Possible? publicly hosted mobile apps using my own mpns

Hello,
I take care of a small mattermost server instance for the company I work for. We have no subscription and are using the plain Team Edition(thanks for that to the devs and everyone else involved, it’s just great).
My supervisors now want push notifications(for android and iOS) so bad that I started some research.

https://docs.mattermost.com/deployment/push.html#securing-mobile-deployments
states that:
- If you use the publicly hosted mobile apps in iTunes or Google Play, you need to use the publicly hosted MPNS from Mattermost, Inc., which uses the corresponding secret.
- If you use a privately-hosted mobile app in an Enterprise App Store by compiling your own app, you need to also compile and use your own MPNS with the corresponding secret.

Does this mean:
The only way NOT to use the publicy hosted MPNS from mattermost is to be in the apple enterprise developer program(that goes for iOS) in order to aqquire “in house and ad hoc” disitrbution certificates?

Is there any way how to enable mobile push notifications using a private push notification server without being in the apple enterprise developer program?

Anyone got any experience with that? Any help is much appreciated!

Cheers,
CoolMoeD

Hi @COOLmoeD,

So to enable push notifications you will definitely need the certificates that apple give you for in-house, ad-hoc, development, production, etc… just to be able to send push notifications to IOS devices that’s the way it is, also you’ll need an ID from GCM or FCM as well for Android devices and then you can use Mattermost Push Proxy to connect your MM instance to it and get the notifications.

Hey @elias,
First of all, thanks for taking your time to write an answer to my question. Let me add some information regarding my background: I have more of a technical background working with linux servers in general, I have very little knowledge of app development and/or distribution via appstore/playstore.

The company I work for is a member of the Apple Developer Program, but sadly not of the Apple Developer Enterprise Program.
So in the Apple Developer Program I could create:
Development Certs

  • iOSApp Development
  • Apple Push Notification service SSL(sandbox)
    Production Certs
  • App Store and Ad Hoc
  • Apple Push Notification Service SSL (Sandbox & Production)
  • and some more which are not related to Push Notifications

so the Option for “In House and Adhoc” Certificates under Production is missing.

Is there a workaround by just using the Development Push Notification Cert? And for example distributing the app in “development” to the users via TestFlight(there should be a similiar app in the goole playstore I guess, didn’t research on that though)?
Would this be in agreement with the MIT License Mattmost Team Edition is published under?

What do you think?

Cheers,
CoolMoeD

Hey @COOLmoeD,

There is no explicit option for “In House and Adhoc” in the Apple Developer Program hehe sorry for that, the Production certs fro “Apple Push Notification service SSL” is the one you want. Be aware that you are going to need to modify the App in XCode to match your bundleId before you distribute it in any way, the same goes for the Android app and yes that would be in agreement with the license.

Hey @elias,
So it looks like I just got scared off early. When following the first link under Obtaining Apple Developer Keys to developer.apple.com the screenshot shows the Option “In House and Adhoc” under Production. So I guess the documentation on the apple site is outdated.
I will start working with the Production cert for “Apple Push Notification service SSL” as you advised now.

Let’s see how far I get :slight_smile:

I might revive this thread at any time when I run into problems related to the title of the topic :slight_smile:

Thanks again for you feedback!

Hey Elias,
not sure if you’re still following this thread, if not, maybe someone else has an idea what I’m doing wrong.

I had a few problems with the Apple keys in the mattermost-push-proxy.json

2017/06/26 11:04:37 CRIT Failed to load the apple pem cert err=open ../config/aps_production_priv.pem: no such file or directory for type=apple
panic: Failed to load the apple pem cert err=open ../config/aps_production_priv.pem: no such file or directory for type=apple

tried that with relative and absolute paths, no success, the files are there, permissions are 0664 for the appropriate user, which is not “ubuntu” but a custom user which is allowed to “sudo su”.
so I decided to kick out that section and make android work first and then get back to iOS.

I’m struggling getting it to work with FCM after I completely kicked out the Apple Section in the ./config/mattermost-push-proxy.json
Now I’m wondering if I should use FCM or GCM.
After many failures I’m wondering if it might be easier to get it work with GCM instead of FCM. In AndroidStudio I can see a lot of java code in the source of the mattermost android app related to GCM, nothing about FCM. So it might be the case that I’d have to change “a lot of the”/“some” java code for getting it to work via FCM?

So right now I can’t even verify that the server is working through a local test.
I tried this with FCM SenderID and FCM Server Key as AndroidApiKey as I found different statements regarding what the AndroidApiKey actually is :confused:

Test with FCM SenderID as AndroidApiKey in …/config/mattermost-push-proxy.json

curl http://127.0.0.1:8066/api/v1/send_push -X POST -H "Content-Type: application/json" -d '{ "message":"test", "badge": 1, "platform":"android", "server_id":"(MY_SERVER_ID)", "device_id":"(MY_DEVICE_ID)"}'
I get
{"error":"unknown transport error","status":"FAIL"}
and from /var/log/upstart/mattermost-push-proxy.log

2017/06/27 09:46:12 INFO Sending android push notification for type=android
2017/06/27 09:46:12 ERROR Failed to send GCM push sid=(MY_SERVER_ID) did=(MY_ANDROID_DEVICE_ID) err=401 error: 401 Unauthorized type=android

Test with FCM Server Key as AndroidApiKey in …/config/mattermost-push-proxy.json

same curl like above outputs:
{"status":"REMOVE"}
and from /var/log/upstart/mattermost-push-proxy.log

2017/06/28 14:35:17 INFO Sending android push notification for type=android
2017/06/28 14:35:18 INFO Android response failure sending remove code: (Cryptic_numbers) 0 1 0 [{  InvalidRegistration}]} type=android

any ideas? anyone ? :confused:

Are you running mattermost-push-proxy from the folder that contains config/aps_production_priv.pem ?

this is my config

{
	"ListenAddress":":8066",
	"ThrottlePerSec":300,
	"ThrottleMemoryStoreSize":50000,
	"ThrottleVaryByHeader":"X-Forwarded-For",
  "EnableMetrics": false,
	"ApplePushSettings": [
		{
			"Type" : "apple_rn",
			"ApplePushUseDevelopment": false,
			"ApplePushCertPrivate": "./config/aps_production_priv.pem",
			"ApplePushCertPassword": "",
			"ApplePushTopic": "com.mattermost.react.native"
		}
	],
	"AndroidPushSettings": [
		{
			"Type" : "android_rn",
			"AndroidApiKey": "XXXXXXXXXXXXXXXXXXX"
		}
	]
}

for the AndroidApiKey i’m attaching the Firebase console settings and the one that you need to use is the Web API Key

Hey Elias,
I was really confident that I’ll get at least the android app running today when I read your post this morning, sadly I’m still stuck.
Yes I am running mattermost-push-proxy from the folder that contains config/aps_production_priv.pem
The main folder is /home/user/mattermost-push-proxy

ls -lha /home/user/mattermost-push-proxy/config
drwxrwxr-x 2 user user 4.0K Jul  4 09:13 .
drwxrwxr-x 5 user user 4.0K Jun 26 11:38 ..
-rw-rw-r-- 1 user user 2.2K Jun 23 16:48 aps_production.pem
-rw-rw-r-- 1 user user 1.8K Jun 23 16:48 aps_production_priv.pem
-rw-rw-r-- 1 user user    6 Apr 27 21:33 build.txt
-rw-rw-r-- 1 user user  440 Jul  4 09:08 mattermost-push-proxy.json

my mattermost-push-proxy.json looks like this(after I updated the AndroidApiKey value):

{
   "ListenAddress":":8066",
    "ThrottlePerSec":300,
    "ThrottleMemoryStoreSize":50000,
    "ThrottleVaryByHeader":"X-Forwarded-For",
    "EnableMetrics": false,
    "AndroidPushSettings":[
        {
            "Type":"android",
            "AndroidApiKey":"AIzaSyD(OBSCURED)"
        },
        {
            "Type":"android_rn",
            "AndroidApiKey":"AIzaSyD(OBSCURED)"
        }
    ]
}

and a screenshot from the firebase console

I also verified MY_SERVER_ID again
( SELECT * FROM Systems WHERE Name = 'DiagnosticId'; )
and rebuilt the app, installed it on my mobile and updated the curl command execution to the new MY_DEVICE_ID
(SELECT Email, DeviceId FROM Sessions, Users WHERE Sessions.UserId = Users.Id AND DeviceId != '' AND Email = 'my_email_address'; )

I restarted the mattermost-push-proxy afterwards. sadly, still the same “unauthorized” error:

curl http://127.0.0.1:8066/api/v1/send_push -X POST -H "Content-Type: application/json" -d '{ "message":"test", "badge": 1, "platform":"android", "server_id":"(MY_SERVER_ID)", "device_id":"(MY_DEVICE_ID)"}'

output {"error":"unknown transport error","status":"FAIL"}

output from /var/log/upstart/mattermost-push-proxy.log

2017/07/04 09:41:04 INFO Loading /home/user/mattermost-push-proxy/config/mattermost-push-proxy.json
2017/07/04 09:41:04 INFO Push proxy server is initializing…
2017/07/04 09:41:04 INFO Initializing Android notificaiton server for type=android
2017/07/04 09:41:04 INFO Initializing Android notificaiton server for type=android_rn
2017/07/04 09:41:04 INFO Server is listening on :8066
2017/07/04 09:41:09 INFO Sending android push notification for type=android
2017/07/04 09:41:10 ERROR Failed to send GCM push sid=(MY_SERVER_ID) did=(MY_DEVICE_ID) err=401 error: 401 Unauthorized type=android

If you have any other ideas how to debug this I’d appreciate every hint. and no matter if or if not, thank you for the time you have invested into helping me so far !!!

