Page Comparison

In order to use the Peer-to-Peer functionality of the D2D iOS App, the SSL CA certificate for the D2D protocol must be set in the server settings.

D2D SSL CA Certificate and SSL Certificate

The D2D protocol uses SSL, which requires all servers and clients to have a valid SSL certificate. Clients create certificates automatically, which are signed by the server. This requires the server to become a certificate authority (CA), which must be activated in the server settings in the web interface.

In Preferences→Network the D2D certificate status can be seen. If the status is "invalid", a new CA certificate can be created with the "Renew D2D Certificate" button. The server then creates a new valid CA certificate, which is stored in server_maintenance/d2d/ca.pem and server_maintenance/d2d/ca.jks. It is not necessary to restart the server after certificate creation or renewal.

Web Socket configuration for iOS

The D2D protocol uses Web Socket to communicate with the server. When used in cluster setup, the load balancer needs to be configured to allow protocol upgrades from HTTP to WebSocket. Also, each node must be directly accessible for WebSocket via URL. For example, the node with ID node1 must be accessible for WebSocket via URL my.server.com/websocket/node1 which needs to be redirected to $internalAddress/websocket. Please see the two examples below for nginx and Apache:

Sample Configuration

Section

Column

width	65%

Code Block

title	nginx

upstream cluster {
    ip_hash;
    server 10.0.0.1:8080;
    server 10.0.0.2:8080;
    keepalive 100;
}
server {
    listen 10.0.0.1:80;
    server_name powerfolder.com;
    return 301 https://$server_name$request_uri;
}
server {
    listen 10.0.0.1:443 ssl;
    ssl_certificate certificates/cluster.crt.pem;
    ssl_certificate_key certificates/cluster.key.pem;
    server_name powerfolder.com;
    client_max_body_size 2G;
    location / {
        proxy_http_version 1.1;
        proxy_set_header Connection "";
        proxy_pass http://powerfolder.com;
    }
    location /websocket/nodeID1 {
        proxy_http_version 1.1;
        proxy_pass http://10.0.0.1:8080/websocket;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
    }
    location /websocket/nodeID2 {
        proxy_http_version 1.1;
        proxy_pass http://10.0.0.2:8080/websocket;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
    }
    location /websocket {
        proxy_http_version 1.1;
        proxy_pass http://cluster/websocket;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
    }
}

WebSocket ProxyPass entries have to be defined BEFORE other ProxyPass entries

Code Block

title	Apache2

<Proxy balancer://httpcluster> BalancerMember http Section

Column

width	65%

In order to use the Peer-to-Peer functionality of the D2D iOS App, the SSL CA certificate for the D2D protocol must be set in the server settings.

D2D SSL CA Certificate and SSL Certificate

The D2D protocol uses SSL, which requires all servers and clients to have a valid SSL certificate. Clients create certificates automatically, which are signed by the server. This requires the server to become a certificate authority (CA), which must be activated in the server settings in the web interface.

In Preferences→Network the D2D certificate status can be seen. If the status is "invalid", a new CA certificate can be created with the "Renew D2D Certificate" button. The server then creates a new valid CA certificate, which is stored in server_maintenance/d2d/ca.pem and server_maintenance/d2d/ca.jks. It is not necessary to restart the server after certificate creation or renewal.

Web Socket configuration for iOS

The D2D protocol uses Web Socket to communicate with the server. When used in cluster setup, the load balancer needs to be configured to allow protocol upgrades from HTTP to WebSocket. Also, each node must be directly accessible for WebSocket via URL. For example, the node with ID node1 must be accessible for WebSocket via URL my.server.com/websocket/node1 which needs to be redirected to $internalAddress/websocket. Please see the two examples below for nginx and Apache:

Sample Configuration

Code Block

title	nginx

upstream cluster {
    ip_hash;
    server 10.0.0.1:8080;
    server 10.0.0.2:8080;
    keepalive 100;
}
server {
    listen 10.0.0.1:80;
    server_name powerfolder.com;
    return 301 https://$server_name$request_uri;
}
server {
    listen 10.0.0.1:443 ssl;
    ssl_certificate certificates/cluster.crt.pem;
    ssl_certificate_key certificates/cluster.key.pem;
    server_name powerfolder.com;
    client_max_body_size 2G;
    location / {
        proxy_http_version 1.1;
        proxy_set_header Connection "";
        proxy_pass http://powerfolder.com;
    }
    location /websocket/nodeID1 {
        proxy_http_version 1.1;
        proxy_pass http://10.0.0.1:8080/websocket;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
    }
    location /websocket/nodeID2 {
        proxy_http_version 1.1;
        proxy_pass http://10.0.0.2:8080/websocket;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
    }
    location /websocket {
        proxy_http_version 1.1;
        proxy_pass http://cluster/websocket;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
    }
}

WebSocket ProxyPass entries have to be defined BEFORE other ProxyPass entries

Code Block

title	Apache2

       <Proxy balancer://httpcluster>
                BalancerMember http://10.0.0.1:8080 route=nodeID1
                BalancerMember http://10.0.0.2:8080 route=nodeID2
                BalancerMember http://10.0.0.3:8080 route=nodeID3
                ProxySet stickysession=rpcid|JSESSIONID|jsessionid scolonpathdelim=On lbmethod=bybusyness
        </Proxy>

        <Proxy balancer://websocketcluster>
                BalancerMember ws://10.0.0.1:8080
                BalancerMember ws://10.0.0.2:8080
                BalancerMember ws://10.0.0.3:8080
                ProxySet lbmethod=bybusyness
        </Proxy>

        ProxyRequests Off
        ProxyPass               /websocket/nodeID1        ws://10.0.0.1:8080/websocket
        ProxyPass               /websocket/nodeID2        ws://10.0.0.2:8080/websocket
        ProxyPass               /websocket/nodeID3        ws://10.0.0.3:8080/websocket
        ProxyPass               /websocket              balancer://websocketcluster/websocket

        ProxyPass               /rpc                    balancer://httpcluster/rpc nocanon
        ProxyPassReverse        /rpc                    balancer://httpcluster/rpc
        ProxyPass               /                       balancer://httpcluster/    nocanon
        ProxyPassReverse        /                       balancer://httpcluster/

Enabling Web Sockets for Client

Please enable also the web sockets for client, you can simply extend the web sockets for iOS to clients.

Sample Configuration

Precondition: Please update the following configuration in Defaullt.config (sever) or PowerFolder.config (client) to use the web socket connection:

connections.websocket=true

Code Block

title	Apache2

<Proxy balancer://httpcluster>
    BalancerMember http://10.0.0.1:8080 route=nodeID1
    BalancerMember http://10.0.0.2:8080 route=nodeID2
    BalancerMember http://10.0.0.3:8080 route=nodeID3
    ProxySet stickysession=rpcid|JSESSIONID|jsessionid scolonpathdelim=On lbmethod=bybusyness
</Proxy>

<Proxy balancer://websocketcluster>
    BalancerMember ws://10.0.0.1:8080
route=nodeID1                 BalancerMember http:BalancerMember ws://10.0.0.2:8080
route=nodeID2                 BalancerMember httpws://10.0.0.3:8080
route=nodeID3    ProxySet lbmethod=bybusyness
</Proxy>

ProxyRequests Off

ProxyPass      ProxySet stickysession=rpcid|JSESSIONID|jsessionid scolonpathdelim=On lbmethod=bybusyness         </Proxy>/websocket/nodeID1          <Proxy balancerws://websocketcluster>
                BalancerMember ws://10.0.0.1:8080/websocket
ProxyPass               /websocket/nodeID2       BalancerMember ws://10.0.0.2:8080/websocket
ProxyPass               /websocket/nodeID3  BalancerMember      ws://10.0.0.3:8080/websocket
ProxyPass               /websocket ProxySet lbmethod=bybusyness         </Proxy>     balancer://websocketcluster/websocket

