Exit proc_lib gracefully on proxy header mismatch #1510
Conversation
|
Why wouldn't you want this to be logged? |
Put it another way, why would you do so just here? I think that the cause of death should be handled elsewhere and be given a chance to decide what to do with it. For example, I believe ranch already logs this. |
|
You've made it into a shutdown, shutdowns aren't logged: https://github.com/ninenines/ranch/blob/master/src/ranch_conns_sup.erl#L388 The proxy header missing is most likely a configuration error (on the proxy side), it should provide as much information as possible about the problem. |
Ah, that's the ranch line I was looking for. But then the issue is that the same error is logged twice, once as a crash report for proc_lib, another from Ranch's supervisor, isn't it? |
|
I have no idea what broke so much in the CI but wow how red everything is. Nevertheless I'm stuck wondering, how to deal with the crash reported twice (by proc_lib and ranch respectively). |
|
That's just the way it's done, you get a crash report and a supervisor report. Nothing unusual, you get the same for gen_*+supervisor as well. |
What about the case when the port is only being probed, that is, a load-balancer is only doing a tcp handshake and closing the connection, without sending any traffic whatsoever? |
|
Is there a deployment that has the combination of PROXY and such load balancer? |
Obscure swiss providers, and even some older offerings of AWS it seems to me, but I can't bet on it, I'm not in charge of the devops for the project I'm working on 😕 |
|
I'm happy to make it handle, say, |
That sounds fair, I agree with that one. Pushed a new version trying to do just that. |
|
Looks fine. Could you please add a test though? test/proxy_header_SUITE.erl should be the place. Also can you please confirm that in your environments you do get |
NelsonVides
force-pushed
the
proxy_protocol_graceful_failure
branch
from
85b05de
to
e380d05
Compare
|
I've just tried to write a test for it. Will deploy this in my env in the next few days and will let you know, in the meantime please let me know if the tests more or less follow cowboy's conventions. |
|
@essen tested in my environments, I do get |
|
OK thanks. It looks fine, I will just need to find time to look into it properly. It's either going to be tomorrow or in weeks. Hopefully tomorrow! |
|
Please don't add a new test group and instead make the test against all http/https/h2/h2c instead so we know it's working for both TCP and TLS and all protocols. |
Easy to change, just did it locally, but then it seems that some tests are failing randomly I suppose because of some race condition. |
|
Make sure it connects to the right host/port and if you can't figure it out please post the errors you see. |
NelsonVides
force-pushed
the
proxy_protocol_graceful_failure
branch
from
e380d05
to
55efbb1
Compare
|
Just pushed the test, it generally fails the https group with a timeout when waiting for the 'DOWN' message. |
|
Right, the Pid that |
|
There's a separate function for TLS. |
Just saw that, but that won't work, because it's doing ssl:sockname, and this socket is not yet a ssl socket, it's a barebones tcp:connect one. |
|
@essen now, I've pushed a new version of the test that does a bit of a hack, hopefully elegant, to correctly find the process we want to track the dead of. Hope you like the code, I await your comments :) |
|
@essen did you have a chance to review the latest changes? :) |
|
No but the tab is still open for whenever this can happen. |
Hi there, it's been a while, how's progress on this one? :) |
|
@essen heads up on this, any updates, plans? |
|
@essen it has been a while with no activity here, any updates on when, and if, this could be merged? |
|
When I have some free time. I think the PR is fine as-is by the way but I need to test it. |
|
Please rebase onto current master so that CI runs properly. I am planning to do a release with this and other things soon. |
If the proxy header was not to match (like, the header not being sent), cowboy libraries were expecting really strict matching and then crashing the proc_lib with a badmatch, that generates a hard error report. I believe this error should be expected and termination should be graceful.
NelsonVides
force-pushed
the
proxy_protocol_graceful_failure
branch
from
3ea2ba9
to
150cde9
Compare
Done. |
|
It's been quite a while since I worked on this and now this test seems to be failing in CI, however I can't even ct running locally. Do you have a guide somewhere on how to run tests? I'd like to fix this issue but I can't find how. |
|
Should be just It's likely a race condition in the test itself. I am going through a number of tickets/PRs so if you can work on this, great! If not, also great, I'll just pick it up when I get to it. Cheers. |
|
I've merged with minimal changes to the tests. Closing, thanks! |
If the proxy header was not to match (like, the header not being sent),
cowboy libraries were expecting really strict matching and then crashing
the proc_lib with a badmatch, that generates a hard error report. I
believe this error should be expected and termination should be graceful.