goagent twitter官网 403...

请教服务器迁移到国内后 twitter oauth 的 proxy 问题 ? Ruby China 如题,过去网站在linode上,现准备迁移到国内的UCloud,网站支持twitter oauth方式登录并且需要使用一些api,所以为了保证迁回国内后这部分功能可用,需要架设twitter api proxy 环境:debian 7 + ruby 1.9.3 + openssl 1.0.1e,已关闭防火墙 我尝试过了两个方案 1 利用GoAgent 3.0.1,然后设置omniauth的proxy到GoAgent端口,开发机osx 10.8正常,但是在ucloud上GoAgent日志 INFO - [Jun 28 02:48:04] 127.0.0.1:45539 "AGENT CONNECT :443 HTTP/1.1" - - ERROR - [Jun 28 02:48:04] ssl.wrap_socket(self.connection=&socket at 0x1c90210 fileno=7 sock=127.0.0.1:8087&) failed: [Errno 1] _ssl.c:504: error::SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca (twitter) Request phase initiated. (twitter) Authentication failure! service_unavailable: OpenSSL::SSL::SSLError, SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed GoAgent开启关闭https mode结果均一样 使用curl测试curl -x 127.0.0.1:8087测试,同样得到unknown ca的错误 -x 127.0.0.1:8087 --cacert /usr/local/goagent/local/CA.crt 则能获取到html 但是配置GoAgent的时候本身就会自动导入ca,经检查确实已经导入了***到/etc/ssl/certs,并且开发机不需要指定ca也能正常得到结果 测试数次,结果比较稳定 2 在linode的机器上用nginx来转发api实现proxy,nginx配置文件如下 access_log /var/log/nginx/twitter.access_ location / { proxy_pass #proxy_set_header #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_ #proxy_set_header proxy_pass_header proxy_pass_header proxy_pass_header proxy_pass_header proxy_pass_header 可以确定的是,请求内容完整的发送到proxy上了,但返回401 unauthorized Started GET "/users/auth/twitter" for 127.0.0.1 at 03:17:32 +0800 OAuth::Unauthorized (401 Unauthorized): oauth (0.4.7) lib/oauth/consumer.rb:216:in `token_request' oauth (0.4.7) lib/oauth/consumer.rb:136:in `get_request_token' omniauth-oauth (1.0.1) lib/omniauth/strategies/oauth.rb:29:in `request_phase' omniauth-twitter (1.0.0) lib/omniauth/strategies/twitter.rb:63:in `request_phase' omniauth (1.1.4) lib/omniauth/strategy.rb:214:in `request_call' omniauth (1.1.4) lib/omniauth/strategy.rb:181:in `call!' omniauth (1.1.4) lib/omniauth/strategy.rb:164:in `call' omniauth (1.1.4) lib/omniauth/strategy.rb:184:in `call!' omniauth (1.1.4) lib/omniauth/strategy.rb:164:in `call' newrelic_rpm (3.6.4.122) lib/new_relic/rack/error_collector.rb:12:in `call' newrelic_rpm (3.6.4.122) lib/new_relic/rack/agent_hooks.rb:22:in `call' newrelic_rpm (3.6.4.122) lib/new_relic/rack/browser_monitoring.rb:16:in `call' newrelic_rpm (3.6.4.122) lib/new_relic/rack/developer_mode.rb:28:in `call' mongoid (3.1.4) lib/rack/mongoid/middleware/identity_map.rb:34:in `block in call' mongoid (3.1.4) lib/mongoid/unit_of_work.rb:39:in `unit_of_work' mongoid (3.1.4) lib/rack/mongoid/middleware/identity_map.rb:34:in `call' warden (1.2.1) lib/warden/manager.rb:35:in `block in call' warden (1.2.1) lib/warden/manager.rb:34:in `catch' warden (1.2.1) lib/warden/manager.rb:34:in `call' actionpack (3.2.13) lib/action_dispatch/middleware/best_standards_support.rb:17:in `call' rack (1.4.5) lib/rack/etag.rb:23:in `call' rack (1.4.5) lib/rack/conditionalget.rb:25:in `call' actionpack (3.2.13) lib/action_dispatch/middleware/head.rb:14:in `call' actionpack (3.2.13) lib/action_dispatch/middleware/params_parser.rb:21:in `call' actionpack (3.2.13) lib/action_dispatch/middleware/flash.rb:242:in `call' rack (1.4.5) lib/rack/session/abstract/id.rb:210:in `context' rack (1.4.5) lib/rack/session/abstract/id.rb:205:in `call' actionpack (3.2.13) lib/action_dispatch/middleware/cookies.rb:341:in `call' actionpack (3.2.13) lib/action_dispatch/middleware/callbacks.rb:28:in `block in call' activesupport (3.2.13) lib/active_support/callbacks.rb:405:in `_run__06208__call__7542957__callbacks' activesupport (3.2.13) lib/active_support/callbacks.rb:405:in `__run_callback' activesupport (3.2.13) lib/active_support/callbacks.rb:385:in `_run_call_callbacks' activesupport (3.2.13) lib/active_support/callbacks.rb:81:in `run_callbacks' actionpack (3.2.13) lib/action_dispatch/middleware/callbacks.rb:27:in `call' actionpack (3.2.13) lib/action_dispatch/middleware/reloader.rb:65:in `call' actionpack (3.2.13) lib/action_dispatch/middleware/remote_ip.rb:31:in `call' airbrake (3.1.12) lib/airbrake/rails/middleware.rb:13:in `call' actionpack (3.2.13) lib/action_dispatch/middleware/debug_exceptions.rb:16:in `call' actionpack (3.2.13) lib/action_dispatch/middleware/show_exceptions.rb:56:in `call' railties (3.2.13) lib/rails/rack/logger.rb:32:in `call_app' railties (3.2.13) lib/rails/rack/logger.rb:16:in `block in call' activesupport (3.2.13) lib/active_support/tagged_logging.rb:22:in `tagged' railties (3.2.13) lib/rails/rack/logger.rb:16:in `call' quiet_assets (1.0.2) lib/quiet_assets.rb:18:in `call_with_quiet_assets' actionpack (3.2.13) lib/action_dispatch/middleware/request_id.rb:22:in `call' rack (1.4.5) lib/rack/methodoverride.rb:21:in `call' rack (1.4.5) lib/rack/runtime.rb:17:in `call' activesupport (3.2.13) lib/active_support/cache/strategy/local_cache.rb:72:in `call' rack (1.4.5) lib/rack/lock.rb:15:in `call' actionpack (3.2.13) lib/action_dispatch/middleware/static.rb:63:in `call' airbrake (3.1.12) lib/airbrake/user_informer.rb:16:in `_call' airbrake (3.1.12) lib/airbrake/user_informer.rb:12:in `call' railties (3.2.13) lib/rails/engine.rb:479:in `call' railties (3.2.13) lib/rails/application.rb:223:in `call' railties (3.2.13) lib/rails/railtie/configurable.rb:30:in `method_missing' /Users/jasl/Library/Application Support/Pow/Versions/0.4.1/node_modules/nack/lib/nack/server.rb:145:in `handle' /Users/jasl/Library/Application Support/Pow/Versions/0.4.1/node_modules/nack/lib/nack/server.rb:99:in `rescue in block (2 levels) in start' /Users/jasl/Library/Application Support/Pow/Versions/0.4.1/node_modules/nack/lib/nack/server.rb:96:in `block (2 levels) in start' /Users/jasl/Library/Application Support/Pow/Versions/0.4.1/node_modules/nack/lib/nack/server.rb:86:in `each' /Users/jasl/Library/Application Support/Pow/Versions/0.4.1/node_modules/nack/lib/nack/server.rb:86:in `block in start' /Users/jasl/Library/Application