Share via

IoTEdgeAPIProxy giving HTTP request to HTTPS port error

Villalobos, Rolando 5 Reputation points
2024-01-15T16:35:17.1766667+00:00

I've configured the parent device following the guide on how to configure a nested parent device with IoTEdgeAPIProxy but I'm getting the following error messages. I configured the Docker_request_route_address to have the hostIP address with port 443. If I used any other port, the module would not establish a connection. User's image

These are the logs from the IoTEdgeAPIProxy moduleUser's image

Also, I added the "registry" module but it never got pushed to device and is only in error state. User's image

User's image

User's image

Azure IoT Edge
Azure IoT Edge
An Azure service that is used to deploy cloud workloads to run on internet of things (IoT) edge devices via standard containers.
548 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. LeelaRajeshSayana-MSFT 13,871 Reputation points
    2024-01-22T14:33:35.1133333+00:00

    Hi @Villalobos, Rolando Greetings! Apologies for the delayed response. The API Proxy module uses the port 8000 which is exposed by default to enable the downstream devices pull the container images. With the downstream device, you should the point the image source to the API proxy module port image tag in the downstream device config.toml file as follows

    image = "$upstream:8000/azureiotedge-api-proxy:1.1"

    Port 8000 is exposed by default from the docker image. If a different nginx proxy port is used, add the ExposedPorts section declaring the port in the deployment manifest. For example, if you change the nginx proxy port to 8001, add the following to the deployment manifest:

    {
   "ExposedPorts": {
      "8001/tcp": {}
   },
   "HostConfig": {
      "PortBindings": {
            "8001/tcp": [
               {
                  "HostPort": "8001"
               }
            ]
      }
   }
}

    Although, looking at the error message you have added in the comments, it appears that error is originating due to failed authentication between the proxy module and the IoT Edge device. The error indicates that the certificate is signed by an unknown authority. This means that the certificate presented by the API proxy module is not trusted by the IoT Edge runtime. This can happen if the certificate is self-signed or if it is signed by a certificate authority that is not trusted by the IoT Edge runtime. If you are using a self-signed certificate, you would need to add the root CA to the trust bundle of the IoT Edge device. Please refer the article Manage trusted root CA (trust bundle) to add the root CA to the IoT Edge device. This should resolve this error.

    Hope this helps. Please let us know if you have any additional questions or concerns in the comments below.

    Update

    If you still continue to experience the same error leading to failed pull of containers, there could be additional restrictions set on the network. To overcome this, you would need to grant network access to the resources by whitelisting the URL's.

    If the response helped, please do click Accept Answer and Yes for the answer provided. Doing so would help other community members with similar issue identify the solution. I highly appreciate your contribution to the community.