ProxyPass   ProxyRequests Off         ProxyPass               /websocket_client/nodeID1        ws://10.0.0.1:8080/websocket
        _client
ProxyPass               /websocket_client/nodeID2        ws://10.0.0.2:8080/websocket
       _client
ProxyPass               /websocket_client/nodeID3        ws://10.0.0.3:8080/websocket
        _client
ProxyPass               /websocket_client                balancer://websocketcluster/websocket_client

ProxyPass        ProxyPass       /rpc        /rpc                    balancer://httpcluster/rpc nocanon
ProxyPassReverse        ProxyPassReverse/rpc        /rpc                    balancer://httpcluster/rpc
ProxyPass        ProxyPass       /        /                       balancer://httpcluster/    nocanon
ProxyPassReverse        ProxyPassReverse/        /                       balancer://httpcluster/

Testing WebSocket configuration

We have prepared a sample HTML-File to test all the complete WebSoket-Contstruction and connectivity of your server including Loadbalancer, please note that you have to cutomize / edit the file and give the address of your server under the field "wsURI".

A example is as follows:

wsUri = "wss://my.ownserver.com/websocket";

Sample test file for connection check

Code Block

language	xml
title	websocket

 <!DOCTYPE html>
  <meta charset="utf-8" />
  <title>WebSocket Test</title>
  <script language="javascript" type="text/javascript">

  var wsUri = "wss://my.ownserver.com/websocket";
  var output;

  function init()
  {
    output = document.getElementById("output");
    testWebSocket();
  }

  function testWebSocket()
  {
    websocket = new WebSocket(wsUri);
    websocket.onopen = function(evt) { onOpen(evt) };
    websocket.onclose = function(evt) { onClose(evt) };
    websocket.onmessage = function(evt) { onMessage(evt) };
    websocket.onerror = function(evt) { onError(evt) };
  }

  function onOpen(evt)
  {
    writeToScreen("CONNECTED");
    doSend("WebSocket Test");
  }

  function onClose(evt)
  {
    writeToScreen("DISCONNECTED");
  }

  function onMessage(evt)
  {
    writeToScreen('<span style="color: blue;">RESPONSE: ' + evt.data+'</span>');
    websocket.close();
  }

  function onError(evt)
  {
    writeToScreen('<span style="color: red;">ERROR:</span> ' + evt.data);
  }

  function doSend(message)
  {
    writeToScreen("SENT: " + message);
    websocket.send(message);
  }

  function writeToScreen(message)
  {
    var pre = document.createElement("p");
    pre.style.wordWrap = "break-word";
    pre.innerHTML = message;
    output.appendChild(pre);
  }

  window.addEventListener("load", init, false);

  </script>

  <h2>WebSocket Test</h2>

  <div id="output"></div>

Sample downloadable test file

The downloadable test file:

websockets.html

Test results

After a successful of web sockets on your system, you will get:

Image Removed

After an unsuccessful setup, the results are as follows:

Image Removed

Create and Renew the D2D-Certificate

Please make sure that the administrator of the server should create the D2D-Certificate that is used for the encrypted dataflow from device to the Web-Sockets. This certificate is valid only for one year and after that it should be renewed manually through admin-portal under Network-Settings:

Image Removed

Enabling Web Sockets for Client

Please enable also the web sockets for client, you can simply extend the web sockets for iOS to clients.

