search

saltyrtc / saltyrtc-server-python

SaltyRTC signalling server implementation.
MIT License
59 stars 13 forks source link

Public server down - 502 Bad Gateway #121

Closed loredanacirstea closed 3 years ago

loredanacirstea commented 3 years ago

I was trying the web part of https://github.com/saltyrtc/saltyrtc-demo, configured with your public saltyrtc server.

saltyrtc-client.es5.js:1383 WebSocket connection to 'wss://server.saltyrtc.org/424280166304526b4a2874a2270d091071fcc5c98959f7d4718715626df26204' failed: Error during WebSocket handshake: Unexpected response code: 502
lgrahl commented 3 years ago

Probably a victim of a Python upgrade. I'll take a look at it.

lgrahl commented 3 years ago

Should be up again. Thanks for reporting! And I'll need to add a services check to my update script.

loredanacirstea commented 3 years ago

Was it a Python upgrade issue? What version of Python did you use?

I am trying to set up the SaltyRTC server on Ubuntu 20.04, python 3.7.2, but I keep getting SSL handshake failed when the client tries to connect to the server. I do have a setup with Certbot SSL certificates and Nginx proxying websocket requests. Probably the fault of my Nginx config, but I wanted to rule out something python-related

> saltyrtc-server -v7 serve -p 8765 -tc /etc/letsencrypt/live/<domain>/fullchain.pem -tk /etc/letsencrypt/live/<domain>/privkey.pem -k /root/salty/permanent_key

[...logs]

[2021-02-05 17:05:31.860461] ERROR: asyncio: SSL handshake failed
handle_traceback: Handle created at (most recent call last):
  File "/root/salty/env37/lib/python3.7/site-packages/click/core.py", line 1066, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/root/salty/env37/lib/python3.7/site-packages/click/core.py", line 610, in invoke
    return callback(*args, **kwargs)
  File "/root/salty/env37/lib/python3.7/site-packages/click/decorators.py", line 21, in new_func
    return f(get_current_context(), *args, **kwargs)
  File "/root/salty/env37/lib/python3.7/site-packages/saltyrtc/server/bin.py", line 264, in serve
    loop.run_until_complete(restart_signal)
  File "/root/.pyenv/versions/3.7.2/lib/python3.7/asyncio/base_events.py", line 571, in run_until_complete
    self.run_forever()
  File "/root/.pyenv/versions/3.7.2/lib/python3.7/asyncio/base_events.py", line 539, in run_forever
    self._run_once()
  File "/root/.pyenv/versions/3.7.2/lib/python3.7/asyncio/base_events.py", line 1767, in _run_once
    handle._run()
  File "/root/.pyenv/versions/3.7.2/lib/python3.7/asyncio/events.py", line 88, in _run
    self._context.run(self._callback, *self._args)
  File "/root/.pyenv/versions/3.7.2/lib/python3.7/asyncio/selector_events.py", line 705, in _add_reader
    self._loop._add_reader(fd, callback, *args)
  File "/root/.pyenv/versions/3.7.2/lib/python3.7/asyncio/selector_events.py", line 249, in _add_reader
    handle = events.Handle(callback, args, self, None)
protocol: <asyncio.sslproto.SSLProtocol object at 0x7f8e61f47d68>
transport: <_SelectorSocketTransport fd=8 read=polling write=<idle, bufsize=0>>
Traceback (most recent call last):
  File "/root/.pyenv/versions/3.7.2/lib/python3.7/asyncio/sslproto.py", line 625, in _on_handshake_complete
    raise handshake_exc
  File "/root/.pyenv/versions/3.7.2/lib/python3.7/asyncio/sslproto.py", line 189, in feed_ssldata
    self._sslobj.do_handshake()
  File "/root/.pyenv/versions/3.7.2/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: HTTP_REQUEST] http request (_ssl.c:1056)
[2021-02-05 17:05:31.866322] ERROR: asyncio: SSL error in data received
handle_traceback: Handle created at (most recent call last):
  File "/root/salty/env37/lib/python3.7/site-packages/click/core.py", line 1066, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/root/salty/env37/lib/python3.7/site-packages/click/core.py", line 610, in invoke
    return callback(*args, **kwargs)
  File "/root/salty/env37/lib/python3.7/site-packages/click/decorators.py", line 21, in new_func
    return f(get_current_context(), *args, **kwargs)
  File "/root/salty/env37/lib/python3.7/site-packages/saltyrtc/server/bin.py", line 264, in serve
    loop.run_until_complete(restart_signal)
  File "/root/.pyenv/versions/3.7.2/lib/python3.7/asyncio/base_events.py", line 571, in run_until_complete
    self.run_forever()
  File "/root/.pyenv/versions/3.7.2/lib/python3.7/asyncio/base_events.py", line 539, in run_forever
    self._run_once()
  File "/root/.pyenv/versions/3.7.2/lib/python3.7/asyncio/base_events.py", line 1767, in _run_once
    handle._run()
  File "/root/.pyenv/versions/3.7.2/lib/python3.7/asyncio/events.py", line 88, in _run
    self._context.run(self._callback, *self._args)
  File "/root/.pyenv/versions/3.7.2/lib/python3.7/asyncio/selector_events.py", line 705, in _add_reader
    self._loop._add_reader(fd, callback, *args)
  File "/root/.pyenv/versions/3.7.2/lib/python3.7/asyncio/selector_events.py", line 249, in _add_reader
    handle = events.Handle(callback, args, self, None)
protocol: <asyncio.sslproto.SSLProtocol object at 0x7f8e61f47d68>
transport: <_SelectorSocketTransport closing fd=8 read=idle write=<idle, bufsize=0>>
Traceback (most recent call last):
  File "/root/.pyenv/versions/3.7.2/lib/python3.7/asyncio/sslproto.py", line 526, in data_received
    ssldata, appdata = self._sslpipe.feed_ssldata(data)
  File "/root/.pyenv/versions/3.7.2/lib/python3.7/asyncio/sslproto.py", line 189, in feed_ssldata
    self._sslobj.do_handshake()
  File "/root/.pyenv/versions/3.7.2/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: HTTP_REQUEST] http request (_ssl.c:1056)
lgrahl commented 3 years ago

The server upgraded to 3.9 and the venv just wasn't usable anymore.

But terminating TLS in Python can be a bit quirky. You can terminate TLS in Nginx and then forward which should be both faster and safer (if you make sure the SaltyRTC server is only reachable via localhost or use a UNIX socket).

    server {
        listen <...>;
        server_name <...>;

        # Certificates
        ssl_certificate <...>;
        ssl_certificate_key <...>;

        location / {
            proxy_pass <http://127.0.0.1:saltyrtc-port or unix://...>;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection $connection_upgrade;
            proxy_read_timeout 5m;
        }
    }
loredanacirstea commented 3 years ago

My config was equivalent to the above. Turns out that running with SALTYRTC_SAFETY_OFF='yes-and-i-know-what-im-doing' saltyrtc-server -v7 -c serve -p 8765 -k /root/salty/permanent_key works fine, so the nginx config is good. The issue is with the certificate files.

Update: solved. I should have used https in proxy_pass https://websocket; instead of proxy_pass http://websocket;. (Thanks for the help!)