I'm trying to open ws connection, but get the error:
val openConnection = exec( ws("Connect -> WS").wsName("user").connect("wss://socket.develop.test.com?access_token=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9"))
Then, I get:
09:49:53.343 [DEBUG] i.g.h.c.i.DefaultHttpClient - Installing SslHandler for wss://socket.develop.test.com?access_token=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9
09:49:53.381 [DEBUG] i.n.h.s.u.InsecureTrustManagerFactory - Accepting a server certificate: CN=Kubernetes Ingress Controller Fake Certificate, O=Acme Co
09:49:53.418 [DEBUG] i.n.h.c.h.w.WebSocketClientHandshaker13 - WebSocket version 13 client handshake key: YndmXwIGgZseWyRlmXBoyw==, expected response: H2YGNn6p+DyLyudnc1JCluHjj7E=
09:49:53.419 [DEBUG] i.g.h.c.i.WebSocketHandler - ctx.write msg=DefaultFullHttpRequest(decodeResult: success, version: HTTP/1.1, content: EmptyByteBufBE)
GET ?access_token=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9
HTTP/1.1
accept: */*
upgrade: websocket
connection: upgrade
sec-websocket-key: YndmXwIGgZseWyRlmXBoyw==
host: socket.develop.test.com
origin: https://socket.develop.test.com
sec-websocket-version: 13
09:49:53.423 [DEBUG] i.n.h.s.SslHandler - [id: 0xfa53644a, L:/192.168.150.134:54082 - R:socket.develop.test.com/78.47.16.48:443] HANDSHAKEN: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
09:49:53.450 [DEBUG] i.g.h.c.i.WebSocketHandler - Read msg=HttpObjectAggregator$AggregatedFullHttpResponse(decodeResult: success, version: HTTP/1.1, content: CompositeByteBuf(ridx: 0, widx: 163, cap: 163, components=1))
HTTP/1.1 400 Bad Request
Server: openresty/1.15.8.1
Date: Tue, 10 Mar 2020 06:49:53 GMT
Content-Type: text/html
Content-Length: 163
Connection: close
09:49:53.452 [DEBUG] i.g.h.c.i.WebSocketHandler - Crash
io.netty.handler.codec.http.websocketx.WebSocketHandshakeException: Invalid handshake response getStatus: 400 Bad Request
at io.netty.handler.codec.http.websocketx.WebSocketClientHandshaker13.verify(WebSocketClientHandshaker13.java:267)
In gatling.conf, I set also:
enableSni = false
useOpenSsl = false
enableHostnameVerification = false
If I try to open connection with any WS clients like SmartWebsocketClient - everything is ok, but by means of gatling I can't to open connection. Any ideas to fix it?
wss://domain?access_token... is not a valid URL. The path component must start with a / and not a ?. This means that the request is invalid which can explain the response of 400 Bad Request.
The URL must be at least wss://domain/?access_token... (i.e. a / before the ?) but maybe the rest of the URL is unexpected by the server too. Please check the actual requirements of the server.
This is a bug in Netty that doesn't properly compute WebSocket handshake request url when path is empty.
I've just contributed a patch: https://github.com/netty/netty/pull/10095.
Sibling issue in Gatling: https://github.com/gatling/gatling/issues/3876
Related
I have set up API Umbrella in my Ubuntu 20 cloud vm.
Try to access but got 502 Bad gateway like in here:
Obviously, the routing is a failure for some reason.
The output of /var/log/api-umbreall/nginx/current is the following:
2022-09-01T06:08:19.57992 starting nginx...