Sample Configuration

Precondition: Please update the following configuration in Defaullt.config (sever) or PowerFolder.config (client) to use the web socket connection:

connections.websocket=true

<Proxy balancer://httpcluster> BalancerMember http://10.0.0.1:8080 route=nodeID1 BalancerMember http://10.0.0.2:8080 route=nodeID2 BalancerMember http://10.0.0.3:8080 route=nodeID3 ProxySet stickysession=rpcid|JSESSIONID|jsessionid scolonpathdelim=On lbmethod=bybusyness </Proxy> <Proxy balancer://websocketcluster> BalancerMember ws://10.0.0.1:8080 BalancerMember ws://10.0.0.2:8080 BalancerMember ws://10.0.0.3:8080 ProxySet lbmethod=bybusyness </Proxy> ProxyRequests Off ProxyPass /websocket/nodeID1 ws://10.0.0.1:8080/websocket ProxyPass /websocket/nodeID2 ws://10.0.0.2:8080/websocket ProxyPass

Code Block

title	Apache2

Code Block

title	nginx

<Proxy balancer://httpcluster>
    BalancerMember http://10.0.0.1:8080 route=nodeID1
    BalancerMember http://10.0.0.2:8080 route=nodeID2
    BalancerMember http://10.0.0.3:8080 route=nodeID3
    ProxySet stickysession=rpcid|JSESSIONID|jsessionid scolonpathdelim=On lbmethod=bybusyness
</Proxy>

<Proxy balancer://websocketcluster>
    BalancerMember ws://10.0.0.1:8080
    BalancerMember ws://10.0.0.2:8080
    BalancerMember ws://10.0.0.3:8080
    ProxySet lbmethod=bybusyness
</Proxy>

ProxyRequests Off

ProxyPass               /websocket/nodeID1        ws://10.0.0.1:8080/websocket
ProxyPass               /websocket/nodeID2        ws://10.0.0.2:8080/websocket
ProxyPass               /websocket/nodeID3        ws://10.0.0.3:8080/websocket
ProxyPass               /websocket                balancer://websocketcluster/websocket

ProxyPass               /websocket_client/nodeID1        ws://10.0.0.1:8080/websocket_client
ProxyPass               /websocket_client/nodeID2        ws://10.0.0.2:8080/websocket_client
ProxyPass               /websocket_client/nodeID3        ws://10.0.0.3:8080/websocket_client
ProxyPass               /websocket_client                balancer://websocketcluster/websocket_client

ProxyPass               /rpc                          balancer://httpcluster/rpc nocanon
ProxyPassReverse        /rpc                          balancer://httpcluster/rpc
ProxyPass               /                             balancer://httpcluster/    nocanon
ProxyPassReverse        /                             balancer://httpcluster/
nginx


upstream cluster {
    ip_hash;
    server 10.0.0.1:8080;
    server 10.0.0.2:8080;
    keepalive 100;
}
server {
    listen 10.0.0.1:80;
    server_name powerfolder.com;
    return 301 https://$server_name$request_uri;
}
server {
    listen 10.0.0.1:443 ssl;
    ssl_certificate certificates/cluster.crt.pem;
    ssl_certificate_key certificates/cluster.key.pem;
    server_name powerfolder.com;
    client_max_body_size 2G;
    location / {
        proxy_http_version 1.1;
        proxy_set_header Connection "";
        proxy_pass http://powerfolder.com;
    }
    
    location /websocket/nodeID3nodeID1 {
        ws://10.proxy_http_version 1.1;
        proxy_pass http://10.0.0.31:8080/websocket;
ProxyPass        proxy_set_header Upgrade $http_upgrade;
     /websocket   proxy_set_header Connection "Upgrade";
    }
    location balancer://websocketcluster/websocketwebsocket/nodeID2 {
 ProxyPass       proxy_http_version 1.1;
      /websocket_client/nodeID1        wsproxy_pass http://10.0.0.12:8080/websocket_client
ProxyPass;
        proxy_set_header Upgrade $http_upgrade;
        /websocket_client/nodeID2  proxy_set_header Connection "Upgrade";
     ws://10.0.0.2:8080/websocket_client
ProxyPass}
    location /websocket  {
        /websocket_client/nodeID3proxy_http_version 1.1;
        wsproxy_pass http://10.0.0.3:8080/websocket_client
ProxyPasscluster/websocket;
        proxy_set_header Upgrade $http_upgrade;
        /websocket_clientproxy_set_header Connection "Upgrade";
    }
    
    location balancer://websocketcluster/websocket_client/nodeID1 {
ProxyPass        proxy_http_version 1.1;
     /rpc   proxy_pass http://10.0.0.1:8080/websocket_client;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection  balancer://httpcluster/rpc nocanon
ProxyPassReverse  "Upgrade";
    }
    location /websocket_client/rpcnodeID2 {
           proxy_http_version 1.1;
            balancerproxy_pass http://httpcluster/rpc
ProxyPass10.0.0.2:8080/websocket_client;
        proxy_set_header Upgrade $http_upgrade;
    /    proxy_set_header Connection "Upgrade";
    }
    location /websocket_client {
        proxy_http_version  balancer://httpcluster/1.1;
    nocanon ProxyPassReverse        /proxy_pass http://cluster/websocket_client;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
      balancer://httpcluster/

Code Block

title	NGINX

<Proxy balancer://httpcluster>
    BalancerMember http://10.0.0.1:8080 route=nodeID1
    BalancerMember http://10.0.0.2:8080 route=nodeID2
    BalancerMember http://10.0.0.3:8080 route=nodeID3
    ProxySet stickysession=rpcid|JSESSIONID|jsessionid scolonpathdelim=On lbmethod=bybusyness
</Proxy>

<Proxy balancer://websocketcluster>
    BalancerMember ws://10.0.0.1:8080
    BalancerMember ws://10.0.0.2:8080
    BalancerMember ws://10.0.0.3:8080
    ProxySet lbmethod=bybusyness
</Proxy>

ProxyRequests Off

ProxyPass               /websocket/nodeID1        ws://10.0.0.1:8080/websocket
ProxyPass               /websocket/nodeID2        ws://10.0.0.2:8080/websocket
ProxyPass               /websocket/nodeID3        ws://10.0.0.3:8080/websocket
ProxyPass               /websocket                balancer://websocketcluster/websocket

ProxyPass               /websocket_client/nodeID1        ws://10.0.0.1:8080/websocket_client
ProxyPass               /websocket_client/nodeID2        ws://10.0.0.2:8080/websocket_client
ProxyPass               /websocket_client/nodeID3        ws://10.0.0.3:8080/websocket_client
ProxyPass               /websocket_client                balancer://websocketcluster/websocket_client

ProxyPass               /rpc                          balancer://httpcluster/rpc nocanon
ProxyPassReverse        /rpc                          balancer://httpcluster/rpc
ProxyPass               /                             balancer://httpcluster/    nocanon
ProxyPassReverse        /                             balancer://httpcluster/
nginx


upstream cluster {
    ip_hash;
    server 10.0.0.1:8080;
    server 10.0.0.2:8080;
    keepalive 100;
}
server {
    listen 10.0.0.1:80;
    server_name powerfolder.com;
    return 301 https://$server_name$request_uri;
}
server {
    listen 10.0.0.1:443 ssl;
    ssl_certificate certificates/cluster.crt.pem;
    ssl_certificate_key certificates/cluster.key.pem;
    server_name powerfolder.com;
    client_max_body_size 2G;
    location / {
        proxy_http_version 1.1;
        proxy_set_header Connection "";
        proxy_pass http://powerfolder.com;
    }
    
    location /websocket/nodeID1 {
        proxy_http_version 1.1;
        proxy_pass http://10.0.0.1:8080/websocket;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
    }
    location /websocket/nodeID2 {
        proxy_http_version 1.1;
        proxy_pass http://10.0.0.2:8080/websocket;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
    }
    location /websocket {
        proxy_http_version 1.1;
        proxy_pass http://cluster/websocket;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
    }
    
    location /websocket_client/nodeID1 {
        proxy_http_version 1.1;
        proxy_pass http://10.0.0.1:8080/websocket_client;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
    }
    location /websocket_client/nodeID2 {
        proxy_http_version 1.1;
        proxy_pass http://10.0.0.2:8080/websocket_client;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
    }
    location /websocket_client {
        proxy_http_version 1.1;
        proxy_pass http://cluster/websocket_client;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
    }
}

