search

unbit / uwsgi

uWSGI application server container
http://projects.unbit.it/uwsgi
Other
3.46k stars 691 forks source link

Handle HTTP requests on HTTPS port #1946

Open con-f-use opened 5 years ago

con-f-use commented 5 years ago

Currently, uwsgi gives a Connection reset by peer response, when you try to make a HTTP-request on an HTTPS port:

$ uwsgi --plugin http,python --master --https :8443,foobar.crt,foobar.key --module werkzeug.testapp:test_app
$ curl -vvv -f 'http://localhost:8443/'
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 8443 (#0)
> GET / HTTP/1.1
> Host: localhost:8443
> User-Agent: curl/7.58.0
> Accept: */*
> 
* Recv failure: Connection reset by peer
* stopped the pause stream!
* Closing connection 0
curl: (56) Recv failure: Connection reset by peer

That is true even when re-rourting:

$ uwsgi --plugin http,python,router_redirect --master --https :8443,foobar.crt,foobar.key --route-if-not 'equal:${HTTPS};on break:497 HTTP on HTTPS port' --module werkzeug.testapp:test_app
$ curl -vvv -f 'http://localhost:8443/'
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 8443 (#0)
> GET / HTTP/1.1
> Host: localhost:8443
> User-Agent: curl/7.58.0
> Accept: */*
> 
* Recv failure: Connection reset by peer
* stopped the pause stream!
* Closing connection 0
curl: (56) Recv failure: Connection reset by peer

This should be handled more gracefully.

tunecrew commented 5 years ago

I am seeing a similar or the same issue - log full of messages like this:

[uwsgi-http key: client_addr: 10.0.0.14 client_port: 4797] hr_ssl_read(): Connection reset by peer [plugins/http/https.c line 393]

with various ephemeral ports for the client_port value

In my case the client_addr is an AWS Network Load Balancer - so I am assuming it is connecting on various ephemeral ports using HTTP to my uwsgi instance, which is configured only for HTTPS as follows:

buffer-size = 32768
chdir = /project/src
disable-logging = 0
enable-threads = 1
gid = www-data
https = =0,/project/ssl/fullchain.pem,/project/ssl/privkey.pem,HIGH
master = 1
module = remetrik.wsgi
pcre-jit = 1
post-buffering = 1
post-buffering-bufsize = 32768
processes = 1
shared-socket = 0.0.0.0:443
ssl-verbose = 1
stats = :1717
stats-http = 1
strict = 1
threads = 1
thunder-lock = 1
uid = www-data

Environment is latest django+uwsgi (no nginx) running in an alpine docker container on AWS Fargate/ECS.

I'm unsure yet whether this is causing a problem or not beyond the log messages (currently debugging other problems).

Bob-CN commented 2 years ago

Hi @tunecrew have you solved this problem? I am seeing the same issue [uwsgi-http key: client_addr: 192.241.207.93 client_port: 5813] hr_ssl_read(): Connection reset by peer [plugins/http/https.c line 393] And i am using Azure k8s to deploy my web application, here is my uwsgi(no nginx) configuration:

[uwsgi]
master = true

https = 0.0.0.0:5001,/root/certs/tls.crt,/root/certs/tls.key,HIGH
module = https_manage:app

pidfile = /app/uwsgi.pid
processes = 4
threads = 2

vacuum = true

http-timeout = 300
tunecrew commented 2 years ago

Hi @Bob-CN we ended up moving to Daphne so we could use asgi, so no.

Bob-CN commented 2 years ago

@tunecrew Got it, thanks!