The request fetching in on wensocket server is :
Upgrade: websocket
Connection: Upgrade
Host: 10.1.5.20:5555
Origin: http://localhost:8080
Sec-WebSocket-Protocol: sip
Pragma: no-cache
Cache-Control: no-cache
Sec-WebSocket-Key: T3jkd1s0pRceQbgdTLoaiQ==
Sec-WebSocket-Version: 13
Sec-WebSocket-Extensions: x-webkit-deflate-frame
The response I am trying to send back for the handshake is :
HTTP/1.1 101 WebSocket Protocol Handshake
Upgrade: WebSocket
Connection: Upgrade
Sec-WebSocket-Origin: http://localhost:8080
Sec-WebSocket-Location: ws://10.1.5.20:5555/
But the error I receive is :
**Exception in thread "main" java.io.IOException: Handshake failed
at websocket4j.AbstractWebSocket.<init>(AbstractWebSocket.java:123)
at websocket4j.server.WebSocket.<init>(WebSocket.java:73)
at websocket4j.server.WebServerSocket.accept(WebServerSocket.java:119)
at websocket4j.examples.EchoServer.main(EchoServer.java:51)
Caused by: java.io.IOException: End of stream
at websocket4j.AbstractWebSocket.readBytes(AbstractWebSocket.java:230)
at websocket4j.server.WebSocket.handshake(WebSocket.java:203)
at websocket4j.AbstractWebSocket$HandshakeRunner.run(AbstractWebSocket.java:79)
at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
at java.util.concurrent.FutureTask$Sync.innerRun(Unknown Source)
at java.util.concurrent.FutureTask.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)**
shouldn't you respond with the key?
try to add Sec-WebSocket-Accept: sha1(Sec-WebSocket-Key + magic string ) on your response
Related
We are running spring boot admin console inside Istio and trying to connect to pods with actuator end points. When SBAC tries to connect to a pod, it gives 502. We checked the logs and it sounds that SBAC is duplicating the IP address in the request URL
boot-admin-console 2023-01-12 19:26:54.480 DEBUG 1 --- [or-http-epoll-3] r.n.http.client.HttpClientOperations
: [db6578e5-10, L:/172.30.208.27:34026 - R:172.30.198.29/172.30.198.29:8080] Received response (auto-read:false) : RE
SPONSE(decodeResult: success, version: HTTP/1.1)
spring-boot-admin-console HTTP/1.1 200 OK
spring-boot-admin-console x-content-type-options:
spring-boot-admin-console x-xss-protection:
spring-boot-admin-console cache-control:
spring-boot-admin-console pragma:
spring-boot-admin-console expires:
spring-boot-admin-console x-frame-options:
spring-boot-admin-console content-type:
spring-boot-admin-console date:
spring-boot-admin-console x-envoy-upstream-service-time:
spring-boot-admin-console server:
spring-boot-admin-console transfer-encoding:
spring-boot-admin-console 2023-01-12 19:26:54.480 DEBUG 1 --- [or-http-epoll-3] r.n.r.DefaultPooledConnectionProvider
: [db6578e5-10, L:/172.30.208.27:34026 - R:172.30.198.29/172.30.198.29:8080] onStateChange(GET{uri=/actuator/health,
connection=PooledConnection{channel=[id: 0xdb6578e5, L:/172.30.208.27:34026 - R:172.30.198.29/172.30.198.29:8080]}}, [r
esponse_received])
Any ideas?
We have the headless service for the target service to allow connectivity between SBAC and the application pod. I curled the target pod actuator endpoint from the sbac pod and it is accessible but from the UI is giving 502
I have a problem, I think it's about Zuul's rescues. I searched the internet but found nothing to fix this error.
I have a login in the project, but first I have to create a user and when I do this I get this error. When creating a user, I just send the nickname and password in the form of JSON. After sending JSON, the user is not saved to db.
