I am running Ubuntu on an EC2 instance and certain, very particular hosts fail to reply to POST. For example when I run
curl -v -L -I http://www.moneymanagement.com.au/
from my local machine, I receive an immediate reply. However, the same command, run from EC2 times out.
About to connect() to www.moneymanagement.com.au port 80 (#0)
Trying 61.14.142.150... Connection timed out
couldn't connect to host
Closing connection #0 curl: (7) couldn't connect to host
However the same POST to Google and others returns immediately. Additionally, circumventing the name server avoids this problem:
curl -v -L -I 141.101.124.53
Replies without failure. What might be causing this behavior?
Edit: Here are the traceroute results.
traceroute to www.moneymanagement.com.au (61.14.142.150), 30 hops max, 60 byte packets
1 10.96.72.3 (10.96.72.3) 0.345 ms 0.444 ms 0.556 ms
2 ip-10-1-16-41.ec2.internal (10.1.16.41) 0.540 ms ip-10-1-28-41.ec2.internal (10.1.28.41) 0.390 ms ip-10-1-18-41.ec2.internal (10.1.18.41) 0.499 ms
3 ip-10-1-29-14.ec2.internal (10.1.29.14) 0.667 ms ip-10-1-13-14.ec2.internal (10.1.13.14) 0.755 ms ip-10-1-29-14.ec2.internal (10.1.29.14) 0.865 ms
4 216.182.224.120 (216.182.224.120) 2.872 ms 216.182.232.50 (216.182.232.50) 2.732 ms 216.182.224.211 (216.182.224.211) 2.580 ms
5 100.64.2.195 (100.64.2.195) 1.680 ms 100.64.2.235 (100.64.2.235) 1.885 ms 100.64.2.247 (100.64.2.247) 2.098 ms
6 100.64.0.50 (100.64.0.50) 364.049 ms 100.64.0.6 (100.64.0.6) 383.689 ms 100.64.0.24 (100.64.0.24) 403.813 ms
7 * * *
8 72.21.220.225 (72.21.220.225) 0.526 ms 72.21.222.148 (72.21.222.148) 1.056 ms 72.21.220.225 (72.21.220.225) 0.718 ms
9 72.21.222.148 (72.21.222.148) 0.815 ms 205.251.245.64 (205.251.245.64) 0.839 ms 72.21.222.148 (72.21.222.148) 47.064 ms
10 gw3.lax1.asianetcom.net (206.223.115.40) 65.325 ms 65.297 ms 65.291 ms
11 te0-1-0-0-983.cr1.syd5.asianetcom.net (203.192.174.133) 202.111 ms 201.326 ms 201.273 ms
12 gi0-1-0.gw16.syd5.asianetcom.net (203.192.174.170) 201.375 ms te0-1-0-0-983.cr1.syd5.asianetcom.net (203.192.174.133) 200.736 ms gi0-1-0.gw16.syd5.asianetcom.net (203.192.174.170) 200.682 ms
13 gi0-1-0.gw16.syd5.asianetcom.net (203.192.174.170) 200.504 ms 200.922 ms *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *
The connection timed out error is where you should concentrate (assuming the IP address is the correct one for the host you intend to connect to.) In order to establish an HTTP connection you will need:
a web server listening on port 80 on the server
a security group associated with the host instance that allows traffic over port 80 from your IP (more likely from all IPs)
Check that the web server is running on the instance (log in and run ps -elf and check for your web server process (e.g. apache or nginx). Or check the web server error log to ensure that it started correctly. Unless you have a funky configuration, it's likely listening on port 80.
Check the security group associated with the instance through the AWS console. Is it the same as other instances that are working? If not, chances are that's the problem, or if this is the only instance, then you'll need to allow traffic on port 80.
If the IP address is wrong, check your DNS settings (Route 53 on AWS if that's where you do DNS for your domain), or the IP address associated with any elastic IP associated with the instance.
Related
Can anyone please explain, why the ignite is using the 31100 port. I have got the info in web as it is a time server port. I couldn't get anything other than this info.
I see following configuration options in Ignite project:
/** Base port number for time server. */
private int timeSrvPortBase = DFLT_TIME_SERVER_PORT_BASE; // 31100
/** Port number range for time server. */
private int timeSrvPortRange = DFLT_TIME_SERVER_PORT_RANGE; // 100
/**
* Gets base UPD port number for grid time server. Time server will be started on one of free ports in range
* {#code [timeServerPortBase, timeServerPortBase + timeServerPortRange - 1]}.