Support/Pow/Versions/0.4.1/node_modules/nack/lib/nack/server.rb:66:in `loop' /Users/jasl/Library/Application Support/Pow/Versions/0.4.1/node_modules/nack/lib/nack/server.rb:66:in `start' /Users/jasl/Library/Application Support/Pow/Versions/0.4.1/node_modules/nack/lib/nack/server.rb:13:in `run' /Users/jasl/Library/Application Support/Pow/Versions/0.4.1/node_modules/nack/bin/nack_worker:4:in `&main&' 里的提示尝试使用OAuth 2方式认证,nginx配置如下 access_log /var/log/nginx/proxy.access_ # If your want to secure your proxy with SSL, replace with the appropriate SSL configuration. listen 80; # Replace this with the name of the domain you wish to run your proxy on. # The Twitter proxy code! location / { proxy_ignore_headers X-Accel-Expires Expires Cache-Control Set-C # Hide Twitter's own caching headers - we're applying our own. proxy_hide_header X-Accel-E proxy_hide_header E proxy_hide_header Cache-C proxy_hide_ proxy_hide_header set- proxy_pass_header Content- proxy_pass_header WWW-A # Set the correct host name to connect to the Twitter API. proxy_set_header H # Add authentication headers - edit and add in your own bearer token. proxy_set_header Authorization "Bearer 哔~~~"; # Actually proxy the request to Twitter API! 返回403 Forbidden Started GET "/users/auth/twitter" for 127.0.0.1 at 03:14:45 +0800 OAuth::Unauthorized (403 Forbidden): oauth (0.4.7) lib/oauth/consumer.rb:216:in `token_request' oauth (0.4.7) lib/oauth/consumer.rb:136:in `get_request_token' omniauth-oauth (1.0.1) lib/omniauth/strategies/oauth.rb:29:in `request_phase' omniauth-twitter (1.0.0) lib/omniauth/strategies/twitter.rb:63:in `request_phase' omniauth (1.1.4) lib/omniauth/strategy.rb:214:in `request_call' omniauth (1.1.4) lib/omniauth/strategy.rb:181:in `call!' omniauth (1.1.4) lib/omniauth/strategy.rb:164:in `call' omniauth (1.1.4) lib/omniauth/strategy.rb:184:in `call!' omniauth (1.1.4) lib/omniauth/strategy.rb:164:in `call' newrelic_rpm (3.6.4.122) lib/new_relic/rack/error_collector.rb:12:in `call' newrelic_rpm (3.6.4.122) lib/new_relic/rack/agent_hooks.rb:22:in `call' newrelic_rpm (3.6.4.122) lib/new_relic/rack/browser_monitoring.rb:16:in `call' newrelic_rpm (3.6.4.122) lib/new_relic/rack/developer_mode.rb:28:in `call' mongoid (3.1.4) lib/rack/mongoid/middleware/identity_map.rb:34:in `block in call' mongoid (3.1.4) lib/mongoid/unit_of_work.rb:39:in `unit_of_work' mongoid (3.1.4) lib/rack/mongoid/middleware/identity_map.rb:34:in `call' warden (1.2.1) lib/warden/manager.rb:35:in `block in call' warden (1.2.1) lib/warden/manager.rb:34:in `catch' warden (1.2.1) lib/warden/manager.rb:34:in `call' actionpack (3.2.13) lib/action_dispatch/middleware/best_standards_support.rb:17:in `call' rack (1.4.5) lib/rack/etag.rb:23:in `call' rack (1.4.5) lib/rack/conditionalget.rb:25:in `call' actionpack (3.2.13) lib/action_dispatch/middleware/head.rb:14:in `call' actionpack (3.2.13) lib/action_dispatch/middleware/params_parser.rb:21:in `call' actionpack (3.2.13) lib/action_dispatch/middleware/flash.rb:242:in `call' rack (1.4.5) lib/rack/session/abstract/id.rb:210:in `context' rack (1.4.5) lib/rack/session/abstract/id.rb:205:in `call' actionpack (3.2.13) lib/action_dispatch/middleware/cookies.rb:341:in `call' actionpack (3.2.13) lib/action_dispatch/middleware/callbacks.rb:28:in `block in call' activesupport (3.2.13) lib/active_support/callbacks.rb:405:in `_run__06208__call__7542957__callbacks' activesupport (3.2.13) lib/active_support/callbacks.rb:405:in `__run_callback' activesupport (3.2.13) lib/active_support/callbacks.rb:385:in `_run_call_callbacks' activesupport (3.2.13) lib/active_support/callbacks.rb:81:in `run_callbacks' actionpack (3.2.13) lib/action_dispatch/middleware/callbacks.rb:27:in `call' actionpack (3.2.13) lib/action_dispatch/middleware/reloader.rb:65:in `call' actionpack (3.2.13) lib/action_dispatch/middleware/remote_ip.rb:31:in `call' airbrake (3.1.12) lib/airbrake/rails/middleware.rb:13:in `call' actionpack (3.2.13) lib/action_dispatch/middleware/debug_exceptions.rb:16:in `call' actionpack (3.2.13) lib/action_dispatch/middleware/show_exceptions.rb:56:in `call' railties (3.2.13) lib/rails/rack/logger.rb:32:in `call_app' railties (3.2.13) lib/rails/rack/logger.rb:16:in `block in call' activesupport (3.2.13) lib/active_support/tagged_logging.rb:22:in `tagged' railties (3.2.13) lib/rails/rack/logger.rb:16:in `call' quiet_assets (1.0.2) lib/quiet_assets.rb:18:in `call_with_quiet_assets' actionpack (3.2.13) lib/action_dispatch/middleware/request_id.rb:22:in `call' rack (1.4.5) lib/rack/methodoverride.rb:21:in `call' rack (1.4.5) lib/rack/runtime.rb:17:in `call' activesupport (3.2.13) lib/active_support/cache/strategy/local_cache.rb:72:in `call' rack (1.4.5) lib/rack/lock.rb:15:in `call' actionpack (3.2.13) lib/action_dispatch/middleware/static.rb:63:in `call' airbrake (3.1.12) lib/airbrake/user_informer.rb:16:in `_call' airbrake (3.1.12) lib/airbrake/user_informer.rb:12:in `call' railties (3.2.13) lib/rails/engine.rb:479:in `call' railties (3.2.13) lib/rails/application.rb:223:in `call' railties (3.2.13) lib/rails/railtie/configurable.rb:30:in `method_missing' /Users/jasl/Library/Application Support/Pow/Versions/0.4.1/node_modules/nack/lib/nack/server.rb:145:in `handle' /Users/jasl/Library/Application Support/Pow/Versions/0.4.1/node_modules/nack/lib/nack/server.rb:99:in `rescue in block (2 levels) in start' /Users/jasl/Library/Application Support/Pow/Versions/0.4.1/node_modules/nack/lib/nack/server.rb:96:in `block (2 levels) in start' /Users/jasl/Library/Application Support/Pow/Versions/0.4.1/node_modules/nack/lib/nack/server.rb:86:in `each' /Users/jasl/Library/Application Support/Pow/Versions/0.4.1/node_modules/nack/lib/nack/server.rb:86:in `block in start' /Users/jasl/Library/Application Support/Pow/Versions/0.4.1/node_modules/nack/lib/nack/server.rb:66:in `loop' /Users/jasl/Library/Application Support/Pow/Versions/0.4.1/node_modules/nack/lib/nack/server.rb:66:in `start' /Users/jasl/Library/Application Support/Pow/Versions/0.4.1/node_modules/nack/lib/nack/server.rb:13:in `run' /Users/jasl/Library/Application Support/Pow/Versions/0.4.1/node_modules/nack/bin/nack_worker:4:in `&main&' 另外,我大概看过一些twiiter api proxy工具,都比较老,还在使用即将作废的1.0版api,所以就不考虑了 有什么好的国内主机使用twitter oauth api的方案? 