I have a webpage that connects to AWS IoT using MQTT through a websocket with an unregistered AWS Cognito identity.
When i go to this page with a web browser (I have tested chrome,firefox,safari and mobile versions) it all works and I am connected.
I want to test the page using puppeteer through docker so i can deploy lots of machines to stress test the page.
When i use puppeteer from my local machine - it works. However, when i try to use puppeteer from inside a docker instance it doesn't.
I am using alekzonder/puppeteer:latest and a simple script that just goes to the page and waits 10 seconds. The page itself loads but the websocket connection fails:
failed: Error during WebSocket handshake: Unexpected response code: 403
Is there something i need to add to the docker image to allow websockets? or does this have something to do with the cognito identity created from a docker instance?
Related
I am trying to programmatically create a key pair with the AWS JS sdk. I am working within a docker container on an EC2 server. My aws credentials are correct as well as the region. After creating the client, I send keypair request with await client.send(command) with the client being the Ec2Client created the credentials, and the command being created by the CreateKeyPairCommand- after which i receive the following error Error [TimeoutError]: Socket timed out without establishing a connection within 1100 ms at Timeout._onTimeout (/usr/src/app/node_modules/#aws-sdk/node-http-handler/dist-cjs/set-connection-timeout.js:12:38) at listOnTimeout (node:internal/timers:564:17) at process.processTimers (node:internal/timers:507:7) { '$metadata': { attempts: 5, totalRetryDelay: 1029 } }
My hunch is that it is an issue with the ports and the way the sdk communicates with aws. Upon further research, I've come to see that aws communicates over ports 443 for HTTPS and 80 for HTTP, which are both exposed for my docker application both in the containers as well as the associated security group. I can ssh into the client and connect with the container, and run requests from postman through the container otherwise. It is only when the aws sdk tries to send a request that this networking error presents itself. If you have any ideas, let me know!
I'm trying to deploy the asp.net website in cloud run but am stuck with this error - "The request failed because either the HTTP response was malformed or connection to the instance had an error. (Service Unavailable 503)"
This is https & http docker files. one of many such services.
for http-5176 -- http URL of cloud run is not registered in the azureAD app - I'm getting can't redirect error when I access the cloud run URL which is expected that is fine.
but for https-7176 -- https URL of cloud run which is registered in azureAD is immediately throwing Service Unavailable 503, not sure whether it is redirected to auth or not.
Thing is, when I try these two container images locally in docker desktop it is working fine - https://localhost:PORT redirects to authentication page and website is loaded as expected with some other api call errors. But when I deploy the same in cloud run -- Service Unavailable 503
Cloud run config
2 CPU limit
512MB Memory limit
1 Concurrency
500sec request timeout
Tried some troubleshooting
Concurrency is at low
No VPC access connector is used for now.
No errors on memory exceeding in logs
Expecting - to authenticate and load webpage knowing that there are few api error in that to work on later.
Do you have any idea what could be causing this? And how to reslove this?
Thanks for your answers in advance.
As cloud run redirects HTTP requests to HTTPS. after a long trial and error, with my application team. In the code, they added a redirection from HTTP to HTTPS and I'm running my cloud-run service in the HTTP port. Now it is working fine.
Backstory(but possibly can be skipped): The other day, I finished connecting to MySQL full SSL from a Cloud Run service without really doing any SSL cert stuff which was great!!! Just click 'only allow SSL' in GCP and click 'generate server certs', allow my Cloud Run service to have access to database instance, swap out tcp socket factory with google's factory and set some props and it worked which was great!
PROBLEM:
NOW, I am trying to figure out the secure Google Cloud Run service to Cloud Run service security and reading
https://cloud.google.com/run/docs/authenticating/service-to-service
which has us requesting a token over HTTP??? Why is this not over HTTPS? Is communication from my Docker container to the token service actually encrypted?
Can I communicate HTTP to HTTP between two Cloud Run services and it will be encrypted?
thanks,
Dean
From https://cloud.google.com/compute/docs/storing-retrieving-metadata#is_metadata_information_secure:
When you make a request to get information from the metadata server, your request and the subsequent metadata response never leave the physical host that is running the virtual machine instance.
The traffic from your container to the metadata server at http://metadata/ stays entirely within your project and thus SSL is not required, there is no opportunity for it to be intercepted.
So I am working on a mailing API for my website. The scenario is as follows:
Customer connects to endpoint.
API endpoint handles request and sends email using mailing service (which is based on aws sdk).
API returns Ok/BadRequest based on result.
When I am doing this with my API running on localhost everything works fine and I am receiving email on my mailbox as expected. But when I run my API service on Amazon EC2 instance I am getting this:
Response status code does not indicate success: 404 (Not Found)
I double checked that I have .aws/credentials file both on my localhost machine and EC2 instance (ubuntu 16.10). I can reach my API service running on EC2 instance just fine, because I get the BadRequest response. The problem is when mailing service tries to send an email using amazon SES. I believe it's not the code itself because it runs fine on localhost. Any ideas?
In case someone else has the same problem, changing to port 587 solved the problem.
Ec2 has a very strict throttle on port 25 by default. You can get whitelisted on an IP-by-IP basis by filling out a formal request, but if you're sending to SES, our recommendation is to use port 587 or 2587.
For more on the EC2 throttle on port 25:
https://aws.amazon.com/premiumsupport/knowledge-center/ec2-port-25-throttle/
And for more about SES's available SMTP ports:
https://docs.aws.amazon.com/ses/latest/DeveloperGuide/smtp-connect.html
I am new to aws and have very little networking knowledge.
I have set up an EC2 instance and installed sucessfully
MongoDB
my nodejs app server and
my angular web app on the same instance
I tried to access my web server from a browser using
https://ec2-54-255-239-55.ap-southeast-1.compute.amazonaws.com:3443/
and
ec2-54-255-239-55.ap-southeast-1.compute.amazonaws.com:3443/
but have not been successful so far. The error message :
This site can’t be reached
ec2-54-255-239-55.ap-southeast-1.compute.amazonaws.com refused to connect.
I need help