Current time: 01-24-2021, 04:19 AM Hello There, Guest! (LoginRegister)

Post Reply 
 
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Private instance InsecureRequestWarning: Unverified HTTPS request is being made
01-06-2021, 12:55 PM (This post was last modified: 01-06-2021 01:07 PM by jbaptiste.)
Post: #1
Private instance InsecureRequestWarning: Unverified HTTPS request is being made
Hi,

We've been running a private instance on docker for a long time on-premises expanding to two datacenters in different geographic locations. Today we migrated the server to a swarm cluster on aws and left the agents on the old infrastructure to have localized tests. I split the docker-compose file in three parts, one for the server that is now running on the swarm cluster on aws (updated to run as a stack on swarm), and two docker-compose files for each of the agent locations. For the server we use letsecncrypt certificates that were correctly generated on the swarm cluster on aws (using a traefik load balancer) after pointing the private instance DNS name to the new location, but on the agent logs I'm seeing this error:

Code:
19:41:12.891 - Starting new HTTPS connection (1): wpt.xxxx.com:443
agent-pe_1  | /usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py:988: InsecureRequestWarning: Unverified HTTPS request is being made to host 'wpt.xxxxx.com'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings

Which is weird as the ssl certificate is valid from letsencrypt, no errors when going to the private instance web interface. The tests seem to work fine on one of the agents, but on the other one we get a broken waterfall image on the first view for some tests, or "First View: Test Data Missing" on others, which I'm not sure if this has anything to do with this error.

Both agents use the same docker configuration which did not change when they got split into separate files, same agent docker images and are running on the same hosts as before, so I really don't get why now some of the tests have this problem. How can I start to debug this ? agent logs are lengthy and don't I know what to look for on them.

Thanks in advance for any pointers.

This is the docker-compose file of the agent with issues:

Code:
version: "2"
services:
  agent-pe:
    image: webpagetest/agent
    init: true
    shm_size: 256mb
    environment:
      SERVER_URL: https://wpt.xxxxx.com/work/
      LOCATION: desktop_lima
      EXTRA_ARGS: "-m debug --checknet yes --log /debug.log -vvvv"
    volumes:
      - "/etc/localtime:/etc/localtime:ro"
    cap_add:
      - NET_ADMIN
    privileged: true
    restart: "always"
Find all posts by this user
Quote this message in a reply
01-16-2021, 10:59 AM (This post was last modified: 01-16-2021 11:17 AM by jbaptiste.)
Post: #2
RE: Private instance InsecureRequestWarning: Unverified HTTPS request is being made
I went back to the old setup on the on-premises servers and noticed that the same sites I thought were not having this issue before have it too, the broken waterfall image on the first view. Doing some testing I noticed that when I send a test with first view only then the waterfall works, but not when first and repeat views are selected they do not.

The agent that works fine is on the same server than the wpt server, the failing one is on another server in another datacenter in another country, same hardware and dedicated to run the agent only. The only difference in configuration between the two agents is that the agent local to the wpt server uses
Code:
SERVER_LOCATION=http://server/work/
(where server is the name of the wpt server docker container) and the remote one uses
Code:
SERVER_LOCATION=https://wpt.xxxx.com/work/
(the wpt server public domain name).

I also tested chainging SERVER_LOCATION on the local agent to the public hostname and I also get the same "InsecureRequestWarning: Unverified HTTPS request is being made" warning but the tests work fine, so it seems the issue with the waterfall is not related to this, althought is very weird having this warning with perfectly valid ssl certificates.

Any clues ?

Here are the logs of the failing agent if anyone cares to take a look.

https://pastebin.pl/view/10b977e7
Find all posts by this user
Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 2 Guest(s)