Question about the "prerequisites" part for Product Installation

#1

Hi,

I work for a company that makes mobile apps. We work alongside another company that makes a device. Both of our companies are working for the same client (this is how we are associated, the app and device work together). Just so you understand the context.

The company that makes the device told us they installed a Mender client on it and asked us to set up a Mender server.

Currently, I’m following the instructions to setup a Mender server. And I’m unsure about the following prerequisite :

  • Allocated DNS names for the Mender API Gateway and the Mender Storage Proxy (for purpose of the guide, it is assumed that you own the domains mender.example.com and s3.example.com ) that resolve to the public IP of current host on the devices.

I’m unsure what it means that the DNS resolves “to the public IP of current host on the devices”. I did setup an ec2 instance and enabled the ports 443 and 9000 as written. Just to be sure, the “public IP of current host on the device” has nothing to do with the IP of the ec2 right? Is this something that has to with the device itself? I do have access to the domain name provider’s account and can modify settings there. I don’t have any access to the device, so that’s why I ask here to understand it better when I ask the other company for this. Thanks for your time

#2

Just to be sure, the “public IP of current host on the device” has nothing to do with the IP of the ec2 right?

It is actually related to the ec2 instance.

Essentially you need to have assigned domain names to your EC2 instance, this is a requirement since you are creating certificates and they are created specifically for your domain and you can not use a IP address here.

So mender.example.com and s3.example.com (replace example with your domain) must resolve to the IP address of your EC2 instance.

The only modifications that are required on the device is that the ServerUrl must be updated to point to your domain name that resolves to the IP of the EC2 instance, and you need add the generated certificate on the devices server.crt.

#3

Awesome! Thank you for the fast reply :slight_smile:

#4

Hi again Mirzak,

I completed the “Product installation” flow, but I’m still unsure I did the right thing. Both mender.example.com and s3.example.com redirect to the IP of my EC2 instance.

When I do

./run ps

All states are “Up” and it looks the same as in the example. But when I get to https://mender.example.com, what should I see exactly?

At this point you should be able to access https://mender.example.com with your web browser.

All I see is it resolving to the IP of the EC2 but other than that I get “ERR_TIMED_OUT”. Any clues as to where I should look further? If it’s too specific for a question, I’ll understand. Thanks

#5

Hi @mat,

In theory you should see the Mender Web UI but I’m not clear on how you redirect mender.example.com to your EC2 instance. That FQDN is used for the Mender demo environment and on the client devices, the mapping is done via the /etc/hosts file. For a production Mender server installation you should not be using mender.example.com but rather something specific to your networking environment/domains.

The TLS keys should also be based on your custom domain name and the setting for the API gateway in ALLOWED HOSTS needs to match.

HTH,
Drew

#6

Hi Drew,

Thanks for taking the time to answer.

Just to avoid all confusion, I’ll put my example in this way, and maybe you could point me in the right direction :

In the DNS configuration of my domain name , I put 2 subdomains that point to the IP of the EC2 instance. So mender.{myProjectName}.com and s3.{myProjectName}.com both point to the same IP.

I did put mender.{myProjectName}.com under the ALLOWED_HOSTS in mender-api-gateway as was written in the documentation (as well as all the other steps in the ‘Product Installation’ page)

Is it possible I didn’t set up the DNS correctly for both subdomains? Or would you think my problem lies elsewhere?

Thanks again for your time