Closed MrDrew514 closed 5 months ago
dasviridov
commented
7 months ago You can manually create this app on unraid. Just add all paths, ports and env variables (with empty values) using "Add another Path, Port, Variable, Label or Device" link. You can get names of those params from docker-compose.yml in this repo.
I got it created. It runs but does not go beyond creating config and certs. I am yet to ask iainbullock for some details and can share my setup once I make it work.
MrDrew514
commented
7 months ago I'd really appreciate if you can share your setup once you get it working, thanks!
dasviridov
commented
7 months ago I got this fully working. So here you go:
Repository: iainbullock/tesla_http_proxy:latest
Network Type: Bridge Your HA instance should be able to access it using name not IP so they needs to be in the same network. My HA docker has "Host" network type for the reasons I don't remember already. Bridge and Host work together, Custom docker network and Host don't - as far as I remember. I could be wrong though.
Console shell command: Shell Privileged: OFF
Config Type: Variable
Name: CLIENT_ID
Key: CLIENT_ID
Value: leave blankConfig Type: Variable Name: CLIENT_SECRET Key: CLIENT_SECRET Value: leave blank
Config Type: Variable Name: DOMAIN Key: DOMAIN Value: leave blank
Config Type: Variable Name: PROXY_HOST Key: PROXY_HOST Value: leave blank
Config Type: Variable Name: REGION Key: REGION Value: leave blank
Config Type: Path Name: Data Container Path: /data Value: leave blank Host Path: /mnt/user/appdata/tesla_http_proxy Create a folder tesla_http_proxy in your appdata share where other docker apps have their config folders.
Config Type: Path Name: Data path Container Path: /data Host Path: /mnt/user/appdata/tesla_http_proxy
Config Type: Path Name: Nginx path Container Path: /share/nginx Host Path: /mnt/user/appdata/NginxProxyManager/nginx/tesla_http_proxy I use NginxProxyManager for my reverse proxies. You can use any other webservers capable of serving static files. If you have HA on unraid you probably should have one alrady. Create folder tesla_http_proxy inside your webserver appdata. For mine it nginx/tesla_http_proxy. This folder will serve .pem file later, so it should be accessible from you webserver setup. Containter path should stay as /share/nginx regardless of the webserver you use.
Config Type: Path Name: Nginx path Container Path: /share/home-assistant Host Path: /mnt/user/appdata/homeassistant/tesla_http_proxy Create folder tesla_http_proxy inside appdata folder of your HA docker where configuration.yaml is located.
Config Type: Port Name: Port 443 Container Port: 443 Host Port: 5443 In case of Bridge network type your 443 port on unraid will be occupied already. So pick any port that is not occupied. I picked 5443. This will be the port you enter in tesla integration in HA later.
Config Type: Port Name: Port 8099 Container Port: 8099 Host Port: 8099 This port wasn't occupied on my server.
4. Press APPLY. Wait for docker app to be created.
5. Run the new docker container. It will run for a few seconds and then stop. Look at logs. It will say edit config.sh. At this point it should create config.sh in /data and com.tesla.com.tesla.3p.public-key.pem inside /share/nginx. Last file is what we need our webserver to serve to make tesla happy.
6. Setup your webserver as following. I will use NginxProxyManager setting here but of outer servers idea will be the same.
For root path it should pointing to your docker app on port 8099
Domain Names: tesla.your_domain.io (use your domain)
Scheme: http
Forward Hostname / IP: ip of your unraid server if you picked up Bridge network type.
Forward Port: 8099
SSL: pick the one you have. I use cloudflare, but lets encrypt will also work.
HTTP/2 Support
Advanced: add followingadd_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
ssl_session_timeout 1d; ssl_session_cache shared:MozSSL:10m; ssl_session_tickets off;
proxy_buffering off;
location /.well-known/appspecific/com.tesla.3p.public-key.pem { root /config/nginx/tesla_http_proxy; try_files /com.tesla.3p.public-key.pem =404; }
Press save. Go to https://tesla.your_domain.io/.well-known/appspecific/com.tesla.3p.public-key.pem using your domain address. It should download the file. If it does - all good so far.
If it does not - check advanced section and make sure the path to the file is right. Root path https://tesla.your_domain.io wont work just yet as your container is not running.
7. Go to appdata share on your unraid and open config.sh inside tesla_http_proxy using any text editor. Change params there as following:CLIENT_ID=c35e... your client id from tesla developers app. No dots at the end, no quotes.
CLIENT_SECRET='ta-secret...' your secret from tesla developers app. Use single quotes! DOMAIN=tesla.your_domain.io Use domain you setup on tesla developers website when you create an app. No protocols no ports, just domain name.
PROXY_HOST=atlas In case of Bridge network type this will be the name of you unraid host.
REGION='North America, Asia-Pacific' This one works for US and Australia. Change for your region if needed. Don't forger single quotes. OPTIONS_COMPLETE=1
Save file. If you get Access Denied, go to this folder in Unraid web interface, click [+] on the right column and select Permission. Ensure it's Read/Write everywhere and press START. It will fix permissions for this file and you will be able to save changes.
8. Run docker container again. It will keep running this time. Open logs. If all good you'll see our app has got auth token from tesla.
9. Go to https://tesla.your_domain.io. It should be running now. Then follow the instructions in this repository authorise your app.
10. On setup tesla custom integration it will ask you for proxy host. Use https, the address of your unraid server with port 5443 (or the one you setup for port 443).
If all good at this point tesla custom integration will work as before. Keep tesla_http_proxy container running with Flask off.
Main address https://tesla.your_domain.io will be inaccessible. That's normal. We only need it to keep serving pem file and proxify our requests from HA. You can setup your webserver to return 404 on root page, if you wish. Thank you so much for this detailed writeup. I get to the point where the config.sh file is created but I don't see any com.tesla.com.tesla.3p.public-key.pem created inside my Nginx container. Do you have an idea why?
dasviridov
commented
7 months ago Check the Host Path you set. When using select path control in Unraid it adds trailing slash to the path. In docker-compose.yaml provided paths are without trailing slash. Not sure if that's the reason, but certain commands in Linux treat paths with and without trailing slash differently.
Try running container again. Maybe this file gets created on second run. While I was looking the way to get it all work I tried running many times. Look at the logs after running it.
If it still does not work - post logs here. Redact sensitive data out.
OMVMMG
commented
7 months ago Hi @iainbullock, thank you for developing this. I got it almost working but I let the refresh token expire. How do you get a new one?
iainbullock
commented
7 months ago There are various Apps. I use Auth for Tesla on iOS. Make sure you generate Fleet API tokens not Owners API tokens.
On Sat, 23 Mar 2024 at 15:01, MMG @.***> wrote:
Hi @iainbullock https://github.com/iainbullock, thank you for developing this. I got it almost working but I let the refresh token expire. How do you get a new one?
— Reply to this email directly, view it on GitHub https://github.com/iainbullock/tesla-http-proxy-docker/issues/19#issuecomment-2016518301, or unsubscribe https://github.com/notifications/unsubscribe-auth/AODIAOMWWNI4HRZMMT7YQ3LYZWKNBAVCNFSM6AAAAABE4U2XWCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAMJWGUYTQMZQGE . You are receiving this because you were mentioned.Message ID: @.***>
OMVMMG
commented
7 months ago When I set up the HA integration I get 'Credentials successfully connected to the Tesla API' but the integration fails to set up. I get this in the logs: 'WARNING (MainThread) [teslajsonpy.controller] Unable to load custom SSL certificate from /config/tesla_http_proxy/selfsigned.pem" Is there a way to manually test if the .pen file is being server by the Docker container? like going to https://myunraidservername:5443/selfsigned.pem ? Any help will be appreciated.
dasviridov
commented
7 months ago "/config/tesla_http_proxy/selfsigned.pem" points to file inside HA config folder, not inside config of this container. This key file is used by HA integration to call tesla_http_proxy container on https.
Check if you have this file inside tesla_http_proxy folder in you HA config folder. \unraid_server_name\appdata\homeassistant\tesla_http_proxy If not, check if you setup /share/home-assistant on container setup correctly. If all good with paths, maybe tesla_http_proxy can't put file there because of permissions issue. Try fixing permissions on HA config folder and run container again.
With tesla auth successful it seems like you've done the hardest part. Just need to make HA integration work and all will be over :)
OMVMMG
commented
7 months ago Thank you @dasviridov , it was the permissions. Sadly now I get this: 2024-03-25 21:18:41.392 DEBUG (MainThread) [teslajsonpy.connection] Successfully refreshed oauth 2024-03-25 21:18:41.392 DEBUG (MainThread) [teslajsonpy.connection] get: https://myunraidserver:5443/api/1/products {} 2024-03-25 21:18:46.325 DEBUG (MainThread) [teslajsonpy.connection] Token expiration in 7:59:55 2024-03-25 21:18:46.325 DEBUG (MainThread) [teslajsonpy.connection] get: https://myunraidserver:5443/api/1/products {} 2024-03-25 21:18:48.358 DEBUG (MainThread) [teslajsonpy.connection] Token expiration in 7:59:53 2024-03-25 21:18:48.358 DEBUG (MainThread) [teslajsonpy.connection] get: https://myunraidserver:5443/api/1/products {} 2024-03-25 21:18:52.674 DEBUG (MainThread) [teslajsonpy.connection] Token expiration in 7:59:49 2024-03-25 21:18:52.675 DEBUG (MainThread) [teslajsonpy.connection] get: https://myunraidserver:5443/api/1/products {} 2024-03-25 21:19:01.691 DEBUG (MainThread) [custom_components.tesla_custom] <ssl.SSLContext object at 0x7f1c301da050> 2024-03-25 21:19:01.702 DEBUG (MainThread) [teslajsonpy.controller] 552 endpoints loaded 2024-03-25 21:19:01.702 DEBUG (MainThread) [teslajsonpy.connection] Token expiration in -19808 days, 2:40:59 2024-03-25 21:19:01.702 DEBUG (MainThread) [teslajsonpy.connection] Oauth expiration detected 2024-03-25 21:19:01.702 DEBUG (MainThread) [teslajsonpy.connection] Refreshing access token with refresh_token 2024-03-25 21:19:02.379 DEBUG (MainThread) [teslajsonpy.connection] Unable to refresh sso oauth token 2024-03-25 21:19:02.379 DEBUG (MainThread) [teslajsonpy.connection] Auth returned {'error': 'login_required', 'error_description': 'Login required', 'referenceID': '3d65aa18-c387-4ffa-a9af-e19a97fefd5c-1716895242202'}
dasviridov
commented
7 months ago I guess your original refresh_token from tesla has expired. As far as I know it is valid for 8 hours. So you need to successfully setup HA integration within 8 hours after your get authenticated with tesla. Otherwise you need to obtain access and refresh tokens from tesla again. Once you do that, the HA integration will be doing it itself as long as HA and tesla_proxy are both running.