* <p>
* Time server provides clock synchronization between nodes.
*
* #return Time
*/
public int getTimeServerPortBase() {
return timeSrvPortBase;
}
/**
* Defines port range to try for time server start.
*
* If port range value is <tt>0</tt>, then implementation will try bind only to the port provided by
* {#link #setTimeServerPortBase(int)} method and fail if binding to this port did not succeed.
*
* #return Number of ports to try before server initialization fails.
*/
public int getTimeServerPortRange() {
return timeSrvPortRange;
}
But I don't see any usage of this methods in other places. Looks like and obsolete feature. I've just started one server node of 2.10 and didn't see any open ports in range 311xx (sudo netstat -atnp | grep 311[0-9][0-9] was empty). Are you sure that your Ignite instance exposes this port? What version do you use?
I have a simple Spring boot service that is called on-demand and consumes specified number of messages from the topic. Number of messages to consume is passed as a parameter. Service is being called every 30 minutes. Each message size is ~1.6 kb. When I call a service and pass a parameter of 3000 I am expecting 3000 thousand messages to be returned, but I always get around 1100 or 1200 messages every-time. I have one topic with one partition only. It's a on-demand service so not using while loop and have set poll time to 30 secs. But the response comes back within 10 seconds and the number of records returned is ~1200 even though MAX_POLL_RECORDS_CONFIG is 3000, 4000 or 5000. Just curious if there's any size limit on the messages even though poll time is 30 sec, how can I achieve more throughput or close to the limit. Below gets executed every time a service is called. here is how the service is called http://example.com/messages?limit=5000
Properties p = new Properties();
//limit is the value coming in as a query paramter and can be 3000, 4000 or 5000
p.put(ConsumerConfig.MAX_POLL_RECORDS_CONFIG, limit);
p.put(ConsumerConfig.SESSION_TIMEOUT_MS_CONFIG , 15000);
p.put(ConsumerConfig.FETCH_MIN_BYTES_CONFIG , 22 * 1024 * 1024);
p.put(ConsumerConfig.FETCH_MIN_BYTES_CONFIG , 50 * 1024 * 1024);
p.put(ConsumerConfig.FETCH_MAX_WAIT_MS_CONFIG , 500);
p.put(ConsumerConfig.MAX_PARTITION_FETCH_BYTES_CONFIG , 50 * 1024 * 1024);
consumer = consumerFactory.createConsumer("my-group-id", null, null, p);
consumer.assign(Collections.singleton(new TopicPartition("test-topic", 0)));
ConsumerRecords<Object, Object> consumerRecords = consumer.poll(Duration.ofSeconds(30));
// processing the messages somehow I always get ~1200 messages
.........................................
.........................................
.................................
consumer.commitAsync();
// return list of messages
Thanks
I have multiple tasks that need to be done every hour or two. All of them have been scheduled via Laravel using below comamnds as cron jobs
$schedule->command('email:notifications1')
->cron('15 * * * * *');
$schedule->command('email:notifications2')
->cron('15 * * * * *');
$schedule->command('email:notifications3')
->cron('15 * * * * *');
Issue:
All of the above tasks are pretty time consuming & it seems from the results that these tasks are not running in parallel. And each tasks runs after the previous has ended.
Requirment
How can i run them in parallel? I want all tasks to be executed (in parallel) as soon as the clock tick the specified time.
Laravel Version 5
You can easily have multiple parallel commands running if you add runInBackground() to the chain.
Like this:
$schedule->command('email:notifications1')
->cron('15 * * * * *')->runInBackground();
$schedule->command('email:notifications2')
->cron('15 * * * * *')->runInBackground();
$schedule->command('email:notifications3')
->cron('15 * * * * *')->runInBackground();
This creates a new process in the background so the Scheduler doesn't have to wait until the command executes. This doesn't even interfere with the withoutOverlapping() method because that works with mutex files.
Now you also have the benefit of having your commands in version control.
The Laravel scheduler can only run one command at a time because of the limitations of PHP.
You could, however, add the cronjobs directly in your crontab file, this way, they will be executed in parallel in separate processes.
