Telegraf Webhook HTTPS


#1

Hi!

I followed this Howto https://docs.particle.io/tutorials/integrations/influxdata/electron/ to get my devices send their data to an InfluxDB. Neither the article from particle nor that from Telegraf cover the HTTPS/SSL/TLS Topic. AFAIK Telegraf acts as HTTP Server (Webhook) and Particle Cloud will send POST requests there. But where can I add certificates to Telegraf?


#2

Ok, I got it.
Context: I’m on AWS.

  1. I put telegraf behind an ELB and forward requests to an EC2 instance. So I got SSL/TLS automatically without configuring that on telegraf.

  2. I found out, that the mentioned article is outdated. In the result, the particle web-hook received wrong data, which resulted in thsese telegraf logs:

     Error in plugin [inputs.webhooks]: json: cannot unmarshal string into Go struct field event.data of type particle.data
    

To get rid of this, I saw that there is only one JSON parsing in the Go code of the web-hook. But the article directs you to a configuration (maybe outdated), where the data is sent as embedded string - which is not parsed as separate JSON.
The solution is to set Request Format to Custom Body and modify the previously set JSON so that data contains the data without quotes: "data": {{{PARTICLE_EVENT_VALUE}}}.

A Custom Template for that (JSON-Config for that web-hook) can look like this:

{
    "event": "aws",
    "url": "https://example.com:2345/particle",
    "requestType": "POST",
    "noDefaults": true,
    "rejectUnauthorized": true,
    "body": "{\n  \"event\": \"{{{PARTICLE_EVENT_NAME}}}\",\n  \"data\": {{{PARTICLE_EVENT_VALUE}}},\n  \"coreid\": \"{{{PARTICLE_DEVICE_ID}}}\",\n  \"published_at\": \"{{{PARTICLE_PUBLISHED_AT}}}\",\n  \"name\": \"{{{PARTICLE_EVENT_NAME}}}\",\n  \"userid\": \"{{{PARTICLE_USER_ID}}}\",\n  \"fw_version\": \"{{{PRODUCT_VERSION}}}\",\n  \"public\": \"{{{PARTICLE_EVENT_PUBLIC}}}\",\n  \"influx_db\": \"example\",\n  \"measurement\": \"example\"\n}"
}

Btw: This web-hook subscribes to all topics which begin with aws - a fact I did not see in the docs. With that you only need one web-hook for one integration instead of one for each topic.


#3

That’s probably because we got so acustomed to Particle Webhooks being built ontop of the Particle.publish()/Particle.subscribe() paradigm which was there long before the arrival of Webhooks.
Since it was documented there already …
https://docs.particle.io/reference/firmware/photon/#particle-subscribe-

… the documentation of Webhooks only touches on this very briefly - but it does
https://docs.particle.io/reference/webhooks/#event


#4

You’re right. I have always MQTT in mind, maybe thats the reason why I missed an explicit wildcard for the subscription.


#5

Hi sja

I’ve been trying to get a webhook to talk to telegraf for a few days now without success.

Using your solution I get the following error:
Error in plugin [inputs.webhooks]: invalid character ‘e’ in literal true (expecting ‘r’)

Is this solution still working for you?


#6

Maybe your telegraf is loading the wrong config file? You have an initial one with some defaults enabled/configured and a .d folder with additional files.

It worked, atm its shutted down because of new approach on Azure. Not because AWS was not working but because of the team skills and habits.


#7

Hi sja,

Could you please give me a few details on how you set up the ELB? I’m basically where you were with authentication issues, haven’t worked with AWS all that much yet.

Thanks,
Peter


#8

@psherk The basic thing you can google for is AWS ELB SSL Termination, because one end of your TLS/SSL connection will end in that Elastic Load Balancer. My first approach was to have end-to-end encryption between the device and InfluxDB, but it makes more sense in a cloud infrastructure to use their mechanisms to create/rotate certificates. And the easiest way to do this is an ELB instance (In AWS Console listed beneath EC2) which can handle HTTP(S) and TCP Connections. The wizard on Console will help you.


#9

Excellent, thank you very much!


#10

Well, making progress but not quite there. I’ve got the following set up:

  1. Domain and certificate for domain
  2. Alias between domain and ELB
  3. Target group to forward traffic between ELB and EC2 instance.

I suspect I’ve got an issue in the target group configuration. Would I be correct in saying I need to forward port 1619 https on the ELB to the same port on the instance? Thanks again for the help, definitely a bit in over my head here.