Skip to content
This repository was archived by the owner on Mar 4, 2026. It is now read-only.
This repository was archived by the owner on Mar 4, 2026. It is now read-only.

Firestore Client Does Not Work Behind a Proxy #493

Closed
Closed
Firestore Client Does Not Work Behind a Proxy#493
Assignees
stephenplusplusjkwluialexander-fenster
Labels
api: firestoreIssues related to the googleapis/nodejs-firestore API.gapictype: questionRequest for information or clarification. Not an issue.
@hiranya911

Description

@hiranya911
hiranya911
opened on Dec 15, 2018

Environment details

  • OS: Ubuntu 16.04
  • Node.js version: v8.11.1
  • npm version: 5.6.0
  • @google-cloud/firestore version: 0.19.0

Steps to reproduce

Trying to access Firestore through a simple HTTP proxy. According to the instructions in this article, Node.js GRPC supports specifying a proxy via an environment variable.

  1. Set the HTTPS_PROXY environment variable
  2. Try to access any Firestore API

GRPC debug log

D1215 12:10:04.861744405   17298 dns_resolver.cc:338]        Using native dns resolver
D1215 12:10:04.937711172   17298 dns_resolver.cc:279]        Start resolving.
I1215 12:10:04.964020153   17298 ssl_transport_security.cc:174] OpenSSL callback has already been set.
I1215 12:10:05.012894812   17298 handshaker.cc:141]          handshake_manager 0x34c5280: adding handshaker http_connect [0x34c53d0] at index 0
I1215 12:10:05.013020674   17298 handshaker.cc:141]          handshake_manager 0x34c5280: adding handshaker security [0x34df1a0] at index 1
I1215 12:10:05.013071119   17298 handshaker.cc:212]          handshake_manager 0x34c5280: error="No Error" shutdown=0 index=0, args={endpoint=0x3341fb0, args=0x34c2c00 {size=9: grpc.primary_user_agent=grpc-node/1.16.1, grpc.client_channel_factory=0x7fe7bf9e6520, grpc.channel_credentials=0x2d3cfc0, grpc.server_uri=dns:///firestore.googleapis.com:443, grpc.channelz_channel_node_creation_func=0x7fe7bf772e50, grpc.default_authority=firestore.googleapis.com:443, grpc.http2_scheme=https, grpc.security_connector=0x2e8f690, grpc.subchannel_address=ipv6:[2607:f8b0:4005:805::200a]:443}, read_buffer=0x34df630 (length=0), exit_early=0}
I1215 12:10:05.013076542   17298 handshaker.cc:258]          handshake_manager 0x34c5280: calling handshaker http_connect [0x34c53d0] at index 0
I1215 12:10:05.013104710   17298 handshaker.cc:212]          handshake_manager 0x34c5280: error="No Error" shutdown=0 index=1, args={endpoint=0x3341fb0, args=0x34c2c00 {size=9: grpc.primary_user_agent=grpc-node/1.16.1, grpc.client_channel_factory=0x7fe7bf9e6520, grpc.channel_credentials=0x2d3cfc0, grpc.server_uri=dns:///firestore.googleapis.com:443, grpc.channelz_channel_node_creation_func=0x7fe7bf772e50, grpc.default_authority=firestore.googleapis.com:443, grpc.http2_scheme=https, grpc.security_connector=0x2e8f690, grpc.subchannel_address=ipv6:[2607:f8b0:4005:805::200a]:443}, read_buffer=0x34df630 (length=0), exit_early=0}
I1215 12:10:05.013122409   17298 handshaker.cc:258]          handshake_manager 0x34c5280: calling handshaker security [0x34df1a0] at index 1
I1215 12:10:05.070240703   17298 handshaker.cc:212]          handshake_manager 0x34c5280: error="No Error" shutdown=0 index=2, args={endpoint=0x34e02c0, args=0x34e7230 {size=10: grpc.primary_user_agent=grpc-node/1.16.1, grpc.client_channel_factory=0x7fe7bf9e6520, grpc.channel_credentials=0x2d3cfc0, grpc.server_uri=dns:///firestore.googleapis.com:443, grpc.channelz_channel_node_creation_func=0x7fe7bf772e50, grpc.default_authority=firestore.googleapis.com:443, grpc.http2_scheme=https, grpc.security_connector=0x2e8f690, grpc.subchannel_address=ipv6:[2607:f8b0:4005:805::200a]:443, grpc.auth_context=0x34e9150}, read_buffer=0x34df630 (length=0), exit_early=0}
I1215 12:10:05.070254897   17298 handshaker.cc:245]          handshake_manager 0x34c5280: handshaking complete -- scheduling on_handshake_done with error="No Error"
I1215 12:10:05.070331159   17298 subchannel.cc:656]          New connected subchannel at 0x34d4a60 for subchannel 0x2f7a550
Auth error:Error: write EPROTO 140633384175424:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:../deps/openssl/openssl/ssl/s23_clnt.c:827:

Auth error:Error: write EPROTO 140633384175424:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:../deps/openssl/openssl/ssl/s23_clnt.c:827:

Auth error:Error: write EPROTO 140633384175424:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:../deps/openssl/openssl/ssl/s23_clnt.c:827:

Auth error:Error: write EPROTO 140633384175424:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:../deps/openssl/openssl/ssl/s23_clnt.c:827:

Auth error:Error: write EPROTO 140633384175424:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:../deps/openssl/openssl/ssl/s23_clnt.c:827:

Auth error:Error: write EPROTO 140633384175424:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:../deps/openssl/openssl/ssl/s23_clnt.c:827:

