I am using chrome Version 110.0.5481.77 (Official Build) (64-bit)
My web server in nginx/1.22.1 it is down and on service is listening on my IP:443
There are no running NGINX processes on my host
But, when I request my app bundle at IP:443 I receive a bundle.js with the following details in chrome dev tools:
Remote Address is IP:443 (MY IP and Port for HTTPS)
Size is 65.5 KB (I believe it would say disk if cached locally)
Response Header
Server: nginx/1.22.0
ETag: W/"SOME ETAG HASH"
There is an error in the console: net::ERR_INCOMPLETE_CHUNKED_ENCODING 200 (OK)
1 - I have not set up my own cache
2 - I am using nginx/1.22.1 NOT nginx/1.22.0
3 - My server is not up when I receive this response
4 - netstat -nptwc on my host shows:
tcp 0 0 192.168.1.14:42384 IP:443 TIME_WAIT -
tcp 0 0 192.168.1.14:49090 IP:443 ESTABLISHED 245476/chrome --typ
5 - netstat -nptwc on my host shows no traffic from my host.
Okay so what is going on here...is my web server's response cached somewhere outside my server???
Related
I have a very simple flask app that is deployed on GKE and exposed via google external load balancer. And getting random 502 responses from the backend-service (added a custom headers on backend-service and nginx to make sure the source and I can see the backend-service's header but not nginx's)
The setup is;
LB -> backend-service -> neg -> pod (nginx -> uwsgi) where pod is the application built using flask and deployed via uwsgi and nginx.
The scenario is to handle image uploads in simple-secured way. Sender sends me a token with upload request.
My flask app
receive request and check the sent token via another service using "requests".
If token valid, proceed to handle the image and return 200
If token is not valid, stop and send back a 401 response.
First, I got suspicious about the 200 and 401's. And reverted all responses to 200. Following some of the expected responses, server starts to respond 502 and keep sending it. "Some of the messages at the very beginning succeeded".
nginx error logs contains below lines
2023/02/08 18:22:29 [error] 10#10: *145 readv() failed (104: Connection reset by peer) while reading upstream, client: 35.191.17.139, server: _, request: "POST /api/v1/imageUpload/image HTTP/1.1", upstream: "uwsgi://127.0.0.1:21270", host: "example-host.com"
my uwsgi.ini file is as below;
[uwsgi]
socket = 127.0.0.1:21270
master
processes = 8
threads = 1
buffer-size = 32768
stats = 127.0.0.1:21290
log-maxsize = 104857600
logdate
log-reopen
log-x-forwarded-for
uid = image_processor
gid = image_processor
need-app
chdir = /server/
wsgi-file = image_processor_application.py
callable = app
py-auto-reload = 1
pidfile = /tmp/uwsgi-imgproc-py.pid
my nginx.conf is as below
location ~ ^/api/ {
client_max_body_size 15M;
include uwsgi_params;
uwsgi_pass 127.0.0.1:21270;
}
Lastly, my app has a healthcheck method with simple JSON response. It does no extra stuff and simply returns. This never fails as explained above.
Edit : my nginx access logs in the pod shows the response as 401 while the client receives 502.
for those who gonna face with the same issue, the problem was post data reading (or not reading).
nginx was expecting to get post data read by the proxied, in our case uwsgi, app. But according to my logic I was not reading it in some cases and returning back the response.
Setting uwsgi post-buffering solved the issue.
post-buffering = %(16 * 1024 * 1024)
Which led me to this solution;
https://stackoverflow.com/a/26765936/631965
Nginx uwsgi (104: Connection reset by peer) while reading response header from upstream
I started to use ngrok to create a tunnel to get http 80 access to some local files.
It was working great till tonight.
When I run ngrok http 80 I get the usual startup screen for about 30 seconds then a black screen comes up and i am unable to get my external link.
This will load then the terminal window goes blank
ngrok (Ctrl+C to quit)
Session Status connecting
Version 3.1.0
Latency -
Web Interface http://127.0.0.1:4040
Connections ttl opn rt1 rt5 p50 p90
0 0 0.00 0.00 0.00 0.00
# ngrok http 80 --log stdout
INFO[11-05|09:28:17] no configuration paths supplied
INFO[11-05|09:28:17] using configuration at default config path path=/root/.config/ngrok/ngrok.yml
INFO[11-05|09:28:17] open config file path=/root/.config/ngrok/ngrok.yml err=nil
t=2022-11-05T09:28:17-0400 lvl=info msg="starting web service" obj=web addr=127.0.0.1:4040
t=2022-11-05T09:28:22-0400 lvl=warn msg="failed to check for update" obj=updater err="Post \"https://update.equinox.io/check\": context deadline exceeded"
panic: send on closed channel
goroutine 48 [running]:
go.ngrok.com/lib/tlsx.CRLVerifyConfig.verifyIssuer.func1()
go.ngrok.com/lib/tlsx/crl.go:104 +0xf5
go.ngrok.com/lib/nsync.(*Group).Go.func1()
go.ngrok.com/lib/nsync/group.go:69 +0x44
created by go.ngrok.com/lib/nsync.(*Group).Go
go.ngrok.com/lib/nsync/group.go:68 +0x128
i did not make any changes to the ngrok config
I spoke with ngrok support and they verified that looks like my isp was blocking something.