Also see troubleshooting section in docs. It leads to some discussion about that.
Anyway if you want to run tesla auth again, you need to remove access_token file and rerun container. (As I didn't do it myself I recommend to just move this file somewhere else for now without actually removing it.) It will start Flask Server on port 8099 again and you should have option to re-auth with tesla. This time you probably should only re-auth with tesla, no need to scan QR code. Then take contents of refresh_token and paste it into HA integration.
I might be wrong though, as I only assume how it all works. But that's what I would do in your case. I had troubles with getting tesla auth working, but after that HA integration part went smoothly. And now it all works by itself for a few days. So it worth the hassle.
PS: don't forget to stop Flask server once it all works, as all commands you see there are exposed to the internet.
OMVMMG
commented
7 months ago @dasviridov Your procedure work in for restarting the Flask server and generate new access and refresh tokens but again I get this:
2024-03-26 09:41:20.864 WARNING (MainThread) [custom_components.tesla_custom.config_flow] Unable to communicate with Tesla HTTP Proxy addon
--->>> --->>> I'm guessing this is the HA addon which is not really needed as later it succesfully refreshed <<<--- --->>>
2024-03-26 09:42:26.841 DEBUG (MainThread) [teslajsonpy.connection] Successfully refreshed oauth 2024-03-26 09:42:26.841 DEBUG (MainThread) [teslajsonpy.connection] get: https://myunraidserver:5443/api/1/products {} 2024-03-26 09:42:31.779 DEBUG (MainThread) [teslajsonpy.connection] Token expiration in 7:59:55 2024-03-26 09:42:31.779 DEBUG (MainThread) [teslajsonpy.connection] get: https://poopiedoopie:5443/api/1/products {} 2024-03-26 09:42:34.576 DEBUG (MainThread) [teslajsonpy.connection] Token expiration in 7:59:52 2024-03-26 09:42:34.576 DEBUG (MainThread) [teslajsonpy.connection] get: https://myunraidserver:5443/api/1/products {} 2024-03-26 09:42:39.138 DEBUG (MainThread) [teslajsonpy.connection] Token expiration in 7:59:47 2024-03-26 09:42:39.138 DEBUG (MainThread) [teslajsonpy.connection] get: https://myunraidserver:5443/api/1/products {} 2024-03-26 09:42:48.148 DEBUG (MainThread) [custom_components.tesla_custom] <ssl.SSLContext object at 0x7f1c301da050> 2024-03-26 09:42:48.159 DEBUG (MainThread) [teslajsonpy.controller] 552 endpoints loaded 2024-03-26 09:42:48.159 DEBUG (MainThread) [teslajsonpy.connection] Token expiration in -19809 days, 14:17:12 2024-03-26 09:42:48.159 DEBUG (MainThread) [teslajsonpy.connection] Oauth expiration detected 2024-03-26 09:42:48.159 DEBUG (MainThread) [teslajsonpy.connection] Refreshing access token with refresh_token 2024-03-26 09:42:48.649 DEBUG (MainThread) [teslajsonpy.connection] Unable to refresh sso oauth token
How can Oauth expire so quickly?
dasviridov
commented
7 months ago @OMVMMG, not sure how HA integration detects tokens expiration. The token itself we supply to HA is just hash without any metadata. Maybe during the first run HA integration just refreshes it itself straightaway and then saves it somewhere with expiry date. At this point expiration date is known and tokens will start refreshing once every few hours. That would explain message in logs that token expired 19809 days ago. It comes to 1970, which in linux world is min supported value of date type. It's usually used when value is unknown or null. So it might be a valid behavior of HA integration to refresh token on first run. However the reason refresh token was failed is unknown. It's not shown in the logs you provided.
I would check following:
The logs you show are the ones from HA. Look at the logs for tesla-http-proxy container. You can get logs by clicking on container's icon in unraid and selecting Logs menu item. What do you see there?
Check that you indeed gave HA a new refresh token.
Check time zone in both HA and tesla-http-proxy. They should probably match for refresh tokens to work correctly. But that is just a guess, so it may be irrelevant.
Check that your tesla-http-proxy still returns com.tesla.3p.public-key.pem on https://your_domain_name/.well-known/appspecific/com.tesla.3p.public-key.pem Tesla checks this file as part of domain ownership checks.
By your logs it seems like your auth with tesla works, your access from HA to tesla-http-proxy also works. So all the dance with certs and keys is done. However for some reason tesla-http-proxy can not refresh token with tesla when HA askes for it. tesla-http-proxy logs should give you details on what's going on, as it logs all requests from HA and corresponding requests to tesla.
OMVMMG
commented
7 months ago @dasviridov @iainbullock I'm at my wit's end with one. I will try to change the Docker container timezone and try to find where the HA integration keeps the refresh tokens. Thanks for all your help.
Do not listen on a network interface without adding client authentication. Unauthorized clients may be used to create excessive traffic from your IP address to Tesla's servers, which Tesla may respond to by rate limiting or blocking your connections. 2024-03-26T05:28:35Z [debug] Creating proxy 2024-03-26T05:28:35Z [info ] Listening on 0.0.0.0:443 Configuration Options are: CLIENT_ID=xxxxxxxxxxxxxxxxxxxxxxx CLIENT_SECRET=Not Shown DOMAIN=tesla.mydomain.com PROXY_HOST=UnraidServerName REGION=North America, Asia-Pacific Found existing keypair Starting Tesla HTTP Proxy
The new integration logs from HA are:
2024-03-26 17:03:52.854 DEBUG (MainThread) [custom_components.tesla_custom.config_flow] Credentials successfully connected to the Tesla API 2024-03-26 17:03:52.855 DEBUG (MainThread) [custom_components.tesla_custom] <ssl.SSLContext object at 0x7f1c301da050> 2024-03-26 17:03:52.866 DEBUG (MainThread) [teslajsonpy.controller] 552 endpoints loaded 2024-03-26 17:03:52.866 DEBUG (MainThread) [teslajsonpy.connection] Token expiration in -19809 days, 6:56:08 2024-03-26 17:03:52.866 DEBUG (MainThread) [teslajsonpy.connection] Oauth expiration detected 2024-03-26 17:03:52.866 DEBUG (MainThread) [teslajsonpy.connection] Refreshing access token with refresh_token 2024-03-26 17:03:53.534 DEBUG (MainThread) [teslajsonpy.connection] Saved new auth info {'access_token': 'eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpmNvbSIsImh0dHBzOi8vYXV0aC50ZXNsYS5jb20vb2F1dGgyL3YzL3VzZXJpbmZvIl0sInNjcCI6WyJvZmZsaW5lX2FjY2VzcyIsIm9wZW5pZCIsInZlaGljbGVfY21kcyIsInZlaGljbGVfY2hhcmdpbmdfY21kcyJdLCJhbXIiOlsicHdkIiwibWZhIiwib3RwIl0sImV4cCI6MTcxMTQ2MTgzMywiaWF0IjoxNzExNDMzMDMzLCJvdV9jb2RlIjoiTkEiLCJsb2NhbGUiOiJlbi1BVSIsImF1dGhfdGltZSI6MTcxMTQzMzAzMywibm9uY2UiOiJhY2IxZWVkNzk2MmE0NmZlOWIxMzlhNWRkMDBmNzZmMCJ9.fy_eTRyHP0AgIIUummphKZgW0YhWjNXDITnTtELFf_kOyHoePexQBQJRUIgf1wtwwMBYmeSHU0FIlsCdHH2EFYklWo0rRqOqenevLcILn6yaeRsJXiqrq8O5IHF98xdejKUJK-ryA9124snbqUVIuHVcPVNucFnsEOvNPm8FOzQLLNU2jTUk_a5LwoE0jeXq4M-IWm76sHTkCcg', 'refresh_token': 'NA_97e1b9fdfa2b4251ee3c47005164972913265f814a338cb03d447afc3a91165c', 'expires_in': 1711501432} 2024-03-26 17:03:53.534 DEBUG (MainThread) [teslajsonpy.connection] Successfully refreshed oauth 2024-03-26 17:03:53.535 DEBUG (MainThread) [teslajsonpy.connection] get: https://unraidserver:5443/api/1/products {} 2024-03-26 17:03:58.752 DEBUG (MainThread) [teslajsonpy.connection] Token expiration in 7:59:55 2024-03-26 17:03:58.752 DEBUG (MainThread) [teslajsonpy.connection] get: https://unraidserver:5443/api/1/products {} 2024-03-26 17:04:01.049 DEBUG (MainThread) [teslajsonpy.connection] Token expiration in 7:59:52 2024-03-26 17:04:01.049 DEBUG (MainThread) [teslajsonpy.connection] get: https://unraidserver:5443/api/1/products {} 2024-03-26 17:04:05.535 DEBUG (MainThread) [teslajsonpy.connection] Token expiration in 7:59:48 2024-03-26 17:04:05.535 DEBUG (MainThread) [teslajsonpy.connection] get: https://unraidserver:5443/api/1/products {} 2024-03-26 17:04:14.319 DEBUG (MainThread) [custom_components.tesla_custom] <ssl.SSLContext object at 0x7f1c301da050> 2024-03-26 17:04:14.331 DEBUG (MainThread) [teslajsonpy.controller] 552 endpoints loaded 2024-03-26 17:04:14.331 DEBUG (MainThread) [teslajsonpy.connection] Token expiration in -19809 days, 6:55:46 2024-03-26 17:04:14.331 DEBUG (MainThread) [teslajsonpy.connection] Oauth expiration detected 2024-03-26 17:04:14.331 DEBUG (MainThread) [teslajsonpy.connection] Refreshing access token with refresh_token 2024-03-26 17:04:14.807 DEBUG (MainThread) [teslajsonpy.connection] Unable to refresh sso oauth token 2024-03-26 17:04:14.807 DEBUG (MainThread) [teslajsonpy.connection] Auth returned {'error': 'login_required', 'error_description': 'Login required', 'referenceID': '2343498sdkj0b-314sdk-34dfd3d-485c0a017d-17114330234781'}
dasviridov
commented
7 months ago It seems like you initially had successfully triggered refresh token from HA side and got new access token. However then in 10 seconds HA side triggers token refresh again. And seems like it uses old token with no expiration date. I read in the other thread, that after you use refresh token to get access token (and request was successful), original refresh token is removed on tesla side and is no longer being treated as valid. That means you can't do refresh token routine twice using the same token.
