search

soundcloud / api

A public repo for our Developer Community to engage about bugs and feature requests on our Public API
150 stars 24 forks source link

Feed requests from Hetzner Helsinki Datacenter lead to gateway error #324

Open Bogdanp opened 2 months ago

Bogdanp commented 2 months ago

Title: Requests from Hetzner Helsinki Datacenter lead to gateway error

Issue found of: September 21, 2024

Endpoint(s):

Steps to reproduce:

$ curl -v https://feeds.soundcloud.com/users/soundcloud:users:627190089/sounds.rss
*   Trying 108.156.22.68:443...
* TCP_NODELAY set
* Connected to feeds.soundcloud.com (108.156.22.68) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=*.soundcloud.com
*  start date: Feb  6 12:22:15 2024 GMT
*  expire date: Mar  9 12:22:14 2025 GMT
*  subjectAltName: host "feeds.soundcloud.com" matched cert's "*.soundcloud.com"
*  issuer: C=BE; O=GlobalSign nv-sa; CN=GlobalSign GCC R3 DV TLS CA 2020
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x5629715c3650)
> GET /users/soundcloud:users:627190089/sounds.rss HTTP/2
> Host: feeds.soundcloud.com
> user-agent: curl/7.68.0
> accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
< HTTP/2 503
< content-length: 945
< date: Sat, 21 Sep 2024 07:12:12 GMT
< x-cache: Error from cloudfront
< via: 1.1 e3d7e26a5df51c85de01773b18b95a58.cloudfront.net (CloudFront)
< x-amz-cf-pop: HEL51-P1
< x-amz-cf-id: bQxWZ4tdU1j8amHXVpHwbPwJ9dHh-h4K4WeHLsATP9VGeoHu5I6bVw==
<
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<TITLE>ERROR: The request could not be satisfied</TITLE>
</HEAD><BODY>
<H1>503 Service Unavailable ERROR</H1>
<H2>The request could not be satisfied.</H2>
<HR noshade size="1px">
We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner.
<BR clear="all">
If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation.
<BR clear="all">
<HR noshade size="1px">
<PRE>
Generated by cloudfront (CloudFront) HTTP3 Server
Request ID: sDPgPk4c_Refu8F3BH9hWAZuhxSIDEB2AuE9pT8Tz7btITRrNcdtpQ&#x3D;&#x3D;
</PRE>
<ADDRESS>
</ADDRESS>
* Connection #0 to host feeds.soundcloud.com left intact

Expected behaviour:

A successful feed response.

Actual behaviour:

Service Unavailable

Apologies if this isn't the right place to report this, but I couldn't find a better place. Requests from other servers on Hetzner's cloud work just fine.

$ mtr feeds.soundcloud.com
                                                      Packets               Pings
 Host                                               Loss%   Snt   Last   Avg  Best  Wrst StDev
 1. static.97.91.217.95.clients.your-server.de       0.0%   191    0.3   1.0   0.2  15.2   2.3
 2. core32.hel1.hetzner.com                          0.0%   191    0.3   0.3   0.3   0.7   0.1
 3. juniper4.dc1.hel1.hetzner.com                    0.0%   191    0.4  12.0   0.3  53.8  10.4
 4. (waiting for reply)
 5. (waiting for reply)
 6. (waiting for reply)
 7. (waiting for reply)
 8. (waiting for reply)
 9. server-108-156-22-5.hel51.r.cloudfront.net       0.0%   190    0.7   0.7   0.7   0.9   0.0
youssefhassan commented 1 month ago

Hey @Bogdanp, do you still have the same issue?

Bogdanp commented 1 month ago

Hi @youssefhassan. Yes, the problem persists:

$ curl -v https://feeds.soundcloud.com/users/soundcloud:users:627190089/sounds.rss
*   Trying 52.85.49.35:443...
* TCP_NODELAY set
* Connected to feeds.soundcloud.com (52.85.49.35) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=*.soundcloud.com
*  start date: Feb  6 12:22:15 2024 GMT
*  expire date: Mar  9 12:22:14 2025 GMT
*  subjectAltName: host "feeds.soundcloud.com" matched cert's "*.soundcloud.com"
*  issuer: C=BE; O=GlobalSign nv-sa; CN=GlobalSign GCC R3 DV TLS CA 2020
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x562f1cbb1650)
> GET /users/soundcloud:users:627190089/sounds.rss HTTP/2
> Host: feeds.soundcloud.com
> user-agent: curl/7.68.0
> accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
< HTTP/2 503
< content-length: 945
< date: Tue, 08 Oct 2024 05:25:25 GMT
< x-cache: Error from cloudfront
< via: 1.1 07c325e1e193f25e3673c49cf7dde57c.cloudfront.net (CloudFront)
< x-amz-cf-pop: HEL50-C2
< x-amz-cf-id: BE6hFc986itqD-0hSIapDzu7Mxir34nmpvlfS5D0s5wgOncyAFw-vQ==
<
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<TITLE>ERROR: The request could not be satisfied</TITLE>
</HEAD><BODY>
<H1>503 Service Unavailable ERROR</H1>
<H2>The request could not be satisfied.</H2>
<HR noshade size="1px">
We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner.
<BR clear="all">
If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation.
<BR clear="all">
<HR noshade size="1px">
<PRE>
Generated by cloudfront (CloudFront) HTTP3 Server
Request ID: 90MLkaWlZIuj8n9nGv_E-bkhG1D98pX2xO9ZBat1w1HDzaUDJQg1IA&#x3D;&#x3D;
</PRE>
<ADDRESS>
</ADDRESS>
* Connection #0 to host feeds.soundcloud.com left intact

Note that it took about 1 minute to even get the response back. For some background: this server is an ingester for podcast feeds and feeds on soundcloud are the only ones having this problem, so I don't think this is some issue with the server itself.

RealAlphabet commented 1 month ago

I'm experiencing the same issue with Hetzner, but I haven't received any response from SoundCloud.

* Connected to soundcloud.com (3.164.206.104) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /usr/lib/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=*.soundcloud.com
*  start date: Feb  6 12:22:15 2024 GMT
*  expire date: Mar  9 12:22:14 2025 GMT
*  subjectAltName: host "soundcloud.com" matched cert's "soundcloud.com"
*  issuer: C=BE; O=GlobalSign nv-sa; CN=GlobalSign GCC R3 DV TLS CA 2020
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x7fbd178cdc00)
> GET /api HTTP/2
> Host: soundcloud.com
> user-agent: curl/7.74.0
> accept: */*
> 
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
^C
➜  control git:(master) ✗ curl --interface 95.217.192.166 -v https://secure.soundcloud.com/oauth/token
*   Trying 3.164.68.30:443...
* Name '95.217.192.166' family 2 resolved to '95.217.192.166' family 2
* Local port: 0
* Connected to secure.soundcloud.com (3.164.68.30) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /usr/lib/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=*.soundcloud.com
*  start date: Feb  6 12:22:15 2024 GMT
*  expire date: Mar  9 12:22:14 2025 GMT
*  subjectAltName: host "secure.soundcloud.com" matched cert's "*.soundcloud.com"
*  issuer: C=BE; O=GlobalSign nv-sa; CN=GlobalSign GCC R3 DV TLS CA 2020
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x7fdb1becdc00)
> GET /oauth/token HTTP/2
> Host: secure.soundcloud.com
> user-agent: curl/7.74.0
> accept: */*
> 
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
(...stuck here)