They advised to edit the ngroc.yml file and to add
crl_noverify: true
To the the file.
After that the command "ngrok http 80" works as normal.
I'm currently using the Chilkat HTTP ActiveX control (version 9.3.2.0) with VB6... One of the servers where I download files from is switching over to https, but I can't get it to work... Using http it works perfectly, but when I change the URL to https it returns 0.
Here is the result of Http.LastErrorText:
ChilkatLog:
Download:
DllDate: Aug 5 2012
UnlockPrefix: **********
Username: BILL-DESKTOP:Bill
Architecture: Little Endian; 32-bit
Language: ActiveX
VerboseLogging: 0
backgroundThread: 0
url: https://nomads.ncep.noaa.gov/cgi-bin/filter_gfs_0p25.pl?file=gfs.t12z.pgrb2.0p25.f000&lev_10_m_above_ground=on&lev_2_m_above_ground=on&lev_entire_atmosphere=on&lev_entire_atmosphere_%5C%28considered_as_a_single_layer%5C%29=on&lev_mean_sea_level=on&lev_surface=on&var_APCP=on&var_PRMSL=on&var_TCDC=on&var_TMP=on&var_UGRD=on&var_VGRD=on&leftlon=0&rightlon=360&toplat=90&bottomlat=-90&dir=%2Fgfs.2018120712
toLocalPath: C:\Progra~1\PCGrADS\gfs\grib\gfs_pgrbf_000.grib2
localFileAlreadyExists: 0
QuickGetToOutput_Download:
qGet_1:
simpleHttpRequest_3:
httpMethod: GET
requestUrl: https://nomads.ncep.noaa.gov/cgi-bin/filter_gfs_0p25.pl?file=gfs.t12z.pgrb2.0p25.f000&lev_10_m_above_ground=on&lev_2_m_above_ground=on&lev_entire_atmosphere=on&lev_entire_atmosphere_%5C%28considered_as_a_single_layer%5C%29=on&lev_mean_sea_level=on&lev_surface=on&var_APCP=on&var_PRMSL=on&var_TCDC=on&var_TMP=on&var_UGRD=on&var_VGRD=on&leftlon=0&rightlon=360&toplat=90&bottomlat=-90&dir=%2Fgfs.2018120712
Connecting to web server...
httpServer: nomads.ncep.noaa.gov
port: 443
Using HTTPS.
ConnectTimeoutMs_1: 10000
calling ConnectSocket2
IPV6 enabled connect with NO heartbeat.
connectingTo: nomads.ncep.noaa.gov
dnsCacheLookup: nomads.ncep.noaa.gov
Resolving domain name (IPV4)
GetHostByNameHB_ipv4: Elapsed time: 140 millisec
myIP_1: 192.168.1.38
myPort_1: 55564
connect successful (1)
clientHelloMajorMinorVersion: 3.1
buildClientHello:
majorVersion: 3
minorVersion: 1
numRandomBytes: 32
sessionIdSize: 0
numCipherSuites: 10
numCompressionMethods: 1
--buildClientHello
TlsAlert:
level: fatal
descrip: handshake failure
--TlsAlert
Closing connection in response to fatal error.
Failed to read incoming handshake messages. (1)
Client handshake failed. (3)
Failed to connect to HTTP server.
connectElapsedMs: 640
--simpleHttpRequest_3
--qGet_1
--QuickGetToOutput_Download
bFileDeleted: 1
totalElapsedMs: 672
ContentLength: 0
Failed.
--Download
--ChilkatLog
What am I doing wrong?
Regards,
Bill
You were using an old version from 2012, which did not yet implement TLS 1.2. Chilkat has since added support for TLS 1.2 (for many years now) and the latest version should work fine.
I am using Traefik as HTTP reverse proxy. I have two servers created using spring boot. Both servers are working properly on port 8081 and 8082
Traefik web UI is visible in port 8080.
What I wanted is to redirect http://localhost:7070/ to http://localhost:8081/ or http://localhost:8082/
traefik.toml config file
loglevel="INFO"
defaultEntryPoints = ["http"]
[entryPoints]
[entryPoints.http]
address = ":7070"
[file]
[frontends]
[frontends.frontend1]
backend = "backend1"
[frontends.frontend1.routes.test_1]
rule = "Host: localhost"
[backends]
[backends.backend1]
[backends.backend1.LoadBalancer]
method = "drr"
[backends.backend1.healthcheck]
path = "/app/health"
interval = "60s"
[backends.backend1.servers.server1]
url = "http://127.0.0.1:8081"
weight = 1
[backends.backend1.servers.server2]
url = "http://127.0.0.1:8082"
weight = 1
[api]
[ping]
[docker]
console output
INFO[2018-03-20T18:38:58+05:30] Using TOML configuration file
/home/kasun/apps/temp/traefik.toml
INFO[2018-03-20T18:38:58+05:30] Traefik version v1.5.4 built on 2018-
03-15_01:33:52PM
INFO[2018-03-20T18:38:58+05:30]
Stats collection is disabled.
