I have been able to get my Xcode bot to integrate successfully and create a .ipa file. I have an ssl certificate installed on my Xcode server and I can connect to the xcode/bots url fine. When I connect to the url through an iPad, I am first prompted to install a certificate but it says that it's not verified in red (see attachment)
After I install the profile on the device, the xcode/bots page has a green "install" button. Once I click the "install" button it never loads the app and after several minutes I get a "Cannot connect to xx.yy.com"
Any thoughts on what this could be?
https://github.com/mtjddnr/lab/wiki/Xcode-Integration-Server-OTA---Reverse-Proxy-Nginx
Nginx + Reverse Proxy + OS X Server[Xcode Server]
Setup
Internet -> [443] Router (Port Forwarding) -> [443]Nginx Server(Has HTTPS certificate) -> [443]Mac Mini (OS X Server, Xcode Server)
(StartSSL certificate is used)
Xcode Server uses 20300(HTTP), 20343(HTTPS) ports
Problem
- Enter Xcode Server WEB
- Select Bot
- hit
Install
button
- It will ask to install certificate if first time. Install it and go back to webpage.
- hit
Install
button again
- Alert message "Cannot connect to server"
How OTA works
- When hit
Install
button, it navigates to https://<DOMAIN>/xcode/internal/api/integrations/<UNIQUE ID>/install_product
- It returns status 302 to new location:
itms-services://?action=download-manifest&url=https://<DOMAIN>:20343/api/integrations/<UNIQUE ID>/<RECENT Integrated ID>/install_manifest.plist
itms-services
URL Schema calls iOS device to run installation.
- iOS downloads
install_manifest.plist
then based on plist information, it selects right IPA
URL
https://<DOMAIN>:20343/api/assets/token/<RECENT Integrated ID>/<UNIQUE ID>-<Bot Name>/<Intergation #>/<Product Name>-<Device Model>.ipa
- Download & Install
Analysis
- On Step 2, it returns URL
<DOMAIN>:20343
. Port number 20343 is not opened by Router(or Firewall)
- Also path should be
/xcode/internal/api/integrations/
not /api/integrations/
How to Fix
Location: /Library/Developer/XcodeServer/CurrentXcodeSymlink/Contents/Developer/usr/share/xcs/xcsd/
Modify constants.js
Line 25
XCSProxiedAPIBasePath: '/xcode/api',
to
XCSProxiedAPIBasePath: '/xcode/internal/api',
Comment classes/fileClass.js
Line 383
//host = host.split(':')[0] + ':' + k.XCSHTTPSPort; // force traffic over the HTTPS port
Modify classes/fileClass.js
Line 384
var basePath = k.XCSAPIBasePath; // connection is direct to xcsd, always
to
var basePath = k.XCSProxiedAPIBasePath; // connection is direct to xcsd, always
Restart Server
TL;DR You can fix this by sending yourself the ota.mobileconfig
file - see at bottom of this answer
What is happening
When you click that Install button, the IPA file is not downloaded from https://yourxcode.local but instead is downloaded from https://yourxcode.local:20343
The server that listens on https://yourxcode.local:20343 is actually not the same Apache server that runs on your OS X Server. It is a separate Node.js application that is part of the Xcode Server setup.
For reasons only known to the people at Apple who built this, this Node.js app uses a self-signed certificate and NOT the SSL certificate that you maybe already had installed on your OS X Server. (I really don't understand why they do this, it makes no sense)
So, to allow that self-signed certificate to work on your device, your Xcode Server is offering you an over-the-air mobile configuration profile that contains the root certificate for your this self-signed Node.js app.
That is what you see when you first hit the Install button the first time: Safari is asking you if you want to accept and install that new certificate.
Now if the installation of this certificate failed, it seems iOS still marks it as installed, even though it did not actually install correctly. There is no UI to undo this, or to remove the certificate, so there is no way to repeat the above.
You are now stuck with a device that you cannot use for downloading builds from Xcode Server unless you wipe your device. (No joke)
( I think it used to be possible to reset this info with the iPhone COnfiguration Utility, but that stopped working alltogether with iOS8)
Solution
No worries, I have found a workaround.
On your OS X Server, there is a file called
/Library/Developer/XcodeServer/ConfigurationProfiles/ota.mobileconfig
Email this file to yourself. On the iOS device where you get the Cannot connect to yourxcode.local
error, open this file from Mail.app as an attachment. Your device will ask you again if you want to install this certificate. Click through it. Answer Yes.
Go back to build summary screen and hit Install again. For some reason it will again ask you to accept the certificate once more. Click Yes and Confirm.
The application will now install on your device.