Unsupported Screen Size: The viewport size is too small for the theme to render properly.

Problems Using Http Tunnelling With Ssl

forums forums SQLyog Using SQLyog Problems Using Http Tunnelling With Ssl

  • This topic is empty.
Viewing 26 reply threads
  • Author
    Posts
    • #9852
      jexxer
      Member

      Hello.

      I'd like to use the http tunnelling with ssl but I cannot get it working.

      Tunnelling without SSL is working fine and authentication is working too.

      If i use the host via https:// i get the following error:

      Code:
      Error No. 1
      HTTP Error. Could not connect to the tunnelling URL

      I activated the debug function in the SQLyogTunnel.php, but nothing is logged.

      Then i tried to call the file in the browser what gives me the following error message:

      Code:
      ErrorWebyog

      Tunnel version: 5.17.

      This PHP page exposes the MySQL API as a set of webservices.

      This page allows SQLyog to manage a MySQL server even if the MySQL port is blocked or remote access to MySQL is not allowed.

      Visit Webyog to get more details about SQLyog.

      Error!file_get_contents(php://input) failed

      The debug logfile has now some lines:

      Code:
      Enter aremodulesinstalled
      Enter AreModulesInstalled
      Enter processquery
      Trying to get php://input
      Got php://input!
      xmlrecvd is blank
      Enter showaccesserror
      Exit showaccesserror
      Exit AreModulesInstalled

      The webserver has a selfsigned certificate and the browser asks if the user wants to trust it. Maybe this is a problem?

      Hope you can help.

    • #22332
      peterlaursen
      Participant

      We do not support SSL with SQLyog as of now.

      There was at an early stage, but it was removed (as I understood due to US export restrictions amd legal issues). This is a general problem. Also SSL support was removed from the Windows version of the MySQL server for a long period and has only been introduced recently.

      I also think that we can now.

      To my best understanding this is not HTTP-related at all. Also direct connection ussing SSL would fail (if there was an option to choose it of course!). Correct me if I am wrong!

    • #22333
      jexxer
      Member
      peterlaursen wrote on Sep 8 2006, 01:26 AM:
      We do not support SSL with SQLyog as of now.

      You want to say that HTTP Tunneling over SSL is not possible? There are plenty of Topics that tell me it should work.

      I do not mean SSL Tunneling via a wrapper but by simple HTTPS on Port 443 at my webserver.

    • #22334
      peterlaursen
      Participant

      I will ask some more 'techno' to reply on the HTTPS-thing

    • #22335
      Rohit
      Member

      HTTPS is definitely supported, and many customers use it regularly.

      I think Peter got confused with the SSL encryption provided by MySQL APIs.

      But, I am not sure whether SQLyog will be able to handle a certificate. We have to set a similar environment to test it.


      @jexxer
      : Can you help us accelerate the test/debug by giving us temporary access to a test server having a similar setup.

      If yes, please create a ticket at http://www.webyog.com/support

    • #22336
      jexxer
      Member
      Rohit wrote on Sep 8 2006, 09:14 AM:
      HTTPS is definitely supported, and many customers use it regularly.

      I think Peter got confused with the SSL encryption provided by MySQL APIs.

      But, I am not sure whether SQLyog will be able to handle a certificate. We have to set a similar environment to test it.


      @jexxer
      : Can you help us accelerate the test/debug by giving us temporary access to a test server having a similar setup.

      If yes, please create a ticket at http://www.webyog.com/support

      I'm sorry, but i have no similar setup available. To the server I talked about i only have FTP access to. If this is enough for you to test I can give you the login data.

    • #22337
      peterlaursen
      Participant

      @Rohit

      Looks like you and Sabya better find out how to set up a certificate with a webserver! πŸ˜€

      and BTW: there was a thing with SSH and PUBLIC/PRIVATE KEY authentication too!

    • #22338
      uyuni
      Member

      I've got the same problem.

      I use https on a server with a signed certificate -> no problem.

      When I try to use it with a self-signed certificate -> could not connect to the tunneling URL.

      I can provide a URL if you'd like to test.

      Emile

    • #22339
      peterlaursen
      Participant

      thank you uyuni.

