SSL certificate / HTTPS issue using Thin rack ruby server
450 views
Skip to first unread message
Giorgio Robino
Nov 22, 2015, 11:45:35 AM11/22/15
to thin-ruby
I have some troubles using Thin rack Ruby server (https://github.com/macournoyer/thin) to receice HTTPS webhooks.
Maybe that's not exactly a problem related specifically to Thin but to SSL certificates configuration.
I'd like to manage incoming HTTPS connections (webhooks: Telegram.org server call my Thin (sinatra/rack) app, sending messages updates through webhooks)
Step 1. I created a SSL KEY and PEM files self-signed certificate, as described here: https://core.telegram.org/bots/self-signed
openssl req -newkey rsa:2048 -sha256 -nodes -keyout YOURPRIVATE.key -x509 -days 365 -out
YOURPUBLIC.pem -subj "/C=US/ST=New York/L=Brooklyn/O=Example Brooklyn Company/CN=YOURDOMAIN.EXAMPLE"
Step 2. I call Telegram Server Bot API to receive webhooks at a specified HTTPS host/path, as described here: https://core.telegram.org/bots/api#setwebhook
API endpoint return success.
Step 3. I run Thin with these parameters:
bundle exec thin start --ssl --ssl-key-file ~/.ssl/YOURPRIVATE.key --ssl-cert-file ~/.ssl/YOURPUBLIC.pem --rackup /myhome/handyBOTS/rackup/handler.ru --address xxx.xxx.xxx.xxx --port 8443 --environment production
Thin web server (v1.6.4 codename Gob Bluth)
...
...
...
I have troubles in runt-time:
I see Telegram remote server call the Thin sever webhooks, but Thin complain with laconic:
<SSL_incomp><SSL_incomp><SSL_incomp><SSL_incomp><SSL_incomp><SSL_incomp><SSL_incomp><SSL_incomp><SSL_incomp><SSL_incomp><SSL_incomp><SSL_incomp><SSL_incomp><SSL_incomp>
So I'm confident that Thin server receives calls from remote Telegram Server but it doesn't process requestes.
I presume that's some SSL configuration incongruence.
Any idea ?
My specific question is:
**Which is the CRT file format Thin expects ?**
It's correct to pass to Thin the PEM file with this command line parameter `--ssl-cert-file ~/.ssl/YOURPUBLIC.pem` ?
Thanks
giorgio
Maybe that's not exactly a problem related specifically to Thin but to SSL certificates configuration.
I'd like to manage incoming HTTPS connections (webhooks: Telegram.org server call my Thin (sinatra/rack) app, sending messages updates through webhooks)
Step 1. I created a SSL KEY and PEM files self-signed certificate, as described here: https://core.telegram.org/bots/self-signed
openssl req -newkey rsa:2048 -sha256 -nodes -keyout YOURPRIVATE.key -x509 -days 365 -out
YOURPUBLIC.pem -subj "/C=US/ST=New York/L=Brooklyn/O=Example Brooklyn Company/CN=YOURDOMAIN.EXAMPLE"
Step 2. I call Telegram Server Bot API to receive webhooks at a specified HTTPS host/path, as described here: https://core.telegram.org/bots/api#setwebhook
API endpoint return success.
Step 3. I run Thin with these parameters:
bundle exec thin start --ssl --ssl-key-file ~/.ssl/YOURPRIVATE.key --ssl-cert-file ~/.ssl/YOURPUBLIC.pem --rackup /myhome/handyBOTS/rackup/handler.ru --address xxx.xxx.xxx.xxx --port 8443 --environment production
Thin web server (v1.6.4 codename Gob Bluth)
...
...
...
I have troubles in runt-time:
I see Telegram remote server call the Thin sever webhooks, but Thin complain with laconic:
<SSL_incomp><SSL_incomp><SSL_incomp><SSL_incomp><SSL_incomp><SSL_incomp><SSL_incomp><SSL_incomp><SSL_incomp><SSL_incomp><SSL_incomp><SSL_incomp><SSL_incomp><SSL_incomp>
So I'm confident that Thin server receives calls from remote Telegram Server but it doesn't process requestes.
I presume that's some SSL configuration incongruence.
Any idea ?
My specific question is:
**Which is the CRT file format Thin expects ?**
It's correct to pass to Thin the PEM file with this command line parameter `--ssl-cert-file ~/.ssl/YOURPUBLIC.pem` ?
Thanks
giorgio
Marko Tišler
Dec 25, 2015, 7:36:16 AM12/25/15
to thin-ruby
I am having the same issues. GET request from browsers work fine and HTTPS with Thin generally works. I can even call the webhooks with CURL if I ignore the self-signed cert.. I am thinking this may be an issue due to using a self-signed certificate but I do not know how to continue troubleshooting further.
Did you get anywhere with this?
Cheers,
Marko
Giorgio Robino
Dec 25, 2015, 2:00:10 PM12/25/15
to thin-ruby
Hi Marko
see:
http://stackoverflow.com/a/34023523/1786393
https://github.com/macournoyer/thin/issues/290
I hope this help
giorgio
see:
http://stackoverflow.com/a/34023523/1786393
https://github.com/macournoyer/thin/issues/290
I hope this help
giorgio
Marko Tišler
Dec 29, 2015, 8:35:06 AM12/29/15
to thin-ruby
Thanks Giorgio,
putting nginx in front worked like a charm for my SSL issues.
Best,
Marko
Reply all
Reply to author
Forward
0 new messages