Github webhook失败,显示“EOF”?

huangapple go评论130阅读模式
英文:

Github webhook fails with "EOF"?

问题

我为Github设置了一个Webhook事件,但每当我发送一个事件时,我收到以下错误:

> We couldn’t deliver this payload: EOF

我制作了一个快速脚本,通过复制Github的“最近交付”选项卡中显示的负载来模拟Github事件,如下所示:

#!/usr/bin/python
from hmac import HMAC
from hashlib import sha256
import requests, json

GITHUB_WEBHOOK_KEY = b'webhook_key'
# payload is the payload displayed in the "Recent deliveries" tab.

body_str = json.dumps(payload).encode()

r = requests.post(
    'https://my.server:8085/webhook/github/push',
    headers={
        'X-Hub-Signature-256': 'sha256={}'.format(HMAC(key=GITHUB_WEBHOOK_KEY', msg=body_str, digestmod=sha256).hexdigest()),
        'X-Github-Event': 'push'
    },
    json=payload
)

print(r.status_code)
print(r.content)

这个工作得很好(状态码为200)。

Github做了一些我的代码中没有做的事情,导致Github出现“EOF”错误(不管那是什么)。

服务器由Haproxy实例运行,具有以下配置:

frontend deploy
    mode http
    bind :::8085 v4v6 ssl crt /etc/ssl/certificate.pem alpn http/1.1,h2

    timeout client 30s

    # Enforce https
    http-request redirect scheme https code 301 unless { ssl_fc }

    http-request set-header X-Forwarded-Proto https if { ssl_fc }
    http-request set-header X-Forwarded-Proto http if !{ ssl_fc }

    option forwardfor
    default_backend deploy_backend

backend deploy_backend
    mode http
    timeout connect 5s
    timeout server 30s

    server "deploy-server" 127.0.0.1:8086 check maxconn 1000

我尝试在Github上禁用SSL验证,但没有运气。

我在另一台服务器的Caddy实例后面运行了完全相同的代码,它与Github完全正常工作。问题似乎与HaProxy和Github之间有关。

在Haproxy上没有任何日志。

英文:

I've setup a Webhook event for Github, but whenever I send an event, I get the error:

> We couldn’t deliver this payload: EOF

I made a quick script to simulate a Github event by copying the payload shown in the "Recent Deliveries" tab of Github, as follow:

#!/usr/bin/python
from hmac import HMAC
from hashlib import sha256
import requests, json

GITHUB_WEBHOOK_KEY = b'webhook_key'
# payload is the payload displayed in the "Recent deliveries" tab.

body_str = json.dumps(payload).encode()

r = requests.post(
    'https://my.server:8085/webhook/github/push',
    headers={
        'X-Hub-Signature-256': 'sha256={}'.format(HMAC(key=GITHUB_WEBHOOK_KEY', msg=body_str, digestmod=sha256).hexdigest()),
        'X-Github-Event': 'push'
    },
    json=payload
)

print(r.status_code)
print(r.content)

This works perfectly fine (status code is 200).

Something is done at Github that isn't done in my code that causes Github to fail with a "EOF" (whatever that is).

The server is run by a Haproxy instance, with the following configuration:

frontend deploy
    mode http
    bind :::8085 v4v6 ssl crt /etc/ssl/certificate.pem alpn http/1.1,h2

    timeout client 30s

    # Enforce https
    http-request redirect scheme https code 301 unless { ssl_fc }

    http-request set-header X-Forwarded-Proto https if { ssl_fc }
    http-request set-header X-Forwarded-Proto http if !{ ssl_fc }

    option forwardfor
    default_backend deploy_backend

backend deploy_backend
    mode http
    timeout connect 5s
    timeout server 30s

    server "deploy-server" 127.0.0.1:8086 check maxconn 1000

I tried by disabling SSL Verification at Github with no luck neither.

I have the exact same code running behind a Caddy instance on another server, and it works perfectly fine with Github. The issue seems to be related between HaProxy and Github.

There is no logs at all on Haproxy.

答案1

得分: 0

我找到解决方案。我会分享出来,以防对其他人有帮助。

EOF错误是由SSL配置问题触发的。让我感到困扰的是,在浏览器中加载URL时,SSL正常工作。

原来是我通过IPv6查询浏览器,而Github通过IPv4查询。

HaProxy某个地方在为IPv4提供SSL证书时出了问题,所以我不得不更改bind参数为:

frontend deploy
    mode http
    bind :8085 ssl crt /etc/ssl/certificate.pem alpn http/1.1,h2
    bind :::8085 ssl crt /etc/ssl/certificate.pem alpn http/1.1,h2

    ...

重新加载Haproxy,然后就好了!

英文:

I found the solution. I'll share it in case it might help someone else.

The EOF error was triggered by an SSL configuration issue. What caused me some troubles is that the SSL was working fine when trying to load the URL in a browser.

It turns out that I was querying the browser via IPv6 while Github was querying via IPv4.

HaProxy, someone, isn't working properly on delivering a SSL certificate for IPv4, so I had to change the bind parameter to this:

frontend deploy
    mode http
    bind :8085 ssl crt /etc/ssl/certificate.pem alpn http/1.1,h2
    bind :::8085 ssl crt /etc/ssl/certificate.pem alpn http/1.1,h2

    ...

Reloaded Haproxy, and it works!

huangapple
  • 本文由 发表于 2023年3月7日 01:39:00
  • 转载请务必保留本文链接:https://go.coder-hub.com/75654070.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定