Unable to create Proxies on PCF environment

[AnuradhaBose]

Hi,
I am trying to use ToxiProxy on PCF environment. I have deployed ToxiProxy and my application both on PCF environment. I have created a proxy to my app on port 8082. But when I try to hit the app endpoint using this proxy port, it is not able to connect. PCF does not provide a direct way of exposing ports, it is driven by routes. Is there any way to get this working on PCF?

[miry]

@AnuradhaBose I would like to help, but I have lack of knowledge about "PCF environment".

• Can you share what does mean PCF environment?
• How can I reproduce the problem?

[AnuradhaBose]

Hi @miry - By PCF environment I mean, I have deployed the ToxiProxy and my app(pcfDemo) on Pivotal Cloud Foundry. The endpoint of my app is https://pcfDemo.pc.onefiserv.net/pcftest/test. I have created a proxy using toxiproxy-cli create -l 0.0.0.0:8082 -u pcfDemo.pc.onefiserv.net:443 pcfProxy. But when I do this, curl -ivk -H "Host:pcfDemo.pc.onefiserv.net" https://toxiproxy.pc.onefiserv.net:8082/pcftest/test, I get an error saying connection refused.

[miry]

@AnuradhaBose Thank you for clarification.
It is a known issue to support SSL handshake with different hostnames.

Similar:

• Unable to use Toxi proxy from host when it is running in a container #267
• Add experimental TLS mode #270

[AnuradhaBose]

Hi @miry - Could you please let me know how the ToxiProxy server works internally? When we create a proxy for example on port 8082, does any process run on 8082? How does ToxiProxy server identify a request and redirects it to the proxied host? I am trying several options for this to work on Pivotal Cloud Foundry, hence the ask for more details on how the server works.

[neufeldtech]

Hi @AnuradhaBose,

When we create a proxy for example on port 8082, does any process run on 8082?

When a proxy is created on a port such as 8082, toxiproxy will start a TCP listener on this port for the proxy. There is no new process start, but you should see that the toxiproxy server process is now 'listening' on this new port.

How does Toxiproxy server identify a request and redirects it to the proxied host?

It's important to remember that Toxiproxy is not (currently) L7 protocol-aware, it is only a raw TCP proxy. This means that it cannot, and does not, inspect any HTTP headers or any other 'application' information in the tcp stream. Toxiproxy simply accepts the tcp connection on a given port and will send that tcp traffic to the configured upstream for the proxy (pcfDemo.pc.onefiserv.net:443 in your case)

If you have not done so already, I'd recommend that you try out your toxiproxy configuration on a local machine with your app and ensure it's working like you expect before deploying it to a more complicated environment like Pivotal Cloud Foundry or Kubernetes, etc.

[AnuradhaBose]

Hi @neufeldtech - Thanks for the detailed explanation. I have tried it in my local desktop and it seems to work fine. But it does not seem to work when I deploy it on Pivotal Cloud Foundry. I am able to start the toxiproxy server as an app in PCF. I am also able to create proxies to other apps on the same Pivotal Cloud Foundry environment. The proxy works when I ssh into the app container and run it using localhost. But when I try to access the proxy endpoint from outside( say postman) it does not work. Is there any way to resolve this ?

[miry]

@AnuradhaBose I would start to check logs from Pivotal and security rules to access some ports. Check logs in toxiproxy server.