apisix icon indicating copy to clipboard operation
apisix copied to clipboard

Published 20 hours ago verified publisher icon apache

bug: When using HTTPS with APISIX, it do not support chunked transfer.

Open linzhanglong opened this issue 1 year ago • 8 comments

Current Behavior

If using HTTP, it works normally.

Expected Behavior

using HTTPS, it can works normally

Error Logs

no error

Steps to Reproduce

Request header:

Host: 10.103.250.244:4430
User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:101.0) Gecko/20100101 Firefox/101.0
Accept: multipart/mixed;deferSpec=20220824,application/json
Accept-Language: zh_CN
Accept-Encoding: gzip, deflate, br
Referer: https://10.103.250.244:4430/
content-type: application/json
Origin: https://10.103.250.244:4430
Content-Length: 1599
Connection: keep-alive
Cookie: UEDC_LOGIN_LANGUAGE=zh_CN; language=zh_CN; SF_SID=20240104215038-f624ceaa919d93719dbfa6e34797b1bd; CSRFPreventionToken=e7c30bf45329720d486249f3c8d050fb; aCMPAuthToken=9a81c25f557b66129d3f4a3c7188092c; login=local; jump_back=; recent_uid=8bb5c4a1396840368a813753d61d46e2
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

request payload:

{"operationName":"GetOverview","variables":{},"query":"query GetOverview {\n  index {\n    stat {\n      containerApps {\n        ingresses\n        namespaces\n        persistentVolumeClaims\n        pods {\n          failed\n          pending\n          running\n          succeeded\n          unknown\n          total\n        }\n        services\n        workloads {\n          creating\n          running\n          total\n        }\n      }\n      containerPlatform {\n        clusters {\n          deleting\n          deployFailed\n          failed\n          pending\n          running\n          total\n        }\n        nodes {\n          deleteFailed\n          deleting\n          deployFailed\n          failed\n          pending\n          running\n          total\n        }\n        persistentVolumes\n        storageClasses\n      }\n      infrastructure {\n        hciResourcePools\n        physicalHosts {\n          offline\n          online\n          total\n        }\n      }\n    }\n    ... @defer {\n      monitorTopN {\n        cpu {\n          clusterAlias\n          clusterId\n          clusterName\n          usage {\n            usagePercentage\n            used\n          }\n        }\n        memory {\n          clusterAlias\n          clusterId\n          clusterName\n          usage {\n            usagePercentage\n            used\n          }\n        }\n        storage {\n          clusterAlias\n          clusterId\n          clusterName\n          usage {\n            usagePercentage\n            used\n          }\n        }\n      }\n    }\n  }\n}\n"}

Environment

  • APISIX version (run apisix version): 3.4.2
  • Operating system (run uname -a): Linux master-01 4.18.0-372.19.1.49.po1.x86_64 #1 SMP Tue Apr 18 02:53:31 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
  • OpenResty / Nginx version (run openresty -V or nginx -V):
  • etcd version, if relevant (run curl http://127.0.0.1:9090/v1/server_info):
  • APISIX Dashboard version, if relevant:
  • Plugin runner version, for issues related to plugin runners:
  • LuaRocks version, for installation issues (run luarocks --version):

linzhanglong avatar Jan 05 '24 08:01 linzhanglong

please provide detailed steps to reproduce. I just gave it a try and it works:

  • create following route:
curl "http://127.0.0.1:9180/apisix/admin/routes/1" -X PUT \
  -H "X-API-KEY: ${ADMIN_API_KEY}" \
  -d '{
    "uri": "/post",
    "upstream": {
      "type": "roundrobin",
      "nodes": {
        "httpbin.org:443": 1
      },
      "scheme": "https"
    }
  }'
  • send a request with Transfer-Encoding: chunked header:
curl "http://127.0.0.1:9080/post" -X POST -vvv \
  -H "transfer-encoding: chunked" \
  -d "asdfgwuierhw9rghad98ghqwe98gqhwre9g8h9hd9vqhwe98ghqwe98ghwg" \
  -i
Note: Unnecessary use of -X or --request, POST is already inferred.
*   Trying 127.0.0.1:9080...
* Connected to 127.0.0.1 (127.0.0.1) port 9080
> POST /post HTTP/1.1
> Host: 127.0.0.1:9080
> User-Agent: curl/8.4.0
> Accept: */*
> transfer-encoding: chunked
> Content-Type: application/x-www-form-urlencoded
>
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< Content-Type: application/json
Content-Type: application/json
< Content-Length: 523
Content-Length: 523
< Connection: keep-alive
Connection: keep-alive
< Date: Fri, 05 Jan 2024 10:05:00 GMT
Date: Fri, 05 Jan 2024 10:05:00 GMT
< Access-Control-Allow-Origin: *
Access-Control-Allow-Origin: *
< Access-Control-Allow-Credentials: true
Access-Control-Allow-Credentials: true
< Server: APISIX/3.7.0
Server: APISIX/3.7.0

