How to diagnose a mediaflux-related networking problem
55 views
Skip to first unread message
Stephen Crawley
Feb 3, 2014, 7:40:39 PM2/3/14
to medi...@googlegroups.com
I'm trying to get a "test" mediaflux server running on a Vagrant instance on my laptop.
I've gone through the setup procedure (scripted via Chef) and all seems well on the Vagrant instance itself:
I have used Vagrant's forwarded port mapping facility to expose the Vagrant instance's ports 8080 and 8443 on the laptop's internal (localhost) network using the following entries in the VagrantFile
config.vm.network :forwarded_port, guest: 8080, host: 8080
config.vm.network :forwarded_port, guest: 8443, host: 8443
But when I run "wget http://localhost:8080/", I get this:
Connecting to localhost (localhost)|127.0.0.1|:8080... connected.
HTTP request sent, awaiting response... No data received.
And when I run "wget http://localhost:8443/", I get this:
Connecting to localhost (localhost)|127.0.0.1|:8443... connected.
ERROR: cannot verify localhost's certificate, issued by ‘/CN=precise32 ou=OU o=O l=L st=ST c=AU’:
Self-signed certificate encountered.
ERROR: certificate common name ‘precise32 ou=OU o=O l=L st=ST c=AU’ doesn't match requested host name ‘localhost’.
To connect to localhost insecurely, use `--no-check-certificate'.
The latter is really revealing. The certificate that "wget" is complaining about is the self-signed cert that I generated for the Mediaflux test server. It is installed on the Mediaflux server on the Vagrant instance, and nowhere else. From this, I would infer that "wget" MUST be successfully establishing TCP/IP connections to the correct ports on the Vagrant instance ... and the Mediaflux server is accepting the connections ... but the server is then closing the connections without sending any response. However, there is no trace of the dropped connections in the Mediaflux "http.1.log" file. It is as if Mediaflux is treating the request connections as bogus; e.g. a DoS attack.
Another piece of evidence is that when I accidentally used wget to make an http connection to the https port, I saw a stacktrace for:
javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
in the mediaflux-server.log file. This further supports the theory that the connections are getting to the Mediaflux server.
How do I find out what is actually going on here?
Is there a way to tweak the Mediaflux logging levels?
Is there a Mediaflux config parameter to turn off the (hypothesized) anti-DoS feature?
-- Steve
I've gone through the setup procedure (scripted via Chef) and all seems well on the Vagrant instance itself:
- I can run "aterm" on the Vagrant instance itself. I can connect and login using both HTTP and HTTPS on the ports that I've configured, using both the instances hostname and localhost.
- I can "wget" the default page from the server.
I have used Vagrant's forwarded port mapping facility to expose the Vagrant instance's ports 8080 and 8443 on the laptop's internal (localhost) network using the following entries in the VagrantFile
config.vm.network :forwarded_port, guest: 8080, host: 8080
config.vm.network :forwarded_port, guest: 8443, host: 8443
But when I run "wget http://localhost:8080/", I get this:
Connecting to localhost (localhost)|127.0.0.1|:8080... connected.
HTTP request sent, awaiting response... No data received.
And when I run "wget http://localhost:8443/", I get this:
Connecting to localhost (localhost)|127.0.0.1|:8443... connected.
ERROR: cannot verify localhost's certificate, issued by ‘/CN=precise32 ou=OU o=O l=L st=ST c=AU’:
Self-signed certificate encountered.
ERROR: certificate common name ‘precise32 ou=OU o=O l=L st=ST c=AU’ doesn't match requested host name ‘localhost’.
To connect to localhost insecurely, use `--no-check-certificate'.
The latter is really revealing. The certificate that "wget" is complaining about is the self-signed cert that I generated for the Mediaflux test server. It is installed on the Mediaflux server on the Vagrant instance, and nowhere else. From this, I would infer that "wget" MUST be successfully establishing TCP/IP connections to the correct ports on the Vagrant instance ... and the Mediaflux server is accepting the connections ... but the server is then closing the connections without sending any response. However, there is no trace of the dropped connections in the Mediaflux "http.1.log" file. It is as if Mediaflux is treating the request connections as bogus; e.g. a DoS attack.
Another piece of evidence is that when I accidentally used wget to make an http connection to the https port, I saw a stacktrace for:
javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
in the mediaflux-server.log file. This further supports the theory that the connections are getting to the Mediaflux server.
How do I find out what is actually going on here?
Is there a way to tweak the Mediaflux logging levels?
Is there a Mediaflux config parameter to turn off the (hypothesized) anti-DoS feature?
-- Steve
Stephen Crawley
Mar 26, 2014, 7:27:57 PM3/26/14
to medi...@googlegroups.com
Hi,
I'm still stuck on this. Can anyone help? Has anyone else tried to get a demo Mediaflux instance working on Vagrant vm?
-- Steve
I'm still stuck on this. Can anyone help? Has anyone else tried to get a demo Mediaflux instance working on Vagrant vm?
-- Steve
Stephen Crawley
Oct 2, 2014, 11:59:33 PM10/2/14
to medi...@googlegroups.com
I tried it all again with a more recent vagrant 'box' (trusty), and a more recent Mediaflux (4.018) and vagrant 1.4.3.
It works. I can (at least) access the Mediaflux http service on port 80 on the guest, using a browser on the host. I'm using port forwarding configured in the Vagrant file with:
-- Steve
It works. I can (at least) access the Mediaflux http service on port 80 on the guest, using a browser on the host. I'm using port forwarding configured in the Vagrant file with:
config.vm.network :forwarded_port, host: 4567, guest: 80I've no idea which of the moving parts made the difference ...
-- Steve
Reply all
Reply to author
Forward
0 new messages