Develop Reference

grpc-go over https: failed rpc error: code = Unavailable desc = transport is closing:

Note: This is running in containers in Kubernetes.
I have successfully done this very short description: https://knative.dev/docs/serving/samples/grpc-ping-go/
Success:
2019/05/08 13:43:56 Ping got hello - pong
2019/05/08 13:43:56 Got pong 2019-05-08 13:43:57.646935391 +0000 UTC m=+1.661567121
But if I run through 443 from a Gateway on knative setup for https, it does not work:
docker run -ti --entrypoint=/client docker.io/{username}/grpc-ping-go \
-server_addr="${SERVICE_IP}:443" \
-server_host_override="${SERVICE_HOST}" \
-insecure
2019/05/08 13:50:28 &{0xc00012e000}.Ping failed rpc error: code = Unavailable desc = transport is closing:
The client code from the sample, and the server code.
The server is not listening for tls, but the connection to the server is over https.
Just to make sure, I know the https is worning from a simpel hello-go text reply.

In your server code, you are not listening on port 443, so this is most likely the reason your example isn't working.
If you want to keep using http and not https, then your code is working just fine.
If you want to get it working with TLS, this overview is a pretty good one.
To get port 80 to redirect to port 443 (I highly recommend it if you are using https), see this SO post.

Unable to get STOMP working/connecting in spring-boot on GKE cluster

I'm trying to get my application running in GKE. I'm using an RabbitMQ instance from cloudamqp. I use this instance for all internal messaging between my microservices through AMQP.
Now I want to send messages to the browser using STOMP over SockJS using the stompRelay. When I connect to the instance locally ( on my dev-machine ), everything works like a charm. Messages get send and acknowledged, ...
When I move the application to production ( GKE ) all the AMQP queues work correctly, but I'm unable to have STOMP working with the relay ...
When I use the simpleBroker everything works correctly.
I'm pretty sure the code is correctly as it works correctly from my development PC. I think it has to do with the GKE firewalls intercepting.
I've tried add extra rules to the firewall on gce by allowing all in/out traffic on TCP 61613,61614.
Errors
o.s.m.s.s.StompBrokerRelayMessageHandler : TCP connection failure in session _system_: No CONNECTED frame received in 60000 ms.
r.io.net.impl.netty.tcp.NettyTcpClient : CLOSED: [id: 0x5d96aa8d, /10.20.6.78:47136 :> xxxxxxxxxx.rmq.cloudamqp.com/35.195.232.78:61613]
My dockerfile
FROM openjdk:8-jre-alpine
RUN apk add --no-cache tzdata
ENV TZ Europe/Brussels
ENV SPRING_PROFILES_ACTIVE production
WORKDIR /app
ADD target/application.jar /app/application.jar
EXPOSE 8080
CMD ["java", "-jar", "application.jar"]
My relay config
#Override
public void configureMessageBroker(MessageBrokerRegistry config) {
config.enableStompBrokerRelay("/topic", "/queue")
.setRelayHost(relayHost)
.setRelayPort(relayPort)
.setSystemLogin(relayLogin)
.setSystemPasscode(relayPasscode)
.setVirtualHost(relayVHost)
.setClientLogin(relayLogin)
.setClientPasscode(relayPasscode);
}
I've been struggling for 2 days now trying to get this running ...
Anyone have got STOMP in Spring-boot running on GKE with an external rabbitMQ?

After looking in the config again, I've found a typo which was causing the problems connecting to the RabbitMQ.
#Value("${app.stomp.username:guest}")
private String relayLogin;
But config was
app:
stomp:
user: xxxxxxxx

Cento 7 Firewalld refuses all incoming connections to my web-server

I have Centos7 VM built using vagrant with private IP address of:192.168.56.255
I am running my Spring boot application on that VM on port 8443. It supports HTTPS. My issue is that when try to send https requests to 192.168.56.255 web server via Curl command i got
curl: (7) Couldn't connect to server
I have read many tutorials that explain how to configure my Firewall in Cento7 but still got the same issue one is provided by DigitalOcean
When I type
sudo firewall-cmd --list-all-zones
I got
public
target: default
icmp-block-inversion: no
interfaces:
sources:
services: ssh dhcpv6-client https http mysql
ports: 8443/tcp 3306/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
As you can see I enabled everything I need and more but still. I even shut down the Firewall but still the connection is refused from my host.
When I made the changes I did reload my firewall
sudo firewall-cmd --realod
So that is not the problem

The problem was not with the Firewalld but with the pre-configured IP address using Vagrant.
The IP address should not be 255 in the first byte as I did 192.168.56.255
because that indicates that this is a broadcast address. So i solved it by changing it to 192.168.56.10

