代码之家  ›  专栏  ›  技术社区  ›  JrBenito

AWS SDK无法在公司代理后连接

aws-sdk-nodejs amazon-web-services
  •  0
  • JrBenito  · 技术社区  · 7 年前

    我的工作站在一个公司代理的后面,我已经设置了环境变量,我可以在NodeJS中使用除aws-sdk之外的任何东西。这里是TCP连接的转储: 

    No.     Time           Source                Destination           Protocol Length Info
  2 1.834143       105.103.15.106        105.103.82.47         TCP      74     54952 → 8080 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=497254718 TSecr=0 WS=128
  3 1.836141       105.103.82.47         105.103.15.106        TCP      74     8080 → 54952 [SYN, ACK] Seq=0 Ack=1 Win=14480 Len=0 MSS=1460 SACK_PERM=1 TSval=3399116010 TSecr=497254718 WS=128
  4 1.836165       105.103.15.106        105.103.82.47         TCP      66     54952 → 8080 [ACK] Seq=1 Ack=1 Win=29312 Len=0 TSval=497254719 TSecr=3399116010
  5 1.836779       105.103.15.106        105.103.82.47         TCP      310    54952 → 8080 [PSH, ACK] Seq=1 Ack=1 Win=29312 Len=244 TSval=497254719 TSecr=3399116010
  6 1.838250       105.103.82.47         105.103.15.106        TCP      66     8080 → 54952 [ACK] Seq=1 Ack=245 Win=15616 Len=0 TSval=3399116012 TSecr=497254719
 20 123.670911     105.103.82.47         105.103.15.106        TCP      66     8080 → 54952 [FIN, ACK] Seq=1 Ack=245 Win=15616 Len=0 TSval=3399237839 TSecr=497254719
 21 123.674168     105.103.15.106        105.103.82.47         TCP      66     54952 → 8080 [FIN, ACK] Seq=245 Ack=2 Win=29312 Len=0 TSval=497285178 TSecr=3399237839
 22 123.676592     105.103.82.47         105.103.15.106        TCP      66     8080 → 54952 [ACK] Seq=2 Ack=246 Win=15616 Len=0 TSval=3399237843 TSecr=497285178

    example provided by Amazon .

    节点版本:在6.10.0、6.11.0和8.1.3上测试 SDK今天安装(2.82.0)

    aws cloudformatin describe-stack-resources --stack-name my-stack 在同一台Ubuntu机器上。众所周知, aws 

    No.     Time           Source                Destination           Protocol Length Info
  1 0.000000       105.103.15.106        105.103.82.47         TCP      74     54940 → 8080 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=496906305 TSecr=0 WS=128
  2 0.001987       105.103.82.47         105.103.15.106        TCP      74     8080 → 54940 [SYN, ACK] Seq=0 Ack=1 Win=14480 Len=0 MSS=1460 SACK_PERM=1 TSval=3397722434 TSecr=496906305 WS=128
  3 0.002008       105.103.15.106        105.103.82.47         TCP      66     54940 → 8080 [ACK] Seq=1 Ack=1 Win=29312 Len=0 TSval=496906305 TSecr=3397722434
  4 0.002100       105.103.15.106        105.103.82.47         TCP      127    [TCP segment of a reassembled PDU]
  5 0.003967       105.103.82.47         105.103.15.106        TCP      66     8080 → 54940 [ACK] Seq=1 Ack=62 Win=14592 Len=0 TSval=3397722436 TSecr=496906306
  6 0.003974       105.103.15.106        105.103.82.47         HTTP     68     CONNECT cloudformation.us-east-1.amazonaws.com:443 HTTP/1.0 
  7 0.006035       105.103.82.47         105.103.15.106        TCP      66     8080 → 54940 [ACK] Seq=1 Ack=64 Win=14592 Len=0 TSval=3397722438 TSecr=496906306
  8 0.247802       105.103.82.47         105.103.15.106        HTTP     185    HTTP/1.0 200 Connection established 
  9 0.247810       105.103.15.106        105.103.82.47         TCP      66     54940 → 8080 [ACK] Seq=64 Ack=120 Win=29312 Len=0 TSval=496906367 TSecr=3397722681
 10 0.248938       105.103.15.106        105.103.82.47         TLSv1.2  583    Client Hello
 11 0.250985       105.103.82.47         105.103.15.106        TCP      66     8080 → 54940 [ACK] Seq=120 Ack=581 Win=15616 Len=0 TSval=3397722683 TSecr=496906367
 12 0.684003       105.103.82.47         105.103.15.106        TLSv1.2  1995   Server Hello
 13 0.684011       105.103.15.106        105.103.82.47         TCP      66     54940 → 8080 [ACK] Seq=581 Ack=2049 Win=33152 Len=0 TSval=496906476 TSecr=3397723117
 14 0.690001       105.103.82.47         105.103.15.106        TLSv1.2  1488   CertificateServer Key Exchange, Server Hello Done
 15 0.690866       105.103.15.106        105.103.82.47         TLSv1.2  216    Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message
 16 0.692974       105.103.82.47         105.103.15.106        TCP      66     8080 → 54940 [ACK] Seq=3471 Ack=731 Win=16640 Len=0 TSval=3397723125 TSecr=496906478
 17 0.968807       105.103.82.47         105.103.15.106        TLSv1.2  141    Change Cipher Spec, Encrypted Handshake Message
 18 0.969476       105.103.15.106        105.103.82.47         TLSv1.2  679    Application Data
 19 0.970992       105.103.82.47         105.103.15.106        TCP      66     8080 → 54940 [ACK] Seq=3546 Ack=1344 Win=17920 Len=0 TSval=3397723403 TSecr=496906547
 20 1.319977       105.103.82.47         105.103.15.106        TLSv1.2  617    Application Data
 21 1.324998       105.103.82.47         105.103.15.106        TCP      2114   [TCP segment of a reassembled PDU]
 22 1.325003       105.103.15.106        105.103.82.47         TCP      66     54940 → 8080 [ACK] Seq=1344 Ack=6145 Win=43008 Len=0 TSval=496906636 TSecr=3397723753
 23 1.329979       105.103.82.47         105.103.15.106        TLSv1.2  133    Application Data
 24 1.332987       105.103.15.106        105.103.82.47         TCP      66     54940 → 8080 [FIN, ACK] Seq=1344 Ack=6212 Win=43008 Len=0 TSval=496906638 TSecr=3397723763
 25 1.373825       105.103.82.47         105.103.15.106        TCP      66     8080 → 54940 [ACK] Seq=6212 Ack=1345 Win=17920 Len=0 TSval=3397723807 TSecr=496906638
 26 1.606041       105.103.82.47         105.103.15.106        TLSv1.2  119    Encrypted Alert
 27 1.606063       105.103.15.106        105.103.82.47         TCP      54     54940 → 8080 [RST] Seq=1345 Win=0 Len=0

    请注意,从1到3的数据包是三向握手,与JS SDK完全相同,数据包4类似于JS SDK的数据包5,未在摘要中显示,但它也有PSH标志和ACK,不同之处在于内容(预期),数据包5是该数据的代理ACK。从这一点上讲,情况有所不同, ACK到达数据包6后,CLI立即发送下一个数据包。收到数据后, CLI发送FIN、接收ACK、加密警报并发送RST(这是由于不需要加密警报)。

    我找不到为什么JS SDK在最后一次服务器确认后停止发送数据。但由于代理超时并在一段时间后发送FIN ACK,我的节点脚本似乎挂起很长时间,直到终止,错误如下: 

    { NetworkingError: socket hang up
at TLSSocket.onHangUp (_tls_wrap.js:1124:19)
at TLSSocket.g (events.js:292:16)
at emitNone (events.js:91:20)
at TLSSocket.emit (events.js:185:7)
at endReadableNT (_stream_readable.js:974:12)
at _combinedTickCallback (internal/process/next_tick.js:80:11)
at process._tickDomainCallback (internal/process/next_tick.js:128:9)

    消息:“套接字挂起”, 地区:“us-west-2”, 主机名:“bucket.s3-us-west-2.amazonaws.com”, 可重试:正确, 时间:2017-07-07T19:31:29.494Z}空

    有线索吗?

