Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Blocker on turning on CDN caching #445

Open
orta opened this issue May 20, 2023 · 0 comments
Open

Blocker on turning on CDN caching #445

orta opened this issue May 20, 2023 · 0 comments

Comments

@orta
Copy link
Member

orta commented May 20, 2023

With cloudflare DNS caching:

> curl https://trunk.cocoapods.org/api/v1/pods/ARAnalytics -v
*   Trying 2606:4700:20::681a:f0:443...
* Connected to trunk.cocoapods.org (2606:4700:20::681a:f0) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS header, Finished (20):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.2 (OUT), TLS header, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
*  subject: C=US; ST=California; L=San Francisco; O=Cloudflare, Inc.; CN=sni.cloudflaressl.com
*  start date: May 11 00:00:00 2023 GMT
*  expire date: May 10 23:59:59 2024 GMT
*  subjectAltName: host "trunk.cocoapods.org" matched cert's "*.cocoapods.org"
*  issuer: C=US; O=Cloudflare, Inc.; CN=Cloudflare Inc ECC CA-3
*  SSL certificate verify ok.
* Using HTTP2, server supports multiplexing
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* Using Stream ID: 1 (easy handle 0x559f4d6c5e90)
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
> GET /api/v1/pods/ARAnalytics HTTP/2
> Host: trunk.cocoapods.org
> user-agent: curl/7.81.0
> accept: */*
> 
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* Connection state changed (MAX_CONCURRENT_STREAMS == 256)!
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
< HTTP/2 301 
< date: Sat, 20 May 2023 13:41:11 GMT
< content-type: text/html
< location: https://trunk.cocoapods.org/api/v1/pods/ARAnalytics
< x-xss-protection: 1; mode=block
< x-content-type-options: nosniff
< x-frame-options: SAMEORIGIN
< via: 1.1 vegur
< cf-cache-status: DYNAMIC
< report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rRtXIjUiKf%2BDrbcr8jJO0NsOckAxhGUXqtwEHz68N7qhB8%2BTpW0CJlj%2BCbKxd6%2BwgZD4YeayGEl7ffA4bSCu1IzBasVQ6L59zVBgbW943cDpTYRwHIwOHH0Lhs%2B45DZxHi%2F0lUE3TutUKrQO5tRknKg%3D"}],"group":"cf-nel","max_age":604800}
< nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
< server: cloudflare
< cf-ray: 7ca4fee5eb259558-DUB
< 
* Connection #0 to host trunk.cocoapods.org left intact

Without DNS caching:

> curl https://trunk.cocoapods.org/api/v1/pods/ARAnalytics -v
*   Trying 54.204.238.15:443...
* Connected to trunk.cocoapods.org (54.204.238.15) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS header, Finished (20):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.2 (OUT), TLS header, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN, server did not agree to a protocol
* Server certificate:
*  subject: CN=trunk.cocoapods.org
*  start date: May 17 00:36:36 2023 GMT
*  expire date: Aug 15 00:36:35 2023 GMT
*  subjectAltName: host "trunk.cocoapods.org" matched cert's "trunk.cocoapods.org"
*  issuer: C=US; O=Let's Encrypt; CN=R3
*  SSL certificate verify ok.
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
> GET /api/v1/pods/ARAnalytics HTTP/1.1
> Host: trunk.cocoapods.org
> User-Agent: curl/7.81.0
> Accept: */*
> 
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Server: Cowboy
< Date: Sat, 20 May 2023 13:41:56 GMT
< Connection: keep-alive
< Strict-Transport-Security: max-age=31536000
< Content-Type: application/json
< X-Content-Type-Options: nosniff
< Content-Length: 2885
< Via: 1.1 vegur
< 
* TLSv1.2 (IN), TLS header, Supplemental data (23):
{"versions":[{"name":"1.0","created_at":"2014-05-19 21:45:35 UTC"},{"name":"1.1","created_at":"2014-05-19 21:45:48 UTC"},{"name":"1.2","created_at":"2014-05-19 21:48:40 UTC"},{"name":"1.3","created_at":"2014-05-19 21:50:02 UTC"},{"name":"1.3.1","created_at":"2014-05-19 21:51:06 UTC"},{"name":"1.5","created_at":"2014-05-19 21:53:09 UTC"},{"name":"1.5.1","created_at":"2014-05-19 21:53:09 UTC"},{"name":"1.6","created_at":"2014-05-19 21:53:47 UTC"},{"name":"2.0","created_at":"2014-05-19 21:54:38 UTC"},{"name":"2.0.1","created_at":"2014-05-19 21:54:56 UTC"},{"name":"2.0.2","created_at":"2014-05-19 21:55:59 UTC"},{"name":"2.1.1","created_at":"2014-05-19 21:57:05 UTC"},{"name":"2.3.0","created_at":"2014-05-19 21:57:31 UTC"},{"name":"2.3.1","created_at":"2014-05-19 21:57:33 UTC"},{"name":"2.3.2","created_at":"2014-05-19 21:57:38 UTC"},{"name":"2.3.3","created_at":"2014-05-19 21:59:28 UTC"},{"name":"2.3.4","created_at":"2014-05-19 21:59:24 UTC"},{"name":"2.4.0","created_at":"2014-05-19 22:00:06 UTC"},{"name":"2.4.3","created_at":"2014-05-19 22:03:06 UTC"},{"name":"2.5.0","created_at":"2014-05-19 22:07:13 UTC"},{"name":"2.6.0","created_at":"2014-05-19 22:08:54 UTC"},{"name":"2.7.1","created_at":"2014-05-19 22:09:42 UTC"},{"name":"2.7.2","created_at":"2014-05-24 22:41:29 UTC"},{"name":"2.8.0","created_at":"2014-09-01 20:57:17 UTC"},{"name":"2.9.1","created_at":"2014-11-11 17:15:09 UTC"},{"name":"3.0.0","created_at":"2015-03-23 21:59:07 UTC"},{"name":"3.10.0","created_at":"2016-06-22 19:22:07 UTC"},{"name":"3.10.1","created_at":"2016-06-22 19:37:01 UTC"},{"name":"3.10.2","created_at":"2016-06-30 20:45:40 UTC"},{"name":"3.2.0","created_at":"2015-05-14 11:50:45 UTC"},{"name":"3.3.0","created_at":"2015-05-25 10:04:44 UTC"},{"name":"3.5.0","created_at":"2015-06-16 12:24:54 UTC"},{"name":"3.6.0","created_at":"2015-06-24 20:31:19 UTC"},{"name":"3.6.1","created_at":"2015-06-24 20:52:15 UTC"},{"name":"3.6.2","created_at":"2015-06-25 12:52:31 UTC"},{"name":"3.6.3","created_at":"2015-08-12 13:28:51 UTC"},{"name":"3.6.4","created_at":"* Connection #0 to host trunk.cocoapods.org left intact
2015-08-12 13:30:18 UTC"},{"name":"3.7.0","created_at":"2015-08-17 15:11:28 UTC"},{"name":"3.7.1","created_at":"2015-08-25 12:19:51 UTC"},{"name":"3.8.0","created_at":"2015-09-04 15:34:55 UTC"},{"name":"3.8.1","created_at":"2015-11-19 23:34:20 UTC"},{"name":"3.9.0","created_at":"2016-01-04 11:03:18 UTC"},{"name":"3.9.1","created_at":"2016-03-09 20:03:56 UTC"},{"name":"4.0.0","created_at":"2016-09-08 15:26:40 UTC"},{"name":"4.0.1","created_at":"2016-10-07 16:20:27 UTC"},{"name":"4.0.2","created_at":"2017-07-21 18:14:02 UTC"},{"name":"5.0.0","created_at":"2017-07-21 23:40:23 UTC"},{"name":"5.0.1","created_at":"2017-09-15 17:18:35 UTC"}],"owners":[{"created_at":"2014-05-19 21:36:13 UTC","email":"[email protected]","name":"Orta Therox"},{"created_at":"2014-05-19 21:48:58 UTC","email":"[email protected]","name":"Ash Furrow"}]}%
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@orta