Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feed requests from Hetzner Helsinki Datacenter lead to gateway error #324

Open
Bogdanp opened this issue Sep 21, 2024 · 3 comments
Open

Feed requests from Hetzner Helsinki Datacenter lead to gateway error #324

Bogdanp opened this issue Sep 21, 2024 · 3 comments
Labels
question Further information is requested

Comments

@Bogdanp
Copy link

Bogdanp commented Sep 21, 2024
edited
Loading

Title: Requests from Hetzner Helsinki Datacenter lead to gateway error

Issue found of: September 21, 2024

Endpoint(s):

  • GET https://feeds.soundcloud.com/users/soundcloud:users:627190089/sounds.rss

Steps to reproduce:

$ curl -v https://feeds.soundcloud.com/users/soundcloud:users:627190089/sounds.rss
*   Trying 108.156.22.68:443...
* TCP_NODELAY set
* Connected to feeds.soundcloud.com (108.156.22.68) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=*.soundcloud.com
*  start date: Feb  6 12:22:15 2024 GMT
*  expire date: Mar  9 12:22:14 2025 GMT
*  subjectAltName: host "feeds.soundcloud.com" matched cert's "*.soundcloud.com"
*  issuer: C=BE; O=GlobalSign nv-sa; CN=GlobalSign GCC R3 DV TLS CA 2020
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x5629715c3650)
> GET /users/soundcloud:users:627190089/sounds.rss HTTP/2
> Host: feeds.soundcloud.com
> user-agent: curl/7.68.0
> accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
< HTTP/2 503
< content-length: 945
< date: Sat, 21 Sep 2024 07:12:12 GMT
< x-cache: Error from cloudfront
< via: 1.1 e3d7e26a5df51c85de01773b18b95a58.cloudfront.net (CloudFront)
< x-amz-cf-pop: HEL51-P1
< x-amz-cf-id: bQxWZ4tdU1j8amHXVpHwbPwJ9dHh-h4K4WeHLsATP9VGeoHu5I6bVw==
<
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<TITLE>ERROR: The request could not be satisfied</TITLE>
</HEAD><BODY>
<H1>503 Service Unavailable ERROR</H1>
<H2>The request could not be satisfied.</H2>
<HR noshade size="1px">
We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner.
<BR clear="all">
If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation.
<BR clear="all">
<HR noshade size="1px">
<PRE>
Generated by cloudfront (CloudFront) HTTP3 Server
Request ID: sDPgPk4c_Refu8F3BH9hWAZuhxSIDEB2AuE9pT8Tz7btITRrNcdtpQ&#x3D;&#x3D;
</PRE>
<ADDRESS>
</ADDRESS>
* Connection #0 to host feeds.soundcloud.com left intact

Expected behaviour:

A successful feed response.

Actual behaviour:

Service Unavailable

Apologies if this isn't the right place to report this, but I couldn't find a better place. Requests from other servers on Hetzner's cloud work just fine.

$ mtr feeds.soundcloud.com
                                                      Packets               Pings
 Host                                               Loss%   Snt   Last   Avg  Best  Wrst StDev
 1. static.97.91.217.95.clients.your-server.de       0.0%   191    0.3   1.0   0.2  15.2   2.3
 2. core32.hel1.hetzner.com                          0.0%   191    0.3   0.3   0.3   0.7   0.1
 3. juniper4.dc1.hel1.hetzner.com                    0.0%   191    0.4  12.0   0.3  53.8  10.4
 4. (waiting for reply)
 5. (waiting for reply)
 6. (waiting for reply)
 7. (waiting for reply)
 8. (waiting for reply)
 9. server-108-156-22-5.hel51.r.cloudfront.net       0.0%   190    0.7   0.7   0.7   0.9   0.0
@youssefhassan
Copy link

Hey @Bogdanp, do you still have the same issue?

