Xcode bot install link request time out

Question

I have been able to get my Xcode bot to integrate successfully and create a .ipa file. I have an ssl certificate installed on my Xcode server and I can connect to the xcode/bots url fine. When I connect to the url through an iPad, I am first prompted to install a certificate but it says that it's not verified in red (see attachment)

After I install the profile on the device, the xcode/bots page has a green "install" button. Once I click the "install" button it never loads the app and after several minutes I get a "Cannot connect to xx.yy.com"

Any thoughts on what this could be?

Answer 1

https://github.com/mtjddnr/lab/wiki/Xcode-Integration-Server-OTA---Reverse-Proxy-Nginx

Nginx + Reverse Proxy + OS X Server[Xcode Server]

Setup

Internet -> [443] Router (Port Forwarding) -> [443]Nginx Server(Has HTTPS certificate) -> [443]Mac Mini (OS X Server, Xcode Server)

(StartSSL certificate is used)

Xcode Server uses 20300(HTTP), 20343(HTTPS) ports

Problem

1. Enter Xcode Server WEB
2. Select Bot
3. hit Install button
4. It will ask to install certificate if first time. Install it and go back to webpage.
5. hit Install button again
6. Alert message "Cannot connect to server"

How OTA works

1. When hit Install button, it navigates to https://<DOMAIN>/xcode/internal/api/integrations/<UNIQUE ID>/install_product
2. It returns status 302 to new location: itms-services://?action=download-manifest&url=https://<DOMAIN>:20343/api/integrations/<UNIQUE ID>/<RECENT Integrated ID>/install_manifest.plist
3. itms-services URL Schema calls iOS device to run installation.
4. iOS downloads install_manifest.plist then based on plist information, it selects right IPA URL
5. https://<DOMAIN>:20343/api/assets/token/<RECENT Integrated ID>/<UNIQUE ID>-<Bot Name>/<Intergation #>/<Product Name>-<Device Model>.ipa
6. Download & Install

Analysis

• On Step 2, it returns URL <DOMAIN>:20343. Port number 20343 is not opened by Router(or Firewall)
• Also path should be /xcode/internal/api/integrations/ not /api/integrations/

How to Fix

Location: /Library/Developer/XcodeServer/CurrentXcodeSymlink/Contents/Developer/usr/share/xcs/xcsd/

Modify constants.js Line 25

XCSProxiedAPIBasePath: '/xcode/api', to XCSProxiedAPIBasePath: '/xcode/internal/api',

Comment classes/fileClass.js Line 383

//host = host.split(':')[0] + ':' + k.XCSHTTPSPort; // force traffic over the HTTPS port

Modify classes/fileClass.js Line 384

var basePath = k.XCSAPIBasePath; // connection is direct to xcsd, always

to var basePath = k.XCSProxiedAPIBasePath; // connection is direct to xcsd, always

Restart Server

Answer 2

TL;DR You can fix this by sending yourself the ota.mobileconfig file - see at bottom of this answer

What is happening

When you click that Install button, the IPA file is not downloaded from https://yourxcode.local but instead is downloaded from https://yourxcode.local:20343

The server that listens on https://yourxcode.local:20343 is actually not the same Apache server that runs on your OS X Server. It is a separate Node.js application that is part of the Xcode Server setup.

For reasons only known to the people at Apple who built this, this Node.js app uses a self-signed certificate and NOT the SSL certificate that you maybe already had installed on your OS X Server. (I really don't understand why they do this, it makes no sense)

So, to allow that self-signed certificate to work on your device, your Xcode Server is offering you an over-the-air mobile configuration profile that contains the root certificate for your this self-signed Node.js app.

That is what you see when you first hit the Install button the first time: Safari is asking you if you want to accept and install that new certificate.

Now if the installation of this certificate failed, it seems iOS still marks it as installed, even though it did not actually install correctly. There is no UI to undo this, or to remove the certificate, so there is no way to repeat the above.

You are now stuck with a device that you cannot use for downloading builds from Xcode Server unless you wipe your device. (No joke)

( I think it used to be possible to reset this info with the iPhone COnfiguration Utility, but that stopped working alltogether with iOS8)

Solution

No worries, I have found a workaround.

On your OS X Server, there is a file called

/Library/Developer/XcodeServer/ConfigurationProfiles/ota.mobileconfig

Email this file to yourself. On the iOS device where you get the Cannot connect to yourxcode.local error, open this file from Mail.app as an attachment. Your device will ask you again if you want to install this certificate. Click through it. Answer Yes.

Go back to build summary screen and hit Install again. For some reason it will again ask you to accept the certificate once more. Click Yes and Confirm.

The application will now install on your device.