I have set up my Rails app on Heroku and used the information in the post: Heroku + Cloudflare completely free SSL to get SSL working for free, but my websockets connection does not work. I get the error WebSocket connection to 'wss://www.myapp.com/websocket' failed: Error during WebSocket handshake: Unexpected response code: 200. I understand that this is due to Cloudflare not supporting websockets in their free plans and they suggest setting up a subdomain that does not pass through Cloudflare. The problem of course is that the subdomain cannot then use the 'free' SSL setup.
Is there anyway I can get this to work, or do I have to shell out for either SSL support on Heroku or Websocket support on Cloudflare?
I know this is an old thread.
But now cloudflare supports websocket for free plan as well. It just restricts the ports which can be used.
I recently encountered this situation and could implement the websockets through cloudflare.
Can refer my approach here
May help someone.
Related
I am trying to learn Neo4j by using the trial Enterprise version, however the browser is not able to connect. The service is running but when I try to log in via browser http://localhost:7474/browser/ the error is:
N/A: WebSocket connection failure. Due to security constraints in your
web browser, the reason for the failure is not available to this Neo4j
Driver. Please use your browsers development console to determine the
root cause of the failure. Common reasons include the database being
unavailable, using the wrong connection URL or temporary network
problems. If you have enabled encryption, ensure your browser is
configured to trust the certificate Neo4j is configured to use.
WebSocket readyState is: 3
In the console the error is:
WebSocket is already in CLOSING or CLOSED state.
I am using Chrome and the neo4j.conf is:
# Bolt connector
dbms.connector.bolt.enabled=true
#dbms.connector.bolt.tls_level=OPTIONAL
dbms.connector.bolt.listen_address=:7687
# HTTP Connector. There must be exactly one HTTP connector.
dbms.connector.http.enabled=true
#dbms.connector.http.listen_address=:7474
# HTTPS Connector. There can be zero or one HTTPS connectors.
dbms.connector.https.enabled=true
#dbms.connector.https.listen_address=:7473
I understand from this issue the 3.2 version only allows bolt and I tried playing with the conf but so far no luck. Is there a way to get the local connection going with bolt?
Thank you in advance, Paola
I am trying to use Stripe with my Ruby app and keep getting this error:
Error! Could not verify Stripe's SSL certificate. Please make sure that your network is not intercepting certificates. (Try going to https://api.stripe.com/v1 in your browser.) If this problem persists, let us know at support#stripe.com. (Network error: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed).
Why am I getting this? Any help would be greatly appreciated.
Thanks!
Stripe's Ruby bindings verify the HTTPS certificate on Stripe's servers (api.stripe.com) to ensure you're really communicating with Stripe and not with a malicious third-party (a.k.a. a "man-in-the-middle attack").
There are a number of reasons that can cause this error. First, you should make sure you're using the latest versions of the following:
the stripe-ruby gem
the rest-client gem
Ruby
OpenSSL
If you're working in a corporate environment, it's possible your firewall replaces HTTPS certificates in order to be able to decrypt HTTPS traffic. (This is essentially the same thing as a man-in-the-middle attack.)
If you're still having this issue, you can disable the SSL verification by including this line:
Stripe.verify_ssl_certs = false
However, I would strongly advise against doing this. It might be okay in a development environment, but you should never do this in a production environment.
EDIT: We're currently investigating this issue -- it seems it might have been introduced in a recent version of the stripe-ruby gem. For now, it seems downgrading to version 1.34.0 will fix the "Could not verify Stripe's SSL certificate" issue.
Open terminal.
Run command $curl -v https://api.stripe.com
For intermittent issue like I had you may have to run this command 10 to 20 times back to back. Then stop and start again until you see the error.
The IP address it attempts to connect to should match an IP address of the domain you are trying to access. For stripe you can check valid ip addresses here https://stripe.com/docs/ips
If the IP address does not match or if the IP address is the same as your network then you could be experiencing man in the middle attack.
In my case I was experiencing this issue with aws and stripe because they use curl to connect. Returning error 60 no alternative certificate subject name matches target host name.
A workaround is to edit /etc/hosts file.
Hard code an IP address of the endpoint
XXX.XXX.X.X api.stripe.com
This will stop the issue, but should be revisited because your application will fail in the future if the IP address for the endpoint is changed or removed.
