Security

Mobile Access Server APN and GCM did not work! Communicate via proxy not configurable?

Tarek1977
Path Finder

Hello all,

We did install the Mobile Access Server on a Linux system. It's in our DMZ behind a firewall. The push service from Google is not reachable.

My question is: It is possible to let the mobile access server communicate via http proxy to this service?

I tried to put the export http proxy definition into the server.sh and start the server, but that did not work. The server.log did not contain any useful information.

Maybe it is possible in the local_config.json to configure a proxy for outgoing communication, but I found no documentation about it.

Any ideas?

Thank you in advance!

server.sh:

!/bin/bash
nodejs - Startup script for node.js server
description: Node.js node server.js

export https_proxy="http://username:password@ourInternetProxy:8080"

PRG="$0"
PRGDIR=dirname "$PRG"

oldpath=pwd
cd $PRGDIR/server

0 Karma

sni_splunk
Splunk Employee
Splunk Employee

Unfortunately, node.js does not seem to support using global proxy, and you have to modify http.request (https.request) to use the proxy. There are some modules like https://www.npmjs.com/package/global-tunnel which does this job but it is not tested if this affects other functionalities.

There are two other ways I can think of so far, but they are not canonical solutions and are not officially tested yet.
1) change the node-gcm library
The proxy settings for GCM requests is not exposed yet via configuration in the mobile access server, and if you really want to do this at present, you probably could modify the underlying library we use (node-gcm) to apply your proxy and replace the existing library in node_modules folder with the modified version. (https://github.com/ToothlessGear/node-gcm/blob/master/lib/sender.js#L92)

2) set up a custom proxy for GCM
Alternatively, since the mobile access server talks to GCM using https://android.googleapis.com:443, you could modify the DNS in your Linux server to resolve android.googleapis.com to your proxy server IP address and this will make the server to connect to your proxy and this is a little bit hacky but it will probably work but I don't test this solution yet.

0 Karma

Tarek1977
Path Finder

Hello sni,

thank you for your answer. I tried a lot of stuff now. The last thing I did: changing the proxy settings via "npm config set https-proxy http://username:password@proxy.company.com:8080". But still no success.

One questions regarding the logging. I did not get any useful logging Information when trying to connect to APN or GCM. Within the MAS GUI you see only "INVALID" (APN) and for GCM "Connecting..." btw. this Status is always shown for GCM (a bug?) (see screenshot attached)

How can I log these requests (it is not in the server.log or access.log, debug_mode); or where can I find the logs?

Best Regards,

Tarek

alt text

0 Karma

sni_splunk
Splunk Employee
Splunk Employee

About the logging. With debug level logging enable, in the server.log, you should be able to see something like "debug: category=incoming_request, requestId=74802066f72e8514144273fa1f585ab8, method=GET, originalUrl=/m/console/home/status/gcm", which means a request is sent to mobile access server to retrieve the GCM status, but you probably cannot find anything useful besides this. This is because for APN and GCM, we use third party libraries for communication with APN and GCM servers, and they don't log to log file but log to stdout and stderr, which you cannot see because the server is daemonized.

0 Karma

sni_splunk
Splunk Employee
Splunk Employee

Tarek1977, you could drop me a mail via sni AT SP!UNK D0T C0M and I could try to invite you to join a beta program if you want to and maybe the new release of the server component can address your issue.

0 Karma

Tarek1977
Path Finder

Hi sni,

thank you for your help! Now the new AddOn for Mobile Server was realeased. I'll check the update, maybe this issue does not occur anymore. Keep you updated. Thank you!

0 Karma

sni_splunk
Splunk Employee
Splunk Employee

There is a way I can think of to get the debug log for these libraries but this is more difficult than it should be, and if you like, you can give it a try by following the steps below:
2.1) Start the server by running server.sh start
2.2) Run killall Splunkm to kill all node.js processes but keeps the mongodb running
2.3) Enter the 'server' directory in your mobile access server installation folder
2.4) You need to install 'debug' node module (https://www.npmjs.com/package/debug). This module is not shipped with mobile access server, and npm is not shipped with mobile access server. To install this module, you probably have to either install npm in your Linux machine and then install the debug module by running npm install debug in current 'server' folder, or install this module in another machine and copy the entire 'debug' module installation folder to 'server/node_modules' folder.
2.5) Run NODE_DEBUG=request node --debug --harmony server.js
2.6) Navigate to the above status page, and you should be able to see debug log in the console:
REQUEST response end https://android.googleapis.com:443/gcm/send 200 { 'content-type': 'application/json; charset=UTF-8',
date: 'Thu, 17 Sep 2015 03:30:07 GMT',
expires: 'Thu, 17 Sep 2015 03:30:07 GMT',
'cache-control': 'private, max-age=0',
'x-content-type-options': 'nosniff',
'x-frame-options': 'SAMEORIGIN',
'x-xss-protection': '1; mode=block',
server: 'GSE',
'alternate-protocol': '443:quic,p=1',
'alt-svc': 'quic=":443"; p="1"; ma=604800',
'accept-ranges': 'none',
vary: 'Accept-Encoding',
connection: 'close' }
REQUEST end event https://android.googleapis.com:443/gcm/send

0 Karma

sni_splunk
Splunk Employee
Splunk Employee

"npm config set https-proxy http://username:password@proxy.company.com:8080" will only work for npm instead of node.

0 Karma

sni_splunk
Splunk Employee
Splunk Employee

1) "npm config set https-proxy http://username:password@proxy.company.com:8080" will only work for npm instead of node.
2) About the logging. With debug level logging enable, in the server.log, you should be able to see something like "debug: category=incoming_request, requestId=74802066f72e8514144273fa1f585ab8, method=GET, originalUrl=/m/console/home/status/gcm", which means a request is sent to mobile access server to retrieve the GCM status, but you probably cannot find anything useful besides this. This is because for APN and GCM, we use third party libraries for communication with APN and GCM servers, and they don't log to log file but log to stdout and stderr, which you cannot see because the server is daemonized. There is a way I can think of to get the log but this is more difficult than it should be, and if you like, you can give it a try by following the steps below:
2.1) Start the server by running server.sh start
2.2) Run killall Splunkm to kill all node.js processes but keeps the mongodb running
2.3) Enter the 'server' directory in your mobile access server installation folder
2.4) You need to install 'debug' node module (https://www.npmjs.com/package/debug). This module is not shipped with mobile access server, and npm is not shipped with mobile access server. To install this module, you probably have to either install npm in your Linux machine and then install the debug module by running npm install debug in current 'server' folder, or install this module in another machine and copy the entire 'debug' module installation folder to 'server/node_modules' folder.
2.5) Run NODE_DEBUG=request node --debug --harmony server.js
2.6) Navigate to the above status page, and you should be able to see debug log in the console:
REQUEST response end https://android.googleapis.com:443/gcm/send 200 { 'content-type': 'application/json; charset=UTF-8',
date: 'Thu, 17 Sep 2015 03:30:07 GMT',
expires: 'Thu, 17 Sep 2015 03:30:07 GMT',
'cache-control': 'private, max-age=0',
'x-content-type-options': 'nosniff',
'x-frame-options': 'SAMEORIGIN',
'x-xss-protection': '1; mode=block',
server: 'GSE',
'alternate-protocol': '443:quic,p=1',
'alt-svc': 'quic=":443"; p="1"; ma=604800',
'accept-ranges': 'none',
vary: 'Accept-Encoding',
connection: 'close' }
REQUEST end event https://android.googleapis.com:443/gcm/send

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...