I'm trying to download the bits of a Cloud Foundry app using the Cloud Foundry API.
https://apidocs.cloudfoundry.org/236/apps/downloads_the_bits_for_an_app.html
When using a remote blobstore, such as AWS, the response is a redirect to the actual location of the bits. If the client is automatically following redirects, then the OAuth token that was used to communicate with Cloud Controller will be replayed on the new redirect request. Some blobstores may reject the request in that case. Clients may need to follow the redirect without including the OAuth token.
Here is my cURL command I'm attempting to use:
$ curl -L "https://api.my.host.net/v2/apps/my_app_guid/download" -X GET -H "Authorization: bearer myauthtoken"
curl: (7) Failed to connect to dal05.objectstorage.service.networklayer.com port 443: Operation timed out
I'm assuming my issue is that my Auth header bearer token is being sent on the redirect based on the quote from the Cloud Foundry API docs. How can I follow the redirect without the OAuth token? I'm using the default cURL command line utility on Mac OS X 10.11.
While #DanielStenberg's comment appears to be correct that the header wasn't my issue, I'll go ahead and provide an answer to my original question.
It appears the only way to follow the redirect without headers would be to NOT immediately follow the redirect, but print the response headers with the curl -D - command option. Once you get the 301/302 response from the original request, check the location header value that came in the response headers, then execute another curl to that location.
Related
I can interact with my open search docker container via curl -XGET https://localhost:9200 -u 'admin:admin' --insecure but no use when I want to automate requests to it... I need to be able to access it, even via HTTP is fine (not secure meaning not HTTPS).
command:
curl -XGET https://localhost:9200
error:
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
I did go into that link, not a solution, just an explanation that threw me into a rabbit hole I was able to get out just now.
The awful thing is that this happened to me before and I fixed it, but it was not on a docker container and I don't remember how I fixed it.
You can disable security in your Dockerfile then:
RUN echo "plugins.security.disabled: true" >> /usr/share/opensearch/config/opensearch.yml
Your OpenSearch will be accessible via http://localhost:9200 after. I do this to setup my data, and then load /usr/share/opensearch/data in an other container set up with security.
I am trying to use Keycloak behind an API gateway (Apache APISIX).
I use minikube to run Keycloak and my API gateway.
The gateway is working right and Keycloak too :
With Keycloak, I can use the different end-point (use the discovery end-point (http://127.0.0.1:7070/auth/realms/myrealm/.well-known/uma2-configuration), ask an access token and verify it).
With APISIX, and a simple route, I can join a backend microservice on my minikube.
(typically : http://127.0.0.1:80/greeting is served by the gateway which routes the request to the right backend microservice)
The problem occurs when I try to use the two tools together. I have used the Keycloak integration, in order to force the user to use a valid token when he is using a route served by the gateway.
In this case, when I use a valid bearer token (I get it and verify it with the end-point of keycloak), and I try to request the backend via the api gateway with the verified bearer token, I obtain systematically an "Invalid bearer token" exception.
{"error":"invalid_grant","error_description":"Invalid bearer token"}
I think the settings of the integration is well set because I am sure that te gateway call Keycloak to verify the token.
Here are the keycloak I have used to get and verify the token :
Get token : http://127.0.0.1:7070/auth/realms/myrealm/protocol/openid-connect/token
Verify : http://127.0.0.1:7070/auth/realms/myrealm/protocol/openid-connect/token/introspect
I have seen some posts about problem when Keycloak is behind a reverse proxy, but I don't find a clear solution to my case.
Thanks for any help you can bring to me.
Regards
CG
I think there are those ways you can do it.
First, I think you can check the log of Apache APISIX.
Second, you can check the log of Keycloak.
Third, you can use tcpdump or wireshark to capture the request that Apache APISIX sends to keycloak.And diff the request that sends by APISIX and curl.
Looking forward to your reply.
I have a gRPC API running in Google Cloud. I'm using Google's Extensible Service Proxy to connect it to a Google Endpoints Service. Then I enabled transcoding in the ESP so that a REST API is offered as well as a gRPC one. One thing that is important in my API is that each request is user-authenticated. In normal gRPC I'm having the user token sent with the metadata of each request along with the API key.
My question is how does this work with the transcoded REST API. How can I get the user token sent with each request?
I see that the API key which is processed by the ESP get's added to the request URL as a parameter, but what about my custom metadata, how does that get through?
I've figured it out. I just need to put the metadata in the request headers.
curl -H "authorization: Bearer token-goes-here" https:api.domain/path?key=api-key
I'm trying to make an http request with my web app but I see unauthorized response. If I use curl in command line I see a response: curl http://api_key:KEY#MyGrafana:3000/api/org. My problem is that when I try to access grafana using the same url in the browser I'm getting unauthorized. Any idea why is happening this?
I have setup serverend points they work for the web interface fine but the api endpoint for my for app do not even give a error and does not time out.
I have tried turn the app to production mode in the web interfaces no joy.
I look at the doc for server setup but can find any thing to help.
So I would think their is configure issue where should I look?
On localhost ever thing works.
On remote host where using 168.192.0.15:8530 only web interface works not my api form either curl or may app
Without further information I can only guess what the problem is, but I'll try:
The default --server.endpoint configuration value for an ArangoDB server is tcp://127.0.0.1:8529. That means you will be able to access it from the local machine but not from other hosts.
To make the server respond to HTTP requests originated from other hosts, you will need to use an endpoint that includes the server's IP address as used in your network, e.g. tcp://192.168.173.13:8529 and restart it with the adjusted configuration.
If that's not working either, can you trying calling the target URL from another server via curl and check the server's HTTP response code. This might reveal the source of the problem, too. Note that you should invoke curl with the option --dump - to see the HTTP response code. For example:
curl -X GET --dump - http://192.168.173.13:8529/your/app
If that is not producing any results (i.e. no response at all), you might have a firewall in between that blocks requests. Probably you need to allow access on the port ArangoDB uses (8529 by default and used in my example).
So I have learn the issue is the api endpoint url is not the same on localhost at their are from outside. Example:
curl -X GET --dump - http://localhost:8529/broad/broad/login
curl -X GET --dump - http://192.168.0.15:8530/_db/_system/broad/broad/login
https://docs.arangodb.com/cookbook/MakingFoxxAppAccessible.html
This lead me to my answer