I forked this simple server-client akka project:
https://github.com/roclas/akka-irc
which is an IRC-like chat and I'm trying to encode messages.
In my master branch, if I start a server (sbt run and then select option 2) and then a client (sbt run and then select option 1),
if I write something in the client, the message is correctly sent to the server.
If I start wireshark and listen to the messages that meet these conditions:
tcp.port==1099 and tcp.len>200
I can read the messages in plain text.
How could I encode them using SSL?
You can see what I am trying to do by modifying the src/main/resources/application.conf file in the develop branch
What would I have to modify?
How should my src/main/resources/application.conf file look like?
Thank you
You should enable SSL at yout custom .conf file with:
akka {
actor {
provider = "akka.remote.RemoteActorRefProvider"
}
remote {
enabled-transports = ["akka.remote.netty.ssl"]
netty.ssl{
enable-ssl = true
security {
key-store = "path-to-your-keystore"
key-store-password = "your-keystore's-password"
key-password = "your-key's-password"
trust-store = "path-to-your-truststore"
trust-store-password = "your-trust-store's-password"
protocol = "TLSv1"
random-number-generator = "AES128CounterSecureRNG"
enabled-algorithms = ["TLS_RSA_WITH_AES_128_CBC_SHA"]
}
}
}
}
And don't forget to change your actor path's prefix to:
akka.ssl.tcp://YourActorSystemName#ip:port:/...
In addition to what J.Santos said, I had forgotten to create these two files:
trust-store = "path-to-your-truststore"
trust-store-password = "your-trust-store's-password"
that I changed by:
key-store = "src/main/resources/keystore"
trust-store = "src/main/resources/truststore"
in my ./src/main/resources/common.conf
as J.Santos reminded me after looking at my project.
Thank you very much!!
Related
Is it possible to generate an S3 presigned URL in a Lambda function and return that URL to a client, so the client can use it to do an unauthenticated HTTP PUT?
I'm finding that S3 is unexpectedly closing my HTTPS connection when I try to PUT to the URL I get from the lambda function, and I don't know if it's because the server and client are different entities.
Can I do what I want to do? Is there a secret step I'm missing here?
EDIT: per Anon Coward's request, the server-side code is:
presigned_upload_parts = []
for part in range(num_parts):
resp = s3.generate_presigned_url(
ClientMethod = 'upload_part',
Params = {
'Bucket': os.environ['USER_UPLOADS_BUCKET'],
'Key': asset_id,
'UploadId': s3_upload_id,
'PartNumber': part
}
)
presigned_upload_parts.append({"part": part, "url": resp})
return custom_http_response_wrapper(presigned_upload_parts)
The client-side code is:
for idx, part in enumerate(urls):
startByte = idx * bytes_per_part
endByte = min(filesize, ((idx + 1) * bytes_per_part))
f.seek(startByte, 0)
bytesBuf = f.read(endByte - startByte)
print(f"Buffer is type {type(bytesBuf)} with length {len(bytesBuf):,}")
print(f"Part {str(idx)}: bytes {startByte:,} to {endByte:,} as {part['url']}")
#resp = requests.post(part['url'], data = bytesBuf, headers = self.get_standard_headers())
resp = requests.put(
url = part['url'],
data = bytesBuf
)
The error I'm getting is:
ConnectionResetError: [WinError 10054] An existing connection was forcibly closed by the remote host
The presigned URL looks like:
https://my-bucket-name.s3.amazonaws.com/my/item/key?uploadId=yT2W....iuiggs-&partNumber=0&AWSAccessKeyId=ASIAR...MY&Signature=i6duc...Mmpc%3D&x-amz-security-token=IQoJ...%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F...SWHC&Expires=1657135314
There was a bug in my code somewhere. I ran the code under WSL as a test, and in the Linux environment got a more friendly error that helped me find and fix a minor bug, and now it's running as expected in the Windows environment. Whether that's because of the bugfix or some other environmental change I'll never know.
I'm trying to learn grpc using kotlin and make a simple grpc service with following proto definition :
syntax = "proto3";
option java_multiple_files = true;
option java_package = "br.bortoti";
option java_outer_classname = "StockProto";
option objc_class_prefix = "HLW";
package br.bortoti;
import "google/api/annotations.proto";
service StockService {
rpc GetStock (GetStockRequest) returns (Stock) {
option(google.api.http) = {
get: "V1/stocks/{stock}"
body: "*"
};
}
}
message Stock {
string ticker = 1;
}
message GetStockRequest {
string ticker = 1;
}
message GetStockReply {
string ticker = 1;
}
so, i'm basically mapping a service to a get request.
but when i try to call this url from curl like :
curl http://localhost:8088/V1/stocks/1
i get the error :
curl: (1) Received HTTP/0.9 when not allowed
and from the server side i have :
INFO: Transport failed
io.netty.handler.codec.http2.Http2Exception: Unexpected HTTP/1.x request: GET /V1/stocks/1
how can i make the server accept http 1.1 calls? is it even possible?
Maybe this is two question.
The gRPC use HTTP2 and need lots of headers so it is diffcult request by curl. Maybe you need grpcurl
And the path V1/stocks/{stock} need use grpc-gateway toghter, you can reference grpc-gateway for more detail.
Since you are learn how to use gRPC, maybe you can reference this project: helloworlde/grpc-java-sample, feel free to translate chinese.
I am trying to create a function that can call REST with the http socket lua.