Is by any chance you have multiple tesla products (eg car and battery) and you want to connect both using custom tesla integration? If so that might be a bug on custom tesla integration side which creates race condition on refresh token routine running twice.
OMVMMG
commented
7 months ago The Tesla app scope had access to other energy products. So I created a new one and replaced the data in the Docker container. The Docker container is giving me this errors and it doesn't start: 10:48:34] main:INFO: Registering Tesla account [10:48:36] main:ERROR: Error 424: Failed Dependency [10:49:59] main:INFO: Generating Partner Authentication Token [10:49:59] main:INFO: {"access_token":"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InE0dHg3Q1UyYzI2V1BiemwxZjZjanM3QnhzayJ9.eyJndHkiOiJjbGllbnQtY3JlZGVWaC3GpQn-424n6Lae34V2nVfugvMiTChQFb-FA","expires_in":28800,"token_type":"Bearer"} [10:49:59] main:INFO: Registering Tesla account [10:50:03] main:ERROR: Error 422: Unprocessable Entity
dasviridov
commented
7 months ago In this case probably a good idea would be a clean start.
Disable tesla HA integration, so it won't interfere while you messing with tesla auth again.
Rename/remove contents of folder \uraid_server\appadata\tesla-http-proxy-docker and contents inside nginx and HA configs. Fix permissions if unraid will not allow you to do that.
Start tesla-http-proxy-docker container. It will generate config.sh and keys.
Edit config and start container again.
Go your tesla.mydomain.com address and do tesla auth part including QR scan.
Obtain refresh token.
Setup HA integration again with new refresh token.
Below are scopes for my app on tesla.
Also on setting up HA integration I had "Include energy products" (I think it's called that way) unticked. I am using official tesla integration for Powerwall. So just the car goes though tesla custom integration.
OMVMMG
commented
7 months ago Does the container also create selfsigned.pem on first start? I can't see it anywhere.
dasviridov
commented
7 months ago I think so, but I am not sure. As far as I understand this key is needed for communication between HA integration and tesla-http-proxy-docker using https. It needs to be in HA config folder so HA integration can load it.
Maybe it gets created at some point later on, as it's not needed until HA integration setup step. However the folder \unraidserver\homeassistant\tesla_http_proxy should exist for for it to create this file there. So if you removed it to do clean run, create this folder again and fix permissions if needed.
I bet for permissions.
OMVMMG
commented
7 months ago @iainbullock any ideas of what's going on in these logs?
raceback (most recent call last):
File "/usr/lib/python3.11/site-packages/urllib3/connectionpool.py", line 467, in _make_request
six.raise_from(e, None)
File "
During handling of the above exception, another exception occurred:
Traceback (most recent call last): File "/usr/lib/python3.11/site-packages/requests/adapters.py", line 486, in send resp = conn.urlopen( ^^^^^^^^^^^^^ File "/usr/lib/python3.11/site-packages/urllib3/connectionpool.py", line 799, in urlopen retries = retries.increment( ^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.11/site-packages/urllib3/util/retry.py", line 550, in increment raise six.reraise(type(error), error, _stacktrace) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.11/site-packages/urllib3/packages/six.py", line 770, in reraise raise value File "/usr/lib/python3.11/site-packages/urllib3/connectionpool.py", line 715, in urlopen httplib_response = self._make_request( ^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.11/site-packages/urllib3/connectionpool.py", line 469, in _make_request self._raise_timeout(err=e, url=url, timeout_value=read_timeout) File "/usr/lib/python3.11/site-packages/urllib3/connectionpool.py", line 358, in _raise_timeout raise ReadTimeoutError( urllib3.exceptions.ReadTimeoutError: HTTPSConnectionPool(host='fleet-api.prd.na.vn.cloud.tesla.com', port=443): Read timed out. (read timeout=30)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/app/run.py", line 151, in
iainbullock
commented
7 months ago I will have a look and reply during lunch break in UK.
