If a website depends on an upstream database or other abstracted service or store - basically most websites known to man - then when the upstream requests dies with a timeout, should I return a 503 or a 504?
503 Service Unavailable
The server is currently unavailable (because it is overloaded or down
for maintenance). Generally, this is a temporary state. Sometimes,
this can be permanent as well on test servers.
504 Gateway Timeout
The server was acting as a gateway or proxy and did not receive a
timely response from the upstream server.
The 504 feels more designed for proxy servers, caches or other web infrastructure, but the 503 is not right either since the service is fine, the current request just happened to die, perhaps a search might have been to broad or something.
So which is 'right' according to HTTP?
Luke
503 sounds appropriate if this is a temporary condition that will be resolved simply by waiting. http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html states: "The implication is that this is a temporary condition which will be alleviated after some delay."
500 also sounds appropriate. The RFC states: "The server encountered an unexpected condition which prevented it from fulfilling the request." An unresponsive database is an exceptional/unexpected case.
IMO, what it comes down to is this: Are you providing an error code that will help callers (i.e. HTTP clients) respond to the situation? In this case, there is really nothing a client can do other than to try again later. Given this, I would keep it simple and return 500. I think clients are more likely to care if the site is available and less likely to care about the specific reason. Plus fewer response codes makes it easier to code clients. Again this is just my opinion.
Related
I am using calculate route API to calculate distance and time from origin to destination. Wanted to validate some error codes that I have observed in error code documentation.
One of which is 500 Internal error.
Description for this says "There is a server configuration issue" can I get a clear reason for cause of this error! What does server configuration Issue mean?!
Response status codes beginning with the digit "5" indicate cases in which the server is aware that it has erred or is incapable of performing the request.
500 Internal Server Error
The server encountered an unexpected condition which prevented it from fulfilling the request.
501 Not Implemented
The server does not support the functionality required to fulfill the request. This is the appropriate response when the server does not recognize the request method and is not capable of supporting it for any resource.
502 Bad Gateway
The server, while acting as a gateway or proxy, received an invalid response from the upstream server it accessed in attempting to fulfill the request.
503 Service Unavailable
The server is currently unable to handle the request due to a temporary overloading or maintenance of the server. The implication is that this is a temporary condition which will be alleviated after some delay. If known, the length of the delay MAY be indicated in a Retry-After header. If no Retry-After is given, the client SHOULD handle the response as it would for a 500 response.
504 Gateway Timeout
The server, while acting as a gateway or proxy, did not receive a timely response from the upstream server specified by the URI (e.g. HTTP, FTP, LDAP) or some other auxiliary server (e.g. DNS) it needed to access in attempting to complete the request.
505 HTTP Version Not Supported
The server does not support, or refuses to support, the HTTP protocol version that was used in the request message. The server is indicating that it is unable or unwilling to complete the request using the same major version as the client, as described in section 3.1, other than with this error message. The response SHOULD contain an entity describing why that version is not supported and what other protocols are supported by that server.
Let's say we are initiating oauth flow from our server and the provider times out. What do we return as status code? 503 for try again later or 504 to state some other server timed out?
I think 502 are the most appropiate in this case
502 Bad Gateway
A 502 error means that a website server that is serving as a reverse
proxy for the website origin server (for example, a CDN PoP) did not
receive a valid response from the origin server. This may be because
the origin server is experiencing issues, there is an invalid or
incorrect DNS name, or because a firewall on the origin server has
blocked the reverse proxy server request.
This may also occur when requests at the origin server are taking
several minutes to complete and a caching tool such as Varnish Cache
has been instructed to timeout after a set number of seconds. Varnish
Cache has a default timeout of 60 seconds, which section.io recommends
keeping for security and alerting reasons.
504 Gateway Timeout
Similar to the 502 error, the 504 Gateway Timeout error occurs if the
server that is acting as a proxy for the website origin server did not
receive a response from the website origin server within a set time
period. This may indicate an issue with the DNS host or hosting
company, or with the connection or configuration between the reverse
proxy servers and the website origin server.
More info here https://www.section.io/blog/504-503-errors-difference/
There is already an interesting question that has a similar context as yours, and there are a varied number of choices that you choose from.
Maybe have a quick look at this question.
In my opinion, from all the above-mentioned choices of HTTP status codes, I would recommend using 419 that states the following as per the documentation:
419 Authentication Timeout
Not a part of the HTTP standard, 419 Authentication Timeout denotes that previously valid authentication has expired. It is used as an alternative to 401 Unauthorized in order to differentiate from otherwise authenticated clients being denied access to the specific server
Say I have service http://myservice.dev:8080/resource/get/id which calls another service http://otherservice.dev:8080/resource/get/name. If the second service does not respond because it is down, what is the proper response the calling service should return to the client? Assume that it is critical for the request to call the second service.
I was thinking 504 gateway timeout but it sounds like this is for the upstream gateway...
TL;DR Yes, 504 would be appropriate in most cases
The definition of upstream server is important:
In computer networking, upstream server refers to a server that provides service to another server.
1
So in the case you mention, yes, the 'otherservice' can be considered an upstream server and thus HTTP response codes like 502 and 504 would be appropriate.
That being said, depending on your use case, it is perhaps not wise to expose information to your client about the upstream servers. It may be irrelevant to clients as to how many other services are dependencies. Especially if you re-architect or reconfigure in the future, the 'otherservice' may become part of the 'myservice'. And thus a failure should be appropriately tagged as 500 (Internal Service Error) or 503 (Service Unavailable).
1 https://en.wikipedia.org/wiki/Upstream_server
I'm trying to diagnose a web service that sits behind some load balancers and proxies. Under load, one of the servers along the way starts to return HTTP 504 errors, which indicates a gateway timeout. With that background out of the way, here is my question:
When a proxy makes a request to the destination server, and the destination server receives the request but doesn't respond in time (thus exceeding the timeout), resulting in a 504, what happens when the destination server does eventually respond? Does it know somehow that the requestor is no longer interested in a response? Does it happily send a response with no idea that the gateway already sent HTTP error response back to the client? Any insight would be much appreciated.
It's implementation-dependent, but any proxy that conforms to RFC 2616 section 8.1.2.1 should include Connection: close on the 504 and close the connection back to the client so it can no longer be associated with anything coming back from the defunct server connection, which should also be closed. Under load there is the potential for race conditions in this scenario so you could be looking at a bug in your proxy.
If the client then wants to make further requests it'll create a new connection to the proxy which will result in a new connection to the backend.
I'm writing a service that returns data about another request to the consumer (for example, retrieving the un-shortened URL from a bitly or t.co address). In most situations, I can return a status code to mirror the code I received from the server, but what status code is most appropriate when my service is unable to connect to the requested URL (if it doesn't exist, for example)? I was thinking 400 Bad Request or 408 Request Timeout, but is there a best practice here?
503 Service Unavailable seems like an appropriate choice. The 4xx codes are meant to indicate the client did something wrong. In the case you specify, it's a service error.
502 Bad Gateway, since you're acting as a proxy server.
The HyperText Transfer Protocol (HTTP) 502 Bad Gateway server error response code indicates that the server, while acting as a gateway or proxy, received an invalid response from the upstream server.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/502
Interesting and debatable. What if the IP(hostname) is unavailable temporarily? 503 is more accurate in that sense. If at all someone is trying to connect to an IP(hostname) that doesn't exists (which is beyond the realms of gateway to determine) a bad gateway may look appropriate.
However 504 could be more realistic as to convey what system has attempted and that would convey a timeout and not received any response from the upstream.