@youssefhassan youssefhassan added the question Further information is requested label Oct 7, 2024
@Bogdanp
Copy link
Author

Bogdanp commented Oct 8, 2024

Hi @youssefhassan. Yes, the problem persists:

$ curl -v https://feeds.soundcloud.com/users/soundcloud:users:627190089/sounds.rss
*   Trying 52.85.49.35:443...
* TCP_NODELAY set
* Connected to feeds.soundcloud.com (52.85.49.35) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=*.soundcloud.com
*  start date: Feb  6 12:22:15 2024 GMT
*  expire date: Mar  9 12:22:14 2025 GMT
*  subjectAltName: host "feeds.soundcloud.com" matched cert's "*.soundcloud.com"
*  issuer: C=BE; O=GlobalSign nv-sa; CN=GlobalSign GCC R3 DV TLS CA 2020
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x562f1cbb1650)
> GET /users/soundcloud:users:627190089/sounds.rss HTTP/2
> Host: feeds.soundcloud.com
> user-agent: curl/7.68.0
> accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
< HTTP/2 503
< content-length: 945
< date: Tue, 08 Oct 2024 05:25:25 GMT
< x-cache: Error from cloudfront
< via: 1.1 07c325e1e193f25e3673c49cf7dde57c.cloudfront.net (CloudFront)
< x-amz-cf-pop: HEL50-C2
< x-amz-cf-id: BE6hFc986itqD-0hSIapDzu7Mxir34nmpvlfS5D0s5wgOncyAFw-vQ==
<
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<TITLE>ERROR: The request could not be satisfied</TITLE>
</HEAD><BODY>
<H1>503 Service Unavailable ERROR</H1>
<H2>The request could not be satisfied.</H2>
<HR noshade size="1px">
We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner.
<BR clear="all">
If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation.
<BR clear="all">
<HR noshade size="1px">
<PRE>
Generated by cloudfront (CloudFront) HTTP3 Server
Request ID: 90MLkaWlZIuj8n9nGv_E-bkhG1D98pX2xO9ZBat1w1HDzaUDJQg1IA&#x3D;&#x3D;
</PRE>
<ADDRESS>
</ADDRESS>
* Connection #0 to host feeds.soundcloud.com left intact

Note that it took about 1 minute to even get the response back. For some background: this server is an ingester for podcast feeds and feeds on soundcloud are the only ones having this problem, so I don't think this is some issue with the server itself.

@RealAlphabet
Copy link

RealAlphabet commented Oct 19, 2024
edited
Loading

I'm experiencing the same issue with Hetzner, but I haven't received any response from SoundCloud.

* Connected to soundcloud.com (3.164.206.104) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /usr/lib/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=*.soundcloud.com
*  start date: Feb  6 12:22:15 2024 GMT
*  expire date: Mar  9 12:22:14 2025 GMT
*  subjectAltName: host "soundcloud.com" matched cert's "soundcloud.com"
*  issuer: C=BE; O=GlobalSign nv-sa; CN=GlobalSign GCC R3 DV TLS CA 2020
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x7fbd178cdc00)
> GET /api HTTP/2
> Host: soundcloud.com
> user-agent: curl/7.74.0
> accept: */*
> 
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
^C
➜  control git:(master) ✗ curl --interface 95.217.192.166 -v https://secure.soundcloud.com/oauth/token
*   Trying 3.164.68.30:443...
* Name '95.217.192.166' family 2 resolved to '95.217.192.166' family 2
* Local port: 0
* Connected to secure.soundcloud.com (3.164.68.30) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /usr/lib/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=*.soundcloud.com
*  start date: Feb  6 12:22:15 2024 GMT
*  expire date: Mar  9 12:22:14 2025 GMT
*  subjectAltName: host "secure.soundcloud.com" matched cert's "*.soundcloud.com"
*  issuer: C=BE; O=GlobalSign nv-sa; CN=GlobalSign GCC R3 DV TLS CA 2020
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x7fdb1becdc00)
> GET /oauth/token HTTP/2
> Host: secure.soundcloud.com
> user-agent: curl/7.74.0
> accept: */*
> 
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
(...stuck here)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Bogdanp @youssefhassan @RealAlphabet