On Wed, 27 Mar 2024 at 11:02, MMG @.***> wrote:
@iainbullock https://github.com/iainbullock any ideas of what's going on in these logs?
raceback (most recent call last): File "/usr/lib/python3.11/site-packages/urllib3/connectionpool.py", line 467, in _make_request six.raise_from(e, None) File "", line 3, in raise_from File "/usr/lib/python3.11/site-packages/urllib3/connectionpool.py", line 462, in _make_request httplib_response = conn.getresponse() ^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.11/http/client.py", line 1390, in getresponse response.begin() File "/usr/lib/python3.11/http/client.py", line 325, in begin version, status, reason = self._read_status() ^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.11/http/client.py", line 286, in _read_status line = str(self.fp.readline(_MAXLINE + 1), "iso-8859-1") ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.11/socket.py", line 706, in readinto return self._sock.recv_into(b) ^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.11/ssl.py", line 1314, in recv_into return self.read(nbytes, buffer) ^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.11/ssl.py", line 1166, in read return self._sslobj.read(len, buffer) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ TimeoutError: The read operation timed out
During handling of the above exception, another exception occurred:
Traceback (most recent call last): File "/usr/lib/python3.11/site-packages/requests/adapters.py", line 486, in send resp = conn.urlopen( ^^^^^^^^^^^^^ File "/usr/lib/python3.11/site-packages/urllib3/connectionpool.py", line 799, in urlopen retries = retries.increment( ^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.11/site-packages/urllib3/util/retry.py", line 550, in increment raise six.reraise(type(error), error, _stacktrace) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.11/site-packages/urllib3/packages/six.py", line 770, in reraise raise value File "/usr/lib/python3.11/site-packages/urllib3/connectionpool.py", line 715, in urlopen httplib_response = self._make_request( ^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.11/site-packages/urllib3/connectionpool.py", line 469, in _make_request self._raise_timeout(err=e, url=url, timeout_value=read_timeout) File "/usr/lib/python3.11/site-packages/urllib3/connectionpool.py", line 358, in _raise_timeout raise ReadTimeoutError( urllib3.exceptions.ReadTimeoutError: HTTPSConnectionPool(host=' fleet-api.prd.na.vn.cloud.tesla.com', port=443): Read timed out. (read timeout=30)
During handling of the above exception, another exception occurred:
Traceback (most recent call last): File "/app/run.py", line 151, in retval = _main() ^^^^^^^ File "/app/run.py", line 134, in _main req = requests.post( ^^^^^^^^^^^^^^ File "/usr/lib/python3.11/site-packages/requests/api.py", line 115, in post return request("post", url, data=data, json=json, kwargs) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.11/site-packages/requests/api.py", line 59, in request return session.request(method=method, url=url, kwargs) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.11/site-packages/requests/sessions.py", line 589, in request resp = self.send(prep, send_kwargs) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.11/site-packages/requests/sessions.py", line 703, in send r = adapter.send(request, kwargs) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.11/site-packages/requests/adapters.py", line 532, in send raise ReadTimeout(e, request=request) requests.exceptions.ReadTimeout: HTTPSConnectionPool(host=' fleet-api.prd.na.vn.cloud.tesla.com', port=443): Read timed out. (read timeout=30)
— Reply to this email directly, view it on GitHub https://github.com/iainbullock/tesla-http-proxy-docker/issues/19#issuecomment-2022487239, or unsubscribe https://github.com/notifications/unsubscribe-auth/AODIAONA37P5ZJEMLSRW2RTY2KRLPAVCNFSM6AAAAABE4U2XWCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAMRSGQ4DOMRTHE . You are receiving this because you were mentioned.Message ID: @.***>
iainbullock
commented
7 months ago @OMVMMG It seems the script can't connect to fleet-api.prd.na.vn.cloud.tesla.com. Interestingly I tried shortly after you sent your message to connect to the via my web browser https://fleet-api.prd.na.vn.cloud.tesla.com and it also failed to connect (timeout). I tried just before and it now connects (you get 'Page not found'). Please can you clear out /data directory and try again. Are you located in the NA region?
OMVMMG
commented
7 months ago @iainbullock I'm located in Australia. I'm still getting the same logs after clearing everything
iainbullock
commented
7 months ago What do you get if you try https://fleet-api.prd.na.vn.cloud.tesla.com/ in a web browser? Also can you get a command line on your container host, and also try connecting via curl. e.g. curl https://fleet-api.prd.na.vn.cloud.tesla.com/ should return 'Page not found'
OMVMMG
commented
7 months ago @iainbullock I do get the 'Page not found' through my browser
OMVMMG
commented
7 months ago I also get 'Page not found' through the command line
iainbullock
commented
7 months ago Very strange, I would like to do the same from the container command line itself using docker exec -it continaer-id /bin/sh However I suspect the container stops running so you can't connect to it (we can get round this), but also curl isn't included in the build.
A few things for you to try (sorry I have to go back to work shortly and the time zone doesn't help us - it's 1pm UK time here what time is it for you?):
Choose a different region in /data/config.sh, and try again
What version of the docker image have you got (from dockerhub)?
I'll give it some more thought and come back to you later
OMVMMG
commented
7 months ago @iainbullock Changing the region allowed me to connect and the container to run. I get the OAuth token but it doesn't allow me to enrol the public key in my vehicle: 'Third party isn't registered with Tesla'. I'm guessing it is because of the region change.
iainbullock
commented
7 months ago Probably the region change won't allow the enrollment of the key, which is understandable.