its logs form zuul
WARN 11880 --- [io-4200-exec-10] c.n.zuul.http.HttpServletRequestWrapper : Content-length different from byte array length! cl=56, array=0
2020-09-16 17:57:28.914 WARN 11880 --- [io-4200-exec-10] o.s.c.n.z.filters.post.SendErrorFilter : Error during filtering
com.netflix.zuul.exception.ZuulException:
at org.springframework.cloud.netflix.zuul.filters.post.SendErrorFilter.findZuulException(SendErrorFilter.java:118) ~[spring-cloud-netflix-zuul-2.2.3.RELEASE.jar:2.2.3.RELEASE]
at org.springframework.cloud.netflix.zuul.filters.post.SendErrorFilter.run(SendErrorFilter.java:78) ~[spring-cloud-netflix-zuul-2.2.3.RELEASE.jar:2.2.3.RELEASE]
at com.netflix.zuul.ZuulFilter.runFilter(ZuulFilter.java:117) ~[zuul-core-1.3.1.jar:1.3.1]
at com.netflix.zuul.FilterProcessor.processZuulFilter(FilterProcessor.java:193) ~[zuul-core-1.3.1.jar:1.3.1]
at com.netflix.zuul.FilterProcessor.runFilters(FilterProcessor.java:157) ~[zuul-core-1.3.1.jar:1.3.1]
at com.netflix.zuul.FilterProcessor.error(FilterProcessor.java:105) ~[zuul-core-1.3.1.jar:1.3.1]
at com.netflix.zuul.ZuulRunner.error(ZuulRunner.java:112) ~[zuul-core-1.3.1.jar:1.3.1]
at com.netflix.zuul.http.ZuulServlet.error(ZuulServlet.java:145) ~[zuul-core-1.3.1.jar:1.3.1]
bootstrap.yml form gateway
spring:
application:
name: gateway-server
cloud:
config:
enabled: false
uri: http://localhost:8888
fail-fast: true
retry:
max-attempts: 20
server:
port: 4200
zuul:
prefix: /api
routes:
credit-service:
path: /credit/**
serviceId: credit-service
auth-service:
path: /auth/**
serviceId: auth-service
hystrix:
command:
default:
execution:
isolation:
thread:
timeoutInMilliseconds: 80000
ribbon:
ReadTimeout: 20000
ConnectTimeout: 20000
and this is log from auth-service when I create user
WARN 11216 --- [o-auto-1-exec-2] .w.s.m.s.DefaultHandlerExceptionResolver : Resolved [org.springframework.http.converter.HttpMessageNotReadableException: I/O error while reading input message; nested exception is org.apache.catalina.connector.ClientAbortException: java.io.EOFException: Unexpected EOF read on the socket]
Edit
IllegalStateException: Cannot call sendError() after the response has been committed] with root cause
java.lang.IllegalStateException: Cannot call sendError() after the response has been committed
at org.apache.catalina.connector.ResponseFacade.sendError(ResponseFacade.java:472) ~[tomcat-embed-core-9.0.36.jar:9.0.36]
at javax.servlet.http.HttpServletResponseWrapper.sendError(HttpServletResponseWrapper.java:129) ~[tomcat-embed-core-9.0.36.jar:9.0.36]
at javax.servlet.http.HttpServletResponseWrapper.sendError(HttpServletResponseWrapper.java:129) ~[tomcat-embed-core-9.0.36.jar:9.0.36]
at org.springframework.security.web.util.OnCommittedResponseWrapper.sendError(OnCommittedResponseWrapper.java:115) ~[spring-security-web-5.3.3.RELEASE.jar:5.3.3.RELEASE]
at org.springframework.web.servlet.resource.ResourceHttpRequestHandler.handleRequest(ResourceHttpRequestHandler.java:488) ~[spring-webmvc-5.2.7.RELEASE.jar:5.2.7.RELEASE]
at org.springframework.web.servlet.mvc.HttpRequestHandlerAdapter.handle(HttpRequestHandlerAdapter.java:53) ~[spring-webmvc-5.2.7.RELEASE.jar:5.2.7.RELEASE]
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1040) ~[spring-webmvc-5.2.7.RELEASE.jar:5.2.7.RELEASE]
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:943) ~[spring-webmvc-5.2.7.RELEASE.jar:5.2.7.RELEASE]
I solved the problem. I had to improve JwtAuthorizationFilter
I have the following code refered from here in my middlewares.py which i'm trying to change my ip in TOR with every request
def _set_new_ip():
with Controller.from_port(port=9051) as controller:
controller.authenticate(password='tor_password')
controller.signal(Signal.NEWNYM)
class RandomUserAgentMiddleware(object):
def process_request(self, request, spider):
ua = random.choice(settings.get('USER_AGENT_LIST'))
if ua:
request.headers.setdefault('User-Agent', ua)
class ProxyMiddleware(object):
def process_request(self, request, spider):
_set_new_ip()
request.meta['proxy'] = 'http://127.0.0.1:8118'
spider.log('Proxy : %s' % request.meta['proxy'])
But when i try to start the crawling in scrapy it keeps returning me the following:
2017-09-10 22:36:44 [scrapy.extensions.telnet] DEBUG: Telnet console listening on 127.0.0.1:6023
2017-09-10 22:36:44 [stem] DEBUG: GETCONF __owningcontrollerprocess (runtime: 0.0004)
2017-09-10 22:36:44 [stem] INFO: Error while receiving a control message (SocketClosed): empty socket content
2017-09-10 22:36:44 [IT] DEBUG: Proxy : http://127.0.0.1:8118
2017-09-10 22:36:44 [scrapy.downloadermiddlewares.retry] DEBUG: Retrying <GET https://www.jobstreet.com.sg/en/job-search/job-vacancy.php?ojs=10&key=information%20technology> (failed 1 times): Connection was refused by other side: 61: Connection refused.
