1

I'm trying to basically make one of the Watson services available on-premise by using the Secure Gateway. It's working fine with basic HTTP traffic, but I'm in doubt how to configure HTTPS traffic of for instance the Watson Conversation service on API endpoint "https://gateway.watsonplatform.net/conversation/api/v1"

I've configured a Destination in the service to: gateway.watsonplatform.net, destination port 443 and client listening port 6554 - protocol HTTPS. Connecting via Postman simply yields the following in my client, though using standard basic auth with the credentials from the service in Bluemix:

[2017-08-26 12:51:01.626] [INFO] (Client ID LilwbDOdR61_4Am) Connection #1 to gateway.watsonplatform.net:443 was closed

I also tried to configure the protocol to be TCP, but this yields the same result. Any hints?

With loglevel TRACE I get: [2017-09-09 15:05:06.481] [DEBUG] (Client ID LilwbDOdR61_PlY) Sending a reverse destination connection to the server [2017-09-09 15:05:06.833] [TRACE] (Client ID LilwbDOdR61_PlY) Connection #1 received data: 361 bytes [2017-09-09 15:05:07.285] [ERROR] (Client ID LilwbDOdR61_PlY) Connection #1 to destination gateway.watsonplatform.net:443 had error: Error: write after end [2017-09-09 15:05:07.289] [DEBUG] (Client ID LilwbDOdR61_PlY) Connection #1 to gateway.watsonplatform.net:443 has ended [2017-09-09 15:05:07.289] [INFO] (Client ID LilwbDOdR61_PlY) Connection #1 to gateway.watsonplatform.net:443 was closed [2017-09-09 15:05:07.290] [DEBUG] (Client ID LilwbDOdR61_PlY) Closing connection and removing from array [2017-09-09 15:05:07.291] [DEBUG] (Client ID LilwbDOdR61_PlY) clearConnectionArray: 0

ThomasBPG
  • 11
  • 2
  • Could you increase the loglevel to `TRACE` and add the logs for a connection attempt? If you're hitting an error with HTTPS, I imagine it is related to a certificate error on the connection between the requesting app and the SG Client. The SG Client will have self-signed certificates by default which likely need to be added to your requesting app's CA. – Galen Keene Aug 31 '17 at 18:06
  • Added TRACE level – ThomasBPG Sep 09 '17 at 19:09
  • Trace logs show a timing issue (`write after end`) for data being passed along the connection attempting to be written after the socket was closed. Is this client version 1.8.0fp2 or is it an earlier version? – Galen Keene Sep 12 '17 at 01:22
  • "IBM Bluemix Secure Gateway Client Version 1.8.0fp2" – ThomasBPG Sep 13 '17 at 06:24

1 Answers1

2

Thomas, I've managed to make the connection to conversation service using secure gateway.

  1. For the User/Application protocol, use TCP
  2. For destination side authentication, select "destination side", there is no need to upload any certificate.

The configuration screen will look like this: enter image description here

And finally, the request must be made using http and not https, this is because you left the secure connection to be managed by the secure gateway server.

You can test the request like this:curl -X POST 'http://localhost:10001/conversation/api/v1/workspaces/<YOUR_WORKSPACE_ID>/message/?version=2017-05-26' -H 'authorization: Basic <ENCODED_CREDENTIALS>' -H 'cache-control: no-cache' -H 'content-type: application/json' -d '{"input": {"text": "hello"}}'

Tiago Miessa
  • 21
  • 4