Internal server error with large requests (>10MB)

cybrwshl · September 1, 2020, 12:08pm

Hi,

with our newest application we get some strange behaviour. This application is a Java application in a customized openliberty container with traefik 1.7.26 in front. When sending a request with a body of over ~10Mib we get a 500 http response. With bodies smaller than this, the openliberty container does its job and returns the correct result.
Also could we rule out the application itself. We've got correct results when we accessed the container direct (ports via docker).

time="2020-09-01T06:45:43Z" level=debug msg="Upstream ResponseWriter of type *pipelining.writerWithoutCloseNotify does not implement http.CloseNotifier. Returning dummy channel."
time="2020-09-01T06:45:43Z" level=debug msg="'500 Internal Server Error' caused by: connection error: FLOW_CONTROL_ERROR"
time="2020-09-01T06:45:43Z" level=debug msg="vulcand/oxy/forward/http: Round trip: https://CONTAINER_IP:9443, code: 500, Length: 21, duration: 379.396108ms tls:version: 303, tls:resume:false, tls:csuite:cca8, tls:server:myhost.example.com"

time="2020-09-01T06:45:43Z" level=debug msg="vulcand/oxy/forward/http: completed ServeHttp on request" Request="{\"Method\":\"POST\",\"URL\":{\"Scheme\":\"https\",\"Opaque\":\"\",\"User\":null,\"Host\":\"CONTAINER_IP:9443\",\"Path\":\"\",\"RawPath\":\"\",\"ForceQuery\":false,\"RawQuery\":\"\",\"Fragment\":\"\"},\"Proto\":\"HTTP/1.1\",\"ProtoMajor\":1,\"ProtoMinor\":1,\"Header\":{\"Accept\":[\"*/*\"],\"Accept-Encoding\":[\"gzip, deflate, br\"],\"Authorization\":[\"Bearer SECRET\"],\"Connection\":[\"keep-alive\"],\"Content-Length\":[\"13594708\"],\"Content-Type\":[\"multipart/form-data; boundary=--------------------------821139872036740021867662\"],\"User-Agent\":[\"PostmanRuntime/7.26.3\"]},\"ContentLength\":13594708,\"TransferEncoding\":null,\"Host\":\"myhost.example.com:443\",\"Form\":null,\"PostForm\":null,\"MultipartForm\":null,\"Trailer\":null,\"RequestURI\":\"/rest/endpoint/\",\"TLS\":null}"
time="2020-09-01T06:45:43Z" level=debug msg="vulcand/oxy/forward: completed ServeHttp on request" Request="{\"Method\":\"POST\",\"URL\":{\"Scheme\":\"https\",\"Opaque\":\"\",\"User\":null,\"Host\":\"CONTAINER_IP:9443\",\"Path\":\"\",\"RawPath\":\"\",\"ForceQuery\":false,\"RawQuery\":\"\",\"Fragment\":\"\"},\"Proto\":\"HTTP/1.1\",\"ProtoMajor\":1,\"ProtoMinor\":1,\"Header\":{\"Accept\":[\"*/*\"],\"Accept-Encoding\":[\"gzip, deflate,br\"],\"Authorization\":[\"Bearer SECRET\"],\"Connection\":[\"keep-alive\"],\"Content-Length\":[\"13594708\"],\"Content-Type\":[\"multipart/form-data; boundary=--------------------------821139872036740021867662\"],\"User-Agent\":[\"PostmanRuntime/7.26.3\"]},\"ContentLength\":13594708,\"TransferEncoding\":null,\"Host\":\"myhost.example.com:443\",\"Form\":null,\"PostForm\":null,\"MultipartForm\":null,\"Trailer\":null,\"RequestURI\":\"/rest/endpoint/\",\"TLS\":null}"
time="2020-09-01T06:45:43Z" level=debug msg="vulcand/oxy/roundrobin/rr: completed ServeHttp on request" Request="{\"Method\":\"POST\",\"URL\":{\"Scheme\":\"\",\"Opaque\":\"\",\"User\":null,\"Host\":\"\",\"Path\":\"/rest/endpoint/\",\"RawPath\":\"\",\"ForceQuery\":false,\"RawQuery\":\"\",\"Fragment\":\"\"},\"Proto\":\"HTTP/1.1\",\"ProtoMajor\":1,\"ProtoMinor\":1,\"Header\":{\"Accept\":[\"*/*\"],\"Accept-Encoding\":[\"gzip, deflate, br\"],\"Authorization\":[\"Bearer SECRET\"],\"Connection\":[\"keep-alive\"],\"Content-Length\":[\"13594708\"],\"Content-Type\":[\"multipart/form-data; boundary=--------------------------821139872036740021867662\"],\"User-Agent\":[\"PostmanRuntime/7.26.3\"]},\"ContentLength\":13594708,\"TransferEncoding\":null,\"Host\":\"myhost.example.com:443\",\"Form\":null,\"PostForm\":null,\"MultipartForm\":null,\"Trailer\":null,\"RequestURI\":\"/rest/endpoint/\",\"TLS\":null}"
time="2020-09-01T06:45:43Z" level=debug msg="vulcand/oxy/buffer: completed ServeHttp on request" Request="{\"Method\":\"POST\",\"URL\":{\"Scheme\":\"\",\"Opaque\":\"\",\"User\":null,\"Host\":\"\",\"Path\":\"/rest/endpoint/\",\"RawPath\":\"\",\"ForceQuery\":false,\"RawQuery\":\"\",\"Fragment\":\"\"},\"Proto\":\"HTTP/1.1\",\"ProtoMajor\":1,\"ProtoMinor\":1,\"Header\":{\"Accept\":[\"*/*\"],\"Accept-Encoding\":[\"gzip, deflate, br\"],\"Authorization\":[\"Bearer SECRET\"],\"Connection\":[\"keep-alive\"],\"Content-Length\":[\"13594708\"],\"Content-Type\":[\"multipart/form-data; boundary=--------------------------821139872036740021867662\"],\"User-Agent\":[\"PostmanRuntime/7.26.3\"]},\"ContentLength\":13594708,\"TransferEncoding\":null,\"Host\":\"myhost.example.com:443\",\"Form\":null,\"PostForm\":null,\"MultipartForm\":null,\"Trailer\":null,\"RequestURI\":\"/rest/endpoint/\",\"TLS\":null}"

Docker compose file of our application (without environment and volumes):

services:
 mysupercoolrestservice:
    image: mysupercoolrestservice:latest
    restart: unless-stopped
    networks:
      - webgateway
    labels:
      traefik.domain: "${PROJECT_FQDN}"
      traefik.port: "9443"
      traefik.protocol: "https"
      traefik.weight: "10"
      traefik.frontend.rule: "Host:${PROJECT_FQDN};PathPrefix:/rest/endpoint/, /rest/endpoint2/"
      traefik.docker.network: "webgateway"
      traefik.enable: "true"
      traefik.backend.buffering.maxRequestBodyBytes: 52428800
      traefik.backend.buffering.memRequestBodyBytes: 2097152
      traefik.backend.buffering.maxResponseBodyBytes: 52428800
      traefik.backend.buffering.memResponseBodyBytes: 2097152
      traefik.backend.buffering.retryExpression: "IsNetworkError() && Attempts() <= 2"
...

Traefik configuration (all config done with this traefik.toml):

logLevel = "DEBUG"

InsecureSkipVerify = true
defaultEntryPoints = ["https"]

[docker]
domain = "myhost.example.com"
watch = true
exposedbydefault = false

[entryPoints]
  [entryPoints.http]
  address = ":80"
  compress = true
     [entryPoints.http.redirect]
     entryPoint = "https"
  [entryPoints.https]
  address = ":443"
  compress = true
    [entryPoints.https.tls]
    minVersion = "VersionTLS11"
    cipherSuites = [
      "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
      "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
      "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
      "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
      "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
      "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
      "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
      "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
      "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
      "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
      "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
      "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
    ]

    [entryPoints.https.tls.defaultCertificate]
      certFile = "/certs/myhost.example.com.cer"
      keyFile = "/certs/myhost.example.com.key"

[api]

[metrics]
  [metrics.prometheus]

I've run out of ideas on what component may cause such an error.
kind regards

cybrwshl · September 3, 2020, 5:30am

Problem solved. Our OpenLiberty application doesn't support HTTP/2. So we had to force HTTP/1.1 inside the server.xml.

Topic		Replies	Views
Traefik Error 500, but container has 200 Traefik v1 docker	5	1581	November 13, 2022
Traefik 500 Error on one container port, but not the other Traefik v2 docker	1	985	November 14, 2022
Internal Server Error accessing container though fine when connecting through port Traefik v2 docker	10	3407	November 25, 2019
500 errors with HTTP/1.1 Traefik v2 tcp	2	985	May 31, 2022
500 Internal Server Error - tls: first record does not look like a TLS handshake Traefik v1 docker	1	4281	August 21, 2019

Internal server error with large requests (>10MB)

Related topics