trafficserver icon indicating copy to clipboard operation
trafficserver copied to clipboard

Published 20 hours ago verified publisher icon apache

More detailed 5xx errors

Open mlibbey opened this issue 7 years ago • 10 comments

Cloudflare has made some very useful 5xx errors for troubleshooting. From wikipedia:

  • 520 Unknown Error: The 520 error is used as a "catch-all response for when the origin server returns something unexpected", listing connection resets, large headers, and empty or invalid responses as common triggers.
  • 521 Web Server Is Down: The origin server has refused the connection from Cloudflare.
  • 522 Connection Timed Out: Cloudflare could not negotiate a TCP handshake with the origin server.
  • 523 Origin Is Unreachable: Cloudflare could not reach the origin server; for example, if the DNS records for the origin server are incorrect.
  • 524 A Timeout Occurred:Cloudflare was able to complete a TCP connection to the origin server, but did not receive a timely HTTP response.
  • 525 SSL Handshake Failed: Cloudflare could not negotiate a SSL/TLS handshake with the origin server.
  • 526 Invalid SSL Certificate: Cloudflare could not validate the SSL/TLS certificate that the origin server presented.

mlibbey avatar Mar 15 '17 16:03 mlibbey

Would also be nice to have codes for:

  • DNS failures.
  • Other SSL errors (post-handshake)

mlibbey avatar May 22 '17 21:05 mlibbey

Probably, a possible approach to achieve the same thing will be that ATS core provides detail information to plugins (e.g. header_rewrite) so that they can modify status code as they like. I think we shouldn't have the unofficial status codes in ATS Core.

I'm going to start working on this but please create another issue if you need some standard specific status code. It could be done on ATS Core side while working on this.

List of HTTP status codes: https://en.wikipedia.org/wiki/List_of_HTTP_status_codes

IANA official registry: https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml

maskit avatar May 25 '17 17:05 maskit

It seems we already have an API for getting some of the information.

TSHttpTxnServerStateGet() returns one of these server state, it's undocumented though. https://docs.trafficserver.apache.org/ja/latest/developer-guide/api/types/TSServerState.en.html

As for DNS and SSL, we need to introduce new APIs.

However, I'm not sure how much detail will be needed in general. Probably, the APIs should be proposed with some practical plugin.

maskit avatar Jun 01 '17 09:06 maskit

Yeh, that seems like a good idea (header_rewrite).

zwoop avatar Jun 01 '17 16:06 zwoop

still hard to troubleshoot 502s. (users mailing list just had an example)

mlibbey avatar Dec 04 '17 20:12 mlibbey

"The Proxy-Status HTTP Header Field" might be what we're looking for. (It's just proposed)

https://tools.ietf.org/html/draft-nottingham-proxy-status-00

masaori335 avatar Feb 20 '19 23:02 masaori335

Looks promising!

mlibbey avatar Feb 21 '19 17:02 mlibbey

@mlibbey Can you please assign this to someone on your team if you are going to work on it?

bryancall avatar May 22 '19 16:05 bryancall

This issue has been automatically marked as stale because it has not had recent activity. Marking it stale to flag it for further consideration by the community.

github-actions[bot] avatar Mar 16 '22 02:03 github-actions[bot]

Proxy-Status header, which Masaori suggested above, is now RFC. https://www.rfc-editor.org/rfc/rfc9209

maskit avatar Jun 08 '22 23:06 maskit