I have problem when creating Telegram Bot with a webhook.
Currently I have done this:
I have a cloud, with IP Address xxx.xxx.xxx.xxx, without a domain
name
I created certificate within JKS file inside a Java application (I have followed instructions from https://core.telegram.org/bots/self-signed)
My certificate is self-signed, and I use IP Address xxx.xxx.xxx.xxx as my CN
I exported it to Public Key certificate to use later in 'setWebhook' command parameter
I execute this command : curl -F "url=https://xxx.xxx.xxx.xxx" -F "certificate=#my-pem-file.pem" https://api.telegram.org/botXXX:XXX/setWebhook
I run my bot engine
I try to call the URL in browser, with address : https://xxx.xxx.xxx.xxx (GET method), and it works fine after browser 'add exception' to my self-signed certificate
'works fine' means browser can recognize the public certificate, and it can display correct response as I developed
I try to follow test script from https://core.telegram.org/bots/webhooks#testing-your-bot-with-updates, example is:
curl --tlsv1 -v -k -X POST -H "Content-Type: application/json" -H "Cache-Control: no-cache" -d '{"update_id":10000,"message":{ "date":1441645532,"chat":{"last_name":"Test Lastname","id":1111111,"first_name":"Test","username":"Test"},"message_id":1365,"from":{"last_name":"Test Lastname","id":1111111,"first_name":"Test","username":"Test"},"text":"/start"}}' "https://xxx.xxx.xxx.xxx"
It works fine.
I am sure that parameter 'url' and 'certificate' in API of 'setWebhook' works fine, because when I call API of 'getWebhookInfo' to Telegram, it replied:
{
"ok": true,
"result": {
"url": "https://xxx.xxx.xxx.xxx",
"has_custom_certificate": true,
"pending_update_count": 25,
"last_error_date": 1484557151,
"last_error_message": "Connection timed out",
"max_connections": 40
}
}
I try to send any message to my bot, but nothing shown in my internal application log, and when I call API of 'getWebhookInfo' it always show the same, it said "Connection timed out"
What should I do in my certificate?
I had the same problem at last week, webhooks worked and stopped (timeout error). It turned out because of the blocking of the telegram in Russia. My server was not in Russia, it was in Holland, but after the server was changed it all worked.
Related
So this is what I did,
I have a Keycloak server running on localhost:8080 and I have configured a public client called myclient inside a realm myrealm.
I have added a response_url address as http://localhost:3000/*
I invoke a code request using this URL
http://localhost:8080/auth/realms/myrealm/protocol/openid-connect/auth?client_id=myclient&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2F&response_type=code
I am challenged for a login and then after successful login I login get a callback something like this. which obviously gives me a Not found as I don't have anything running on 3000 Port.
http://localhost:3000/?session_state=6af80f75-19b0-4c65-8d8b-89ca1cf5fd0d&code=e2082b9d-4199-4f0e-a3de-d9216ab70ac5.6af80f75-19b0-4c65-8d8b-89ca1cf5fd0d.8fa6724d-ffd2-4bb4-9ed9-7302acb432e8
I pick the code from above and then make a curl call below
curl -X POST -H "Content-Type: application/x-www-form-urlencoded" -d "grant_type=authorization_code&code=e2082b9d-4199-4f0e-a3de-d9216ab70ac5.6af80f75-19b0-4c65-8d8b-89ca1cf5fd0d.8fa6724d-ffd2-4bb4-9ed9-7302acb432e8&redirect_uri=http://localhost:3000/&client_id=myclient" http://localhost:8080/auth/realms/myrealm/protocol/openid-connect/token
I get an error saying
{"error":"invalid_grant","error_description":"Code not valid"}
when I try the same thing with https://www.keycloak.org/app/ it works. What am I missing here?
I am building a Restful API client using .NET core framework. The APIs are OpenStack API, however, because of the network configuration, I cannot access the API from my local computer (also development computer), I have to ssh into a machine that can ssh into the OpenStack infrastructure when accessing OpenStack normally.
Bearing this in mind, is it possible to use SSH tunnel for the API endpoints and then call it in the implemented Web API client? I have tried to do this, but the call to the endpoint returns error 401 - content length is required.
