Recently, I was trying to build a bot for myself. It works flawlessly when I'm using ngrok to test my bot locally, but when I deployed to AWS, I started seeing the error captured below occasionally, and causing no webhook request sent to my server from Facebook. I have no idea what could possibly go wrong. I have check the request going to my server with tcpflow as well, but there's no luck, it seems like Facebook just didn't send that particular request to my server. This is a really weird problem that happens in no particular point of my bot conversation flow. I always need to repeat my answer or my postback in order to get it to work.
Some basic server info (don't know if this matters) :
Availability zone: ap-southeast-1b
Type: t2.micro
CPU usage (at that moment): 4%
I would really appreciated if anyone could solve my mystery. Thanks.
FYI, I have reported this to Facebook: https://developers.facebook.com/bugs/1825253057751227
Your webhook server has to work over valid https (not self signed).
My advice - add https to webhook server, using cloudflare service (it`s free), or get a free valid certificate using letsencrypt
If your error is occasional, I would recommend moving your instance size up from Micro, to at least Medium or Large and make it a Dedicated instance. The resources required to run the letsencrypt client, combined with your bot traffic and noisy neighbors might overcome a shared micro instance.
Related
So there's a few things I'm confused about with connecting a frontend to a backend part of a website, and I can't seem to find anything online about it.
Say you have a backend API, which if you had a endpoint which deletes a user, for if they want their account deleted, then what's stopping an attacker from just pinging the end point with a user ID and then it'll delete the user? I've heard that you can use like a password or something similar to stop fake attacks, but what's stopping somebody from just looking through the source code to find the code that is sent along with the request? Do you just use a user ID that would be hard to guess? But if so, why couldn't they just brute force user ID's?
Should the backend be run on the same domain as the frontend? Should you just have to use https://example.com:3000, or should you have to use the ip of the server and send data to https://000.000.000.00:3000?
Any help would be appreciated. I don't know that much about full stack development since I'm just now starting to learn, however what people say seems to be a really insecure way of doing it.
1 - You can safe your backend with a JWT signed by User/Password to ensure that only signed users are calling to your API BACKEND, in your server you can use a service of DDOS and a Firewall to avoid this kind of attack.
2 - a Backend/Frontend of a website can be anywhere in web separated or not, in a home computer or in a cloud service, you must ensure that your Frontend can reach your backend wherever it is. Ofcourse you can do it in a single webserver, and its better for many reasons, such as process of deploy, performance of the website and safety.
and you can always learn more in documentations.
https://laravel.com/docs/9.x/csrf
There are a csrf token stops unauthorized requests from passing .
a good example in Laravel Documentation
I hope it was useful !
I am working on a video/audio chat application in React and Django using Mesibo Javascript SDK.
It is working locally on the same network but when trying to connect through different networks, Firefox browser gives me this error
WebRTC: ICE failed, add a TURN server and see about:webrtc for more
details.
In Chrome, this error doesn't show up but still the video/audio chat is not working and gives me
Mesibo_OnCallStatus: 50.
I noticed that Mesibo uses stun:stun.l.google.com:19302 as the STUN server and tried changing it to stun:stun.l.google.com:19305 but of no use. I even created a numb.viagenie.ca account to add a TURN server which worked for a few minutes and then gave this error
webrtc: ice failed, your turn server appears to be broken.
When checked on https://webrtc.github.io/samples/src/content/peerconnection/trickle-ice/, chrome is giving error code:701 for all the above turn/stun servers whereas firefox doesn't.
As suggested by Mesibo Documentation, my website is fully secure with https and the Rest APIs are called from Django backend. I'm invoking https://api.mesibo.com/mesibo.js as a script tag in the index.html file in react. I'm also able to successfully get
Mesibo_OnConnectionStatus=1
and the incoming call notification is also working. Upon answering the call, the call status changes from 3 to 5 and gives this webrtc error after sometime without any video/audio rendered.
Please suggest any hint/solution.
To Enable webrtc for remote calling you need your own trun server.
Google don't provide free trun server.
Free Turn Servers are will not work well in production. Well Fell Free to try Your Luck on Them. Not All Are borken
You Need to create Your Own on Cloud like DigitalOcean,AWS.
Or For Tetsing purpose I have a Trick
Soloution.
If Your Doing the testing
Probably you can try to use some Google TURN servers that they use here
https://test.webrtc.org/, I just checked for browser console and found this:
enter image description here
Not Sure About LifeTime. But you will get that.
For Production I will suggest to used DigitalOcean 5$ plan which is very chip.
And you install your own TURN server using coturn on it
If you want You can also use
Node-turn
which is great for node backend.
There is also heroku option of setup
I don't know is there any django or python option.
(tip: try your to build turn server on hosting server. Make sure the port on which server is running is open)
I am trying to implement video calls into an existing ionic 3 project for one of our clients, I have used the google code lab as a boiler plate code for sending the offer and answer via Firebase real time data base.
This you probably heard(read) before: "my webRTC doesn't work in external network" and the answer would be that:
Use your own STUN server and don't rely on free stun servers like google.
Use TURN server for backup on failed stun attempts.
Understand webRTC before you implement it.
What I want to ask is the following:
In my current setup (using a free google stun server) testing with two different networks , I am seeing remote candidates with typ srflx, I am also seeing typ host but since it is different networks so it holds no interest for me, and obviously no relay as there is no TURN server. I also see that I am providing local candidates with srflx, does this means that my setup should have been enough to establish a connection? I have spent some time trying to figure this one out and I have found a lot of info in this blogpost, but I wasn't able to fully debug the situation.
Suppose we would like to implement our own TURN/STUN setup, our calls are going to be almost entirely in the same country so we won't need multiple servers. Would anyone have an estimation for the following:
1.How much data per minute would entail one video call (ballpark)?
2.Our client likes google cloud services for his project, How much would it cost to spin a TURN server for this project on google cloud platform (again just a ballpark)? is there any idea on the best setup (I was thinking coturn and was looking on this google coturn implementation)?
Thank you all.
Edit:
After some more digging, I realized that one of the different networks I was testing was sitting behind a symmetric nat, a nice jsfiddle for testing what kind of nat you have I found in this blog post.
In the case of a symmetric nat the iceCandidate received is not suitable for connection and you have to have a TURN server.
So I guess that takes care of the 1st part. Any additional data on the 2nd part would be appreciated.
OK so after all this digging I guess I can agree with the 3rd notation (and no I still don't fully get it not even close), if this might help anyone I will share my experience.
I was brought into a project (ionic 3) and was told to find and implement a video chat. We chose webRTC. webRTC as far as I know is the only widespread opensource option. In our country a huge number of cellular users are behind symmetric nat so p2p with them won't work. I tested a twilio TURN service and immediately everything started to work. The rough numbers for a basic call would be around 1.5Mb per minute. Thank you for anyone who stumbled upon this and tried to figure out if he can help.
I have built a websocket in C++ (using boost::beast).
It is going to serve a website (client) with a JSON string if requested.
When designing my setup I made a disastrous mistake: I forgot that the client web browser (that is running on a separate device from the server) will not know the IP address of the server. It will know the port that the server is listening on.
I should specify: Both (server and client) are running in a local network.
So I have two clumsy ideas to resolve this. I would be very happy to hear your input – I am sure there will be a more elegant way to fix my problem.
Send some kind of broadcast message “Very specific string” into the network. My server will know that it is been looked for and will respond with its IP, so that the connection can be established.
This post seems to indicate that this approach will not be possible.
Have the user input the (known) IP address of the device that is running the server. I would really like to avoid this last resort solution.
Unfortunately, I cannot run node.js on the device that is hosting the websocket server.
I might not be understanding the problem. Why aren't you capable of knowing the IP of the server? Is it due because it changes? Is it because it's a server you don't know?
Maybe the solution is not about finding the IP rather than knowing beforehand the server IP address.
I could recommend checking out this post to find out the IP address in your local network. If you at least know the servername of the server that could be helpful.
#E.Soria
Thank you for your answer! I was not precise enough.
The problem was, that the server is running on a device that is going to be part of our customer’s network. The customer will define the IP address for the device, which means that I need some way of getting the address of the server.
But I might have found another solution (as you might already be able to tell I am very new to networking, so this just may be wrong): I will host the website on the same device that is hosting the server and supplying the data. Then I can just establish a websocket connection through javascript like this: let socket = new WebSocket(ws://127.0.0.1:8080); and have the website read data from the server. This seems to be very straightforward and I am a little embarrassed that I did not think of this before.
I just had not really understood how the internet works :) As long as the user who wants to see the website knows where it is hosted, he/she can just connect to the website and will see anything that I put on there.
I am having trouble with certificate when using websocket (WSS://).
What is working
For now, I've been using websocket with WEB_SOCKET_FORCE_FLASH = true and I had no issues with connecting to my websocket server.
What is not working
I am trying to turn that option off, to stop using flash plugin for connecting. Problem occurs when i try to connect my websocket client to server. WebSocket opening handshake was canceled message appears.
I can disable this message, by going to https://127.0.0.1:9999. My browser will show that "This Connection is Untrusted", and if I add an exception here, my websocket connection will start working without any problem from now on. But i CAN'T make every end user to do that, right?
Google groups with this idea
What I need?
Is there any way, to buy, or create some self-signed certificate, which I can use? The problem is also that, it doesn't have to be localhost/127.0.0.1 but also any other IP in local network. (like 192.168.0.100 etc). End user can change that IP whenever he likes to. He just needs to point on the PC where my desktop app/websocket server is running.
What have I tried?
I sure tried to find my answer in google, browsing tons of forums, sites, and even few questions and all answers here on stack overflow.
I also tried not using certificate at all, but my page is on https:// so connection using ws:// is impossible.
Code
I know, code is usually obligatory, but I actually got my websocket client/server working, but the issue is certificate, so i hope you can forgive me lack of code.
missing info?
Do i need to provide any more information? I am willing to make multiple edits if needed.
While the current certificate system is kind of broken it is fortunately not broken enough to allow what you want. What you expect to get based on your description is a certificate for an IP addresses (bad idea anyway) which you don't even own fully (you cannot claim to be the owner of 127.0.0.1 or similar addresses) which then will be accepted by every browser without the need to add a manual exception by the user.