There doesn't seem to be much out there right now on how to properly add WSS support to an Autobahn/Twisted setup. I'm starting with the Crossbar serial2ws example, which shows a WS-based connection between frontend and backend.
I'd like to know how to adapt the serial2ws example for an SSL connection.
I changed:
# serial2ws.py
router = args.router or 'ws://localhost:8080'
to
router = args.router or 'wss://localhost:8080'
And on the website JS:
connection = new autobahn.Connection({
url: (document.location.protocol === "http:" ? "ws:" : "wss:") + "//" + ip + ":" + port,
realm: 'realm1',
...
})
But, when I try to connect, it fails with:
WebSocket connection to 'wss://192.168.0.12:8080/' failed: Error in connection establishment: net::ERR_CONNECTION_CLOSED
The Python server logs:
2016-06-30 16:52:57-0400 [-] Log opened.
2016-06-30 16:52:57-0400 [-] Using Twisted reactor <class
'twisted.internet.epollreactor.EPollReactor'>
2016-06-30 16:52:59-0400 [-] WampWebSocketServerFactory starting on 8080
2016-06-30 16:52:59-0400 [-] Starting factory <autobahn.twisted.websocket.WampWebSocketServerFactory instance at 0x76669dc8>
2016-06-30 16:53:00-0400 [-] Starting factory <autobahn.twisted.websocket.WampWebSocketClientFactory instance at 0x766112b0>
2016-06-30 16:53:05-0400 [WampWebSocketClientProtocol (TLSMemoryBIOProtocol),client] Stopping factory <autobahn.twisted.websocket.WampWebSocketClientFactory instance at 0x766112b0>
To be clear, when the "wss" instances above are reverted to the original "ws", everything works.
Also tried:
Adding to serial2ws.py:
contextFactory = ssl.DefaultOpenSSLContextFactory('/root/keys/server.key', '/root/keys/server.crt')
# Change
reactor.listenTCP(args.web, Site(File(".")))
# to
reactor.listenSSL(args.web, Site(File(".")), contextFactory)
Related
I have simple web server in python running for example on 127.0.0.1:8080.
I can serve http-requests and web sockets.
This is example of server routes.
...
web.route('*', '/ws', ws_handler),
web.route('*', '/api/some_url', http_handler)
...
And I have frontend part of my application in Vue 2 JS.
I set up vue.config.js file for proxying dev server.
const host = "127.0.0.1"
const port = 8080
devServer: {
proxy: {
"/api": {
target:`http://${host}:${port}/`,
secure:false
},
"/ws": {
target:`ws://${host}:${port}/`,
ws:true,
secure:false,
changeOrigin:true
}
}
}
When I make http requests, for example
let res = await axios.get('/api/some_url');
everything works fine, but if I want to set up websocket connection
soc = new WebSocket('/ws');
I got error
Failed to construct 'WebSocket': The URL '/ws' is invalid.
For websockets my settings does not work.
Connection sets up and everything works fine if full address is provided.
soc = new WebSocket('ws://127.0.0.1:8080/ws');
I have read many articles and had no success for resolve my issue - how can I do proxying websocket connection for Vue JS dev server.
You should instantiate your WebSocket as ws = new WebSocket('ws://' + window.location.host + '/ws');
I have the following code:
Capybara.register_driver :selenium_headless do |app|
...
proxy = Selenium::WebDriver::Proxy.new(
http: proxy_address,
ssl: proxy_address
)
desired_caps = Selenium::WebDriver::Remote::Capabilities.firefox(
proxy: proxy
)
Capybara::Selenium::Driver.new(app, {
browser: :firefox,
desired_capabilities: desired_caps,
...
})
end
driver = Capybara::Session.new(:selenium_headless)
driver.visit('https://api.ipify.org')
The code works without errors locally, as well as on Heroku if you remove all the proxy business (and forgo browser_options).
This code errors on Heroku with:
Selenium::WebDriver::Error::UnknownError (Reached error page: about:neterror?e=proxyConnectFailure&u=https%3A//api.ipify.org/&c=UTF-8&f=regular&d=Firefox%20is%20configured%20to%20use%20a%20proxy%20server%20that%20is%20refusing%20connections.)
That URL locally looks like this:
When I turn on Selenium debug logs Selenium::WebDriver.logger.level = :debug, I get:
>>> http://127.0.0.1:4444/session/84439a4e-a26d-41f3-ae30-f61f508ca569/url | {"url":"https://api.ipify.org"}
{"value":{"error":"unknown error","message":"Reached error page: about:neterror?e=proxyConnectFailure&u=https%3A//api.ipify.org/&c=UTF-8&f=regular&d=Firefox%20is%20configured%20to%20use%20a%20proxy%20server%20that%20is%20refusing%20connections.","stacktrace":"WebDriverError#chrome://marionette/content/error.js:179:5\nUnknownError#chrome://marionette/content/error.js:484:5\nhandleReadyState#chrome://marionette/content/listener.js:273:21\nhandleEvent#chrome://marionette/content/listener.js:242:14\n"}
My proxy options are logged roughly like "proxy":{"httpProxy":"207.000.00.00:0000","proxyType":"manual","sslProxy":"207.000.00.00:0000"}
Thanks in advance for the help!
Update: The proxy service I'm using works outside with Capybara. I test with OpenURI.
I want to use couchDB(V. 2.3.1) with SSL enabled, so I added [ssl] part to /opt/couchdb/etc/local.d/docker.ini file as shown below:
[ssl]
port = 6984
enable = true
cert_file = /etc/hyperledger/fabric/tls/server.crt
key_file = /etc/hyperledger/fabric/tls/server.key
cacert_file = /etc/hyperledger/fabric/tls/ca.crt
[daemons]
httpsd = {couch_httpd, start_link, [https]}
[admins]
Admin = ...
[couchdb]
uuid = ...
but i can't access the webUI with https! having this error:
This site can’t provide a secure connection
"IP" uses an unsupported protocol.
ERR_SSL_VERSION_OR_CIPHER_MISMATCH
Unsupported protocol
The client and server don't support a common SSL protocol version or cipher suite.
this is the logs:
[error] 2020-05-17T06:52:18.046389Z nonode#nohost <0.19077.3> -------- SSL: hello: tls_handshake.erl:127:Fatal error: handshake failure - malformed_handshake_data
[error] 2020-05-17T06:52:18.046426Z nonode#nohost <0.18899.3> -------- application: mochiweb, "Accept failed error", "{error,{tls_alert,\"handshake failure\"}}"
[error] 2020-05-17T06:52:18.046508Z nonode#nohost <0.18899.3> -------- CRASH REPORT Process (<0.18899.3>) with 0 neighbors exited with reason: {error,accept_failed} at mochiweb_acceptor:init/4(line:75) <= proc_lib:init_p_do_apply/3(line:247); initial_call: {mochiweb_acceptor,init,['Argument__1','Argument__2',...]}, ancestors: [https,couch_secondary_services,couch_sup,<0.202.0>], messages: [], links: [<0.253.0>], dictionary: [], trap_exit: false, status: running, heap_size: 1598, stack_size: 27, reductions: 954
can somebody please help me?
I found the solution and wrote a post about it:
https://medium.com/#pouyashojaei85/enabling-ssl-for-docker-couchdb-container-127388eca1a8
Whenever I try and test using the node driver, I find at the point of notarisation, my flows will hang.
After examining the node logs, it shows that the notary's message broker was unreachable:
[INFO ] 09:33:26,653 [nioEventLoopGroup-3-3] (AMQPClient.kt:91)
netty.AMQPClient.run - Retry connect {}
[INFO ] 09:33:26,657 [nioEventLoopGroup-3-4] (AMQPClient.kt:76)
netty.AMQPClient.operationComplete - Connected to localhost:10001 {}
[INFO ] 09:33:26,658 [nioEventLoopGroup-3-4]
(AMQPChannelHandler.kt:49) O=Notary Service, L=Zurich,
C=CH.channelActive - New client connection db926eb8 from
localhost/127.0.0.1:10001 to /127.0.0.1:63781 {}
[INFO ] 09:33:26,658
[nioEventLoopGroup-3-4] (AMQPClient.kt:86)
netty.AMQPClient.operationComplete - Disconnected from localhost:10001
{}
[ERROR] 09:33:26,658 [nioEventLoopGroup-3-4]
(AMQPChannelHandler.kt:98) O=Notary Service, L=Zurich,
C=CH.userEventTriggered - Handshake failure
SslHandshakeCompletionEvent(java.nio.channels.ClosedChannelException)
{}
[INFO ] 09:33:26,659 [nioEventLoopGroup-3-4]
(AMQPChannelHandler.kt:74) O=Notary Service, L=Zurich,
C=CH.channelInactive - Closed client connection db926eb8 from
localhost/127.0.0.1:10001 to /127.0.0.1:63781 {}
[INFO ] 09:33:26,659
[nioEventLoopGroup-3-4] (AMQPBridgeManager.kt:115)
peers.DLF1ZmHt1DXc9HbxzDNm6VHduUABBbNsp7Mh4DhoBs6ifd ->
localhost:10001:O=Notary Service, L=Zurich, C=CH.onSocketConnected -
Bridge Disconnected {}
While the notary logs display the following:
[INFO ] 13:24:21,735 [main] (ActiveMQServerImpl.java:540)
core.server.internalStart - AMQ221001: Apache ActiveMQ Artemis Message
Broker version 2.2.0 [localhost,
nodeID=7b3df3b8-98aa-11e8-83bd-ead493c8221e] {}
[DEBUG] 13:24:21,735 [main] (ArtemisRpcBroker.kt:51)
rpc.ArtemisRpcBroker.start - Artemis RPC broker is started. {}
[INFO ] 13:24:21,737 [main] (ArtemisMessagingClient.kt:28)
internal.ArtemisMessagingClient.start - Connecting to message broker:
localhost:10001 {}
[ERROR] 13:24:22,298 [main] (NettyConnector.java:713)
core.client.createConnection - AMQ214016: Failed to create netty
connection {} java.nio.channels.ClosedChannelException: null
at io.netty.handler.ssl.SslHandler.channelInactive(...)(Unknown Source) ~[netty-all-4.1.9.Final.jar:4.1.9.Final]
