Error on executing http rest by the gateway 502 - spring-boot

I'm working on a spring cloud application
<!-- config boot & cloud -->
<spring-boot.version>2.7.7</spring-boot.version>
<spring-cloud.version>2021.0.5</spring-cloud.version>
I'm blocked on a http error 502 (proxy error) you will find the logs below.
When my http call exceeds 5 minutes my gateway return 502 to my Angular client - and the the back-end continue the treatment there is no error on back-end -
Gecko/20100101 Firefox/102.0" "172.17.10.67:46630" "172.17.0.79:61077"
x_forwarded_for:"10.195.209.56, 172.17.0.78, 172.17.10.67"
x_forwarded_proto:"https,https" vcap_request_id:"ff220ed6-266d-435d-5871-58f67d80c1d9"
response_time:300.005213 gorouter_time:0.000213 app_id:"4aa32d01-bbbe-4876-bed8-6256524bbd2e"
app_index:"0" instance_id:"cbe8ded1-e8d4-4a5f-7ab0-f75b" x_cf_routererror:"endpoint_failure (context canceled)"
x_b3_traceid:"4184c84b0c60d6a03fc900b8969f3e97" x_b3_spanid:"3fc900b8969f3e97" x_b3_parentspanid:"-"
b3:"4184c84b0c60d6a03fc900b8969f3e97-3fc900b8969f3e97"
I tried this configuration but it not resolve the error timeout
(this configuration resolve the timeout error http 504 and not 502)
spring:
cloud:
gateway:
httpclient:
connect-timeout: 60000
response-timeout: 600s
I tried the configuration by route also it gives no result.

Related

How to point consul-cli to HTTPS endpoint?

How to point consul cli to HTTPS url?
I tried the below ...
export CONSUL_HTTP_ADDR=127.0.0.1:8501
consul members
Error retrieving members: Unexpected response code: 400 (Client sent an HTTP request to an HTTPS server.
)
Ah..
export CONSUL_HTTP_SSL=true
consul members
Node Address Status Type Build Protocol DC Segment
myhostname 192.168.2.198:8301 alive server 1.10.4 2 dc1 <all>

Health check properties for springboot application in PCF

I have configured the below health check properties in my spring boot application(using actuator) and returning "UP" when locally tested using the below endpoint
server:
servlet:
context-path: /account/v1
port: 8443
management:
endpoints:
web:
path-mapping:
health: /health
Check locally using "http://localhost:8443/account/v1/actuator/health and returning
{"status":"UP"}"
In PCF I updated the Health check type as "http" and Endpoint as "/actuator/health".
When I pushed my app I am getting the below error
2020-09-02T12:43:15.92+0530 [HEALTH/0] ERR Failed to make HTTP request to '/actuator/health' on port 8080: connection refused
2020-09-02T12:43:15.92+0530 [CELL/0] ERR Failed after 1m0.632s: readiness health check never passed.
Please help on this.(Is my port or endpoint wrong)

Zuul Forwarding error - Trying to connect to a different(unknown) ip

I have configured zuul proxy and eureka naming server for my spring boot application. Zuul proxy run on port 8765 and eureka runs on port 8761.
Also two other microservices, user-service and message-service run on port 8081 and 8082.
Also I have used swagger for the zuul proxy service where i can find all microservices api in one place.
Swagger configuration in Zuul proxy service
#Component
#Primary
#EnableAutoConfiguration
public class Controller implements SwaggerResourcesProvider{
#Override
public List<SwaggerResource> get() {
List<SwaggerResource> resources= new ArrayList<>();
SwaggerResource user = new SwaggerResource();
user.setName("USER-SERVICE");
user.setLocation("/api/user/v2/api-docs");
user.setSwaggerVersion("2.0");
resources.add(user);
SwaggerResource message = new SwaggerResource();
message.setName("MESSAGE-SERVICE");
message.setLocation("/api/message/v2/api-docs");
message.setSwaggerVersion("2.0");
resources.add(message);
return resources;
}
}
application.yml of Zuul proxy
server:
port: 8765
eureka:
client:
serviceUrl:
defaultZone: http://eureka-naming-server:8761/eureka/
instance:
prefer-ip-address: true
metadataMap:
instanceId: ${vcap.application.instance_id:${spring.application.name}:${spring.application.instance_id:${random.value}}}
instanceId: ${vcap.application.instance_id:${spring.application.name}:${spring.application.instance_id:${random.value}}}
zuul:
prefix: /api
sensitive-headers: Cookie,Set-Cookie
routes:
user-service:
path: /user/**
service-id: USER-SERVICE
message-service:
path: /message/**
service-id: MESSAGE-SERVICE
Also i have used docker-compose file to up the docker microservices with default subnet (169.254.3.0/24).
ip address of user-service is 169.254.3.6
ip address of message-service is 169.254.3.10
Here is the issue
When I call these services via zuul proxy swgger ui, often i am getting 500 error. That for the first time i hit the specific url it throws 500 error.
but after few attempt i get the response.
Zuul log which indicate problem
com.netflix.zuul.exception.ZuulException: Forwarding error
...
Caused by: com.netflix.client.ClientException: null
...
Caused by: java.lang.RuntimeException: org.apache.http.conn.ConnectTimeoutException: Connect to 172.22.97.14:8081 [/172.22.97.14] failed: connect timed out
...
Caused by: org.apache.http.conn.ConnectTimeoutException: Connect to 172.22.97.14:8081 [/172.22.97.14] failed: connect timed out
...
Caused by: java.net.SocketTimeoutException: connect timed out
I have no idea about 172.22.97.14:8081, why is not try to connect 172.22.97.14:8081 instead of connect to 169.254.3.6:8081
Can someone help me to understand what is happening in here..
Any help would be grateful !
[Edit]
zuul proxy container ip is 169.254.3.10
This problem occured on my project when I was using the same Zuulserver for developing microservices on localhost and DEV environment (when I started microservis on localhost it connected to zullserver on DEV env.). Then when I tried to call some operation through zuulserver it tried to connect to microservis not on DEV env. but on my machine.
I suspect the same problem on your side and IP on which you are developing your application is 172.22.97.14:8081.

