Need help to get webhooks working on production (heroku)

[bctoh]

I've followed the deployment instructions but am not able to get the bot working. On local, it's fine but on prod I may need some guidance. This is what I've done:

• forced ssl across app
• set up domain in production.rb
• deploy on heroku
• run rails telegram:bot:set_webhook RAILS_ENV=production on both local and heroku

Am I supposed to transfer secrets.yml telegram configs to config vars on heroku? If that's the case, does the heroku config vars key look like telegram:bot:token?

Any help appreciated!

[printercu]

Do you use self-signed cert?

secrets.yml on heroku should have at least production section with configuration for bot. I usually don't commit secrets.yml to repo and copy one with production values to server. I've seen that usually envvars are used for configuring rails apps on heroku: https://12factor.net/

I remember there was other issue about deploying to heroku, either in this repo or in example app. Please search for "heroku" in issues, it may help.

[bctoh]

Yeah, I took a look at other issues. This one seems to give me the most information but I think I'm stuck a little before the issue opener.

I get this information when I run Telegram.bot.get_webhook_info in production:

"has_custom_certificate" => false,
      "pending_update_count" => 3,
           "last_error_date" => 1528781605,
        "last_error_message" => "Connection timed out",
           "max_connections" => 40

Which means you're right about the self-signed cert part of it as it doesn't register a custom certificate. My url looks right => https://domain.com/telegram/token so I believe the secrets.yml configuration on my prod is fine.

How would I get a self-signed cert on? Do I just run this in prod openssl req -newkey rsa:2048 -sha256 -nodes -keyout YOURPRIVATE.key -x509 -days 365 -out YOURPUBLIC.pem -subj "/C=US/ST=New York/L=Brooklyn/O=Example Brooklyn Company/CN=YOURDOMAIN.EXAMPLE"?

[printercu]

Please see this https://github.com/telegram-bot-rb/telegram_bot_app/issues/7#issuecomment-335190839 and the whole issue, we have found some not evident points in using self-signed certs.

Here is other issue https://github.com/telegram-bot-rb/telegram-bot/issues/71 that may help.

[printercu]

Ah, I've just noticed that you pointed to same issue :) Does the comment I've pointed to helps?

[bctoh]

I've managed to do the following:

• generate the self signed cert
• run rails telegram:bot:set_webhook CERT=jc.pem on prod

and when I check Telegram.bot.get_webhook_info I get this:

"has_custom_certificate" => true,
      "pending_update_count" => 4,
           "last_error_date" => 1528795275,
        "last_error_message" => "Connection timed out",
           "max_connections" => 40

So there is some progress as now it recognises the custom cert. But I'm getting the same error which is Connection timed out 🤔not sure what to do here. Do I need a port for my url? Currently it's just https://domain.com/telegram/token

[bctoh]

When i change the routes.default_url_options host and regenerate the self signed cert with the heroku dns domain https://www.domain.com.herokudns.com/, I get this error instead of 'Connection timed out' -> SSL error {336151608, error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error} 🤔

[printercu]

Does requesting webhook url with curl works? There should be example in that issue.

[bctoh]

I think changing the url to herokudns was completely wrong. I get this error using your curl -X POST command: curl: (35) error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error

After changing the url back, I get this error curl: (7) Failed to connect to %domain%.com port 443: Operation timed out Any idea what indication that gives?

[printercu]

Please check curl commands from that issue. There is -k flag, maybe it disables cert verification. There are also screenshots of how i've checked cert details

[bctoh]

I have included the -k flag and got the curl: (7) Failed to connect to %domain%.com port 443: Operation timed out error . My cert is valid and not expired. My logs also don't show any requests from telegram. It failed to connect.

I did your curl -F ... command as well and got this message {"ok":true,"result":true,"description":"Webhook was set"} so I'm quite clueless as to how to fix this

[printercu]

It looks like server is not running on 443. It may appear that you run http instead of https, this can be checked by curl'ing http. Or firewall may be not configured.

[bctoh]

curl'ing http shows a http 301 Moved Permanently message and shows the correct location with https.

Am I supposed to define the port to use here routes.default_url_options?

[bctoh]

You reckon I'd have to provide the SSL key to rails like this guy's solution? https://github.com/telegram-bot-rb/telegram-bot/issues/71#issuecomment-380256766

[printercu]

Sure. Did you follow every step from https://github.com/telegram-bot-rb/telegram_bot_app/issues/7#issuecomment-335190839 ? There is the similar line on the last step.

[printercu]

If you have a domain name, isn't it better and easier to get free letsencrypt cert?

[bctoh]

Sure. Did you follow every step from telegram-bot-rb/telegram_bot_app#7 (comment) ? There is the similar line on the last step.

I didn't run the last line. Do I run that in production console?

If you have a domain name, isn't it better and easier to get free letsencrypt cert?

I got a free letsencrypt cert initially, which heroku provides automatically when paid for, but it wasn't working so I thought I had to do a self signed. Now looking back at your instructions, I realised I didn't need to have a self signed 😖 I'm back to using the free cert but it doesn't change a thing

[printercu]

Do I run that in production console?

This is the command to start server with. I have not used heroku too much, and don't know how to set custom server command. Quick googling gives this options: https://devcenter.heroku.com/articles/deploying-rails-applications-with-the-puma-web-server#adding-puma-to-your-application - how to use puma config file on heroku, https://gist.github.com/tadast/9932075#gistcomment-2004730 - how to configure puma to use cert.

[printercu]

Here is how to set custom server command: https://devcenter.heroku.com/articles/deploying-rails-applications-with-the-puma-web-server#adding-puma-to-your-application

This way you can use the command from that comment with -b ssl://....

[bctoh]

Solved: endpoint can't be root domain. Has to include www.

[anaumov]

For those who struggles with deployment. You don't need to pass certificate when you set webhook if you use https.

[gmverdon]

For those that want to host their telegram-bot on render.com this was my solution:

Use the following curl curl -F "url=https://www.#{my_domain}/telegram/#{unique_string_which_does_route_to_controller}" https://api.telegram.org/bot#{bot_id}:#{bot_token}/setWebhook

The www. is the most important aspect, as without www. it did not work for me.