HTTP2_Plain in node-http2 module is not working? - http2

I want to create a http2 server using node-http2 module without TLS. My code is as follows:
http2 = require('http2');
const bunyan = require('bunyan');
var log = bunyan.createLogger({name: "HTTP2 server without TLS!"});
var options = {
log: log
}
var server = http2.raw.createServer(options, function(request, response) {
console.log("Receiving HTTP2 request!");
// response.writeHead(200);
response.end('Hello world from HTTP2!');
});
server.listen(8000);
However, it does not work. When connecting to this server from chrome, it shows downloading something. When I closed the server, the downloading is finished with blank file (26 bytes).
Does anyone know what is wrong here? Do I need to configure the browser? Thanks in advance!


Chrome and all other browsers only support HTTP/2 over TLS (h2) and not plain HTTP/2 (h2c). So your browser does not understand what is returned from the server and apparently node-http2 does not send a proper error response when it receives a non-http2 request.


The problem seems not just from the browser. Using [curl] curllink that supports http2 over an http:// URL does not working either. Following is the output from the curl:
$ curl -I --http2 http://54.208.83.136:8000/ -v -k
* Trying 54.208.83.136...
* Connected to 54.208.83.136 (54.208.83.136) port 8000 (#0)
> HEAD / HTTP/1.1
> Host: 54.208.83.136:8000
> User-Agent: curl/7.47.1
> Accept: */*
> Connection: Upgrade, HTTP2-Settings
> Upgrade: h2c
> HTTP2-Settings: AAMAAABkAAQAAP__
>
As we see from the curl output. It sends http/1.1 Upgrade request with proper headers set as it supposed to do according to the [http2 rfc] rfclink.
On the server side, the logs were very long, so I present here only the content of msg in the relevant three logs.
New incoming HTTP/2 connection
Client connection header prelude does not match
PROTOCOL ERROR, Fatal error, closing connection
So basically the server closed the connection because the client connection header prelude does not match. By checking the code, I figured out the error was originated from the readPrelude function of [endpoint.js] endpointlink. It is a function to read the client header, but I don't know what is wrong in the client header :(.
Thus maybe I can say the node-http2 module does not support http2 over plaintext.
Update: it turns out that I was wrong. The node-http2 module do support http2 over plaintext with direct connecting, it does not support HTTP/2 server with Upgrade from HTTP/1.1. The problem resulted from the client side using Upgrade mechanism to connect to the server not supporting Upgrade. Using nghttp client to connect sever with prior knowledge works as follows.
$ nghttp http://127.0.0.1:8000/
Hello world from HTTP2!
nghttpd server also supports HTTP2 without TLS, even though it does not support HTTP Upgrade.
$ nghttpd -d /Documents/Proxy 8080 --no-tls -v
So I highly suggest to use nghttp when you want to test HTTP2 without TLS.

Related

Some problems on QUIC-GO example server

The situation is, I wanna establish a QUIC connection based on quic-go from local to ECS server. The related tests using localhost are done both on local and remote device. That is:
#local: .$QUIC-GO-PATH/example/client/main -insecure -keylog ssl.log -qlog trial.log -v https://127.0.0.1:6121/demo/tile
#local: .$QUIC-GO-PATH/example/main -qlog -tcp -v
These tests are completed.
Now is the problem,when I start local-remote connection an error occurred:
#remote: .$QUIC-GO-PATH/example/main -qlog -tcp -v
#local: .$QUIC-GO-PATH/example/client/main -insecure -keylog ssl.log -qlog trial.log -v https://$REMOTE_IPADDR:6121/demo/tile
timeout: no recent network activity
When I go through a wireshark examination, it seems like the CRYPTO handshake never finishes:
Wireshark
Also client Qlog file atteched here:
Qlog file
Codes are all the same with https://github.com/lucas-clemente/quic-go
Help!