I have an application (an installation of Discourse) that I'm trying to deploy. However, the email server that it is pointed at has a self-signed ssl cert for SMTP.
Is there a workaround for this? Or do I need to find a way to send mail using a "valid" SSL cert?
Few things actually care that deeply about a proper cert for SMTP. Mostly user agents.
If the cert is a problem you won't get timeouts, you'll get validation errors. I suspect what's happening is that you're trying to connect over the SMTPS port which isn't listening or exposed by the firewall.
Try using SMTP+STARTTLS. That negotiates TLS over port 25 or 587 instead of trying to connect directly to 465.
I am trying to get client ip in Rails 3.
Application is installed in cloud hosting, with SSL, and nginx server.
I wrote some code to get client ip.
request.remote_ip
request.env['HTTP_X_FORWARDED_FOR']
But it returns wrong address, like '10.159.21.86'
Is there any issue related Nginx server, or SSL installation?
def remote_ip
#remote_ip ||= (#env["action_dispatch.remote_ip"] || ip).to_s
end
request.remote_ip gets the ip address of the client outside of local proxies but If your request is coming from your development machine and the development machine is where your server is, probably you will get 127.0.0.1 or wrong ip But if the request is coming from another machine, this will be the IP the remote machine. However, under various conditions this may not be the real IP of the machine (machine behind proxy, using tor or other tool to hide it e.t.c.). so you can also try:-
request.env['REMOTE_ADDR']
You should visit this post written by rails contributor describing Repeated headers and Ruby web servers
I believe the issue you have is the same described in the following Engine Yard support request: HAProxy, SSL Requests & Request IP Addresses.
Apparently there is a workaround, but you are supposed to contact them directly to know what it is.
The docs team is working on formal documentation, for the short term, please open a ticket and a support engineer can help out.
If you're using SSL with HAProxy (the default configuration for multi-instance environments) then it will not be able to pull the remote IP due to the hand-off from HAProxy to Nginx. We have a solution that uses stunnel to get around this but since all SSL decryption is done on the App Master instance, if you have more than about five instances then performance will suffer.
The other option is to use Elastic Load Balancer instead of HAProxy. The documentation for that is at https://support.cloud.engineyard.com/entries/21715452-Use-Elastic-Load-Balancing-with-Engine-Yard-Cloud.
Evan
I have been trying to configure my rails project to use SSL (as application wide) with thin (by adding thin gem and placing config.force_ssl = true to application.rb) but as a result, I have an annoying problem.
When I start my rails server using rails s and try to access http://localhost:3000 it redirects to https://localhost:3000 which is correct, however it will complain about missing SSL certification..
SSL connection error
Unable to make a secure connection to the server. This may be a
problem with the server, or it may be requiring a client
authentication certificate that you don't have.
On the other hand, If I start my application using thin start --ssl and try to access http://localhost:3000 it doesn't redirect to https://localhost:3000 and complains about this:
No data received
Unable to load the webpage because the server sent no data.
but by accessing https://localhost:3000 it just shows certificate warning but it all works after agreeing to continue.
So my question is, How can I make http to https redirection work when using SSL with thin in (development mode)?
Perfect answer would contain possibility to start server normally by using rails s while SSL would be enabled application wide and accessing http redirects to https and all works! :)
Thanks in advance, have been searching for hours but cant find an answer.
You should install your own openssl signed certificate.
You can find more information on this page
Your PC as (localhost) can self sign SSL certificate and your browser can accept it, but i think that browser will not automatically accept certificate with security on that layer. Maybe to try to add your localhost certificate to the browser ?
Verify config/environments/development.rb has the following line
config.force_ssl = true
Refer the post thin with ssl support and ruby debug and the responses(from nathan and shree) that has more information on this subject:
Use ngrok (https://ngrok.com/). It's free. Installation is easy.
Just start up your server, then in another terminal window run
ngrok http 3000
ngrok will give you an address that loops back to your dev machine - something like http://randomstringhere.ngrok.io
Put that in your browser and you'll see it redirect to https://randomstringhere.ngrok.io, still routing to your server on port 3000
Here is the simplest solution.
https://makandracards.com/makandra/15903-using-thin-for-development-with-ssl