Trying to run a mock apns service on AWS EC2.
Connection works well with curl and simple go program using apns2 library.
However when using pushy the query gets stopped at the loadbalancer with a HTTP 1/1 400 Bad Request. So is not getting through to the mock apsn service.
It looks like pushy is trying to negotiate to use http2, but it is also resolving the CNAME of the hostname to make that request. The hostname of the EC2 instance does not have an SSL certificate, and AWS do not allow EC2 instances to have their own certificate. SSL is done via the load balancer. Which is why I guess it gets the Bad Request error.
Is there some way to get pushy.apns to go straight to h2, without the negotiation. The apple APNS service works simply by replacing the hostname in the curl and go examples I'm using.
The log output of a pushy request looks like
https 2018-10-12T08:19:30.301789Z app/pushproxy/7ba468ea0d0278b2 86.172.XX.230:61136 - -1 -1 -1 400 - 0 288 "- https://pushproxy-XXXXXXX.eu-west-2.elb.amazonaws.com:443- -" "-" ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 - "-" "-" "arn:aws:acm:eu-west-2:914858662894:certificate/XXXXXX-d957-4e9d-bda6-00c2f42a6e3a" - 2018-10-12T08:19:30.286000Z "-" "-"
And a curl request looks like
h2 2018-10-12T08:13:43.142341Z app/pushproxy/7ba468ea0d0278b2 86.172.XX.230:60860 172.31.27.35:443 0.000 0.002 0.000 200 200 239 78 "POST https://pushproxy.mycompany.com:443/3/device/a9001c6cbf953a9b2820f4da9c7f8d37e84338460304a2ce0a04a32e85ca2532 HTTP/2.0" "curl/7.61.1" ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 arn:aws:elasticloadbalancing:eu-west-2:914858662894:targetgroup/pushProxy/252675c1a61756ea "Root=1-5bc057b7-a61a4ca4d5880b40f00d17c0" "pushproxy.mycompany.com" "arn:aws:acm:eu-west-2:914858662894:certificate/XXXXXXX-a34f-415b-b687-8789cf21197f" 0 2018-10-12T08:13:43.140000Z "forward" "-"
curl command
curl -v -d '{"aps":{"alert":"<message>","badge":42}}' \
-H "apns-id: 45454554646445454433433334332344" \
-H "apns-topic: com.2mee.Bridge2Mee" \
-H "apns-priority: 10" --http2 \
--cert pushcert.pem https://pushproxy.mycompany.com/3/device/a9001c6cbf953a9b2820f4da9c7f8d37e84338460304a2ce0a04a32e85ca2532
Related
I am running a Linux (Debian based) docker container on a Windows host.
I have a device with an HTTP based API that I want to interface with from the container.
When I run the curl command to the devices API under WSL from my host machine, it responds correctly.
<username>#<hostname>:/mnt/c/Users/$ curl -H "Authorization: Basic YWRtaW46aGVybW9zYTA=" http://172.16.255.33/Set.cmd?CMD=GetPower -v
* Trying 172.16.255.33:80...
* TCP_NODELAY set
* Connected to 172.16.255.33 (172.16.255.33) port 80 (#0)
> GET /Set.cmd?CMD=GetPower HTTP/1.1
> Host: 172.16.255.33
> User-Agent: curl/7.68.0
> Accept: */*
> Authorization: Basic YWRtaW46aGVybW9zYTA=
>
* Mark bundle as not supporting multiuse
* HTTP 1.0, assume close after body
< HTTP/1.0 200 OK
< Connection: close
<
<html>p61=1,p62=1,p63=0,p64=0</html>
* Closing connection 0
However, when I do the same curl command from my container, I get the error (52) Empty reply from server
root#9af1adf97ba7:/# curl -H "Authorization: Basic YWRtaW46aGVybW9zYTA=" http://172.16.255.33/Set.cmd?CMD=GetPower -v
* Trying 172.16.255.33:80...
* Connected to 172.16.255.33 (172.16.255.33) port 80 (#0)
> GET /Set.cmd?CMD=GetPower HTTP/1.1
> Host: 172.16.255.33
> User-Agent: curl/7.74.0
> Accept: */*
> Authorization: Basic YWRtaW46aGVybW9zYTA=
>
* Empty reply from server
* Connection #0 to host 172.16.255.33 left intact
curl: (52) Empty reply from server
In Wireshark, I see the device is setting the RST flag in its response when queried from the container. No such reset in the response when queried from my host machine.
I am starting my container using these arguments:
docker run -it -p 80:80 <image-name> bash
When I start to run the container on a Linux host using the same args, the curl request succeeds (as a test, I have to run this app on a Windows host).
I have tried both WSL2 based and Hyper-V based versions of Docker on Windows.
Under WSL2 container, I get no response from the device.
Under Hyper-V based container, I get the issue described above.
I've spent about a day Googling and trying various things, and I am out of ideas at this point.
Thanks.
I created new beanstalk environment PHP 7.3 running on 64bit Amazon Linux/2.9.6, Apache - with default PHP sample app. It's a classic load balancer type. But for now I have made it listening only to http at port 80. No https.
After deployment default PHP sample app runs fine on beanstalk environment url(cname) provided. Sample PHP app opens and because my environment is listening to just http so in browser I get "not secure" warning as normal behaviour but my Beanstalk URL is working so far and I see PHP sample app on browser.
Now I created fresh Laravel 7.x projects on my local machine. I tested and default "/" route points to welcome Laravel page. I deployed this sample Laravel project to my environment using EB on my Mac terminal.
Deploy is successful. I change the document root to "/public" in configuration because Laravel's index in inside public folder. Environment is in green health. Now I open Beanstalk URL and I see it's just taking a minute or so then it fails to load page saying "server where this page is located isn't responding" in Safari browser.
I checked my security group and it is listening to both http and ssh.
Final note: I have been doing this for long time. This is my first time experiencing this issue. Am I missing something?
Edit
I went inside Ec2 dashboard. I copied both Public DNS (IPv4) and IPv4 Public IP, tried accessing them in browser. It just takes time to connect and finish with "page not responding error".
My inbound rules for my security group:
HTTP TCP 80 0.0.0.0/0 -
SSH TCP 22 0.0.0.0/0 -
HTTPS TCP 443 0.0.0.0/0 -
Edit 2
Here is my access log from environment logs:
172.31.21.84 (103.86.57.43) - - [24/May/2020:18:34:31 +0000] "GET / HTTP/1.1" 301 278 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1 Safari/605.1.15"
103.86.57.58 (-) - - [24/May/2020:18:37:45 +0000] "GET / HTTP/1.1" 301 230 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1 Safari/605.1.15"
172.31.10.171 (195.154.94.244) - - [24/May/2020:18:45:10 +0000] "GET / HTTP/1.1" 301 228 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0"
I see that GET is called on / and http 301 is returned. It moved permanently. What does this mean?
I solved my issue by creating new fresh environment from eb cli in terminal using
eb create
Not sure why this worked but gave issue when creating environment from console dashboard.
I've followed this tutorial: https://www.digitalocean.com/community/tutorials/how-to-migrate-a-parse-app-to-parse-server-on-ubuntu-14-04
All fine, except that when it comes to sending a POST request to the Parse-server, I get an error 502. Here are both POST and GET requests which return a 502 when using https and a 301 when using HTTP:
curl -X POST \
-H "X-Parse-Application-Id: AppId" \
-H "Content-Type: application/json" \
-d '{"score":1337,"playerName":"Sammy","cheatMode":false}' \
https://domain.name/parse/classes/GameScore
curl -H "X-Parse-Application-Id: APPID" http://domain.name/parse/classes/GameScore
I specially wanted to check if
mongod.conf
is fine (mine is the same as the one on the tutorial) and if
/etc/nginx/sites-enabled/default
is also fine.
Here is the log:
2016/03/07 22:11:30 [error] 7288#0: *7 connect() failed (111: Connection refused) while connecting to upstream, client: myComputerIP, server: domain.name, request: "GET /parse/classes/GameScore HTTP/1.1", upstream: "http://127.0.0.1:1337/classes/GameScore", host: "domain.name"
Any ideas? Thanks
I was running into the same problem, in my case was an error due to the change of the path of an internal dependency during the migration.
I was able to troubleshoot it using:
pm2 logs 0
Hope it helps.
There was a syntax error in my cloud code.
Looks like your node.js server isn't running (or not listening on port 1337) - make sure it's up by running and if not, start the parse-server.
I am trying to manage a EC2 cloud instance with deltacloud API through curl. With the mock driver everything works fine: deltacloudd -i mock -r 10.0.0.3
curl --user "mockuser:mockpassword" "http://10.0.0.3:3001/api/instances?format=xml"
curl -X POST --user "mockuser:mockpassword" "http://10.0.0.3:3001/api/instances/inst1/stop?format=xml"
But with EC2 I am unable to start a stopped instance: deltacloudd -i ec2 -P eu-west-1 -r 10.0.0.3 -V
curl --user "accesskey:secretaccesskey" "http://10.0.0.3:3001/api/instances?format=xml"
curl -X POST --user "accesskey:secretaccesskey" "http://10.0.0.3:3001/api/instances/i-NNNNNNNN/start?format=xml"
Returns: The required capability to execute this operation is missing
Deltacloud log output:
Listening on 10.0.0.3:3001, CTRL+C to stop
D, [2014-06-25T10:47:34.149001 #3575] DEBUG -- : New Aws::Ec2 using per_thread-connection mode
D, [2014-06-25T10:47:34.150897 #3575] DEBUG -- : Opening new HTTPS connection to ec2.eu-west-1.amazonaws.com:443
10.0.0.5 - - [25/Jun/2014 10:47:34] "GET /api/instances?format=xml HTTP/1.1" ec2 eu-west-1 200 1628 0.6204
10.0.0.5 - - [25/Jun/2014 10:48:14] "POST /api/instances/i-NNNNNNNN/start?format=xml {} HTTP/1.1" ec2 eu-west-1 412 60 0.0077
Its therefore obvious that deltacloud process GET, but not forward the POST request to AWS.
The Problem also happens even by clicking the start button at the webinterface (10.0.0.3:3001). The accesskey and secretaccesskey are working fine with python-boto.
Can anyone suggest me whats wrong?
The short answer is, that you can not start a stopped Amazon EC2 instance with deltacloud in the current version 1.1.3 (2013-04-17). Perhaps there will be soon a newer version, but since Red Hat reduced their support the development of deltacloud slowed down.
I always used the curl command, now i have some problems with it.
I do curl --verbose https://testflightapp.com and its failed. the result is:
About to connect() to testflightapp.com port 80 (#0) Trying 110.173.143.147...Operation timed out
If I try manually on the browser its OK.
any solutions?
It seems curl is going to the wrong port: You're requesting a https URL, which, by default, is on port 443, and curl is going to 80.
Check if you have a curl version that supports HTTPS (has openssl/tls bindings).
Cheers,
Ricardo