This problem has been solved.
Code $QUIC-GO-PATH/example/main.go has binded the port as a default onto 127.0.0.1:6121, which led to the problem that the server cannot get reached by client outside, just get this on server running:
-bind 0.0.0.0:6121

wget on Debian Server gets 302 Found while wget on Manjaro gets 200 OK

I'm using wget to retrieve the Instagram JSON from the URL https://www.instagram.com/instagram/?__a=1.
Running wget from my local Manjaro setup returns a 200 OK and the proper JSON response, but running it from a Debian server retrieves a 302 found.
At first I thought it could be because of the wget version differences, but running curl locally also works while wget doesn't work properly.
Is there anything that I should be setting up on my server to get a proper response? My guess is that the HTTPS connection is refusing my server from connecting properly.

So, this is a weird quirk of the Instagram servers. Nothing you can do about it.
The problem is that Instagram responds differently depending on whether you connect to their server over IPv4 or IPv6. Why they would do that is beyond me, but I can reliably reproduce the result by controlling for only this variable.
IPv4:
$ wget -O/dev/null -4 "https://www.instagram.com/instagram/?__a=1"
--2020-09-03 14:22:15-- https://www.instagram.com/instagram/?__a=1
Resolving www.instagram.com (www.instagram.com)... 157.240.27.174
Connecting to www.instagram.com (www.instagram.com)|157.240.27.174|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 118552 (116K) [application/json]
Saving to: ‘/dev/null’
100%[================================================================================================================================>] 118,552 306KB/s in 0.4s
2020-09-03 14:22:17 (306 KB/s) - ‘/dev/null’ saved [118552/118552]
IPv6:
$ wget -O/dev/null -6 "https://www.instagram.com/instagram/?__a=1"
--2020-09-03 14:22:54-- https://www.instagram.com/instagram/?__a=1
Resolving www.instagram.com (www.instagram.com)... 2a03:2880:f23f:e5:face:b00c:0:4420
Connecting to www.instagram.com (www.instagram.com)|2a03:2880:f23f:e5:face:b00c:0:4420|:443... connected.
HTTP request sent, awaiting response... 302 Found
Cookie coming from www.instagram.com attempted to set domain to www.instagram.com
Cookie coming from www.instagram.com attempted to set domain to www.instagram.com
Location: https://www.instagram.com/accounts/login/?next=/instagram/%3F__a%3D1 [following]
--2020-09-03 14:22:54-- https://www.instagram.com/accounts/login/?next=/instagram/%3F__a%3D1
Reusing existing connection to [www.instagram.com]:443.
HTTP request sent, awaiting response... 200 OK
Cookie coming from www.instagram.com attempted to set domain to www.instagram.com
Cookie coming from www.instagram.com attempted to set domain to www.instagram.com
Length: 48094 (47K) [text/html]
Saving to: ‘/dev/null’
100%[================================================================================================================================>] 48,094 --.-K/s in 0.04s
2020-09-03 14:22:54 (1.28 MB/s) - ‘/dev/null’ saved [48094/48094]
This is the same thing you see in your debug logs. On Manjaro, it makes a IPv4 connection, while on Debian it makes a IPv6 connection leading to the differences.
Welcome to the world of crazy webservers :)
In any case, the answer to your question then is to use only a IPv4 connection

flutter http post fails connection blocked from android emulator on windows 10

my Flutter code looks like :
var url = "http://localhost:49912/api/Account/Register";
http
.post(url,
headers: {"Content-Type": "application/json"},
body: js)
.then((response) {
print("Response status: ${response.statusCode}");
print("Response body: ${response.body}");
});
the http response is:
[ERROR:flutter/lib/ui/ui_dart_state.cc(148)] Unhandled Exception: SocketException: OS Error: Connection refused, errno = 111, address = localhost, port = 37316
now I know that my server code works outside of the emulator and do some digging and try using Chrome from the emulator and try navigating to 127.0.0.1 and get same error. after some digging I find I should be using 10.0.2.2 ( Special alias to your host loopback interface (i.e., 127.0.0.1 on your development machine)
so I type 10.0.2.2 into emulator chrome and see my IISexpress server. so feeling good but then I change my uri to 10.0.2.2:49912
as my app is listening on port 49912 and get 400 Bad Request - Invalid Hostname
painful

finally figured it out as tried calling my service using 127.0.0.1 from Postman and got the same bad request. turnsout IIS Express is listening on localhost so needs to be convinced to listen on 127.0.0.1 by editing the
applicationhost.config file in the .vs folder in your solution. add the following line <binding protocol="http" bindingInformation="*:49912:127.0.0.1" />

