Comments (5)
Hello @GRADeS-Gwen,
Thanks for your report, after some analyses it seems the issue is related to Go.
As you can see in the following method:
func (t *transferWriter) shouldSendContentLength() bool {
if chunked(t.TransferEncoding) {
return false
}
if t.ContentLength > 0 {
return true
}
if t.ContentLength < 0 {
return false
}
// Many servers expect a Content-Length for these methods
if t.Method == "POST" || t.Method == "PUT" || t.Method == "PATCH" {
return true
}
if t.ContentLength == 0 && isIdentity(t.TransferEncoding) {
if t.Method == "GET" || t.Method == "HEAD" {
return false
}
return true
}
return false
}
Go does not send Content-Length if the value is equal to 0.
I'm currently reading the RFC 2616 to understand if it is expected or not.
My 2 cents on that, it is a bit strange that Veeam send a GET request without body and a Content-Length header equal to 0. I will investigate and will come back to you once I have an answer.
from traefik.
@mmatur Thank you for the analyse. Reading the Go method, it is clear that my case fall in the last return.
I also tried to read and understand the RFC2616, but that was not clear. So I search a bit everywhere and mostly the result is that "it is optionnal" ...
We are on the same page that sending a GET with a Content-Length header equal to 0 is strange. Furthermore, the problem did not exist in the previous version of Veeam (11), only in the newest (12.1). We have exchanged a lot of ticket and did a lot of test with there support. In the end they say that they are not able to confirm that the "Content-Length" was present in the "SignHeader" on version 11 (what the ..., not able to confirm your code ??!!) and that it can not be removed in the version 12 ...
The solution they gave us was to remove Traefik and talk directlly to the service, or use another reverse to offload the SSL ... I am not particulary a fan to that, but I think we will need to do something like that in the short term.
from traefik.
@GRADeS-Gwen thanks for your answer.
Strange that they can not confirm their code. It could be linked to an upgrade to the aws-sdk between Veeam 11 and Veeam 12.
As you can see in the following screenshot, this code is present in go since many years, we will not be able to do anything on our side for this subject.
If I understood correctly your are using Traefik to handle TLS termination and add a ipAllowList Middleware.
One possibility is to use a TCP Router instead of HTTP Router.
tcp:
middlewares:
internalOnly:
ipAllowList:
sourceRange:
- "127.0.0.1/32"
- "172.16.0.0/12"
- "192.168.10.0/24"
routers:
router-http-s3:
rule: HostSNI(`s3.xxxxxxx.fr`)
entryPoints:
- websecure
middlewares:
- internalOnly
service: service-s3
tls: {}
services:
service-s3:
loadBalancer:
servers:
- url: http://127.0.0.1:8081/
passHostHeader: true
Switching from HTTP to TCP router will allow you to do the TLS termination on Traefik and forward the TCP request to your s3.
from traefik.
Strange that they can not confirm their code.
In my opinion, they just dont want to search .. I found an old Veeam test server in Veeam 10, and I can confirm that the "Content-Length" was not present in the "SignHeader". I will try to upgrade to 11 and 12.0 to confirm our supposition and send them to Veeam.
I will report here if we got aything coming back from Veeam
One possibility is to use a TCP Router instead of HTTP Router.
Good call ! I did not even think about it. I transposed our config like bellow and it worked \o/. It give us less parameters, but at least it work with a bit of security.
tcp:
routers:
router-https-s3:
rule: HostSNI(`s3.XXX.fr`)
entryPoints:
- web-secure
middlewares:
- internalOnly
service: service-s3
tls:
certResolver: le-gandi
services:
service-s3:
loadBalancer:
servers:
- address: "127.0.0.1:8081"
from traefik.
Great @GRADeS-Gwen
Thanks for the feedback
I'm closing the issue because the issue is not come from Traefik but from Veeam.
from traefik.
Related Issues (20)
- Traefik v2.10 documentation is shown by default instead of the latest version v2.11 HOT 1
- Add an ability to navigate on a dashboard from mobile device HOT 4
- Error from server (BadRequest): error when creating "ipallowlist.yml": Middleware in version "v1alpha1" cannot be handled as a Middleware: strict decoding error: unknown field "spec.ipAllowList" HOT 2
- When I set up IP whitelisting using IPWhitelist, Traefik obtains the client's IP as 127.0.0.1 instead of 192.168.5.10. How can I resolve this issue? HOT 1
- why Forwarded Headers client's IP is 127.0.0.1 not real ip (172.10.10.3) HOT 1
- Traefik Ingress Response Time Out HOT 1
- TLS certificate generation mix the CN and SANs HOT 1
- Keep URIs in server list
- Add shellrent as dnschallenge provider HOT 2
- Plugin file or directory could not be found in Pod HOT 2
- Create a cross namespace load balancing using IngressRouteTCP, where only the last service can be accessed HOT 4
- Only one node serve proper certificate HOT 3
- traefik_service_requests_total Inaccurate total count
- InfluxDB Metrics provider not working in v3.0 HOT 3
- Error with StripPrefix Middleware : `field not found, node: forceSlash` HOT 2
- Access log has many items with "0" HOT 3
- MySQL client cannot connect to database when using SNI routing with TLS HOT 1
- [v3] Support the traefik.http.*.tls.passthrough label again HOT 1
- providers.docker.defaultrule HOT 4
- Dashboard No longer working HOT 7
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from traefik.