    2 回复  |  直到 7 年前
        1
  •  4
  •   Chris White    7 年前

    here bug on it 其中提到使用 node-tunnel 

    var AWS = require('aws-sdk');
var tunnel = require('tunnel');

var tunnelingAgent = tunnel.httpsOverHttp({
  proxy: { // Proxy settings
    host: 'proxyhost',
    port: 8080,
    proxyAuth: "user:pass",
  }
});

AWS.config.update({
  httpOptions: { 
    agent: tunnelingAgent
  }
});

var s3 = new AWS.S3({region: 'us-west-2'});
s3.getObject({Bucket: 'bucket', Key: 'key'}, function (err, data) {
  console.log(err, data);
});

    虽然我很遗憾没有环境设置来测试这一点,但我希望它至少能让您开始了解如何解决这个问题。

        2
  •  2
  •   Felix Ebert    3 年前

    从AWS SDK v3开始,有 no longer a global config

    示例 S3Client @aws-sdk/client-s3 :

    使用其中一个 aws-sdk-v3-proxy 使用HTTP\U代理/HTTPS\U代理环境变量 ) 

    import { S3Client } from '@aws-sdk/client-s3';
import { addProxyToClient } from 'aws-sdk-v3-proxy';

const client = addProxyToClient(new S3Client({}));

    requestHandler 

    import { S3Client } from '@aws-sdk/client-s3';
import { NodeHttpHandler } from "@aws-sdk/node-http-handler";
import ProxyAgent from "proxy-agent";

// omit proxy url argument to use env variables HTTP_PROXY / HTTPS_PROXY
const proxyAgent = new ProxyAgent("http://internal.proxy.com");
new S3Client({
    requestHandler: new NodeHttpHandler({
        httpAgent: proxyAgent,
        httpsAgent: proxyAgent
    })
});

    特殊情况:临时凭据

    如果您使用AssumeRole为身份和访问管理(IAM)使用临时的有限权限凭据,则必须请求获取这些凭据。 提供选项 credentials 为此。

    幕后 用于获取临时凭据- STSClient - has to be configured as well to work behind a proxy fromIni , fromTokenFile @aws-sdk/credential-providers clientConfig option 为此。 

    import { S3Client } from '@aws-sdk/client-s3';
import { NodeHttpHandler } from "@aws-sdk/node-http-handler";
import ProxyAgent from "proxy-agent";
import { fromIni } from "@aws-sdk/credential-providers";

// omit proxy url argument to use env variables HTTP_PROXY / HTTPS_PROXY
const proxyAgent = new ProxyAgent("http://internal.proxy.com");

const requestHandler = new NodeHttpHandler({
    httpAgent: proxyAgent,
    httpsAgent: proxyAgent
})
new S3Client({
    credentials: fromIni({
        profile: "YourRoleProfile",
        clientConfig: {
            requestHandler
        }
    }),
    region: "eu-central-1",
    requestHandler
});
    推荐文章
    Anna Berezko  ·  AWS匹配不支持的TLD域名和S3 bucket静态网站
    1 年前
    R0bert2  ·  Ansible-使用with_项创建列表
    2 年前
    renzCNFT  ·  与s3相比,workdocs有什么优势
    2 年前
    Eva  ·  Github与AWS codecommit镜像和同步的操作
    2 年前
    Heritage Squad  ·  如何使节点组模块中的每个实例都使用特定的安全组?
    2 年前
    Christian Townsend  ·  如何从Terraform中的ElastiCache获取cache_节点地址?
    2 年前
    Hasham  ·  如何将多个本地文件上载到s3中的一个文件
    2 年前
    shesupplypi  ·  如何将一个应用程序或服务的无服务器输出引用到另一个应用程序或服务?
    2 年前
    sebas flores  ·  S3 URL-使用python下载
    2 年前
    Ibrahim Patel  ·  AWS CloudWatch Error“尝试获取图形数据时出错。”
    2 年前
    关于   移动版
    代码之家 - 一站式码农服务社区
    沪ICP备11025650号