Closed speller closed 1 year ago
speller
commented
2 years ago Answering my own question - it's possible to do with the host header passed. But the only issue is that the header name must be lower-case. This will not work: -H "Host: $ES_HOST".
speller
commented
2 years ago Also, documenting this would be very helpful.
okigan
commented
2 years ago I think I’ve heard of something similar.
Is that the same as specifying HOST header (different than hostname in the url)?
On Sep 4, 2021, at 9:52 PM, Alexander Pravdin @.***> wrote:
I'm trying to run awscurl to perform requests to the ES service through an SSH tunnel. The tunnel opens a local port connected to the ES service 443 port on the API endpoint. The tunnel is required to connect to a service not available to the public. The issue is that awscurl creates a signature using the URL passed in CLI. But the service hostname and port are different from the local URL. I need to make a signature using the real API endpoint, not using the local one. It would be nice to add this feature.
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or Android.
speller
commented
2 years ago I think I’ve heard of something similar. Is that the same as specifying HOST header (different than hostname in the URL)?
Yes, the same. I just described why I need that. My actual URL passed to awscurl is something like https://host.docker.internal:10443. But the signature must be created for the real service API endpoint hostname.
speller
commented
2 years ago Another minor suggestion: don't include the 443 port to the hostname to use in the signature if it was explicitly specified along with the https protocol. Using vpc-***.***.es.amazonaws.com:443 as the hostname in the signature cause validation failure.
okigan
commented
2 years ago Could you start a PR as section in the readme.md file - I’ll take it from there.
Thanks!
On Sep 4, 2021, at 10:02 PM, Alexander Pravdin @.***> wrote:
Also, documenting this would be very helpful.
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or Android.
okigan
commented
2 years ago Are you using latest version? I remember adding case insensitive logic before.
On Sep 4, 2021, at 10:02 PM, Alexander Pravdin @.***> wrote:
Answering my own question - it's possible to do with the host header passed. But the only issue is that the header name must be lower-case. This will not work: -H "Host: $ES_HOST".
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or Android.
okigan
commented
2 years ago Hmm, seems it’s a thing todo. Similar to: https://github.com/aws/aws-cli/issues/2883
On Sep 4, 2021, at 10:11 PM, Alexander Pravdin @.***> wrote:
Another minor suggestion: don't include the 443 port to the hostname to use in the signature if it was explicitly specified along with the https protocol. Using vpc-..es.amazonaws.com:443 as the hostname in the signature cause validation failure.
— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or Android.
speller
commented
2 years ago Are you using latest version? I remember adding case insensitive logic before.
I'm using the latest version in the Docker container.
okigan
commented
2 years ago @speller review the above please
okigan
commented
1 year ago @speller Bumping up old thread. Would you review the above for the upcoming release?
speller
commented
1 year ago @okigan sorry for the late reply. It seems trimming the default port should solve the issue.
okigan
commented
1 year ago Branch merged -- closing issue.
I'm trying to run awscurl to perform requests to the ES service through an SSH tunnel. The tunnel opens a local port connected to the ES service 443 port on the API endpoint. The tunnel is required to connect to a service not available to the public. The issue is that awscurl creates a signature using the URL passed in CLI. But the service hostname and port are different from the local URL. I need to make a signature using the real API endpoint, not using the local one. It would be nice to add this feature.