<
{
  "args": {},
  "data": "",
  "files": {},
  "form": {
    "asdfgwuierhw9rghad98ghqwe98gqhwre9g8h9hd9vqhwe98ghqwe98ghwg": ""
  },
  "headers": {
    "Accept": "*/*",
    "Content-Length": "59",
    "Content-Type": "application/x-www-form-urlencoded",
    "Host": "127.0.0.1",
    "User-Agent": "curl/8.4.0",
    "X-Amzn-Trace-Id": "Root=1-6597d44c-569a751f418e33f73f5d3ec1",
    "X-Forwarded-Host": "127.0.0.1"
  },
  "json": null,
  "origin": "127.0.0.1, 163.47.148.18",
  "url": "https://127.0.0.1/post"
}
* Connection #0 to host 127.0.0.1 left intact

shreemaan-abhishek avatar Jan 05 '24 10:01 shreemaan-abhishek

Hi @shreemaan-abhishek , i think @linzhanglong excepts https://127.0.0.1:9443/post chunked transfer works normal

hanqingwu avatar Jan 05 '24 11:01 hanqingwu

Yes, chunked transfer works normally with HTTP, but not with HTTPS. When testing the request through Postman tool, under the HTTPS, the request remains at the "Transfer Start" phase until the transfer is complete. However, under HTTP, the "Transfer Start" phase finishes quickly, and most of the time is spent in the "Download" phase.

linzhanglong avatar Jan 05 '24 14:01 linzhanglong

Hello, The proxy_buffering off; can solve the issue, but why doesn't HTTP have this problem (maybe transfer size diff)? and can it apply only a route by plugin? @shreemaan-abhishek

linzhanglong avatar Jan 05 '24 15:01 linzhanglong

@linzhanglong @hanqingwu @shreemaan-abhishek I want to work on this issue I have tried checking based on above details. Correct me If I am wrong

Request

curl "http://127.0.0.1:9080/post" -X POST -vvv
-H "transfer-encoding: chunked"
-d "asdfgwuierhw9rghad98ghqwe98gqhwre9g8h9hd9vqhwe98ghqwe98ghwg"
-i

Response

{ "args": {}, "data": "", "files": {}, "form": { "asdfgwuierhw9rghad98ghqwe98gqhwre9g8h9hd9vqhwe98ghqwe98ghwg": "" }, "headers": { "Accept": "/", "Content-Length": "59", "Content-Type": "application/x-www-form-urlencoded", "Host": "127.0.0.1", "User-Agent": "curl/7.84.0", "X-Amzn-Trace-Id": "Root=1-659a76fd-6b45a62f3a0678c265b0a3d5", "X-Forwarded-Host": "127.0.0.1" }, "json": null, "origin": "172.20.0.1, 49.205.40.78", "url": "https://127.0.0.1/post" }

USING HTTP

Request

curl "https://127.0.0.1:9080/post" -X POST -vvv -H "transfer-encoding: chunked" -d "asdfgwuierhw9rghad98ghqwe98gqhwre9g8h9hd9vqhwe98ghqwe98ghwg" -i

Response

error:1408F10B:SSL routines:ssl3_get_record:wrong version number

Abhijeetmishr avatar Jan 07 '24 10:01 Abhijeetmishr

Are you sending https(https://127.0.0.1:9080/post) request on http port(http://127.0.0.1:9080/post) ? @Abhijeetmishr

SilentEntity avatar Jan 07 '24 17:01 SilentEntity

Are you sending https(https://127.0.0.1:9080/post) request on http port(http://127.0.0.1:9080/post) ? @Abhijeetmishr

I think so not sure, okay got it that is why it is giving SSL certificate error both http and https runs on diff ports

Abhijeetmishr avatar Jan 07 '24 18:01 Abhijeetmishr

@linzhanglong can you confirm if you have http2 enabled in your apisix config? https://github.com/shreemaan-abhishek/apisix/blob/3a48d17889cf1283e63a6e2b44ed33ab07dc4588/conf/config-default.yaml#L99

shreemaan-abhishek avatar Jan 24 '24 13:01 shreemaan-abhishek