From 64b0555d0878d4d857eda40fac1b6e99550edbc2 Mon Sep 17 00:00:00 2001 From: Johan Stokking Date: Wed, 4 Dec 2024 16:29:49 +0100 Subject: [PATCH] doc: Document TTGC support --- .../host/aws/ami/deployment-guide/_index.md | 53 +++++++++++++------ .../host/aws/ami/post-deployment/_index.md | 6 +-- .../host/docker/certificates.md | 6 +-- .../docker-compose-custom-certificates.yml | 1 + .../docker-compose-enterprise.yml | 3 +- .../docker-compose-open-source.yml | 1 + .../host/docker/configuration/index.md | 48 +++++++++++------ ...tn-lw-stack-docker-custom-certificates.yml | 48 ++++++++--------- .../ttn-lw-stack-docker-enterprise.yml | 42 +++++++-------- .../ttn-lw-stack-docker-open-source.yml | 41 +++++++------- 10 files changed, 138 insertions(+), 111 deletions(-) diff --git a/doc/content/the-things-stack/host/aws/ami/deployment-guide/_index.md b/doc/content/the-things-stack/host/aws/ami/deployment-guide/_index.md index 21407b535e..5df60c9a4a 100644 --- a/doc/content/the-things-stack/host/aws/ami/deployment-guide/_index.md +++ b/doc/content/the-things-stack/host/aws/ami/deployment-guide/_index.md @@ -36,7 +36,7 @@ The following are necessary to complete this guide: 1. An account with AWS with access to the AWS Marketplace. If you don't have one, create it by using the [Create an AWS account](https://portal.aws.amazon.com/billing/signup#/start) page. 2. An RSA Public-Private Key pair 3. Sufficient rights on your account to create IAM roles -4. A LoRaWAN® compliant Gateway +4. A LoRaWAN compliant Gateway 5. A LoRaWAN compliant End Device 6. Access to a name server for DNS mapping 7. (Optional) An AWS Secret containing TLS certificate data, if a custom TLS certificate is needed @@ -61,9 +61,9 @@ This template allows the user to customize the deployment. The following is a li |Parameter|Description|Default| |---|---|---| -|EC2 Instance Name|Name of the EC2 instance.|`the-things-enterprise-stack`| +|EC2 Instance Name|Name of the EC2 instance.|tts| |Domain|Domain name. You should be able to configure DNS for the domain. TLS certificates from Let's Encrypt will automatically be requested.|-| -|Network Title*|The title of your deployment.|`The Things Stack Enterprise for LoRaWAN`| +|Network Title*|The title of your deployment.|The Things Stack Enterprise for LoRaWAN| |CIDR block|CIDR block used by the VPC.|10.0.0.0/16| > \* Optional field @@ -72,28 +72,39 @@ This template allows the user to customize the deployment. The following is a li |**Parameter**|**Description**|**Default**| |---|---|---| +|TLS Certificate*|TLS certificate to use. If left empty, TLS certificates from Let's Encrypt will automatically be requested.|-| +|TLS Certificate Key*|TLS certificate key to use. If left empty, TLS certificates from Let's Encrypt will automatically be requested.|-| +|TLS Certificate CA*|TLS certificate CA to use. If left empty, TLS certificates from Let's Encrypt will automatically be requested.|-| +|TLS Certificate Secret ARN*|TLS certificate data specified as an AWS secret. If this secret is specified, TLSCertificate, TLSCertificateCA and TLSCertificateKey values will be ignored. The AWS secret must have 3 key/value pairs with the key names: cert, key, ca.|-| +|Allow unauthenticated Basic Station connections|Allow unauthenticated Basic Station connections. This should only be set only for testing purposes.|false| |Admin Username|Name of the admin user.|`admin`| -|Admin Email|Email address of the admin user.|`admin@mycompany.com`| |Initial Admin Password|Initial admin password. Please choose a strong password. It is recommended to change this password upon first login.|-| +|Admin Email|Email address of the admin user.|`admin@mycompany.com`| +|Amazon ElastiCache KMS Key ID*|Key used for Redis at-rest encryption. Leave empty to disable encryption. (Warning) A change to this field requires manual migration of the database.|-| +|Amazon ElastiCache Password*|Password used to access Redis. Leave empty to disable TLS connection. (Warning) A change to this field requires manual migration of the database.|-| |Amazon RDS Database Username|Username of the relational database.|`postgres`| |Amazon RDS Database Password|Password for the relational database. This password is used to access the Amazon RDS database.|-| |SSH Key|Name of an existing EC2 KeyPair to enable SSH access to your instance.|-| |SendGrid API Key*|API key for [SendGrid](https://sendgrid.com/) to send emails.|-| -|Amazon ElastiCache KMS Key ID*|Key used for Redis at-rest encryption. Leave empty to disable encryption. (Warning) A change to this field requires manual migration of the database.|-| -|Amazon ElastiCache Password*|Password used to access Redis. Leave empty to disable TLS connection. (Warning) A change to this field requires manual migration of the database.|-| -|TLS Certificate*|TLS certificate to use. If left empty, TLS certificates from Let's Encrypt will automatically be requested.|-| -|TLS Certificate Key*|TLS certificate key to use. If left empty, TLS certificates from Let's Encrypt will automatically be requested.|-| -|TLS Certificate CA*|TLS certificate CA to use. If left empty, TLS certificates from Let's Encrypt will automatically be requested.|-| -|ARN of an AWS Secret containing the TLS certificate data*|TLS certificate data specified as an AWS secret. If this secret is specified, TLSCertificate, TLSCertificateCA and TLSCertificateKey values will be ignored. The AWS secret must have 3 key/value pairs with the key names: cert, key, ca.|-| > \* Optional field +#### Email Settings + +|**Parameter**|**Description**|**Default**| +|---|---|---| +|Email Provider|Email provider for The Things Stack Identity Server|sendgrid| +|SendGrid API Key|If email provider is sendgrid: API key for SendGrid (https://sendgrid.com/) to send emails.|| +|SMTP Server Address|If email provider is smtp: Address of the SMTP server.|| +|SMTP Username|If email provider is smtp: Username for the SMTP server.|| +|SMTP Password|If email provider is smtp: Password for the SMTP server.|| + #### External Connectivity -|**Parameter**|**Description**| -|---|---| -|Restrict SSH Access to IP Range|The source IP address range that can be used to connect via SSH to the EC2 instances. Use 0.0.0.0/0 for global SSH access.| -|Restrict Service Access to IP Range|The source IP address range that can be used to connect to the deployed services. Use 0.0.0.0/0 for global access.| +|**Parameter**|**Description**|**Default**| +|---|---|---| +|Restrict SSH Access to IP Range|The source IP address range that can be used to connect via SSH to the EC2 instances. Use 0.0.0.0/0 for global SSH access.|0.0.0.0/0| +|Restrict Service Access to IP Range|The source IP address range that can be used to connect to the deployed services. Use 0.0.0.0/0 for global access.|0.0.0.0/0| #### User Registration @@ -118,13 +129,13 @@ This template allows the user to customize the deployment. The following is a li |---|---|---| |EC2 Instance Type|EC2 Instance Type.|t3.small| |Redis Backup Retention Period*|The retention period for daily Redis backups (days).|7| -|Redis Instance Type|The size of machine for the Redis instance.|cache.t2.small| +|Redis Instance Type|The size of machine for the Redis instance.|cache.t4g.small| |Enable Multi-AZ for Redis| If true, replicas of Redis are created. If true, RedisNumCacheClusters property must be greater than 1.|false| |Number of Redis Multi-AZ Instances|The number of replicas for this replication group. If RedisMultiAZSupport is true, this value must be greater than 1. Note that this multiplies the Amazon ElastiCache Redis instance costs.|1| |Amazon RDS Database Name|Name of the relational database. (Warning) A change to this field requires manual migration of the database.|ttn_lorawan| -|Amazon RDS Instance Type|The instance type for the Amazon RDS database.|db.t3.small| +|Amazon RDS Instance Type|The instance type for the Amazon RDS database.|db.t4g.small| |Amazon RDS Backup Retention Period|The retention period for daily Amazon RDS backups (days). (Warning) A change to this field requires manual migration of the database.|7| -|Amazon RDS Postgres Version|PostgreSQL version for the Amazon RDS database.|11.4| +|Amazon RDS Postgres Version|PostgreSQL version for the Amazon RDS database.|16.4| |Enable Multi-AZ for Amazon RDS| If true, a failover instance is created in case the primary instance fails. Note that this doubles the Amazon RDS instance costs.|false| #### LoRaWAN Network Server Settings @@ -137,6 +148,14 @@ This template allows the user to customize the deployment. The following is a li |LoRaWAN DevAddr Prefix|Prefix for the LoRaWAN DevAddrs that are handled by this network.|00000000/7| |LoRaWAN NetID|The LoRaWAN NetID that is assigned through [LoRa Alliance membership](https://lora-alliance.org/become-a-member). This is required if your network needs interoperability (e.g. roaming, peering, join flow) with other networks. If you do not have a NetID, please use 000000 or 000001.|000000| +#### Managed Gateways + +{{< note >}} All of following parameters are optional. {{}} + +|**Parameter**|**Description**|**Default**| +|---|---|---| +|The Things Gateway Controller|If set to true, The Things Stack connects to The Things Gateway Controller for claiming and configuring managed gateways (including The Things Indoor Gateway Pro). If you are using a TLS certificate that is signed by a private CA, contact support@thethingsindustries.com to get your CA configured in The Things Gateway Controller.|false| + #### AWS IoT settings |**Parameter**|**Description**|**Default**| diff --git a/doc/content/the-things-stack/host/aws/ami/post-deployment/_index.md b/doc/content/the-things-stack/host/aws/ami/post-deployment/_index.md index 17a5e5c546..77a7e690e2 100644 --- a/doc/content/the-things-stack/host/aws/ami/post-deployment/_index.md +++ b/doc/content/the-things-stack/host/aws/ami/post-deployment/_index.md @@ -91,15 +91,15 @@ sudo journalctl -f -u lorawan-stack.service ## Routing LoRaWAN Traffic -Now that your stack has been successfully deployed, let's look at how to connect a LoRaWAN® Gateway, Register a LoRaWAN Device and read traffic from this device. +Now that your stack has been successfully deployed, let's look at how to connect a LoRaWAN Gateway, register a LoRaWAN device and read traffic from this device. ### Connecting a Gateway -Please check [Gateways]({{< relref "gateways" >}}) section to find an extensive connecting guide for the particular brand/model of your gateway. +Please check [Gateways]({{< ref "gateways/concepts/adding-gateways" >}}) section to learn how to add gateways. ### Registering a Device -Please check the [Adding Devices]({{< relref "devices/adding-devices" >}}) guide. +Please check the [Adding Devices]({{< ref "devices/adding-devices" >}}) guide. ## AWS IoT diff --git a/doc/content/the-things-stack/host/docker/certificates.md b/doc/content/the-things-stack/host/docker/certificates.md index 0635dc1d0a..c342b1298d 100644 --- a/doc/content/the-things-stack/host/docker/certificates.md +++ b/doc/content/the-things-stack/host/docker/certificates.md @@ -111,10 +111,10 @@ Be sure to configure `docker-compose.yml` and `ttn-lw-stack-docker.yml` for your ## Using Custom Certificates -To use CA certificates you already have or [self-signed certificates](#custom-certificate-authority), you will need to uncomment the custom certificates section of `docker-compose.yml`: +To use CA certificates you already have or [self-signed certificates](#custom-certificate-authority), you will need to specify the custom certificates section of `docker-compose.yml`: -{{< highlight yaml "linenos=table,linenostart=66" >}} -{{< readfile path="/content/the-things-stack/host/docker/configuration/docker-compose-custom-certificates.yml" from=66 to=79 >}} +{{< highlight yaml "linenos=table,linenostart=67" >}} +{{< readfile path="/content/the-things-stack/host/docker/configuration/docker-compose-custom-certificates.yml" from=67 to=80 >}} {{< /highlight >}} You will also need to comment out the Let's Encrypt section of `ttn-lw-stack-docker.yml`: diff --git a/doc/content/the-things-stack/host/docker/configuration/docker-compose-custom-certificates.yml b/doc/content/the-things-stack/host/docker/configuration/docker-compose-custom-certificates.yml index ffbbc7c472..7b1c02aa98 100644 --- a/doc/content/the-things-stack/host/docker/configuration/docker-compose-custom-certificates.yml +++ b/doc/content/the-things-stack/host/docker/configuration/docker-compose-custom-certificates.yml @@ -61,6 +61,7 @@ services: - "8886:8886" - "1887:1887" - "8887:8887" + - "8889:8889" - "1700:1700/udp" # If using custom certificates: diff --git a/doc/content/the-things-stack/host/docker/configuration/docker-compose-enterprise.yml b/doc/content/the-things-stack/host/docker/configuration/docker-compose-enterprise.yml index 77bad3bea6..8b639d8c9c 100644 --- a/doc/content/the-things-stack/host/docker/configuration/docker-compose-enterprise.yml +++ b/doc/content/the-things-stack/host/docker/configuration/docker-compose-enterprise.yml @@ -5,7 +5,7 @@ services: # In production, replace 'latest' with tag from https://hub.docker.com/r/timescale/timescaledb/tags # If you are not using the Storage Integration nor Network Operations Center, you can use vanilla Postgres. # The minimum Postgres version supported is 14.x. - image: "timescale/timescaledb:latest-pg14" + image: "timescale/timescaledb:latest-pg16" restart: unless-stopped environment: - POSTGRES_PASSWORD=root @@ -95,6 +95,7 @@ services: - "8887:8887" - "1888:1888" - "8888:8888" + - "8889:8889" - "1700:1700/udp" # If using custom certificates: diff --git a/doc/content/the-things-stack/host/docker/configuration/docker-compose-open-source.yml b/doc/content/the-things-stack/host/docker/configuration/docker-compose-open-source.yml index 8900f13781..7abd8c973e 100644 --- a/doc/content/the-things-stack/host/docker/configuration/docker-compose-open-source.yml +++ b/doc/content/the-things-stack/host/docker/configuration/docker-compose-open-source.yml @@ -61,6 +61,7 @@ services: - "8886:8886" - "1887:1887" - "8887:8887" + - "8889:8889" - "1700:1700/udp" # If using custom certificates: diff --git a/doc/content/the-things-stack/host/docker/configuration/index.md b/doc/content/the-things-stack/host/docker/configuration/index.md index 8f6fb9ba46..83ed334f9c 100644 --- a/doc/content/the-things-stack/host/docker/configuration/index.md +++ b/doc/content/the-things-stack/host/docker/configuration/index.md @@ -172,7 +172,7 @@ The databases used by {{% tts %}} are configured in the `environment` section. I The `ports` section exposes {{% tts %}}'s ports outside the Docker container. Port `80` and `443` are mapped to the internal HTTP and HTTPS ports. The other ports have a direct mapping. If you don't need support for gateways and applications that don't use TLS, you can remove ports starting with `188`: {{< highlight yaml "linenos=table,linenostart=78" >}} -{{< readfile path="/content/the-things-stack/host/docker/configuration/docker-compose-enterprise.yml" from=78 to=98 >}} +{{< readfile path="/content/the-things-stack/host/docker/configuration/docker-compose-enterprise.yml" from=78 to=99 >}} {{< /highlight >}} {{< note >}} Be sure to provide network access to these ports on the machine you are running {{% tts %}}. {{}} @@ -222,9 +222,9 @@ host, and also to use it as the default host. If using Let's Encrypt, certificates will automatically be requested the first time you access {{% tts %}}. You will notice that the page takes some time to load while certificates are obtained in the background. -See the [TLS Options configuration reference]({{< ref "/reference/configuration/the-things-stack#tls-options" >}}) for more information. - -Make sure that you use the correct `tls` configuration depending on whether you are using Let's Encrypt or your own certificate files. +{{< highlight yaml "linenos=table,linenostart=61" >}} +{{< readfile path="/the-things-stack/host/docker/configuration/ttn-lw-stack-docker-enterprise.yml" from=61 to=71 >}} +{{< /highlight >}} If you are using your own certificate files, make sure to uncomment the lines that define `source` type, `root-ca`, `certificate` and `key`. The paths assigned to these do not need to be altered, because they point to the location of these files inside the Docker container, and not on your machine. @@ -232,11 +232,9 @@ If you are using your own certificate files, make