Unable to connect to tentacle through proxy

dhanjisumit · 8 November 2020 15:17

I’m using squild proxy conf to connect to my listening tentacle as below
acl Safe_ports port 10933

and I have create machine proxy to be used as listening tentacle proxy on port 80.

but when i’m checking health i’m getting below error:
Unexpected exception executing transaction. Halibut.Transport.Proxy.Exceptions.ProxyException: Proxy destination ::ffff:192.168.1.23 on port 80 responded with a 400 code - Bad Request
at Halibut.Transport.Proxy.HttpProxyClient.HandleProxyCommandError(String host, Int32 port)
at Halibut.Transport.Proxy.HttpProxyClient.CreateConnection(String destinationHost, Int32 destinationPort, TimeSpan timeout, CancellationToken cancellationToken)
at Halibut.Transport.TcpConnectionFactory.CreateConnectedTcpClient(ServiceEndPoint endPoint, ILog log, CancellationToken cancellationToken)
at Halibut.Transport.TcpConnectionFactory.EstablishNewConnection(ServiceEndPoint serviceEndpoint, ILog log, CancellationToken cancellationToken)
at Halibut.Transport.ConnectionManager.<>c__DisplayClass9_0.b__0()
at System.Lazy1.ViaFactory(LazyThreadSafetyMode mode) at System.Lazy1.ExecutionAndPublication(LazyHelper executionAndPublication, Boolean useDefaultConstructor)
at System.Lazy1.CreateValue() at Halibut.Transport.ConnectionManager.<>c__DisplayClass9_0.<CreateNewConnection>b__1() at Halibut.Transport.ConnectionManager.AcquireConnection(IConnectionFactory connectionFactory, ServiceEndPoint serviceEndpoint, ILog log, CancellationToken cancellationToken) at Halibut.Transport.SecureListeningClient.ExecuteTransaction(Action1 protocolHandler, CancellationToken cancellationToken)
November 8th 2020 20:24:01Info
Retrying connection to https://localhost:10933/ - attempt #3.
November 8th 2020 20:24:01Info
Opening a new connection to https://localhost:10933/
November 8th 2020 20:24:01Info
Creating a proxy client
November 8th 2020 20:24:01Info
Connecting to proxy at 192.168.1.23:80
November 8th 2020 20:24:01Info
Sending unauthorized server CONNECT command for localhost:10933 to proxy
November 8th 2020 20:24:01Error
Unexpected exception executing transaction. Halibut.Transport.Proxy.Exceptions.ProxyException: Proxy destination ::ffff:192.168.1.23 on port 80 responded with a 400 code - Bad Request
at Halibut.Transport.Proxy.HttpProxyClient.HandleProxyCommandError(String host, Int32 port)
at Halibut.Transport.Proxy.HttpProxyClient.CreateConnection(String destinationHost, Int32 destinationPort, TimeSpan timeout, CancellationToken cancellationToken)
at Halibut.Transport.TcpConnectionFactory.CreateConnectedTcpClient(ServiceEndPoint endPoint, ILog log, CancellationToken cancellationToken)
at Halibut.Transport.TcpConnectionFactory.EstablishNewConnection(ServiceEndPoint serviceEndpoint, ILog log, CancellationToken cancellationToken)
at Halibut.Transport.ConnectionManager.<>c__DisplayClass9_0.b__0()
at System.Lazy1.ViaFactory(LazyThreadSafetyMode mode) at System.Lazy1.ExecutionAndPublication(LazyHelper executionAndPublication, Boolean useDefaultConstructor)
at System.Lazy1.CreateValue() at Halibut.Transport.ConnectionManager.<>c__DisplayClass9_0.<CreateNewConnection>b__1() at Halibut.Transport.ConnectionManager.AcquireConnection(IConnectionFactory connectionFactory, ServiceEndPoint serviceEndpoint, ILog log, CancellationToken cancellationToken) at Halibut.Transport.SecureListeningClient.ExecuteTransaction(Action1 protocolHandler, CancellationToken cancellationToken)

Please suggest is there any other configuration I’m missing.

Kenneth_Bates · 9 November 2020 06:14

HI @dhanjisumit,

Thanks for getting in touch! I’m sorry to hear you’re hitting this roadblock! Is it possible your proxy server has SSL offloading enabled? I’ve seen similar issues due to this since Octopus and Tentacle communication doesn’t support SSL offloading, unfortunately. It needs to be an uninterrupted TLS tunnel to work.

If that checks out, does adding the following line to your squid proxy conf help (this is in addition to acl Safe_ports port 10933 you currently have set)?

acl SSL_ports port 10933

Do you see anything helpful in the squid logs?

I hope this helps narrow it down, and I look forward to hearing back!

Best regards,

Kenny

dhanjisumit · 10 November 2020 14:53

Hello,

Thanks for response.
If I understand completely, we can’t configure tentacle to communicate on port 443 with proxy enabled for listening mode tentacle

Is there any way to have encrypted traffic between octopus and tentacle through proxy.

Kenneth_Bates · 11 November 2020 05:02

Hi @dhanjisumit,

Thanks for following up! Port 443 should be completely fine, and you can set that in the machine proxy settings. Though I’m wondering what error you’re hitting when you try? Are you using SSL Offloading? Do you see any helpful information in your squid logs?

I look forward to hearing back.

Best regards,

Kenny

system · 12 December 2020 05:02

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.