2022-09-01T06:08:27.48168 2022/09/01 06:08:27 [error] 319#0: *13 [lua] elasticsearch_setup.lua:106: create_aliases(): failed to create elasticsearch index: Unsuccessful response: {"error":{"root_cause":[{"type":"index_already_exists_exception","reason":"already exists","index":"api-umbrella-logs-v1-2022-09"}],"type":"index_already_exists_exception","reason":"already exists","index":"api-umbrella-logs-v1-2022-09"},"status":400}, context: ngx.timer
2022-09-01T06:21:45.17055 2022/09/01 06:21:45 [warn] 318#0: *39756 using uninitialized "x_api_umbrella_request_id" variable while logging request, client: 192.241.213.X, server: mydomain.city, request: "GET / HTTP/1.1", host: "150.230.240.y:443"
2022-09-01T06:32:42.70713 2022/09/01 06:32:42 [error] 318#0: *72162 connect() failed (111: Connection refused) while connecting to upstream, client: 185.14.196.Z, server: mydomain.city, request: "GET / HTTP/1.1", upstream: "http://127.0.0.1:14009/", host: "mydomain.city"
I'm running a Kubernetes cluster with 2 API services inside Upon makin a API call to to my web-API located in the cluster I want the call to be forwarded to my backend-API.
This is not happening!
Now I looked into the the Ingress config of the backend-API and found its "Out side address" so to say and tried using that when forwarding API calls from the web-API upon which I received this message (This was a https address.
THE API CALL RESPONSE WAS: StatusCode: 404, ReasonPhrase: 'Not Found', Version: 1.0, Content: System.Net.Http.HttpConnectionResponseContent, Headers:
{
Server: squid/3.1.23
Mime-Version: 1.0
Date: Fri, 22 Oct 2021 23:00:54 GMT
X-Squid-Error: ERR_DNS_FAIL 0
Content-Type: text/html
Content-Length: 3525
}
Then I did some reading and got convinced I should send the internal API call to the backend using its internal IP. So executed in to the container running the backend service and viewed the resolv.config file and here I found 2 things one was a name: which was followed by a IP address and the other was Search: which was followed by 3 very long names.
So I used the IP address that came after name and upon sending a API call to it I got the following response:
http://10.233.0.3/uploadBlob
THE API CALL RESPONSE WAS: StatusCode: 403, ReasonPhrase: 'Forbidden', Version: 1.0, Content: System.Net.Http.HttpConnectionResponseContent, Headers:
{
Server: squid/3.1.23
Mime-Version: 1.0
Date: Sun, 24 Oct 2021 15:59:51 GMT
X-Squid-Error: ERR_ACCESS_DENIED 0
X-Cache: MISS from **************
X-Cache-Lookup: NONE from **************:8080
Via: 1.0 ************* (squid/3.1.23)
Connection: keep-alive
Content-Type: text/html
Content-Length: 3458
}
http://10.233.0.3/uploadBlob
OBS - I had to remove the addresses for security reasons as I am not the owner of it.
Now I'm all out of ideas as to how I can make this internal call between these two services and i would appreciate any help I could get.
I have a simple app where the client is sending a request to join a websocket channel upon page load via a wss connection. I have deployed my app to heroku at domain my_app.heroku.com. Whenever I open my site, I get the error Error in connection establishment: net::ERR_SSL_PROTOCOL_ERROR. I understand that this is an SSL issue, and also that to use Heroku's SSL, you must be on a hobbyist account. So, I upgraded the app to hobbyist (one day ago), but it has not fixed the problem.
I have googled the issue, and from what I see it appears that additional setup beyond upgrading to Heroku Hobby should only be required if using a custom domain-name, which I am not. How can I get the SSL working on my my_app.heroku.com domain with the Hobby dyno?
EDIT: If I run curl -vI <my_app>.heroku_app.com I get the following:
curl -vI https://<my_app>.herokuapp.com
* Rebuilt URL to: https://<my_app>.herokuapp.com/
* Trying __.___.___.___...
