PDA

View Full Version : Calling webservices by IP address



SpringBox
2019-11-11, 09:50
Hi guys

Came across an issue calling webservices in code. Some we call using their fully qualified domain and some we only have an IP address.

In dev / app cente and localhost web on dev pc - works great and very fast but in cloud server, always just times out with no connection to the external service.

Is this some sort of sandboxing issue or should we be able to call webservices by IP?

i.e.

oRequest = createObject("networkrequest")
lretval = oRequest.postfile("http://222.222.222.222/webservices/webservicename.wx", "dataexport.json", "result.txt")

This one is driving us nuts !!

Edit :
Now created a subdomain and assigned it to static IP - again works perfectly in Dev, App Centre and localhost web on dev pc but not when called on Cloud Server. Other webservices call fine.

Only option is to raise a ticket now.


Thanks in advance


Simon

barrymavin
2019-11-11, 10:01
Hi Simon,

No there’s no sand boxing as you put it.

Have you tried this interactively in the app builder console? I mean have you tried with numeric ip addresses.

This is likely to be a reverse DNS issue.

You can use tracert in a command window and that may help you to see what’s going on.
https://support.microsoft.com/en-us/help/314868/how-to-use-tracert-to-troubleshoot-tcp-ip-problems-in-windows

and nslookup

https://serverfault.com/questions/41064/whats-the-command-line-utility-in-windows-to-do-a-reverse-dns-look-up

SpringBox
2019-11-11, 12:46
Hi Barry

Yes - this one is odd and thanks for confirming that there is no sandboxing in the Cloud Server. It must therefore be a routing issue somewhere.

In console and in code it works perfectly (both as IP and domain endpoints) but for some reason, not on the production server where there is only Cloud Server.

Both tracert and ping show no issues so we have now put our server farm tech people on it to look for some weird http security. (it is bound to be some firewall setting somewhere)

Thanks for your swift reply

Cheers

Simon

HankFay
2019-11-11, 13:24
Hi Simon,

Is the LCS on the same server as the app development? It's not unusual for ftp requests to be accepted only from specified addresses. It's also not unusual for an FTP server to automatically created a blacklist for IP Addresses that fail authentication <n> times, with various variations on the principle.

When I put an ftp server on a rented box I immediately limit IP addresses from which requests can be accepted. Failing to do that will, within hours if not minutes, lead to a plethora of attempts to get into the system, from many different countries.

Hank

SpringBox
2019-11-13, 12:59
Hi guys

We found our issue - it was some routing rule because we were calling a webservice on our own subnet and apparently that is not supported on some virtual server platforms. We are now calling internal ip address which works fine.

However, now we've got it all working and are testing, we have come accross a really weird one...

We can log in to our web app on production server using port 8001 or port 80 on server using wifi or wired network :

Internet Exlorer on pc
Firefox on pc
Chrome on pc
Flashpeak slimjet on pc

Android tablet as web app
Android phone as web app

But we cannot log in using any apple devices.

Safari iPad ios 13.1.3 or iPhone ios 12.4.1 - the connction counter increments on the Lianja Server Manager, we enter the password on the app center login, the password is accepted and then nothing happens and we never get to choose our app. Spinner just keeps going and nothing happens. This is true for wifi or cellular and for both port 8001 and port 80.

Safari and Aloha browsers tried on iphone - same fail result.

We have now tested this on 4 different ipads from 4 different LANs and always the same.

This used to work but has apple introduced some manditory requirement for https? If so, how would we do that with Lianja Server Manager? Can it listen for SSL port 443 too? How do we install certificates?


mac - not yet tested

Unfortunately our customers all use Apple !! Any thoughts? URGENT....

Thanks in advance



Simon

HankFay
2019-11-13, 15:49
Hi Simon,

We use HTTPS for all our web client work, using IIS (there's a page, actually 2, on that -- Google 'Lianja IIS'). Performance is good.

You can also use Apache as the frontend.

HTTPS for the LCS is on the roadmap somewhere.