Testing WebSocket configuration

}
}

Testing Web Socket Configuration iOS

We have prepared a sample HTML-File to test all the complete WebSoket-Contstruction and connectivity of your server including Loadbalancer, please note that you have to cutomize / edit the file and give the address of your server under the field "wsURI".

A example is as follows:

wsUri = "wss://my.ownserver.com/websocket";

Sample test file for connection check

Code Block

language	xml
title	websocket

 <!DOCTYPE html>
  <meta charset="utf-8" />
  <title>WebSocket Test</title>
  <script language="javascript" type="text/javascript">

  var wsUri = "wss://my.ownserver.com/websocket";
  var output;

  function init()
  {
    output = document.getElementById("output");
    testWebSocket();
  }

  function testWebSocket()
  {
    websocket = new WebSocket(wsUri);
    websocket.onopen = function(evt) { onOpen(evt) };
    websocket.onclose = function(evt) { onClose(evt) };
    websocket.onmessage = function(evt) { onMessage(evt) };
    websocket.onerror = function(evt) { onError(evt) };
  }

  function onOpen(evt)
  {
    writeToScreen("CONNECTED");
    doSend("WebSocket Test");
  }

  function onClose(evt)
  {
    writeToScreen("DISCONNECTED");
  }

  function onMessage(evt)
  {
    writeToScreen('<span style="color: blue;">RESPONSE: ' + evt.data+'</span>');
    websocket.close();
  }

  function onError(evt)
  {
    writeToScreen('<span style="color: red;">ERROR:</span> ' + evt.data);
  }

  function doSend(message)
  {
    writeToScreen("SENT: " + message);
    websocket.send(message);
  }

  function writeToScreen(message)
  {
    var pre = document.createElement("p");
    pre.style.wordWrap = "break-word";
    pre.innerHTML = message;
    output.appendChild(pre);
  }

  window.addEventListener("load", init, false);

  </script>

  <h2>WebSocket Test</h2>

  <div id="output"></div>

Sample File

The downloadable test file:

websockets.html

Results

After a successful of web sockets on your system, you will get:

Image Added

After an unsuccessful setup, the results are as follows:

Image Added

Create and Renew the D2D-Certificate

Please make sure that the administrator of the server should create the D2D-Certificate that is used for the encrypted dataflow from device to the Web-Sockets. This certificate is valid only for one year and after that it should be renewed manually through admin-portal under Network-Settings:

Image Added

Testing Web Socket Configuration Desktop Client

You can test the web socket configuration in client using the above script by updating this as follows:

wsUri = "wss://my.ownserver.com/websocket_client";

Column

Panel

title	Overview:

Table of Contents

maxLevel	4

h 24.21

w 2402

24.21

2402

...

Version	Old Version 26	New Version 27
Changes made by	Ahmad Abdullah	Ahmad Abdullah
Saved on	May 10, 2024	May 10, 2024

Versions Compared

Key

D2D SSL CA Certificate and SSL Certificate

Web Socket configuration for iOS

Sample Configuration

D2D SSL CA Certificate and SSL Certificate

Web Socket configuration for iOS

Sample Configuration

Enabling Web Sockets for Client

Sample Configuration

Testing WebSocket configuration

Sample test file for connection check

Sample downloadable test file

Test results

Create and Renew the D2D-Certificate

Enabling Web Sockets for Client

Sample Configuration

Testing Web Socket Configuration iOS

Sample test file for connection check

Sample File

Results

Create and Renew the D2D-Certificate

Testing Web Socket Configuration Desktop Client