Adapter does not connect with https

[honnel]

Hi,

I can't establish any connection to our Rocket.Chat Instance. I have tried following settings:

ROCKETCHAT_URL='https://$host' 
ROCKETCHAT_ROOM='general' 
LISTEN_ON_ALL_PUBLIC=true 
ROCKETCHAT_USER=bot 
ROCKETCHAT_PASSWORD=bot 
ROCKETCHAT_AUTH=password 

I have got following output:

[Tue Jan 26 2016 09:47:02 GMT+0100 (CET)] INFO Starting Rocketchat adapter...
[Tue Jan 26 2016 09:47:02 GMT+0100 (CET)] INFO Once connected to rooms I will respond to the name: bot
[Tue Jan 26 2016 09:47:02 GMT+0100 (CET)] INFO Connecting To: $host
(logging stops at this point)

I have prepared Rocket.Chat with an user bot and password bot.
Is there anything i have forgot to configure?

cheers honnel

[Sing-Li]

It is trying to connect to $host....the shell env-var substitution is not working. Try ".

[honnel]

Sorry for my ambigous description. We are using a full hostname like 'https://rocktchat.host.tld'.

[knvpk]

For our also same problem, but we are not going on ecure layer only http for now. but logs are stopping after the

[Tue Jan 26 2016 09:47:02 GMT+0100 (CET)] INFO Connecting To: http://rocket.invizoserver.com:80

But when i examined the code i have seen that after success full login it want to log message

Succsessfully Connected

at this line

So, it means its not connecting and i dont think the problem is with https or http.

[knvpk]

But when ping the hubot instance ( im using docker here ) with the rocket url (http://rocket.invizoserver.com:80 in my case) it working.

[Sing-Li]

Make sure you try 0.15.0 for server.

Use adapter 0.0.25 if you must use older servers.

[knvpk]

Im using bot latest ones to get the latest updates as well. is both latest version are compatible or not. indirectly im using both develop branches.

[Sing-Li]

the bot adapter is an npm module - https://www.npmjs.com/package/hubot-rocketchat - latest is 0.0.27

should work with the lastest release 0.15.0 of the server - https://rocket.chat/releases/

if you don't need LDAP - you can try using npm module 0.0.25 for maximum compatibility

[knvpk]

From hubot-rocker modules's package.json i have

"name": "hubot-rocketchat",
"version": "0.0.27",

And from rocket chat server, im getting the code for develop.

But still not working ...

[Sing-Li]

Please try using "0.0.25" for the npm hubot-rocketchat module. There were some late changes related to LDAP that may be the problem.

[knvpk]

But im using the normal username and password authentication . Any way i will give it a try.

[Sing-Li]

Precisely.  You want the older version.

Sent from Yahoo Mail on Android

On Thu, Jan 28, 2016 at 9:00 AM, Pavan kumarnotifications@github.com wrote:
But im using the normal username and password authentication . Any way i will give it a try.

—
Reply to this email directly or view it on GitHub.

[Sing-Li]

@honnel - please close this if it is working for you. Thanks.

[knvpk]

No, I have tried with versions 0.0.24,0.0.25,0.0.26 but not getting that successful message.

[Sing-Li]

Come over to https://demo.rocket.chat/support so one of us can get you up and running. Hundreds of others are using the same adapter every day.

[TheReal1604]

@honnel Set the env var ROCKETCHAT_URL like this:

ROCKETCHAT_URL=chat.domainxyz.com without ' ' or use the internal IP Address. This just working fine for me.

EDIT: same for @pavankumarkatakam don't use http:// or port if it's a standard installation. @Sing-Li What did you mean?

[knvpk]

Hi @TheReal1604 , First thing im installing it using the docker, and I changed env to just domain name without schema or port but its not working, but when im diggin in to that i just tries a curl command on rocketchat-hubot container

curl chat.something.com -d "user=bot&password=botpassword"

Im getting the response

{ 
"status": "success",                                                          
"data": {                                                                     
    "authToken": "js4efYQDpVo5IUlO_trHfBWitDJ6KPWObXvBoUsbZYm",                 
    "userId": "LRjN45ghsCkKTuxFP"                                               
  } 
}

So it means that rocketchat container is running well and api also working. this is the info i can share with you.