2017-09-10 22:36:44 [stem] DEBUG: GETCONF __owningcontrollerprocess (runtime: 0.0003)
2017-09-10 22:36:44 [stem] INFO: Error while receiving a control message (SocketClosed): empty socket content
2017-09-10 22:36:44 [IT] DEBUG: Proxy : http://127.0.0.1:8118
2017-09-10 22:36:52 [scrapy.downloadermiddlewares.retry] DEBUG: Retrying <GET https://www.jobstreet.com.sg/en/job-search/job-vacancy.php?ojs=10&key=information%20technology> (failed 2 times): Connection was refused by other side: 61: Connection refused.
2017-09-10 22:36:52 [stem] DEBUG: GETCONF __owningcontrollerprocess (runtime: 0.0004)
2017-09-10 22:36:52 [stem] INFO: Error while receiving a control message (SocketClosed): empty socket content
2017-09-10 22:36:52 [IT] DEBUG: Proxy : http://127.0.0.1:8118
2017-09-10 22:36:56 [scrapy.downloadermiddlewares.retry] DEBUG: Gave up retrying <GET https://www.jobstreet.com.sg/en/job-search/job-vacancy.php?ojs=10&key=information%20technology> (failed 3 times): Connection was refused by other side: 61: Connection refused.
2017-09-10 22:36:56 [scrapy.core.scraper] ERROR: Error downloading <GET https://www.jobstreet.com.sg/en/job-search/job-vacancy.php?ojs=10&key=information%20technology>: Connection was refused by other side: 61: Connection refused.
2017-09-10 22:36:56 [scrapy.core.engine] INFO: Closing spider (finished)
I have a zuul server with a config file as:
server:
port: 9090
eureka:
client:
serviceUrl:
defaultZone: http://172.16.5.147:8761/eureka/
instance:
leaseRenewalIntervalInSeconds: 30
hostname: dev-zuulserver
non-secure-port: 80
zuul:
prefix: /v1
sensitiveHeaders: Cookie, Set-Cookie
ignoredHeaders: Access-Control-Allow-Origin
host:
connect-timeout-millis: 60000 # starting the connection
socket-timeout-millis: 120000 # monitor the continuous incoming data flow
ribbon:
eureka:
enabled: true
ReadTimeout: 120000
ConnectTimeout: 3000
hystrix:
command:
default:
execution:
isolation:
strategy: THREAD
thread:
timeoutInMilliseconds: 60000
And I have some queries with longer timeout (more than one minute). But, all my requests always error out with a time out, request time always is less than 6000 ms.
