I have a ruby on rails app serving an API. It's legacy and we've already built a replacement on a more suitable stack, so no such suggestions in that direction needed :)
But we need to improve the performance on it regarding latency of response. I noticed keepalive was off. So I enabled it in apache. Now the static files from that server are responding with connection: keep-alive in the response headers. But the api (dynamic, rudy generated xml) still responds with connection: close. Sure enough it appears to be closing the connection on the client. Passenger is the Apache module used.
How can I make it use keepalive for the ruby generated responses?
Thanks
I can not reproduce this. I just tried, with Apache 2.2.3, passenger 3.0.12
The responses from my rails app do not have connection:close, they are kept alive. (They in fact have a Connection: Keep-Alive too, although I don't think HTTP 1.1 requires that.
So long as my apache has KeepAlive On.
Related
I try to read the website https://www.eroids.com/reviews with Indy and always get a 403.
This website seems only to load when I set the ssl version to sslvTLSv1_1. If I do that, this website loads fine, but other websites not. Most other seems to use sslvTLSv1_2.
As long I only add [sslvTLSv1_1] to the sslversion, it works, but when I add [sslvTLSv1_1, sslvTLSv1_2], the mentioned site does not load anymore (again 403), but any other site does.
My question is: How can I determine what sslversion a website need? Do I need to try to access the site with each ssl version until I get a 200 back or is there something to me unknown integrated into indy to automatically do that?
How can I determine what sslversion a website need?
In general, you can't. However, most servers support version negotiation during the TLS handshake, so that clients supporting multiple/different TLS versions can negotiate with the server for which TLS version to use. But, it sounds like maybe this particular server does not support that.
However, the fact that you are even getting an HTTP 403 response at all for an HTTPS url means a TLS session is being created fine, so the issue is something else.
Unless the server is ignoring all TLS errors during the handshake and creating a simple TLS session, THEN is sending an HTTP error in reply to an earlier TLS error. Which is rare, but not unheard of.
Do I need to try to access the site with each ssl version until I get a 200 back
In this particular situation, probably so, yes. Start with [sslvTLSv1_1, sslvTLSv1_2], and if that fails then retry with [sslvTLSv1_2], then retry with [sslvTLSv1_1], and so on.
is there something to me unknown integrated into indy to automatically do that?
Indy does not have that capability at this time, no.
I am trying to connect to a server that defaults to HTTP/2 with Apach Http-Components 3.4, which is not HTTP/2 compatible. I see here that a client can request HTTP/2 from the server via the Upgrade header. Is there a way to request HTTP/1.1 from the server?
Yes, it should be the default. A server should only HTTP/2 to a client if it was previously negotiated.
Either:
through an upgrade from HTTP/1 through the HTTP Upgrade header
through protocol negotiation (ALPN) during the TLS handshake
It is theoretically possible to force HTTP/2 on both sides without negotation. This is called HTTP/2 with prior-knowledge. However that mode shouldn't be used on public servers, since it exactly causes the problems that you are having.
I would try to speak to the developers/maintainers of the server if the HTTP/2 only behavior is intended.
Is there any way to force NSURLConnection to not reuse the current persistent connection but to create a new one ?
I am trying to defend myself from this known iOS8 keep-alive bug
If iOS 8 receives a HTTP response with a Keep-Alive header, it keeps this
connection to re-use later (as it should), but it keeps it for more
than the timeout parameter of the Keep-Alive header and then when a
second request comes it tries to re-use a connection that has been
dropped by the server.
I am looking for a way to solve this issue from Objective c rather than solving from server side.
If any third party libraries provides a way to ignore Keep-alive header then its also welcome.
This issue is somewhat related to following issues(1,2)
Any help is appreciated !
The only way I found is to use CFNetwork. Higher level API such as NSURLConnection or NSURLSession's Connection header will be overwritten by system.
I have tried every conceivable haproxy configuration posted in blogs and stackoverflow, but I still cannot get haproxy and socket.io to work 100% of the time. In the majority of browsers that "support" web sockets it fails and falls back on long polling after missed heart beats. The browser appears to make the initial connection (nodejs debugging), but I cannot get the clients to receive the connection response. Is anyone else having similar problems? Below are the software version numbers and a couple of the configs I have tried.
haproxy 1.4.18
node 0.6.5
socket.io 0.8.7
Haproxy configurations (I have tried many more and numerous options):
http://engineering.bistri.com/post/14307969768/socket-io-haproxy-http-authentication
HAProxy + WebSocket Disconnection
http://pastebin.com/H3XNv0TQ
http://www.darkcoding.net/software/proxy-socket-io-and-nginx-on-the-same-port-over-ssl/ (minus ssl stuff)
Web sockets working in:
Safari 5 (Windows)
Chrome 11 (Linux)
Websockets cannot be reverse proxy'd because the 8 bytes of data the client must send after the headers is not advertised in a Content-Length header, so the intermediates won't forward that data until the handshake completes. And since the handshake needs those 8 bytes to complete, the handshake never completes and deadlocks, http://www.enotes.com/topic/WebSockets#Proxy_traversal. This is not the only source. Many more sources verify that they cannot be reverse proxy'd.
Does anyone know if there is a way to prevent Sinatra from sending the 'Connection: close' header in its responses?
To be clear, I have a very simple
get '/path' do
puts "Some (~200 byte long) string"
end
But, after looking at the output in a network analyser, I see it's sending the Connection: close header right after the HTTP/1.1 200 OK, which I'd like to stop!
Ah ha! It seems Mongrel, the server my Sinatra app was running on, doesn't support Keep-Alive. so I just did:
set :server, 'thin'
after gem install thin and everything seems to be working better!
I don't speak Ruby at all, and the Sinatra site isn't terribly clear on what it is (is it a framework for Ruby?) so I might be completely off my rocker here, but:
Connection: close is sent by your Web server when keep alives are turned off. For scalability reasons, keep alives are generally considered to be step one on things to turn off in your server. To be fair, there's a school of thought both ways, particularly when Ajax is involved.
I use nginx for my Django work (I'm thinking it's similar), and I have keep-alives turned off in nginx like this:
14:58 jsmith#lateralus% grep alive /etc/nginx/nginx.conf ~
keepalive_timeout 0;
Apache uses KeepAlive (see here).
If Sinatra is its own Web server, I can't find any documentation to turn keep alives on, and I'll go ahead and eat the fact that I look like an idiot.