This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Target Server for secure connection throws 502 Error (Unexpected EOF)

Posted on 08-24-2015 04:18 AM
adevegowda
Staff
Reply posted on --/--/---- --:-- AM

When I use a target server for a secure connection API call, I get the following error:

502 Bad Gateway 
{ "fault": { "faultstring": "Unexpected EOF", "detail": { "errorcode": "messaging.adaptors.http.UnexpectedEOF" } } }

The target server looks something like this:

{
  "host": "www.somehost.com",
  "isEnabled": true,
  "name": "https_target",
  "port": 443
}

Under the following scenarios the API works fine:

1. Create an API Proxy which has the target URL as "https://www.somehost.com"

2. API Proxy enabled for Non-secure connection with the target server

3. Execute curl API with URL pointing directly to the target/backend server

Can someone tell me if I am missing something in setting up the target server or anything else ?

Note: www.somehost.com is just a dummy name used to explain the problem. The actual host name is different.

Solved Solved
1 9 8,878
Topic Labels
Jump to Solution
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
Not applicable
Reply posted on --/--/---- --:-- AM

If target server is secure, we have to explicitly set the SSL enabled flag to true, irrespective of 1-way or 2-way SSL. Sample has been added. 

<TargetServer name="TargetServer1">
    <IsEnabled>true</IsEnabled>
    <Host>www.somehost.com</Host>
    <Port>443</Port>
    <SSLInfo>
        <Enabled>true</Enabled>
    </SSLInfo>
</TargetServer>

View solution in original post

Jump to Solution
9 REPLIES 9

Posted on --/--/---- --:-- AM
Not applicable
Reply posted on --/--/---- --:-- AM

If target server is secure, we have to explicitly set the SSL enabled flag to true, irrespective of 1-way or 2-way SSL. Sample has been added. 

<TargetServer name="TargetServer1">
    <IsEnabled>true</IsEnabled>
    <Host>www.somehost.com</Host>
    <Port>443</Port>
    <SSLInfo>
        <Enabled>true</Enabled>
    </SSLInfo>
</TargetServer>
Jump to Solution

Posted on --/--/---- --:-- AM
adevegowda
Staff
In response to
Reply posted on --/--/---- --:-- AM

SenthilT,

Thanks a lot for your response. I tried your suggestion and it works fine for me

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
akashtp
Staff
In response to
Reply posted on --/--/---- --:-- AM

@tskumar@apigee.com @AMAR DEVEGOWDA

There is another similar case where the curl to the target/backend works and there's no https/SSL configured on the backend.

Yet the below error is seen intermittently.

What do you think may be the cause?

{"fault":{"faultstring":"Unexpected EOF","detail":{"errorcode":"messaging.adaptors.http.UnexpectedEOF"}}} 

In Apigee logs, we see the following on a message processor for one sample request :

2015-08-24 11:42:44,226 org: env: NIOThread@3 ERROR HTTP.CLIENT - HTTPClient$Context$3.onException() : Message id:cswapiprdwb6002.com_BTn1wJ5s_RouterProxy-4-189484667_4995, ClientChannel[C:172.20.0.109:8080]@19718559.onExceptionRead exception: java.io.EOFException: eof unexpected 
2015-08-24 11:42:42,307 org: env: NIOThread@3 ERROR HTTP.SERVER - HTTPServer$Context$2.onException() : Message id:cswapiprdwb6002.com_BTn1wJ5s_RouterProxy-4-190286876_504 ChunkedOutputChannel(ClientOutputChannel(ClientChannel[A:172.26.51.214:8998 Remote host:172.26.51.213]@19718372)).onExceptionWrite exception:java.io.IOException: Broken pipe
Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
adevegowda
Staff
In response to akashtp
Reply posted on --/--/---- --:-- AM

@Akash Prabhashankar,

Considering that the target server is setup for non-secure connection and the error is intermittent, I would suggest you to check the following:

1. Is there an issue with their backend ? (Looking into their logs or taking tcpdumps might be useful)

2. Is the MPs IP address whitelisted ?

3. Does the direct call to backend work always ? (try it in a loop of 100 or more times)

Jump to Solution

Posted on --/--/---- --:-- AM
adevegowda
Staff
In response to
Reply posted on --/--/---- --:-- AM
@Floyd Jones, The documentation on target server does not inform that we will need to have SSLInfo section for secure target server. Can you please update the target server documentation to include this information ? Thanks, Amar
Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
sgilson
New Member
Reply posted on --/--/---- --:-- AM
@AMAR DEVEGOWDA

I have updated the doc in two places to show this information:

http://apigee.com/docs/api-services/content/config...

http://apigee.com/docs/api-services/content/load-b...

Stephen

Jump to Solution

Posted on --/--/---- --:-- AM
adevegowda
Staff
In response to sgilson
Reply posted on --/--/---- --:-- AM

@Stephen Gilson,

Thank you for updating the documentation with the appropriate information on the target server.

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
Not applicable
Reply posted on --/--/---- --:-- AM

@Nguyen_Nguyen found an issue exactly like this where the target server create API would ignore SSLInfo if not spelled out sSLInfo when sending the TargetServer encoded in JSON - https://community.apigee.com/questions/14155/how-to-see-ssl-info-for-target-server.html#answer-14159 - perhaps this is the problem some people finding this thread are facing.

Jump to Solution

Posted on --/--/---- --:-- AM
Not applicable
In response to
Reply posted on --/--/---- --:-- AM

i always get annoyed when we have this problem because we FORGOT and then I find out that the documentation hasnt been fixed.. and then.. blah...

Jump to Solution
0 Likes