Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Too many "http: TLS handshake error" log #481

Closed
jthann opened this issue Jan 26, 2022 · 5 comments
Closed

Too many "http: TLS handshake error" log #481

jthann opened this issue Jan 26, 2022 · 5 comments

Comments

@jthann
Copy link
Collaborator

jthann commented Jan 26, 2022

Describe the bug
When I deploy easegress as a single pod in aliyun k8s cluster and use LoadBalancer service,the pod print hugely too many TLS handshake error log in pod stdout console every one second or less than one second
Give one real log example as follow:

2022/01/26 02:05:00 http: TLS handshake error from 100.97.231.2:49030: read tcp 172.26.5.88:443->100.97.231.2:49030: read: connection reset by peer

The easegress HTTPServer object yaml config as follow:(leave out tls cert and key for security)

kind: HTTPServer
name: https
port: 443
keepAlive: true
https: true
globalFilter: globalFilter
certBase64: 
keyBase64: 
rules:
  - paths:
      - pathPrefix: /api
        backend: api-svc

The k8s service yaml config as follow:

apiVersion: v1
kind: Service
metadata:
  name: easegress
  namespace: default
spec:
  externalTrafficPolicy: Local
  ports:
  - name: https
    port: 443
    protocol: TCP
    targetPort: 443
  selector:
    app: easegress
  sessionAffinity: None
  type: LoadBalancer
@localvar
Copy link
Collaborator

localvar commented Jan 27, 2022
edited
Loading

hi @jthann , is the easegress configuration work correctly outside of k8s?

@jthann
Copy link
Collaborator Author

jthann commented Jan 27, 2022
edited
Loading

hi @jthann , is the easegress configuration work correctly outside of k8s?

It's a little bit harder to test this outside of k8s,I guess it is caused by Aliyun LoadBalancer health check or something like this,because other gateway like apisix(nginx) don't have this type problem

@jthann
Copy link
Collaborator Author

jthann commented Jan 29, 2022
edited
Loading

I just found a similar issue from another project [https://github.com/cockroachdb/cockroach/issues/32102]
and golang net/http issue [https://github.com/golang/go/issues/26918]
It's not Easegress problem @localvar

@samutamm
Copy link
Contributor

samutamm commented Feb 7, 2022

I also think that this is probably issue on Golang net/http side. We could still filter the logs on Easegress side, by providing a custom error logger for http.Server like proposed here. It could be injected in HTTPServer#runtime .
I haven't succeed in reproducing TLS handshake errors. Do you want to try filtering logs using such a custom filter @jthann ?

@jthann
Copy link
Collaborator Author

jthann commented Feb 17, 2022

To reproduce this error, you should use aliyun or aws loadbalancer, it can be discarded like this way

httpsSrv := &http.Server{
		Addr:        fmt.Sprintf(":%d", 443),
		Handler:     &mux{},
		IdleTimeout: 60 * time.Second,
		ErrorLog:    log.New(io.Discard, "", log.LstdFlags),
}

xxx7xxxx pushed a commit to xxx7xxxx/easegress that referenced this issue Mar 16, 2022
@localvar @xxx7xxxx
filter out 'TLS handshake error' (close easegress-io#481) (easegress-…
f73f622 
…io#533)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@localvar @samutamm @jthann