search

farmOS / farmOS.py

A Python library for interacting with farmOS over API.
GNU General Public License v3.0
27 stars 12 forks source link

Can't connect to local farmOS Docker #34

Closed and712 closed 4 years ago

and712 commented 4 years ago

Hi :) today i tried to setup the farmOS.py project and connect to my local farmOS docker, but then i run into the following error: 

requests.exceptions.SSLError: HTTPSConnectionPool(host='farmos.local', port=443): Max retries exceeded with url: /user/login (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1108)')))

Because of the 433 error i tried to use the reverse proxy config and installed the certs on my machine, but the error didnt change.

Also i don't really know were to search for the error. I tried to google it, but i have no clue what python component is used for the connection..

Probably the fix is really, like putting the certs in the right directory?

Full error log: 


PS D:\farmos\farmOS.py> python .\test.py
Traceback (most recent call last):
  File "C:\Users\xxxx\Python\Python38\lib\site-packages\urllib3\connectionpool.py", line 670, in urlopen       
    httplib_response = self._make_request(
  File "C:\Users\xxxx\Python\Python38\lib\site-packages\urllib3\connectionpool.py", line 381, in _make_request 
    self._validate_conn(conn)
  File "C:\Users\xxxx\Python\Python38\lib\site-packages\urllib3\connectionpool.py", line 976, in _validate_conn
    conn.connect()
  File "C:\Users\xxxx\Python\Python38\lib\site-packages\urllib3\connection.py", line 361, in connect
    self.sock = ssl_wrap_socket(
  File "C:\Users\xxxx\Python\Python38\lib\site-packages\urllib3\util\ssl_.py", line 377, in ssl_wrap_socket
    return context.wrap_socket(sock, server_hostname=server_hostname)
  File "C:\Users\xxxx\Python\Python38\lib\ssl.py", line 500, in wrap_socket
    return self.sslsocket_class._create(
  File "C:\Users\xxxx\Python\Python38\lib\ssl.py", line 1040, in _create
    self.do_handshake()
  File "C:\Users\xxxx\Python\Python38\lib\ssl.py", line 1309, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1108)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "C:\Users\xxxx\Python\Python38\lib\site-packages\requests\adapters.py", line 439, in send
    resp = conn.urlopen(
  File "C:\Users\xxxx\Python\Python38\lib\site-packages\urllib3\connectionpool.py", line 724, in urlopen
    retries = retries.increment(
  File "C:\Users\xxxx\Python\Python38\lib\site-packages\urllib3\util\retry.py", line 439, in increment
    raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='farmos.local', port=443): Max retries exceeded with url: /user/login (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1108)')))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File ".\test.py", line 7, in <module>
    farm_client = farmOS(
  File "D:\farmos\farmOS.py\farmOS\__init__.py", line 277, in __init__
    status = self.session.authenticate()
  File "D:\farmos\farmOS.py\farmOS\session.py", line 228, in authenticate
    response = self.http_request('user/login', 'POST', options, force=True)
  File "D:\farmos\farmOS.py\farmOS\session.py", line 267, in http_request
    return _http_request(self, path, method, options, params, headers)
  File "D:\farmos\farmOS.py\farmOS\session.py", line 324, in _http_request
    response = session.request(method,
  File "C:\Users\xxxx\Python\Python38\lib\site-packages\requests\sessions.py", line 530, in request
    resp = self.send(prep, **send_kwargs)
  File "C:\Users\xxxx\Python\Python38\lib\site-packages\requests\sessions.py", line 643, in send
    r = adapter.send(request, **kwargs)
  File "C:\Users\xxxx\Python\Python38\lib\site-packages\requests\adapters.py", line 514, in send
    raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='farmos.local', port=443): Max retries exceeded with url: /user/login (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1108)')))
paul121 commented 4 years ago

Hey @and712 what was the hostname you supplied to farmOS.py? Looks like it was farmos.local ?

If so, try http://farmos.local. You could also try http://localhost - this should be the same that you use to visit in the browser. You can also try supplying https:// explicitly.

I'm also curious - were you connecting via OAuth or Drupal Credentials? (You would need to explicitly pass a client_id to farmOS.py if using OAuth. I ask because to use OAuth with HTTP, you must also configure the OAUTHLIB_INSECURE_TRANSPORT environment variable to be True)

Can you share some of the code you are using to instantiate farmOS.py?

paul121 commented 4 years ago

Just getting another chance to think about this in regard to HTTPS... first, I would test and make sure you can load farmOS by going to https://farmos.local in your browser. If that doesn't work, then it seems like your certs may be configured incorrectly.

In the past I have had issues with SSL and Python, but the issue was a remote server that didn't support the latest versions of SSL, and the dependencies required for that SSL version not being installed locally... BUT that was unrelated to farmOS so I would be surprised if that is the problem here.

and712 commented 4 years ago

Good Morning :) Thank you for your fest response!

the url i connect to depends on if the reverse proxy is running or not. I didnt used the http:// or the https:// till now.

My command is just to run the test.py 

python .\test.py

the test.py file looks like this for localhost 

from farmOS import farmOS

hostname = "localhost"
username = "myusername"
password = "mysecurepassword"

farm_client = farmOS(
    hostname=hostname,
    username=username,
    password=password,
)

and for the nginx config

from farmOS import farmOS

hostname = "farmos.local"
username = "myusername"
password = "mysecurepassword"

farm_client = farmOS(
    hostname=hostname,
    username=username,
    password=password,
)

If so, try http://farmos.local. You could also try http://localhost - this should be the same that you use to visit in the browser. You can also try supplying https:// explicitly.

Sadly this didnt make any change with the nginx config enabled

Just getting another chance to think about this in regard to HTTPS... first, I would test and make sure you can load farmOS by going to https://farmos.local in your browser. If that doesn't work, then it seems like your certs may be configured incorrectly.

with chrome i can connect with https, but i also have installed the created cert. I think there is a problem between python, windows and knowing the certs.

The only Stackoverflow issue i found to that problem on Windows was this https://stackoverflow.com/questions/51925384/unable-to-get-local-issuer-certificate-when-using-requests-in-python/51925474 But i couldnt get it running with that help.

paul121 commented 4 years ago

I think there is a problem between python, windows and knowing the certs.

Thanks for the info @and712 ! I agree, this seems to be the problem.

I just found this: https://stackoverflow.com/questions/30405867/how-to-get-python-requests-to-trust-a-self-signed-ssl-certificate

With requests it looks like you can specify a cert with an environment variable:

export REQUESTS_CA_BUNDLE=/path/to/your/certificate.pem
python script.py

Normally you could specify the verify parameter directly in the requests call, but farmOS.py doesn't allow that parameter to be set.

r = requests.post(url, data=data, verify='/path/to/public_key.pem')

Hopefully the environment variable will work?

and712 commented 4 years ago

It didn't really helped me out. I couldn't get it to work till now, but i deployed my main server some days ago with a "real" cert. So the problem isn't solved for connection to a dev server, but this is more a python/windows problem then a problem with farmOS.py bib.

paul121 commented 4 years ago

@and712 glad to hear it's working with the deployed server. I haven't worked with local certs during development all that much. If I find myself doing so with farmOS I'll try and remember to test farmOS.py with it. But unfortunately I can't test it on Windows

Please report back if you are able to figure it out!

and712 commented 4 years ago

i invested some more time into this and came to the conclusion that it is a bad idea to use docker on windows. All problems i run into had nothing to do with farmOS or farmOS.py. It was just that many containers are not running well on windows or docker commands are not available on windows.

Solution: Dont use Docker on Windows. Setup a Linux VM and everything works fine :)