Login/Register
Xcode bot install link request time out
Asked Answered
iosobjective-cxcodesslxcode-bots
A

2

5

I have been able to get my Xcode bot to integrate successfully and create a .ipa file. I have an ssl certificate installed on my Xcode server and I can connect to the xcode/bots url fine. When I connect to the url through an iPad, I am first prompted to install a certificate but it says that it's not verified in red (see attachment) Not verified

After I install the profile on the device, the xcode/bots page has a green "install" button. Once I click the "install" button it never loads the app and after several minutes I get a "Cannot connect to xx.yy.com" Cannot connection

Any thoughts on what this could be?

Anglaangle answered 5/2, 2015 at 4:23 Comment(1)
Had this problem also, but the upvoted solution here didn't solve it. I found another SO that worked: #25974517Counterattraction
A
10

https://github.com/mtjddnr/lab/wiki/Xcode-Integration-Server-OTA---Reverse-Proxy-Nginx

Nginx + Reverse Proxy + OS X Server[Xcode Server]

Setup

Internet -> [443] Router (Port Forwarding) -> [443]Nginx Server(Has HTTPS certificate) -> [443]Mac Mini (OS X Server, Xcode Server)

(StartSSL certificate is used)

Xcode Server uses 20300(HTTP), 20343(HTTPS) ports

Problem

  1. Enter Xcode Server WEB
  2. Select Bot
  3. hit Install button
  4. It will ask to install certificate if first time. Install it and go back to webpage.
  5. hit Install button again
  6. Alert message "Cannot connect to server"

How OTA works

  1. When hit Install button, it navigates to https://<DOMAIN>/xcode/internal/api/integrations/<UNIQUE ID>/install_product
  2. It returns status 302 to new location: itms-services://?action=download-manifest&url=https://<DOMAIN>:20343/api/integrations/<UNIQUE ID>/<RECENT Integrated ID>/install_manifest.plist
  3. itms-services URL Schema calls iOS device to run installation.
  4. iOS downloads install_manifest.plist then based on plist information, it selects right IPA URL
  5. https://<DOMAIN>:20343/api/assets/token/<RECENT Integrated ID>/<UNIQUE ID>-<Bot Name>/<Intergation #>/<Product Name>-<Device Model>.ipa
  6. Download & Install

Analysis

  • On Step 2, it returns URL <DOMAIN>:20343. Port number 20343 is not opened by Router(or Firewall)
  • Also path should be /xcode/internal/api/integrations/ not /api/integrations/

How to Fix

Location: /Library/Developer/XcodeServer/CurrentXcodeSymlink/Contents/Developer/usr/share/xcs/xcsd/

Modify constants.js Line 25

XCSProxiedAPIBasePath: '/xcode/api', to XCSProxiedAPIBasePath: '/xcode/internal/api',

Comment classes/fileClass.js Line 383

//host = host.split(':')[0] + ':' + k.XCSHTTPSPort; // force traffic over the HTTPS port

Modify classes/fileClass.js Line 384

var basePath = k.XCSAPIBasePath; // connection is direct to xcsd, always

to var basePath = k.XCSProxiedAPIBasePath; // connection is direct to xcsd, always

Restart Server
Alaynaalayne answered 22/10, 2015 at 13:17 Comment(9)
That's a fantastic workaround, thanks! Hopefully there is a bug report filed too.Adown
Absolutely brilliant! I've been banging my head on this on and off for a week. Thank you very much indeed for posting this answer. Without OTA installs Xcode Server is like flat beer.Strobel
After over a day of attempting a variety of solutions to the "Cannot connect to server" alert, this was finally what solve the issue for me. Only reason I found this is by reading the device console while hooked up to Xcode. Hopefully this hack is fixed in Xcode soon!Camise
@SungWookMoon Did you file a radar on this, or do you know if one already exists?Camise
@Camise I reported to bugreport.apple.com they asked me to run "sudo xcrun xcsdiagnose" and upload file. And I haven't get any updates yet.Alaynaalayne
Confirmed! Great job and many thanks. Initially I could not believe that they could make a bug like this - I just could not. But when nothing else worked, I set up SSL-proxy sniffer, and I checked all the traffic for myself - and you are absolutely right. Thanks again, for digging it even further and finding out where to apply the fix. I appreciate!Trumpeter
Wow. This worked perfect for us. I can't believe we had to edit core code components for xcode to get this to work. :(Approval
Have you try it on macOS Sierra with Server 5.2? I made the changes but still getting "Cannot connect to ...".Lacuna
macOS sierra, server 5.2 - Did not helpContrary
L
4

TL;DR You can fix this by sending yourself the ota.mobileconfig file - see at bottom of this answer

What is happening

When you click that Install button, the IPA file is not downloaded from https://yourxcode.local but instead is downloaded from https://yourxcode.local:20343

The server that listens on https://yourxcode.local:20343 is actually not the same Apache server that runs on your OS X Server. It is a separate Node.js application that is part of the Xcode Server setup.

For reasons only known to the people at Apple who built this, this Node.js app uses a self-signed certificate and NOT the SSL certificate that you maybe already had installed on your OS X Server. (I really don't understand why they do this, it makes no sense)

So, to allow that self-signed certificate to work on your device, your Xcode Server is offering you an over-the-air mobile configuration profile that contains the root certificate for your this self-signed Node.js app.

That is what you see when you first hit the Install button the first time: Safari is asking you if you want to accept and install that new certificate.

Now if the installation of this certificate failed, it seems iOS still marks it as installed, even though it did not actually install correctly. There is no UI to undo this, or to remove the certificate, so there is no way to repeat the above.

You are now stuck with a device that you cannot use for downloading builds from Xcode Server unless you wipe your device. (No joke)

( I think it used to be possible to reset this info with the iPhone COnfiguration Utility, but that stopped working alltogether with iOS8)

Solution

No worries, I have found a workaround.

On your OS X Server, there is a file called

/Library/Developer/XcodeServer/ConfigurationProfiles/ota.mobileconfig

Email this file to yourself. On the iOS device where you get the Cannot connect to yourxcode.local error, open this file from Mail.app as an attachment. Your device will ask you again if you want to install this certificate. Click through it. Answer Yes.

Go back to build summary screen and hit Install again. For some reason it will again ask you to accept the certificate once more. Click Yes and Confirm.

The application will now install on your device.

Lovett answered 4/3, 2015 at 16:4 Comment(2)
Didn't work for me unfortunately. Running OS X Server 5.0.15 and Xcode 7.2Camise
Me neither, didn't seem to do anythingPianism

© 2022 - 2024 — McMap. All rights reserved.