sure to uncomment the lines th {{< readfile path="/the-things-stack/host/docker/configuration/ttn-lw-stack-docker-enterprise.yml" from=53 to=59 >}} {{< /highlight >}} -If you are using Let's Encrypt in a multi-tenant {{% tts %}} environment, all tenant addresses have to be specified in the `ttn-lw-stack-docker.yml` file using `tls.acme.hosts` configuration option with `*.thethings.example.com` wildcard. +See the [TLS Options configuration reference]({{< ref "/reference/configuration/the-things-stack#tls-options" >}}) for more information. -{{< highlight yaml "linenos=table,linenostart=61" >}} -{{< readfile path="/the-things-stack/host/docker/configuration/ttn-lw-stack-docker-enterprise.yml" from=61 to=70 >}} -{{< /highlight >}} +Make sure that you use the correct `tls` configuration depending on whether you are using Let's Encrypt or your own certificate files. ### Console Component URLs @@ -254,6 +252,26 @@ The `client-secret` will be needed later when authorizing the Console. Be sure t {{< readfile path="/the-things-stack/host/docker/configuration/ttn-lw-stack-docker-enterprise.yml" from=116 to=121 >}} {{< /highlight >}} +### Managed Gateways {{< new-in-version "3.34.0" >}} + +If you want to connected managed gateways, e.g. [The Things Indoor Gateway Pro]({{< ref "/gateways/models/thethingsindoorgatewaypro" >}}), you need to enable The Things Gateway Controller. This is a central service operated by The Things Industries that allows for claiming and remotely managing gateways. {{% tts %}} is natively integrated with The Things Gateway Controller. + +To authenticate with The Things Gateway Controller, {{% tts %}} typically uses the same TLS certificate as used for the TLS server, either Let's Encrypt or custom certificates. + +When using Let's Encrypt: + +{{< highlight yaml "linenos=table,linenostart=142" >}} +{{< readfile path="/the-things-stack/host/docker/configuration/ttn-lw-stack-docker-enterprise.yml" from=142 to=150 >}} +{{< /highlight >}} + +When using custom certificates: + +{{< highlight yaml "linenos=table,linenostart=151" >}} +{{< readfile path="/the-things-stack/host/docker/configuration/ttn-lw-stack-docker-enterprise.yml" from=151 to=155 >}} +{{< /highlight >}} + +{{< note >}} If you are using a private PKI for generating certificates (e.g. a self-signed CA), you need to share your CA file with The Things Industries in order for The Things Gateway Controller to verify your certificate and authenticate your deployment. Contact [The Things Industries support](mailto:support@thethingsindustries.com). {{}} + ### NOC {{< distributions "Enterprise" >}} The `noc` section configures the Network Operations Center. @@ -262,25 +280,25 @@ Besides `ui` and `oauth` settings, storage settings need to be configured in the To authorize the NOC, be sure to set and remember the client secret. -{{< highlight yaml "linenos=table,linenostart=161" >}} -{{< readfile path="/the-things-stack/host/docker/configuration/ttn-lw-stack-docker-enterprise.yml" from=161 to=170 >}} +{{< highlight yaml "linenos=table,linenostart=157" >}} +{{< readfile path="/the-things-stack/host/docker/configuration/ttn-lw-stack-docker-enterprise.yml" from=157 to=173 >}} {{< /highlight >}} To visualize data, configure the `grafana` section. -{{< highlight yaml "linenos=table,linenostart=179" >}} -{{< readfile path="/the-things-stack/host/docker/configuration/ttn-lw-stack-docker-enterprise.yml" from=179 to=184 >}} +{{< highlight yaml "linenos=table,linenostart=175" >}} +{{< readfile path="/the-things-stack/host/docker/configuration/ttn-lw-stack-docker-enterprise.yml" from=175 to=180 >}} {{< /highlight >}} ### Multi-tenancy {{< distributions "Enterprise" >}} If running a multi-tenant environment, we need to configure the default tenant ID, and the base domain from which tenant IDs are inferred. See the [`tenancy` configuration reference]({{< ref "/reference/configuration/the-things-stack#multi-tenancy" >}}). -{{< highlight yaml "linenos=table,linenostart=188" >}} -{{< readfile path="/the-things-stack/host/docker/configuration/ttn-lw-stack-docker-enterprise.yml" from=188 