Reputation: 10768
Proxy Breaks When Forwarding To GitHub Pages
We configured a function proxy for our website approximately 2 months ago and got everything working as expected. Last night around 8:00-8:30pm EST the proxy stopped working, receiving "Internal server error" 500 messages when accessing it's endpoints. We haven't changed anything on our end so I don't know why this all of a sudden started.
We proxy our domain to various endpoints. The endpoint that stopped working are proxies to pages we are hosting on GitHub pages. Proxies to other services such as other Azure App service instances are still working.
I ran a Proxy-Trace-Enabled: true request to the proxy and find the following error in the trace log:
"backend": [
{
"source": "forward-request",
"timestamp": "2018-01-31T01:45:36.4810022Z",
"elapsed": "00:00:00.0037370",
"data": {
"message": "Request is being forwarded to the backend service.",
"request": {
"method": "GET",
"url": "https://xxxxxxxxxx.github.io/xxxxxxxxxx/",
"headers": [
{
"name": "Cache-Control",
"value": "no-cache"
},
{
"name": "Accept",
"value": "*/*"
},
{
"name": "Accept-Encoding",
"value": "gzip"
},
{
"name": "Cookie",
"value": "__cfduid=xxxxxxxxxx"
},
{
"name": "Max-Forwards",
"value": "10"
},
{
"name": "User-Agent",
"value": "PostmanRuntime/7.1.1"
},
{
"name": "CF-IPCountry",
"value": "US"
},
{
"name": "X-Forwarded-For",
"value": "xxxxxxxxxx, xxxxxxxxxx, xxxxxxxxxx"
},
{
"name": "CF-RAY",
"value": "xxxxxxxxxx-MIA"
},
{
"name": "X-Forwarded-Proto",
"value": "https"
},
{
"name": "CF-Visitor",
"value": "{\"scheme\":\"https\"}"
},
{
"name": "Postman-Token",
"value": "xxxxxxxxxx"
},
{
"name": "CF-Connecting-IP",
"value": "xxxxxxxxxx"
},
{
"name": "X-WAWS-Unencoded-URL",
"value": "/"
},
{
"name": "X-Original-URL",
"value": "/"
},
{
"name": "X-ARR-LOG-ID",
"value": "xxxxxxxxxx"
},
{
"name": "DISGUISED-HOST",
"value": "xxxxxxxxxx.com"
},
{
"name": "X-SITE-DEPLOYMENT-ID",
"value": "xxxxxxxxxx"
},
{
"name": "WAS-DEFAULT-HOSTNAME",
"value": "xxxxxxxxxx.azurewebsites.net"
},
{
"name": "Content-Length",
"value": "0"
}
]
}
}
},
{
"source": "forward-request",
"timestamp": "2018-01-31T01:45:36.5122512Z",
"elapsed": "00:00:00.0363283",
"data": {
"messages": [
"Error occured while calling backend service.",
"The request was aborted: Could not create SSL/TLS secure channel."
]
}
}
],
I am not sure why there are "The request was aborted: Could not create SSL/TLS secure channel." errors since I can access the GitHub pages version of the website that it is proxying to without issue (no SSL issues). We've had to disable use of the proxy for now and change our DNS to point directly to the GitHub page until we can resolve this.
- What's going on here?
- Why did this break all of a sudden with no changes on our end?
Upvotes: 0
Views: 572
Answers (1)
Reputation: 26374
Maybe GitHub suddenly switched to TLS 1.2-only and walked away?
$ curl --tlsv1.0 -vki https://microsoft.github.io
...
* gnutls_handshake() failed: Error in protocol version
$ curl --tlsv1.1 -vki https://microsoft.github.io
...
* gnutls_handshake() failed: Error in protocol version
$ curl --tlsv1.2 -vki https://microsoft.github.io
* SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256
...
* subject: C=US,ST=California,L=San Francisco,O=GitHub, Inc.,
CN=www.github.com
* issuer: C=US,O=DigiCert Inc,OU=www.digicert.com,
CN=DigiCert SHA2 High Assurance Server CA
...
HTTP/1.1 200 OK
I don't know if you can tell Functions Proxy to use a particular TLS version for outbound connections, you know, the equivalent of
System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Tls12;
Upvotes: 2
Related Questions
- Azure Function App proxy is removing the query string
- Azure Functions Proxy 404 on localhost
- azure Function proxy is not working on Linux systems
- Azure functions proxies Invalid URI: noSlash
- git config for proxy issue
- Azure Function Proxies Routing for Static Sites
- Azure Proxy Timing Out
- Azure proxies don't accept query string parameters as request overrides
- Azure functions proxy ignored
- Azure function proxy returns error 500