If the container is now staying up, maybe try to connect to it and get a command line:
docker ps this lists the container-ids on your host
docker exec -it container-id-of-the-proxy /bin/sh
You can then issue commands to try to diagnose what the issue is.E.g. breakdown part of run.py to see where it fails (clue is in your original error log)
Seems strange that the na region isn't working. Might be a temporary problem but I doubt it...
On Wed, 27 Mar 2024 at 13:14, MMG @.***> wrote:
@iainbullock https://github.com/iainbullock Changing the region allowed me to connect and the container to run. I get the OAuth token but it doesn't allow me to enrol the public key in my vehicle: 'Third party isn't registered with Tesla'. I'm guessing it is because of the region change.
— Reply to this email directly, view it on GitHub https://github.com/iainbullock/tesla-http-proxy-docker/issues/19#issuecomment-2022737204, or unsubscribe https://github.com/notifications/unsubscribe-auth/AODIAOPWB32AJDGK6TFN6BLY2LA3TAVCNFSM6AAAAABE4U2XWCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAMRSG4ZTOMRQGQ . You are receiving this because you were mentioned.Message ID: @.***>
dasviridov
commented
7 months ago I am also in Australia, and it works with 'North America, Asia-Pacific' region for me.
I see a bunch of fresh requests to https://fleet-api.prd.na.vn.cloud.tesla.com/api/1/products in tesla-http-proxy-docker logs.
iainbullock
commented
7 months ago Just thinking could the na server be blocking your IP if you’ve had several unsuccessful connections?. I’m sure this happened to me in the early day of testing this on the eu server. It started working again the next day. I can support later….
On Wed, 27 Mar 2024 at 13:27, Dmitrii Sviridov @.***> wrote:
I am also in Australia, and it works with 'North America, Asia-Pacific' region for me.
I see a bunch of fresh requests to https://fleet-api.prd.na.vn.cloud.tesla.com/api/1/products in tesla-http-proxy-docker logs.
— Reply to this email directly, view it on GitHub https://github.com/iainbullock/tesla-http-proxy-docker/issues/19#issuecomment-2022767340, or unsubscribe https://github.com/notifications/unsubscribe-auth/AODIAOIUNSZLT24UVIJJ4ZDY2LCMDAVCNFSM6AAAAABE4U2XWCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAMRSG43DOMZUGA . You are receiving this because you were mentioned.Message ID: @.***>
dasviridov
commented
7 months ago Temporal ban might be true. However normal API apps should return "HTTP 429 To many requests" or something more or less clear in this case. But there might be gateway / load balancer in front of the app, and it might not care to return any specific error status.
I would stop container for now, wait for a few hours, or ideally till the next day and then try again.
OMVMMG
commented
7 months ago @iainbullock @dasviridov thank you both for your help. I was thinking about a temporary ban for excessive request too. I'll rest it for a while and report back. Have a good weekend.
iainbullock
commented
7 months ago @OMVMMG did you try it today? Hoping it worked!
OMVMMG
commented
7 months ago @iainbullock I'm away for a couple of days. I'll try and report when I'm back.
OMVMMG
commented
7 months ago @iainbullock I tried again and it seems it was a temporary ban. The authentication works now and the Flask server launches. However, when I click on the 3. Register Partner account button I get an error:
Not Found The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again.
The logs show this: [07:31:14] werkzeug:INFO: 172.17.0.1 - - [02/Apr/2024 07:31:14] "GET /generate-partner-token HTTP/1.1" 404 - [07:32:34] main:ERROR: 404 Not Found: The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again.
dasviridov
commented
7 months ago I don't remember doing this. Can you point where exactly you see this action?
iainbullock
commented
7 months ago There's an extra step in the config flow since version v1.0.4, which incorporates this PR https://github.com/iainbullock/tesla-http-proxy-docker/pull/30
I haven't looked at OMVMMG's issue yet so can't comment whether this could be a factor. The previous version v1.0.3 has the original config flow.
Just one quick check: let's see if your public key endpoint is working - can you share the URL and I can see if I can access it (there isn't a security risk as it's a public key). Mine is at https://tesla.geekleader.co.uk/.well-known/appspecific/com.tesla.3p.public-key.pem
On Tue, 2 Apr 2024 at 13:11, Dmitrii Sviridov @.***> wrote:
I don't remember doing this. Can you point where exactly you see this action?
— Reply to this email directly, view it on GitHub https://github.com/iainbullock/tesla-http-proxy-docker/issues/19#issuecomment-2031876267, or unsubscribe https://github.com/notifications/unsubscribe-auth/AODIAOKP7ODBOQTFKR4AB43Y3KN63AVCNFSM6AAAAABE4U2XWCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAMZRHA3TMMRWG4 . You are receiving this because you were mentioned.Message ID: @.***>
dasviridov
commented
7 months ago @iainbullock, sorry to bother you, but I also hit the snag :-(
After upgrading this container or tesla custom integration or both, or maybe because of a few restarts of HA container for unrelated reasons, I've got HA integration stopped working and prompting me to setup proxy again. I guess it's because refresh token routine failed. I can't really tell the exact reason, as it was not right after the upgrades and I was doing some other work on my HA.
So I removed access_token file and restarted proxy container. At Flask interface I now see a new step 3. Register Partner Account, which also returns 404 for me as @OMVMMG mentioned.
