Unable to get a simple example working
marcoreni opened this issue · comments
Hi all,
I'm trying to get a simple example working but I'm having some issues.
docker-compose.yml:
version: "3.7"
services:
proxy:
image: darkweak/souin:latest
ports:
- 80:80
- 443:443
volumes:
- ./configuration.yml:/configuration/configuration.yml
configuration.yml:
log_level: DEBUG
default_cache:
ttl: 10s
reverse_proxy_url: 'https://www.google.com'
With this configuration, I always get an "empty reply from server" and nothing is logged:
$ curl http://localhost
curl: (52) Empty reply from server
If I add the ports explicitly:
configuration.yml:
log_level: DEBUG
default_cache: # Required part
port: # Ports to expose Souin
web: 80
tls: 443
ttl: 10s # Default TTL
reverse_proxy_url: 'https://www.google.com'
A request is seen on the logs, but then everything panics:
proxy-1 | {"level":"DEBUG","time":"2023-03-15T16:35:55.863Z","caller":"middleware/middleware.go:260","message":"Incomming request &{Method:GET URL:/ Proto:HTTP/1.1 ProtoMajor:1 ProtoMinor:1 Header:map[Accept:[*/*] User-Agent:[curl/7.86.0]] Body:{} GetBody:<nil> ContentLength:0 TransferEncoding:[] Close:false Host:localhost Form:map[] PostForm:map[] MultipartForm:<nil> Trailer:map[] RemoteAddr:172.22.0.1:47656 RequestURI:/ TLS:<nil> Cancel:<nil> Response:<nil> ctx:0x40006ba080}"}
proxy-1 | {"level":"DEBUG","time":"2023-03-15T16:35:55.863Z","caller":"middleware/middleware.go:299","message":"Request cache-control &{MaxAge:-1 MaxStale:-1 MaxStaleSet:false MinFresh:-1 NoCache:false NoStore:false NoTransform:false OnlyIfCached:false Extensions:[]}"}
proxy-1 | {"level":"DEBUG","time":"2023-03-15T16:35:55.864Z","caller":"middleware/middleware.go:135","message":"Request the upstream server"}
proxy-1 | 2023/03/15 16:35:55 http: panic serving 172.22.0.1:47656: runtime error: invalid memory address or nil pointer dereference
proxy-1 | goroutine 24 [running]:
proxy-1 | net/http.(*conn).serve.func1()
proxy-1 | /usr/local/go/src/net/http/server.go:1850 +0xb8
proxy-1 | panic({0xc4b6a0, 0x17cf7d0})
proxy-1 | /usr/local/go/src/runtime/panic.go:890 +0x260
proxy-1 | main.main.func2.1({0xf73240, 0x40006ba1c0}, 0x40003ec700)
proxy-1 | /app/src/github.com/darkweak/souin/plugins/souin/main.go:75 +0x2ac
proxy-1 | github.com/darkweak/souin/pkg/middleware.(*SouinBaseHandler).Upstream(0x40001fc000, 0x40006ba1c0, 0x40003ec700, 0x4000695e60, 0x40002143f0, {0x40000b20a8, 0x14})
proxy-1 | /app/src/github.com/darkweak/souin/pkg/middleware/middleware.go:137 +0x180
proxy-1 | github.com/darkweak/souin/pkg/middleware.(*SouinBaseHandler).ServeHTTP(0x40001fc000, {0xf75d90, 0x40003f41c0}, 0x40000c8400, 0x4000695e60)
proxy-1 | /app/src/github.com/darkweak/souin/pkg/middleware/middleware.go:380 +0x11a8
proxy-1 | main.main.func2({0xf75d90, 0x40003f41c0}, 0xffff7ad8773b?)
proxy-1 | /app/src/github.com/darkweak/souin/plugins/souin/main.go:60 +0xa8
proxy-1 | net/http.HandlerFunc.ServeHTTP(0x400008dad8?, {0xf75d90?, 0x40003f41c0?}, 0x0?)
proxy-1 | /usr/local/go/src/net/http/server.go:2109 +0x38
proxy-1 | net/http.(*ServeMux).ServeHTTP(0x0?, {0xf75d90, 0x40003f41c0}, 0x40000c8400)
proxy-1 | /usr/local/go/src/net/http/server.go:2487 +0x140
proxy-1 | net/http.serverHandler.ServeHTTP({0x40001e84e0?}, {0xf75d90, 0x40003f41c0}, 0x40000c8400)
proxy-1 | /usr/local/go/src/net/http/server.go:2947 +0x2cc
proxy-1 | net/http.(*conn).serve(0x40000d6460, {0xf76930, 0x400003dad0})
proxy-1 | /usr/local/go/src/net/http/server.go:1991 +0x544
proxy-1 | created by net/http.(*Server).Serve
proxy-1 | /usr/local/go/src/net/http/server.go:3102 +0x43c
The same happens if I download latest binary and try to run it with the above configuration.
What am I doing wrong?
I do not actively maintain the standalone server because of the multiple constraints to built a reverse proxy. I recommend to use Souin as middleware in caddy or traefik reverse proxy. However I will investigate on that panic but in my first opinion, the Souin standalone server is designed to run in front of another reverse proxy (Apache, nginx, caddy, Træfik, ...). You cannot proxy directly to google but you should have something like
Incoming traffic -> Souin -> traefik -> service and your Souin configuration should be
default_cache:
ttl: 30s
reverse_proxy: http://traefik
What's the difference in terms of having a "local (maybe virtual) network" upstream (traefik) vs. a remote upstream (google)?
Anyhow, if the standalone server is not maintained maybe it should be made more clear in the readme? By reading here: https://github.com/darkweak/souin#souin-out-of-the-box and seeing otherwise just use https://yourdomain.com I assume differently.
Træfik is a reverse proxy, Souin is not. yourdomain.com is the domain to use to contact the reverse proxy and transfer the request to it.
I've added traefik as you suggested. I'm no expert in the service so I followed and adapted the basic example found on the traefik docs.
Panic is still there.
version: "3.7"
services:
proxy:
image: darkweak/souin:v1.6.28
ports:
- 80:80
- 443:443
volumes:
- ./configuration/configuration.yml:/configuration/configuration.yml
traefik:
image: "traefik:v2.9"
container_name: "traefik"
command:
#- "--log.level=DEBUG"
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
whoami:
image: "traefik/whoami"
container_name: "simple-service"
labels:
- "traefik.enable=true"
- "traefik.http.routers.whoami.rule=Host(`localhost`)"
- "traefik.http.routers.whoami.entrypoints=web"log_level: DEBUG
default_cache: # Required part
port: # Ports to expose Souin
web: 80
tls: 443
ttl: 10s # Default TTL
reverse_proxy_url: 'http://traefik'
(EDIT: I've also tried downgrading Souin, that's why I'm using 1.6.28 here)
I'll explore using souin as a middleware.
That's a bug then 😅
Well I opened a PR that handle HTTP proxy errors. In your case, you have to put a real proxy between your souin instance and the service you want to proxy the request (caddy is easier to configure for that). If you target http://google.com or http://www.google.com it will work because there are no TLS verifications and it's not on the roadmap to support that.
I can come back later with an example using caddy if you need it.