IMPORTANT. Starting from the version 21.04, Relay server is supported according to technical support contract terms. Source codes of Relay server are published at: https://updates.fsight.ru/s/6DN6468KGBL2DGB. Any company can use Relay server solution for development. When renewing or concluding a new technical support contract, check additional support conditions for Relay server. It is recommended to use well-known security tools for publishing web applications, for example, Application Firewall and Application Proxy.
A Relay server is a server, on which a Relay service is deployed. A Relay service enables the user to establish a connection between a mobile device and a mobile platform server with heightened requirements to protection of internal corporate network data. In this case ports from external network to internal network are closed, only ports from internal network into external network are opened.
A Relay client is a node that establishes connection between a Relay server and a mobile platform server.
NOTE. To provide correct work, mobile platform server and Relay server versions must match. When a Relay server is used, interaction between a mobile client and a mobile platform server is slowed down.
The scheme of interaction between a mobile client, a Relay server, a Relay client, and a mobile platform server:
A mobile platform server establishes HTTP connection with a Relay client. A Relay client establishes SSH connection with a Relay server. A Relay server establishes HTTP connection with a mobile client.
A mobile client exchanges data with a mobile platform server using a Relay server located in the external network, and using a Relay client located in the internal network.
A Relay server interacts with a mobile client and a mobile platform server:
If receives request to establish connection with a mobile platform server.
It exchanges requests with a mobile client.
It redirects the requests directed to the internal network to a mobile platform server within the established connection.
It prohibits connection if the connection request is directed not from a mobile platform server.
Installation of Relay server and Relay client is executed with the use of configuration files from the relay_sources_v23.12.<version number>.zip archive and the relay_images_v23.12.<version number>.tgz images located on mobile platform server. Copy the configuration files to all nodes to be used on the installation.
NOTE. A Relay server and a Relay client will be installed only after a mobile platform server is installed.
To install a Relay server and a Relay client:
Start a mobile platform server:
% docker-compose -f docker-compose.standalone.yml up
Go to the node, at which a Relay server is to be started, and execute the following operations:
Copy the generated SSH key id_rsa.pub from the node, at which a Relay client is running, to this node.
Declare the SSH_PUB_KEY variable for the SSH connection public key:
% export SSH_PUB_KEY=$(cat ~/<SSH keys catalog>/id_rsa.pub)
If required, replace the variable value in the .env file:
RELAY_SERVER_PORT. Specify port for Relay server start.
NOTE. The variable value should match with the value of the RELAY_SERVER_PORT variable in the .env file located on the Relay client node.
Start a Relay server:
% docker-compose -f docker-compose.relay.yml up -d relay_server
Go to the node, at which a Relay client is to be started, and execute the following operations:
NOTE. A Relay client can be started at the same node where a mobile platform server is started.
Generate SSH keys to establish an encrypted connection between a Relay client and a Relay server:
% ssh-keygen -t rsa -N "" -f ~/<SSH keys catalog>/id_rsa
Declare the SSH_PUB_KEY and SSH_KEY variables for the SSH connection keys:
% export SSH_PUB_KEY=$(cat ~/<SSH keys directory>/id_rsa.pub)
% export SSH_KEY=$(cat ~/<SSH keys directory>/id_rsa)
Change values of variables in the .env file:
INGRESS_HOST. Specify mobile platform server host.
RELAY_SERVER_HOST. Specify Relay server host.
If required, change values of variables:
INGRESS_PORT. Specify mobile platform server HTTP port.
INGRESS_HTTPS_PORT. Specify mobile platform server HTTPS port.
RELAY_SERVER_PORT. Specify port for Relay server start.
Start a Relay client:
% docker-compose -f docker-compose.relay.yml up -d relay_client
If required:
Cancel declaring of the SSH_KEY and SSH_KEY_PUB variables in a Relay client:
% unset SSH_KEY
% unset SSH_KEY_PUB
Cancel declaring the SSH_KEY_PUB variable on a Relay server:
% unset SSH_KEY_PUB
Remove the generated or copied SSH keys id_rsa, id_rsa.pub from the nodes, at which a Relay client a the Relay server are running.
After the operations are executed, a Relay server is installed. Requests between a mobile client and a mobile platform server will be exchanged via a Relay client and a Relay server. To send requests to the mobile platform, use Relay server domain name and the 8079 port, for example: domain.com:8079. If a Relay server does not contain domain name, create a pseudonym with domain name in the /etc/hosts file and use it for connection.
To disconnect a Relay server and a Relay client, execute the command:
% docker-compose -f docker-compose.relay.yml down
After executing the operations a Relay server and a Relay client will be disconnected.
See also:
Deployment and Preparation of Ubuntu-Based Server | Deployment and Preparation of Astra Linux-Based Server | Deployment and Preparation of Rocky Linux-Based Server | Updating Foresight Mobile Platform | Managing Mobile Platform | Activation and License Management