I did all other steps, got refresh token and tried to setup HA integration again. At this point I got Auth return {'error': 'login_required', 'error_description': 'Login required',... It mentioned 3 times in logs, exactly like OMVMMG had the other day, before temporal ban.
So questions so far:
dasviridov
commented
7 months ago My /well-known/appspecific/com.tesla.3p.public-key.pem, which is step 2 at Flask app, returns the public key fine.
iainbullock
commented
7 months ago I’m away at the moment so can’t attempt to recreate the problem. Please could you revert to v1.0.3 to see if the problem goes away. I will get back to you when I can. Thanks
On Tue, 2 Apr 2024 at 17:40, Dmitrii Sviridov @.***> wrote:
@iainbullock https://github.com/iainbullock, sorry to bother you, but I also hit the snag :-(
After upgrading this container or tesla custom integration or both, or maybe because of a few restarts of HA container for unrelated reasons, I've got HA integration stopped working and prompting me to setup proxy again. I guess it's because refresh token routine failed. I can't really tell the exact reason, as it was not right after the upgrades and I was doing some other work on my HA.
So I removed access_token file and restarted proxy container. At Flask interface I now see a new step 3. Register Partner Account, which also returns 404 for me as @OMVMMG https://github.com/OMVMMG mentioned.
I did all other steps, got refresh token and tried to setup HA integration again. At this point I got Auth return {'error': 'login_required', 'error_description': 'Login required',... It mentioned 3 times in logs, exactly like OMVMMG had the other day, before temporal ban.
So questions so far:
- What does this action Register Partner Account really mean? If it is explained elsewhere, please point me.
- Do we need this step?
- Could it be a reason I've got auth issues on HA side?
- What should we do?
— Reply to this email directly, view it on GitHub https://github.com/iainbullock/tesla-http-proxy-docker/issues/19#issuecomment-2032545732, or unsubscribe https://github.com/notifications/unsubscribe-auth/AODIAOPV4SDQ73Q7WFSGM7TY3LNP5AVCNFSM6AAAAABE4U2XWCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAMZSGU2DKNZTGI . You are receiving this because you were mentioned.Message ID: @.***>
iainbullock
commented
7 months ago @OMVMMG https://github.com/OMVMMG reason for asking was that Step 2 is most likely doing the test from a host on your LAN. Can you test your URL from a host on the internet? Either yourself eg using a cellular connection or share the URL and I can do it. Thanks
On Tue, 2 Apr 2024 at 17:45, Dmitrii Sviridov @.***> wrote:
My /well-known/appspecific/com.tesla.3p.public-key.pem, which is step 2 at Flask app, returns the public key fine.
— Reply to this email directly, view it on GitHub https://github.com/iainbullock/tesla-http-proxy-docker/issues/19#issuecomment-2032556154, or unsubscribe https://github.com/notifications/unsubscribe-auth/AODIAOLHBAU5CQNXA5MWHJDY3LOCHAVCNFSM6AAAAABE4U2XWCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAMZSGU2TMMJVGQ . You are receiving this because you were mentioned.Message ID: @.***>
dasviridov
commented
7 months ago I reverted back to v1.0.3, did authentication with Tesla and setup HA integration again with new refresh token. It works! So seems like something is wrong with v1.0.4
@OMVMMG, please try v1.0.3
In unraid edit container, in Repository enter iainbullock/tesla_http_proxy:v1.0.3 and press Done. Don't make mistakes there, as if something is wrong, unraid app will be treated as failed to setup, and you will have to do everything from scratch. Maybe there is an option to edit it somehow again, but I didn't find it.
Fix permissions in all 3 containers config folders just in case.
Do Tesla authentication.
There is no step 3. Register Partner account in Flask app in this version of container. So skip this.
Setup HA integration as usual.
iainbullock
commented
7 months ago @dasviridov many thanks for confirming this, and sorry for breaking something in the last release. I will update the README to recommend use of v1.0.3 until I'm able to investigate and fix
dasviridov
commented
7 months ago Happy to help.
OMVMMG
commented
7 months ago @iainbullock @dasviridov I had finally time to try again and I got "Error 422: Unprocessable Entity". My guess I'm still banned from when I tried with version 1.0.4. Last time it took 3 days.
jesserockz
commented
7 months ago My bad, sorry for messing that up. I must have renamed the endpoint while doing some final code tidyup in #30 and forgot to rename it in the index file. Looks like @iainbullock has fixed it now. :pray:
iainbullock
commented
7 months ago @jesserockz no worries these things happen! I've released v1.0.5 which fixes this problem
@OMVMMG I'm back after being away for a few days. Let me know if you still need support
OMVMMG
commented
7 months ago @iainbullock thank you. I'm myself away for a few days. I'll report when I get back.
OMVMMG
commented
7 months ago @iainbullock @dasviridov for some reason the only app (Tesla developer) that works is the one I added access to energy products. The other I have created only for vehicle access gives me an error 422: Unprocessable Entity There is an app I created with only vehicle access but it only works with the Europe zone and then I cannot register it via the Tesla phone app. I have even created an identical one to the one that works with energy product and it also gives me an error 422. Quite strange the whole thing.
Would appreciate if someone could convert this project to an unraid app