Can't connect to remote PHP WebSocket server (Wrench) : ERR_CONNECTION_REFUSED

I'm trying to connect to a WebSocket server (PHP / Wrench) running on my webserver.
The configuration of the server looks like this:
$server = new \Wrench\Server("wss://localhost:8443");
$server->registerApplication('app',
new \Wrench\Application\EchoApplication());
$server->run();
I'm using port 8443 because I can't use 80 or 443 (Permission denied). The domain uses HTTPS so I have to use the wss: protocol.
I have no problem connecting to the PHP server when I run the script on my local machine (I just have to replace wss: by ws:).
When I run the server via SSH on my remote webserver, it seems to run correctly, but trying to connect to it via JS with the following call doesn't work:
var ws = new WebSocket("wss://dev.mydomain.net:8443/app");
I get an "Error in connection establishment: net::ERR_CONNECTION_REFUSED."
On my webserver panel control, the 8443 port (TCP) is open (in and out). When the PHP server is running, the command netstat -a | grep 8443 gives the following output, which I think should confirm it's open:
tcp 0 0 localhost:8443 *:* LISTEN
Is there an obvious detail I'm missing here?

I finally found a solution: instead of setting the URI of the server to localhost, I had to use 0.0.0.0. Now it works perfectly when I'm using HTTP (there's another problem when using HTTPS, but at least I have more information at this point).

Can't connect to public IP for EC2 instance

I have an EC2 instance which is running with the following security groups:
HTTP - TCP - 80 - 0.0.0.0/0
Custom UDP Rule - UDP - 1194 - 0.0.0.0/0
SSH - TCP - 22 - 0.0.0.0/0
Custom TCP Rule - TCP - 943 - 0.0.0.0/0
HTTPS - TCP - 443 - 0.0.0.0/0
However, when I try to access http://{PUBLIC_IP} or https://{PUBLIC_IP} in the browser, I get a "{IP} refused to connect" error. I'm new to AWS. Am I missing something here? What should I do to debug?

One way to debug this particular class of problem is to use netcat in order to determine where the problem lies.
If you run netcat against port 80 on the public IP address of your instance and just get a hang (no output at all), then most likely your security group isn't allowing traffic through. Here is an example from an EC2 instance that is in a security group that doesn't allow port 80 traffic inbound:
% nc -v 55.35.300.45 80
<just hangs>
Whereas if the security group is changed to allow port 80, but the EC2 instance doesn't have any process listening on port 80, you'll get the following:
% nc -v 55.35.300.45 80
nc: connectx to 52.38.300.43 port 80 (tcp) failed: Connection refused
Given that your browser gave you a similar "connection refused", most likely the problem is that there is no web server running on your instance. You can verify this by ssh'ing into the instance and seeing if you can connect to port 80 there:
ssh ec2-user#55.35.300.45
% nc -v localhost 80
nc: connect to localhost port 80 (tcp) failed: Connection refused
If you get something like the above, you're definitely not running a webserver.

I'm not sure if it's too late to help but I was stuck with a similar issue with my test server
SG Inbound: ssh -> 22
HTTP -> 80
NACL: default allow/deny settings
but still couldn't ping to the server from my browser, then I realize there's nothing running on the server that can serve the request, and I started httpd server (webserver) and it worked.
sudo yum -y install httpd
sudo service httpd start
this way you can test the connectivity if you are playing with SGs and NACLs and of course it's not the only way, just an example if you're figuring your System N/W out.

Have you installed webserver(ngingx/apache) to serve your requests. If so please share your the config files. (So that it will help to troubleshoot)

I think the reason is probably that you did not set up a web server for your EC2 instance, because if you try to access http://{PUBLIC_IP} or https://{PUBLIC_IP}, you need to have a background server to serve the http request as #Niranj Rajasekaran said.
By the way, by simply pinging the {PUBLIC_IP}, you could see if your connection to your EC2 instance is normal or not.
In command prompt or terminal, type
ping {PUBLIC_IP}

In my case, the server was running but available on just 127.0.0.1 so it refused connections from external hosts. To see if this is your situation, you can run
netstat -an | grep <port number>
If it says 127.0.0.1:<port number> instead of 0.0.0.0:<port number>, you have this problem.
Usually there's a flag or an argument in your server code somewhere to set the host to 0.0.0.0:
app.run(host='0.0.0.0') # flask example
However, in my case, I had already set this so I thought that couldn't possibly be the issue, which is how I ended up on this thread, which asks more generally about the problem. Unfortunately, I was using docker, and had set 0.0.0.0 on the container but was mapping that explicitly to 127.0.0.1 on the host in the docker-compose port-mapping:
ports:
- "127.0.0.1:<port number>:<port number>"
Changing that line to remove the host IP specification fixed the problem upon re-deploy:
ports:
- "<port number>:<port number>"