haproxy + spring boot writeAddress(..) failed: Connection reset by peer

I'm running HAproxy with backend Spring Boot Rest controllers. My spring log shows constant errors that look like the following:
[reactor-http-epoll-26] ERROR o.s.w.s.a.HttpWebHandlerAdapter - [9df8bfcf] Error [io.netty.channel.unix.Errors$NativeIoException: writeAddress(..) failed: Connection reset by peer] for HTTP GET "/api/v1/status", but ServerHttpResponse already committed (200 OK)
HAproxy performs an HTTP check on the url /api/v1/status. What would be the reason that I'm getting these errors?
HAProxy Config
global
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
# daemon
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
ssl-default-bind-ciphers EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EX$
ssl-default-bind-options no-sslv3 no-tlsv10
tune.ssl.default-dh-param 4096
defaults
mode http
log global
option httplog
option http-server-close
option forwardfor except 127.0.0.0
option redispatch
retries 3
timeout http-request 30s
timeout queue 1m
timeout connect 30s
timeout client 30s
timeout server 30s
frontend https-in
bind *:443 ssl crt /etc/cert.pem
default_backend api
backend api
mode http
option httpchk GET /api/v1/status HTTP/1.0
http-check expect status 200
balance roundrobin
server api1 127.0.0.1:8001 check fall 3 rise 2
server api2 127.0.0.1:8002 check fall 3 rise 2
HAproxy is doing GET request, reads http response code and closing connection.
Boot is trying to send remaining parts (http headers and some json payload) but connection is already closed.
Just replace GET with OPTIONS in the line:
option httpchk GET /api/v1/status HTTP/1.0

Spring boot service in kubernetes always responses with HTTP status 400

We have Spring Boot service running in Kubernetes.
This service has endpoint:
- GET /healthz
We have liveness probe that uses this endpoint. Probe runs successfully.
It means that the endpoint is reachable from the service pod (localhost).
When I run in the service pod :
wget https://localhost:8080/healthz
I get an answer (OK)
When I try to call this endpoint outside the pod wget https://myhost:8080/healthz, I get response 400 without body.
I don't see any logs of Sprint. It seems that it does not reach the Sprint .
When I added flag -Djavax.net.debug=all I see in log that TLS handshake finished and then:
GET /healthz HTTP/1.1
host: myhost:8080
accept: application/json
Connection: close
and immediately
HTTP/1.1 400
Transfer-Encoding: chunked
Date: Mon, 25 Jun 201 8 08:43:43 GMT
Connection: close
When I try wget https://myhost:8080/blahblah (non existing endpoint),
I still get 400, not 404!
When I try wget https://myWronghost:8080/healthz (wrong host), I get an error Bad address. It means that host 'myhost' is correct (otherwise I would get this error).
Docker file:
FROM openjdk:8-jdk-alpine
VOLUME /tmp
ARG JAR_FILE
COPY ${JAR_FILE} app.jar
ENV JAVA_TOOL_OPTIONS -Dfile.encoding=UTF8
ENTRYPOINT ["java","-Djavax.net.debug=all", "-Djava.security.egd=file:/dev/./urandom","-jar","/app.jar"]
EXPOSE 8080
Summing up:
The service endpoints are accessible from within service pod, but not accessible from outside the pod.
Any idea why?
Update:
The problem was solved by calling the service with fully qualified domain name : serviceName.namespaceName.svc.cluster.local
Tomcat didn't accept calls with short domain serviceName.namespaceName, it responded 400.
Your issue can be caused by https://github.com/spring-projects/spring-boot/issues/13205.
All you have to do is upgrade Tomcat version to 8.5.32. You can do that by adding the version in pom.xml file.
<properties>
<!-- your properties -->
<tomcat.version>8.5.32</tomcat.version>
</properties>
If you are using Spring boot 2 this may be due to bug in Tomcat 8.5.31 that doesnt allow '-' in last part of FQDN
Update Tomcat to 8.5.32 fixes this.
Reference:
https://github.com/spring-projects/spring-boot/issues/13205
https://bz.apache.org/bugzilla/show_bug.cgi?id=62383
https://bz.apache.org/bugzilla/show_bug.cgi?id=62371
Not sure if it has any influence here, but you're trying everything with https. Can you try with http instead? Your spring app probably doesn't support https on port 8080.
The problem was solved by calling the service with fully qualified domain name :
service-name.namespace-name.svc.cluster.local
The service didn't accept calls with service-name.namespace-name, responded 400.

Resources