search

bricaud / graphexp

Interactive visualization of the Gremlin graph database with D3.js
Apache License 2.0
784 stars 216 forks source link

Certificate error when connecting to Neptune via local SSH tunnel #97

Closed mrichman closed 1 year ago

mrichman commented 3 years ago

I have an SSH tunnel, forwarding local port 8182 to my EC2 instance. I can connect to Neptune via curl if I ignore the SSL cert validation:

curl -Gk https://localhost:8182/status
{"status":"healthy","startTime":"Fri Nov 13 22:02:05 UTC 2020","dbEngineVersion":"1.0.4.0.R1","role":"writer","gremlin":{"version":"tinkerpop-3.4.8"},"sparql":{"version":"sparql-1.1"},"labMode":{"ObjectIndex":"disabled","DFEQueryEngine":"disabled","ReadWriteConflictDetection":"enabled"}}

I set up graphConf.js with the following:

const host = "localhost";
const SINGLE_COMMANDS_AND_NO_VARS = true;

In the Graphexp interface, I have websocket secure selected, but when I click Get graph info I get a cert error:

WebSocket connection to 'wss://localhost:8182/gremlin' failed: Error in connection establishment: net::ERR_CERT_AUTHORITY_INVALID
run_websocket_request @ graphioGremlin.js:318
send_to_server @ graphioGremlin.js:233
get_graph_info @ graphioGremlin.js:72
get_graph_info @ graphexp.html:35
onclick @ graphexp.html:115
graphioGremlin.js:323

How can I make it ignore the cert validation?

mrichman commented 3 years ago

In case anyone else hits this: set chrome://flags/#allow-insecure-localhost and you're good.

tslater commented 3 years ago

@mrichman, I'm struggling to get my tunnel to respond to curl (let alone graphexp). Seems like an SSL cert issue. Have you seen this?

*   Trying ::1:8182...
* connect to ::1 port 8182 failed: Connection refused
*   Trying 127.0.0.1:8182...
* Connected to localhost (127.0.0.1) port 8182 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* OpenSSL SSL_connect: Connection reset by peer in connection to localhost:8182 
* Closing connection 0
curl: (35) OpenSSL SSL_connect: Connection reset by peer in connection to localhost:8182
mrichman commented 3 years ago

@tslater I haven't seen this specifically, but have you tried the curl -k (or --insecure) option to ignore cert errors? This is mostly for self-signed certs, but maybe it will help. Also, are you sure the EC2 instance you're tunneling through can connect to Neptune directly?

What's your ssh tunnel command, and curl command?

bricaud commented 1 year ago

added a remark on the readme for that. Thanks