Hank

barrymavin
2019-11-13, 16:12
Use the web inspector on iOS from your desktop.

https://appletoolbox.com/use-web-inspector-debug-mobile-safari/

Or debug using chrome on a Mac connected to your iPad

https://blog.chromium.org/2019/03/debugging-websites-in-chrome-for-ios.html

SpringBox
2019-11-13, 18:41
Hi Barry

Sadly we use PCs and don't have any Macs. Do you think this might be something other than https? We are only trying to make a very simple web app.

We have installed the Lianja64.dll in to IIS which installed perfectly (great instructions, thank you)

We then installed the https binding and of course IIS is now completely trashed with no localhost. It always does that whenever you touch it. So unstable.

Anyway, back to Lianja.

We are slightly confused as given that Lianja Cloud Server listens on port 8001 and SSL is 443 and we have integrated calling our app with IIS, how do we now call it?

https://222.222.222.222:8001/login.rsp looks wrong with https://222.222.222.222/login.rsp looking better. We will try this on a self signed certificate to being with before we buy one.

We have tested this fairly extensively and it now works so well with everything other than ios.

Do we really have to go and buy a (absurdly expensive) Mac just to get it to load? It used to work. Anything else it could be? Is there some app setting that might be an issue?

Cheers

Simon

HankFay
2019-11-13, 19:04
Hi Simon,

You can set IIS up to use both 80 without SSL and 443 with SSL.

LCS on port 443 is not SSL: it is just port 443. Without binding an SSL certificate, there is no HTTPS.

Hank

SpringBox
2019-11-13, 19:37
Hi Hank

Yes, we understand that & it makes sense. We now have IIS set up for http 80 AND https/SSL 443. Its just that now nothing comes through but we hope to fix that.

But how would we call an https/SSL version of our app from a browser? Would we need to specify a port? How do we get LCS to be listening on 443?

This is the last bit of the puzzle, we hope....

It's been like climbing Everest to get a coffee.

Thanks

Simon

barrymavin
2019-11-13, 19:45
Hi Simon,

When you are using IIS you omit the :8001.

“it used to work” please explain what you mean by that.

Have you tried accessing your app on your development machine from an iPad in the same WiFi network? Try that first.

Is your server on an IP that I can access.

barrymavin
2019-11-13, 20:13
You can use weinre to debug mobile devices from windows.
https://people.apache.org/~pmuellr/weinre/docs/latest/Home.html

As explained in the above weinre doc, you need to insert a script tag into your Lianja app in order to debug it with weinre server running on your windows machine. You would insert the weinre script tag in your Lianja app inside the “include in HTML head” app attribute.

SpringBox
2019-11-13, 20:45
Thanks Barry

By "it used to work" we mean that upto about a month ago we could log to the external IP production server using apple/ios products :8001 but now we cannot.

Thanks for the info about the port 8001. How do we get LCS to listen to port 443? How does it know?

We cannot use IIS at the moment as it is completely broken following installation of https binding. Logging in using 8001 is broken too for some reason as when we fire up web page, enter credentials, pick your app and then it is just a white screen. Hopefully once the IIS is fixed that will be too.

How does LCS know how to behave now as it has potentially 2 start methods?

How do we "access your app on your development machine from an iPad in the same WiFi network"? We've tried typing in the localhost url that the dev produces when it produces its index file and localhost web version but that doesn't work.


Thanks

Simon

barrymavin
2019-11-13, 21:04
Hi Simon,

I do not believe you need to use IIS to run your app. You need to get your network infrastructure sorted it.

You first need to verify that if runs locally.

Do you know how to determine the IP address of your PC?

Once you have determined that lets say it is 192.168.1.xxx and your ipad is connected to the same wifi access point and it has IP address 192.168.1.yyy then in the browser address bar on the ipad type:

http://192.168.1.xxx:8001

Get that working first.

Regarding your questions about IIS and http protocols.

1. LCS does not need to and cannot listen on port 443
2. IIS listens on port 80 and port 443.
3. The Lianja ISAPI extension acts as a proxy and causes IIS to forward all http(s) requests to LCS on port 8001. If LCS cannot handle the request it tells IIS and it then passes the request down its chain of extensions.

You can't just enable port 443 on IIS you must install an SSL certificate. It is highly possible that iOS will reject a self signed certificate.

josipradnik
2019-11-14, 01:47
Hi Simon,



Do we really have to go and buy a (absurdly expensive) Mac just to get it to load? It used to work. Anything else it could be?


For some testing I installed iOS in a virtual machine.

SpringBox
2019-11-14, 04:53
Hi Barry

Thanks for clarification - will give that a go.

Once the Lianja ISAPI extension is instaled, can the same server also still run other web services? Or must the LCS have its own box?

We have a data collection webservice on the same server listening on port 80 which expects an xml stream.

Cheers

Simon

barrymavin
2019-11-14, 05:09
Hi Simon,

As I explained, IIS proxies into the Lianja ISAPI extension. If it can't handle the file extension to the file does not exist in the WWWROOT it will pass it back to IIS. This is how IIS extensions operate.

SpringBox
2019-11-17, 12:16
Hi Barry

OK - making some progress.

Calling the app using the 192.168.10.xxx:8001 ie localhost does work fine from an iPad.


Brand new testing server up with out of the box everything. Not toutched IIS yet.

When we call the new server using http:// we notice 2 things

1. When calling the app from a non ios browser, adding a new record does not change the action bar. Normally when a record is added ie by pressing the + button, the action bar changes to only show the save and undo symbols. It currently does not change and so we cannot save the record or get out of the edit.

We just get "please save or cancel the edit first". Only option is to end the browser session.

We will send you the live IP address by emai so hopefully you can see/reproduce the issue.


2. iPad / iPhone still will not get past the Lianja logon credentials on this server either.

We are having all the https & certifictes etc installed tomorrow so we will be able to test the iPad https:// theory.

Thanks

Simon

HankFay
2019-11-17, 14:48
Hi Simon,

You should also be able to call your app through IIS on port 80, from your Network. That's assuming you haven't implemented rules prohibiting non-HTTPS on IIS, or are redirecting 80 to 443 on IIS. Both of the latter are good actions to take, btw, as unsecured http is rightly considered dangerous.

Hank

barrymavin
2019-11-17, 19:03
What have you installed on your testing server. LCS or LAB? What versions? The LCS needs to match the LAB you have installed for development. How did you install this on the testing server.

barrymavin
2019-11-17, 19:17
If it works locally which you say it does and you have deployed your app and data so that the server matches exactly what you have locally it should work without messing about with IIS and SSL certificates.

Get it working using http first.

barrymavin
2019-11-17, 20:17
Hi Simon,

I have looked at the issue that you have and determined that it is permissions related.

I do not know who you are using as your ISP nor what drive they have installed LCS on.

It appears to have no access to either the registry on the server to read the LCS configuration from and they have disabled access to environment variables.

I would verify that you can access your apps locally on that machine to try and figure out what has been done on the installation and configure the server properly before testing.

SpringBox
2019-11-18, 12:19
Hi Barry

Now updated all machines (dev PCs and server (Windows 2008R2) to RC92.

All installations are default ie C:\Lianja. The system account has full access permissions to C:\Lianja and subordinate folders.

Having now transferred the entire project to the server and effectively made it a dev machine by installing LAB, it works fine on dev, app center and localhost on the server. The record saving issue seems to have resolved itself.

The server is an exact replica of the working dev machine. The Lianja system database is untouched from standard install.

As before, from an external IP address, we can logon and run our app fine from any pc based browser, android tablets, android phones etc but no ios devices. iPad, iPhone and Mac all exhibit the same behaviour with LCS. After entering credentials, they all stop.

Can you replicate the above behaviour?

LCS is running using the default "guest" account - is that correct? We have tried using a windows admin account but then we cannot log in at all (instant browser "site could not be reached") so clearly we don't understand what that is for.

We agree that https is a long shot with ios devices but what else could be causing this specifically with ios?

We are not sure what you mean about limiting access to registry or environment variables. This server is straight out of the box.

We really need to get to the bottom of this as the entire project is now in jeopardy.

Any thoughts?

Thanks in advance


Simon

HankFay
2019-11-18, 12:39
Hi Simon,


LCS is running using the default "guest" account

Can you explain what you mean by that? If you are referring to LianjaPortServer.exe, that must run with sufficient permissions to perform the actions Barry described. The Server's Guest account most assuredly does not have those permissions. SYSTEM will typically work. Administrators will always work.

Hank

barrymavin
2019-11-18, 18:04
It has nothing to do with iOS. Have you tried accessing your apps in chrome on windows remotely. That’s not working for me either. Your reference to iOS is a red herring. You need to verify that it works from a windows browser first.

How did you deploy your apps to that server?

If it works locally on that machine as an administrator then it’s a permissions issue.

The LCS does not run as a guest user. It runs as a service.

Are you trying to deploy the development LCS to a production server? You need to purchase an LCS license.

You state it works localhost on the server, does it work using your numeric IP address on the server? Have you looked at the server log file and/or looked for error files.

I would suggest that you edit the registry on your server and set the Lianja DB_WWWDEBUG to true. Then try and login from windows. Submit a ticket and attach the debug files in lianja\debug. Do that same thing when logging in from iOS. This will let me see what’s going on.

Also, that IP address you provided to me is not accessible anymore. Have you changed that? If you have you need to provide that on a ticket.

SpringBox
2019-11-18, 18:21
Thanks Hank

We have tried an admin account but couldn't log in. Instant age rejection in any browser.

We will try another user with full domain admin privilidges but that still doesn't explain wht all non ios works fine but ios just hangs.

Just made a brand new user with short name & password so nothing too long. Same again - cannot log in.

So, why can we log in as "Guest" but not as full domain admin?

Cheers


Simon

barrymavin
2019-11-18, 18:34
That’s a red herring. Leave it as is. The LCS runs as a service. Nothing to do with that at all. Turn debugging on as I requested and submit a ticket attaching the debug files.

barrymavin
2019-11-18, 19:30
I'm looking into it with some better debugging trace. Leave it with me.

SpringBox
2019-11-18, 20:02
Hi Barry

We rebooted the server and now the LCS licence won't activate. We lost an activation count when we killed he previous server. Will send you our licence key by email - could you please put a couple of extra user counts on it to bring it up to norm so we can test. Obviously happy to purchase appropriate licence for production server if we can get it working.

When working, we can log in with every browser except ios. We cannot explain that. Once we have the licence, that same IP address will be available again.



How did you deploy your apps to that server? - having generated the web app index file and deployed, we copied the contents of:

c:\lianja\cloudserver\tenants\public\wwwroot\apps\<appname> folder to the matching folder on the production server and

c:\lianja\cloudserver\tenants\public\data\<databasename> folder to the matching folder on the production server


If it works locally on that machine as an administrator then it’s a permissions issue. - yes if all browsers failed but it is only ios that fails.

The LCS does not run as a guest user. It runs as a service. - understood - what is the other account option for? That means that it is not permissions for the service. What specifiacally does Lianja need in terms of registry and environment variables?

You state it works localhost on the server, does it work using your numeric IP address on the server? not tried that one - are you thinking hairpinning?

I would suggest that you edit the registry on your server and set the Lianja DB_WWWDEBUG to true. Then try and login from windows. Submit a ticket and attach the debug files in lianja\debug. Do that same thing when logging in from iOS. This will let me see what’s going on. Registry Done


Thanks

Simon

barrymavin
2019-11-18, 22:22
It seems that a recent safari update has messed up the use of concurrent connections.

It works fine on chrome and firefox on the mac but not with safari. I am investigating.

2095

barrymavin
2019-11-18, 23:19
I have identified the problem. It a safari bug to do with internal buffer sizes. I will see if I can work around it.

SpringBox
2019-11-19, 10:48
Thanks Barry

Keep us in the loop

Cheers

Simon

barrymavin
2019-11-19, 22:50
This has been worked around in the next build and I have tested on safari macOS and safari iPad. Both are working again.

SpringBox
2019-11-20, 05:29
That is FANTASTIC news !!

Will that be RC94 or RC95?

Thank you

Simon

SpringBox
2019-11-22, 06:10
Hi Barry

That works well now.

Thanks you for your help.

Simon