The most possible resolution for the error maybe
Try http://192.168.43.84:49912/api/Account/Register
Instead of http://localhost:49912/api/Account/Register
localhost must be replaced with your system ip address
for getting system ip simply go to cmd and type ipconfig

Puppet Jruby NetHttp get request seems to have bad ciphers

We wrote a puppet function which needs to do a http get request over tls to a server. The http request is done directly from the puppet master. The remote server needs apparently more recents ciphers than provided by our function (we use the ruby Net/Http library). Consequently, the remote server immedialty close the connection (Client Hello, [ACK], [FIN, ACK] )
def http_client
uri = URI("https://#{#config['server']}")
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE unless #config['vmssc_tls_verify']
http
end
We tried to CuRL the same API from the puppet master, with success, it appears the openssl version used by CuRL is different than the one used by puppet.
The difference we found was that in curl we had like 32 ciphers in SHA256 but with the Net/Http library used by puppet we only had 11 ciphers in SHA1.
Puppet server is running with jruby, so we tried to add java cryptography extension in openJDK but without success.
We also observe that the ciphers listed in the /etc/puppetlabs/puppetserver/conf.d/puppetserver.conf file are not honored (hence we got the list of the ciphers used by the client in our tcpdump) :
# settings related to HTTP client requests made by Puppet Server
http-client: {
# A list of acceptable protocols for making HTTP requests
ssl-protocols: [
TLSv1.2,
]
# A list of acceptable cipher suites for making HTTP requests
cipher-suites: [
TLS_RSA_WITH_AES_256_CBC_SHA256,
TLS_RSA_WITH_AES_256_CBC_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA256,
TLS_RSA_WITH_AES_128_CBC_SHA,
]
We tried to upgrade the version of openJDK to an oracle JDK but without success.
We're running on a puppetserver version 2.7.0 with Jruby and openJDK 8 with a TLS_Version 1.2.
Also when the puppetserver is started in native ruby everything works fine, we've got the goods ciphers. We don't want to stay with that configuration for the performance issue.

H2O Import files via REST API from local server fails

I am trying to use h2o REST API to import CSV files that I have on my local server.
Command:
curl -v -X GET
'http://127.0.0.1:54321/3/ImportFiles?path=http://127.0.0.1:8083/datasets/tables/csv/RDsTWgcvAjHeWJFnbhCKTCE5rn6aLCjJ.csv'
Result in following log:
Trying 127.0.0.1... Connected to 127.0.0.1 (127.0.0.1) port 54321 (#0)
GET
/3/ImportFiles?path=http://127.0.0.1:8083/datasets/tables/csv/RDsTWgcvAjHeWJFnbhCKTCE5rn6aLCjJ.csv HTTP/1.1 Host: 127.0.0.1:54321 User-Agent: curl/7.47.0 Accept: /
HTTP/1.1 200 OK X-h2o-build-project-version: 3.16.0.2
X-h2o-rest-api-version-max: 3 X-h2o-cluster-id: 1512722051559
X-h2o-cluster-good: true X-h2o-context-path: / Content-Type:
application/json Content-Length: 349 Server: Jetty(8.y.z-SNAPSHOT)
Connection #0 to host 127.0.0.1 left intact
{"__meta":{"schema_version":3,"schema_name":"ImportFilesV3","schema_type":"ImportFiles"},"_exclude_fields":"","path":"http://127.0.0.1:8083/datasets/tables/csv/RDsTWgcvAjHeWJFnbhCKTCE5rn6aLCjJ.csv","pattern":null,"files":[],"destination_frames":[],"fails":["http://127.0.0.1:8083/datasets/tables/csv/RDsTWgcvAjHeWJFnbhCKTCE5rn6aLCjJ.csv"],"dels":[]}
H2O log on TRACE level shows only:
12-08 15:41:59.951 10.8.128.101:54321 36013 #4756-331 INFO: GET
/3/ImportFiles, parms:
{path=http://127.0.0.1:8083/datasets/tables/csv/RDsTWgcvAjHeWJFnbhCKTCE5rn6aLCjJ.csv}
Is there any way to debug while importing fails? h2o does not asking local server at all.
Commands from other servers work well:
curl -v -X GET "http://127.0.0.1:54321/3/ImportFiles?path=http://s3.amazonaws.com/h2o-public-test-data/smalldata/flow_examples/arrhythmia.csv.gz"
curl -v -X GET "https://raw.github.com/h2oai/h2o/master/smalldata/logreg/prostate.csv"

