Connection reset by peer

Hi Pedro,

Thanks for your post! I don't have too many experience with Apache Camel, but I managed to invoke an external HTTPS call with below code (I get it triggered with a timer). Somehow I can't reproduce the "connection reset by peer" error so far:

@Component
public class OssRestRouteBuilder extends RouteBuilder {

    public void configure() throws Exception {
        from("timer:mytimer?repeatCount=10")
                .to("direct:clientApp-accessToken");

        from("direct:clientApp-accessToken")
                .log("POST /apitoken/clientApp/accessToken")
                .setHeader("Accept", constant("application/json"))
                .setHeader("Content-Type", constant("application/json"))
                .setBody(simple("{\n"
                        + "  \"clientId\": \"189b23xxxxad92\",\n"
                        + "  \"secret\": \"687964xxxx974dbc2bfad49f\",\n"
                        + "  \"type\": \"OWNER\"\n"
                        + "}"))
                .to("https://sandbox.esignlive.com/apitoken/clientApp/accessToken" + "?bridgeEndpoint=true" + "&throwExceptionOnFailure=false" + "&proxyAuthScheme=http"+ "&httpMethod=POST")
                .log("Response: ${body}");
    }
}

Duo

Hi Duo, 

Many thanks for the answer - unfortunately our Camel route does work around 95% of the times, but from time to time it throws the SocketException (connection reset by peer) so I was wondering if there's any particular configuration we have to set up like SSL, TSL, etc that you guys might be aware of? 

Best,

Pedro

We're filtering out the header "keep-alive" before we send the request - do you think this might have something to do with it?

Pedro

Hi Pedro,

In terms of TLS, OneSpan Sign APIs only support TLS 1.2 and 1.3 of these cipher suites.

You mentioned about filtering keep-alive, did your code use custom SocketConfig (any similar code around below line) where you may have set the connection timeout?

SocketConfig.custom() .setSoTimeout(httpClientSettings.getSoTimeout() * 1000) .setSoKeepAlive(false) .setSoReuseAddress(false) .build();

Duo

Hi Duo,

We don't have a custom socket configuration; in fact, we call the endpoint in a very similar fashion to your first response. 

We've tried not filtering out the "keep-alive" header but the problem persist. The only pattern we see is that when we haven't made any requests in some time (for example around 20 minutes), then we make a new request it'll throw the exception. It's almost as if the connection is closed whenever there's no traffic and when we try to open it again we get the connection closed by peer exception. Is there a way to bypass this?

Pedro

Hi Pedro,

Here are some of my findings - Again, I don't know too much about Apache Camel so I am not sure if I am doing this correctly, but I exposed an API endpoint where I made external call to OSS API (I attached the code at the end).

I can consistently reproduce the same connection reset error if my spring boot application stays idle for a while (no requests are made to http://localhost:8080/servlet/api/bean for more than 10 minutes), the first call to the external endpoint (https://sandbox.esignlive.com/apitoken/clientApp/accessToken) fails with a Connection reset error, but subsequent calls work fine.

This makes me think that the Connection Reset error didn't happen between the Apache Camel and OSS, but might between the end user and the Apache Camel.

Duo

@Component
public class OssRestRouteBuilder extends RouteBuilder {

    public void configure() throws Exception {
        // Configuring REST DSL
        restConfiguration()
            .component("servlet")
            .contextPath("/servlet")
            .host("localhost")
            .port(8080);
            
        // Defining the REST endpoint
        rest("/api")
            .description("Teste REST Service")
            .id("api-route")
            .get("/bean")
            .route()
            .to("direct:clientApp-accessToken");
        

        from("direct:clientApp-accessToken")
                .log("POST /apitoken/clientApp/accessToken")
                .setHeader("Accept", constant("application/json"))
                .setHeader("Content-Type", constant("application/json"))
                .setBody(simple("{\n"
                        + "  \"clientId\": \"189b2xxx120dad92\",\n"
                        + "  \"secret\": \"687964726188xxx974dbc2bfad49f\",\n"
                        + "  \"type\": \"OWNER\"\n"
                        + "}"))
                .to("https://sandbox.esignlive.com/apitoken/clientApp/accessToken" + "?bridgeEndpoint=true" + "&throwExceptionOnFailure=false" + "&proxyAuthScheme=http"+ "&httpMethod=POST")
                .log("Response: ${body}");
    }
}
 

Hi Duo,

Many thanks for your continuous effort! 

Our situation is indeed very similar to your last example, and it's slightly reassuring that you're able to reproduce it. The flow at the moment looks like

User (e.g Postman) -> Spring Boot Application (Camel) -> OSS.

So is your suggestion that the issue could lie in User -> Spring Boot and not in Spring Boot -> OSS?

Pedro

Hi Duo,

Many thanks for your continuous effort! 

Our situation is indeed very similar to your last example, and it's slightly reassuring that you're able to reproduce it. The flow at the moment looks like

User (e.g Postman) -> Spring Boot Application (Camel) -> OSS.

So is your suggestion that the issue could lie in User -> Spring Boot and not in Spring Boot -> OSS?

Pedro

The issue with the above suggestion is that in the logs it seems the exception is thrown at the Spring Boot -> OSS step. We're going to try to call OSS with a Spring bean instead of the .to(...) Camel component.

Best,

Pedro