I have make a request to url from the same server with a cron task. In the past I did this with the next bash script:
#!/bin/sh
curl "http://www.mydomain.es/myfolder/importTwitter" >> /var/log/mydomain/import_twitter.log
I migrated the website to https and the curl command fails returning the next error:
* About to connect() to www.mydomain.es port 443 (#0)
* Trying xxx.xxx.xxx.xxx...
* Connection refused
* couldn't connect to host
* Closing connection #0
curl: (7) couldn't connect to host
I have tried to add the next parameters to the curl command, and get the same error:
--cacert -> specify ssl ca root certificate
--cert -> specify ssl pem certificate
--location -> using the http url and force to follow redirects
--insecure -> allows insecure curl connections
Finally I also have tried make the request from another host and works fine, but I have do the request from the same server.
The server have Debian 3.2.65-1+deb7u2 x86_64
Curl version:
curl 7.26.0 (x86_64-pc-linux-gnu) libcurl/7.26.0 OpenSSL/1.0.1e zlib/1.2.7 libidn/1.25 libssh2/1.4.2 librtmp/2.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap pop3 pop3s rtmp rtsp scp sftp smtp smtps telnet tftp
Features: Debug GSS-Negotiate IDN IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP
* Connection refused
You've got your problem right there. Long before anything with crypto can start, your server simply does not allow a connection from your host.
Make sure your server is configured correctly and that no firewall is blocking loopback connections to port 443.
Related
I am trying to set up a REST endpoint in Go in the Eclipse-Che workspace
My code is shown below:
package main
import (
"log"
"net/http"
)
func main() {
http.HandleFunc("/", func(http.ResponseWriter, *http.Request) {
log.Println("Hello world1")
})
http.HandleFunc("/goodbye", func(http.ResponseWriter, *http.Request) {
log.Println("Goodbye world")
})
http.ListenAndServe(":8085", nil)
}
On running my go code, I'm getting the following output.
bash-4.4 /projects/src/github.com/golang $ curl -V 10.130.54.6/8084
curl 7.52.1 (x86_64-pc-linux-gnu) libcurl/7.52.1 OpenSSL/1.0.2u zlib/1.2.8 libidn2/0.16 libpsl/0.17.0 (+libidn2/0.16) libssh2/1.7.0 nghttp2/1.18.1 librtmp/2.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz TLS-SRP HTTP2 UnixSockets HTTPS-proxy PSL
bash-4.4 /projects/src/github.com/golang $ curl -V http://10.130.54.6/8084
curl 7.52.1 (x86_64-pc-linux-gnu) libcurl/7.52.1 OpenSSL/1.0.2u zlib/1.2.8 libidn2/0.16 libpsl/0.17.0 (+libidn2/0.16) libssh2/1.7.0 nghttp2/1.18.1 librtmp/2.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz TLS-SRP HTTP2 UnixSockets HTTPS-proxy PSL
There are two problem with your request:
You aren not sending a request to your webserver (IP/NUMBER describe a subnet) .
You are using -V instead of -v (that show the version of the cURL tool).
Try with:
curl -v 127.0.0.1:8085
#curl -v 0.0.0.0:8085 will also work
This because you are running the software in your machine, binding the service at port 8085
If your firewall is open, you can query the service from another machine in the same network using:
curl -v 10.130.54.6:8084
You can retrieve your internal ip using ifconfig, and checking which device (eth0, lo ecc) are you using for access to internet.
I'm trying to download files from noaa ncep site, but I get this error
usuario#wrf:~/wrf_data/GRIB$ curl https://ftp.ncep.noaa.gov/data/nccf/com/gfs/prod/gfs.2019020700//gfs.t00z.pgrb2.1p00.f000 -sslv3
* About to connect() to ftp.ncep.noaa.gov port 443 (#0)
* Trying 140.172.138.66... connected
* Connected to ftp.ncep.noaa.gov (140.172.138.66) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS alert, Server hello (2):
* error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
* Closing connection #0
I could download the files until Tuesday, I used this..
curl -O $FILEDWLT
The version
curl --version
curl 7.21.0 (x86_64-pc-linux-gnu) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3.4 libidn/1.15 libssh2/1.2.6
Protocols: dict file ftp ftps http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smtp smtps telnet tftp
Features: GSS-Negotiate IDN IPv6 Largefile NTLM SSL libz
I tried with wget and get similar error. I used a debian machine (squeeze), its old but for now is all I have.
Someone can guide me please?
Best Regards
Carina
I am trying to use cURL and get the following error on every https request I make. The error is always the same. HTTP requests work flawlessly. The verbose output is quite useless.
bash:$ curl https://google.com -vv
* Adding handle: conn: 0x7fe09b803a00
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0x7fe09b803a00) send_pipe: 1, recv_pipe: 0
* About to connect() to google.com port 443 (#0)
* Trying 74.125.226.129...
* Connected to google.com (74.125.226.129) port 443 (#0)
* Unknown SSL protocol error in connection to google.com:-9805
* Closing connection 0
curl: (35) Unknown SSL protocol error in connection to google.com:-9805
bash:$ curl https://google.com -V
curl 7.30.0 (x86_64-apple-darwin13.0) libcurl/7.30.0 SecureTransport zlib/1.2.5
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp smtp smtps telnet tftp
Features: AsynchDNS GSS-Negotiate IPv6 Largefile NTLM NTLM_WB SSL libz
bash:$ openssl s_client -connect google.com:443 < /dev/null
CONNECTED(00000003)
depth=2 /C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
verify error:num=20:unable to get local issuer certificate
verify return:0
24255:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:/SourceCache/OpenSSL098/OpenSSL098-50/src/ssl/s23_lib.c:182:
The results are the same on two different networks, so it does not appear to be network-specific. Attempting to connect using openssl s_client fails similarly so it is not library-dependent either (curl on the Mac uses SecureTransport). The debug output of s_client shows that the SSL handshake proceeds normally to the point where the client sends ChangeCipherSpec and the Finished messages but does not receive ChangeCipherSpec back from the server.
I have tried running these commands on a Debian VM on my Mac, and everything there runs correctly. In addition, using curl to connect to a local OpenSSL server (openssl s_server with a self-signed certificate) also works correctly.
I have looked through other answers on this forum and other places on the internet, but haven't found an answer. Most people's issues involve particular servers and the configuration of SSL on these servers. Mine however is problematic anytime HTTPS is used (with any website).
It was suggested that the issue might be in the certificate store. But if I understand it correctly, if the issue was with the certificate store, it would cause certificates to be rejected by all apps. However, all my browsers (chrome, safari, firefox) negotiate SSL with no problems. There is nothing suspicious in the environment variables for GUI applications or the shell.
Can someone please suggest what I should be looking into to solve the problem? Can it be that something is not properly configured? What should I be looking for?
I made a simple proxy server using nc, here's the one-liner:
mkfifo queueueue
nc -l 8080 <queueueue | nc http://$JENKINS_HOSTNAME 80 >queueueue
It listens on port 8080 and then forwards the data to a connection to our Jenkins server. Jenkins is behind a VPN, and the machine I am running this proxy on has VPN access.
On my other machine (no VPN access), I would like to curl the Jenkins server, here's the command to initiate the request through the proxy:
http_proxy=10.1.10.10:8080 curl --user $JENKINS_USERNAME:$JENKINS_PASSWORD http://$JENKINS_HOSTNAME/api/json
Both the client and the proxy machine are on the same network, I can ping and ssh between them, also, I know that the client is connecting to the proxy server, I think the failure is arising when the client is trying to authenticate, here's the output when I try to curl:
$ http_proxy=10.1.10.10:8080 curl --user $JENKINS_USERNAME:$JENKINS_PASSWORD http://$JENKINS_HOSTNAME/api/json
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved here.</p>
<hr>
<address>Apache Server at $JENKINS_HOSTNAME Port 80</address>
</body></html>
How can I curl through a proxy like this with HTTP Basic Authentication?
I would use ssh for this instead of netcat.
Just to get some confusion out of the way, I will be referring to the node with VPN access as the "server", and the node without VPN access as the "client".
On the server side you should only need to install and have an ssh server running (in my test I have OpenSSH_5.9p1, OpenSSL 0.9.8r 8 Feb 2011).
On the client side you will need to do the following:
1) in your /etc/hosts file add in the address that your target URL resolves as on the server. I wasn't able to get curl to run DNS lookups through the proxy, which is why this is necessary.
2) setup ssh keys between the server and the client. while this is not necessary, it makes life easier.
3) run the following ssh command to have ssh act as a SOCKS proxy:
user#host$ ssh -vND 9999 <server>
-v is there so you can see what is going on with ssh,
-N tells ssh to not execute a remote command - this is useful for just simple port forwarding
-D this option is what actually forwards your local requests to the server
4) now you should be able to run the curl command you have above, but add in
---socks5 localhost:9999
Your full command will look like this:
curl --user $USER:$PASSWORD --socks5 localhost:9999 http://$JENKINS/api/json
If I can figure out how to forward the DNS requests from curl through ssh I'll update the ticket.
edit: formatting, awful grammar.
I have Vidalia installed, set up Chrome to use port 8118 for the proxy and I've checked my connection through https://check.torproject.org/ but I'm having difficulties getting this work with the command-line tool cURL. This is what I try:
C:\>curl -v --proxy localhost::9050 http://google.com
* About to connect() to proxy localhost port 0 (#0)
* Failed to connect to ↕: Address not available
* No error
* Trying 127.0.0.1... Failed to connect to 127.0.0.1: Address not available
* No error
* couldn't connect to host
* Closing connection #0
curl: (7) Failed to connect to ↕: Address not available
Solved:
curl -v --socks4a localhost:9050 http://check.torproject.org/
Use --socks5 (two dashes). -socks5 is not a valid parameter for curl, so curl is interpreting it as a hostname.
Turns out this entire mess was just syntax problems. A proper command is here:
curl -v --socks4a localhost:9050 http://check.torproject.org/
With TWO dashes before socks4a and ONE colon before the port.
More updated response using socks5.
curl -v --socks5 localhost:9150 http://check.torproject.org/
So, using port 9150 for socks 5.