[Deployment] How do I deploy this on a Hosting Application ?

[philphirn]

Hello,
I work for a company who use licensed KMS to activate our organization machines. Actually the cost of maintaining a Windows Server is high for us and we were looking for a replacement when I found this. But I'm unable to understand how do I host it on a service like Heroku/Any other service.
Please Help.

[simonmicro]

...good question. I personally took a look into these services a long time ago, therefore I have no clue how they work now. When you figure it out, please leave a PR/issue with an tutorial here (when you use the docker container it should be fairly easy?!).
But be warned: Microsoft really does NOT like open KMS services exposed to the public internet running. You should at least change the default port!

[simonmicro]

If it's realy needed, i can watewer you want )) on any system (i havent iOS Devices, i havent money for this, iOS - stupid, hardware for software, sorry), but i don't know Apple-iOS, i am the system admin). I have no big money for my work, i have not work in this time, i can make wiki page for system admin, and this will be very intresting whow i can do that, i don't know what who are using, what OS-distr is more use. Write me if you have a questions about "how it works".

We already have a wiki page, giving various instructions for different usage scenarios: https://py-kms.readthedocs.io/en/latest/Getting%20Started.html#running-as-a-service

@philphirn When you have figured some external service like Heroku out, we all would really appreciate if you could add an own section for them to the documentation! Maybe someone else could further investigate this...

[simonmicro]

I wrote the windows serivce, I testing linux systemd service - i tell about not this, this we alredy doing, we can make new in wiki with my knowledge .about 9 years. Whad do you think about this ?

Hey, yeah - take a look on the current readthedocs version. Maybe we could add some of your experience there? I also have an issue currently open - exactly for such wiki stuff 🥳

[philphirn]

I was busy last week so couldn't be back to reply...

Thanks for the informative bytes @simonmicro @6ec123321 .
I've found one guy in the community(@psjbk), who has helped me and he said looking at the features offered by Heroku that it's possible to host this on Heroku. He also said that Heroku might not offer custom ports which makes the server public... So he advised to use the Free Tier Google Cloud VM which allows custom ports to be exposed (but not 1688). He said he'll try to host on Heroku and give a reply by this Friday. So I'll update here.

[thispsj]

@philphirn no need to mention me . I just helped you like anyone else would...

[simonmicro]

@philphirn Thanks four your response! I'm looking forward to hear back weather and how Heroku works! Also thank you @psjbk for your knowledge and willing to experiment!

[thispsj]

@simonmicro thanks... I'm currently testing it... I'll update here by Friday. 👍

[thispsj]

@simonmicro here are the results from 1st testing :

1. Heroku only offers port 8080 so the only way to keep the server private is hiding it from being exposed... The second problem is slmgr.vbs /sprt 8080 gives an Warning: KMS machine should be activated to change the port.

2. I'm constantly feeling that there's some problem with pykms_Server.py when I try to pass a custom IP address to it, it gives an error :
   argument port: is an invalid integer.

Please check and reply.
Awaiting your response.

[simonmicro]

@psjbk Here are some of my thoughts...

Heroku only offers port 8080 so the only way to keep the server private is hiding it from being exposed... The second problem is slmgr.vbs /sprt 8080 gives an Warning: KMS machine should be activated to change the port.

I did not even know about this command. Are you sure you need it and it is required to work? Because I could just use cscript slmgr.vbs XXX.XXX.XXX.XXX:1688 just fine (to be fair, I not tested the 8080 port right now)...

I'm constantly feeling that there's some problem with pykms_Server.py when I try to pass a custom IP address to it, it gives an error : argument port: is an invalid integer.

What command are you executing? You'll need to start the server by entering the following: python3 pykms_Server.py :: 1688 to listen on ipv6 and ipv4 and also on port 1688 (also what do you mean with custom IP address? You need to enter the ip of an interface to listen on - so either 0.0.0.0 for ipv4 only or :: for every ipv4 and ipv6). I was also able to verify that the other port 8080 works fine.

Waiting for your findings,
Simon

[thispsj]

@simonmicro okay I just checked the pykms_Server.py source code and confirmed that I entered in an incorrect way 😅 so I think it's resolved now...
Okay now one more interesting thing that I've is about the 1st problem... Okay the first thing I'm gonna try is setting the port using /skms and the problem will arise when even this fails...
Because Heroku only allows port 8080...

[thispsj]

The server seems to be running fine...
(On my phone currently 😅)

[thispsj]

@simonmicro also another question :
Does PORT argument defines the port on which the server will listen on a VM ? Because Heroku allows you to set a $PORT config variable to set the internal port on which the app will listen...
The External/Global port is always 8080 .

[simonmicro]

Does PORT argument defines the port on which the server will listen on a VM ?

Of course - because... Yes? Thats the purpose of it. When you wish to use a variable - go for it! You may want to use python3 pykms_Sever.py :: $PORT and enjoy your stay. BUT Heroku enforces port 8080 - right? So I'll guess Microsoft knows that and will scan there... Also it is may saver to setup windows to SSH tunnel into your Heroku container (have fun figuring that out) and use a virtual forwarded port to activate (but this will bay fail, because the SSH forwarded port is always bound to localhost). Or you may use a Pritunl VPN for that...

[simonmicro]

@6ec123321 Just shut up. You are drunk again.

[thispsj]

Does PORT argument defines the port on which the server will listen on a VM ?

Of course - because... Yes? Thats the purpose of it. When you wish to use a variable - go for it! You may want to use python3 pykms_Sever.py :: $PORT and enjoy your stay. BUT Heroku enforces port 8080 - right? So I'll guess Microsoft knows that and will scan there... Also it is may saver to setup windows to SSH tunnel into your Heroku container (have fun figuring that out) and use a virtual forwarded port to activate (but this will bay fail, because the SSH forwarded port is always bound to localhost). Or you may use a Pritunl VPN for that...

Ok thanks. Don't worry about the port 8080 anyways... Because once I get sucessful in deploying to Heroku... @philphirn is gonna send a request to give them access to custom port to Heroku.

What happened to that second guy @6ec123321 anyways ?

[thispsj]

Also @simonmicro I told @philphirn to better use a Google Cloud Free Tier VM. They allow you to expose custom ports. Though he is wanting Heroku...

[simonmicro]

@philphirn is gonna send a request to give them access to custom port to Heroku.

I doubt that they would allow this - at least not on the free tier. I'm looking forward to hear their response!

What happened to that second guy @6ec123321 anyways ?

I don't know - he is behaving strangely since some days now. I hope he'll better himself again 😕

Also @simonmicro I told @philphirn to better use a Google Cloud Free Tier VM. They allow you to expose custom ports. Though he is wanting Heroku...

I guess that's better after all...

Anyways, have fun!

[thispsj]

I've tried every way. It's not possible.

[simonmicro]

Thats shitty, but well. Thank you for trying anyways! Could you leave a list of tried methods here - just for further reference?

[thispsj]

@simonmicro I'll for sure. But I'm currently trying some more things. So when I'm done I'll list all methods.

[thispsj]

@simonmicro so finally it's not possible on Heroku.
Before I list all my methods tried, I would like to specify the main reason behind this. Heroku is a PaaS , not a IaaS so basically there's a interface between the client and the server which intercepts client requests and sends it to server and returns it back to client. Most likely it's using Cloud Foundry modified for it's own use. Other PaaS Platforms are most likely using this only.

What we actually need is a VPS/Virtual Machines in the Cloud to do this ...
As we already know there are mainly 4 ways to host web/server based backend apps :

• SaaS
• Serverless Cloud Functions
• PaaS
• IaaS
  I've arranged them in order of control you have over the service's hardware/software. (Least -> Most)
  PaaS services like Heroku allow full control on Code you want to deploy but no control on hardware and the setup.
  IaaS allows full control on setup with selection of hardware capacity ( not it's type)
  So basically we need an IaaS based VPS. Because the other types listed above have some kind of software setup which is used intercept requests and allows only HTTP requests. The RPC calls are blocked. pykms_Client.py is unable to send successful calls to my Heroku Application which hosts py-kms . Also if you send a HTTP request Heroku is not able to get any response from pykms_Server.py and thus results in Application Failure.

