Lati igbesi aye pẹlu Kubernetes: Bawo ni olupin HTTP ko ṣe ojurere fun awọn ara ilu Sipeeni

Aṣoju ti alabara wa, ẹniti akopọ ohun elo n gbe inu awọsanma lati Microsoft (Azure), koju iṣoro kan: laipẹ, diẹ ninu awọn ibeere lati ọdọ awọn alabara kan lati Yuroopu bẹrẹ si pari pẹlu aṣiṣe 400 (Ibere ​​buruku). Gbogbo awọn ohun elo ni a kọ sinu .NET, ti a fi ranṣẹ si Kubernetes ...

Ọkan ninu awọn ohun elo ni API, nipasẹ eyiti gbogbo awọn ijabọ ba wa nikẹhin. Ti tẹtisi ijabọ yii nipasẹ olupin HTTP kestrel, tunto nipasẹ alabara NET ati gbalejo ni adarọ-ese kan. Pẹlu n ṣatunṣe aṣiṣe, a ni orire ni ori pe olumulo kan wa ti o tun ṣe atunṣe iṣoro naa nigbagbogbo. Sibẹsibẹ, ohun gbogbo ni idiju nipasẹ ẹwọn ijabọ:

Aṣiṣe ni Ingress dabi eyi:

{
   "number_fields":{
      "status":400,
      "request_time":0.001,
      "bytes_sent":465,
      "upstream_response_time":0,
      "upstream_retries":0,
      "bytes_received":2328
   },
   "stream":"stdout",
   "string_fields":{
      "ingress":"app",
      "protocol":"HTTP/1.1",
      "request_id":"f9ab8540407208a119463975afda90bc",
      "path":"/api/sign-in",
      "nginx_upstream_status":"400",
      "service":"app",
      "namespace":"production",
      "location":"/front",
      "scheme":"https",
      "method":"POST",
      "nginx_upstream_response_time":"0.000",
      "nginx_upstream_bytes_received":"120",
      "vhost":"api.app.example.com",
      "host":"api.app.example.com",
      "user":"",
      "address":"83.41.81.250",
      "nginx_upstream_addr":"10.240.0.110:80",
      "referrer":"https://api.app.example.com/auth/login?long_encrypted_header",
      "service_port":"http",
      "user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36",
      "time":"2019-03-06T18:29:16+00:00",
      "content_kind":"cache-headers-not-present",
      "request_query":""
   },
   "timestamp":"2019-03-06 18:29:16",
   "labels":{
      "app":"nginx",
      "pod-template-generation":"6",
      "controller-revision-hash":"1682636041"
   },
   "namespace":"kube-nginx-ingress",
   "nsec":6726612,
   "source":"kubernetes",
   "host":"k8s-node-55555-0",
   "pod_name":"nginx-v2hcb",
   "container_name":"nginx",
   "boolean_fields":{}
}

Ni akoko kanna, Kestrel fun:

HTTP/1.1 400 Bad Request
Connection: close
Date: Wed, 06 Mar 2019 12:34:20 GMT
Server: Kestrel
Content-Length: 0

Paapaa pẹlu ọrọ-ọrọ ti o pọju, aṣiṣe Kestrel wa ninu pupọju kekere alaye to wulo:

{
   "number_fields":{"ThreadId":76},
   "stream":"stdout",
   "string_fields":{
      "EventId":"{"Id"=>17, "Name"=>"ConnectionBadRequest"}",
      "SourceContext":"Microsoft.AspNetCore.Server.Kestrel",
      "ConnectionId":"0HLL2VJSST5KV",
      "@mt":"Connection id "{ConnectionId}" bad request data: "{message}"",
      "@t":"2019-03-07T13:06:48.1449083Z",
      "@x":"Microsoft.AspNetCore.Server.Kestrel.Core.BadHttpRequestException: Malformed request: invalid headers.n   at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.Http1Connection.TryParseRequest(ReadResult result, Boolean& endConnection)n   at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.<ProcessRequestsAsync>d__185`1.MoveNext()",
      "message":"Malformed request: invalid headers."
   },
   "timestamp":"2019-03-07 13:06:48",
   "labels":{
      "pod-template-hash":"2368795483",
      "service":"app"
   },
   "namespace":"production",
   "nsec":145341848,
   "source":"kubernetes",
   "host":"k8s-node-55555-1",
   "pod_name":"app-67bdcf98d7-mhktx",
   "container_name":"app",
   "boolean_fields":{}
}

Yoo dabi pe tcpdump nikan yoo ṣe iranlọwọ lati yanju iṣoro yii… ṣugbọn Emi yoo tun ṣe nipa pq ijabọ:

Iwadii

O han ni, o dara lati gbọ ijabọ lori ipade kan pato, Nibi ti Kubernetes ti gbe podu kan: iwọn didun ti idalẹnu yoo jẹ iru pe yoo ṣee ṣe lati wa o kere ju ohun kan lẹwa ni kiakia. Ati nitootọ, nigbati o ṣe ayẹwo rẹ, a ṣe akiyesi fireemu atẹle:

GET /back/user HTTP/1.1
Host: api.app.example.com
X-Request-ID: 27ceb14972da8c21a8f92904b3eff1e5
X-Real-IP: 83.41.81.250
X-Forwarded-For: 83.41.81.250
X-Forwarded-Host: api.app.example.com
X-Forwarded-Port: 443
X-Forwarded-Proto: https
X-Original-URI: /front/back/user
X-Scheme: https
X-Original-Forwarded-For: 83.41.81.250
X-Nginx-Geo-Client-Country: Spain
X-Nginx-Geo-Client-City: M.laga
Accept-Encoding: gzip
CF-IPCountry: ES
CF-RAY: 4b345cfd1c4ac691-MAD
CF-Visitor: {"scheme":"https"}
pragma: no-cache
cache-control: no-cache
accept: application/json, text/plain, */*
origin: https://app.example.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36
referer: https://app.example.com/auth/login
accept-language: en-US,en;q=0.9,en-GB;q=0.8,pl;q=0.7
cookie: many_encrypted_cookies; .AspNetCore.Identity.Application=something_encrypted; 
CF-Connecting-IP: 83.41.81.250
True-Client-IP: 83.41.81.250
CDN-Loop: cloudflare

HTTP/1.1 400 Bad Request
Connection: close
Date: Wed, 06 Mar 2019 12:34:20 GMT
Server: Kestrel
Content-Length: 0

Nigbati o ba wo isunmọ ti idalẹnu naa, a ṣe akiyesi ọrọ naa M.laga. O rorun lati gboju le won pe ko si ilu M.laga ni Spain (ṣugbọn o wa Malaga). Ni gbigba lori imọran yii, a wo awọn atunto Ingress, nibiti a ti rii ọkan ti a fi sii ni oṣu kan sẹhin (ni ibeere alabara) "laiseniyan" snippet:

    ingress.kubernetes.io/configuration-snippet: |
      proxy_set_header X-Nginx-Geo-Client-Country $geoip_country_name;
      proxy_set_header X-Nginx-Geo-Client-City $geoip_city;

Lẹhin piparẹ gbigbe siwaju ti awọn akọle wọnyi, ohun gbogbo dara! (Laipẹ o han gbangba pe ohun elo funrararẹ ko nilo awọn akọle wọnyi mọ.)

Bayi jẹ ki a wo iṣoro naa diẹ sii ni gbogbogbo. O le ni irọrun tun ṣe inu ohun elo nipasẹ ṣiṣe ibeere telnet kan si localhost:80:

GET /back/user HTTP/1.1
Host: api.app.example.com
cache-control: no-cache
accept: application/json, text/plain, */*
origin: https://app.example.com
Cookie: test=Desiree

... pada 401 Unauthorized, bi o ti ṣe yẹ. Kini yoo ṣẹlẹ ti a ba ṣe:

GET /back/user HTTP/1.1
Host: api.app.example.com
cache-control: no-cache
accept: application/json, text/plain, */*
origin: https://app.example.com
Cookie: test=Désirée

?

Yoo pada 400 Bad request - ninu akọọlẹ ohun elo a yoo gba aṣiṣe kan ti o ti mọ tẹlẹ si wa:

{
   "@t":"2019-03-31T12:59:54.3746446Z",
   "@mt":"Connection id "{ConnectionId}" bad request data: "{message}"",
   "@x":"Microsoft.AspNetCore.Server.Kestrel.Core.BadHttpRequestException: Malformed request: invalid headers.n   at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.Http1Connection.TryParseRequest(ReadResult result, Boolean& endConnection)n   at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.<ProcessRequestsAsync>d__185`1.MoveNext()",
   "ConnectionId":"0HLLLR1J974L9",
   "message":"Malformed request: invalid headers.",
   "EventId":{
      "Id":17,
      "Name":"ConnectionBadRequest"
   },
   "SourceContext":"Microsoft.AspNetCore.Server.Kestrel",
   "ThreadId":71
}

Awọn esi

Ni pato Kestrel ko le Ilana HTTP ti o tọ pẹlu awọn ohun kikọ ti o pe ni UTF-8, eyiti o wa ninu awọn orukọ ti nọmba nla ti awọn ilu.

Ohun afikun ninu ọran wa ni pe alabara ko gbero lọwọlọwọ lati yi imuse ti Kestrel pada ninu ohun elo naa. Sibẹsibẹ, awọn iṣoro ni AspNetCore funrararẹ (No.4318, No.7707) wọn sọ pe eyi kii yoo ran...

Lati ṣe akopọ: akọsilẹ ko si nipa awọn iṣoro kan pato ti Kestrel tabi UTF-8 (ni ọdun 2019?!), Ṣugbọn nipa otitọ pe iṣaro ati ikẹkọ deede Gbogbo igbesẹ ti o ba ṣe lakoko wiwa awọn iṣoro yoo pẹ tabi nigbamii so eso. Orire daada!

PS

Ka tun lori bulọọgi wa:

• «Awọn idun eto idanilaraya 6 ni iṣẹ Kubernetes [ati ojutu wọn]»;
• «Awọn imọran Kubernetes & ẹtan: awọn oju-iwe aṣiṣe aṣa ni NGINX Ingress»;
• «Akopọ ati lafiwe ti awọn olutona Ingress fun Kubernetes»;
• «Mimojuto awọn pings laarin awọn apa Kubernetes - ohunelo wa»;
• «3 dani igba nipa Linux nẹtiwọki subsystem».

orisun: www.habr.com