Error with proxy: Cannot generate ID, because request_handler is not writable #289
Comments
|
Hi Jaume, you have to make sure, that this auth header is passed to
websocket connection as well
Otherwise Script server fails to identify the user
Jaume <notifications@github.com> schrieb am So., 5. Apr. 2020, 07:08:
… Im trying to set the script-server behind a tornado proxy, following the
documentation my conf file looks like this:
{
"port": 5000,
"address": "0.0.0.0",
"title": "My Script Server",
"access": {
"allowed_users": "*",
"admin_users": [ "me" ],
"user_header_name": "X-Forwarded-User",
"trusted_ips": "*"
},
"logging": {
"execution_file": "$DATE-$ID-$USERNAME.log",
"execution_date_format": "%y-%m-%d_%H-%M"
}
}
i'm setting the header "X-Forwarded-User" in all http requests with the
value "me"
but im receiving this error:
Traceback (most recent call last):
File "/usr/local/lib/python3.6/site-packages/tornado/websocket.py", line 956, in _accept_connection
open_result = handler.open(*handler.open_args, **handler.open_kwargs)
File "src/web/server.py", line 98, in wrapper
access_allowed = authenticated and authorizer.is_allowed_in_app(_identify_user(self))
File "src/web/server.py", line 810, in _identify_user
user_id = request_handler.application.identification.identify(request_handler)
File "src/auth/identification.py", line 62, in identify
raise Exception('Cannot generate ID, because request_handler is not writable')
Exception: Cannot generate ID, because request_handler is not writable
from tornado im proxing the websocket connections, hence i create a
connection between client and tornado and from tornado and scriptserver. I
have tried it from local with default conf.json and works perfectly but
trying to access from server with the conf.json of above gives the error.
The problem comes when trying to create the websocket connection from
tornado proxy to script-server.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#289>, or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAJXPJJ5QANB5SD6VGAELPTRLAG4NANCNFSM4MAB26PA>
.
|
|
Mmmm now that i have checked the logs more carefully i realised that each request is logged like:
If i would be executing the proxy auth configuration correctly in user_id i should see the value of my header, correct? |
|
Exactly. But this log comes exactly from the same place, where you see the WebSocket error (Script server tries to assign a new ID to the user, but it's not possible for a websocket connection). |
|
I found the problem: Now my problem is that the ip of the proxy is not static because is inside of a kubernetes pod meaning that each time the pod is reloaded a new static ip is assigned, however i can access the pod using dns "myproxy" like in Is there any form for use the proxy auth without set ip? or use the dns ? |
|
Hi @oktorok , unfortunately it's not possible at the moment. But if you know Python and a bit of tornado, you can implement it :) Check this file: |
|
I have added: And worked perfectly. I know that tornado has a module named Thank you so much for your help |
Im trying to set the script-server behind a tornado proxy, following the documentation my conf file looks like this:
i'm setting the header "X-Forwarded-User" in all http requests with the value "me"
but im receiving this error:
from tornado im proxing the websocket connections, hence i create a connection between client and tornado and from tornado and scriptserver. I have tried it from local with default conf.json and works perfectly but trying to access from server with the conf.json of above gives the error.
The problem comes when trying to create the websocket connection from tornado proxy to script-server.
The text was updated successfully, but these errors were encountered: