Configure FS with SSL

1

Hello.

I’m using the 1.2beta version (from master). I have nginx installed as a proxy for GenieACS services. When I request a file with https the nginx gives it back with no poblem, so it is configured and ready to receive requests. The problme is when I try to push a file from GUI or provision script, it always requests it with http and nginx returns a 400 error. I have tried using the FS_SSL=true (which is not in the new docs). I have used the SSL_CERT for all the services (cwmp, ui, fs, nbi) but the request is still going throuh http instead of https.

Can you please help me? What am I doing wrong?

Regards

2

Hi,

I seem to have the same problem (no NGINX, directly from genieacs-fs service). Maybe you have found a solution already?

Regards
Arvydas

3

Hi. At the moment I left it without SSL, but I remembeer seen something about this in one of the latest Git changes in master. You could try that.

4

This is crucial to avoid dns hijacking on firmwares/vcfs being pushed.

The root cause of this is the way genieacs determines the FS endpoint URL.

We would need the ability to setup TLS/port of FS server independently from what genieacs uses as FS endpoint in download tasks.

I deployed this on Azure App Service and everything must be behind a single port, so having a proxy_pass nginx was the obvious solution. Everything runs on their default ports with no TSL, App Service is taking care of TLS, nginx is passing CWMP requests to genieacs-cwmp, file requests to genieacs-fs, everything else to genieacs ui.

I needed a genieacs config to setup the right URL for FS requests:. FS_URL_PREFIX
In my case such a config is set to “https://myappservice.azurewebsites.net/files/” and every download task for “https://myappservice.azurewebsites.net/files/myvcf.xml” points through proxy to http://{FS_IP}:{FS_PORT}