Push client configuration deprecated
How to configure push transport clients
In order to send push messages to a client you need to configure the necessary push transport client. Previously this was done via different yml files and properties. Now this has been unified and if you still use the old way you need to migrate to this approach. For this please consider the migration guide further down in this article.
The transport clients are now configured via yml files in the '/opt/open-xchange/etc/pushClientConfig' folder. All yml files in this folder are considered, however, the used client identifiers needs to be unique across all files. You can also configure multiple transport clients in one file.
The yml files need to follow the following structure:
The top elements are unique names which define the transport client ids. Then each client contains a '_type' field which contains the type of the transport client. Currently only 'apn' and 'fcm' are supported.
The other fields of a config vary depending on the type.
fcm
This is the configuration for android based clients which use the firebase cloud messaging service. The configuration for this type contains the following fields:
Name | Type | required | description |
---|---|---|---|
key | String | true | The fcm key |
Example config
my-fcm-transport-client:
_type: fcm
key: ABCDEFG12345
apn
The configuration for ios/macos based clients which use the apple push notification service. This type supports two configuration modes.
Certificate
A configuration based on a certificate. There are actually two ways to provide the keystore which contains the certificate. On one hand you can mount it as a file into the container and configure the path via the 'keystore' field. On the other hand and also the preferred way is to deploy it as a secret in the k8s cluster in the same namespace, label it with 'OX_KEYSTORE=YourKeystoreId' and configure this id via the keystoreId field.
Here is an overview over all fields for this auth type:
Name | Type | required | description |
---|---|---|---|
authtype | String | false | The config type. If configured must be set to 'certificate' |
keystoreId | String | false | The id of the keystore. Must be mapped to the OX_KEYSTORE label of the secret. |
keystore | String | false | The path to the local keystore file. |
password | String | false | The password of the keystore. |
topic | String | true | The topic of your application. Typically the bundle ID of the app. |
production | boolean | false | Indicates which apn service to use. |
Example apn certificate config
my-apn-certificate-based-transport-client:
_type: apn
authtype: certificate
topic: com.openxchange.mobile.drive2.pushkit.fileprovider
production: true
keystoreId: my-secret-label-value
password: myKeystorePassword
JWT
A configuration based on a json web token. Again there are two ways to provide the jwt. On one hand you can mount it as a file into the container and configure the path via the 'privatekey' field. On the other hand and also the preferred way is to deploy it as a secret in the k8s cluster in the same namespace, label it with 'OX_KEYSTORE=YourKeystoreId' and configure this id via the privatekeyId field.
Here is an overview over all fields for this auth type:
Name | Type | required | description |
---|---|---|---|
authtype | String | true | The config type. Must be set to 'jwt'. |
privatekeyId | String | false | The id of the jwt. Must be mapped to the OX_KEYSTORE label of the secret. |
privatekey | String | false | The path to the local jwt file. |
keyid | String | true | The key identifier of this jwt. |
teamid | String | true | The team identifier of this jwt. |
topic | String | true | The topic of your application. Typically the bundle ID of the app. |
production | boolean | false | Indicates which apn service to use. |
Example apn jwt config
my-apn-jwt-based-transport-client:
_type: apn
authtype: jwt
topic: com.openxchange.mobile.drive2.pushkit.fileprovider
production: true
privatekeyId: my-secret-label-value
keyid: MyKeyId
teamid: MyTeamId
How to map push subscriptions to transport clients
Once you configured all your transport for every client you want to support you need to map the subscriptions to the respective transport. There are actually two different systems in place.
Drive
For push messages to drive clients you need to enabled the push transport and configure the client id for every transport type. The properties can be defined individually per user through the config cascade.
com.openexchange.drive.events.apn2.ios.enabled=true
com.openexchange.drive.events.apn2.ios.clientId=my-apn-certificate-based-transport-client
com.openexchange.drive.events.apn.ios.enabled=true
com.openexchange.drive.events.apn.ios.clientId=my-apn-jwt-based-transport-client
com.openexchange.drive.events.gcm.enabled=true
com.openexchange.drive.events.gcm.clientId=my-fcm-transport-client
Mobile Api Facade
For clients which use the mobile api facade it is a bit different. Here the mobile client id must match the transport client id. So you need to configure the transport client with the mobile client id as a prefix followed by the operating system of the mobile client.
So for an android client with the client id 'my-mobile-client' you need to configure a transport client with the id 'my-mobile-client-android'. And for an ios client with the client id 'my-other-client' you need to configure a transport client with the id 'my-other-client-ios'.
Migration
If you want to migrate from your current configuration to the new one please follow the following steps
Drive
- Remove all com.openexchange.drive.events.* properties with the exception of the com.openexchange.drive.events.*.enabled properties
- Optionally create a k8s secret from the used keystore files and label them with the OX_KEYSTORE key and a unique value of your choosing
- Create the yml configuration
- Create a yml file and mount it into the /opt/open-xchange/etc/pushClientConfig folder
- Add a transport configuration to it for each different transport client you want to support
- Choose a unique name
- Choose the respective type (apn or fcm)
- Take over the configuration of the existing
- Optionally set the keystore id to the value of your secret label
- For each transport configure the respective com.openexchange.drive.events.*.clientId
Mobile Api Facade
APN
- Optionally create a k8s secret from the used keystore files and label them with the OX_KEYSTORE as a key and a unique value of your choosing
- Move your /opt/open-xchange/etc/pns-apns-options.yml into the /opt/open-xchange/etc/pushClientConfig folder
- Adjust the yml
- Remove the enabled field of this config
- Adjust the name to match the id + the operating system of your mobile client (see above)
- Replace keystore with keystoreId and set it to the respective secret label value
GCM
Basically do the same as for apn for the pns-gcm-options.yml file with the exception that the keystore changes are not necessary.