Golang net Dial user:pass#ip:port gives: no such host - http

I'm trying to connect to a proxy server to start an HTTP CONNECT tunnel. The proxy server uses authentication. This code however fails to work:
conn, err := net.Dial("tcp", "[user:pass#111.222.333.444]:5555")
Even though the host exists, I get an error:
"dial tcp: lookup user:pass#111.222.333.444: no such host"
The string format I'm using was described in this post. Can't seem to get it to work though.
https://stackoverflow.com/a/8858209/6767074

I eventually found the problem. The net.Dial() method wasn't the one concerned with proxy authentication.
I just had to fill in the "Proxy-Authorization" header of the request before calling for am HTTP response. So my TCP address became:
conn, err := net.Dial("tcp", "111.222.333.444:5555")

Related

wsarecv: An existing connection was forcibly closed by the remote host

When sending Post to a https rest api endpoint in my local network I'm receiving the error:
wsarecv: An existing connection was forcibly closed by the remote host.
However, when I use Postman on the same server it works fine.
The problem is specific to my Go http configuration, I'm just not sure what the problem is.
I've tried disabling TLS on the http client but the problem persists:
// disable SSLVerify
func getHttpClient() *http.Client {
tr := &http.Transport{TLSClientConfig: &tls.Config{InsecureSkipVerify: true}} // disable SSL integrity check
return &http.Client{Transport: tr}
}
edit: correction, it's being routed over a proxy, probably Bluecoat, that's performing some MitM operations. But still can't figure out why it works over Postman, but not with Golang.

What is the protocol for a secure websocket?

We've installed a Mattermost server and it works well.
We can only connect via http. Https gives an error.
The line of code that fails is
webSocketClient, err := model.NewWebSocketClient4("ws://mattermost.example.com", client.AuthToken)
make run
go run *.go
Mattermost Bot Sample
Server detected and is running version 5.1.0
We failed to connect to the web socket
Error Details:
model.websocket_client.connect_fail.app_error
model.websocket_client.connect_fail.app_error
websocket: bad handshake
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x58 pc=0x13e1e55]
We opened up the http port 8065 and when we connect to port 8065, without ssl, it works.
webSocketClient, err := model.NewWebSocketClient4("ws://mattermost.example.com:8065", client.AuthToken)
What is the protocol for a secure websocket?
Normal websocket uses "ws://example.com"
Secure websocket uses "wss://example.com"
Note that some frameworks automatically handle this for you if you just leave off the ws: or wss: entirely.

Get Source IP Address from Go HTTP Server

I am trying to implement a HTTP server in Golang that receives requests from an Amazon ELB that uses the proxy protocol. Now I'd like to know what the original IP address is and so I was thinking about using this package.
Now this package talks raws HTTP as far as I can tell but my server implements a higher level HTTP server with a router.
I am having trouble translating between them. My question is this: how do I use this library and still use a router like gorilla/mux? Now there's nothing special about this package, it just talks at a lower level than HTTP.
Example:
// Listen on TCP port 2000 on all interfaces.
l, err := net.Listen("tcp", ":2000")
// proxyproxy is the library that maintains the source ip address for me
proxyList := &proxyproto.Listener{Listener: list}
if err != nil {
log.Fatal(err)
}
defer proxyList.Close()
for {
// Wait for a connection.
conn, err := proxyList.Accept()
if err != nil {
log.Fatal(err)
}
// Handle the connection in a new goroutine.
// The loop then returns to accepting, so that
// multiple connections may be served concurrently.
go func(c net.Conn) {
// how do I connect my router
}(conn)
}
The usual way of finding out the actual client IP over HTTP is by using some HTTP headers such as:
X-Forwarded-For
X-Real-IP
Actually, Amazon ELB seems to support the X-Forwarded-For header:
http://docs.aws.amazon.com/elasticloadbalancing/latest/classic/x-forwarded-headers.html
If you are using Gorilla, they have a middleware that seems to take care of that for you:
https://godoc.org/github.com/gorilla/handlers#ProxyHeaders

Golang DNS resolution not working

I'be been reading a lot but I just can't find a solution.
I opened a VPS in Google Cloud, started an instance with Ubuntu and runned a web server i've written in Go listening in port 80. I also registered a domain in my country www.crosslogic.com.ar which delegated like this:
n1.crosslogic.com.ar 130.211.196.55
n2.crosslogic.com.ar 130.211.196.55
(Two were required but I only had one IP)
When I type the IP in the browser everything everything works fine, but when I try to reach the server using www.crosslogic.com.ar, or crosslogic.com.ar, or n1.crosslogic.com.ar I get ERR_NAME_RESOLUTION_FAILED.
I did this test intodns.com/crosslogic.com.ar to check the folowing errors:
-Missing nameservers reported by your nameservers. You should already know that your NS records at your nameservers are missing, so here it is again:
ns2.crosslogic.com.ar.
ns1.crosslogic.com.ar.
-No valid SOA record came back!
-ERROR: I could not get any A records for www.crosslogic.com.ar!
(I only do a cache request, if you recently added a WWW A record, it might not show up here.)
This is the code:
package main
import (
"net/http"
)
func main() {
// Genero un html con los detalles del calculo.
http.HandleFunc("/", indexHandler)
err := http.ListenAndServe(":80", nil)
if err != nil {
fmt.Println(err.Error())
}
}
func indexHandler(w http.ResponseWriter, r *http.Request) {
temp, err := template.ParseFiles("index.html")
if err != nil {
panic(err)
}
err = temp.Execute(w, nil)
if err != nil {
panic(err)
}
}
Am I missing any configuration in Linux? Those NS Records, A records and SOA is something I need to configure in my server? Shoudln't http/net be handling this stuff? Why request don't reach my port 80?
The problem has nothing to do with your code. Your DNS is not registered properly. When running nslookup I get the following:
$ nslookup n1.crosslogic.com.ar
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
$ nslookup n2.crosslogic.com.ar
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.

Websocket connections cannot be made with NginX/FastCGI

I have a web application written in Go. When I run the application with the web server that comes with the standard library, websocket connections work fine.
However, when I run the web application as a FastCGI application and use NginX as a proxy, the websocket connection cannot be established. I get this error message:
websocket: response does not implement http.Hijacker
I am using Gorilla Toolkit's websocket library for websocket connections and have the following setup:
Go Handler:
func NotificationsWebSocket(w http.ResponseWriter, r *http.Request) {
ws, err := websocket.Upgrade(w, r, nil, 1024, 1024)
if err != nil {
log.Print(err.Error())
return
}
//...
}
//...
router.HandleFunc("/notifications", NotificationsWebsocket)
//...
tcp, err := net.Listen("tcp", "127.0.0.1:9000")
handleErr(err)
err = fcgi.Serve(tcp, router)
nginx.conf
location ~ ^.+$ {
fastcgi_pass 127.0.0.1:9000;
include /etc/nginx/fastcgi_params;
}
One way I could go about this is have a FastCGI connection for all the regular web handlers and run a separate web server just for the websocket handler, and then handle the /notifications path in NginX accordingly, but I want to avoid that if at all possible.
Does anyone know if there's a way to configure NginX to allow the connection to be upgraded to websockets?
the error you are getting is that the fcgi response is not also a Hijacker (websockets use the hijacker interface to take over the tcp socket).
It doesn't have anything to do with nginx versions.
Also, FCGI is not compatible with websockets, you need to have another server and reverse proxy to it

Resources