I'm trying to send a lot of post-requests to the localhost:80 (nginx-server).
The headers I'm sending are:
POST /LINK HTTP/1.1
User-Agent: User agent
Host: localhost
Accept: */*
Connection: Keep-Alive
Content-Type: application/octet-stream
Content-Length: 16
DATA 16 BYTES
The pseudocode is:
TCPSocket sock('localhost', 80);
for(;;) {
sock.sendPost();
}
sock.close();
But server returns first time:
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 16 Apr 2012 14:54:26 GMT
Content-Type: application/json
Content-Length: 92
Connection: close
ANSWER 92 BYTES
So server doesn't work with all another post-request from cycle.
Why does not Connection: Keep-Alive work and server returns Connection: close?
Set keepalive_timeout and keepalive_requests to proper values.
Related
I am using traefik in kubernetes and I have a service deployed that is returning 103 Early Hint. I can confirm that it is working by directly querying the service, e.g.
curl -D - http://contra-web-app
HTTP/1.1 103 Early Hints
Link: <https://builds.contra.com>; rel="preconnect"; crossorigin
Link: <https://fonts.googleapis.com/css2?family=Inter:wght#400;500;600;700;900&display=swap>; rel="preload"; as="font"
Link: <https://builds.contra.com/3f509d0cc/assets/entry-client-routing.4f895d55.js>; rel="modulepreload"; as="script"; crossorigin
Link: <https://www.googletagmanager.com/gtag/js?id=G-96H5NXQ2PR>; rel="preload"; as="script"
HTTP/1.1 200 OK
cache-control: no-store
referrer-policy: strict-origin-when-cross-origin
x-frame-options: sameorigin
content-type: text/html
content-length: 9062
Date: Tue, 26 Jul 2022 20:34:19 GMT
Connection: keep-alive
Keep-Alive: timeout=72
However, requesting the same service through Traefik just returns 200 response:
curl -H 'host: contra.com' -D - http://contra-traefik.traefik/gajus
HTTP/1.1 200 OK
Cache-Control: no-store
Content-Length: 11441
Content-Type: text/html
Date: Tue, 26 Jul 2022 19:51:48 GMT
Referrer-Policy: strict-origin-when-cross-origin
Set-Cookie: contra_web_app_service=394e7e912ad85b66; Path=/; Secure
Vary: Accept-Encoding
X-Frame-Options: sameorigi
At this point, I am unable to establish whether I am missing a configuration or if Traefik does not support it.
Background:
I have set up an IPFS server behind an HAProxy server.
I have written a Flutter client to connect to this IPFS server through the proxy and add a file.
Problem:
Everything works as expected when I run the Flutter client as a desktop app (on Macos), but I get a 403 error when I run the Flutter client as a web app.
Details:
The headers for the successful call (captured via tcpdump) are as follows:
REQUEST:
POST /api/v0/add HTTP/1.1
Host: po.segito.net
User-Agent: Dart/2.11 (dart:io)
Accept-Encoding: gzip
Content-Type: multipart/form-data; boundary=dart-http-boundary-fmjPP-TIwnDcY7pJGniid4grt9mdDADtazmb7Pm8sP_PRJkV1oY
Content-Length: 39611
--dart-http-boundary-fmjPP-TIwnDcY7pJGniid4grt9mdDADtazmb7Pm8sP_PRJkV1oY
content-type: application/octet-stream
content-disposition: form-data; name="asset"
RESPONSE:
HTTP/1.1 200 OK
Access-Control-Allow-Headers: X-Stream-Output, X-Chunked-Output, X-Content-Length
Access-Control-Expose-Headers: X-Stream-Output, X-Chunked-Output, X-Content-Length
Content-Type: application/json
Server: go-ipfs/0.6.0
Trailer: X-Stream-Error
Vary: Origin
X-Chunked-Output: 1
Date: Sat, 07 Nov 2020 09:48:28 GMT
Transfer-Encoding: chunked
The headers for the unsuccessful call is as follows:
REQUEST:
POST /api/v0/add HTTP/1.1
Host: po.segito.net
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:82.0) Gecko/20100101 Firefox/82.0
Accept-Encoding: gzip, deflate, br
Content-Type: multipart/form-data; boundary=dart-http-boundary-HvcRoK0lGd4+oahuNaOejbIBd-cID5+0n3GFvwwOY4ZqfitRP1s
Content-Length: 39611
--dart-http-boundary-HvcRoK0lGd4+oahuNaOejbIBd-cID5+0n3GFvwwOY4ZqfitRP1s
content-type: application/octet-stream
content-disposition: form-data; name="asset"
RESPONSE:
HTTP/1.1 403 Forbidden
Content-Type: text/plain; charset=utf-8
Vary: Origin
X-Content-Type-Options: nosniff
Date: Sat, 07 Nov 2020 09:38:55 GMT
Content-Length: 16
403 - Forbidden
Notes:
There is no CORS issue because all files and REST calls (including
the Flutter HTML files) are all served via the same HAProxy server.
