Vehicles uses port 443 even when configured otherwise #114
Comments
Bre77
changed the title
|
I dont think the vehicle is respecting the |
Bre77
changed the title
|
The vehicle always uses port |
|
Hopefully at some point the port the vehicle uses will be customizable. |
The |
|
That's a great point. When setting up my instance I used 443 to keep it simple so didn't think about that. |
|
I was messing around with I wasn't sure if it expects the server or client config for verification? I assumed the client config is probably the payload that you use for the |
|
The Edit: updated the post to clarify this script expects the server's config file. |
|
Thanks! In that case, do you know if the actual server requires the I think I got thrown off because your tutorial says |
|
The server config file doesn't need You're right - I'll correct that. Thanks for calling out my oversights! |
Unfortunately apache is already using port 443 on my server. How did you solve this? Are requests from cars a http request, so I can use anything like ProxyPassMatch / ProxyPassReverse |
Welcome to my problem. You either need a second IP address and bind each application separately, use an SNI proxy infront to do a non decrypting proxy, or like I did, run a second server. Eventually I plan to rewrite the Fleet Telemetry server in NodeJS and terminate all SSL including the mTLS in Caddy 2. |
|
Have a look to HAProxy (I use it in a docker container) : it should be able
to handle this configuration.
I have set this haproxy.cfg up to handle fleet-telemetry and apache2
servers (with many virtual hosts) :
```
global
user haproxy
group haproxy
chroot /var/lib/haproxy
log stdout format raw local0
stats socket /var/run/stats
stats timeout 30s
daemon
defaults
log global
mode tcp
option tcplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
frontend incoming_443
bind *:443
tcp-request inspect-delay 5s
tcp-request content accept if { req_ssl_hello_type 1 }
acl is_fleet_telemetry req_ssl_sni -i <FQDN>
use_backend fleet_telemetry_backend_tcp if is_fleet_telemetry
default_backend apache443_backend_tcp
backend fleet_telemetry_backend_tcp
server fleet_telemetry_server <fleet-telemetry.lan>:<fleet-telemetry
port>
backend apache443_backend_tcp
server apache_server <apache.lan>:<apache port>
```
Apache2 servers are still working ... but I do not receive any
connection from my car...
I have no error message with GET
/api/1/partner_accounts/fleet_telemetry_errors and GET
/api/1/vehicles/{vehicle_tag}/fleet_telemetry_config gives synced=true...
Maybe my PKI is too strong and not supported by the car ? (secp521r1,
sha512WithRSAEncryption, 4096bits)
Does anyone with a Model S early-2019 have succeeded in using
fleet-telemetry ?
Thanks in advance for your help/ideas ! :-)
Philippe
Le lun. 26 févr. 2024 à 09:20, Christian P. ***@***.***> a
écrit :
… The vehicle always uses port 443. The port you specify in config.json
tells the server where to listen. You just need to make sure public port
443 gets mapped to whatever port you specify.
Unfortunately apache is already using port 443 on my server. How did you
solve this? Are requests from cars a http request, so I can use anything
like ProxyPassMatch / ProxyPassReverse
—
Reply to this email directly, view it on GitHub
<#114 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ADUNWNKXEBSTFOLDWVEJXODYVRAVJAVCNFSM6AAAAABDXP5OCCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSNRTGU2TCNZXGQ>
.
You are receiving this because you are subscribed to this thread.Message
ID: ***@***.***>
|
|
@GaPhi shameless plug, but if you want to test your vehicle with Fleet Telemetry, sign up for a free trial at https://teslemetry.com/ and you can get your fleet telemetry in the browser, over SSE, or web hooks. I suspect if you have an MCU2 or similar, your vehicle will be too old. |
|
I have MCU3 (upgraded thanks to FSD bought).
teslemetry.com does not work : it sees my car but it cannot configure the
fleet-telemetry (my config remains active) and it does not see the
failure...
More, when trying to remove access to my car, it says it is done but
continues to access it... Deleting the account is not achieved even if it
is written it has been done...
Hopefully, Tesla has sent an email with a revocation link that works!
I think this teslemetry.com site is not ready yet to be secure... You are
warned!
Thanks for your help but I will continue to search for a more convincing
solution/diagnostic of my problem.
Le lun. 26 févr. 2024 à 23:35, Brett Adams ***@***.***> a
écrit :
… @GaPhi <https://github.com/GaPhi> shameless plug, but if you want to test
your vehicle with Fleet Telemetry, sign up for a free trial at
https://teslemetry.com/ and you can get your fleet telemetry in the
browser, over SSE, or web hooks. I suspect if you have an MCU2 or similar,
your vehicle will be too old.
—
Reply to this email directly, view it on GitHub
<#114 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ADUNWNNACNNSTKAZBCBK6R3YVUE4BAVCNFSM6AAAAABDXP5OCCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSNRVGQ2DSMZXGY>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
@bassmaster187 @Bre77 change rolling out later today to make it so you can set the port of your fleet-telemetry server. Will let you know when it's live. |
|
@patrickdemers6 thats awesome, I'll test it as soon as its avaliable, I have a servers in the EU and US ready and waiting :) @GaPhi if you still have concerns email me at admin@teslemetry.com, but the site did tell you to revoke with Tesla too |
|
@Bre77 the change is deployed. I have validated in prod you can now point the car to an alternative port. |
I can confirm my Model 3 is now attempting to connect on the custom port I have specified accord it its errors. |
I realized this morning that port is now a required field. Such breaking changes should be announced by a mailing list or whatever. |
This morning I received the email saying I was Fleet Telemetry ready.
I create a brand new CA cert using my private key, and issued a certificate to my fleet telemetry server. I then used the
fleet_telemetry_configendpoint to install config on my Model 3. However thefleet_telemetry_errorsendpoint has told mecertificate signed by unknown authorityI ran
./check_server_cert.sh conf.jsonand it returned:So it would seem my configuration and Fleet Telemetry server are configured correctly, yet my vehicle does not like my certificate authority.
The text was updated successfully, but these errors were encountered: