support for https?

[derkod]

Never used GitHub before so maybe I follow the wrong path for this but I have a question about weewx-influx.
I used it succesfully in a test-setup. But I needed to change the Influx-server to accept https.
I'm not quite sure if this module can handle that.
I tried this:
-set hostname in the weewx-conf Influx-section to https://: no success
-changed ~weewx/user/index.py line 189: site_dict['server_url'] = 'https//%s:%s' % (host, port): no success
Before I dig deeper into this I would like to know whether is is possible at all to use this module with https?

[matthewwall]

what did the log say?

you do not have to modify the python code to change the server url. you should be able to set it like this:

[Influx]
...
server_url = https://example.com:433

there might be issues with accepting your server's ssl certificates, so we might have to add options for that.

also, urllib2 might have issues depending on whether your python was built with ssl support.

the log should tell us

[derkod]

OK. Wasn't aware of the possibility of using server_url in weewx.conf.
When I try that I see this error:
<urlopen error [SSL: CERTIFICATE_VERIFY_FAILED]

I think this is because I use a self-signed certificate (see https://billyoverton.com/2016/05/30/smart-meter-installing-and-configuring-influxdb.html)
E.g. from another server I can write into Influx using
curl -i --insecure -XPOST 'https://.......
from the curl manual:
--insecure
(SSL) This option explicitly allows curl to perform "insecure" SSL connections and transfers. All SSL connections are attempted to be made secure by using the CA certificate bundle installed by default.

[matthewwall]

what python version are you running?

[derkod]

Python 2.7.9

[matthewwall]

python before 2.7.9 did not verify certs. let me see if i can add config options for verification...

[matthewwall]

please try influx extension v0.3. this should ignore the server certs.

at some point i'll have to add the full set of ssl options, but i need to figure out the right pattern since that will be applied to a whole slew of weewx extensions.

[derkod]

Thanks! Yes I will do that, but as it is a standalone setup at my work and I will not be there the next two days I can give it a try next Thursday.
I'll let you know.

[derkod]

Installed v0.3 but keep getting the <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] .... (_ssl.c: 581>error
I tried to connect to https://192.168.1.6:8086/query (InfluxDB endpoint) from a browser and that succeeds (after accepting some warnings and exceptions about self-signed certificate)

[matthewwall]

there is a typo in influx.py. please change this:

    def post_request(self, request, payload=None):
        # FIXME: provide full set of ssl options instead of this hack           
        if self.server_url.startswith('https'):
            import ssl
            return urllib.urlopen(request, data=payload, timeout=self.timeout,
                                  context=ssl._create_unverified_context())
        return urllib2.urlopen(request, data=payload, timeout=self.timeout)

to this:

    def post_request(self, request, payload=None):
        # FIXME: provide full set of ssl options instead of this hack           
        if self.server_url.startswith('https'):
            import ssl
            return urllib2.urlopen(request, data=payload, timeout=self.timeout,
                                   context=ssl._create_unverified_context())
        return urllib2.urlopen(request, data=payload, timeout=self.timeout)

notice the change from urllib.urlopen to urllib2.urlopen

[derkod]

I changed this in /usr/share/weewx/user/influx.py
Then restarted weewx
Correct?
I'm afraid still the same error in that case.

I now also tried to connect from a browser from the same RPi where weewx is installed: no problem, I get response.

[matthewwall]

unfortunately, it sounds like the _create_unverified_context is not working. i'll have to set up an https influx server and do some deeper testing.

[derkod]

Well, I would be very grateful if you could solve this. Please keep me informed.