bug: When using HTTPS with APISIX, it do not support chunked transfer.

linzhanglong commented 6 months ago

Current Behavior

If using HTTP, it works normally.

Expected Behavior

using HTTPS, it can works normally

Error Logs

no error

Steps to Reproduce

Request header:

Host: 10.103.250.244:4430
User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:101.0) Gecko/20100101 Firefox/101.0
Accept: multipart/mixed;deferSpec=20220824,application/json
Accept-Language: zh_CN
Accept-Encoding: gzip, deflate, br
Referer: https://10.103.250.244:4430/
content-type: application/json
Origin: https://10.103.250.244:4430
Content-Length: 1599
Connection: keep-alive
Cookie: UEDC_LOGIN_LANGUAGE=zh_CN; language=zh_CN; SF_SID=20240104215038-f624ceaa919d93719dbfa6e34797b1bd; CSRFPreventionToken=e7c30bf45329720d486249f3c8d050fb; aCMPAuthToken=9a81c25f557b66129d3f4a3c7188092c; login=local; jump_back=; recent_uid=8bb5c4a1396840368a813753d61d46e2
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

request payload:

{"operationName":"GetOverview","variables":{},"query":"query GetOverview {\n  index {\n    stat {\n      containerApps {\n        ingresses\n        namespaces\n        persistentVolumeClaims\n        pods {\n          failed\n          pending\n          running\n          succeeded\n          unknown\n          total\n        }\n        services\n        workloads {\n          creating\n          running\n          total\n        }\n      }\n      containerPlatform {\n        clusters {\n          deleting\n          deployFailed\n          failed\n          pending\n          running\n          total\n        }\n        nodes {\n          deleteFailed\n          deleting\n          deployFailed\n          failed\n          pending\n          running\n          total\n        }\n        persistentVolumes\n        storageClasses\n      }\n      infrastructure {\n        hciResourcePools\n        physicalHosts {\n          offline\n          online\n          total\n        }\n      }\n    }\n    ... @defer {\n      monitorTopN {\n        cpu {\n          clusterAlias\n          clusterId\n          clusterName\n          usage {\n            usagePercentage\n            used\n          }\n        }\n        memory {\n          clusterAlias\n          clusterId\n          clusterName\n          usage {\n            usagePercentage\n            used\n          }\n        }\n        storage {\n          clusterAlias\n          clusterId\n          clusterName\n          usage {\n            usagePercentage\n            used\n          }\n        }\n      }\n    }\n  }\n}\n"}

Environment

APISIX version (run apisix version): 3.4.2
Operating system (run uname -a): Linux master-01 4.18.0-372.19.1.49.po1.x86_64 #1 SMP Tue Apr 18 02:53:31 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
OpenResty / Nginx version (run openresty -V or nginx -V):
etcd version, if relevant (run curl http://127.0.0.1:9090/v1/server_info):
APISIX Dashboard version, if relevant:
Plugin runner version, for issues related to plugin runners:
LuaRocks version, for installation issues (run luarocks --version):

shreemaan-abhishek commented 6 months ago

please provide detailed steps to reproduce. I just gave it a try and it works:

create following route:

curl "http://127.0.0.1:9180/apisix/admin/routes/1" -X PUT \
-H "X-API-KEY: ${ADMIN_API_KEY}" \
-d '{
"uri": "/post",
"upstream": {
  "type": "roundrobin",
  "nodes": {
    "httpbin.org:443": 1
  },
  "scheme": "https"
}
}'

send a request with Transfer-Encoding: chunked header:


curl "http://127.0.0.1:9080/post" -X POST -vvv \
-H "transfer-encoding: chunked" \
-d "asdfgwuierhw9rghad98ghqwe98gqhwre9g8h9hd9vqhwe98ghqwe98ghwg" \
-i
Note: Unnecessary use of -X or --request, POST is already inferred.

Trying 127.0.0.1:9080...
Connected to 127.0.0.1 (127.0.0.1) port 9080

POST /post HTTP/1.1 Host: 127.0.0.1:9080 User-Agent: curl/8.4.0 Accept: / transfer-encoding: chunked Content-Type: application/x-www-form-urlencoded

< HTTP/1.1 200 OK HTTP/1.1 200 OK < Content-Type: application/json Content-Type: application/json < Content-Length: 523 Content-Length: 523 < Connection: keep-alive Connection: keep-alive < Date: Fri, 05 Jan 2024 10:05:00 GMT Date: Fri, 05 Jan 2024 10:05:00 GMT < Access-Control-Allow-Origin: Access-Control-Allow-Origin: < Access-Control-Allow-Credentials: true Access-Control-Allow-Credentials: true < Server: APISIX/3.7.0 Server: APISIX/3.7.0

< { "args": {}, "data": "", "files": {}, "form": { "asdfgwuierhw9rghad98ghqwe98gqhwre9g8h9hd9vqhwe98ghqwe98ghwg": "" }, "headers": { "Accept": "/", "Content-Length": "59", "Content-Type": "application/x-www-form-urlencoded", "Host": "127.0.0.1", "User-Agent": "curl/8.4.0", "X-Amzn-Trace-Id": "Root=1-6597d44c-569a751f418e33f73f5d3ec1", "X-Forwarded-Host": "127.0.0.1" }, "json": null, "origin": "127.0.0.1, 163.47.148.18", "url": "https://127.0.0.1/post" }

Connection #0 to host 127.0.0.1 left intact

hanqingwu commented 6 months ago

Hi @shreemaan-abhishek , i think @linzhanglong excepts https://127.0.0.1:9443/post chunked transfer works normal

linzhanglong commented 6 months ago

Yes, chunked transfer works normally with HTTP, but not with HTTPS. When testing the request through Postman tool, under the HTTPS, the request remains at the "Transfer Start" phase until the transfer is complete. However, under HTTP, the "Transfer Start" phase finishes quickly, and most of the time is spent in the "Download" phase.

linzhanglong commented 6 months ago

Hello, The proxy_buffering off; can solve the issue, but why doesn't HTTP have this problem (maybe transfer size diff)? and can it apply only a route by plugin? @shreemaan-abhishek

Abhijeetmishr commented 6 months ago

@linzhanglong @hanqingwu @shreemaan-abhishek I want to work on this issue I have tried checking based on above details. Correct me If I am wrong

Request

curl "http://127.0.0.1:9080/post" -X POST -vvv \ -H "transfer-encoding: chunked" \ -d "asdfgwuierhw9rghad98ghqwe98gqhwre9g8h9hd9vqhwe98ghqwe98ghwg" \ -i

Response

{ "args": {}, "data": "", "files": {}, "form": { "asdfgwuierhw9rghad98ghqwe98gqhwre9g8h9hd9vqhwe98ghqwe98ghwg": "" }, "headers": { "Accept": "/", "Content-Length": "59", "Content-Type": "application/x-www-form-urlencoded", "Host": "127.0.0.1", "User-Agent": "curl/7.84.0", "X-Amzn-Trace-Id": "Root=1-659a76fd-6b45a62f3a0678c265b0a3d5", "X-Forwarded-Host": "127.0.0.1" }, "json": null, "origin": "172.20.0.1, 49.205.40.78", "url": "https://127.0.0.1/post" }

USING HTTP

Request

curl "https://127.0.0.1:9080/post" -X POST -vvv -H "transfer-encoding: chunked" -d "asdfgwuierhw9rghad98ghqwe98gqhwre9g8h9hd9vqhwe98ghqwe98ghwg" -i

Response

error:1408F10B:SSL routines:ssl3_get_record:wrong version number

SilentEntity commented 6 months ago

Are you sending https(https://127.0.0.1:9080/post) request on http port(http://127.0.0.1:9080/post) ? @Abhijeetmishr

Abhijeetmishr commented 6 months ago

Are you sending https(https://127.0.0.1:9080/post) request on http port(http://127.0.0.1:9080/post) ? @Abhijeetmishr

I think so not sure, okay got it that is why it is giving SSL certificate error both http and https runs on diff ports

shreemaan-abhishek commented 5 months ago

@linzhanglong can you confirm if you have http2 enabled in your apisix config? https://github.com/shreemaan-abhishek/apisix/blob/3a48d17889cf1283e63a6e2b44ed33ab07dc4588/conf/config-default.yaml#L99

apache / apisix