In general, trying to interact directly with the H2O REST API isn't easy. The vast majority of people use a pre-made API client like Python or R.
But if you really want to do this, I would debug it by comparing with something that's working. Like the R client for H2O.
Write an R program that does this:
h2o.init()
h2o.startLogging()
h2o.importFile("/path/to/data.csv")
The startLogging() call will produce a detailed log file with all the REST API requests and responses. Look at that and try to mimic it.
You can also refer to the autogenerated REST API documentation (http://docs.h2o.ai/h2o/latest-stable/h2o-docs/rest-api-reference.html), but I would caution that if you tried to write a working client just based on the docs it would be hard.
Looking at a logged conversation from an already working client is by far your best bet.

library(h2o)
h2o.init()
h2o.startLogging()
h2o.importFile("http://localhost:8082/datasets/tables/csv/vPrzC5TOQr6JTvnAYrU5AKyz8SP4ao8p.csv")
Time: 2017-12-11 11:55:09.237
GET http://localhost:54321/3/Cloud?skip_ticks=true postBody:
curlError: FALSE curlErrorMessage: httpStatusCode: 200
httpStatusMessage: OK millis: 7
{"__meta":{"schema_version":3,"schema_name":"CloudV3","schema_type":"Iced"},"_exclude_fields":"","skip_ticks":true,"version":"3.16.0.2","branch_name":"rel-wheeler","build_number":"2","build_age":"10 days","build_too_old":false,"node_idx":0,"cloud_name":"H2O_started_from_R_vasiliy_gey658","cloud_size":1,"cloud_uptime_millis":306486,"cloud_healthy":true,"bad_nodes":0,"consensus":true,"locked":true,"is_client":false,"nodes":[{"__meta":{"schema_version":3,"schema_name":"NodeV3","schema_type":"Iced"},"h2o":"localhost/127.0.0.1:54321","ip_port":"127.0.0.1:54321","healthy":true,"last_ping":1512982506643,"pid":97891,"num_cpus":4,"cpus_allowed":4,"nthreads":4,"sys_load":2.0917969,"my_cpu_pct":-1,"sys_cpu_pct":-1,"mem_value_size":17408,"pojo_mem":12224512,"free_mem":1896688640,"max_mem":1908930560,"swap_mem":0,"num_keys":56,"free_disk":0,"max_disk":0,"rpcs_active":0,"fjthrds":[-1,1,1,1,1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,1,-1,1,0,0,0,0,0,0,0],"fjqueue":[-1,0,0,0,0,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,0,-1,0,0,0,0,0,0,0,0],"tcps_active":0,"open_fds":-1,"gflops":4.598999977111816,"mem_bw":6.423728128E9}],"internal_security_enabled":false}
Time: 2017-12-11 11:55:09.251
GET
http://localhost:54321/3/ImportFiles?path=http%3A%2F%2Flocalhost%3A8082%2Fdatasets%2Ftables%2Fcsv%2FvPrzC5TOQr6JTvnAYrU5AKyz8SP4ao8p.csv&pattern=
postBody:
curlError: FALSE curlErrorMessage: httpStatusCode: 200
httpStatusMessage: OK millis: 6
{"__meta":{"schema_version":3,"schema_name":"ImportFilesV3","schema_type":"ImportFiles"},"_exclude_fields":"","path":"http://localhost:8082/datasets/tables/csv/vPrzC5TOQr6JTvnAYrU5AKyz8SP4ao8p.csv","pattern":"","files":[],"destination_frames":[],"fails":["http://localhost:8082/datasets/tables/csv/vPrzC5TOQr6JTvnAYrU5AKyz8SP4ao8p.csv"],"dels":[]}

This is my import information.

Resources