And zuul show this exception:
Caused by: java.lang.RuntimeException: java.net.SocketTimeoutException: Read timed out
at rx.exceptions.Exceptions.propagate(Exceptions.java:58) ~[rxjava-1.1.10.jar!/:1.1.10]
at rx.observables.BlockingObservable.blockForSingle(BlockingObservable.java:465) ~[rxjava-1.1.10.jar!/:1.1.10]
at rx.observables.BlockingObservable.single(BlockingObservable.java:342) ~[rxjava-1.1.10.jar!/:1.1.10]
at com.netflix.client.AbstractLoadBalancerAwareClient.executeWithLoadBalancer(AbstractLoadBalancerAwareClient.java:117) ~[ribbon-loadbalancer-2.2.2.jar!/:2.2.2]
... 133 common frames omitted
Caused by: java.net.SocketTimeoutException: Read timed out
at java.net.SocketInputStream.socketRead0(Native Method) ~[na:1.8.0_131]
at java.net.SocketInputStream.socketRead(SocketInputStream.java:116) ~[na:1.8.0_131]
at java.net.SocketInputStream.read(SocketInputStream.java:171) ~[na:1.8.0_131]
at java.net.SocketInputStream.read(SocketInputStream.java:141) ~[na:1.8.0_131]
at org.apache.http.impl.io.SessionInputBufferImpl.streamRead(SessionInputBufferImpl.java:137) ~[httpcore-4.4.6.jar!/:4.4.6]
at org.apache.http.impl.io.SessionInputBufferImpl.fillBuffer(SessionInputBufferImpl.java:153) ~[httpcore-4.4.6.jar!/:4.4.6]
at org.apache.http.impl.io.SessionInputBufferImpl.readLine(SessionInputBufferImpl.java:282) ~[httpcore-4.4.6.jar!/:4.4.6]
at org.apache.http.impl.conn.DefaultHttpResponseParser.parseHead(DefaultHttpResponseParser.java:138) ~[httpclient-4.5.3.jar!/:4.5.3]
at org.apache.http.impl.conn.DefaultHttpResponseParser.parseHead(DefaultHttpResponseParser.java:56) ~[httpclient-4.5.3.jar!/:4.5.3]
at org.apache.http.impl.io.AbstractMessageParser.parse(AbstractMessageParser.java:259) ~[httpcore-4.4.6.jar!/:4.4.6]
at org.apache.http.impl.DefaultBHttpClientConnection.receiveResponseHeader(DefaultBHttpClientConnection.java:163) ~[httpcore-4.4.6.jar!/:4.4.6]
at org.apache.http.impl.conn.CPoolProxy.receiveResponseHeader(CPoolProxy.java:165) ~[httpclient-4.5.3.jar!/:4.5.3]
at org.apache.http.protocol.HttpRequestExecutor.doReceiveResponse(HttpRequestExecutor.java:273) ~[httpcore-4.4.6.jar!/:4.4.6]
at org.apache.http.protocol.HttpRequestExecutor.execute(HttpRequestExecutor.java:125) ~[httpcore-4.4.6.jar!/:4.4.6]
Does anyone have a solution for this case?
Thank you!
Try by adding timeout for Ribbon in ZUUL config.
Following will set timeout of 2min.
ribbon:
ConnectTimeout: 120000
ReadTimeout: 120000
In your application.properties just add:
hystrix.command.default.execution.isolation.thread.timeoutInMilliseconds: 240000
ribbon.ConnectTimeout: 120000
ribbon.ReadTimeout: 120000
I'm using WSO2 API Manager 2.0 and have configured it to use a proxy by adding the following configuration to the axis2.xml and synapse.xml. However, when I try to access the test API I've made, I get the errors "Proxy Authorization required" or "Server Hangup". When I tried to see the requests made over the wire, I saw that there were two requests going - A GET request (which receives the Server Hangup error) that has the Proxy Authentication header, and a CONNECT request (which receives the Proxy Authorization required error) that doesn't. Why is this happening and how can I make the header appear in every request?