[DEBUG] 13:24:22,362 [main] (PersistentIdentityService.kt:137)
identity.PersistentIdentityService.verifyAndRegisterIdentity -
Registering identity O=Notary Service, L=Zurich, C=CH {}
[WARN ] 13:24:22,363 [main] (AppendOnlyPersistentMap.kt:79)
utilities.AppendOnlyPersistentMapBase.set - Double insert in
net.corda.node.utilities.AppendOnlyPersistentMap for entity class
class
net.corda.node.services.identity.PersistentIdentityService$PersistentIdentity
key 69ACAA32A0C7934D9454CB53EEA6CA6CCD8E4090B30C560A5A36EA10F3DC13E8,
not inserting the second time {}
[ERROR] 13:24:22,368 [main] (NodeStartup.kt:125) internal.Node.run -
Exception during node startup {}
org.apache.activemq.artemis.api.core.ActiveMQNotConnectedException:
AMQ119007: Cannot connect to server(s). Tried with all available
servers.
at org.apache.activemq.artemis.core.client.impl.ServerLocatorImpl.createSessionFactory(ServerLocatorImpl.java:787)
~[artemis-core-client-2.2.0.jar:2.2.0]
at net.corda.nodeapi.internal.ArtemisMessagingClient.start(ArtemisMessagingClient.kt:39)
~[corda-node-api-3.2-corda.jar:?]
at net.corda.nodeapi.internal.bridging.AMQPBridgeManager.start(AMQPBridgeManager.kt:195)
~[corda-node-api-3.2-corda.jar:?]
at net.corda.nodeapi.internal.bridging.BridgeControlListener.start(BridgeControlListener.kt:35)
~[corda-node-api-3.2-corda.jar:?]
at net.corda.node.internal.Node.startMessagingService(Node.kt:301) ~[corda-node-3.2-corda.jar:?]
How do I fix this?
IntelliJ Ultimate ships with the Yourkit profiler, which by default starts when IntelliJ starts and listens on port 100001 - the default port for the Notary in Driver.
You can locate the config for this using here and alter it to use a different port as per this
Your new config line will look something like this:
-agentlib:yjpagent=delay=10000,probe_disable=*,port=30000
I am working on a fun project which requires me to learn message queues and websockets. I am trying to connect browsers via websockets to an instance of rabbitmq using sockjs rather than pure websockets. On rabbit I have activated the plugins for stomp and web_stomp (web_stomp is required when using sockjs).
The problem I am running into is that while the call from the browser seems to be working properly because a very brief connection to Rabbit is made through the webstomp/stomp connection but after 2 or 3 seconds the connection is dropped by Rabbit.
This is confirmed by the rabbitmq logs:
=INFO REPORT==== 11-Jul-2016::23:01:54 ===
accepting STOMP connection (192.168.1.10:49746 -> 192.168.1.100:55674)
=INFO REPORT==== 11-Jul-2016::23:02:02 ===
closing STOMP connection (192.168.1.10:49746 -> 192.168.1.100:55674)
This is the browser code that connects to RabbitMQ via the webstomp plugin:
var url = "http://192.168.1.100:55674/stomp";
var ws = new SockJS(url);
var client = Stomp.over(ws);
var header = {
login: 'test',
passcode: 'test'
};
client.connect(header,
function(){
console.log('Hooray! Connected');
},
function(error){
console.log('Error connecting to WS via stomp:' + JSON.stringify(error));
}
);
Here is the Rabbit config:
[
{rabbitmq_stomp, [{default_user, [{login, "test"},
{passcode, "test"}
]
},
{tcp_listeners, [{"192.168.1.100", 55674}]},
{heartbeat, 0}
]
}
]
I have been over the Rabbit docs a million times but this feels like something simple that I am overlooking.
Resolved. After combing through the logs I realized that web_stomp was listening on port 15674 so I changed the config file to reflect that. I swear I had made that change at some point but it did not seem to make a difference.
One of the late changes I made before sending out my request was to turn off heartbeat. Everything I have read states that sockjs does not support heartbeat and that there were suggestions to turn it off rather than use the default. In addition to turning off heartbeat in the config file I also added this to the browser code:
client.heartbeat.outgoing=0;
client.heartbeat.incoming=0;