Page MenuHomePhabricator
Create Task
Maniphest T103662

Urlproxy (Toolforge front proxy) should not overwrite error page
Closed, ResolvedPublic
Actions

Description

When a tool is emitting an error page in response, the proxy is currently replacing the response with a error. The original headers and body are suppressed.

This obscures a lot of errors and makings debugging virtually impossible.

Example file:

<?php
http_response_code( 500 );
header( 'Content-Type: text/html; charset=utf-8' );
?><!DOCTYPE html>
<html>
  <meta charset="utf-8">
  <title>Custom error</title>
  <body>
    <h1>Cannot connect to example.db</h1>
  </body>
</html>

Hosted at https://tools.wmflabs.org/orphantalk/test.php

In response to a POST request, the proxy serves a generic nginx "400 Bad Request" page.

Example:

curl 'https://tools.wmflabs.org/orphantalk/test.php' --data 'x' -i -v
[..]
> POST /orphantalk/test.php HTTP/1.1
> User-Agent: curl/7.37.1
> Host: tools.wmflabs.org
> Accept: */*
> Content-Length: 1
> Content-Type: application/x-www-form-urlencoded
> 
* upload completely sent off: 1 out of 1 bytes
HTTP/1.1 500 Internal Server Error
Server: nginx/1.4.6 (Ubuntu)
Date: Wed, 24 Jun 2015 08:31:11 GMT
Content-Type: text/html
Content-Length: 349
Connection: close
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
         "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
 <head>
  <title>400 - Bad Request</title>
 </head>
 <body>
  <h1>400 - Bad Request</h1>
 </body>
</html>

In response to a GET request, it serves a ToolLabs-style "Internal error" page.

> GET /orphantalk/test.php HTTP/1.1

HTTP/1.1 500 Internal Server Error
Server: nginx/1.4.6 (Ubuntu)
Date: Wed, 24 Jun 2015 08:57:37 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.5.9-1ubuntu4.9

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
  <head>
    <title>Tool Labs</title>
    <meta charset="utf-8" />
    <meta name="title" content="Tool Labs" />
    <meta name="description" content="This is the Tool Labs project for community-developed tools assisting the Wikimedia projects." />
[..]

Related Objects
Search...

Event Timeline

Krinkle created this task.Jun 24 2015, 8:35 AM
Krinkle raised the priority of this task from to High.
Krinkle updated the task description. (Show Details)
Krinkle added projects: Cloud-VPS, Toolforge, Regression.
Krinkle added a subscriber: Krinkle.
Restricted Application added a project: Cloud-Services. · View Herald TranscriptJun 24 2015, 8:35 AM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
Krinkle renamed this task from Tools Labs proxy should not overwrite error page with generic "400 Bad Request" to Tools Labs proxy should not overwrite error page.Jun 24 2015, 8:58 AM
Krinkle updated the task description. (Show Details)
Krinkle set Security to None.
scfc added a subscriber: scfc.Jun 24 2015, 2:49 PM

IIRC originally the reasoning was that with default error pages, all users would be pointed to webmaster@tools.wmflabs.org which would be unbearable. (And I think I wrote something like that a few weeks ago, so this task may be a duplicate of something?)

What would be nice:

  • Change the default lighttpd error pages in the tools' configurations to display the same information the "uber" error pages display currently.
  • Then rely on that and remove any overwrites.

I assume the 400 for POST comes from nginx trying to access tools.admin's web service for the Tools-style error page and somewhere in the pipeline only GETs are passed through.

yuvipanda added a subscriber: yuvipanda.Jun 24 2015, 2:50 PM

If you pass the X-Wikimedia-Debug header and set it to 1 it'll pass them through as well, in the proxy.

zhuyifei1999 added a subscriber: zhuyifei1999.Jun 24 2015, 3:05 PM
valhallasw lowered the priority of this task from High to Medium.Jul 2 2015, 6:59 PM
valhallasw added a subscriber: valhallasw.
valhallasw moved this task from Triage to Backlog on the Toolforge board.Jul 2 2015, 7:09 PM
gabriel-wmde added a subscriber: gabriel-wmde.Aug 19 2015, 11:22 AM
valhallasw added a comment.Aug 28 2015, 7:34 PM

I've been digging a bit into the nginx lua module, and I think we can actually do something really cool: wrap the actual error page with a more generic message: you'd see the generic error message, with a fold-out with more detailed error information.
(http://wiki.nginx.org/HttpLuaModule#body_filter_by_lua / http://wiki.nginx.org/HttpLuaModule#ngx.status).

On the other hand, I think scfc's option makes more engineering sense, and is probably much easier to implement. After all, /data/project/tools.admin/public_html is readable for everyone, so it can just server the relevant .php file from there.

yuvipanda added a comment.Aug 28 2015, 7:35 PM

Problem with the lighttpd approach is not sure what that does for uwsgi, nodejs, etc.

valhallasw added a comment.EditedAug 28 2015, 7:42 PM

The disadvantage to that is that fcgi calls are never decorated with error pages in lighttpd, so a

<?php
header('HTTP/1.1 501 Error');

in php will just return an empty page.

For uwsgi, nodejs, etc, it does 'whatever that framework does', but that's not too unreasonable, I think.

Ricordisamoa added a subscriber: Ricordisamoa.Oct 27 2015, 7:26 AM
valhallasw mentioned this in T123136: tool-labs error pages HTTP/400 for POSTs.Jan 10 2016, 6:09 PM
scfc mentioned this in T128898: Server errors of web tools are reported as 404.Mar 22 2016, 9:40 PM
Phabricator_maintenance removed a subscriber: yuvipanda.Jun 7 2017, 6:49 PM
GTirloni edited projects, added cloud-services-team (Kanban); removed Cloud-Services.Mar 24 2019, 10:27 AM
Bstorm moved this task from Inbox to Graveyard on the cloud-services-team (Kanban) board.Oct 23 2019, 3:48 PM
bd808 renamed this task from Tools Labs proxy should not overwrite error page to Urlproxy (Toolforge front proxy) should not overwrite error page.Nov 10 2019, 11:29 PM
bd808 mentioned this in T216713: Allow use of custom error page behind domainproxy.
bd808 moved this task from Backlog to Dynamicproxy on the Cloud-VPS board.Nov 10 2019, 11:36 PM
aborrero added a subtask: T243734: X-Wikimedia-Debug header does nothing on Toolforge web services.Jan 27 2020, 11:09 AM
aborrero mentioned this in T243734: X-Wikimedia-Debug header does nothing on Toolforge web services.Jan 27 2020, 11:27 AM
bd808 closed subtask T243734: X-Wikimedia-Debug header does nothing on Toolforge web services as Resolved.Jan 27 2020, 3:51 PM
fnegri edited projects, added cloud-services-team; removed cloud-services-team (Kanban).Jan 18 2023, 6:53 PM
fnegri moved this task from Kanban to Graveyard on the cloud-services-team board.
fnegri moved this task to Inbox on the cloud-services-team board.Jan 18 2023, 9:58 PM
taavi closed this task as Resolved.Sep 26 2023, 2:14 PM
taavi claimed this task.
taavi added a subscriber: taavi.

I believe we only show custom error pages on connection pages currently.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL