Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Disable protocol upgrades for the HTTP client by default. #6194

Open
wants to merge 1 commit into
base: dev-2.x
Choose a base branch
from
Open

Disable protocol upgrades for the HTTP client by default. #6194

wants to merge 1 commit into from

Conversation

jtorin
Copy link
Contributor

@jtorin jtorin commented Oct 24, 2024

Summary

This avoids problems where a connection could be blocked by an intermediate proxy that disallows protocol upgrades.

Issue

In OTP PR #6079 the Apache HTTP client was upgraded 5.4. They in turn enabled protocol upgrades by default in HTTPCLIENT-751. This means that the client/server will try upgrading a plain HTTP connection to a TLS one (among other upgrades).

Unfortunately this causes problems in our deployment as we run an Envoy proxy server on top of our instances (specifically our SIRI updaters can't connect to the history service). Envoy currently doesn't support protocol upgrades by default and will answer the request with 403.

For the curious, Envoy have issues open on the subject: Envoy #36305, Envoy #36469

There is also a slightly heated Apache HTTP client bug ticket HTTPCLIENT-2344 - which is closed as 'invalid', and which indicates that the current behavior wont change.

This subject was discussed and agreed in a dev meeting that it's better to disable protocol upgrades by default for all clients.
If wanted, it could be enabled on an individual case by adding a configuration API on the OTP HTTP client.

Testing

Tested in a runtime environment.

@jtorin
Disable protocol upgrades for the HTTP client by default.
2e0a034 
This avoids problems where a connection could be blocked by an intermediate proxy that disallows upgrades.
If wanted, it could be enabled on an individual case with a configuration API on the OTP HTTP client
@jtorin jtorin requested a review from a team as a code owner October 24, 2024 14:14
@jtorin jtorin added the Skanetrafiken On skanetrafikens roadmap label Oct 24, 2024
@codecov Codecov
Copy link

codecov bot commented Oct 24, 2024

Codecov Report

Attention: Patch coverage is 50.00000% with 1 line in your changes missing coverage. Please review.

Project coverage is 69.90%. Comparing base (cee960f) to head (2e0a034).

Files with missing lines Patch % Lines
...rg/opentripplanner/framework/io/OtpHttpClient.java 0.00% 1 Missing ⚠️
Additional details and impacted files 
@@              Coverage Diff              @@
##             dev-2.x    #6194      +/-   ##
=============================================
- Coverage      69.90%   69.90%   -0.01%     
+ Complexity     17723    17720       -3     
=============================================
  Files           1998     1998              
  Lines          75443    75445       +2     
  Branches        7718     7718              
=============================================
- Hits           52740    52739       -1     
- Misses         20025    20026       +1     
- Partials        2678     2680       +2

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@habrahamsson-skanetrafiken habrahamsson-skanetrafiken Awaiting requested review from habrahamsson-skanetrafiken

@vpaturet vpaturet Awaiting requested review from vpaturet

At least 2 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
Skanetrafiken On skanetrafikens roadmap
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@jtorin