-
Notifications
You must be signed in to change notification settings - Fork 394
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Failing to get BG from railway/nightscout #1446
Comments
According to ChatGPT, Our working rigs are using
Do you have a second Edison available that you could do a fresh flash and OpenAPS install on? I suspect that would fix the issue. |
Wonder what Node version is the latest that runs comfortably on the Edison. The chip is an x86 one, so theoretically even the latest LTS releases should work. |
Hi, thanks for your reply, I do have a few back ups. Ill do the flash and openAPS and report back. |
I've got : nodejs -vv8.17.0 node -vv8.17.0 |
Hmm I just tested loading the data and I don't think the issue is with Node. My browsers also fail to connect to the site and testing this with wget, the utility reports the certificate that's published doesn't match the domain name, which is a hard error and blocks SSL from connecting:
|
Hmm yeah agreed something strange is going on then.
Notice a different ip address though... wondering if that changed over night (legit), or there is something odd going on with 2 versions of the same site or something? |
Right, so looks like Railway.app is very widely blacklisted in a variety of software intended for cybersecurity purposes. So if you're having issues loading data from Railway, please check the network you're using is not blocking Railway. I just discovered the corporate security solution my work has in place was blocking 100% of Railway. |
Same issue on a different rig:
Whereas curl, wget etc work fine.
Note: I attempted re-flashing the rig as well - but failed miserably. The |
Update on this issue:
I tested this works on Ubuntu 22.04 (node v12.22.9) I had just about run out of ideas when I found this: node-fetch/node-fetch#568 I'm not yet sure if/how this same fix would be applicable in oref0 (does it use boring ssl?) - but passing on my find in the hope you guys may know. |
Sounds like the easy quick to deploy fix is to not host Nightscout in a service that uses Let's Encrypt certificates. Edisons haven't been supported for years in terms of software (by vendors) and if we can't get a newer Node version to run, there's relatively little we can do. Disabling the certificate checks is technically possible but sounds like something that shouldn't be done in the mainline version of openaps. |
Could another option be to avoid node for the https work? e.g. I tried this which works:
Interestingly when I first tried this it failed with the same certificate error - and I realised both |
Describe the bug
OpenAPS rig no longer able to loop since migrating Nightscout from Heroku to Railway.
The rig is unable to get BG data from railway/nightscout (however it is able to send pump data to nightscout just fine).
/var/log/openaps/pump-loop.log: "Waiting up to 4 minutes for new BG.........." (but never gets BG)
/var/log/openaps/ns-loop.log: "Loading CGM data from Nightscout failed {"code":"CERT_HAS_EXPIRED"}
BG url: https://melaniejellis.up.railway.app/api/v1/entries/sgv.json?count=288&token=
Note: From Edison bash console I can get the data no problem using curl. Only seems to be an issue from
node js
node js version: nodejs/unknown,now 8.17.0-1nodesource1 i386 [installed]
Note: railway uses "Lets Encrypt" for certification. Is node version too old to support "Lets Encrypt"? (I was reluctant to try upgrading node js in case it breaks something else.)
To Reproduce
Steps to reproduce the behavior:
Expected behavior
Rig should continue looping after upgrading nightscout from heroku to railway
Smartphone:
model: Samsung S21
xdrip: 344deb4-2022.11.16
Setup Information:
3.10.98-jubilinux-edison (robin@robin-i7) (gcc version 4.8.4 (Ubuntu 4.8.4-2ubuntu1~14.04.3) ) #3 SMP PREEMPT Sun Aug 13 04:22:45 EDT 2017
Additional context
I'm creating this bug report on behalf of @melaniejellis - who I've been helping get her openAPS rig looping again.
I'm not completely familiar with the openAPS system so apologies if this turns out this is not be a bug (but rather something we've missed in the setup.)
I implemented a temporary work around to get melanie looping again... which was to add the following lines to
/usr/bin/oref0-get-ns-entries
(https://github.com/openaps/oref0/blob/dev/bin/oref0-get-ns-entries.js). This allows the ns script to get the BG data, ignoring the certificate issue:Look forward to hearing (if this is a real bug) what is the proper fix.
The text was updated successfully, but these errors were encountered: