Getting "Connection refused" on production env

[anko20094]

Hello, I'm trying to start my telegram bot on production env, but it doesn't work... and there is next info:

{
  "ok"     => true,
  "result" => {
    "url"                    => "https://45.90.59.143/telegram/dEIA-wo9AY9O9-pvuRLGVyIIGHU",
    "has_custom_certificate" => false,
    "pending_update_count"   => 1729,
    "last_error_date"        => 1668952513,
    "last_error_message"     => "Connection refused",
    "max_connections"        => 40,
    "ip_address"             => "45.90.59.143"
  }
}

In development when I start it with command bin/rake telegram:bot:poller everything is fine and works.

[printercu]

Do you use self signed certificate? There should be page in the wiki how to set it up.

[anko20094]

Do you use self signed certificate? There should be page in the wiki how to set it up.

Yes, I did. I checked that page and few other issues and tried do as there was described but still doesn't work... I used this command to generate new certificate: openssl req -newkey rsa:2048 -sha256 -nodes -keyout YOURPRIVATE.key -x509 -days 365 -out YOURPUBLIC.pem -subj "/C=US/ST=New York/L=Brooklyn/O=Example Brooklyn Company/CN=45.90.59.143" after I've used this command: rake telegram:bot:set_webhook RAILS_ENV=production Should I do something else?

[printercu]

set_webhook command takes certificate argument in this case. I believe it should be in the wiki.

[anko20094]

Run rake telegram:bot:set_webhook RAILS_ENV=production to update webhook url for all configured bots. Self-signed certificate can be provided with CERT=path/to/cert CERT=path/to/cert - what does it mean?

[printercu]

It's .pem file with a self-signed certificate. You'll also need to configure web server (it depends on your setup: nginx or puma) to use this cert and related pk. See #71 for example.

[mario-amazing]

Have the issue that telegram webhook can't connect to my server with selfsigned cert(no any connections in logs from telegram API). Any ideas?

Configuration: CERT=config/ssl/production/cert.pem

Telegram.bot.get_webhook_info
{"ok"=>true,
 "result"=>
  {"url"=>"https://<IP>/telegram/NY71J1pPAzfGCf90Fc-Ssybo",
   "has_custom_certificate"=>true,
   "pending_update_count"=>1,
   "last_error_date"=>1674396736,
   "last_error_message"=>"Connection timed out",
   "max_connections"=>40,
   "ip_address"=>"<IP>"}}

Rails.application.routes.url_helpers.telegram_webhook_url
=> "https://<IP>/telegram/NY71J1pPAzfGCf90Fc-Ssybo"

Puma started with nginx:

I've tested these configurations: https://core.telegram.org/bots/webhooks https://core.telegram.org/bots/self-signed (part of the previous one) https://github.com/telegram-bot-rb/telegram_bot_app/issues/7#issuecomment-335190839

With postman request on this port I have 200:

[printercu]

It looks like network connectivity issue. It's suggest to try to perform request from different server, try even from different country.

[printercu]

It looks like network connectivity issue. It's suggest to try to perform request from different server, try even from different country.

[mario-amazing]

I tried to make a direct request from my local computer from different countries (using VPN) to the bot server(postman request example above). All this time I got the status 200, and the bot processed this request and sent me a message, as expected.

But the telegram bot webhook doesn't send me any requests, how can I see from nginx logs

[printercu]

This doesn't seem to be related to the gem, and I don't have any debugging ideas on the top of my mind. It should be better to ask on stackoverflow.

[anko20094]

Hi @printercu @mario-amazing May I ask you give me a tip about deploy, please? I've generated SSL for my server's IP by command: openssl req -newkey rsa:2048 -sha256 -nodes -keyout chat_bot.key -x509 -days 365 -out chat_bot.pem -subj "/C=US/ST=New York/L=Brooklyn/O=Example Brooklyn Company/CN=209.38.243.46" and put them into /etc/nginx/

Next I entered into my project and run the command: RAILS_ENV=production bundle exec rake telegram:bot:set_webhook CERT=/etc/nginx/chat_bot.pem

and here's my nginx config(maybe problem is here?):

upstream app {
    # Path to Puma SOCK file, as defined previously
    server unix:///home/root/apps/chat_bot/shared/tmp/sockets/chat_bot-puma.sock;
}

server {
    server_name 209.38.243.46;

    root /home/root/apps/chat_bot/current/public;

    try_files $uri/index.html $uri @app;

    location @app {
        proxy_pass http://app;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_redirect off;
    }

    location /cable {
      proxy_pass http://app/cable;
      proxy_http_version 1.1;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header Host $http_host;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "Upgrade";
    }

    error_page 500 502 503 504 /500.html;
    client_max_body_size 4G;
    keepalive_timeout 10;

    listen 80;
    listen 443 ssl;
    ssl_certificate /etc/nginx/ssl/chat_bot.pem;
    ssl_certificate_key /etc/nginx/ssl/chat_bot.key;
}

also I can see for command sudo tail -f /var/log/nginx/error.log next: 2023/05/16 20:29:38 [error] 90531#90531: *4315 connect() to unix:///home/root/apps/chat_bot/shared/tmp/sockets/chat_bot-puma.sock failed (111: Connection refused) while connecting to upstream, client: 91.108.6.150, server: 209.38.243.46, request: "POST /telegram/Li9aGcAqMoy_29WiAyiVlLZSML0 HTTP/1.1", upstream: "http://unix:///home/root/apps/chat_bot/shared/tmp/sockets/chat_bot-puma.sock:/telegram/Li9aGcAqMoy_29WiAyiVlLZSML0", host: "209.38.243.46"

And looks like server doesn't work... can you see any incorects acts here?

[printercu]

What is in rails log? There should be a line saying what address it's listening.

[anko20094]

So, I haven't any logs in log/production.log due to failed puma start(RVM path problem). So now it works like charm. Thanks a lot!