https://github.com/osquery/osquery logo
Join Slack
Powered by
Is there any known incompatibility with connecting...
# kolide
g
Is there any known incompatibility with connecting osqueryd to fleet through a proxy server?
z
If you are using Launcher it tries to connect with grpc using HTTP2 which is not supported (or requires special configuration) with many proxies. With regular osqueryd I am not aware of any issues when the proxy is configured properly.
What error are you seeing?
g
Still the same one we were looking at a few days ago, the proxy is giving me a 503 error with osqueryd but works fine with curl, or directly to the host
curl through the proxy as well
Is osqueryd definitely using https as oppose to grpc?
z
Yes osqueryd has no grpc capabilities
Does the request seem to hit the Fleet server when you run it through the proxy with osqueryd (is there a log entry)? Or is it erroring at the proxy?
Also what proxy is this?
g
haproxy, and no it doesn't (erroring at the proxy),
with curl it reaches fleet
z
I haven't heard of such issues before... Maybe osqueryd provides (or does not provide) headers in a way that HAProxy doesn't like?
g
I see there's a 
proxy_hostname
flag but don't see any documentation for usage or if It's what i'm looking for
I'll try taking a close look at pcaps
z
This generally sounds like a proxy issue so I would dig into what might make HAProxy return a 503.
g
Hm yea our theory right now is that osqueryd is not setting the host field of the http header
which HAProxy uses to route traffic
So... crazy solution
We realized that osqueryd was not populating the "Host" field of the HTTP header
HAProxy uses that to route to the fleet service
so we just wrote a one line patch to osquery that fixed the issue
We're going to open a PR soon. Does this come to mind as something that makes sense?
2 Views
Open in Slack
PreviousNext
Powered by