I am new to emqtt. I am trying to use emq_auth_http but it is not working.
I have these 3 requests to console some data and send data back with status 200.
app.post('/mqtt/auth', function(req, res) {
console.log('This is body ', req.body);
res.status(200).send(req.body);
});
app.post('/mqtt/superuser', function(req, res) {
console.log('This is body in superuser ', req.body);
res.status(200).send(req.body);
});
app.get('/mqtt/acl', function(req, res) {
console.log('This is params in acl ', req.params);
res.status(200).send(req.body);
});
Requests are working fine on postman.
I have configured my emqtt on windows with docker. I have placed my config file in /etc/plugins/emq_auth_http.conf.
This is my config file
## Variables: %u = username, %c = clientid, %a = ipaddress, %P = password, %t = topic
auth.http.auth_req = http://127.0.0.1:3000/mqtt/auth
auth.http.auth_req.method = post
auth.http.auth_req.params = clientid=%c,username=%u,password=%P
auth.http.super_req = http://127.0.0.1:3000/mqtt/superuser
auth.http.super_req.method = post
auth.http.super_req.params = clientid=%c,username=%u
## 'access' parameter: sub = 1, pub = 2
auth.http.acl_req = http://127.0.0.1:3000/mqtt/acl
auth.http.acl_req.method = get
auth.http.acl_req.params =
access=%A,username=%u,clientid=%c,ipaddr=%a,topic=%t
Then I enabled emq_auth_http from dashboard
Now when I tried to connect my mqtt client to my server it is not calling the api. It logs
09:28:29.642 [error] Unexpected HTTP Request: POST /mqtt/auth
09:28:29.644 [error] Client(19645050-9d1b-4c50-acf9-
c1fe7e69eea8#172.17.0.1:60968): Username 'username' login failed for 404
Is there anything I missed? Why it is not working?
Thanks
127.0.0.1 in a container refers to the container itself and not the host machine. you should set the host machine ip,you can obtain the host machine ip from a container by issuing the command /sbin/ip route|awk '/default/ { print $3 }' which could be found here
ps: this way you can get the ip of docker machine and not the host ,if your service is served by windows you can reach the ip of host machine from the container which is 10.0.75.1. you can find it in
How to connect to docker host from container on Windows 10 (Docker for Windows)
Related
I'm currently trying to establish a connection between my local and docker container to test out transferring files from the local to the docker container. However, I keep getting either Connection Timeout and the server won't connect. Here's one of the functions that raise the error.
In setting up my docker container, I set up ssh and kept the ssh service running. And set up the password for it. Also, for some reason, replacing 0.0.0.0 with localhost causes more problems.
I also got UserAuthentication errors when I added authPassword or authPublicKey after the connect().
Can anyone help me debug this?
val credentials = Ftpcredentials.create("username","password")
val sftpSettings = SftpSettings(InetAddress.getByName("0.0.0.0"))
.withPort(22)
.withCredentials(credentials)
.withStrictHostKeyChecking(false)
val sshClient: SSHClient = new SSHClient(new DefaultConfig)
sshClient.addHostKeyVerifier(new PromiscuousVerifier)
val configuredClient: SftpApi = Sftp(sshClient)
def mkdir(basePath: String, directoryName: String) = {
val tempSink = (Placeholder Sink)
sshClient.connect("0.0.0.0",22)
Await.result(
configuredClient
.ls(basePath, sftpSettings)
.toMat(tempSink)(Keep.right)
.run()
.map(
exists =>
if (!exists) {
configuredClient
.mkdir(basePath, directoryName, sftpSettings)
.run()
}
), Duration(45.0, SECONDS)
)
}
I have a service A and B. I am running up keycloak service in the same container with service A.
So, configs for service A are the following:
[app]
PageSize = 10
JwtSecret = 233
PrefixUrl = http://127.0.0.1:8000
[sso]
Host = http://127.0.0.1:8080
AdminLogin = some_admin
AdminPassword = some_password
Realm = master
ClientID = my_client
ClientSecret = XXX
I set up a middleware that validates JWT (gotten by keycloak) in service A and it successfully works out.
I run service B in another container with this config:
[app]
PageSize = 10
JwtSecret = 233
PrefixUrl = http://127.0.0.1:8002
[sso]
Host = http://172.18.0.1:8080
AdminLogin = some_admin
AdminPassword = some_password
Realm = master
ClientID = my_client
ClientSecret = XXX
You have noticed that I couldn't use 127.0.0.1 in B's config because it cannot dial this address (because keycloak is running with A in the same container).
I use the same JWT in the request header for service B. After that it goes to keycloak and gets:
{
"code": "ERROR_AUTH_CHECK_TOKEN_FAIL",
"context": {
"code": 401,
"message": "401 Unauthorized: invalid_token: Token verification failed",
"type": "unknown"
}
}
Am I right that keycloak detects the proxing somehow and the error is thrown because of that?
Should I use separate clients for keycloak for both services? And if it is so, how do I verify JWT gotten from service A in the B service?
I solved my problem. Ticket that I got from A had the issuer host http://127.0.0.1:8080 and B sent a header with the host http://172.18.0.1:8080 that failed token validation. Briefly, these hosts must be the same
Setup
Trying to run chrome headless as a container (Image: https://hub.docker.com/r/alpeware/chrome-headless-trunk) in my docker-compose and connecting to it from another container.
Problem
To actually connect to chrome inside the container, I first need to retrieve the webSocketDebuggerUrl, which is available at http://0.0.0.0:9222/json/version of the chrome-headless.
