Installing Relay Server

IMPORTANT. Starting from the version 21.04, Relay server is supported according to technical support contract terms. Source codes of Relay server are published at: https://updates.fsight.ru/s/6DN6468KGBL2DGB. Any company can use Relay server solution for development. When renewing or concluding a new technical support contract, check additional support conditions for Relay server. It is recommended to use well-known security tools for publishing web applications, for example, Application Firewall and Application Proxy.

A Relay server is a server, on which a Relay service is deployed. A Relay service enables the user to establish a connection between a mobile device and a mobile platform server with heightened requirements to protection of internal corporate network data. In this case ports from external network to internal network are closed, only ports from internal network into external network are opened.

A Relay client is a node that establishes connection between a Relay server and a mobile platform server.

NOTE. To provide correct work, mobile platform server and Relay server versions must match. When a Relay server is used, interaction between a mobile client and a mobile platform server is slowed down.

The scheme of interaction between a mobile client, a Relay server, a Relay client, and a mobile platform server:

A mobile platform server establishes HTTP connection with a Relay client. A Relay client establishes SSH connection with a Relay server. A Relay server establishes HTTP connection with a mobile client.

A mobile client exchanges data with a mobile platform server using a Relay server located in the external network, and using a Relay client located in the internal network.

A Relay server interacts with a mobile client and a mobile platform server:

Installation of Relay server and Relay client is executed with the use of configuration files from the relay_sources_v23.12.<version number>.zip archive and the relay_images_v23.12.<version number>.tgz images located on mobile platform server. Copy the configuration files to all nodes to be used on the installation.

NOTE. A Relay server and a Relay client will be installed only after a mobile platform server is installed.

To install a Relay server and a Relay client:

  1. Start a mobile platform server:

% docker-compose -f docker-compose.standalone.yml up

  1. Go to the node, at which a Relay server is to be started, and execute the following operations:

    1. Copy the generated SSH key id_rsa.pub from the node, at which a Relay client is running, to this node.

    2. Declare the SSH_PUB_KEY variable for the SSH connection public key:

% export SSH_PUB_KEY=$(cat ~/<SSH keys catalog>/id_rsa.pub)

    1. If required, replace the variable value in the .env file:

NOTE. The variable value should match with the value of the RELAY_SERVER_PORT variable in the .env file located on the Relay client node.

    1. Start a Relay server:

% docker-compose -f docker-compose.relay.yml up -d relay_server

  1. Go to the node, at which a Relay client is to be started, and execute the following operations:

NOTE. A Relay client can be started at the same node where a mobile platform server is started.

    1. Generate SSH keys to establish an encrypted connection between a Relay client and a Relay server:

% ssh-keygen -t rsa -N "" -f ~/<SSH keys catalog>/id_rsa

    1. Declare the SSH_PUB_KEY and SSH_KEY variables for the SSH connection keys:

% export SSH_PUB_KEY=$(cat ~/<SSH keys directory>/id_rsa.pub)
% export SSH_KEY=$(cat ~/<SSH keys directory>/id_rsa)

    1. Change values of variables in the .env file:

If required, change values of variables:

    1. Start a Relay client:

% docker-compose -f docker-compose.relay.yml up -d relay_client

  1. If required:

% unset SSH_KEY
% unset SSH_KEY_PUB

% unset SSH_KEY_PUB

After the operations are executed, a Relay server is installed. Requests between a mobile client and a mobile platform server will be exchanged via a Relay client and a Relay server. To send requests to the mobile platform, use Relay server domain name and the 8079 port, for example: domain.com:8079. If a Relay server does not contain domain name, create a pseudonym with domain name in the /etc/hosts file and use it for connection.

Disconnecting Relay Server and Relay Client

To disconnect a Relay server and a Relay client, execute the command:

% docker-compose -f docker-compose.relay.yml down

After executing the operations a Relay server and a Relay client will be disconnected.

See also:

Deployment and Preparation of Ubuntu-Based Server | Deployment and Preparation of Astra Linux-Based Server | Deployment and Preparation of Rocky Linux-Based Server | Updating Foresight Mobile Platform | Managing Mobile Platform | Activation and License Management