Now finally the steps.

1. The py-kms folder of this repo was the root directory for the Heroku App

2. Procfile(the file which declares the process to be run) was having the following thing :
   web: python3 pykms_Server.py :: 80 -c 27

3. An empty requirements.txt file was added so that Heroku's Python Buildpack detects a python app.

4. App was deployed using Heroku CLI

5. pykms_Client.py fails to receive any RPC Calls from the Heroku App . (No problem encountered when the server is run from a VM on my PC)

[simonmicro]

@thispsj Okay. Your work is way more detailed than I expected! Would you mind to convert this into a documentation entry yourself? As I think you could then add all the little quirks and (maybe) used configurations for testing too.

But a huge thank you regardless!

[thispsj]

@thispsj Okay. Your work is way more detailed than I expected! Would you mind to convert this into a documentation entry yourself? As I think you could then add all the little quirks and (maybe) used configurations for testing too.

But a huge thank you regardless!

Welcome !

Now I'm busy due to lots of work so I think it'll take me some time to prepare the content for docs.

Secondly I tried to setup a SSH Tunnel as you had said but @philphirn might not enjoy that because Heroku Free Dyno's are known to sleep every 30 mins of inactivity and have only 550 hr/month limit. And Windows Clients don't try to reactivate before 180 days so...

Also one more thing I'm gonna test after done with my work is that there are some services which allow you to deploy Docker images for hosting. So I'm also gonna give a try to that.

[simonmicro]

Hey @thispsj this sounds astonishing - all the time you invested: Respect! I have to thank you again for supporting this project - I'm (again) looking forward to hear some further results, take your time :)

[ghost]

Hello, this is impassible of what you want.

[ghost]

As i understand all and read doc from heroku and you reply - RCP is filtered on active routers, and outgoing as https/http.
I'm the system admin, and i can say: if TCP-packet modified on send/get you can not understand what packet did you reserve/get - it's protockol axioms.

[ghost]

Author of this all can make https-service, but you can't edit windows system to work with other protocol.

[ghost]

at other way - we can proxy this way.

[ghost]

how - i don't understand now how, but we can, how how how, testing testing testing, writing the code....

[ghost]

Make a proxy from RPC to HTTPS, but we havent the windows sources, then it's imposibly.

[ghost]

author don't like me, because i right on way )

[ghost]

I say what i want, and you say what they want

[ghost]

It's stupid, but we have only RPC from Microsoft

[ghost]

After all this spoking, i want to write on mysql, if you want mysql lo9gging - wellcome.

[ghost]

Author of all - if you don't like somebody, fuck self, you can't love self, you have small soul.

[rschitz]

are you ok ?

[ghost]

if you decide to establish yourself here and raise your self-esteem - go to the forest

[ghost]

are you ok ?

I ok. What are you doing.

[simonmicro]

Okay, what @6ec123321 is saying, is that he thinks Heroku (and other services) are filtering any non-http/s protocols on their router level. The only way to circumvent this would be to write a proxy to pass RPC via http/s to our py-kms.

And @6ec123321 are you drunk again?! Get your stuff together - and please mind your language... I would say this counts as a second strike... @SystemRage will hopefully make the right decision how this matter should be handled.

Oh, @thispsj I'm still interested in your work, so sorry that you have to read all this :)

You all, stay healthy!

[thispsj]

Okay, what @6ec123321 is saying, is that he thinks Heroku (and other services) are filtering any non-http/s protocols on their router level. The only way to circumvent this would be to write a proxy to pass RPC via http/s to our py-kms.

Yup that's what Heroku & others are doing. Most of them are using Cloud Foundry including Heroku and Cloud Foundry is itself an PaaS solution and allows only HTTP requests through its Interface.

You all, stay healthy !

Thanks for that. Wishing the same to you.