Closed bctoh closed 6 years ago
Do you use self-signed cert?
secrets.yml
on heroku should have at least production
section with configuration for bot. I usually don't commit secrets.yml
to repo and copy one with production values to server. I've seen that usually envvars are used for configuring rails apps on heroku: https://12factor.net/
I remember there was other issue about deploying to heroku, either in this repo or in example app. Please search for "heroku" in issues, it may help.
Yeah, I took a look at other issues. This one seems to give me the most information but I think I'm stuck a little before the issue opener.
I get this information when I run Telegram.bot.get_webhook_info
in production:
"has_custom_certificate" => false,
"pending_update_count" => 3,
"last_error_date" => 1528781605,
"last_error_message" => "Connection timed out",
"max_connections" => 40
Which means you're right about the self-signed cert part of it as it doesn't register a custom certificate. My url looks right => https://domain.com/telegram/token
so I believe the secrets.yml configuration on my prod is fine.
How would I get a self-signed cert on? Do I just run this in prod openssl req -newkey rsa:2048 -sha256 -nodes -keyout YOURPRIVATE.key -x509 -days 365 -out YOURPUBLIC.pem -subj "/C=US/ST=New York/L=Brooklyn/O=Example Brooklyn Company/CN=YOURDOMAIN.EXAMPLE"
?
Please see this https://github.com/telegram-bot-rb/telegram_bot_app/issues/7#issuecomment-335190839 and the whole issue, we have found some not evident points in using self-signed certs.
Here is other issue https://github.com/telegram-bot-rb/telegram-bot/issues/71 that may help.
Ah, I've just noticed that you pointed to same issue :) Does the comment I've pointed to helps?
I've managed to do the following:
rails telegram:bot:set_webhook CERT=jc.pem
on prodand when I check Telegram.bot.get_webhook_info
I get this:
"has_custom_certificate" => true,
"pending_update_count" => 4,
"last_error_date" => 1528795275,
"last_error_message" => "Connection timed out",
"max_connections" => 40
So there is some progress as now it recognises the custom cert. But I'm getting the same error which is Connection timed out
🤔not sure what to do here. Do I need a port for my url? Currently it's just https://domain.com/telegram/token
When i change the routes.default_url_options
host and regenerate the self signed cert with the heroku dns domain https://www.domain.com.herokudns.com/
, I get this error instead of 'Connection timed out' -> SSL error {336151608, error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error}
🤔
Does requesting webhook url with curl works? There should be example in that issue.
I think changing the url to herokudns was completely wrong. I get this error using your curl -X POST
command: curl: (35) error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error
After changing the url back, I get this error curl: (7) Failed to connect to %domain%.com port 443: Operation timed out
Any idea what indication that gives?
Please check curl commands from that issue. There is -k flag, maybe it disables cert verification. There are also screenshots of how i've checked cert details
I have included the -k flag and got the curl: (7) Failed to connect to %domain%.com port 443: Operation timed out
error . My cert is valid and not expired. My logs also don't show any requests from telegram. It failed to connect.
I did your curl -F ...
command as well and got this message {"ok":true,"result":true,"description":"Webhook was set"}
so I'm quite clueless as to how to fix this
It looks like server is not running on 443. It may appear that you run http instead of https, this can be checked by curl'ing http. Or firewall may be not configured.
curl'ing http shows a http 301 Moved Permanently message and shows the correct location with https.
Am I supposed to define the port to use here routes.default_url_options
?
You reckon I'd have to provide the SSL key to rails like this guy's solution? https://github.com/telegram-bot-rb/telegram-bot/issues/71#issuecomment-380256766
Sure. Did you follow every step from https://github.com/telegram-bot-rb/telegram_bot_app/issues/7#issuecomment-335190839 ? There is the similar line on the last step.
If you have a domain name, isn't it better and easier to get free letsencrypt cert?
Sure. Did you follow every step from telegram-bot-rb/telegram_bot_app#7 (comment) ? There is the similar line on the last step.
I didn't run the last line. Do I run that in production console?
If you have a domain name, isn't it better and easier to get free letsencrypt cert?
I got a free letsencrypt cert initially, which heroku provides automatically when paid for, but it wasn't working so I thought I had to do a self signed. Now looking back at your instructions, I realised I didn't need to have a self signed 😖 I'm back to using the free cert but it doesn't change a thing
Do I run that in production console?
This is the command to start server with. I have not used heroku too much, and don't know how to set custom server command. Quick googling gives this options: https://devcenter.heroku.com/articles/deploying-rails-applications-with-the-puma-web-server#adding-puma-to-your-application - how to use puma config file on heroku, https://gist.github.com/tadast/9932075#gistcomment-2004730 - how to configure puma to use cert.
Here is how to set custom server command: https://devcenter.heroku.com/articles/deploying-rails-applications-with-the-puma-web-server#adding-puma-to-your-application
This way you can use the command from that comment with -b ssl://....
Solved: endpoint can't be root domain. Has to include www.
For those who struggles with deployment. You don't need to pass certificate when you set webhook if you use https.
For those that want to host their telegram-bot on render.com this was my solution:
Use the following curl
curl -F "url=https://www.#{my_domain}/telegram/#{unique_string_which_does_route_to_controller}" https://api.telegram.org/bot#{bot_id}:#{bot_token}/setWebhook
The www. is the most important aspect, as without www. it did not work for me.
I've followed the deployment instructions but am not able to get the bot working. On local, it's fine but on prod I may need some guidance. This is what I've done:
production.rb
rails telegram:bot:set_webhook RAILS_ENV=production
on both local and herokuAm I supposed to transfer
secrets.yml
telegram configs to config vars on heroku? If that's the case, does the heroku config vars key look liketelegram:bot:token
?Any help appreciated!