chunked trailer server-authorization

Gonçalo Silva goncalo.silva at muzzley.com
Wed Jan 6 11:43:53 CET 2016 

Hello,

I'm having problems getting varnish processing this kind of requests.
If i do the request direct to the backend i have no problem and this is the
result:

------
root at Reverse:~# curl --raw -v -X "GET" -H 'Authorization: Hawk id="xxxx",
ts="xxxxx", nonce="xxxxx", mac="akA+pAge015LbAq+fq3YPG9PM0EgSl3/xxxxxx="'
-H 'Host: myhostbackend.com'
http://myhostbackend.com:4050/profiles/89a12688-8653-4f76-bb18-xxxxx
* Hostname was NOT found in DNS cache
*   Trying myhostbackend.com...
* Connected to myhostbackend.com (xx.xx.xx.xx) port 4050 (#0)
> GET /profiles/89a12688-8653-4f76-bb18-xxxxxxx HTTP/1.1
> User-Agent: curl/7.35.0
> Accept: */*
> Authorization: Hawk id="xxxx", ts="xxxxx", nonce="xxxxx",
mac="akA+pAge015LbAq+fq3YPG9PM0EgSl3/xxxxxx="
> Host: myhostbackend.com
>
< HTTP/1.1 200 OK
< media-type: application/json;v=v0
< content-type: application/json; charset=utf-8
< cache-control: no-cache
< trailer: server-authorization
< transfer-encoding: chunked
< Date: Tue, 05 Jan 2016 17:17:07 GMT
< Connection: keep-alive
<
228
{"id":"xxxxxxxx","uuid":"89a12688-8653-xxxxxxx-xxxx","kind":"device","name":"apagar","provider":"apagarrr","resourceUrl":"
http://xxx.com/channels","authorizationUrl":"http://xxx.com/authorization
","subscriptionUrl":"http://xxx.com/subscriptions","photoUrl":"
http://xxx.com/images/profile.jpg
","requiredCapabilityVersion":1,"accessList":[],"auth":{"inbound":{},"outbound":{}},"globalManagerAccess":false,"openOauthInBrowser":false}
0
server-authorization: Hawk
mac="RuMz8Rm1DAq3Uuq1HSz/IjCidjn/R73+LnX6pntIKX4=",
hash="vrcvy0YWrI4CO5qMmGP6GLgGy3VexSFvjXdJGeYzBOQ="

* Connection #0 to host xxx.xxx.xxx.xxx left intact

-----

if i do the request via varnish, i'm not getting all the response, and
don't how why but the http header "trailer: server-authorization" doesn't
shows up. I can see "FetchError chunked tail no NL" on the varnish log, but
not sure what it means in this situation.

----
root at Reverse:~# curl --raw -v -X "GET" -H 'Authorization: Hawk id="xxxx",
ts="xxxxx", nonce="xxxxx", mac="akA+pAge015LbAq+fq3YPG9PM0EgSl3/xxxxxx="'
-H 'Host: myhostbackend.com'
http://127.0.0.1:6081/profiles/89a12688-8653-4f76-bb18-xxxxx
* Hostname was NOT found in DNS cache
*   Trying 127.0.0.1...
* Connected to 127.0.0.1 (127.0.0.1) port 6081 (#0)
> GET /profiles/89a12688-8653-4f76-bb18-xxxxxxx HTTP/1.1
> User-Agent: curl/7.35.0
> Accept: */*
> Authorization: Hawk id="xxxx", ts="xxxxx", nonce="xxxxx",
mac="akA+pAge015LbAq+fq3YPG9PM0EgSl3/xxxxxx="
> Host: myhostbackend.com

 HTTP/1.1 200 OK
< media-type: application/json;v=v0
< content-type: application/json; charset=utf-8
< cache-control: no-cache
< Date: Tue, 05 Jan 2016 17:14:54 GMT
< X-Varnish: 32773
< Age: 0
< Via: 1.1 varnish-v4
< Accept-Ranges: bytes
< Transfer-Encoding: chunked
< Connection: keep-alive

<
00228
{"id":"xxxxxxxx","uuid":"89a12688-8653-xxxxxxx-xxxx","kind":"device","name":"apagar","provider":"apagarrr","resourceUrl":"
http://xxx.com/channels","authorizationUrl":"http://xxx.com/authorization
","subscriptionUrl":"http://xxx.com/subscriptions","photoUrl":"
http://xxx.com/images/profile.jpg
","requiredCapabilityVersion":1,"accessList":[],"auth":{"inbound":{},"outbound":{}},"globalManagerAccess":false,"openOauthInBrowser":false}
* transfer closed with outstanding read data remaining
* Closing connection 0
--------

The log from varnish is:

*   << BeReq    >> 32774
-   Begin          bereq 32773 pass
-   Timestamp      Start: 1452014094.207771 0.000000 0.000000
-   BereqMethod    GET
-   BereqURL       /profiles/89a12688-8653-4f76-bb18-3bfe2b829400
-   BereqProtocol  HTTP/1.1
-   BereqHeader    User-Agent: curl/7.35.0
-   BereqHeader    Accept: */*
-   BereqHeader    Authorization: Hawk idAuthorization: Hawk id="xxxx",
ts="xxxxx", nonce="xxxxx", mac="akA+pAge015LbAq+fq3YPG9PM0EgSl3/xxxxxx="
-   BereqHeader    Host: myhostbackend.com
-   BereqHeader    X-Forwarded-For: 127.0.0.1
-   BereqHeader    X-Varnish: 32774
-   VCL_call       BACKEND_FETCH
-   VCL_return     fetch
-   BackendOpen    18 boot.apiserver xxx.xxx.xxx.xxx 4050 xxx.xxx.xxx.xxx
34845
-   Timestamp      Bereq: 1452014094.208532 0.000761 0.000761
-   Timestamp      Beresp: 1452014094.220400 0.012629 0.011868
-   BerespProtocol HTTP/1.1
-   BerespStatus   200
-   BerespReason   OK
-   BerespHeader   media-type: application/json;v=v0
-   BerespHeader   content-type: application/json; charset=utf-8
-   BerespHeader   cache-control: no-cache
-   BerespHeader   trailer: server-authorization
-   BerespHeader   transfer-encoding: chunked
-   BerespHeader   Date: Tue, 05 Jan 2016 17:14:54 GMT
-   BerespHeader   Connection: keep-alive
-   TTL            RFC 120 10 -1 1452014094 1452014094 1452014094 0 0
-   VCL_call       BACKEND_RESPONSE
-   TTL            VCL 120 10 0 1452014094
-   VCL_return     deliver
-   Storage        malloc Transient
-   ObjProtocol    HTTP/1.1
-   ObjStatus      200
-   ObjReason      OK
-   ObjHeader      media-type: application/json;v=v0
-   ObjHeader      content-type: application/json; charset=utf-8
-   ObjHeader      cache-control: no-cache
-   ObjHeader      Date: Tue, 05 Jan 2016 17:14:54 GMT
-   Fetch_Body     2 chunked stream
-   FetchError     chunked tail no NL
-   BackendClose   18 boot.apiserver
-   BereqAcct      310 0 310 246 552 798
-   End


If i put the varnish configuration using pipe for this requests, everything
works, but of course i can't cache them.
Can anyone understands what is going on here and if this is a configuration
problem or something more deeper?

Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-misc/attachments/20160106/8b4ce79c/attachment.html>

More information about the varnish-misc mailing list