Basically its possible to call the Openstack API endpoint through an SSH-tunnel without any public accessible API-endpoints. Bacause I have no experience with .NET core framework this answer is really generic without C# code. I hope it helps you anyway.
IMPORTANT: You can use the following steps only, when you have a admin-login to the openstack-deployment and you should ONLY!!! use this way, when the openstack-deployment is a test-deployment, where breaking the deployment doesn't affect other users.
1. SSH-tunnel
You can forward ports with the command:
ssh -L 127.0.0.1:<PORT>:<IP_REMOTE>:<PORT> <USER_JUMPHOST>#<IP_JUMPHOST> -fN
<PORT> = Port of the Openstack-Component you want to access remotely (for example 5000 for keystone)
<IP_REMOTE> = IP of the host, where your openstack deployment is running
<USER_JUMPHOST>#<IP_JUMPHOST> = ssh-access to the jumphost, which is between you and your openstack deployment
This has to be done for each openstack component. If you don't want this command in the backgroup remove the -fN at the end.
Here at first you have to forward Keystone with port 5000.
example: ssh -L 127.0.0.1:5000:192.168.62.1:5000 deployer#192.168.67.1 -fN
You can test the access via curl or webbrowser from your local pc:
curl http://127.0.0.1:5000
{"versions": {"values": [{"id": "v3.13", "status": "stable", "updated": "2019-07-19T00:00:00Z", "links": [{"rel": "self", "href": "http://127.0.0.1:5000/v3/"}], "media-types": [{"base": "application/json", "type": "application/vnd.openstack.identity-v3+json"}]}]}}
2. change openstack-endpoints
To be also able to login on the openstack deployment through the tunnel, you have to change the endpoints to listen to the localhost on the remote system too, where your openstack depoyment is:
Login normally on your openstack deployment as admin-user.
List all endpoints: openstack endpoint list
Change the public and internal-endpoint of keystone to localhost:
openstack endpoint set --url http://127.0.0.1:5000 <ID_OF_INTERNAL_KEYSTONE_ENDPOINT>
After changing the internal endpoint it will break the openstack-login on the remotesystem for now, but don't worry.
Now you can login to the openstack via openstack-client from your local pc. Here you have to authorize against local-host. If you use an rc-file to login, you have to change the auth-url to export OS_AUTH_URL=http://127.0.0.1:5000/v3
Change the nova endpoints by running on your local pc openstack endpoint set --url "http://127.0.0.1:8774/v2.1" <ID> for the internal and public endpoint of nova to run commands like openstack server list through your ssh-tunnel (of course you need also an ssh-tunnel for port 8774) to do this.
3. Authorize against the openstack-deployment
When you send HTTP-Requests without the openstack-client, you have to manually request an authentication token from the deployment:
Login normally on your openstack deployment
Make a Token-Request:
curl -v -s -X POST "$OS_AUTH_URL/auth/tokens?nocatalog" -H "Content-Type: application/json" -d '{ "auth": { "identity": { "methods": ["password"],"password": {"user": {"domain": {"name": "'"$OS_USER_DOMAIN_NAME"'"},"name": "'"$OS_USERNAME"'", "password": "'"$OS_PASSWORD"'"} } }, "scope": { "project": { "domain": { "name": "'"$OS_PROJECT_DOMAIN_NAME"'" }, "name": "'"$OS_PROJECT_NAME"'" } } }}' --stderr - | grep X-Subject-Token
This command can be used without changes. The Value after the Key X-Subject-Token is the token from Keystone. Copy this value and export the token as the environment variable OS_TOKEN. For example like the following line
export OS_TOKEN=gAAAAABZuj0GZ6g05tKJ0hvihAKXNJgzfoT4TSCgR7cgWaKvIvbD66StJK6cS3FqzR2DosmqofnR_N-HztJXUcVhwF04HQsY9CBqQC7pblGnNIDWCXxnJiCH_jc4W-uMPNA6FBK9TT27vE5q5AIa487GcLLkeJxdchXiDJvw6wHty680eJx3kL4
Make requests with the token.
