https://pact.io logo
Join Slack
Powered by
Hi everyone, im currently working on putting an AW...
# general
a
Hi everyone, im currently working on putting an AWS API Gateway in front of the pact-broker in order to get some auth. The API Gateway is configured so that all requets are proxied to the application. If i use a token and curl the Endpoint directly it works fine and I receive a JSON Output. If i use my provider I receive the following error:
Copy code
Error making request - Errno::ENETDOWN Network is down - connect(2) for "<http://apigateway.com|apigateway.com>" port 80 , attempt 1 of 3

    Error making request - Errno::ENETDOWN Network is down - connect(2) for "<http://apigateway.com|apigateway.com>" port 80 , attempt 2 of 3

    Error making request - Errno::ENETDOWN Network is down - connect(2) for "<http://apigateway.com|apigateway.com>" port 80 , attempt 3 of 3
    /pact/lib/ruby/lib/ruby/2.2.0/net/http.rb:879:in `initialize': Network is down - connect(2) for "<http://apigateway.com|apigateway.com>" port 80 (Errno::ENETDOWN)
Auth worked fine as I would get 
unauthorized
instead. I'm not sure why it's trying to connect to port 80 as the api gateway is configured with https. Does it by default work on port 80?
y
it depends on which image you are using, the dius/pact-broker uses 80 by default, the pact-foundation uses 9292 https://github.com/pact-foundation/pact-broker-docker#other-settings
a
We are using the pact-foundation and it's corecctly running on 9292. The error occurs when to run some pact verification with java script which is also using this: 
const { Verifier } = require('@pact-foundation/pact');
I activated some debug logs and now i found this line in the output:
Copy code
INFO: Fetching pacts for Service from <https://apigateaway:443/> with the selection criteria:
opening connection to <http://apigateaway.com:80|apigateaway.com:80>...
opening connection to apigateaway:80...
It's weird that it looks for port80 think up
Looking at the output from / I can see this snippet:
Copy code
{
  "_links": {
    "self": {
      "href": "<http://apigateway.com>",
      "title": "Index",
      "templated": false
    },
    "pb:publish-pact": {
      "href": "<http://apigateway.com/pacts/provider/{provider}/consumer/{consumer}/version/{consumerApplicationVersion}>",
      "title": "Publish a pact",
      "templated": true
    },
    "pb:publish-contracts": {
      "href": "<http://apigateway.com/contracts/publish>",
      "title": "Publish contracts",
      "templated": false
    },
that means that after looking up the infos from / I tries to interact with it using http.. is there a way to change this?
y
in the link provided 
PACT_BROKER_BASE_URL
- optional but strongly recommended when deploying the Pact Broker to production as it prevents some security vulnerabilities. If you find that the URLs generated by the API are using an IP instead of a hostname, you can set this environment variable to force the desired base URL. Must include the port if it’s a non-standard one. eg. 
<https://my-broker:9292>
. This can also be used if you are mounting the Docker container so that it runs on a non root context eg. 
<https://my-company.com/pact-broker>
. Not that this setting does not change where the application is mounted within the Docker container - it just changes the links.
not sure what you have that set to, but adding the port might help. not sure why you are getting a https -> http redirection, hard to tell with more detail on how its configured
can you publish pacts fine to it?
a
Thank for the hint of the base url! That kinda works out but i'll have to make some workarounds on another place. The setup is like this: ->HTTPS API Gateway HTTP -> private ALB -> ECS Container. If i add a redirect at the alb from 80 to 443 i'm ending in a redirect for some reason. I didn't manage it to configure it that between API Gatway and ALB HTTPS requests are used
m
Looks like you’re moving in the right direction
More info on the “behind a proxy” here: https://docs.pact.io/pact_broker/configuration/features#running-the-broker-behind-a-reverse-proxy (in this case, it’s API gateway but the principles I think are the same)
a
Thanks guys! The hint with 
PACT_BROKER_BASE_URLS
die the Trick .. It's somewhat of a special case because we point to the same service through different URLs, with a https termination in between. Setting the flag and configuring both URLS with it works
👍 1
Open in Slack
PreviousNext
Powered by