to=191 >}} +{{< highlight yaml "linenos=table,linenostart=184" >}} +{{< readfile path="/the-things-stack/host/docker/configuration/ttn-lw-stack-docker-enterprise.yml" from=184 to=187 >}} {{< /highlight >}} -For multi-tenant environments you'll also need to configure tenant admin keys: +For multi-tenant environments you'll also need to configure tenant admin keys in the `is` section: {{< highlight yaml "linenos=table,linenostart=40" >}} {{< readfile path="/content/the-things-stack/host/docker/configuration/ttn-lw-stack-docker-enterprise.yml" from=40 to=42 >}} diff --git a/doc/content/the-things-stack/host/docker/configuration/ttn-lw-stack-docker-custom-certificates.yml b/doc/content/the-things-stack/host/docker/configuration/ttn-lw-stack-docker-custom-certificates.yml index 64faf968f1..e4f4f813f2 100644 --- a/doc/content/the-things-stack/host/docker/configuration/ttn-lw-stack-docker-custom-certificates.yml +++ b/doc/content/the-things-stack/host/docker/configuration/ttn-lw-stack-docker-custom-certificates.yml @@ -47,12 +47,13 @@ tls: # Let's encrypt for "thethings.example.com" # tls: -# source: 'acme' +# source: acme # acme: -# dir: '/var/lib/acme' -# email: 'you@thethings.example.com' -# hosts: ['thethings.example.com'] -# default-host: 'thethings.example.com' +# enable: true +# dir: /var/lib/acme +# email: "you@thethings.example.com" +# hosts: ["thethings.example.com"] +# default-host: "thethings.example.com" # If Gateway Server enabled, defaults for "thethings.example.com": gs: @@ -68,9 +69,6 @@ gcs: basic-station: default: lns-uri: "wss://thethings.example.com:8887" - the-things-gateway: - default: - mqtt-server: "mqtts://thethings.example.com:8881" # Web UI configuration for "thethings.example.com": console: @@ -87,6 +85,8 @@ console: base-url: "https://thethings.example.com/api/v3" js: base-url: "https://thethings.example.com/api/v3" + gcs: + base-url: "https://thethings.example.com/api/v3" qrg: base-url: "https://thethings.example.com/api/v3" edtc: @@ -109,21 +109,17 @@ as: downlink: public-address: "thethings.example.com:1885/api/v3" -# If Device Claiming Server enabled, defaults for "thethings.example.com": -dcs: - oauth: - authorize-url: "https://thethings.example.com/oauth/authorize" - token-url: "https://thethings.example.com/oauth/token" - logout-url: "https://thethings.example.com/oauth/logout" - client-id: "device-claiming" - client-secret: "device-claiming" # choose or generate a secret - ui: - canonical-url: "https://thethings.example.com/claim" - as: - base-url: "https://thethings.example.com/api/v3" - dcs: - base-url: "https://thethings.example.com/api/v3" - is: - base-url: "https://thethings.example.com/api/v3" - ns: - base-url: "https://thethings.example.com/api/v3" +# Managed gateway configuration, defaults for "thethings.example.com". +# This configures a connection with The Things Gateway Controller, a service operated by The Things Industries. +# This allows connecting, for example, The Things Indoor Gateway Pro. +ttgc: + enabled: true + domain: thethings.example.com + # If using custom certificates (the X.509 Extended Key Usage must include Client Authentication): + tls: + source: file + certificate: /run/secrets/cert.pem + key: /run/secrets\ + # If using Let's Encrypt (see above): + # tls: + # source: acme diff --git a/doc/content/the-things-stack/host/docker/configuration/ttn-lw-stack-docker-enterprise.yml b/doc/content/the-things-stack/host/docker/configuration/ttn-lw-stack-docker-enterprise.yml index 8801275bd8..7820c59b07 100644 --- a/doc/content/the-things-stack/host/docker/configuration/ttn-lw-stack-docker-enterprise.yml +++ b/doc/content/the-things-stack/host/docker/configuration/ttn-lw-stack-docker-enterprise.yml @@ -60,9 +60,10 @@ http: # Let's encrypt for "thethings.example.com" tls: - source: "acme" + source: acme acme: - dir: "/var/lib/acme" + enable: true + dir: /var/lib/acme email: "you@thethings.example.com" hosts: ["thethings.example.com"] # If running a multi-tenant environment, specify the wildcard address: @@ -83,9 +84,6 @@ gcs: basic-station: default: lns-uri: "wss://thethings.example.com:8887" - the-things-gateway: - default: - mqtt-server: "mqtts://thethings.example.com:8881" # Web UI configuration for "thethings.example.com": console: @@ -105,6 +103,8 @@ console: base-url: "https://thethings.example.com/api/v3" js: base-url: "https://thethings.example.com/api/v3" + gcs: + base-url: "https://thethings.example.com/api/v3" qrg: base-url: "https://thethings.example.com/api/v3" edtc: @@ -139,24 +139,20 @@ as: downlink: public-address: "thethings.example.com:1885/api/v3" -# If Device Claiming Server enabled, defaults for "thethings.example.com": -dcs: - oauth: - authorize-url: "https://thethings.example.com/oauth/authorize" - token-url: "https://thethings.example.com/oauth/token" - logout-url: "https://thethings.example.com/oauth/logout" - client-id: "device-claiming" - client-secret: "device-claiming" # choose or generate a secret - ui: - canonical-url: "https://thethings.example.com/claim" - as: - base-url: "https://thethings.example.com/api/v3" - dcs: - base-url: "https://thethings.example.com/api/v3" - is: - base-url: "https://thethings.example.com/api/v3" - ns: - base-url: "https://thethings.example.com/api/v3" +# Managed gateway configuration, defaults for "thethings.example.com". +# This configures a connection with The Things Gateway Controller, a service operated by The Things Industries. +# This allows connecting, for example, The Things Indoor Gateway Pro. +ttgc: + enabled: true + domain: thethings.example.com + # Let's Encrypt + tls: + source: acme + # If using custom certificates: + # tls: + # source: file + # certificate: /run/secrets/cert.pem + # key: /run/secrets/key.pem # If Network Operations Center is enabled, defaults for "thethings.example.com": noc: diff --git a/doc/content/the-things-stack/host/docker/configuration/ttn-lw-stack-docker-open-source.yml b/doc/content/the-things-stack/host/docker/configuration/ttn-lw-stack-docker-open-source.yml index a0f4a14d23..648c28a136 100644 --- a/doc/content/the-things-stack/host/docker/configuration/ttn-lw-stack-docker-open-source.yml +++ b/doc/content/the-things-stack/host/docker/configuration/ttn-lw-stack-docker-open-source.yml @@ -47,9 +47,9 @@ http: # Let's encrypt for "thethings.example.com" tls: - source: "acme" + source: acme acme: - dir: "/var/lib/acme" + dir: /var/lib/acme email: "you@thethings.example.com" hosts: ["thethings.example.com"] default-host: "thethings.example.com" @@ -68,9 +68,6 @@ gcs: basic-station: default: lns-uri: "wss://thethings.example.com:8887" - the-things-gateway: - default: - mqtt-server: "mqtts://thethings.example.com:8881" # Web UI configuration for "thethings.example.com": console: @@ -89,6 +86,8 @@ console: base-url: "https://thethings.example.com/api/v3" js: base-url: "https://thethings.example.com/api/v3" + gcs: + base-url: "https://thethings.example.com/api/v3" qrg: base-url: "https://thethings.example.com/api/v3" edtc: @@ -111,21 +110,17 @@ as: downlink: public-address: "thethings.example.com:1885/api/v3" -# If Device Claiming Server enabled, defaults for "thethings.example.com": -dcs: - oauth: - authorize-url: "https://thethings.example.com/oauth/authorize" - token-url: "https://thethings.example.com/oauth/token" - logout-url: "https://thethings.example.com/oauth/logout" - client-id: "device-claiming" - client-secret: "device-claiming" # choose or generate a secret - ui: - canonical-url: "https://thethings.example.com/claim" - as: - base-url: "https://thethings.example.com/api/v3" - dcs: - base-url: "https://thethings.example.com/api/v3" - is: - base-url: "https://thethings.example.com/api/v3" - ns: - base-url: "https://thethings.example.com/api/v3" +# Managed gateway configuration, defaults for "thethings.example.com". +# This configures a connection with The Things Gateway Controller, a service operated by The Things Industries. +# This allows connecting, for example, The Things Indoor Gateway Pro. +ttgc: + enabled: true + domain: thethings.example.com + # Let's Encrypt: + tls: + source: acme + # If using custom certificates: + # tls: + # source: file + # certificate: /run/secrets/cert.pem + # key: /run/secrets/key.pem