search

nlef / moonraker-telegram-bot

Telegram bot to interact with Moonraker (Klipper Web API Server)
Creative Commons Zero v1.0 Universal
245 stars 64 forks source link

ssl support for websocket and http requests #307

Closed nlef closed 2 months ago

nlef commented 6 months ago

Added ssl support

273

new configuration params in [bot] section:

nlef commented 6 months ago

@HinataKato pls check this pr. SSL now should work correctly.

HinataKato commented 5 months ago

@HinataKato pls check this pr. SSL now should work correctly.

Sorry for being this late, haven't had time lately

Looks like disabled certificates aren't working correctly? If ssl_validate=true, I get

urllib3.connection - WARNING - Certificate did not match expected hostname blablabla

Seems pretty normal right? But when I set it to false, I get

/moonraker-telegram-bot-env/lib/python3.11/site-packages/urllib3/connectionpool.py:1061: InsecureRequestWarning: Unverified HTTPS request is being made to host '127.0.0.1'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warnings websocket - ERROR - [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: IP address mismatch, certificate is not valid for '127.0.0.1'. (_ssl.c:992) - goodbye

And the SSL part seems didn't work either. I set the server to my domain and got this

websocket_helper - ERROR - Handshake status 502 Bad Gateway websocket - ERROR - Handshake status 502 Bad Gateway - goodbye websocket_helper - INFO - WebSocket closed

(My moonraker is working normally btw, I can access the info page for the SSL enabled port)

nlef commented 5 months ago

@HinataKato I fixed errors related to certificate settings. Please check again

krawa commented 4 months ago 
Current Moonraker telegram bot config
[bot]
server = 192.168.0.107
port = 443
ssl = true
ssl_validate = false
user = kkkk
password = tkertdfgdfg
debug = true

2024-04-24 15:01:33,136 - apscheduler.scheduler - INFO - base.py:166 - Scheduler started
2024-04-24 15:01:33,138 - apscheduler.scheduler - DEBUG - base.py:940 - Looking for jobs to run
2024-04-24 15:01:33,141 - apscheduler.scheduler - DEBUG - base.py:1016 - No jobs; waiting until a job is added
2024-04-24 15:01:34,151 - klippy - ERROR - klippy.py:154 - Unauthorized
2024-04-24 15:01:34,158 - apscheduler.scheduler - INFO - base.py:166 - Scheduler started
2024-04-24 15:01:34,163 - apscheduler.scheduler - DEBUG - base.py:940 - Looking for jobs to run
2024-04-24 15:01:34,173 - apscheduler.scheduler - DEBUG - base.py:1016 - No jobs; waiting until a job is added
2024-04-24 15:01:34,539 - klippy - DEBUG - klippy.py:249 - JWT token expired, refreshing...
2024-04-24 15:01:34,958 - klippy - ERROR - klippy.py:253 - Unauthorized
2024-04-24 15:01:36,033 - klippy - DEBUG - klippy.py:249 - JWT token expired, refreshing...
2024-04-24 15:01:36,442 - klippy - ERROR - klippy.py:253 - Unauthorized
2024-04-24 15:01:36,448 - klippy - WARNING - klippy.py:485 - Failed adding announcements bot feed.

Unauthorized
2024-04-24 15:01:37,146 - apscheduler.scheduler - INFO - base.py:881 - Added job "WebSocketHelper.reshedule" to job store "default"
2024-04-24 15:01:37,149 - apscheduler.scheduler - DEBUG - base.py:940 - Looking for jobs to run
2024-04-24 15:01:37,153 - apscheduler.scheduler - DEBUG - base.py:1019 - Next wakeup is due at 2024-04-24 15:01:39.144630+03:00 (in 1.992009 seconds)
2024-04-24 15:01:37,183 - websocket_helper - ERROR - websocket_helper.py:80 - Handshake status 401 Unauthorized -+-+- {'server': 'nginx/1.22.1', 'date': 'Wed, 24 Apr 2024 12:01:37 GMT', 'content-type': 'text/html', 'content-length': '179', 'connection': 'keep-alive', 'www-authenticate': 'Basic realm="Go away!"'} -+-+- b'<html>\r\n<head><title>401 Authorization Required</title></head>\r\n<body>\r\n<center><h1>401 Authorization Required</h1></center>\r\n<hr><center>nginx/1.22.1</center>\r\n</body>\r\n</html>\r\n'
2024-04-24 15:01:37,185 - websocket_helper - INFO - websocket_helper.py:73 - WebSocket closed
2024-04-24 15:01:37,187 - __main__ - INFO - main.py:1221 - Exiting! Moonraker connection lost!
2024-04-24 15:01:37,189 - apscheduler.scheduler - INFO - base.py:198 - Scheduler has been shut down
krawa commented 4 months ago 
Current Moonraker telegram bot config
[bot]
server = 192.168.0.107
port = 443
ssl = true
ssl_validate = false
user = kkkk
password = tkertdfgdfg
debug = true

2024-04-24 15:01:33,136 - apscheduler.scheduler - INFO - base.py:166 - Scheduler started
2024-04-24 15:01:33,138 - apscheduler.scheduler - DEBUG - base.py:940 - Looking for jobs to run
2024-04-24 15:01:33,141 - apscheduler.scheduler - DEBUG - base.py:1016 - No jobs; waiting until a job is added
2024-04-24 15:01:34,151 - klippy - ERROR - klippy.py:154 - Unauthorized
2024-04-24 15:01:34,158 - apscheduler.scheduler - INFO - base.py:166 - Scheduler started
2024-04-24 15:01:34,163 - apscheduler.scheduler - DEBUG - base.py:940 - Looking for jobs to run
2024-04-24 15:01:34,173 - apscheduler.scheduler - DEBUG - base.py:1016 - No jobs; waiting until a job is added
2024-04-24 15:01:34,539 - klippy - DEBUG - klippy.py:249 - JWT token expired, refreshing...
2024-04-24 15:01:34,958 - klippy - ERROR - klippy.py:253 - Unauthorized
2024-04-24 15:01:36,033 - klippy - DEBUG - klippy.py:249 - JWT token expired, refreshing...
2024-04-24 15:01:36,442 - klippy - ERROR - klippy.py:253 - Unauthorized
2024-04-24 15:01:36,448 - klippy - WARNING - klippy.py:485 - Failed adding announcements bot feed.

Unauthorized
2024-04-24 15:01:37,146 - apscheduler.scheduler - INFO - base.py:881 - Added job "WebSocketHelper.reshedule" to job store "default"
2024-04-24 15:01:37,149 - apscheduler.scheduler - DEBUG - base.py:940 - Looking for jobs to run
2024-04-24 15:01:37,153 - apscheduler.scheduler - DEBUG - base.py:1019 - Next wakeup is due at 2024-04-24 15:01:39.144630+03:00 (in 1.992009 seconds)
2024-04-24 15:01:37,183 - websocket_helper - ERROR - websocket_helper.py:80 - Handshake status 401 Unauthorized -+-+- {'server': 'nginx/1.22.1', 'date': 'Wed, 24 Apr 2024 12:01:37 GMT', 'content-type': 'text/html', 'content-length': '179', 'connection': 'keep-alive', 'www-authenticate': 'Basic realm="Go away!"'} -+-+- b'<html>\r\n<head><title>401 Authorization Required</title></head>\r\n<body>\r\n<center><h1>401 Authorization Required</h1></center>\r\n<hr><center>nginx/1.22.1</center>\r\n</body>\r\n</html>\r\n'
2024-04-24 15:01:37,185 - websocket_helper - INFO - websocket_helper.py:73 - WebSocket closed
2024-04-24 15:01:37,187 - __main__ - INFO - main.py:1221 - Exiting! Moonraker connection lost!
2024-04-24 15:01:37,189 - apscheduler.scheduler - INFO - base.py:198 - Scheduler has been shut down

Error due to nginx authorization With a different config, the bot connects to the Moonraker but cannot connect to WebSocket. There need to specify the authorization header

Current Moonraker telegram bot config
[bot]
server = user:password@192.168.0.107
api_token: 5f551389d9c94627ab9c
port = 443
ssl = true
ssl_validate = false
debug = true

2024-04-26 12:47:25,898 - __main__ - ERROR - main.py:1196 - Config errors in section [bot]:
  Protocol must be specified in other configuration parameters

2024-04-26 12:47:25,948 - apscheduler.scheduler - INFO - base.py:166 - Scheduler started
2024-04-26 12:47:25,951 - apscheduler.scheduler - DEBUG - base.py:940 - Looking for jobs to run
2024-04-26 12:47:25,955 - apscheduler.scheduler - DEBUG - base.py:1016 - No jobs; waiting until a job is added
2024-04-26 12:47:27,012 - apscheduler.scheduler - INFO - base.py:166 - Scheduler started
2024-04-26 12:47:27,020 - apscheduler.scheduler - DEBUG - base.py:940 - Looking for jobs to run
2024-04-26 12:47:27,029 - apscheduler.scheduler - DEBUG - base.py:1016 - No jobs; waiting until a job is added
2024-04-26 12:47:29,816 - apscheduler.scheduler - INFO - base.py:881 - Added job "WebSocketHelper.reshedule" to job store "default"
2024-04-26 12:47:29,819 - apscheduler.scheduler - DEBUG - base.py:940 - Looking for jobs to run
2024-04-26 12:47:29,821 - apscheduler.scheduler - DEBUG - base.py:1019 - Next wakeup is due at 2024-04-26 12:47:31.815184+03:00 (in 1.993883 seconds)
2024-04-26 12:47:29,849 - websocket_helper - ERROR - websocket_helper.py:80 - Handshake status 401 Unauthorized -+-+- {'server': 'nginx/1.22.1', 'date': 'Fri, 26 Apr 2024 09:47:29 GMT', 'content-type': 'text/html', 'content-length': '179', 'connection': 'keep-alive', 'www-authenticate': 'Basic realm="Go away!"'} -+-+- b'<html>\r\n<head><title>401 Authorization Required</title></head>\r\n<body>\r\n<center><h1>401 Authorization Required</h1></center>\r\n<hr><center>nginx/1.22.1</center>\r\n</body>\r\n</html>\r\n'
2024-04-26 12:47:29,851 - websocket_helper - INFO - websocket_helper.py:73 - WebSocket closed
2024-04-26 12:47:29,853 - __main__ - INFO - main.py:1221 - Exiting! Moonraker connection lost!
nlef commented 3 months ago

@krawa nginx authorization together with moonraker authorization is not supported at the moment. If there is a need for this (although I don't really understand why there are two authorization options at the same time), then please create a separate ticket. I made a minor fix in parsing json which could lead to problems with authorization.