The HAProxy is an SSL terminator.
A CURL request works as expected.
All other REST calls through the HAProxy works as expected.
At the moment, we are trying to get CI working in our labs..
we have just followed the instructions on the concourse website.
We are able to login properly and have setup ~/.flyrc as recomended ion the concourse-ci.org and concoursetutorial.com websites.
We have noticed that most commands are returning with a 401 Unauthorized error.
We have gone ahead setup the audit logs https://concourse-ci.org/concourse-web.html#audit-logs
But it isn't clear where this writes to, help?
It is difficult at the moment to properly trace this. BTW this is our first exposure to concourse.
We would like to know why? and what we can do resolve this (to cross this huddle).
fly -t rdb-ci set-team --team-name a-team --local-user admin --github-org organization --verbose --print-table-headers --non-interactive
2019/07/10 22:02:37 GET /api/v1/info HTTP/1.1
Host: ci.example.org
User-Agent: Go-http-client/1.1
Accept-Encoding: gzip
2019/07/10 22:02:37 HTTP/1.1 200 OK
Content-Length: 88
Connection: keep-alive
Content-Type: application/json
Date: Wed, 10 Jul 2019 21:02:37 GMT
Server: nginx/1.12.2
X-Concourse-Version: 5.3.0
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Frame-Options: deny
X-Xss-Protection: 1; mode=block
{"version":"5.3.0","worker_version":"2.1","external_url":"https://ci.example.org"}
setting team: a-team
role owner:
users:
- local:admin
groups:
- github:organization
apply team configuration? [yN]: y
2019/07/10 22:02:53 PUT /api/v1/teams/a-team HTTP/1.1
Host: ci.example.org
User-Agent: Go-http-client/1.1
Content-Length: 71
Content-Type: application/json
Accept-Encoding: gzip
{"auth":{"owner":{"groups":["github:organization"],"users":["local:admin"]}}}
2019/07/10 22:02:53 HTTP/1.1 401 Unauthorized
Content-Length: 14
Connection: keep-alive
Content-Type: text/plain; charset=utf-8
Date: Wed, 10 Jul 2019 21:02:53 GMT
Server: nginx/1.12.2
X-Concourse-Version: 5.3.0
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Frame-Options: deny
X-Xss-Protection: 1; mode=block
not authorized
could not find a valid token.
logging in to team 'main'
2019/07/10 22:02:53 GET /api/v1/info HTTP/1.1
Host: ci.example.org
User-Agent: Go-http-client/1.1
Accept-Encoding: gzip
could not reach the Concourse server called rdb-ci:
Get https://ci.example.org/api/v1/info: x509: certificate is valid for www.example.org, not ci.example.org
is the targeted Concourse running? better go catch it lol
I was auditing my spring web app's security and found a strange thing. Whenever I try to hit the address https://xxxxxxxxx.xxx/app then browser captures a document for downloading. But there is no API named "/app" is listed on my REST controller. Moreover, the document is blank.