axis2.xml:
<transportSender name="http" class="org.apache.synapse.transport.passthru.PassThroughHttpSender">
<parameter name="non-blocking" locked="false">true</parameter>
<parameter name="http.proxyHost" locked="false">10.1.0.236</parameter>
<parameter name="http.proxyPort" locked="false">80</parameter>
</transportSender>
<transportSender name="https" class="org.apache.synapse.transport.passthru.PassThroughHttpSSLSender">
<parameter name="non-blocking" locked="false">true</parameter>
<parameter name="http.proxyHost" locked="false">10.1.0.236</parameter>
<parameter name="http.proxyPort" locked="false">80</parameter>
<parameter name="keystore" locked="false">
<KeyStore>
<Location>repository/resources/security/wso2carbon.jks</Location>
<Type>JKS</Type>
<Password>wso2carbon</Password>
<KeyPassword>wso2carbon</KeyPassword>
</KeyStore>
</parameter>
<parameter name="truststore" locked="false">
<TrustStore>
<Location>repository/resources/security/client-truststore.jks</Location>
<Type>JKS</Type>
<Password>wso2carbon</Password>
</TrustStore>
</parameter>
<parameter name="HostnameVerifier">AllowAll</parameter>
<!--supports Strict|AllowAll|DefaultAndLocalhost or the default if none specified -->
</transportSender>
synapse.xml:
<definitions xmlns="http://ws.apache.org/ns/synapse">
<sequence xmlns="http://ws.apache.org/ns/synapse" name="WSO2AM--Ext--In">
<property name="Proxy-Authorization" expression="fn:concat('Basic ', base64Encode('smsapp:let$c0nnect'))" scope="transport"/>
<property name="POST_TO_URI" value="true" scope="axis2"/>
<property name="DISABLE_CHUNKING" value="true" scope="axis2"/>
<log level="custom">
<property name="TRACE" value="Global Mediation Extension2"/>
</log>
</sequence>
<!-- You can add any flat sequences, endpoints, etc.. to this synapse.xml file if you do
*not* want to keep the artifacts in several files -->
</definitions>
Requests and their responses:
GET
GET https://apiurl.com/api/apiname HTTP/1.1\r\n
[Expert Info (Chat/Sequence): GET https://apiurl.com/api/apiname HTTP/1.1\r\n]
[GET https://apiurl.com/api/apiname HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: GET
Request URI: https://apiurl.com/api/apiname
Request Version: HTTP/1.1
Proxy-Authorization: Basic XXXXXXXXXXXXXXXX\r\n
Credentials: username:pwd
Hypertext Transfer Protocol
HTTP/1.1 502 Server Hangup\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 502 Server Hangup\r\n]
[HTTP/1.1 502 Server Hangup\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 502
Response Phrase: Server Hangup
Date: Thu, 08 Dec 2016 12:12:20 GMT\r\n
Connection: close\r\n
Via: HTTPS/1.1 localhost.localdomain\r\n
Cache-Control: no-store\r\n
Content-Type: text/html\r\n
Content-Language: en\r\n
Content-Length: 666\r\n
\r\n
[HTTP response 1/1]
[Time since request: 0.235017000 seconds]
[Request in frame: 456]
File Data: 666 bytes
CONNECT
Hypertext Transfer Protocol
CONNECT apiurl.com:443 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): CONNECT apiurl.com:443 HTTP/1.1\r\n]
[CONNECT apiurl.com:443 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: CONNECT
Request URI: apiurl.com:443
Request Version: HTTP/1.1
Host: apiurl.com:443\r\n
Proxy-Connection: Keep-Alive\r\n
\r\n
[Full request URI: apiurl.com:443]
[HTTP request 1/2]
[Response in frame: 595]
[Next request in frame: 880]
Hypertext Transfer Protocol
HTTP/1.1 407 Proxy Authorization Required\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 407 Proxy Authorization Required\r\n]
[HTTP/1.1 407 Proxy Authorization Required\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 407
Response Phrase: Proxy Authorization Required
Date: Thu, 08 Dec 2016 12:12:22 GMT\r\n
Proxy-Connection: keep-alive\r\n
Via: 1.1 localhost.localdomain\r\n
Cache-Control: no-store\r\n
Content-Type: text/html\r\n
Content-Language: en\r\n
Proxy-Authenticate: Basic realm="Websense Content Gateway"\r\n
Content-Length: 666\r\n
\r\n
[HTTP response 1/2]
[Time since request: 0.002752000 seconds]
[Request in frame: 589]
[Next request in frame: 880]
[Next response in frame: 894]
File Data: 666 bytes
Here's a solution that worked for me (I use ESB 5.0.0, not API Manager).
In my case I had to add proxyProfiles to my HTTP and HTTPS sender in axis2. So I had to:
Delete proxy parameters in http and https sender:
<parameter name="http.proxyHost" locked="false">some_host</parameter>
<parameter name="http.proxyPort" locked="false">some_port</parameter>
Add parameter ProxyProfiles (in both http and https sender)
<parameter name="proxyProfiles">
<profile>
<targetHosts>*</targetHosts>
<proxyHost>some_host</proxyHost>
<proxyPort>some_port</proxyPort>
<proxyUserName>some_username</proxyUserName>
<proxyPassword>some_password</proxyPassword>
</profile>
</parameter>
In my .xml API I deleted the Proxy-Authorization and POST_TO_URI.
more details:
Working with Proxy Servers (wso2.com)
edit:
after few more tests seems that HTTP needs Proxy-Authorization and POST_TO_URI parameters in API, but HTTPS instead of them needs proxyProfiles as I mentioned before. Without this it's impossible to call HTTPS service.