HTTPS通知未达到天鹅座 [英] HTTPS notification doesn't reach cygnus
问题描述
猎户座版本为2.1.0
Orion使用-https选项
我们在订阅的URL中使用"HTTPS"协议架构->参考:" https://cygnus.domain.com/notify "
当我们插入与订阅匹配的实体时,该实体是在Orion中创建的,而不是在STH中创建的.
但是Orion日志返回:通知已成功发送到 https://cygnus.domain.com:443/通知
如果我们在订阅中的URL中使用"HTTP"协议模式,则它可以正常工作 如果我们使用curl在HTTP或HTTPS中直接通知天鹅座,那么它将起作用
猎户座日志如下:
time=Friday 22 Feb 11:24:28 2019.158Z | lvl=INFO | corr=N/A | trans=1550831768-689-00000000058 | from=pending | srv=pending | subsrv=pending | comp=Orion | op=logMsg.h[1832]:lmTransactionStart | msg=Starting transaction to https://cygnus.domain.com:443/notify
time=Friday 22 Feb 11:24:28 2019.159Z | lvl=INFO | corr=6a8319ac-3694-11e9-872e-0242c0a81006 | trans=1550831768-689-00000000056 | from=10.6.11.36 | srv=svctestnca | subsrv=/svcpath/testnca | comp=Orion | op=logMsg.h[1916]:lmTransactionEnd | msg=Transaction ended
time=Friday 22 Feb 11:24:28 2019.177Z | lvl=INFO | corr=N/A | trans=1550831768-689-00000000057 | from=pending | srv=pending | subsrv=pending | comp=Orion | op=httpRequestSend.cpp[615]:httpRequestSendWithCurl | msg=Notification Successfully Sent to https://cygnus.domain.com:443/notify
time=Friday 22 Feb 11:24:28 2019.159Z | lvl=INFO | corr=N/A | trans=1550831768-689-00000000058 | from=pending | srv=pending | subsrv=pending | comp=Orion | op=httpRequestSend.cpp[594]:httpRequestSendWithCurl | msg=Sending message 20 to HTTP server: sending message of 826 bytes to HTTP server
time=Friday 22 Feb 11:24:28 2019.176Z | lvl=INFO | corr=N/A | trans=1550831768-689-00000000058 | from=pending | srv=pending | subsrv=pending | comp=Orion | op=logMsg.h[1916]:lmTransactionEnd | msg=Transaction ended
感谢您的帮助.
此问题已解决 订阅参考为 https://cygnus.domain.com/notify 但Orion可以在 https://cygnus.domain.com:443/notify
我们有一个HAProxy来负载平衡请求.存在一个ACL来接受doamin cygnus.domain.com,但不存在一个ACL来接受cygnus.domain.com:443
修改ACL可解决问题
- 旧ACL:acl IS_Cygnus hdr(host)-i cygnus.domain.com
- 新ACL:acl IS_Cygnus hdr_beg(host)-i cygnus.domain.com
Orion version is 2.1.0
Orion is started in HTTPS using the -https option
We use the "HTTPS" protocol schema in URL in our subscriptions --> reference" : "https://cygnus.domain.com/notify"
When we insert an Entity matching the subscription, the Entity is created in Orion, but not in STH.
However Orion Logs return: Notification Successfully Sent to https://cygnus.domain.com:443/notify
If we use the "HTTP" protocol schema in URL in our subscriptions it works If we use curl to notify dirctly Cygnus in HTTP or HTTPS it works
Orion Logs bellow:
time=Friday 22 Feb 11:24:28 2019.158Z | lvl=INFO | corr=N/A | trans=1550831768-689-00000000058 | from=pending | srv=pending | subsrv=pending | comp=Orion | op=logMsg.h[1832]:lmTransactionStart | msg=Starting transaction to https://cygnus.domain.com:443/notify
time=Friday 22 Feb 11:24:28 2019.159Z | lvl=INFO | corr=6a8319ac-3694-11e9-872e-0242c0a81006 | trans=1550831768-689-00000000056 | from=10.6.11.36 | srv=svctestnca | subsrv=/svcpath/testnca | comp=Orion | op=logMsg.h[1916]:lmTransactionEnd | msg=Transaction ended
time=Friday 22 Feb 11:24:28 2019.177Z | lvl=INFO | corr=N/A | trans=1550831768-689-00000000057 | from=pending | srv=pending | subsrv=pending | comp=Orion | op=httpRequestSend.cpp[615]:httpRequestSendWithCurl | msg=Notification Successfully Sent to https://cygnus.domain.com:443/notify
time=Friday 22 Feb 11:24:28 2019.159Z | lvl=INFO | corr=N/A | trans=1550831768-689-00000000058 | from=pending | srv=pending | subsrv=pending | comp=Orion | op=httpRequestSend.cpp[594]:httpRequestSendWithCurl | msg=Sending message 20 to HTTP server: sending message of 826 bytes to HTTP server
time=Friday 22 Feb 11:24:28 2019.176Z | lvl=INFO | corr=N/A | trans=1550831768-689-00000000058 | from=pending | srv=pending | subsrv=pending | comp=Orion | op=logMsg.h[1916]:lmTransactionEnd | msg=Transaction ended
Thanks for your help.
This problem has been solved The subscription reference is https://cygnus.domain.com/notify but Orion transform this in https://cygnus.domain.com:443/notify
We have a HAProxy to load balance requests. An ACL is present to accept the doamin cygnus.domain.com but no ACL is present to accept cygnus.domain.com:443
Modifying the ACL resolve the problem
- Old ACL : acl IS_Cygnus hdr(host) -i cygnus.domain.com
- New ACL : acl IS_Cygnus hdr_beg(host) -i cygnus.domain.com
这篇关于HTTPS通知未达到天鹅座的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