* Connected to <my_app>.herokuapp.com (__.___.___.___) port 443
(#0)
* found 148 certificates in /etc/ssl/certs/ca-certificates.crt
* found 592 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256
* server certificate verification OK
* server certificate status verification SKIPPED
* common name: *.herokuapp.com (matched)
* server certificate expiration date OK
* server certificate activation date OK
* certificate public key: RSA
* certificate version: #3
* subject: C=US,ST=California,L=San Francisco,O=Heroku\, Inc.,CN=*.herokuapp.com
* start date: Wed, 19 Apr 2017 00:00:00 GMT
* expire date: Mon, 22 Jun 2020 12:00:00 GMT
* issuer: C=US,O=DigiCert Inc,OU=www.digicert.com,CN=DigiCert SHA2
High Assurance Server CA
* compression: NULL
* ALPN, server did not agree to a protocol
> HEAD / HTTP/1.1
> Host: <my_app>.herokuapp.com
> User-Agent: curl/7.47.0
> Accept: */*
>
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< Server: Cowboy
Server: Cowboy
< Connection: keep-alive
Connection: keep-alive
< Content-Type: text/html; charset=utf-8
Content-Type: text/html; charset=utf-8
< Content-Length: 1154
Content-Length: 1154
< Date: Thu, 22 Nov 2018 08:39:51 GMT
Date: Thu, 22 Nov 2018 08:39:51 GMT
< Via: 1.1 vegur
Via: 1.1 vegur
I found the answer after finally finding this question. I thought all along the issue was due to setting up SSL certificates on Heroku, however it was due to my client side code. Per the tutorial I was following, the WS connection was "wss://my_app.herokuapp.com:80/subscribe". Removing the port number was the fix.
I am using selenium2 (selenium-java:3.0.1) and phantomjs-2.1.1-linux-x86_64. What I am trying to do is getting to a page that needs SSO. When using browser to access the website, it will popup a login dialog to input username and password.
When using wget to get the URL. it stopped at the auth part.
test#ubu-test:wget https://www.example.com/details
--2016-11-15 05:18:02-- https://www.example.com/details
Resolving www.example.com (www.example.com)... 10.20.30.40
Connecting to www.example.com (www.example.com)|10.20.30.40|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: /detaisl [following]
--2016-11-15 05:18:02-- https://www.example.com/login
Reusing existing connection to www.example.com:443.
HTTP request sent, awaiting response... 302 Found
Location: https://sso.example.com/idp/SSO.saml2?SAMLRequest=...something not related... [following]
--2016-11-15 05:18:02-- https://sso.example.com/idp/SSO.saml2?SAMLRequest=...something not related...
Resolving sso.example.com (sso.example.com)... 11.22.33.44
Connecting to sso.example.com (sso.example.com)|11.22.33.44|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://sso.example.com/idp/95wM4/resumeSAML20/idp/SSO.ping [following]
--2016-11-15 05:18:02-- https://sso.example.com/idp/95wM4/resumeSAML20/idp/SSO.ping
Reusing existing connection to sso.example.com:443.
HTTP request sent, awaiting response... 401 Unauthorized
Username/Password Authentication Failed.
When using selenium2 (selenium-java:3.0.1) and phantomjs-2.1.1-linux-x86_64 with the following code
WebDriver webdriver = new PhantomJSDriver();
webdriver.get("https://www.example.com/details");
System.out.println(webdriver.getCurrentUrl());
System.out.println(webdriver.getTitle());
System.out.println(webdriver.getPageSource());
The output is:
Nov 15, 2016 5:36:07 AM org.openqa.selenium.phantomjs.PhantomJSDriverService <init>
INFO: executable: ./phantomjs-2.1.1-linux-x86_64/bin/phantomjs
Nov 15, 2016 5:36:07 AM org.openqa.selenium.phantomjs.PhantomJSDriverService <init>
INFO: port: 27571
Nov 15, 2016 5:36:07 AM org.openqa.selenium.phantomjs.PhantomJSDriverService <init>
INFO: arguments: [--webdriver=27571, --webdriver-logfile=./phantomjsdriver.log]
Nov 15, 2016 5:36:07 AM org.openqa.selenium.phantomjs.PhantomJSDriverService <init>
INFO: environment: {}
[INFO - 2016-11-15T13:36:07.904Z] GhostDriver - Main - running on port 27571
[INFO - 2016-11-15T13:36:08.113Z] Session [76cd8ec0-ab38-11e6-bceb-256426a0974e] - page.settings - {"XSSAuditingEnabled":false,"javascriptCanCloseWindows":true,"javascriptCanOpenWindows":true,"javascriptEnabled":true,"loadImages":true,"localToRemoteUrlAccessEnabled":false,"userAgent":"Mozilla/5.0 (Unknown; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) PhantomJS/2.1.1 Safari/538.1","webSecurityEnabled":true}
[INFO - 2016-11-15T13:36:08.113Z] Session [76cd8ec0-ab38-11e6-bceb-256426a0974e] - page.customHeaders: - {}
[INFO - 2016-11-15T13:36:08.113Z] Session [76cd8ec0-ab38-11e6-bceb-256426a0974e] - Session.negotiatedCapabilities - {"browserName":"phantomjs","version":"2.1.1","driverName":"ghostdriver","driverVersion":"1.2.0","platform":"linux-unknown-64bit","javascriptEnabled":true,"takesScreenshot":true,"handlesAlerts":false,"databaseEnabled":false,"locationContextEnabled":false,"applicationCacheEnabled":false,"browserConnectionEnabled":false,"cssSelectorsEnabled":true,"webStorageEnabled":false,"rotatable":false,"acceptSslCerts":false,"nativeEvents":true,"proxy":{"proxyType":"direct"}}
[INFO - 2016-11-15T13:36:08.115Z] SessionManagerReqHand - _postNewSessionCommand - New Session Created: 76cd8ec0-ab38-11e6-bceb-256426a0974e
about:blank
<html><head></head><body></body></html>
So it happens like it just opens an about:blank page and nothing more. Is there a way to input user name and password into popup dialog, and continue the access?
Use this code for handling such type of errors, most of the time we get SSL handshake errors,i will suggest you to use the following code to handle such type of errors.
DesiredCapabilities caps = new DesiredCapabilities();
caps.setJavascriptEnabled(true);
caps.setCapability("takesScreenshot", true);
caps.setCapability(PhantomJSDriverService.PHANTOMJS_EXECUTABLE_PATH_PROPERTY,**Path**//phantomjs.exe" );
//For Handling SSL errors
caps.setCapability(PhantomJSDriverService.PHANTOMJS_CLI_ARGS, new String[]{"--ignore-ssl-errors=true"});
//To Disable Logs
caps.setCapability(PhantomJSDriverService.PHANTOMJS_CLI_ARGS, new String[]{"--webdriver-loglevel=NONE"});
driver = new PhantomJSDriver(caps);
If you are using WebDriverWait , i will suggest you to disable log from PhantomJS.
Our server access internet through a proxy. When I try to run a pull command such as
sudo docker run -t -i ubuntu:14.04 /bin/bash
I get the below error:
Get https://index.docker.io/v1/repositories/ubuntu/images: tls: failed to parse
certificate from server: x509: negative serial number
The wget command wget -S -d -O - https://get.docker.io yields the below output:
Setting --output-document (outputdocument) to - DEBUG output created
by Wget 1.13.4 on linux-gnu.
URI encoding = UTF-8' URI encoding =UTF-8'
--2014-08-27 17:13:46-- https://get.docker.io/ Connecting to :... connected. Created socket 3. Releasing
0x00000000016829f0 (new refcount 0). Deleting unused
0x00000000016829f0.
---request begin--- CONNECT get.docker.io:443 HTTP/1.1 User-Agent: Wget/1.13.4 (linux-gnu) Proxy-Authorization: Basic
Y3RzXDMxMzMwMDpzd2VldGZlbC4yOQ==
---request end--- proxy responded with: [HTTP/1.1 200 Connection established Date: Wed, 27 Aug 2014 11:49:52 GMT Age: 0 Via: 1.0
xaahshshhds
] Initiating SSL handshake. Handshake successful; connected socket 3
to SSL handle 0x00000000016831c0 certificate: subject:
/emailAddress=aaa#bbbb.com/C=yy/ST=aa/L=xx/O=yy/OU=mycompany/CN=get.docker.io
issuer:
/emailAddress=aaa#bbbb.com/C=yy/ST=aa/L=xx/O=yy/OU=mycompany/CN=mycompany
ERROR: cannot verify get.docker.io's certificate, issued by
/emailAddress=aaa#bbbb.com/C=yy/ST=aa/L=xx/O=yy/OU=mycompany/CN=mycompany':
Unable to locally verify the issuer's authority. To connect to
get.docker.io insecurely, use--no-check-certificate'. Closed 3/SSL
0x00000000016831c0
Please give me some directions on how I should go about this issue.
EDIT:
I ve now disabled the proxy for this IP segment but I still get the same error.
The command: wget -S -d -O - https://get.docker.io gets the below output now:
Setting --output-document (outputdocument) to -
DEBUG output created by Wget 1.13.4 on linux-gnu.
URI encoding = `UTF-8'
--2014-09-04 11:26:12-- https://get.docker.io/
Resolving get.docker.io (get.docker.io)... 162.242.195.77
Caching get.docker.io => 162.242.195.77
Connecting to get.docker.io (get.docker.io)|162.242.195.77|:443... connected.
Created socket 3.
Releasing 0x00000000022d8fd0 (new refcount 1).
Initiating SSL handshake.
Handshake successful; connected socket 3 to SSL handle 0x00000000022dabd0
certificate:
subject: /serialNumber=exkd9EjUozUulWIyUDurQPMEPBLSc2Bq/OU=GT98568428/OU=See www.rapidssl.com/resources/cps (c)13/OU=Domain Control Validated - RapidSSL(R)/CN=*.docker.io
issuer: /C=US/O=GeoTrust, Inc./CN=RapidSSL CA
X509 certificate successfully verified and matches host get.docker.io
---request begin---
GET / HTTP/1.1
User-Agent: Wget/1.13.4 (linux-gnu)
Accept: */*
Host: get.docker.io
Connection: Keep-Alive
---request end---
HTTP request sent, awaiting response...
---response begin---
HTTP/1.1 503 Service Unavailable
Server: nginx/1.7.1
Date: Thu, 04 Sep 2014 06:03:28 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache
---response end---
HTTP/1.1 503 Service Unavailable
Server: nginx/1.7.1
Date: Thu, 04 Sep 2014 06:03:28 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache
Registered socket 3 for persistent reuse.
Skipping 108 bytes of body: [<html><body><h1>503 Service Unavailable</h1>
No server is available to handle this request.
</body></html>
] done.
2014-09-04 11:26:13 ERROR 503: Service Unavailable.
subject: /emailAddress=aaa#bbbb.com/C=yy/ST=aa/L=xx/O=yy/OU=mycompany/CN=get.docker.io
issuer: /emailAddress=aaa#bbbb.com/C=yy/ST=aa/L=xx/O=yy/OU=mycompany/CN=mycompany
It looks like the proxy in your company uses SSL interception to inspect SSL traffic, which means that you get a certificate signed by the proxy CA of your company instead of the original certificate. It also looks like that this proxy CA is not trusted by your system and thus the verification fails.
I would recommend that you contact your firewall administrator on how to deal with the problem. Either they will add an exception for the SSL inspection, or they will tell you which certificate you need to import as trusted in your system.
This should be fixed for any Docker compiled with Go 1.6+, see: https://github.com/golang/go/commit/a0ea93dea5f5741addc8c96b7ed037d0e359e33f.