Auth error:Error: write EPROTO 140633384175424:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:../deps/openssl/openssl/ssl/s23_clnt.c:827:

Auth error:Error: write EPROTO 140633384175424:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:../deps/openssl/openssl/ssl/s23_clnt.c:827:

Auth error:Error: write EPROTO 140633384175424:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:../deps/openssl/openssl/ssl/s23_clnt.c:827:

Auth error:Error: write EPROTO 140633384175424:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:../deps/openssl/openssl/ssl/s23_clnt.c:827:

Auth error:Error: write EPROTO 140633384175424:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:../deps/openssl/openssl/ssl/s23_clnt.c:827:

Auth error:Error: write EPROTO 140633384175424:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:../deps/openssl/openssl/ssl/s23_clnt.c:827:

Auth error:Error: write EPROTO 140633384175424:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:../deps/openssl/openssl/ssl/s23_clnt.c:827:

Auth error:Error: write EPROTO 140633384175424:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:../deps/openssl/openssl/ssl/s23_clnt.c:827:

Auth error:Error: write EPROTO 140633384175424:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:../deps/openssl/openssl/ssl/s23_clnt.c:827:

(node:17298) UnhandledPromiseRejectionWarning: Error: 14 UNAVAILABLE: Getting metadata from plugin failed with error: write EPROTO 140633384175424:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:../deps/openssl/openssl/ssl/s23_clnt.c:827:

    at Object.exports.createStatusError (/home/hiranya/Projects/firebase/proxy-config/node-example/node_modules/grpc/src/common.js:87:15)
    at ClientReadableStream._emitStatusIfDone (/home/hiranya/Projects/firebase/proxy-config/node-example/node_modules/grpc/src/client.js:235:26)
    at ClientReadableStream._receiveStatus (/home/hiranya/Projects/firebase/proxy-config/node-example/node_modules/grpc/src/client.js:213:8)
    at Object.onReceiveStatus (/home/hiranya/Projects/firebase/proxy-config/node-example/node_modules/grpc/src/client_interceptors.js:1256:15)
    at InterceptingListener._callNext (/home/hiranya/Projects/firebase/proxy-config/node-example/node_modules/grpc/src/client_interceptors.js:564:42)
    at InterceptingListener.onReceiveStatus (/home/hiranya/Projects/firebase/proxy-config/node-example/node_modules/grpc/src/client_interceptors.js:614:8)
    at /home/hiranya/Projects/firebase/proxy-config/node-example/node_modules/grpc/src/client_interceptors.js:1019:24

HTTP proxy log (Squid proxy access log)

1544904335.228      0 172.17.0.1 TAG_NONE/400 4390 NONE error:invalid-request - HIER_NONE/- text/html
1544904337.509      0 172.17.0.1 TAG_NONE/400 4390 NONE error:invalid-request - HIER_NONE/- text/html
1544904342.295      0 172.17.0.1 TAG_NONE/400 4390 NONE error:invalid-request - HIER_NONE/- text/html
1544904342.403      0 172.17.0.1 TAG_NONE/400 4390 NONE error:invalid-request - HIER_NONE/- text/html
1544904605.087      0 172.17.0.1 TAG_NONE/400 4390 NONE error:invalid-request - HIER_NONE/- text/html
1544904607.963      0 172.17.0.1 TAG_NONE/400 4390 NONE error:invalid-request - HIER_NONE/- text/html
1544904612.874      0 172.17.0.1 TAG_NONE/400 4390 NONE error:invalid-request - HIER_NONE/- text/html
1544904612.984      0 172.17.0.1 TAG_NONE/400 4390 NONE error:invalid-request - HIER_NONE/- text/html
1544904615.098      0 172.17.0.1 TAG_NONE/400 4390 NONE error:invalid-request - HIER_NONE/- text/html
1544904619.662      0 172.17.0.1 TAG_NONE/400 4390 NONE error:invalid-request - HIER_NONE/- text/html
1544904619.768      0 172.17.0.1 TAG_NONE/400 4390 NONE error:invalid-request - HIER_NONE/- text/html
1544904622.422      0 172.17.0.1 TAG_NONE/400 4390 NONE error:invalid-request - HIER_NONE/- text/html
1544904626.594      0 172.17.0.1 TAG_NONE/400 4038 ��� 1%84k%12%C2=%14%BD%1A6%D8%CC%C4%9ELz%DA%60%B6%I%8E. - HIER_NONE/- text/html
1544904626.698      0 172.17.0.1 TAG_NONE/400 4390 NONE error:invalid-request - HIER_NONE/- text/html
1544904629.113      0 172.17.0.1 TAG_NONE/400 4390 NONE error:invalid-request - HIER_NONE/- text/html
1544904634.095      0 172.17.0.1 TAG_NONE/400 4390 NONE error:invalid-request - HIER_NONE/- text/html
1544904634.199      0 172.17.0.1 TAG_NONE/400 4390 NONE error:invalid-request - HIER_NONE/- text/html
1544904636.265      0 172.17.0.1 TAG_NONE/400 4390 NONE error:invalid-request - HIER_NONE/- text/html
1544904640.374      0 172.17.0.1 TAG_NONE/400 4390 NONE error:invalid-request - HIER_NONE/- text/html

Note that this problem is unique to the Firestore Node.js client. I've tried the same with Java and Go clients where this use case works fine.

Metadata

Metadata

Assignees

Labels

api: firestoreIssues related to the googleapis/nodejs-firestore API.gapictype: questionRequest for information or clarification. Not an issue.

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions