barnacs / compy

HTTP/HTTPS compression proxy
ISC License
207 stars 35 forks source link

Diagnostics endpoint not working #39

Closed RReverser closed 6 years ago

RReverser commented 6 years ago

I saw diagnostic endpoint in #22 but can't get it to work.

I keep getting following:

$ curl https://localhost:9999/ -kv
*   Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 9999 (#0)
* found 148 certificates in /etc/ssl/certs/ca-certificates.crt
* found 592 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256
*    server certificate verification SKIPPED
*    server certificate status verification SKIPPED
*    common name: localhost (matched)
*    server certificate expiration date OK
*    server certificate activation date OK
*    certificate public key: RSA
*    certificate version: #3
*    subject: CN=localhost
*    start date: Wed, 18 Apr 2018 18:20:01 GMT
*    expire date: Sat, 15 Apr 2028 18:20:01 GMT
*    issuer: CN=localhost
*    compression: NULL
* ALPN, server accepted to use http/1.1
> GET / HTTP/1.1
> Host: localhost:9999
> User-Agent: curl/7.47.0
> Accept: */*
>
< HTTP/1.1 500 Internal Server Error
< Date: Wed, 18 Apr 2018 18:20:37 GMT
< Content-Length: 0
<
* Connection #0 to host localhost left intact

and in logs:

2018/04/18 18:20:37 serving request: /
2018/04/18 18:20:37 http: TLS handshake error from 127.0.0.1:47946: tls: first record does not look like a TLS handshake
2018/04/18 18:20:37 error forwarding request: net/http: HTTP/1.x transport connection broken: malformed HTTP response "\x15\x03\x01\x00\x02\x02" while serving request: http://localhost:9999/

I'm using docker version of compy without any special config.

One weird thing I've noticed is "while serving request: http://localhost:9999/" in logs even though I'm hitting proxy itself as https (because it works in HTTPS proxy mode).

RReverser commented 6 years ago

Interesting, when I've built in on my host (Ubuntu 16.04.4), it works just fine and TLS errors don't occur. Perhaps something wrong with dependencies used in Dockerfile? cc @gaul

RReverser commented 6 years ago

Ok, after extensive debugging found the reason... indeed it won't work with Docker as-is.

RReverser commented 6 years ago

Ideally this would be handled by existing Dockerfile, but for now fixed with passing explicit hostname parameter to Docker to propagate hostname of the parent machine so that comparison in proxy.go works.