Wakilin abokin cinikinmu, wanda tarin aikace-aikacensa ke zaune a cikin girgijen Microsoft (Azure), ya magance matsala: kwanan nan, wasu buƙatun daga wasu abokan ciniki daga Turai sun fara ƙarewa da kuskure 400 (). Ana rubuta duk aikace-aikacen a cikin NET, an tura su a Kubernetes ...
Ɗaya daga cikin aikace-aikacen shine API, wanda duk zirga-zirga ya zo a ƙarshe. Sabar HTTP tana sauraron wannan zirga-zirga , abokin ciniki na NET ya saita kuma an shirya shi a cikin kwasfa. Tare da gyara kuskure, mun yi sa'a ta ma'anar cewa akwai takamaiman mai amfani wanda akai-akai sake haifar da matsalar. Koyaya, komai ya rikitar da sarkar zirga-zirga:
Kuskuren Ingress yayi kama da haka:
{
"number_fields":{
"status":400,
"request_time":0.001,
"bytes_sent":465,
"upstream_response_time":0,
"upstream_retries":0,
"bytes_received":2328
},
"stream":"stdout",
"string_fields":{
"ingress":"app",
"protocol":"HTTP/1.1",
"request_id":"f9ab8540407208a119463975afda90bc",
"path":"/api/sign-in",
"nginx_upstream_status":"400",
"service":"app",
"namespace":"production",
"location":"/front",
"scheme":"https",
"method":"POST",
"nginx_upstream_response_time":"0.000",
"nginx_upstream_bytes_received":"120",
"vhost":"api.app.example.com",
"host":"api.app.example.com",
"user":"",
"address":"83.41.81.250",
"nginx_upstream_addr":"10.240.0.110:80",
"referrer":"https://api.app.example.com/auth/login?long_encrypted_header",
"service_port":"http",
"user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36",
"time":"2019-03-06T18:29:16+00:00",
"content_kind":"cache-headers-not-present",
"request_query":""
},
"timestamp":"2019-03-06 18:29:16",
"labels":{
"app":"nginx",
"pod-template-generation":"6",
"controller-revision-hash":"1682636041"
},
"namespace":"kube-nginx-ingress",
"nsec":6726612,
"source":"kubernetes",
"host":"k8s-node-55555-0",
"pod_name":"nginx-v2hcb",
"container_name":"nginx",
"boolean_fields":{}
}A lokaci guda, Kestrel ya ba da:
HTTP/1.1 400 Bad Request
Connection: close
Date: Wed, 06 Mar 2019 12:34:20 GMT
Server: Kestrel
Content-Length: 0Ko da tare da iyakar magana, kuskuren Kestrel ya ƙunshi musamman kadan bayanai masu amfani:
{
"number_fields":{"ThreadId":76},
"stream":"stdout",
"string_fields":{
"EventId":"{"Id"=>17, "Name"=>"ConnectionBadRequest"}",
"SourceContext":"Microsoft.AspNetCore.Server.Kestrel",
"ConnectionId":"0HLL2VJSST5KV",
"@mt":"Connection id "{ConnectionId}" bad request data: "{message}"",
"@t":"2019-03-07T13:06:48.1449083Z",
"@x":"Microsoft.AspNetCore.Server.Kestrel.Core.BadHttpRequestException: Malformed request: invalid headers.n at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.Http1Connection.TryParseRequest(ReadResult result, Boolean& endConnection)n at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.<ProcessRequestsAsync>d__185`1.MoveNext()",
"message":"Malformed request: invalid headers."
},
"timestamp":"2019-03-07 13:06:48",
"labels":{
"pod-template-hash":"2368795483",
"service":"app"
},
"namespace":"production",
"nsec":145341848,
"source":"kubernetes",
"host":"k8s-node-55555-1",
"pod_name":"app-67bdcf98d7-mhktx",
"container_name":"app",
"boolean_fields":{}
}Yana da alama cewa tcpdump kawai zai taimaka wajen magance wannan matsala ... amma zan maimaita game da sarkar zirga-zirga:
Bincike
Babu shakka, yana da kyau a saurari zirga-zirga akan wannan kulli na musamman, Inda Kubernetes ya ƙaddamar da kwasfa: ƙarar juji zai zama irin wannan cewa zai yiwu a sami akalla wani abu mai kyau da sauri. Kuma lalle ne, a lõkacin da nazarinsa, da wadannan frame aka lura:
GET /back/user HTTP/1.1
Host: api.app.example.com
X-Request-ID: 27ceb14972da8c21a8f92904b3eff1e5
X-Real-IP: 83.41.81.250
X-Forwarded-For: 83.41.81.250
X-Forwarded-Host: api.app.example.com
X-Forwarded-Port: 443
X-Forwarded-Proto: https
X-Original-URI: /front/back/user
X-Scheme: https
X-Original-Forwarded-For: 83.41.81.250
X-Nginx-Geo-Client-Country: Spain
X-Nginx-Geo-Client-City: M.laga
Accept-Encoding: gzip
CF-IPCountry: ES
CF-RAY: 4b345cfd1c4ac691-MAD
CF-Visitor: {"scheme":"https"}
pragma: no-cache
cache-control: no-cache
accept: application/json, text/plain, */*
origin: https://app.example.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36
referer: https://app.example.com/auth/login
accept-language: en-US,en;q=0.9,en-GB;q=0.8,pl;q=0.7
cookie: many_encrypted_cookies; .AspNetCore.Identity.Application=something_encrypted;
CF-Connecting-IP: 83.41.81.250
True-Client-IP: 83.41.81.250
CDN-Loop: cloudflare
HTTP/1.1 400 Bad Request
Connection: close
Date: Wed, 06 Mar 2019 12:34:20 GMT
Server: Kestrel
Content-Length: 0
Bayan an duba juji, an lura da kalmar M.laga. Yana da sauƙi a yi tsammani cewa babu birnin M.laga a Spain (amma akwai ). Yin amfani da wannan ra'ayin, mun kalli Ingress configs, inda muka ga wanda aka saka wata daya da ya wuce (a buƙatar abokin ciniki) "mara lahani" snippet:
ingress.kubernetes.io/configuration-snippet: |
proxy_set_header X-Nginx-Geo-Client-Country $geoip_country_name;
proxy_set_header X-Nginx-Geo-Client-City $geoip_city;Bayan kashe tura waɗannan masu kai, komai ya yi kyau! (Ba da daɗewa ba ya bayyana cewa aikace-aikacen kanta baya buƙatar waɗannan rubutun.)
Yanzu bari mu dubi matsalar gabaɗaya. Ana iya sake bugawa cikin sauƙi a cikin aikace-aikacen ta yin buƙatar telnet zuwa localhost:80:
GET /back/user HTTP/1.1
Host: api.app.example.com
cache-control: no-cache
accept: application/json, text/plain, */*
origin: https://app.example.com
Cookie: test=Desiree
... dawo 401 Unauthorized, kamar yadda ake tsammani. Me zai faru idan muka yi:
GET /back/user HTTP/1.1
Host: api.app.example.com
cache-control: no-cache
accept: application/json, text/plain, */*
origin: https://app.example.com
Cookie: test=Désirée?
Zai dawo 400 Bad request - a cikin log ɗin aikace-aikacen za mu sami kuskure wanda ya riga ya saba da mu:
{
"@t":"2019-03-31T12:59:54.3746446Z",
"@mt":"Connection id "{ConnectionId}" bad request data: "{message}"",
"@x":"Microsoft.AspNetCore.Server.Kestrel.Core.BadHttpRequestException: Malformed request: invalid headers.n at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.Http1Connection.TryParseRequest(ReadResult result, Boolean& endConnection)n at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.<ProcessRequestsAsync>d__185`1.MoveNext()",
"ConnectionId":"0HLLLR1J974L9",
"message":"Malformed request: invalid headers.",
"EventId":{
"Id":17,
"Name":"ConnectionBadRequest"
},
"SourceContext":"Microsoft.AspNetCore.Server.Kestrel",
"ThreadId":71
}Sakamakon
Musamman Kestrel daidai aiwatar da taken HTTP tare da ingantattun haruffa a cikin UTF-8, waɗanda ke ƙunshe a cikin sunayen ɗimbin biranen.
Wani ƙarin abu a cikin yanayinmu shine cewa abokin ciniki ba a halin yanzu yana shirin canza aiwatar da Kestrel a cikin aikace-aikacen. Koyaya, batutuwa a cikin AspNetCore kanta (, ) sun ce hakan ba zai taimaka ba...
Don taƙaitawa: bayanin kula ba game da takamaiman matsalolin Kestrel ko UTF-8 (a cikin 2019?!), amma game da gaskiyar cewa hankali da nazari akai akai Duk matakin da kuka ɗauka yayin neman matsaloli ba dade ko ba dade zai ba da 'ya'ya. Sa'a!
PS
Karanta kuma a kan shafinmu:
- «";
- «";
- «";
- «";
- «".
source: www.habr.com