Cheers,
CoolMoeD

Hi @COOLmoeD

not really sure what’s going on here really, it seems that GCM is not validating your key or something like that, just to be sure, that deviceId is registered in GCM?

Hey @elias
Me not being sure why the device should be registered in gcm instead of fcm shows one more time that I have ~0.1% knowledge when it comes to mobile app developement.
I will have to learn some basics first I guess and stop asking beginner questions here.
I will keep on struggling, once I find out what I’m actually doing wrong here, I will upgrade this thread.

Thanks again for the time you invested trying to figure out what I’m doing wrong(might just be too many things)!

Take care,
CoolMoeD

Thanks @COOLmoeD,

I’ll close this issue off for now but feel free to come back at any time to report issues or ask for help :slight_smile:

please update your solution

hey @vipinbimt
sadly I was not able to solve this. My plan was to start again from scratch with the release of the new mobile app.
As the new mobile app is out, I was not able to find an updated doc , check https://docs.mattermost.com/deployment/push.html

I have my doubts that I will ever be able to solve this as I have very little knowledge about app development. As I said earlier in this post, I’m pretty much a server admin and not a developer. Though getting a sample push notification project working in Firebase was no problem at all for me…

If I solve this, I will update this post and write down a detailed step by step tutorial for non app developers. But yes, I have my doubts.

Cheers,
CoolMoeD

while at it:
did anyone already compile the new react native mobile app for usage with self hosted mpns? I just downloaded and compiled it from here https://github.com/mattermost/mattermost-mobile . but logo still says beta and I couldn’t find instructions where to enter gcm sender id, server url and so on.

while at it:
did anyone already compile the new react native mobile app for usage with self hosted mpns? I just downloaded and compiled it from here https://github.com/mattermost/mattermost-mobile2 . but logo still says beta and I couldn’t find instructions where to enter gcm sender id, server url and so on.

I have compiled. But only for Android.
Find file “mattermost-mobile/android/app/src/main/AndroidManifest.xml” and change <meta-data android:name="com.wix.reactnativenotifications.gcmSenderId" android:value="<VALUE_TO_CHANGE>\0"/>.
That’s all you need.

@lindy65 why are you closing these ticket, its not solved yet ?!
whats your declaration for this?

@COOLmoeD actually i try to run push-notifications with mattermost.
now installed mattermost-server and mattermost-push-proxy and try to test it with mattermost-origin android -app but got the same issue.

same curl like above outputs:
{"status":"REMOVE"}

if i red the documentation correctly, so we have to build the mattermot-app by your own .
currently did not tried it

Hey @stephanfriedrich,

Apologies, from your message above mine (where I mentioned I’d close off the issue), it seemed you wouldn’t be actively working on this and that you’d come back with questions when and if needed so I closed it off in the meantime.

I’ve taken off the ‘solved’ label :slight_smile:

Hey @stephanfriedrich ,
As far as I understand: Yes, you will have to build the mattermost apps on your own.
If you need help with setting everything up, I can recommend joining the mattermost nightly build chat server.
Everyone in this chat server is very helpful and dedicated, give it a try if you didn’t yet!
Mattermost Nightly Build Server

You will need basic app development knowledge though(if you’re used to working with IntelliJ / AndroidStudio you won’t have any problems).

I did some great improvements when it comes to app development: I got the dev environment set up on a Mac for iOS and android. :slight_smile: I wasn’t able though to succesfully test sending out push notifcations via the MPNS.
Thanks to elias (I can only mention 2 users in a post, as I’m a new user, otherwise I’d mention him here.) for providing a work in progress tutorial regarding the setup of the dev environment for both iOS and android!!

I am currently working on a centralized logging server and the year is short, so I do not know if I can start working on the push notifcation again this year. But however: I got “working mattermost push notifications via MPNS” as a objective for Q1 2018. And I’m confident that I will achieve that goal.

@lindy65 closnig this post with “solved” was ok for me, as I honestly gave up on it as written above. But I guess you know that :slight_smile:

Cheers