I’m using genieacs v1.2 and trying to setup my SSL properly now.
My two services cwmp and fs are working very well with my self-signed certs. I can verify that the traffic is encrypted by seeing the packets content on tcpdump and I can access both ports on my browser using https.
However one thing is failing regardless what I setup on my env variables.
The CWMP service is pointing the fs downloads to http://myserver.com:7567 instead of https://myserver.com:7567, hence, my CPE (mikrotik router) is failing to download the config files.
It all work very well when I remove GENIEACS_CWMP_SSL_CERT, GENIEACS_CWMP_SSL_KEY, GENIEACS_FS_SSL_CERT and GENIEACS_FS_SSL_KEY from /opt/genieacs/genieacs.env. But when I readd it, the encryption works well but it cwmp point to my FS hostname with HTTP and not HTTPS
Here’s the misleading packet:
"HTTP/1.1 200 OK
Content-Type: text/xml; charset=“utf-8”
Date: Fri, 28 Aug 2020 23:23:04 GMT
<soap-env:Envelope xmlns:soap-enc=“http://schemas.xmlsoap.org/soap/encoding/” xmlns:soap-env=“http://schemas.xmlsoap.org/soap/envelope/” xmlns:xsd=“http://www.w3.org/2001/XMLSchema” xmlns:xsi=“http://www.w3.org/2001/XMLSchema-instance” xmlns:cwmp=“urn:dslforum-org:cwmp-1-0”>soap-env:Header<cwmp:ID soap-env:mustUnderstand=“1”>1743761b6430000</cwmp:ID></soap-env:Header>soap-env:Bodycwmp:Download1743761b64300003 Vendor Configuration Filehttp://masked.com:7567/justlog.rsc.alter320</cwmp:Download></soap-env:Body></soap-env:Envelope>"
I trying setting up GENIEACS_FS_URL_PREFIX=https://myserver.com:7567 but it doesn’t seems to work neither.
Tried following the logic on “genieacs/lib/config.ts” but could not find why line 248 is still defaulting to “http” even if I have a FS_SSL_CERT setup.
Can someone help me on this?