to get a public IP/FQDN for the machine running APInf?
Also can i use my own SSL (self-signed) certificates, other than LetsEncrypt, if yes, could you please share the details.

[ilarimikkonen]

Hi,

With FQDN this is working if you refer to these instructions: https://github.com/apinf/platform/blob/docs/update-install/INSTALL.md (section With Docker Compose -WORKING)

There is a possibility to generate certs and tell umbrella (ssl_cert: and ssl_cert_key: ) to use those. We'll investigate, there is a problem with umbrella loading the cert and key.

[ilarimikkonen]

this tested running ubuntu with chromium.

Hi, short update; with NREL umbrella we are able to set up locally:

easy way:

modify api-umbrella.yml and add

override_public_http_port: 443
override_public_http_proto: https

• modify api-umbrella.yml so that github login credentials are set in github for "apiumbrella.example.com"
• in docker-compose.yml comment out the ssl sections so that lets encrypt is not trying to get certificates for non existing domain
• add apiumbrella.example.com entry to /etc/hosts
• run docker-compose up apiumbrella

navigate to https://apiumbrella.example.com:3001

umbrella thinks that SSL traffic is terminated somewhere else.

HARD WAY with certs:

• modify api-umbrella.yml so that github login credentials are set in github for "apiumbrella.example.com"
• in docker-compose.yml comment out the ssl sections so that lets encrypt is not trying to get cetificated for non existing domain
• add apiumbrella.example.com entry to /etc/hosts
• run docker-compose up apiumbrella
• run docker ps and check what the hash for the umbrella container is
• run sudo docker exec -it /bin/bash and replace the with few initial digits from hash of the umbrella container
• in the container go to /opt/api-umbrella/etc/ssl and copy both key and cert
• using those key and cert run openssl to create a p12 for browser. example:
  sudo openssl pkcs12 -export -out umrella4-ilari.p12 -inkey apiu4-key.pem -in apiu4-cert.pem
• in chromium import the certificate created in previous step.
• navigate to https://apiumbrella.example.com:3002

[ilarimikkonen]

doing this with APInf umbrella leaves some functionality out; we are investigating

[Madhu-NEC]

Will the basic functionality of umbrella work such as API add, publish and accessibility? Could you please elaborate which functionalities will not work?

[ilarimikkonen]

those features you have mentioned above are NOT working, since the login to APInf umbrella is not working. How ever, they seem to wrk fine with NREL umbrella. NREL umbrella is missing some FIWARE integration features, but basic set is there and is usable.

[Madhu-NEC]

Thank you for your valuable guidance and support. As you suggested, I have tried apinf set-up with docker-compose with proper domain name. And it is working fine.

[Madhu-NEC]

We have a local environment setup where we want to serve services (like orion) through APInf gateway.
As you confirmed in above comments that we need APInf to be running on FQDN(publically accessible IP), we have done that but when we are adding API for Orion it says invalid URL. (please find attached screenshot_1 for referral).
The problem is with private IPs (where orion is running).
Can you please confirm whether we need to setup backend services like Orion on public IP as well or there is any workaround for this?
Screenshot_1

Also when integrating with Keyrock (running on private IP), APInf fairly accepts Private IP while configuring Fiware but when we sign in with fiware it gives 504 Gateway Time-out error.(please find attached screenshot_2 for referral).
Can you please confirm whether we need to setup Keyrock on public IP as well?
Screenshot_2

[ilarimikkonen]

hi,

about the invalid url, I cannot reproduce the problem with latest develop.

[ilarimikkonen]

about the fiware problem, I need to investigate.

[Madhu-NEC]

As per my investigation, the private IP falls in below range:
10.0.0.0 - 10.255.255.255
172.16.0.0 - 172.31.255.255
192.168.0.0 - 192.168.255.255
Please find the URL for confirmation: https://en.wikipedia.org/wiki/Private_network
The IP within above range shows invalid URL error.
Could you please verify an IP from above mentioned range?
Note: The usecase is to deploy APInf gateway for services like Orion within a network.