      Well now after the release of beta3 I think we should take the time to understand this!

    • #22340
      jexxer
      Member

      I would highly appreciate this, because the servers at our university mainly have self signed certs.

    • #22341
      peterlaursen
      Participant

      We have an non-released Β΄pre-beta' 4 here:

      http://www.webyog.com/downloads/betas/not_…SQLyog52Ent.exe

      they tell me the the issue with certificates and HTTPS is solved. Can you verify this on your servers?

    • #22342
      jexxer
      Member

      peterlaursen: Please tell your programmers they are absolutely great. πŸ™‚

      Yes it works now.

      I want to say thank you for listening to our needs. It is astonishing how fast you guys make this great program even better day by day.

      Keep going!

    • #22343
      uyuni
      Member

      πŸ™‚

      Unbelievable!

      So fast!

      Yes, it's working!

      Thank you!

    • #22344
      uyuni
      Member

      Error in 5.2 Beta:

      You can't turn off “rebuild tag files on startup”

    • #22345
      peterlaursen
      Participant

      @uyuni:

      It works for me with the latest internal build from:

      http://www.webyog.com/downloads/betas/not_…SQLyog52Ent.exe

      (beta5n = beta 5 not_yet_released)

    • #22346
      LCS
      Member

      'lo there,

      I have more issues on the https thing:

      the tunneling via https://… in the SQLyog client itself (5.19 Enterprise) works fine.

      But when I want to use that same tunnel with sja, it always ends in an error like above:

      ERROR: 1, HTTP Error. Could not connect to the tunneling URL.

      For security reasons, https is the only way I can do the connection here…

      Any comments?

      tnx & bye,

      CaBleman@LCS

      LCS wrote on Oct 4 2006, 03:58 PM:
      I have more issues on the https thing:

      I have to correct myself: I also tested it with just “http://…”,

      and the tunneling via sja.exe is not working.

      Is that a known bug with sja? I know it's offtopic in that thread here now…

      tnx & bye,

      CaBleman

    • #22347
      peterlaursen
      Participant

      offtopic .. well yes this has nothing with SSL-CERTIFICATES to do, right?

      There is no known issue. SJA and SQLyog should be totally identical in this respect and normally are. The error message:

      “ERROR: 1, HTTP Error. Could not connect to the tunneling URL.”

      .. could imply that your URL is not entered correct. Please check the jobfile! URL's are case-sensitive – rememeber!

      If you are perfectly sure that everything is OK, could we then have temporary access to the server? We won't need 'real data' – just a dummy database with a few small tables.

    • #22348
      peterlaursen
      Participant

      BTW: it could be a firewall issue too. Do you have a 'personal firewall', a router, or 'shared Internet Connection' ?

    • #22349
      LCS
      Member
      peterlaursen wrote on Oct 4 2006, 06:35 PM:
      BTW: it could be a firewall issue too. Do you have a 'personal firewall', a router, or 'shared Internet Connection' ?

      'lo Peter,

      tnx for the reply. Of course we are behind a router/dmz, who is not these days? πŸ˜‰

      Is there a certain port to be opened?

      Why does the tunneling work with the client work and doesn't work with SJA?

      BTW, I used the wizard to build the job file and used the existing, working tunnelling connection as the SJA connection. Plus, I checked the jobfile, too.

      Also, I of course tried the Linux SJA on the server itself. Of course it was not a problem to connect to the localhost, but here I could not send the notification mail (tried different accounts)! Is there a debugging mode or something? There's nothing interesting in *.log or *session.xml…

      I'm relatively new to SQLyog but was enthusiastic about it from the first moment.

      Please don't let the random crashes/disappearings, and my problem with notification jobs

      be deteriorative about this πŸ˜‰

    • #22350
      peterlaursen
      Participant

      1) we know we have an issue with mails with the SJA for Linux. Pretty silly that nobody – including ourselves – noticed this before. We will do pur best to release SJA version 5.2 with the fix.

      2) no port needs to be opened if the router has NAT functionality. And it is the common HTP/HTTPS ports (and SMTP port for mail) that are used only. And the same for SQLyog and SJA. However a 'personal firewall' may need to be told that SJA.EXE shall have access to the internet. We have had quite a lot of issues with ZoneAlarm that it kept blocking connections even if it claimed to be configured to allow for them. A reinstall has often been the onluy solution.

