We got a old package write in python2, and working on upgrade it to python3. It's a web app and we are using the WSGIServer.
from gevent import pywsgi
from geventwebsocket.handler import WebSocketHandler
server = pywsgi.WSGIServer(('', port), apphandler, handler_class=WebSocketHandler)
def apphandler(request, start_response):
log.info("ATTENTION: request is {}".format(request))
# do something
However, when I try to use the web app with https://website, it would show this error:
This site can’t provide a secure connection
website.com sent an invalid response.
ERR_SSL_PROTOCOL_ERROR
And in my server log, I would see things like:
Invalid HTTP method: '\x16\x03\x01\x02\x00\x01\x00\x01ü\x03\x03Èæ\x01\x92É\x16ÁW»P½\x1aBÐa\x83ÆÊa]ãíDp¥¥¥\x12Ç\x82|\x1f E5\x03aAv\x99¢Nª\x93ÅÏ:Ð\x9d÷3£\x80çÍïÌÑÿC\rÏUÄ\x8b\x00 ªª\x13\x01\x13\x02\x13\x03À+À/À,À0̨̩À\x13À\x14\x00\x9c\x00\x9d\x00/\x005\x01\x00\x01\x93ZZ\x00\x00\x00\x00\x005\x003\x00\x000website.com\x00\x17\x00\x00ÿ\x01\x00\x01\x00\x00\n'
When I actually use the website as http://website.com, it would work. And when in python2, the server would respond correctly to https.
I'm guessing it might be encoding issue, but it won't even reach where I put log in apphandler function. Does anyone know how am I possible to fix this? Do I need to change server or python3 encoding setup?
Looks like you are starting up a plain TCP web server sitting on port 443 and then hitting it from a web browser using an https: url.
If you check out the documentation:
https://www.gevent.org/api/gevent.pywsgi.html#gevent.pywsgi.WSGIServer
You need to supply ssl_args in order to get the socket to run under SSL instead of TCP. Just supplying a port number of 443 is not sufficient.
You can find a few examples of how to set ssl_args here:
https://www.programcreek.com/python/example/78007/gevent.pywsgi.WSGIServer
Related
I have a working node.js express based server (and client) application here that shows RPC over http+websockets. This works perfectly when run locally (using devcontainers) and includes the Dockerfile as well as devcontainer.json. However, when run from a codespace, it fails with the following client-side error messages.
client.js:9 Mixed Content:
The page at 'https://aniongithub-jsonrpc-bidirectional-example-<redacted>-8080.preview.app.github.dev/'
was loaded over HTTPS, but attempted to connect to the insecure WebSocket endpoint
'ws://aniongithub-jsonrpc-bidirectional-example-<redacted>-8080.preview.app.github.dev/api'.
This request has been blocked; this endpoint must be available over WSS.
(anonymous) # client.js:9
client.js:9 Uncaught DOMException: Failed to construct 'WebSocket':
An insecure WebSocket connection may not be initiated from a page loaded over HTTPS
at 'https://aniongithub-jsonrpc-bidirectional-example-<redacted>-8080.preview.app.github.dev/client.js:9:10'
The documentation here states that By default, GitHub Codespaces forwards ports using HTTP but you can update any port to use HTTPS, as needed. When I check the settings indicated:
it's set to http. What am I missing here? How can I get it to serve my express application over http?
Note: My intention is that when locally cloned and opened in a devcontainer, the code works just as it would if opened in a CodeSpace. This means I need to ensure that the certs generated by CodeSpaces are somehow factored into my local devcontainer process or that I forego authentication altogether. Alternatively, I need to find out if I'm running on CodeSpaces and do different things, which seems messy and shouldn't be the case. Hope this makes my intentions for asking this question clearer!
It turns out that I just couldn't use http for the RPC endpoint when running over https, so the solution was to use location.protocol and ws/wss depending on the current protocol to initialize the client RPC endpoint.
I am using Nginx as my https server to serve my http content from my node server.
I am also hosting my server on google cloud.
I have been keep getting a 504 Gateway Timeout Error; So I wonder if it is because I didnt set my upstream server (node server) 8080 port open. Then it works. Not so sure if it is the correct way to do it
But then I kept looking other docs or tutorial online. I never see people configure in such way to connect to node server. They mainly only left the port 80 opened. So I wondered if my config in server block causing the 504 gateway problem
----------second update
this is my setting, and the default_server is written by default
but i always see doc have included a variable - server_name ; Actually I dont quite understand this varibale. May I know should I consider it or not for later use, although it works now
Aside, I got an
Server Error from my app.
FetchError: request to https://34.96.213.54:443/search/guest2 failed, reason: self-signed certificate
Why is that it works on chrome,although I get that api directly and postman successfully.
third updated------
About self-signed certificate: You need to buy one or using a free service like https://letsencrypt.org .Beside that your questions are so basic so you have to research more on nginx docs (http://nginx.org/en/docs/http/server_names.html)
I am new to servers and networking so pardon my ignorance.
I have a Heroku application running a NodeJS server. I am using console.log() to output the port its using to the console. But when i use the port to try to perform a GET request from my browser it keep loading forever. My request is something this:
https://example.herokuapp.com:28222/getHighest
When i remove the port number, it works perfectly:
https://example.herokuapp.com/getHighest
I am ultimately trying to perform GET and POST request from a C application. The HTTP library i am using seemingly requires a port for a connection. I am using this library: GitHub. It works perfectly when i run it locally with localhost:8080/getHighest but not when i use my heroku app.
As suggested by #tadman using the default https port 443 solved the issue.
On my machine, im hosting a node server that is listening on port 5000. Before setting up a forward proxy (squid), i was able to perform a GET on https://localhost:<port>. However, after setting up a forward proxy and setting the environmental variable http_proxy=<ip addr:port>, this GET request no longer works.
The error that shows up is: tunnelling socket could not be established, statusCode=503
Some additional information:
The proxy server works as I am able to connect to the internet via it.
Performing curl instead, on the https:localhost:5000/api works.
Am using request.js for the requests, using agentOptions to specify TLS protocols & ca cert.
I am hoping to understand how the traffic is now different after i add in a proxy. From my understanding, now we have to go through a sort of TLS CONNECT / tunnelling since to the proxy first, since its a HTTPS request, before coming back to my localhost. But in the case without the proxy, how is it that its working?
Any help would be greatly appreciated. Thanks!
you must add
export no_proxy='localhost,127.0.0.1'
the https work because you don't use proxy for https , you must set https_proxy='<tour_proxy>'
I have a website behind cloudflare. I need to enable websockets over SSL without turning off cloudflare support. I have a PRO plan and hence won't get the new websocket support. I am using Nginx to proxy a SSL connection to a web socket running on a node server. Now, I read somewhere that cloudflare could work with approved ports would support websockets. Hence, I'm using 8443 for the Nginx port and another port for the node server. Using wscat it returns a 200 error.
$ wscat -c wss://xyz.com:8443
error: Error: unexpected server response (200)
I know that the websocket is expecting a 101 code. However, if I visit https://xyz.com:8443, I can see the page displayed by the node server telling me proxy is working. Also, once I turn off cloudflare support, the websocket starts working. Any clues to get this working. I know I can create a subdomain but I'd prefer running the websocket behind cloudflare.
If you're trying to access this through CloudFlare's network you'd need to explicitly have web sockets enabled on your domain before they will work -- regardless of the port. As in, even if the port can pass through our network, that won't automatically mean that web sockets will be enabled or accessible on your domain.
You can try contacting our support team to request an exception to see if they can enable it for your domain, but typically this is still only available at the business and enterprise levels.
Disclaimer: I work at CloudFlare.