15 * * * * * php /path/to/artisan email:notifications1
15 * * * * * php /path/to/artisan email:notifications2
15 * * * * * php /path/to/artisan email:notifications3
Another way to fix this is to let the jobs start at another time. Because a new php process is started every minute by the cron job, these do not affect each other.
For example:
$schedule->command('email:notifications1')
->cron('5 * * * * *');
$schedule->command('email:notifications2')
->cron('10 * * * * *');
$schedule->command('email:notifications3')
->cron('15 * * * * *');
I have set up a linux server running Ubuntu 15.10 x64. I have set up php/openssl/curl to work together to send using HTTP/2. The PHP script I am testing with is below. Basically, I'm sending two push messages, both using the same curl handle in order to keep the connection open as recommended by Apple. The first message goes through and shows up on my device just fine, but when it tries to send the second, I get an error "Unknown SSL protocol error in connection to api.development.push.apple.com:443" after "SSL re-using session ID". Does anyone have any suggestions about what could be wrong? Could someone try the script and let me know if they are experiencing the same thing?
Below are the version printouts from my server:
PHP
PHP 7.0.5-2+deb.sury.org~wily+1 (cli) ( NTS )
Copyright (c) 1997-2016 The PHP Group
Zend Engine v3.0.0, Copyright (c) 1998-2016 Zend Technologies
with Zend OPcache v7.0.6-dev, Copyright (c) 1999-2016, by Zend Technologies
OpenSSL
OpenSSL 1.0.2d 9 Jul 2015
curl
curl 7.48.0 (x86_64-pc-linux-gnu) libcurl/7.48.0 OpenSSL/1.0.2d zlib/1.2.8 libidn/1.28 nghttp2/1.10.0-DEV librtmp/2.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp smb smbs smtp smtps telnet tftp
Features: IDN IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP HTTP2 UnixSockets
PHP CODE:
<?php
$ch = curl_init();
$device_token = 'TOKEN HERE';
$pem_file = 'YOURFILE.pem';
$pem_secret = 'PEM PASS';
$apns_topic = 'com.YOURTOPIC';
//curl_setopt($ch, CURLOPT_SSLVERSION, 6);
curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_2_0);
curl_setopt($ch, CURLOPT_HTTPHEADER, array("apns-topic: $apns_topic"));
curl_setopt($ch, CURLOPT_SSLCERT, $pem_file);
curl_setopt($ch, CURLOPT_SSLCERTPASSWD, $pem_secret);
curl_setopt($ch, CURLOPT_VERBOSE , true);
echo "Try 1 ================================================" . PHP_EOL;
//setup and send first push message
$url = "https://api.development.push.apple.com/3/device/$device_token";
curl_setopt($ch, CURLOPT_URL, "{$url}");
$sample_alert = '{"aps":{"alert":"hi #1","sound":"default"}}';
curl_setopt($ch, CURLOPT_POSTFIELDS, $sample_alert);
$response = curl_exec($ch);
$httpcode = curl_getinfo($ch);
//var_dump($response);
//var_dump($httpcode);
echo "Try 2 ================================================" . PHP_EOL;
//setup and send second push message
$url = "https://api.development.push.apple.com/3/device/$device_token";
curl_setopt($ch, CURLOPT_URL, "{$url}");
$sample_alert = '{"aps":{"alert":"hi #2","sound":"default"}}';
curl_setopt($ch, CURLOPT_POSTFIELDS, $sample_alert);
$response = curl_exec($ch);
$httpcode = curl_getinfo($ch);
//var_dump($response);
//var_dump($httpcode);
curl_close($ch);
Output from running the script above using curl verbose (personal items replaced with XXXXX):
Try 1 ================================================
* Trying 17.110.227.100...
* Connected to api.development.push.apple.com (17.110.227.100) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:#STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: none
* SSL connection using TLSv1.2 / XXXXXXXXXXXXXXXXXXXXXXXXXXX
* ALPN, server accepted to use h2
* Server certificate:
* subject: CN=api.development.push.apple.com; OU=management:idms.group.533599; O=Apple Inc.; ST=California; C=US
* start date: Jun 19 01:49:43 2015 GMT
* expire date: Jul 18 01:49:43 2017 GMT
* subjectAltName: host "api.development.push.apple.com" matched cert's "api.development.push.apple.com"
* issuer: CN=Apple IST CA 2 - G1; OU=Certification Authority; O=Apple Inc.; C=US
* SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* TCP_NODELAY set
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x555e84417f80)
> POST /3/device/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
HTTP/1.1
Host: api.development.push.apple.com
Accept: */*
apns-topic: com.XXXXXXX.XXXXXXXXXXXXXXXXXX
Content-Length: 43
Content-Type: application/x-www-form-urlencoded
* Connection state changed (MAX_CONCURRENT_STREAMS updated)!
* We are completely uploaded and fine
< HTTP/2.0 200
< apns-id:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
<
* Connection #0 to host api.development.push.apple.com left intact
Try 2 ================================================
* Found bundle for host api.development.push.apple.com: 0x555e8442afb0 [can multiplex]
* Hostname api.development.push.apple.com was found in DNS cache
* Trying 17.110.227.100...
* Connected to api.development.push.apple.com (17.110.227.100) port 443 (#1)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:#STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: none
* SSL re-using session ID
* Unknown SSL protocol error in connection to api.development.push.apple.com:443
* Closing connection 1
I tried your code and it works right on my machine. Nevertheless I see some differences between our verbose logs. The log of Try 1 is identical, but the log in Try 2 has some differences, this is mine:
...
Try 2 ================================================
* Found bundle for host api.development.push.apple.com: 0x7fe1b380e730 [can multiplex]
* Re-using existing connection! (#0) with host api.development.push.apple.com
* Connected to api.development.push.apple.com (17.172.238.203) port 443 (#0)
* Using Stream ID: 3 (easy handle 0x7fe1b305da00)
> POST /3/device/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX HTTP/1.1
Host: api.development.push.apple.com
Accept: */*
apns-topic: it.XXX.XXXXX
Content-Length: 43
Content-Type: application/x-www-form-urlencoded
* We are completely uploaded and fine
< HTTP/2.0 200
< apns-id:XXXXXXXXXXXXXXXXX
<
* Connection #0 to host api.development.push.apple.com left intact
I don't see in your log the text "Re-using existing connection!" ...
EDIT
The solution seems to be to downgrade curl to 7.47.1
Had same problem. Found this solution on github package while digging the code, worked for me. https://github.com/nfilin/apns-http2.
Add this to options to your curl and try again.
curl_setopt($ch, CURLOPT_SSLKEY, $pem_file);
curl_setopt($ch, CURLOPT_SSLKEYTYPE, 'PEM');
As the accepted answer says, it works by downgrading to cur-7.47.1... but only if all the messages sent return an HTTP 200 code.
If for example, the second message contains an invalid payload or device token (and as expected, an HTTP 4xx response is received), on the third message get the "Unknown SSL protocol error in connection to api.development.push.apple.com:443".
I guess the expected behavior would be to receive an 4xx on the second message, but not interrupting the connection.
A sub-standard work around would be if not receiveing a 200 then disconnect and connect again. But I guess after many disconnect/reconnect cycles we would get banned from apple server.
I'm on the World Wide Web right now, as evidenced by posting on StackOverflow. However, if I try to ping stackoverflow.com from the command line, the ping times out. What do I need to do for ping to work?
> ping stackoverflow.com
Pinging stackoverflow.com [198.252.206.140] with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 198.252.206.140:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
Edit, try tracert
> tracert stackoverflow.com
Tracing route to stackoverflow.com [198.252.206.140] over a maximum of 30 hops:
1 * * * Request timed out.
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.
5 * * * Request timed out.
6 * * * Request timed out.
7 * * * Request timed out.
8 * * * Request timed out.
9 * * * Request timed out.
10 * * * Request timed out.
11 * * * Request timed out.
12 * * * Request timed out.
13 * * * Request timed out.
14 * * * Request timed out.
15 * * * Request timed out.
...
Trace complete.
It's Request timed out. all the way to 30 hops.
Edit, try ping google.com
Same result. :-)
Some hosts have a firewall that block the ICMP (http://ca.wikipedia.org/wiki/Internet_Control_Message_Protocol) packets like ping. You can use traceroute (cmd line tool or online webs like http://ping.eu/traceroute/) or tcptraceroute (http://linux.die.net/man/1/tcptraceroute).
Some routers also have a firewall that block ICMP. You can detect this by doing ping google.com. It that fails, then it's your local router that's problematic not the remote host.
hope it can help you