      I have no option to test HTTPS tonight, but just tested HTTP with 5.2 beta5 and a Notifications job.

      The SQLyog executable (tries to) reconnect(s) if connection is lost. SJA does not. That could be the reason for the difference. However it then indicates a HTTP-connection that is not very stable.

      You will need to wait for tomorrow for more action. If you can give temporary access you can create a ticket with the details.

      EDIT: there seems to be a problem with SMTP authentication and 5.2 beta 5 .. but that is quite another issue! Connection and the query is OK!

    • #22351
      peterlaursen
      Participant

      The SMTP auth. issue with 5.2 (not 5.19) is confirmed and fixed.


      @LCS
      : we cannot do any progress with your problems without more info. Best of all server access.

      You should understand that when you connect to the tunneller from SJA (unlike from a browser) connection will need to be established hundreds or thousands of times!

      If you access from a browser and click 'refresh' several times does it then occur from time to time that you can't reach the tunneller? It can simply be because the webserver is configured too 'low' compared to what it has to do.

    • #22352
      LCS
      Member

      'lo Peter…

      I can narrow it down: the problem with the windows sja via tunnel is the http user auth!

      Of course we have an .htacces on the server in the directory containing SQLyogTunnel.php

      So the windows sja works with an unprotected http/https-tunneling,

      but does not with an http-auth-protected tunnel.

      The SQLyog client works fine both ways!

      Would be nice if that will be fixed in the near future – I have that peculiar feeling about unprotected power-scripts like your tunnel script ;)=)

      Thanx & bye,

      LCS

    • #22353
      peterlaursen
      Participant
      Quote:
      about unprotected power-scripts like your tunnel script

      it is not more powerfull than a lot of PHP-scripts. Is it?

      If you use HTTP-tunnelling with both SQLyog and SJA I still do not understand …

    • #22354
      LCS
      Member
      peterlaursen wrote on Oct 5 2006, 12:25 PM:
      it is not more powerfull than a lot of PHP-scripts. Is it?

      quite πŸ˜‰

      If you use HTTP-tunnelling with both SQLyog and SJA I still do not understand …

      OK – let me explain:

      let's assume the following url for tunneling:

      https://www.servername.de/yogdir/SQLyogTunnel.php

      On the webserver there is a file .htaccess in the directory “yogdir”,

      in which there is a http auth for directory access configured,

      with user “herbert” and password “herb”.

      In SQLyog you can configure all that for tunneling and it works fine.

      With SJA it only works if I remove the http authentication.

      Without the .htaccess user restriction SJA works fine with http AND https.

      Can you please look after that? Professional users tend to (try to ;)) protect their stuff…

      I reckon that tunneling with https in conjunction with http auth is a pretty decent protection?

      Thanx & bye,

      LCS

    • #22355
      peterlaursen
      Participant
      Quote:
      With SJA it only works if I remove the http authentication.

      that surprises me a lot! never heard of it before!

      We will absolutely look at this!

      Could you post the exact configuration parameters from .htaccess

      You can create a ticket if you like and 'fake' details as you like.

    • #22356
      LCS
      Member
      peterlaursen wrote on Oct 5 2006, 06:11 PM:
      that surprises me a lot! never heard of it before!

      We will absolutely look at this!

      Thanx !

      Quote:
      Could you post the exact configuration parameters from .htaccess

      You can create a ticket if you like and 'fake' details as you like.

      AuthType Basic

      AuthName “Access for /yogdir”

      AuthUserFile /my/home/is/my/castle/htpasswd

      require user herbert

      I think this is standard and works manually as well as with SQLyog.

      Bye,

      LCS (will be on a short vacation…)

    • #22357
      LCS
      Member
      peterlaursen wrote on Oct 5 2006, 06:11 PM:
      You can create a ticket if you like and 'fake' details as you like.

      OK, created a ticket…

      Thanx & bye,

      LCS

Viewing 26 reply threads
  • You must be logged in to reply to this topic.