Rails cache redis with TLS - Server closed the connection (EOFError) - ruby-on-rails

I am using Digital Ocean managed Redis 7 database but I cannot connect.
The url is:
ENV.fetch("REDIS_CACHE_URL")
rediss://default:password#redis-cache-do-user-id.b.db.ondigitalocean.com:25061/0"
config
config.cache_store = :redis_cache_store, {
driver: :hiredis,
url: ENV.fetch("REDIS_CACHE_URL") { "redis://localhost:6379/1" },
:ssl => true,
ssl_params: { verify_mode: OpenSSL::SSL::VERIFY_NONE },
}
Caching return false
Rails.cache.write('test', 1) => false
Rails.cache.stats
/Users/name/.rvm/gems/ruby-3.1.2/gems/redis-4.7.1/lib/redis/client.rb:306:in `rescue in io': Connection lost (ECONNRESET) (Redis::ConnectionError)
/Users/name/.rvm/gems/ruby-3.1.2/gems/hiredis-0.6.3/lib/hiredis/ext/connection.rb:21:in `rescue in read': Connection reset by peer (Errno::ECONNRESET)
/Users/name/.rvm/gems/ruby-3.1.2/gems/hiredis-0.6.3/lib/hiredis/ext/connection.rb:19:in `read': Server closed the connection (EOFError)
Redis cache exists?
> redis = Redis.new(url: ENV.fetch("REDIS_CACHE_URL"))
=> #<Redis client v4.7.1 for rediss://redis-cache-do-user-id-0.b.db....
> redis.exists?("some_key")
/Users/name/.rvm/gems/ruby-3.1.2/gems/redis-4.7.1/lib/redis/client.rb:306:in `rescue in io': Connection lost (ECONNRESET) (Redis::ConnectionError)
/Users/name/.rvm/gems/ruby-3.1.2/gems/hiredis-0.6.3/lib/hiredis/ext/connection.rb:21:in `rescue in read': Connection reset by peer (Errno::ECONNRESET)
/Users/name/.rvm/gems/ruby-3.1.2/gems/hiredis-0.6.3/lib/hiredis/ext/connection.rb:19:in `read': Server closed the connection (EOFError)
I can correctly connect to redis-cli from the same machine (localhost)
redis-cli --tls -h redis-cache-do-user-id-0.b.db.ondigitalocean.com -a XXXXXXXXXX -p 25061
Warning: Using a password with '-a' or '-u' option on the command line interface may not be safe.
redis-cache-do-user-id-0.b.db.ondigitalocean.com:25061> KEYS *
1) "test"
redis-cache-do-user-id-0.b.db.ondigitalocean.com:25061>
Using other vendor (like RedisLabs) it works. So maybe the issue is something related to connecting from Rails using TLS.

I think the REDIS_CACHE_URL is not correct.
You should confirm the URL is correct
$redis = Redis.new(url: ENV.fetch("REDIS_CACHE_URL"))
$redis.exists?("some_key")

Related

AWS elasticsearch service throws Faraday::ConnectionFailed: Failed to open TCP connection to https:80 (getaddrinfo: Name or service not known)

I am currently trying to configure AWS’ elasticsearch service in my Rails v 5.1.4 application. I am using elasticsearch-rails 6.0.0. The issue I am currently getting I believe is with how my elasticsearch client is being set up in my initializer. One restriction I have is I can’t use the faraday_middleware-aws-signers-v4 gem to help communication between my AWS elastisearch instance and my app. I am attempting to do this with just aws-sdk-rails 1.0.1. Since this server is in the same security group as the elasticsearch instance I am assuming I don't need to pass in credentials.
Here is the my error:
Faraday::ConnectionFailed: Failed to open TCP connection to https:80 (getaddrinfo: Name or service not known)
from /usr/local/lib/ruby/2.4.0/net/http.rb:906:in `rescue in block in connect'`
Here is my initializers/elasticsearch.rb:
config = {
hosts: {host: 'https://search-epl-elasticsearch-xxxxxxxxxxxxxxxxxx.us-east-2.es.amazonaws.com', port: '80'},
transport_options: {
request: { timeout: 5 }
}
}
Elasticsearch::Model.client = Elasticsearch::Client.new(config)
I realise it's months later, but it appears you're configuring elasticsearch with an https url and telling it to use port 80 instead of 443. Try this instead:
config = {
url: 'https://search-epl-elasticsearch-xxxxxxxxxxxxxxxxxx.us-east-2.es.amazonaws.com',
transport_options: {
request: { timeout: 5 }
}
}
Elasticsearch::Model.client = Elasticsearch::Client.new(config)

ERROR -- ddtrace: [ddtrace] Failed to open TCP connection to localhost:8126 (Connection refused - connect(2) for "localhost" port 8126)

I am currently working on a ruby on rails project that I have not deployed. While working in a development environment, every time I run rails console or the server I get the full error message:
ERROR -- ddtrace: [ddtrace] (/Users/stevenaguilar/.rbenv/versions/2.3.1/lib/ruby/gems/2.3.0/gems/ddtrace-0.8.0/lib/ddtrace/transport.rb:73:in `rescue in post') Failed to open TCP connection to localhost:8126 (Connection refused - connect(2) for "localhost" port 8126)
I thought I get around this issue by changing the configuration to work only in production.
config/initializers/datadog-tracer.rb
Rails.configuration.datadog_trace = {
auto_instrument: true,
auto_instrument_redis: true,
default_service: 'my-rails-app'
}
Change the configuration of the file config/initializers/datadog-tracer.rb
this would make it so that ddtrace only works in production.
Rails.configuration.datadog_trace =
{
# may depend by your conditional env
enabled: false,
# these may be 'true' to keep parity with your production
auto_instrument: true,
auto_instrument_redis: true
}

Redis keeps calling out to localhost:6379 even though deployed to Heroku

I have a Rails app deployed to Heroku and I cant for the life of me figure out why it keeps wanting to deploy to the local. I do not even have localhost:6379 anywhere in my code for the front end (react native) or the back end which is my Rails API.
This is the error I get any time I have a new broadcast:
Completed 500 Internal Server Error in 111ms (ActiveRecord: 47.1ms)
Redis::CannotConnectError (Error connecting to Redis on localhost:6379 (Errno::ECONNREFUSED)):
Application.yaml:
`gmail_username: "<email_address>"
gmail_password: "<password>"
AWS_ACCESS_KEY: "<access_key>"
AWS_SECRET_KEY: "<secret_key>"
AWS_BUCKET: "<my_s3_app_bucket>"
REDIS_URL: "<redis_url>"`
Cable.yaml
production:
adapter: redis
url: <long_url_address>
host: <host_from_url>
port: <port_from_url>
password: <password_from_url>
Production.rb:
config.action_cable.allowed_request_origins = ["https://lynx-v1.herokuapp.com/"]
config.action_cable.url = "wss://lynx-v1.herokuapp.com/cable"
config.web_socket_server_url = "wss://lynx-v1.herokuapp.com/cable"
(i set both action cable and web socket just to test which worked, no matter which i go with i still get the error)
/config/initializers/redis.rb
require "redis"
uri = URI.parse(ENV["REDIS_URL"])
$redis = Redis.new(
:url => ENV["REDIS_URL"],
)
I dont know what is going on. Is it some kind of default that makes Redis look for local host 6379? I follow the steps step by step and I keep getting this error.
It started working again. There was an add-on gem in the rails app that was not fully configured. After finishing the setup for the side gem it started working again.

Ruby SSL handshake not receiving Server Hello back - using proxy Net::HTTP

I am connecting to an external API using Ruby SSL two way authentication.
My latest script is here:
namespace :rnif_message do
# With Proxy
task send_test_index: :environment do
our_cert = File.read(File.join(Rails.root, 'ssl', 'invoice', 'test', 'cert20190116_ourcert.der'))
their_test_cert = File.read(File.join(Rails.root, 'ssl', 'invoice', 'test', 'testcert2016_theircert.der'))
cert_store = OpenSSL::X509::Store.new
# Contains their intermediate CA files
cert_store.add_path File.join(Rails.root, 'ssl', 'invoice', 'test', 'ca')
cert_store.add_cert OpenSSL::X509::Certificate.new(their_test_cert)
uri = URI("https://xml.digital.com/wm.rn/receive")
proxy_host = "us-static-02.qg.com"
proxy_port = "port"
proxy_user = "user"
proxy_pass = "pass"
proxy_request = Net::HTTP.new(uri.hostname, '443', proxy_host, proxy_port, proxy_user, proxy_pass)
proxy_request.verify_mode = OpenSSL::SSL::VERIFY_PEER
proxy_request.use_ssl = true
proxy_request.ssl_version = :TLSv1_2
proxy_request.ciphers = ["AES256-SHA:AES128-SHA:DES-CBC3-SHA"]
proxy_request.cert = OpenSSL::X509::Certificate.new(our_cert)
proxy_request.cert_store = cert_store
post_request = Net::HTTP::Post.new(uri)
response = proxy_request.request(post_request)
end
Response back (since I updated the ciphers) is now
OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=unknown state
Instead of the older from my two previous questions
OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A
# /Users/me/projects/proj/lib/tasks/rnif_message_builder.rake:217:in `block (2 levels) in <top (required)>'
Here is my latest wireshark
In the initial configuration of my certificate and IP on THEIR server configuration, I may have given them the wrong IP address, so I may be getting blocked by their firewall. Is there ways using openssl s_client I can test this?
So far i've been trying
openssl s_client -showcerts -connect xml.digitaloilfield.com:https
But I am not very familiar with using openssl s_client
Any help on troubleshooting this would be greatly appreciated!
Update
Thanks you very much for your help so far. I am experimenting with those commands you sent me and trying to see what info I can get from them to help me with this. Currently, after they changed my IP address and allowed me through the firewall, I am getting this
EOFError: end of file reached /Users/me/projects/xtiri/xtiri.com/lib/tasks/rnif_message_builder.rake:219:in `block (2 levels) in <top (required)>'
This will usually connect to nearly all servers. It uses TLS 1.2 and SNI. That should establish the TCP connection and start the TLS handshake. The handshake may fail later, but that's a different problem.
$ openssl s_client -connect xml.digitaloilfield.com:443 -tls1_2 \
-servername xml.digitaloilfield.com -debug
<hang>
connect: Connection timed out
connect:errno=110
However, while s_client is hanging, jump over to another terminal and issue:
$ sudo netstat -a | grep openssl
$
Netstat does not show you the SYN_SEND state, so use tcptrack:
$ sudo tcptrack -i eth0
# <next, use s_client>
172.16.2.4:43302 208.38.22.37:443 SYN_SENT 15s 0 B/s
You are in TCP's wait timer. The other side did not perform the three-way handshake with you. In fact, they did not acknowledge your SYN. There could be a few reasons for it, but ...
Given the target, it looks like you encountered a firewall. Rather than Reject'ing connections, it is Drop'ing connections. Its sometimes called "Stealth Mode"; it makes it appear there's no server running on the machine. That's consistent with OpenSSL's connect: Connection timed out message.
The problem could be with the proxy. You really want to run the tests from there, but you probably won't be able to. It could be you are using the ciphers, protocols and ports as specified by the remote site; but the proxy is doing its own thing. Also see Jarmock's SSL Interception Proxies and Transitive Trust.
Here are a couple of references:
How can I monitor network connections for an app
Is it better to set -j REJECT or -j DROP in iptables?
TCP 3-way handshake on the Wireshark Wiki

SocketError at /sidekiq/ getaddrinfo: nodename nor servname provided, or not known

I'm a novice Rails dev building an app connected to redis + sidekiq. I must have some configuration error, but I'm not sure what exactly it is. Below, I'll write about what exactly confuses me here:
Upon running rails s, I get the following error:
2016-07-09 08:55:46 - SocketError - getaddrinfo: nodename nor servname provided, or not known:
/Users/rohitrekhi/.rbenv/versions/2.3.1/lib/ruby/gems/2.3.0/gems/redis-3.3.0/lib/redis/connection/ruby.rb:177:in `getaddrinfo'
/Users/rohitrekhi/.rbenv/versions/2.3.1/lib/ruby/gems/2.3.0/gems/redis-3.3.0/lib/redis/connection/ruby.rb:177:in `connect'
/Users/rohitrekhi/.rbenv/versions/2.3.1/lib/ruby/gems/2.3.0/gems/redis-3.3.0/lib/redis/connection/ruby.rb:260:in `connect'
/Users/rohitrekhi/.rbenv/versions/2.3.1/lib/ruby/gems/2.3.0/gems/redis-3.3.0/lib/redis/client.rb:336:in `establish_connection'
So I figured it must be a redis connection error. When I ping redis to see if connection goes through, it shows the following:
$ redis-cli ping
=> PONG
So if the redis connection goes through, maybe it's a Sidekiq issue?
I implemented the Sidekiq web interface via Sinatra, and got the following error when I tried to view it:
SocketError at /sidekiq/
getaddrinfo: nodename nor servname provided, or not known
So now I'm guessing the error is actually via Sidekiq, but I'm not sure where I dropped the ball via configurations on the host/server/sockets. Any ideas what exactly is causing this and if it's an error with Sidekiq or redis?
This is my initializer file for sidekiq in config/initializers/sidekiq.rb:
Sidekiq.configure_server do |config|
config.redis = { url: 'redis://redis.example.com:6379/12', network_timeout: 5 }
end
Sidekiq.configure_client do |config|
config.redis = { url: 'redis://redis.example.com:6379/12', network_timeout: 5 }
end
And this is my config/initializer/redis.rb:
$redis = Redis.new(:host => 'localhost', :port => 6379)
I've also opened three terminal windows turning on the redis server, sidekiq, and my rails server.
Thanks in advance!
This makes no sense:
redis://redis.example.com:6379/12
You do not have a Redis server at that URL; fix the URL.

Resources