For example GET-Requests with curl:
curl -s -X GET -H "X-Auth-Token: $OS_TOKEN" http://127.0.0.1:5000/v3/users | python -m json.tool
I am using curl command to invoke a rest service. It is as follows:
{curl -X POST --ssl-no-revoke --cacert xyz.pem -K urls.txt -H "Authorization:Basic XYZ" -H "Content-Type:application/json" -d #data.json}
The above command is used to hit the service using one way SSL and basic authorization. The data to be passed is enclosed in data.json file and the urls to be hit are enclosed in urls.txt file.
The above command works perfectly in Windows but when executed from linux, it says:
{curl: option --ssl-no-revoke: is unknown
curl: try 'curl --help' or 'curl --manual' for more information}
I want to disable certificate revocation checks altogether. It looks like {--ssl-no-revoke} works on Windows but not Unix/Linux.
Would like to know if any alternative.
ssl-no-revoke is Windows Only. The only alternative I'm aware of is to have a valid certificate or not use SSL.
https://curl.haxx.se/docs/manpage.html
Using a valid certificate is not always a solution as revocation checks will fail with a valid certificate too when there is no Internet connection (for example, in the presence of a captive portal).
One way is to disable certificate checking altogether, i.e.:
curl --insecure https://www.example.com
Note that this will greatly reduce the security as self signed certificates will also be accepted as well as revoked ones!
I have set up the parse-server and parse-dashboard in a dedicated instance on Alibaba Cloud with 2vCPU and 8GB of RAM with ApsaraDB for MongoDB as DB for Parse.
I successfully setup the dashboard and server. When I tried to access the server I get the following error,
"Unable to connect to server."
Parse Dashboard Error Screenshot
I am successfully able to make POST and GET Requests like below
curl -X POST \
-H "X-Parse-Application-Id: APPLICATION_ID" \
-H "Content-Type: application/json" \
-d '{"score":1337,"playerName":"Sean Plott","cheatMode":false}' \
http://localhost:1337/parse/classes/GameScore
//Response
{
"objectId": "2ntvSpRGIK",
"createdAt": "2016-03-11T23:51:48.050Z"
}
I am able to connect via putty and FTP.
Thanks
While your computer (by that I mean other applications) is reaching the server the Parse dashboard isn't.
Inside your dashboard config you can try changing
http://localhost:1337/parse
to
http://[ip-address]:1337/parse
Also go through this thread, you might be able to get some more insight on why it is not working:
https://github.com/parse-community/parse-dashboard/issues/785
I am trying to setup an SSH tunnel but I am new to this process. This is my setup:
Machine B has a web service with restricted access. Machine A has been granted access to Machine B's service, based on a firewall IP whitelist.
I can connect to Machine A using an ssh connection. After that I try to access the webservice on Machine B from my localhost, but I cannot.
The webservice endpoint looks like this:
service.test.organization.com:443/org/v1/sendData
So far, I have created an ssh tunnel like this:
ssh -L 1234:service.test.organization.com:443 myuser#machineb.com
My understanding was that using this approach, I could hit localhost:1234 and it would be forwarded to service.test.organization.com:443, through Machine B.
I have confirmed that from Machine B, I can execute a curl command to send a message to the webservice, and i get a response (so that is working). I have tried using PostMan in my browser, and curl in terminal from localhost, but I have been unsuccessful. (curl -X POST -d #test.xml localhost:1234/org/v1/sendData)
Error message: curl: (52) Empty reply from server
There's a lot of material on SSH and I am sifting through it, but if anyone has any pointers, I would really appreciate it!
Try to add Host HTTP header: curl -H "Host: service.test.organization.com" -X POST -d #test.xml http://localhost:1234/org/v1/sendData
The networking issue was caused by the request format. My request object was built with a destination of 'localhost:1234'. So even though it was reaching the proper machine, the machine ignored it.
To solve this I added a record in my host file, like this:
service.test.organization.com 127.0.0.1
Then I was able send the message. First I opened the tunnel,
ssh -L 443:service.test.organization.com:443 myuser#machineb.com,
Then using using this curl command: curl -X POST -d #test.xml service.test.organization.com:443/org/v1/sendData
The host file causes the address to resolve to localhost, then the ssh tunnel knows to forward it on.