And I tried to set the timeout this way. But, when I run this function, the timeout is not running. How should I set the timeout?
local http = require "socket.http"
local socket = require "socket"
local respbody = {}
http.request {
method = req_method,
url = req_url,
source = ltn12.source.string(req_body),
headers =
{
["Content-Type"] = req_content_type,
["content-length"] = string.len(req_body),
["Host"] = host,
},
sink = ltn12.sink.table(respbody),
create = function()
local req_sock = socket.tcp()
req_sock:settimeout(3, 't')
return req_sock
end,
}
You may want to check lua-http. I use it to call REST and works like a charm. I am not an expert but, as far as I can tell, it is a good LUA http implementation.
You can set a two seconds timeout as simple as:
local http_client = require "http.client"
local myconnection = http_client.connect {
host = "myrestserver.domain.com";
timeout = 2;
}
Full documentation in here.
if I implement the example with my requirements, will it be like this? cmiiw
local http_client = require "http.client"
local req_body = "key1=value1&key2=value2"
local myconnection = http_client.connect {
method = "POST";
url = "myrestserver.domain.com/api/example";
host = "myrestserver.domain.com";
source = req_body
headers = {
["Content-Type"] = "application/x-www-form-urlencoded",
["content-length"] = string.len(req_body),
},
timeout = 2;
}
LuaSocket implicitly set http.TIMEOUT to the socket object.
Also you have to remember that socket timeout is not the same as request timeout.
Socket timeout means timeout for each operation independently. For simple case you can wait connection up to timeout seconds and then each read operation can take up to timeout seconds. And because of HTTP client read response line by line you get timeout seconds for each header plus for each body chunk. Also, there may be redirecions where each redirection is a separate HTTP request/response. If you use TLS there also will be hendshake after connection which also took several send/receive operation.
I did not use lua-http module and do not know how timeout implemented there.
But I prefer use modules like cURL if I really need to restrict request timeout.
I have created custom telegram notification very similar to email notifications. The problem is that it works for hosts and most of the services but not for all of them.
I do not post the *.sh files in scripts folder as it works!
In constants.conf I have added the bot token:
const TelegramBotToken = "MyTelegramToken"
I wanted to manage telegram channels or chat ids in users file, so I have users/user-my-username.conf as below:
object User "my-username" {
import "generic-user"
display_name = "My Username"
groups = ["faxadmins"]
email = "my-username#domain.com"
vars.telegram_chat_id = "#my_channel"
}
In templates/templates.conf I have added the below code:
template Host "generic-host-domain" {
import "generic-host"
vars.notification.mail.groups = ["domainadmins"]
vars.notification["telegram"] = {
users = [ "my-username" ]
}
}
template Service "generic-service-fax" {
import "generic-service"
vars.notification["telegram"] = {
users = [ "my-username" ]
}
}
And in notifications I have:
template Notification "telegram-host-notification" {
command = "telegram-host-notification"
period = "24x7"
}
template Notification "telegram-service-notification" {
command = "telegram-service-notification"
period = "24x7"
}
apply Notification "telegram-notification" to Host {
import "telegram-host-notification"
user_groups = host.vars.notification.telegram.groups
users = host.vars.notification.telegram.users
assign where host.vars.notification.telegram
}
apply Notification "telegram-notification" to Service {
import "telegram-service-notification"
user_groups = host.vars.notification.telegram.groups
users = host.vars.notification.telegram.users
assign where host.vars.notification.telegram
}
This is all I have. As I have said before it works for some services and does not work for other services. I do not have any configuration in service or host files for telegram notification.
To test I use Icinga web2. Going to a specific service in a host and send custom notification. When I send a custom notification I check the log file to see if there is any error and it says completed:
[2017-01-01 11:48:38 +0000] information/Notification: Sending reminder 'Problem' notification 'host-***!serviceName!telegram-notification for user 'my-username'
[2017-01-01 11:48:38 +0000] information/Notification: Completed sending 'Problem' notification 'host-***!serviceName!telegram-notification' for checkable 'host-***!serviceName' and user 'my-username'.
I should note that email is sent as expected. There is just a problem in telegram notifications for 2 services out of 12.
Any idea what would be the culprit? What is the problem here? Does return of scripts (commands) affect this behaviour?
There is no Telegram config in any service whatsoever.
Some telegram commands may fail due to markdown parser.
I've encountered this problem:
If service name has one underscore ('_'), then parser will complain about not closed markdown tag and message will not be sent
When I run a query against the iTunes Search API over SSL, most of the URL's returned are provided via HTTPS:
https://itunes.apple.com/search?term=rihanna
However, the artworkUrl results are served over HTTP and updating them manually throws an error since the SSL certificate doesn't match on the domain they're using.
Is there a way to grab these images over HTTPS instead of HTTP?
You have to replace the sub domain:
http://is<n> with https://is<n>-ssl
Example:
http://is5.mzstatic.com/image/thumb/Music117/v4/dd/48/4a/dd484afb-2313-0a1a-ccf1-ff28a02ae2ca/source/100x100bb.jpg
to
https://is5-ssl.mzstatic.com/image/thumb/Music117/v4/dd/48/4a/dd484afb-2313-0a1a-ccf1-ff28a02ae2ca/source/100x100bb.jpg
iTunes does not support the album art or song previews over HTTPS (yet).
The change over of the tools and links to HTTPS was recent (only four months ago):
http://www.apple.com/itunes/affiliates/resources/blog/secure-links-to-itunes---content-and-tools.html
New to SO and Swift - stumbled over this problem until finding this Q, and the answers above. The following worked for me:
func withHTTPS() -> URL? {
var components = URLComponents(url: self, resolvingAgainstBaseURL: true)
components?.scheme = "https"
let host = (components?.host)!
components?.host = host.replacingOccurrences(of: ".", with: "-ssl.", options: .caseInsensitive, range: host.range(of: "."))
return components?.url
}
called using:
guard let url = item.artworkURL.withHTTPS() else { return }