My bluemix securegateway client installed on linux , gives an error as :
[2017-10-03 04:08:05.791] [DEBUG] (Client ID 16583) The Secure Gateway client will fetch its configuration from https://sgmanager.ng.bluemix.net/sgconfig/[masked]
[2017-10-03 04:09:08.882] [ERROR] (Client ID 16583) The response is code: ETIMEDOUT, message: connect
This was working earlier , but suddenly stopped connecting.
Does the client use curl to get to the above configuration url ?
The SG Client doesn't use curl specifically, but it does make an HTTPS request to sgmanager.ng.bluemix.net as part of the initial connection process. Following this request, a second HTTPS request is made to cap-sg-prd-#.integration.ibmcloud.com:9000 where # is 1-5 depending on the details of your specific gateway.
ETIMEDOUT is typically caused by something like a firewall blocking your requests, so you could use something like telnet to confirm your connectivity. A successful connection should be similar to:
telnet sgmanager.ng.bluemix.net 443
Trying 169.54.245.68...
Connected to ng.bluemix.net.
Escape character is '^]'.
and
telnet cap-sg-prd-1.integration.ibmcloud.com 9000
Trying 169.55.54.176...
Connected to cap-sg-prd-1.integration.ibmcloud.com.
Escape character is '^]'.
Related
I need to explore the traffic from one program.
The program makes something like a connection through the WebSockets.
Fiddler displays this:
Request Headers: CONNECT 144.***:443 HTTP/1.0
Response: HTTP/1.0 200 Connection Established
End empty body.
But the HTTP analyzer displays full information after that response, and that information continues flowing. Very likely like WebSockets (one connection and receive more answers).
And fiddler display zero traffic.
How can I explore such traffic through the fiddler?
A CONNECT call is always the first command a client sends if it uses a Proxy. Translated CONNECT just means: Please start a connection to the following server and that port. Through that connection the real HTP calls are then transmitted. Therefore CONNECT is not a real HTTP
request.
Fiddler does not show the content of CONNECT requests/responses to port 443 endpoints because those connections are HTTPS/TLS protected (hence the shown data would be useless). You need to enable HTTPS decryption and install the Fiddler root CA certificate into the client app/OS to see the decrypted content of those connections.
I am building a Jenkins server on my AWS EC2 instance. After building finish, I want to send email to stakeholder.
I am using STMP with smtp.sendgrid.net in port 587.
But I sometime can not send email. The log from jenkins says
MessagingException message: Could not connect to SMTP host:
smtp.sendgrid.net, port: 587
I access to EC2 instance and telnet to sendgrid. It says:
[hostname#domain ~]$ telnet smtp.sendgrid.net 587
Trying 161.202.148.179...
telnet: connect to address 161.202.148.179: Connection timed out
Trying 161.202.148.182...
telnet: connect to address 161.202.148.182: Connection timed out
Trying 169.38.103.39...
Connected to smtp.sendgrid.net.
Escape character is '^]'.
220 SG ESMTP service ready at ismtpd0004p1maa1.sendgrid.net
I understand that mean I can only access to some ip coming from smtp.sendgrid domain. I am sure to open all outbound rules for EC2. Because the problem happens sometimes, so anyone could give me any suggestion for this situaions.I intend to use IP instead of domain, but it just a workaround, IP can change anytime.
Please help me.
I had a similar issue, if your EC2 outbound rules are opened then you should ensure that you provide SMTP authentication along with your SMTP server and SMTP port and your DNS resolvers are good enough.
Sendgrid expects username and password.
username: it's "apikey", It might have to be encoded in base64 "YXBpa2V5".
password: it's your API Key, get it from Sendgrid and save it here. It might have to be encoded in base64.
I tried base64 encoded and it didn't work, so I tried without the encoding and it worked.
If your problem is not related to the authentication, you could review your DNS resolver, probably the problem would be there.
Error:
[Fiddler] The connection to '<the site>.com' failed.
System.Security.SecurityException Failed to negotiate HTTPS connection with server.fiddler.network.https> HTTPS handshake to <the site>.com (for #3) failed. System.IO.IOException Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host. < An existing connection was forcibly closed by the remote host
I can hit fine in web browser. I do see it is rather strong SSL (FireFox reports it as TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 256 bit keys, TLS 1.2)
Why isn't Fiddler able to make this connection?
