ā06-22-2023 04:16 AM - edited ā06-22-2023 06:50 AM
Hello
We just upgraded to the 12.6.2 Reverse Proxy that has now an automated installer.
It's proxying without issues when accessing the standard finesse desktop. However if I e.g. want to access static files of "3rdpartygadget" user, I get an 404 error.
OK: https://finesse.lan:8445/desktop
OK: https://proxy.lan:8445/desktop
OK: https://finesse.lan:8445/3rdpartygadget/files/myCustomPage.html
NOK: https://proxy.lan:8445/3rdpartygadget/files/myCustomPage.html
Error 404 - Not Found:
Regards
Elias
ā06-22-2023 05:23 AM
Hi Elias,
Is only html file not accessible via reverse proxy, could please you check the same file is accessible in LAN network?
Regards
Dhina
ā06-22-2023 06:45 AM - edited ā06-22-2023 06:48 AM
Hi Dhina
Yes of course it's accessible if I use the direct link to finesse server.
Regards
Elias
PS: I edited my original post slightly to better show what is working and what is not. Also added access.log entry for failed request.
ā06-22-2023 07:12 AM - edited ā06-22-2023 07:13 AM
Hi Elias,
There is nothing specific added in rules to filter /3rdpartygadgets, all the requests are routed to upstream server. I have tested in my lab the requests are properly routed to upstream. This could be cache issue, could you please clear cache in reverse proxy and try once?
/3rdpartygadget requests served from my reverse proxy:
[16/Jun/2023:13:02:51 +0530] client:"10.65.36.230" host:"somename.cisco.com" user:"-" server_block:"somename.cisco.com:8445" request:"GET /3rdpartygadget/files/SuperSampleGadget.xml HTTP/2.0" requestid:"-" cache_status:"-" rsp_status:"200(200)" body_bytes_sent:"5494" time_taken:"0.001(0.002)" up_connect_time:"0.000"
[16/Jun/2023:13:03:13 +0530] client:"10.65.36.230" host:"somename.cisco.com" user:"-" server_block:"somename.cisco.com:8445" request:"GET /3rdpartygadget/files/testt.html HTTP/2.0" requestid:"-" cache_status:"-" rsp_status:"200(200)" body_bytes_sent:"31" time_taken:"0.001(0.001)" up_connect_time:"0.000"
Regards
Dhina
ā06-22-2023 11:31 PM
Hi Dhina
Clearing cache didn't seem to work unfortunately.
So I encountered something weird today. When testing I've seen that some files in another path seem to be accessible for some reason from the proxy. I made a copy of one such file and tried to access it but surprisingly that copy couldnt be accessed from the proxy. Any idea about that? File permissions remained the same.. I don't know what else I could check
OK: https://finesse.lan:8445/3rdpartygadget/files/test.txt
NOK: https://proxy.lan:8445/3rdpartygadget/files/copyOfTest.txt
Regards
Elias
ā06-22-2023 11:48 PM
Elias,
You could try restarting the reverse proxy and check once?
When you copy and access the file, is that the same 404 you get is it?
Regards
Dhina
ā06-23-2023 03:43 AM
Hi,
Restarting seems to help. This is what I did:
1. clear proxy cache -> file still not available
2. restarting finesse now -> fill still not available
3. restarting container -> fill is AVAILABLE
I'll have to monitor this behaviour, but seems to be OK for now at least for what we want to do.
The only thing we're struggling with is the NGX_VALID_REFERRERS. We set all the FQDN's but it doesnt seem to work.
For that reason we're currently commenting out returning of "417" status code in server_filters file once the container is deployed/started. Is it possible to just whitelist all domains as this is a lab? Or do you have any other advice what I could check in that direction?
Thanks
Elias
ā06-23-2023 03:59 AM - edited ā06-23-2023 04:00 AM
Elias,
We have tested the NGX_VALID_REFERRERS multiple times, it used to work as expected.
For now NGX_VALID_REFERRERS won't support wildcard characters to add all domains in the allowed list.
You could try this: From the browser network tab, you can check the requests that are rejected with the 417, find the referrer header for the request and append it to theNGX_VALID_REFERRERS and restart reverse proxy.
Regards
Dhina
ā06-29-2023 01:12 AM
Hi Dhina
OK so that NGX_VALID_REFERRERS is working OK now, I missed an entry in the list.
In the meantime however we're still struggling with accessing static files. The behaviour so far seems quite random. E.g. right now the file is uploaded to finesse's 3rdpartygadget user in the base directory and is available always when checking. However the same (html) file in a nested directory is not accessible. On the other hand, I can access other html files within the same subdirectory.
Any idea what could cause this behaviour?
Regards
Elias
ā07-11-2023 11:47 PM - edited ā07-11-2023 11:49 PM
Just posting an update after a troubleshooting session yesterday:
After adding some more logging in 3rdpartygadgetresources_list lua script (and restarting finesse and proxy server several times) the issue couldn't be reproduced anymore. I was at this point already once some weeks ago that everything seemed to work.
So with logging enabled we will wait for the issue to be reproducible so logs can be sent for further analysis.
// EDIT: here's the command we used to check the list of accessible files on finesse 3rdpartygadget user FROM reverse proxy host:
curl 'https://<finesseServerFQDN>:8445/desktop/api/ResourceURLs?type=3rdParty' -H 'User-Agent: Mozilla/5.0' -k -H 'Host:<proxyServerFQDN>' | tr ',' '\n'
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide