ydb-platform / ydb

YDB is an open source Distributed SQL Database that combines high availability and scalability with strong consistency and ACID transactions
https://ydb.tech
Apache License 2.0
4k stars 565 forks source link

Monitoring: TLS and incomplete transfers #966

Open StekPerepolnen opened 10 months ago

StekPerepolnen commented 10 months ago

Description

If config.yaml has TLS support for monitoring

monitoring_config:
  monitoring_certificate_file: /opt/ydb/certs/web.pem

, than this page could be not upload appropriately, it would be cutted

example

 ~ % curl -sv https://man-a-001.ydb-s3.nemax.nebiuscloud.net:8765/monitoring/cluster/static/js/main.6a338807.js | wc -c
*   Trying [2a13:5947:0:101f:e42:a1ff:fe07:d316]:8765...
* Connected to man-a-001.ydb-s3.nemax.nebiuscloud.net (2a13:5947:0:101f:e42:a1ff:fe07:d316) port 8765 (#0)
* ALPN: offers h2,http/1.1
* (304) (OUT), TLS handshake, Client hello (1):
} [343 bytes data]
*  CAfile: /etc/ssl/cert.pem
*  CApath: none
* (304) (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* (304) (IN), TLS handshake, Unknown (8):
{ [6 bytes data]
* (304) (IN), TLS handshake, Certificate (11):
{ [3578 bytes data]
* (304) (IN), TLS handshake, CERT verify (15):
{ [264 bytes data]
* (304) (IN), TLS handshake, Finished (20):
{ [36 bytes data]
* (304) (OUT), TLS handshake, Finished (20):
} [36 bytes data]
* SSL connection using TLSv1.3 / AEAD-CHACHA20-POLY1305-SHA256
* ALPN: server did not agree on a protocol. Uses default.
* Server certificate:
*  subject: C=FI; O=Nebius; OU=Nebius Nemax; CN=*.ydb-s3.nemax.nebiuscloud.net
*  start date: Jan  4 14:01:37 2024 GMT
*  expire date: Dec 26 10:00:00 2024 GMT
*  subjectAltName: host "man-a-001.ydb-s3.nemax.nebiuscloud.net" matched cert's "*.ydb-s3.nemax.nebiuscloud.net"
*  issuer: DC=cloud; DC=nebius; DC=nemax; C=FI; O=Nebius Nemax; OU=Nebius Nemax Internal Intermediate CA; CN=NemaxInternalIntermediateCA
*  SSL certificate verify ok.
* using HTTP/1.x
> GET /monitoring/cluster/static/js/main.6a338807.js HTTP/1.1
> Host: man-a-001.ydb-s3.nemax.nebiuscloud.net:8765
> User-Agent: curl/8.1.2
> Accept: */*
>
< HTTP/1.1 200 Ok
< Content-Type: application/javascript
< X-Worker-Name: man-a-001.ydb-s3.nemax.nebiuscloud.net:8765
< Content-Length: 5103608
<
{ [16242 bytes data]
* transfer closed with 5038214 bytes remaining to read
* Closing connection 0
   65394

example of good full reply:

 ~ % curl -sv https://man-a-001.ydb-s3.nemax.nebiuscloud.net:8765/monitoring/cluster/static/js/main.6a338807.js | wc -c
*   Trying [2a13:5947:0:101f:e42:a1ff:fe07:d316]:8765...
* Connected to man-a-001.ydb-s3.nemax.nebiuscloud.net (2a13:5947:0:101f:e42:a1ff:fe07:d316) port 8765 (#0)
* ALPN: offers h2,http/1.1
* (304) (OUT), TLS handshake, Client hello (1):
} [343 bytes data]
*  CAfile: /etc/ssl/cert.pem
*  CApath: none
* (304) (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* (304) (IN), TLS handshake, Unknown (8):
{ [6 bytes data]
* (304) (IN), TLS handshake, Certificate (11):
{ [3578 bytes data]
* (304) (IN), TLS handshake, CERT verify (15):
{ [264 bytes data]
* (304) (IN), TLS handshake, Finished (20):
{ [36 bytes data]
* (304) (OUT), TLS handshake, Finished (20):
} [36 bytes data]
* SSL connection using TLSv1.3 / AEAD-CHACHA20-POLY1305-SHA256
* ALPN: server did not agree on a protocol. Uses default.
* Server certificate:
*  subject: C=FI; O=Nebius; OU=Nebius Nemax; CN=*.ydb-s3.nemax.nebiuscloud.net
*  start date: Jan  4 14:01:37 2024 GMT
*  expire date: Dec 26 10:00:00 2024 GMT
*  subjectAltName: host "man-a-001.ydb-s3.nemax.nebiuscloud.net" matched cert's "*.ydb-s3.nemax.nebiuscloud.net"
*  issuer: DC=cloud; DC=nebius; DC=nemax; C=FI; O=Nebius Nemax; OU=Nebius Nemax Internal Intermediate CA; CN=NemaxInternalIntermediateCA
*  SSL certificate verify ok.
* using HTTP/1.x
> GET /monitoring/cluster/static/js/main.6a338807.js HTTP/1.1
> Host: man-a-001.ydb-s3.nemax.nebiuscloud.net:8765
> User-Agent: curl/8.1.2
> Accept: */*
>
< HTTP/1.1 200 Ok
< Content-Type: application/javascript
< X-Worker-Name: man-a-001.ydb-s3.nemax.nebiuscloud.net:8765
< Content-Length: 5103608
<
{ [16242 bytes data]
* Connection #0 to host man-a-001.ydb-s3.nemax.nebiuscloud.net left intact
 5103608
StekPerepolnen commented 9 months ago

https://github.com/ydb-platform/ydb/pull/1024