503 Service Unavailable

Hi,

you are requesting wrong URL. It should either be:
https://services.sentinel-hub.com/ogc/wms/…
(for OGC WMS end-point)
or
https://services.sentinel-hub.com/api/
(for process API)

If you want to use Sentinel Hub in QGIS, I suggest to check:

sentinel-hub.com

QGIS and ArcGIS

Learn How to Integrate Sentinel Hub into QGIS or ArcGIS.

Hi,

thanks for your quick response. The URL requested is provided by the Sentinel-Hub plugin.

I had already checked the blog entry you quoted, but the QGIS and plugin versions are obsolete, the configuration dialog is completetly different so I cannot follow the instructions. I am using QGIS 3.4, Sentinel Hub plugin 2.0.

Is there any other thing I could do?

Regards,
 

Have you checked the webinar, which is linked on the page I mentioned?

Hi again!

I checked the webinar and the plugin is setup as I mentioned.

But I have discovered that it is a network/proxy issue: My company uses a web proxy to access internet. That’s why I cannot connect from the sentinel hub plugin.

I made a test: changed the network connection to shared wifi from my cellphone (no proxy) and the plugin logon successfully. Unfortunately, I need to work from the company network, so I cannot bypass the problem.

So now the question is what URLs/ports need to be open in order to connect to the sentinel-hub services from the plugin?

Regards,
 

The URL depends on which collection you are using, but these should cover all:

docs.sentinel-hub.com

Sentinel-2 L1C

Use Sentinel Hub Processing API to access Sentinel-2 L1C data with 13 spectral bands and 5-day revisit time.

It’s all using classic https port.

Best,
 

Hi, thanks again for your reply.

I’m afraid the sentinel plugin is stuck in the login process, before any data is requested. The question is how can the login be completed? Perhaps the plugin is trying to access an Oauth server which my proxy is blocking?

Regards,
 

Might be. Find information about oauth end-point here:

Authentication

The Sentinel Hub API uses OAuth2 Authentication and requires that you have an access token to identify you.

As I would assume yoru IT department would white-list services on the domain level (i.e. services.sentinel-hub.com), it should work for all services.

Hi again.

You are right about the white-list. However, I have filtered the network traffic and found the following server is implied in the login process:

ec2-3-121-61-126.eu-central-1.compute.amazonaws.com (port 443)

That server and port are unreacheable from my computer network, but it is ok from the test-wifi (no proxy) I used.

Are there any other servers implied in the login process (Oauth I pressume)?

Regards,
 

Sentinel Hub services (specifically, the services.sentinel-hub.com and services-uswest2.services.com part) are hosted on AWS. The domain you see is a temporary domain assigned by AWS and this is changing. The “core” domain (services.sentinel-hub.com) remains the same all the time.

We would therefore recommend to white-list services.sentinel-hub.com

best,
 

Hi there,

thanks for the reply. I may be wrong but including [services.sentinel-hub.com] is not enough as long as the login process connects to an AWS server not included. Is there any “core” domain for the plugin or maybe an IP range we can include in the white-list? Otherwise the Oauth packets will be blocked in our proxy and the login will not complete.

Shall I post a separate topic for the login issue?

Regards,
 

Hi,
I would recommend you discuss this with your IT department, who are familiar with particulars of your network.
The IPs are set dynamically, you can find more information here

But as mentioned, including services.sentinel-hub.com should be enough.

Hi,

Thanks again for your patience. I have noticed that the port 443 is not reachable on [services.sentinel-hub.com] from the corporate network. I have reported the issue to IT support and hopefully that will solve my problem.

I will get back if I need more assistance.

Kind regards,