Here is my request info:
GET /app HTTP/1.1
Host: xxxxxxxx.xxx
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Cookie: NG_TRANSLATE_LANG_KEY=%22en%22; count=0
Connection: close
Upgrade-Insecure-Requests: 1
Here is response sent from the server:
HTTP/1.1 200 OK
Server: nginx/1.13.12
Date: Tue, 05 Jun 2018 11:19:01 GMT
Content-Type: application/octet-stream
Content-Length: 0
Connection: close
Expires: Sun, 05 Jun 2022 11:19:01 GMT
Cache-Control: max-age=126230400000, public
X-XSS-Protection: 1; mode=block
Pragma: cache
Accept-Ranges: bytes
Last-Modified: Fri, 01 Jun 2018 08:50:14 GMT
X-Content-Type-Options: nosniff
X-Application-Context: some-app
Whenever I try it from my local system then there is no issue like this. I've already disabled the directory listing for my application but the problem is still there. Please let me know if any other information is required.
My NGINX conf is as follows:
server {
listen 443 ssl http2;
server_name xxxxxxxx.xxx;
# Configure SSL
ssl_certificate /etc/ssl/certs/nginx/xxxxxx.xxx.chained.crt;
ssl_certificate_key /etc/ssl/certs/nginx/xxxxxxx.key;
include /etc/nginx/includes/ssl.conf;
location / {
include /etc/nginx/includes/proxy.conf;
proxy_pass http://10.210.xx.xx:8080;
}
access_log off;
error_log /var/log/nginx/error.log error;
}
I'm watching 392 repositories on Github. However, the Github API only returns 100. Does anyone have any idea why?
https://github.com/api/v2/json/repos/watched/trivektor
You need to paginate manually using the page parameter. The HTTP Response headers will tell you the next and the last page, if available. Check the headers:
X-Next
X-Last
Examples:
curl -D- https://github.com/api/v2/json/repos/watched/trivektor
HTTP/1.1 200 OK
Server: nginx/1.0.4
Date: Sat, 22 Oct 2011 08:24:45 GMT
Content-Type: application/json; charset=utf-8
Connection: keep-alive
Status: 200 OK
X-RateLimit-Limit: 60
ETag: "c597e396e9f17b91c5c5a7e462ba954f"
X-Next: https://github.com/api/v2/json/repos/watched/trivektor?page=2
X-Last: https://github.com/api/v2/json/repos/watched/trivektor?page=5
Now the 2nd page:
curl -D- https://github.com/api/v2/json/repos/watched/trivektor?page=2
HTTP/1.1 200 OK
Server: nginx/1.0.4
Date: Sat, 22 Oct 2011 08:28:08 GMT
Content-Type: application/json; charset=utf-8
Connection: keep-alive
Status: 200 OK
X-RateLimit-Limit: 60
ETag: "c57d0e97e2062672cb3771467cf2abc7"
X-Next: https://github.com/api/v2/json/repos/watched/trivektor?page=3
X-Last: https://github.com/api/v2/json/repos/watched/trivektor?page=5
X-Frame-Options: deny
X-RateLimit-Remaining: 58
X-Runtime: 353ms
Content-Length: 44966
Cache-Control: private, max-age=0, must-revalidate
And the last one:
curl -D- https://github.com/api/v2/json/repos/watched/trivektor?page=5
HTTP/1.1 200 OK
Server: nginx/1.0.4
Date: Sat, 22 Oct 2011 08:28:30 GMT
Content-Type: application/json; charset=utf-8
Connection: keep-alive
Status: 200 OK
X-RateLimit-Limit: 60
ETag: "11ce44ebc229eab0dc31731b39e10dcf"
X-Frame-Options: deny
X-RateLimit-Remaining: 57
X-Runtime: 93ms
Content-Length: 7056
Cache-Control: private, max-age=0, must-revalidate
Very common for API's to limit the size of a response object to protect against outliers. Given that it's returning a round number, that suggests this is by design. I don't see them discussing paging in their docs, so it might just be a hard cap. Either way, you should just ping github.