Seems that your client didn't try to connect via 1.2
Check: Tools > Fiddler Options > HTTPS
It's set to <client>;ssl3;tls1.0
Add "tls1.2" to the protocols list
Edit:
Refer to the image below for where to find the option:
Here is the scenario:
My kafka server and the zookeeper are running and working fine on the remote server as long as I launch the process on the same remote server.
I don't have any connectivity issues between my local machine and the server. I can ssh and access all other applications on my remote server from my local machine.
When trying to connect a client to the remote zookeeper directly from my local machine I get a connection timeout. Debugging shows that a NoRouteToHost exception is being thrown.
The client logfile contains the following lines:
org.apache.zookeeper.ZooKeeper: Initiating client connection, connectString=remotehost:2181 sessionTimeout=120000
watcher=org.I0Itec.zkclient.ZkClient#62807a4d
org.apache.zookeeper.ClientCnxn: Opening socket connection to server
remotehost/192.13.12.1:2181. Will not attempt to authenticate using
SASL (unknown error)
Note the "remotehost/192.13.12.1:2181". The URL I'm specifying is remotehost:2181. He appears to resolve the hostname to IP correctly and then... slapping a forward slash and the IP on to the URL which looks weird to me. Is this how he should resolve and pass down the URL to the socket?? Or is this the cause of my problem.
Found the issue. The zookeeper listen port was not open to the firewall.
Given a URL that ends with .svc and that is supposed to run a SOAP web service, how can I get some data from it?
I tried:
to access it via a web browser
to access it via the Python's library Zeep
to access it via the Microsoft utilitary svcutil.exe
In all cases, I get a timeout error:
Failed to establish a new connection: [Errno 10060] A connection attempt failed because the connected party did not properly respond after a period of time.
Does it mean that the web service does not work, or that I do things the wrong way?
Importantly - there is a big distinction between "service not active" (and by that I mean no listener on port 80), and "port not open in firewall".
If the problem were simply that you didn't have a service listening on port 80, you would have gotten something like "connection reset" or "connection rejected" as an error.
Instead, you appear to have gotten a timeout, which implies that either the SYN from the client doesn't reach the server, or the SYN/ACK from the server doesn't reach the client. [ You could verify this by doing a packet capture for port 80 on both client and server ]
I would be tempted to check any firewall in front of the server to see that it's letting port 80 traffic through from your client.
Diagnosing Connectivity Issues
Without more details it is difficult to say, but given your timeout error:
Failed to establish a new connection: [Errno 10060] A connection attempt failed because the connected party did not properly respond after a period of time.
This indicates a network connectivity error at the TCP level, so it is likely web service is not active on the port your are using (default of 80 for http, 443 for https).
In a comment you said you pinged the URL and it responded normally - I assume this means you pinged the hostname. If this is responding normally it means the server is active, but that doesn't tell you anything about the availability of the web service on that server.
telnet %hostname% %port%
where %port% is 80 for http or 443 for https, or something else if there is a port number in the URL you are using (e.g. http://somehost.somewhere.com:port/path.scv)
If ping works and telnet does not connect, then the service is not active.
I suspect this is the case. If the service was active and it was simply that you requesting the data incorrectly, I believe you'd get a different error message - e.g. a valid HTTP response with status code 500 or 404 or similar.
Getting Data from a Web Service
As to your original question as to how to get data from it - once you verify that the service is active, the method to get the data will depend on the specification of the service - i.e.:
which HTTP methods (GET, POST, etc.) does it support
what parameters it requires
what format it requires the parameters in
are the parameters in the query string or POST body.
To interact with a web service there are many command line tools that can be used, as well as the options you have tried, including:
POSTMan Google Chrome Plugin
curl
wget
In windows Powershell, the Invoke-WebRequest
Getting Data from a SOAP Web Service
As you have said it is a SOAP web service, if you have the URL for the wsdl, you can often interract with it using Powershell SOAP WebService Proxies.
The wsdl location varies, but is often at a URL that looks something like.
http://host/path.svc?wsdl
http://host/path.svc/?wsdl
http://host/path/?wsdl
Also if it's configured correctly, just loading the URL in a browser will present a page with a link to the wsdl.
The general idea is:
$URI="http://hostname/path.svc?wsdl"
$Proxy = New-WebserviceProxy $URI –Namespace X
$Proxy | get-member -MemberType Method
This will return a list of methods on the proxy that you can invoke as powershell methods. Any types defined in the wsdl that are needed for arguments, or returned from methods will be available within the namespace X. Invoking the methods will proxy the request to the service, taking care of serializing parameters and serializing results into powershell objects.