I am trying to create simple python eve app with following code:
But i am getting the following error in postman:
Could not get any response
There was an error connecting to http://127.0.0.1:27017/people.
Why this might have happened:
The server couldn't send a response:
Ensure that the backend is working properly
Self-signed SSL certificates are being blocked:
Fix this by turning off 'SSL certificate verification' in Settings > General
Proxy configured incorrectlyenter code here
Ensure that proxy is configured correctly in Settings > Proxy
Request timeout:
Change request timeout in Settings > General
and in the mongodb server, got the error as :
2018-08-11T00:36:36.565+0530 I NETWORK [conn3] Error receiving request from client: SSLHandshakeFailed: SSLHandshakeFailed. Ending connection from 127.0.0.1:60241 (connection id: 3)
Is there i am missing anything?
Can you please help in resolving this issue?
Regards,
Narendra
Related
I am using webhooks to try and get a response from my texts using Twilio. However, I am getting a 403 forbidden error when I send a message to the server, and of course not getting a response as a result. My firewall is turned off on my Mac so I know it's not that blocking it.
Here are some more details from ngrok:
Content-type: application/x-www-form-urlencoded
I-Twilio-Idempotency-Token: f44545da-e917-46e6-b24b-e9bf6f727a49
X-Forwarded-For: 3.93.218.220
X-Twilio-Signature: F5mURKfEP6sM/DMGiOFcYPD7lKo=
Host: 843e-167-98-155-255.eu.ngrok.io
User-Agent: TwilioProxy/1.1
Acceptance encoding: gzip
X-forwarded protocol: https
Let me know if any other details are required- I couldn't get logs from ngrok.
I found a similar post, but I checked and my firewall is NOT turned on: How to fix 403 error what Twilio calls my webhook?
I don't want to use getUpdates method to retrieve updates from Telegram, but a webhook instead.
Error from getWebhookInfo is:
has_custom_certificate: false,
pending_update_count: 20,
last_error_date: 1591888018,
last_error_message: "SSL error {error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed}"
My code is:
from flask import Flask
from flask import request
from flask import Response
app = Flask(__name__)
#app.route('/', methods=['POST', 'GET'])
def bot():
if request.method == 'POST':
return Response('Ok', status=200)
else:
return f'--- GET request ----'
if __name__ == "__main__":
app.run(host='0.0.0.0', port='8443', debug=True, ssl_context=('./contract.crt', '.private.key'))
When I hit https://www.mydomain.ext:8443/ I can see GET requests coming but not POST ones when I write something on my telegram-bot chat
Also that's how I set a webhook for telegram as follow:
https://api.telegram.org/botNUMBER:TELEGRAM_KEY/setWebhook?url=https://www.mydomain.ext:8443
result:
{
ok: true,
result: true,
description: "Webhook was set"
}
Any suggestion or something wrong I've done?
https://core.telegram.org/bots/api#setwebhook
I'm wondering if the problem it's caused because I'm using 0.0.0.0, the reason it's that if I use 127.0.0.0 the url/www.mydomain.ext cannot be reached
Update
ca_certitificate = {'certificate': open('./folder/ca.ca-bundle', 'rb')}
r = requests.post(url, files=ca_certitificate)
print(r.text)
that print gives me:
{
"ok": false,
"error_code": 400,
"description": "Bad Request: bad webhook: Failed to set custom certificate file"
}
I deployed a Telegram chatbot without Flask a while ago.
I remember that the POST and GET requests required /getUpdates and /sendMessage added to the bot url. Maybe it will help.
Telegram bots only works with full chained certificates. And the error in your getWebHookInfo:
"last_error_message":"SSL error {337047686, error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed}"
Is Telegram saying that it needs the whole certificate chain (it's also called CA Bundle or full chained certificate). as answered on the question.
If you validate your certificate using the SSLlabs you will see that your domain have chain issues:
https://www.ssllabs.com/ssltest/analyze.html?d=www.vallotta-party-bot.com&hideResults=on
To solve this need you need to set the CA Certificate. In this way, you need to find the CA certificate file with your CA provider.
Also, the best option in production sites is to use gunicorn instead of Flask.
If you are using gunicorn, you can do this with command line arguments:
$ gunicorn --certfile cert.pem --keyfile key.pem --ca_certs cert.ca-bundle -b 0.0.0.0:443 hello:app
Or create a gunicorn.py with the following content:
import multiprocessing
bind = "0.0.0.0:443"
workers = multiprocessing.cpu_count() * 2 + 1
timeout = 120
certfile = "cert/certfile.crt"
keyfile = "cert/service-key.pem"
ca_certs = "cert/cert.ca-bundle"
loglevel = 'info'
and run as follows:
gunicorn --config=gunicorn.py hello:app
If you use Nginx as a reverse proxy, then you can configure the certificate with Nginx, and then Nginx can "terminate" the encrypted connection, meaning that it will accept encrypted connections from the outside, but then use regular unencrypted connections to talk to your Flask backend. This is a very useful setup, as it frees your application from having to deal with certificates and encryption. The configuration items for Nginx are as follows:
server {
listen 443 ssl;
server_name example.com;
ssl_certificate /path/to/cert.pem;
ssl_certificate_key /path/to/key.pem;
# ...
}
Another important item you need to consider is how are clients that connect through regular HTTP going to be handled. The best solution, in my opinion, is to respond to unencrypted requests with a redirect to the same URL but on HTTPS. For a Flask application, you can achieve that using the Flask-SSLify extension. With Nginx, you can include another server block in your configuration:
server {
listen 80;
server_name example.com;
location / {
return 301 https://$host$request_uri;
}
}
A good tutorial of how setup your application with https can be found here: Running Your Flask Application Over HTTPS
I had similar case. I was developing bot on localhost (yet without SSL) and tunneled it to web through ngrok. In beginning all was OK, but once I found no POST-requests are coming. It turned out time of tunneling expired. I laughed and restarted tunneling. But requests weren't coming. It turned out, I forgot to change address of webhook (it switches every ngrok session). Don't repeat my errors.
I'm using pycURL to make a few requests to a https site through a http proxy.
Here's my code:
import pycurl
buf = cStringIO.StringIO()
c = pycurl.Curl()
c.setopt(c.URL, url) # 'url' is the base url of the form https://www.target.com
c.setopt(c.PROXY, proxy) # 'proxy' has the form 1.2.3.4:8080
c.setopt(c.WRITEFUNCTION, buf.write)
c.perform()
I've tried this code with different proxies. I get either Proxy CONNECT aborted or Received HTTP code 400 from proxy after CONNECT.
Is there something I'm missing? Should I be using https proxies instead? I've looked around and can't seem to find any help or documentation on pycURL's usage.
Any help appreciated. Thanks!
I have a problem similar to yours, and my error log is:
fatal: unable to access 'https://github.com/nhn/raphael.git/': Received HTTP code 400 from proxy after CONNECT
so i use these commond to resolve my problem,
first view your git profile
git config --global --edit
then to delete
config [remote "origin"]
proxy = https://github.com/facette/facette.git
I've been struggling with my company proxy to make an https request.
import requests
from requests.auth import HTTPProxyAuth
proxy_string = 'http://user:password#url_proxt:port_proxy'
s = requests.Session()
s.proxies = {"http": proxy_string , "https": proxy_string}
s.auth = HTTPProxyAuth(user,password)
r = s.get('http://www.google.com') # OK
print(r.text)
r = s.get('https://www.google.com',proxies={"http": proxy_string , "https": proxy_string}) #OK
print(r.text)
r = s.get('https://www.google.com') # KO
print(r.text)
When KO, I have the following exception :
HTTPSConnectionPool(host='www.google.com', port=443): Max retries exceeded with url: / (Caused by ProxyError('Cannot connect to proxy.', OSError('Tunnel connection failed: 407 Proxy Authentication Required',)))
I looked online but didn't find someone having this specific issue with HTTPS.
Thank you for your time
Thanks to the amazing help of Lukasa, I solved my issue.
Please see discussion on fix here
or set :
session.trust_env=False
I personally solved the above problem on my system by updating the environment variables http_proxy,https_proxy,socks_proxy,ftp_proxy.
First enter the command on your terminal : printenv
This should show you the environment variables on your system.
In my case intially:
http_proxy=http://proxyserver:port/
I changed it to : http_proxy=http://username:password#proxy:port/
using the command
export http_proxy="http://username:password#proxy:port/"
Similarly for https_proxy,socks_proxy,ftp_proxy
Other way i have resolved is - speak with your corporate IT administrator and find a direct proxy port which connects to external domain (with / without password)
pip install --proxy=http://proxyhost:proxy_port pixiedust
Found from other colleagues using the proxy (proxy_port direct connection) in their eclipse settings (network)
To anyone else that tried the accepted answer's "session.trust_env=False" with no success, there may be a deeper issue that produces a similar error (which is probably not the issue the OP had): There may be a corporate proxy configuration that requires specific headers to be sent upon CONNECT, and python requests doesn't send them ('User-Agent' and 'Host', for example).
I do not have a solution for that at the moment. See https://github.com/psf/requests/issues/5028 for a discussion on the subject.
I am using pagekite.net for tunneling localhost to run my Django app
Now my tunnel url is something like "myapp.pagekite.me".
Now, when I simply run it in browser, its working. But its not working when I simply perform a GET request in python code.
import requests
requests.get("http://myapp.pagekite.me")
>>>401
Assuming that the 401 in your sample refers to an HTTP Response Code:
401 is Unauthorized
If you sent credentials they are either incorrect, or of insufficient privilege.
If you didn't send credentials, you are required to authenticate. Have a look for the WWW-Authenticate header in the response.