Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[3.5.0] GeoIP2 download fails when using an proxy #12870

Closed
tuxmaster opened this issue May 9, 2018 · 4 comments
Closed

[3.5.0] GeoIP2 download fails when using an proxy #12870

tuxmaster opened this issue May 9, 2018 · 4 comments
Labels
answered For when a question was asked and we referred to forum or answered it.

Comments

@tuxmaster
Copy link

Updates and modules for matomo self will work fine with an outgoing proxy.
But the geoip2 database download will fails with:

curl_exec: SSL received a record that exceeded the maximum permissible length.. Hostname requested was: geolite.maxmind.com

System: CentOS 7.4 with php72 (7.2 ) from the remi repo.

@Findus23
Copy link
Member

Findus23 commented May 9, 2018

Hi,

Matomo tries to download the GeoIp2 database via https, which seems to fail in your case.

const GEO_LITE_URL = 'https://geolite.maxmind.com/download/geoip/database/GeoLite2-City.tar.gz';

Can you check that your proxy doesn't modify the request?

@tuxmaster
Copy link
Author

And the normal updates are loaded via http instant of https?
Call it under the console it will work:
https_proxy=https://RPOXY:PORT curl -v https://geolite.maxmind.com/download/geoip/database/GeoLite2-City.tar.gz >/tmp/test

https_proxy=https://RPOXY:PORT curl -v https://geolite.maxmind.com/download/geoip/database/GeoLite2-City.tar.gz >/tmp/test
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* About to connect() to RPOXY:PORT (#0)

  • Trying XXX.XXXX.XXX.XXX ...
  • Connected to RPOXY (XXX.xx.xx.xx) port PORT (#0)
  • Establish HTTP proxy tunnel to geolite.maxmind.com:443

CONNECT geolite.maxmind.com:443 HTTP/1.1
Host: geolite.maxmind.com:443
User-Agent: curl/7.29.0
Proxy-Connection: Keep-Alive

< HTTP/1.1 200 Connection established
<

  • Proxy replied OK to CONNECT request
  • Initializing NSS with certpath: sql:/etc/pki/nssdb
  • CAfile: /etc/pki/tls/certs/ca-bundle.crt
    CApath: none
  • SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • Server certificate:
  • subject: CN=*.maxmind.com,OU=PremiumSSL Wildcard,O=MaxMind Inc.,STREET=14 Spring Street,STREET=3rd Floor,L=Waltham,ST=MA,postalCode=02451,C=US
    
  • start date: Sep 19 00:00:00 2016 GMT
    
  • expire date: Okt 31 23:59:59 2018 GMT
    
  • common name: *.maxmind.com
    
  • issuer: CN=COMODO RSA Organization Validation Secure Server CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB
    

GET /download/geoip/database/GeoLite2-City.tar.gz HTTP/1.1
User-Agent: curl/7.29.0
Host: geolite.maxmind.com
Accept: /

< HTTP/1.1 200 OK
< Date: Wed, 09 May 2018 07:50:12 GMT
< Content-Type: application/gzip
< Content-Length: 26578063
< Connection: keep-alive
< Set-Cookie: __cfduid=d324f166bb833b10c54f8a59bcfe0de511525852212; expires=Thu, 09-May-19 07:50:12 GMT; path=/; domain=.maxmind.com; HttpOnly
< Content-Disposition: attachment; filename=GeoLite2-City_20180501.tar.gz
< Last-Modified: Tue, 01 May 2018 17:00:59 GMT
< CF-Cache-Status: HIT
< Expires: Wed, 09 May 2018 11:50:12 GMT
< Cache-Control: public, max-age=14400
< Accept-Ranges: bytes
< Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
< Server: cloudflare
< CF-RAY: 418292e6fbf72d6b-TXL
<
{ [data not shown]
100 25.3M 100 25.3M 0 0 18.5M 0 0:00:01 0:00:01 --:--:-- 18.5M

  • Connection #0 to host RPOXY left intact

@sgiehl
Copy link
Member

sgiehl commented May 9, 2018

IIRC normal updates have a fallback to HTTP if HTTPS fails. The GeoIP stuff hasn't. You can try to set it up manually and use the http address instead.

@tuxmaster
Copy link
Author

Yes, change it to http will work.

@mattab mattab closed this as completed Sep 4, 2018
@mattab mattab added the answered For when a question was asked and we referred to forum or answered it. label Sep 4, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
answered For when a question was asked and we referred to forum or answered it.
Projects
None yet
Development

No branches or pull requests

4 participants