[knvpk]

Finally i got it, it is working only when I set the environment DEV to true, now its working fine.

[knvpk]

Hi @honnel , just check with environment Dev to true

[honnel]

Thanks for all hints. I have tried version 0.0.27 and 0.0.25 in Combination with/without DEV=true without any success.

The different quoting does not make sense to me cause printenv shows the environment variable allways without any quotes.

I have also tried to hard code my url in src/rocketchat.coffee as RocketChatURL="https://rocketchat.mydomain.tld" but i had no luck.

For me the problem does look like it is based on any parameter passing error.

[mide]

I had not had any luck connecting over https, but I have found luck by linking the Hubot container and the Rocket.Chat container. I was able to launch Hubot via the following call (which I will automate in my setup).

@honnel have you tried linking and using http?

docker run -it \
    -e ROCKETCHAT_URL="rocketchat:3000" \
    -e ROCKETCHAT_ROOM='my-testing-channel' \
    -e LISTEN_ON_ALL_PUBLIC=false \
    -e ROCKETCHAT_USER=bot.user \
    -e ROCKETCHAT_PASSWORD=secret \
    -e ROCKETCHAT_AUTH=password \
    -e BOT_NAME=mybot \
    --link rocketchat:rocketchat \
    rocketchat/hubot-rocketchat

[honnel]

@mide with http everything is fine.

[engelgabriel]

Guys, you do realise that the Rocket.Chat itself is unable to handle SSL, it only does it when behind a reverse proxy like NGINX (that actually does the SSL termination), right?

So when you are trying to use SSL you are pointing to the host and port of NGINX/Apache and not Rocket.Chat, correct?

[mide]

@engelgabriel I do realize that. When I try to connect to the externally facing endpoint (so the traffic would be routed using HTTPS to NGINX and then passed from NGINX to Rocket.Chat via HTTP), it times out.

The only way I've been successful is to bypass NGINX and connect directly via linked Docker containers.

For example, this does not work:

docker run -it \
    -e ROCKETCHAT_URL="my.extertnal.rocket.domain" \
    -e ROCKETCHAT_ROOM='my-testing-channel' \
    -e LISTEN_ON_ALL_PUBLIC=false \
    -e ROCKETCHAT_USER=bot.user \
    -e ROCKETCHAT_PASSWORD=secret \
    -e ROCKETCHAT_AUTH=password \
    -e BOT_NAME=mybot \
    rocketchat/hubot-rocketchat

[engelgabriel]

Are you sure you can access the NGINX port from the other containers? Or is it only exposed externally? Did you do a CURL from the Hubot container to see the results?

[mide]

I will perform some extra debugging when I get back tonight. The port may
only be exposed externally.
On Feb 16, 2016 9:33 AM, "Gabriel Engel" notifications@github.com wrote:

Are you sure you can access the NGINX port from the other containers? Or
is it only exposed externally? Did you do a CURL from the Hubot container
to see the results?

—
Reply to this email directly or view it on GitHub
#95 (comment)
.

[mide]

So I have a domain, rocket.mydomain.com. You can reach Rocket.Chat over port 443 with all the proper certificates set up. There are three cases I was very curious about regarding Hubot connectivity.

1) Connect via external HTTPS Domain, no Docker linking

docker run -it \
    -e ROCKETCHAT_URL="rocket.mydomain.com" \
    -e ROCKETCHAT_ROOM='' \
    -e LISTEN_ON_ALL_PUBLIC=true \
    -e ROCKETCHAT_USER=bot.user \
    -e ROCKETCHAT_PASSWORD=secret \
    -e ROCKETCHAT_AUTH=my_secret \
    -e BOT_NAME=mybot \
    rocketchat/hubot-rocketchat

This does not connect to RocketChat. And even more interesting, when I run curl https://rocket.mydomain.com inside the container, it's reachable. So I know my Docker setup is correct; it just seems to be something with Hubot.