Help us improve Traefik by turning this feature on :)
More details on https://docs.traefik.io/basics/#collected-data
INFO[2018-03-20T18:38:58+05:30] Preparing server http &{Network:
Address::7070 TLS:<nil> Redirect:<nil> Auth:<nil>
WhitelistSourceRange:[] Compress:false ProxyProtocol:<nil>
ForwardedHeaders:0xc4202a4520} with readTimeout=0s writeTimeout=0s
idleTimeout=3m0s
INFO[2018-03-20T18:38:58+05:30] Preparing server traefik &{Network:
Address::8080 TLS:<nil> Redirect:<nil> Auth:<nil>
WhitelistSourceRange:[] Compress:false ProxyProtocol:<nil>
ForwardedHeaders:0xc4202a4540} with readTimeout=0s writeTimeout=0s
idleTimeout=3m0s
INFO[2018-03-20T18:38:58+05:30] Starting server on :7070
INFO[2018-03-20T18:38:58+05:30] Starting provider *docker.Provider
{"Watch":true,"Filename":"","Constraints":null,"Trace":false,
"DebugLogGen
eratedTemplate":false,"Endpoint":
"unix:///var/run/docker.sock","Domain":"","TLS":null,
"ExposedByDefault":true,"UseBindPortIP":false,"SwarmMode":false}
INFO[2018-03-20T18:38:58+05:30] Starting server on :8080
INFO[2018-03-20T18:38:58+05:30] Starting provider *file.Provider
{"Watch":true,"Filename":"/home/kasun/apps/temp/traefik.toml",
"Constraints":null,"Trace":false,"DebugLogGeneratedTemplate":false,
"Directory":""}
INFO[2018-03-20T18:38:58+05:30] Server configuration reloaded on :7070
INFO[2018-03-20T18:38:58+05:30] Server configuration reloaded on :8080
INFO[2018-03-20T18:38:58+05:30] Server configuration reloaded on :7070
INFO[2018-03-20T18:38:58+05:30] Server configuration reloaded on :8080
WARN[2018-03-20T18:38:58+05:30] HealthCheck has failed
[http://127.0.0.1:8081]: Remove from server list
WARN[2018-03-20T18:38:58+05:30] HealthCheck has failed
[http://127.0.0.1:8082]: Remove from server list
WARN[2018-03-20T18:38:58+05:30] HealthCheck has failed
[http://127.0.0.1:8082]: Remove from server list
WARN[2018-03-20T18:38:58+05:30] HealthCheck has failed
[http://127.0.0.1:8081]: Remove from server list
When I load http://localhost:7070/ from the browser it gives
Service Unavailable
when I go to Traefik health dashboard it displays
Can anybody tell me what I am doing wrong here? I went through a few articles but unable to find the correct answer.
I suppose your are running Træfik in a container.
127.0.0.1 -> localhost inside the container, not in your local machine.
I have an issue about configuration the Flask on raspberry pi so that it can be accessed the web server from internet. The Flask is configured as 0.0.0.0 already as
if __name__ == '__main__':
app.run(debug=True , host='0.0.0.0', port=8080)
I have managed to access the web from LAN like below
P:\Desktop\py>curl 218.191.220.131:8080/restful/demo {
"result": [
{
"humidity": 57.13673400878906,
"id": 1,
"temperature": 31.51284408569336,
"time": "12:45:30"
}
]
}
However when i try access it from internet, the response is stuck. I can see from the debug message the request is sent successfully to Flask
192.168.1.1 - - [18/Jan/2017 11:23:06] "GET /restful/demo HTTP/1.1" 200 - # accessed from LAN
14.0.229.145 - - [18/Jan/2017 11:23:17] "GET /restful/demo HTTP/1.1" 200 - # accessed from Internet
it looks like the response cannot send successfully, stuck at FIN_WAIT1 likely means the response failed to reach to client.
pi#pi:~/Desktop/py $ netstat -n | grep 8080
tcp 0 155 192.168.1.116:8080 14.0.229.145:18934 FIN_WAIT1
tcp 0 155 192.168.1.116:8080 14.0.229.145:18935 FIN_WAIT1
tcp 0 0 192.168.1.116:8080 192.168.1.1:52304 TIME_WAIT
tcp 0 0 192.168.1.116:8080 192.168.1.1:52311 TIME_WAIT
Any idea please? I've already setup port forwarding/ triggering and even try DMZ mode but still stuck.
Problem solved. it is due to my synology router treat the package is intrusive and blocked. I have disabled the intrusive prevention mode and it can now access from the internet.