Home
Support Forums

Redirects returning http 500 - dns issue

Hi,

I created a page https://gastapp.bobits.at/ and added at _redirects /api/v1/* https://api3.bobits.at/api/v1/:splat
it should reverse proxy all the requests to the api endpoint.
And I have a DNS record for the api endpoint:
api3.bobits.at 3600 IN A 167.233.12.86

Accessing the api over api3.bobits.at works as expected. But accessing over https://gastapp.bobits.at/api/v1/company causes an 500 Internal Server Error

The first thing I notice when loading your app is that the CORS access control headers have not been set, youd need to set this on the api.


I also note that it seems to be hitting your netlify domain.

Is this of any help? :slight_smile:

Thank you for your answer.
Ah… I changed the url of my site without redeploy. Therefore the old urls were used. But I still have this issue, returning HTTP 500 on every request.

If we rech out to the developers, here is the header:
x-nf-request-id:

b13f6bad-2b7c-47f4-b614-9d49e63a93db-110180

1 Like

Do you have a public repo?

No, but the problem did not occur as long as I called the api directly from the IP adress.
As soon as I added a DNS entry on netlify DNS and routed to the IP it causes HTTP 500s.
I’m assuming that the problem is somewhere between netlify and my loadbalancer.
Because direct call to api3.bobits.at/api/v1/company works as expected, but reverse proxying gastserviceapp.bobits.at/api/v1/company doesn’t work.
Maybe some additional headers need to be set, I don’t know.

Hi, @bobocu. At the time request with header x-nf-request-id: b13f6bad-2b7c-47f4-b614-9d49e63a93db-110180 occurred, this custom domain was not linked to any site at Netlify (and it is still not).

There is a NETLIFY type DNS record for that custom domain here:

https://app.netlify.com/account/dns/bobits.at

The purpose and behavior of those NETLIFY type DNS record is further documented in this support guide:

Note, I do get an 500 response status if I visit the site subdomain URL directly:

$ curl -svo /dev/null https://myregiservice.netlify.app/api/v1/company  2>&1 | egrep "^< "
< HTTP/2 500
< date: Thu, 29 Oct 2020 07:47:51 GMT
< content-length: 0
< age: 0
< server: Netlify
< x-nf-request-id: 9cf5bbbd-9185-4489-a4cc-a14df9de59a3-12174748
<

I also get an error for the redirect rule URL:

$ curl -svo /dev/null  https://api3.bobits.at/api/v1/company
*   Trying 116.203.179.153...
* TCP_NODELAY set
* Connection failed
* connect to 116.203.179.153 port 443 failed: Connection refused
* Failed to connect to api3.bobits.at port 443: Connection refused
* Closing connection 0

If I change the URL to HTTP (no SSL) then it works:

$ curl -svo /dev/null  http://api3.bobits.at/api/v1/company  2>&1 | egrep "^< "
< HTTP/1.1 200
< Server: nginx/1.18.0 (Ubuntu)
< Date: Thu, 29 Oct 2020 07:48:58 GMT
< Content-Type: application/json
< Transfer-Encoding: chunked
< Connection: keep-alive
< Vary: Origin
< Vary: Access-Control-Request-Method
< Vary: Access-Control-Request-Headers
<

In summarize, the 500 error is happening because the URL you redirect to is returning an error.

You might try changing the rule from https:// to http:// to see if that resolves the issue. (That or you can enable SSL on the API system.)

If there are other questions or concerns, please let us know.

Hi @luke,
thank you for your analysis!

Meanwhile I’ve changed my DNS records.
I’ve added the dns record for api3.bobits.at again, pointing to my server (not netlify).
Although, when I try to open the reverse proxy redirected endpoint: https://myregi.netlify.app/api/v1/company which in fact should go to api3.bobits.at, I get an HTTP 500.
I’ve following redirects defined in my repo:

/v1/accounts*    https://identitytoolkit.googleapis.com/v1/accounts:splat 200
/api/v1/*        https://api3.bobits.at/api/v1/:splat 200 

For some instance, the first one works as expected, but the 2nd one doesn’t. I also can’t see any requests coming through to api3.bobits.at/api/v1

When the call x-nf-request-id: b13f6bad-2b7c-47f4-b614-9d49e63a93db-110180 happened, I had the sam DNS entry as I added right now, see above.

Hi, @bobocu. To be clear, the requests are being aborted because of SSL certificate validation issue.

The current SSL certificate doesn’t have a complete certificate chain. You can see more information about this here:

https://www.ssllabs.com/ssltest/analyze.html?d=api3.bobits.at&hideResults=on

This causes any error on the proxied request and a 500 response is returned because of this. If the SSL certificate used is updated to correct the errors reported by SSL Labs, the 500 errors should stop.

Hi, @luke
I see. So it’s not possible to host bobits.at from netlify, and a subdomain like api3.bobits.at from another server, providing its own let’s encrypt certificate, because then there will be two certificates, which causes problems.
api3.bobits.at and the wildcard certificate *.bobits.at

Is there any workaround or other solution, except using another domain?

Thank you very much!

Hi, @bobocu. An incomplete certificate chain in the SSL certificate at api3.bobits.at is the cause. The issue is not that there are two certificates. If you fix the certificate chain, the proxying will work.

The screenshot below highlights the issue on the SSL Labs analysis:

That is the issue which must be resolved to fix the 500 response when proxying to that site with our service. Our proxy service won’t look up the missing certificate in the chain and will return an error instead. If you fix the chain, the proxying will succeed.

If there are other questions about this, please let us know.

Hi @luke
thank you very much!
I just didn’t get it, that I only copied the root ca, but not the fullchain to my loadbalancer…

Works like a charm now :slight_smile:

2 Likes