2) Linked to NGINX container and use HTTPS

I haven't had a chance to test this case yet, my Nginx instance is currently not a Docker container.

3) Linked to RocketChat container and use HTTP

docker run -it \
    -e ROCKETCHAT_URL="rocketchat:3000" \
    -e ROCKETCHAT_ROOM='' \
    -e LISTEN_ON_ALL_PUBLIC=true \
    -e ROCKETCHAT_USER=bot.user \
    -e ROCKETCHAT_PASSWORD=secret \
    -e ROCKETCHAT_AUTH=password \
    -e BOT_NAME=mybot \
    --link rocketchat:rocketchat \
    rocketchat/hubot-rocketchat

This is the solution I mentioned above, and it works great. I don't feel this is an appropriate longterm solution, but it's fine as a workaround.

[Sing-Li]

In case 1 , set URL to https://rocket.mydomain.com

And AUTH to "password". <--- the actual literal

[mide]

@Sing-Li I have tried running the following, and it does not connect.

docker run -it \
    -e ROCKETCHAT_URL="https://rocket.mydomain.com" \
    -e ROCKETCHAT_ROOM='' \
    -e LISTEN_ON_ALL_PUBLIC=true \
    -e ROCKETCHAT_USER=bot.user \
    -e ROCKETCHAT_PASSWORD=my_secret_password_123 \
    -e ROCKETCHAT_AUTH=password \
    -e BOT_NAME=bot.user \
    rocketchat/hubot-rocketchat

This is the output I get, it just hangs at the point you see. The bot does not join any rooms or respond to any messages.

hubot-maps@0.0.2 node_modules/hubot-maps

hubot-help@0.1.3 node_modules/hubot-help

hubot-shipit@0.2.0 node_modules/hubot-shipit

hubot-pugme@0.1.0 node_modules/hubot-pugme

hubot-diagnostics@0.0.1 node_modules/hubot-diagnostics

hubot-rules@0.1.1 node_modules/hubot-rules

hubot-google-translate@0.2.0 node_modules/hubot-google-translate

hubot-google-images@0.2.6 node_modules/hubot-google-images
[Wed Feb 17 2016 23:40:10 GMT+0000 (UTC)] INFO Starting Rocketchat adapter...
[Wed Feb 17 2016 23:40:10 GMT+0000 (UTC)] INFO Once connected to rooms I will respond to the name: bot.user
[Wed Feb 17 2016 23:40:10 GMT+0000 (UTC)] WARNING No services ROCKETCHAT_ROOM provided to Hubot, using GENERAL
[Wed Feb 17 2016 23:40:10 GMT+0000 (UTC)] INFO Connecting To: rocket.mydomain.com

[Sing-Li]

Can you please put Chrome debugger on a browser, go to the https://rocket.mydomain.com, and see if the network tab shows a successful websocket upgrade? Thx

[mide]

Full disclosure: I'm not 100% on what I'm looking for here regarding websockets and switching protocols so please let me know if I can help and dig further.

It looks like the websocket request returned a 101 Switching Protocols but never leaves the state pending - maybe the pending just means that the socket is still open?

[Sing-Li]

Looks okay. Click on it (the actual URL word-link websocket) and see if you see a real-time streaming list of messages. Also try clicking the browser's reload if necessary.

[mide]

It looks like you found the problem. I don't see any activity in the streaming list - I don't think I configured Nginx to handle websockets properly.

[Sing-Li]

@mide Did you fix the Nginx problem?

[mide]

Not yet; I hope to get to this over the next couple days. I've been out of the office for the last week, so I'll update this ASAP.

[mide]

@Sing-Li It looks like my Nginx configuration is correct. After some research, pending is a valid state for the websocket connection to be in - since it doesn't close.

I am able to see activity on the Frames tab when inspecting the websocket.

Since this is a change from before, I will re-run my tests tonight when I get home.

[mide]

Alright, sorry for the delay @Sing-Li -

I've changed my configuration to use ROCKETCHAT_URL="https://rocket.mydomain.com", and I've verified that the websocket connection is being passed through, but it still won't connect.

It hangs at the "connecting" step.

[Sun Feb 28 2016 15:29:31 GMT+0000 (UTC)] INFO Starting Rocketchat adapter...
[Sun Feb 28 2016 15:29:31 GMT+0000 (UTC)] INFO Once connected to rooms I will respond to the name: @mybot
[Sun Feb 28 2016 15:29:31 GMT+0000 (UTC)] WARNING No services ROCKETCHAT_ROOM provided to Hubot, using GENERAL
[Sun Feb 28 2016 15:29:31 GMT+0000 (UTC)] INFO Connecting To: rocket.mydomain.com

The only way I've managed to get this working remains using port 3000 and linking my bot container with the rocket.chat container directly.

[clord]

I'm seeing this too. [When I first wrote this comment, I thought, but see below] it has to do with some people's ssl certificates being valid, but the CA they use is not being verified, possibly. Everything works fine in Chrome for me, including the CA and the websocket upgrade through nginx. But running hubot on the server does not work as in the issue above. When I use curl on that same server, it complains that the CA can not be verified.

Using curl -v:

...
*   issuer: CN=RapidSSL SHA256 CA,O=GeoTrust Inc.,C=US
* NSS error -8179 (SEC_ERROR_UNKNOWN_ISSUER)

So I suspect that I should be able to (on my centos 7 system) add my CA to /etc/pki/tls/certs/ca-bundle.crt and have this work. will investigate.

Edit: So I've resolved all SSL issues on the server. curl connects just fine now without changing the above file, and server gets A+ on SSL tests. But still hubot will not connect.

The nginx access log when hubot tries to connect is:

[03/Apr/2016:15:58:10 +0000] "GET /websocket HTTP/1.1" 301 184 "-" "-" "-"
[03/Apr/2016:15:58:27 +0000] "GET /websocket HTTP/1.1" 301 184 "-" "-" "-"
[03/Apr/2016:15:58:44 +0000] "GET /websocket HTTP/1.1" 301 184 "-" "-" "-"

in a loop without advancing, whereas chrome correctly moves to the next step:

[03/Apr/2016:15:53:41 +0000] "GET /websocket HTTP/1.1" 301 184 "-" "-" "-"
[03/Apr/2016:15:53:44 +0000] "GET /sockjs/798/rghsf6yj/websocket HTTP/1.1" 101 0 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.110 Safari/537.36" "-"

[nyddogghr]

Hi,

I think I'm having the same issue. I do get a websocket with live frames when going to the chat from the browser. However my bot is hanging at "Connecting".

Any news on this ?

[twhiting]

Also having this issue. For those here I found a temporary solution. It only works if your bot is running on the same network as your rocket.chat image, set your rocket.chat url to http://192.168.5.43:3000 (your rocket chat static ip)

[nyddogghr]

I also found another way to do it: I use stunnel. I set the stunnel between localhost and the chat server and then connect the bot to localhost without https.

It is also available on heroku, in case someone use this hosting service (through buildpacks).

[Sing-Li]

This fix/update should finally allowhttps:// bot connect over the Internet.

Whew! Please test and confirm asap.

[Sing-Li]

(Un)fortunately this also opens the floodgate to bots on demo and other public facing RC servers 😌

[jarakkal]

@Sing-Li Could you please outline the fix required specifically for hubot

[dkthezero]

Im facing with this issue, my company host rocket chat on https, try adapter 0.1.4 and 1.0.12 but it not work, still connecting:

export ROCKETCHAT_URL=https://chat.company.com
export ROCKETCHAT_ROOM=''
export LISTEN_ON_ALL_PUBLIC=true
export ROCKETCHAT_USER=bot
export ROCKETCHAT_PASSWORD=bot_password
export ROCKETCHAT_AUTH=password
./bin/hubot -a rocketchat

[jerryline]

Still facing this issue. can't connect the rocketchat with https://XXX.com. using adapter 2.0.0

[jerryline]

I think the Readme file should be update, and add ROCKETCHAT_USESSL.
set it true will enable the ssl connect.

[riker513]

I think the Readme file should be update, and add ROCKETCHAT_USESSL.
set it true will enable the ssl connect.

Thanks.