Re: Connection refused - subdomain problem suspected

[Richard Elen via curl-library]

Hi Christopher and thanks for the comments from you and other respondents.

To answer your question:

 * A PHP script on the "admin" server can successfully make a Curl
   connection to all other hosts we've tried.
 * In addition, a PHP script on ANY OTHER machine we've tried can
   successfully make a Curl connection with the "streams" host.

It's solely that we can't get a script on "admin" to make a successful 
Curl connection with "streams".


My suspicion at this point is that we have a DNS issue, though I don't 
know what it might be. The domain is hosted by a third party and on 
their system we have A records for both "streams" and "admin" - but 
that's all. "streams" has been running successfully for two years 
without any evident DNS issues.


The "admin" host is a cPanel system from our hosting provider - with the 
limitations on access that implies. The "streams" host is a dedicated 
Linux server.


I am wondering what would happen if I deleted the A record for the 
"admin" machine and simply used its default hostname as given by our 
service provider. It's not going to be a publicly-accessed machine anyway.


Doing a few searches I see that it is apparently not unknown to get curl 
connection failures on two hosts within the same domain, but there 
doesn't seem to be a consistent cause. Can anyone shed any light on this?


Thanks!

--Richard E

On 05-Sep-19 18:18, Christopher Head wrote:

A quick idea for debugging: can a PHP script on the same server make a Curl 
connection to some other target? If yes, suspect firewall or DNS issues. If no, 
but a command line curl invocation works, then I would suspect a PHP issue on 
that particular install. Not sure if safe mode or something similar still 
exists in PHP; if so, perhaps that is denying outbound connections?
---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Re: Connection refused - subdomain problem suspected

[Petr Pisar via curl-library]

On Wed, Sep 04, 2019 at 11:45:04PM +0100, Richard G Elen via curl-library wrote:
> We use curl from PHP to pull in "now playing" metadata from our 
> streaming server's "streaminfo" URL.
> 
> During development, our developer used his own server to build the 
> system and all was well.
> 
> Now he has moved it over to a server we have commissioned from our 
> hosting company specifically for the purpose, this call no longer works, 
> and neither we (nor our hosting provider) can work out why. We would 
> appreciate some suggestions.
> 
> Our new database server has the hostname admin.ourstation.org ; our 
> streaming server we can call streams.ourstation.org (domain anonymized).
> 
> We're trying to pull in the data from 
> https://streams.ourstation.org:2199/rpc/ourstation/streaminfo.get. It 
> constantly returns "Failed to connect to streams.ourstation.org port 
> 2199: Connection refused" - but only when accessed from our 
> admin.ourstation.org host. All other machines we can test from return 
> the data flawlessly.
> 
> We cannot access the command line on the new server ourselves, but our 
> hosting provider tells us that if they run it as a curl command it works 
> fine.

My recommendation is to get another hosting provider. Either one who knows how
to debug networks and local processes, or one who gives you a shell access so 
that
you can debug it yourself. Asking for a help with debugging a blackbox on
a random mail list is the worst thing you can do.

> TEST CODE
> 
>  header("Content-type: application/json; charset=utf-8");
> 
So you are openning a TCP connection from a webserver process? That suggests
a lot. E.g. the operating system asserts a security policy that prevent from
that and as a result your program obtains ENOPERM or a similar error on the
connect() call. If it is a RHEL-based system, it will be caused by the default
SELinux policy.

-- Petr


signature.asc
Description: PGP signature
---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Re: Connection refused - subdomain problem suspected

[m brandenberg via curl-library]

On Wed, 4 Sep 2019, Richard G Elen via curl-library wrote:

We're trying to pull in the data from 
https://streams.ourstation.org:2199/rpc/ourstation/streaminfo.get. It 
constantly returns "Failed to connect to streams.ourstation.org port 2199: 
Connection refused" - but only when accessed from our admin.ourstation.org 
host. All other machines we can test from return the data flawlessly.


There isn't a lot of information here and what there is raises
questions.  For example, the error message here doesn't match the PHP
code supplied.

But "Connection refused" is generally a socket error due to handshake
failure in TCP setup.  This would be caused by firewalls, bad dns
setup, bad routing, bad NAT config, angry server aborting connection.
A packet trace from 'wireshark/tcpdump' would reveal what is going
on and who is responsible.

But it seems likely you have some DNS hacks/breakage.  {admin,streams}.
ourstation.org do not resolve to anything so either this is more
misleading info or you have DNS hackery in play.

Finally, 'curl --libcurl' will help you write better setup code.

m

--
Monty Brandenberg, Software Engineer   MCB, Inc.
---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Re: Connection refused - subdomain problem suspected

[René Berber via curl-library]

On 9/4/2019 5:45 PM, Richard G Elen via curl-library wrote:
[snip]

Easy way out: add CURLOPT_VERBOSE to the options and see if the log
gives any good hint.

> TEST CODE
> 
>  header("Content-type: application/json; charset=utf-8");
>  
>         $url =
> "https://streams.ourstation.org:2199/rpc/ourstation/streaminfo.get;;
>        
>        
>         $mysession = curl_init();
>     curl_setopt($mysession, CURLOPT_URL, $url);
>     curl_setopt($mysession, CURLOPT_RETURNTRANSFER, 1);
>     curl_setopt($mysession, CURLOPT_CONNECTTIMEOUT , 10);
>     curl_setopt($mysession, CURLOPT_FAILONERROR, true);

Don't know/use php but... all options to curl are long integers, does
the above really work (i.e. 1 instead of 1L)?

>           $json = json_decode(curl_exec($mysession), true);
>          
>          
>         if (curl_errno($mysession)) {
>         echo "error: " . curl_error($mysession);
>         }else{
>         echo json_encode($json,JSON_PRETTY_PRINT);
>         }   
>         
> ?>

Guess time:

Could be many things, SSL options (CURLOPT_CAINFO), SSL library used
with php (OpenSSL and gnutls usually work, others may not).
-- 
R.Berber
---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Connection refused - subdomain problem suspected

[Richard G Elen via curl-library]

Hello...

We're working with our developer to create a music royalty tracking 
system for our internet radio station.


We use curl from PHP to pull in "now playing" metadata from our 
streaming server's "streaminfo" URL.


During development, our developer used his own server to build the 
system and all was well.


Now he has moved it over to a server we have commissioned from our 
hosting company specifically for the purpose, this call no longer works, 
and neither we (nor our hosting provider) can work out why. We would 
appreciate some suggestions.


Our new database server has the hostname admin.ourstation.org ; our 
streaming server we can call streams.ourstation.org (domain anonymized).


We're trying to pull in the data from 
https://streams.ourstation.org:2199/rpc/ourstation/streaminfo.get. It 
constantly returns "Failed to connect to streams.ourstation.org port 
2199: Connection refused" - but only when accessed from our 
admin.ourstation.org host. All other machines we can test from return 
the data flawlessly.


We cannot access the command line on the new server ourselves, but our 
hosting provider tells us that if they run it as a curl command it works 
fine. I get a good result if I run a curl command from my desktop 
machine also. Our developer has done the following:


1. Run a test call (similar to below) /from /admin.ourstation.org /to 
/several other hosts and all work correctly
2. Run the test call below /from /several other hosts /to /return data 
from streams.ourstation.org and all work correctly
3. Our developer and I can both return data from streams.ourstation.org 
with manual curl calls from our desktop machines' command line.
4. Our developer has been able to recover data from 
streams.ourstation.org from the prototype system on his own server from 
the beginning (and still can).


ONLY the test from admin.ourstation.org to streams.ourstation.org fails.

We are therefore suspecting that there is a problem trying to return 
data from a related subdomain and we wonder how to solve this issue. The 
two servers are in different countries and the domain is managed by a 
third party; the servers both have A Records pointed at them and resolve 
suitably in a web browser, etc. The streams server has been running 
happily for a couple of years with no known DNS issues.


We would be most grateful for any observations. Thanks in advance!

--Richard E

TEST CODE

        $url = 
"https://streams.ourstation.org:2199/rpc/ourstation/streaminfo.get;;



        $mysession = curl_init();
    curl_setopt($mysession, CURLOPT_URL, $url);
    curl_setopt($mysession, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($mysession, CURLOPT_CONNECTTIMEOUT , 10);
    curl_setopt($mysession, CURLOPT_FAILONERROR, true);
          $json = json_decode(curl_exec($mysession), true);


        if (curl_errno($mysession)) {
        echo "error: " . curl_error($mysession);
        }else{
        echo json_encode($json,JSON_PRETTY_PRINT);
        }

?>

---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html