Closed speller closed 1 year ago
Answering my own question - it's possible to do with the host
header passed. But the only issue is that the header name must be lower-case. This will not work: -H "Host: $ES_HOST"
.
Also, documenting this would be very helpful.
I think I’ve heard of something similar.
Is that the same as specifying HOST header (different than hostname in the url)?
On Sep 4, 2021, at 9:52 PM, Alexander Pravdin @.***> wrote:
I'm trying to run awscurl to perform requests to the ES service through an SSH tunnel. The tunnel opens a local port connected to the ES service 443 port on the API endpoint. The tunnel is required to connect to a service not available to the public. The issue is that awscurl creates a signature using the URL passed in CLI. But the service hostname and port are different from the local URL. I need to make a signature using the real API endpoint, not using the local one. It would be nice to add this feature.
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or Android.
I think I’ve heard of something similar. Is that the same as specifying HOST header (different than hostname in the URL)?
Yes, the same. I just described why I need that. My actual URL passed to awscurl is something like https://host.docker.internal:10443
. But the signature must be created for the real service API endpoint hostname.
Another minor suggestion: don't include the 443 port to the hostname to use in the signature if it was explicitly specified along with the https protocol. Using vpc-***.***.es.amazonaws.com:443
as the hostname in the signature cause validation failure.
Could you start a PR as section in the readme.md file - I’ll take it from there.
Thanks!
On Sep 4, 2021, at 10:02 PM, Alexander Pravdin @.***> wrote:
Also, documenting this would be very helpful.
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or Android.
Are you using latest version? I remember adding case insensitive logic before.
On Sep 4, 2021, at 10:02 PM, Alexander Pravdin @.***> wrote:
Answering my own question - it's possible to do with the host header passed. But the only issue is that the header name must be lower-case. This will not work: -H "Host: $ES_HOST".
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or Android.
Hmm, seems it’s a thing todo. Similar to: https://github.com/aws/aws-cli/issues/2883
On Sep 4, 2021, at 10:11 PM, Alexander Pravdin @.***> wrote:
Another minor suggestion: don't include the 443 port to the hostname to use in the signature if it was explicitly specified along with the https protocol. Using vpc-..es.amazonaws.com:443 as the hostname in the signature cause validation failure.
— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or Android.
Are you using latest version? I remember adding case insensitive logic before.
I'm using the latest version in the Docker container.
@speller review the above please
@speller Bumping up old thread. Would you review the above for the upcoming release?
@okigan sorry for the late reply. It seems trimming the default port should solve the issue.
Branch merged -- closing issue.
I'm trying to run awscurl to perform requests to the ES service through an SSH tunnel. The tunnel opens a local port connected to the ES service 443 port on the API endpoint. The tunnel is required to connect to a service not available to the public. The issue is that awscurl creates a signature using the URL passed in CLI. But the service hostname and port are different from the local URL. I need to make a signature using the real API endpoint, not using the local one. It would be nice to add this feature.