The Problem is: my request to this path always fails with
RequestError: Error: connect ECONNREFUSED 0.0.0.0:9222
and cant get the webSocketDebuggerUrl to connect to chrome.
Some more Info
Also if I visit http://0.0.0.0:9222/json/version in my browser myself, copy the url and hardcode it into my puppeteer.connect(), it ONLY works as expected, if I replace the address of '0.0.0.0' to my (linked) container-name (specified in docker-compose): http://chrome:9222/json/version
If I try to request the webSocketDebuggerUrl from /json/version while using container-name address (http://chrome:9222/json/version) i get the error
StatusCodeError: 500 - "Host header is specified and is not an IP address or localhost."
My Code (abstraction)
const rp = require('request-promise')
const puppeteer = require('puppeteer-core')
let url = await rp({uri:'http://0.0.0.0:9222/json/version', json: true }).then(res => res.webSocketDebuggerUrl)
let browser = await puppeteer.connect({ browserWSEndpoint: url })
Well, since the errorMessage from the 500 said "host is specified", ist just set that header to empty, and now I can successfully request the webSocketDebuggerUrl.
The solution feels a bit hacky, so if anyone has a suggestion on how to improve it I'd be happy:
const puppeteer = require('puppeteer-core')
const rp = require('request-promise')
let websocket = await rp({uri:'http://chrome:9222/json/version', json: true, headers: {'Host': ''} })
.then(res => res.webSocketDebuggerUrl.replace('ws://','ws://chrome:9222'))
let browser = await puppeteer.connect({ browserWSEndpoint: websocket })
I am trying to transfert files using a python program running on a local Anaconda to a local Jupyter within a docker container using the Jupyter rest API.
I managed already to execute a requests.get() succesfully after muddling-through a bit on how to input the token.
Now I would like now to execute a requests.post() command to transfert the files.
Configuration:
local docker container running on docker toolbox for windows
docker version 17.04.0-ce, build 4845c56
tensorflow/tensorflow incl. Jupyter latest version install
jupyter_kernel_gateway==0.3.1
local Anaconda v. 4.3.14 running on a windows 10 machine
Code:
token = token_code_provided_by_jupyter_at_startup
api_url = "http://192.168.99.100:8888/api/contents"
# getting the file's data from disk and converting into a json file
cwd = os.getcwd()
file_location = cwd+r'\Resources\Test\test_post.py'
payload = open(file_location, 'r').read()
b64payload = base64.encodestring(payload)
body = json.dumps({
'content':b64payload,
'name': 'test_post.py',
'path': '/api/contents/',
'format': 'base64',
'type':'file'
})
# getting the xsrf cookie
client = requests.session()
client.get('http://192.168.99.100:8888/')
csrftoken = client.cookies['_xsrf']
headers ={'Content-type': 'application/json', 'X-CSRFToken':csrftoken, 'Referer':'http://192.168.99.100:8888/api/contents', 'token':token}
response = requests.post(api_url, data=body, headers=headers, verify=True)
Error returned
[W 12:22:36.710 NotebookApp] 403 POST /api/contents (192.168.99.1): XSRF cookie does not match POST argument
[W 12:22:36.713 NotebookApp] 403 POST /api/contents (192.168.99.1) 4.17ms referer=http://192.168.99.100:8888/api/contents
My solution is inspired by #SaintNazaire. In my Chrome browser, I opened the cookie folder and found the repeated _xsrf items in Cookies. I removed all of them and refreshed the Jupyter, and then everything went well.
Actually there is no need for xsrf cookie when using header token for authentification.
headers = {'Authorization': 'token ' + token}
Reference is made to the Jupyter notebook documentation.
http://jupyter-notebook.readthedocs.io/en/latest/security.html
I've just installed a MarkLogic nosql database out of the box on a windows machine.
I wrote a simple javaclient to put data in to the database but I get this error:
org.apache.http.conn.HttpHostConnectException: Connection to http://my.caci.local:8003 refused
at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:158)
The Marklogic database is started. This is the code :
DatabaseClient client = DatabaseClientFactory.newClient("localhost", 8003, "admin", "admin", Authentication.DIGEST);
XMLDocumentManager docMgr = client.newXMLDocumentManager(); BinaryDocumentManager binMgr = client.newBinaryDocumentManager();
DOMHandle handle = new DOMHandle(); for (int i = 0; i < AANT_PERSONEN; i++) {
Document document = createDocument(i);
String docId = "/zaak/" + 20;
handle.set(document);
docMgr.write(docId, handle); }
....
The Marklogic console reports the following ports to be active on my.caci.local:
Default :: Admin : 8001 [HTTP]
Default :: App-Services : 8000 [HTTP]
Default :: HealthCheck : 7997 [HTTP]
Default :: Manage : 8002 [HTTP]
I'm new to marklogic and this is my question:
- what port should I use to connect to from my java client?
In agreement with MystyxMac, I notice the console does not report a REST server on 8003.
Here's the documentation for setting up a REST server:
http://docs.marklogic.com/guide/rest-dev/intro#id_97899
You should also add users for the rest-reader, rest-writer, and rest-admin roles.
Hoping that helps,
Erik Hennum
For testing purposes you can simply switch the port you are using to 8000.
From the documentation:
When you install MarkLogic Server, a pre-configured REST API instance
is available on port 8000. This instance uses the Documents database
as the content database and the Modules database as the modules
database.
The instance on port 8000 is convenient for getting started, but you
will usually create a dedicated instance for production purposes.
http://docs.marklogic.com/guide/rest-dev/service#id_15309