[GitHub] [pulsar] fantapsody opened a new issue #7278: Proxy fails to handle requests when servicePort is disabled

Mon, 15 Jun 2020 03:19:15 -0700 


fantapsody opened a new issue #7278:
URL: https://github.com/apache/pulsar/issues/7278


   **Describe the bug**
   We enabled TLS on the proxy, so we tried to disable the plaintext 
connections by setting `servicePort=''`. However, the proxy cannot handle 
binary TLS requests then and reported errors like:
   
   > 08:57:21.401 [pulsar-proxy-io-2-1] WARN  
org.apache.pulsar.proxy.server.ProxyConnection - [/10.0.16.4:50200] Unable to 
authenticate:
   > 
org.apache.pulsar.client.api.PulsarClientException$InvalidConfigurationException:
 Invalid client configuration
   >         at 
org.apache.pulsar.client.impl.PulsarClientImpl.<init>(PulsarClientImpl.java:133)
 ~[org.apache.pulsar-pulsar-client-original-2.6.0-d6709ae98.jar:2.6.0-d6709ae98]
   >         at 
org.apache.pulsar.proxy.server.ProxyConnection.handleConnect(ProxyConnection.java:295)
 [org.apache.pulsar-pulsar-proxy-2.6.0-d6709ae98.jar:2.6.0-d6709ae98]
   >         at 
org.apache.pulsar.common.protocol.PulsarDecoder.channelRead(PulsarDecoder.java:160)
 [org.apache.pulsar-pulsar-common-2.6.0-d6709ae98.jar:2.6.0-d6709ae98]
   >         at 
org.apache.pulsar.proxy.server.ProxyConnection.channelRead(ProxyConnection.java:177)
 [org.apache.pulsar-pulsar-proxy-2.6.0-d6709ae98.jar:2.6.0-d6709ae98]
   >         at 
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:377)
 [io.netty-netty-transport-4.1.45.Final.jar:4.1.45.Final]
   >         at 
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:363)
 [io.netty-netty-transport-4.1.45.Final.jar:4.1.45.Final]
   >         at 
io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:355)
 [io.netty-netty-transport-4.1.45.Final.jar:4.1.45.Final]
   >         at 
io.netty.handler.codec.ByteToMessageDecoder.fireChannelRead(ByteToMessageDecoder.java:321)
 [io.netty-netty-codec-4.1.45.Final.jar:4.1.45.Final]
   >         at 
io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:295)
 [io.netty-netty-codec-4.1.45.Final.jar:4.1.45.Final]
   >         at 
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:377)
 [io.netty-netty-transport-4.1.45.Final.jar:4.1.45.Final]
   >         at 
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:363)
 [io.netty-netty-transport-4.1.45.Final.jar:4.1.45.Final]
   >         at 
io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:355)
 [io.netty-netty-transport-4.1.45.Final.jar:4.1.45.Final]
   >         at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1470) 
[io.netty-netty-handler-4.1.45.Final.jar:4.1.45.Final]
   >         at 
io.netty.handler.ssl.SslHandler.decodeNonJdkCompatible(SslHandler.java:1231) 
[io.netty-netty-handler-4.1.45.Final.jar:4.1.45.Final]
   >         at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1268) 
[io.netty-netty-handler-4.1.45.Final.jar:4.1.45.Final]
   >         at 
io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:498)
 [io.netty-netty-codec-4.1.45.Final.jar:4.1.45.Final]
   >         at 
io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:437)
 [io.netty-netty-codec-4.1.45.Final.jar:4.1.45.Final]
   >         at 
io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:276)
 [io.netty-netty-codec-4.1.45.Final.jar:4.1.45.Final]
   >         at 
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:377)
 [io.netty-netty-transport-4.1.45.Final.jar:4.1.45.Final]
   >         at 
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:363)
 [io.netty-netty-transport-4.1.45.Final.jar:4.1.45.Final]
   >         at 
io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:355)
 [io.netty-netty-transport-4.1.45.Final.jar:4.1.45.Final]
   >         at 
io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410)
 [io.netty-netty-transport-4.1.45.Final.jar:4.1.45.Final]
   >         at 
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:377)
 [io.netty-netty-transport-4.1.45.Final.jar:4.1.45.Final]
   >         at 
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:363)
 [io.netty-netty-transport-4.1.45.Final.jar:4.1.45.Final]
   >         at 
io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919)
 [io.netty-netty-transport-4.1.45.Final.jar:4.1.45.Final]
   >         at 
io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:792)
 [io.netty-netty-transport-native-epoll-4.1.45.Final.jar:4.1.45.Final]
   >         at 
io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:475) 
[io.netty-netty-transport-native-epoll-4.1.45.Final.jar:4.1.45.Final]
   >         at 
io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:378) 
[io.netty-netty-transport-native-epoll-4.1.45.Final.jar:4.1.45.Final]
   >         at 
io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989)
 [io.netty-netty-common-4.1.45.Final.jar:4.1.45.Final]
   >         at 
io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) 
[io.netty-netty-common-4.1.45.Final.jar:4.1.45.Final]
   >         at 
io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
 [io.netty-netty-common-4.1.45.Final.jar:4.1.45.Final]
   >         at java.lang.Thread.run(Thread.java:748) [?:1.8.0_242]
   
   The proxy was back to normal after I removed the config `servicePort=''`.
   
   **To Reproduce**
   Steps to reproduce the behavior:
   1. enable TLS in proxy configs
   2. set `servicePort=''` in proxy configs
   3. start the proxy, and use pulsar command line tools to produce message to 
the cluster.
   4. see errors in both client and proxy logs.
   
   **Expected behavior**
   
   The proxy should work with only TLS ports enabled.
   
   **Screenshots**
   If applicable, add screenshots to help explain your problem.
   
   **Desktop (please complete the following information):**
    - OS: [e.g. iOS]
   
   **Additional context**
   Add any other context about the problem here.
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to