我感觉我想到的两个方案理论上都是可行的,但哪里出问题或者我没考虑到导致失败呢? 有什么办法截取代理服务器出去的包?tcpdump nc都是针对socket的,对于只想观察request来说 非常重,而且难用。。。 http proxy 是明文的, 和直接访问没区别, 必墙... goagent 原理应该和 gapproxy 差不多, 就算加了***, 由于服务器是知道连接内容的, 改不了中间人角色, 必然 ssl 验证不通过. socks 隧道型的就没这个问题. 本地开个 shadowsocks / stochastic-socks 客户端, 然后用本地的 socks5 代理就可以了. 防火墙不用关. 如果不需要跑国内请求, 可以用 socksify-ruby 猴子补丁掉 Net::HTTP, 就不用改任何代码了. 如果熟悉 oauth 原理, 用 curl 跑 oauth 也很简单... curl --socks5-hostname localhost:6789 ... 还有一个办法是配置 *** 忘记了...没用socks主要是担心长期保持连接会封掉linode的ip,坛子里貌似有一些先例吧?我也说不好...现在有点迷糊 ssh 隧道是有这个问题, 只有一个连接 hang 住, 而且并发时很卡, 不开混淆的话特征很容易学习, 但 s*socks 是每请求一个连接非阻塞的, 特征和 ssh 不同, 暂时好像还没出问题 (将来咋样我也说不好...) 唔 那我就尝试一下 吕哥一席话,胜读十年书啊! 对于这种情况,我是死活都不会让老板把服务器移到国内的,太折腾了 方法1, 是因为中间人***警告?设置忽略试试看: OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE 睡醒之后 表示。。。没理解 - - 你能详细的讲讲么,如果是这样的话,goagent这类工具是怎么达到翻墙目的的? cool...简单粗暴。。 昨天没仔细看贴,嫌太粗暴的话,你试试看设置ca file应该也可以。 config.omniauth :twitter, "xxx", "xxx", {:scope =& 'xxx,xxx', :client_options =& {:ssl =& {:ca_file =& '/usr/local/goagent/local/CA.crt'}}} 因为 goagent 部署在 appengine 的限制, 远端是只能用 http client 连接而不能直接开 TCP socket, 而 http client 必须知道连接的内容 (header, path 之类的), 所以不算加密传输层... 隧道是服务器不知道连接的内容, 收到什么就发什么 不忽略***的话, 可能要自己生成域名为 goagent似乎包含twitter假***的,我好像翻过***文件 有些东西必须国内才能做的,我也不喜欢国内的主机 解决ssl***之后还有一个坑,有时候Ruby 2.0 的net库在做inflate的时候会触发Zlib::DataError: incorrect header check,omniauth走proxy进行oauth的时候刚好会触发,不太懂原理,能讲讲么? 这是两篇讨论 查了些资料, 做过处理,免疫这个问题。 于是效法他,我写了个很脏的猴子补丁 omniauth 走的什么类型的 proxy? http? 如果是 goagent, 可能是它没处理好 header 的原因 如果原本的响应是 transfer-encoding: chunked, 然后 goagent 把 body decode 出来, 加上 content-length 返回给你, 但没有删除 chunked 项, 客户端就按照 chunked 去 decode 已经 decode 过的内容... 响应 header 中包含 transfer-encoding: chunked 的时候, 客户端就不去读 content-length, 而是一段一段的读内容, 往往适用于发 header 的时候还不知道 body 有多长的情况. chunked encoding 的 body 里, 每段内容以 16 进制数字标识这段内容的长度, 接着是对应长度的数据, 后面再接上 "\r\n" 做分隔符. 当碰到 "\0\r\n\r\n" 的时候, body 就结束了. content-encoding: gzip 是在处理完 transfer-encoding 后处理的, 就是把内容扔给 gzip 去解压. Net::HTTP 对两种 header 都做了考虑. 除非 header 被 http 代理搞乱掉 (解压了却没删掉 content-encoding, 或者解码了 chunked 缺忘记改 transfer-encoding), 是不会出问题的. 隧道代理就完全不会出 http 代理的这种问题. 后方可回复, 如果你还没有账号请点击这里 。 共收到 17 条回复当前位置: >> 谷歌chrome浏览器goagent经常出现403. That’s an error.的解决方法 网页显示403. That’s an error 的解决方法。转载自百度经验/article/aad228.html使用 Goagent 打开网页,经常出现403. That’s an error.下面是解 决的方法。
方法/步骤 1、找到打开 Go*gent 的文件目录。 可以在桌面上右键--&Go*gent 的图标--&属性--&查找目标。 2、在文件目录中的“proxy.ini”配置文件中,用记事本打开。3 、 在 打 开 的 文 件 中 , 找 到 &profile = google_CN& , 将 &google_cn& 改 成 &google_hk&。然后保存关闭文件。关闭浏览器和 Go*gent,重新打开上网,问 题解决。注意事项以上图片文字为原著作者原创,如需转载,请注明出处!

参考资料

 

随机推荐