dongmiyu8979 2018-12-07 00:59
浏览 39
已采纳

从Go制造的生产服务器中惊慌失措

I am getting a panic which I try to understand but I am not really sure why it panics. The error looks like this:

main.HTTPSNonWWWRedirect.func1(0x9a5a20, 0xc42015c2a0, 0xc420441400)
        /srv/www/go/src/srorapp.no/handler.go:119 +0x1ef
net/http.HandlerFunc.ServeHTTP(0xc4200c5f20, 0x9a5a20, 0xc42015c2a0, 0xc420441400)
        /usr/local/go/src/net/http/server.go:1918 +0x44
net/http.serverHandler.ServeHTTP(0xc4200696c0, 0x9a5a20, 0xc42015c2a0, 0xc420441400)
        /usr/local/go/src/net/http/server.go:2619 +0xb4
net/http.(*conn).serve(0xc42006d180, 0x9a5fa0, 0xc42031e840)
        /usr/local/go/src/net/http/server.go:1801 +0x71d
created by net/http.(*Server).Serve
        /usr/local/go/src/net/http/server.go:2720 +0x288

It looks like it is being fired from a function called HTTPSNonWWWRedirect. Which is a http middleware that I have created:

// HTTPSNonWWWRedirect redirects http requests to https non www.
func HTTPSNonWWWRedirect(next http.Handler) http.Handler {
    return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
        if r.TLS != nil {
            // If already using HTTPS then continue.
            next.ServeHTTP(w, r)
            return
        }
        u := *r.URL
        u.Scheme = "https"
        if r.Host[:3] != "www" {
            u.Host = r.Host
            http.Redirect(w, r, u.String(), http.StatusMovedPermanently)
            return
        }
        u.Host = r.Host[4:]
        http.Redirect(w, r, u.String(), http.StatusMovedPermanently)
    })
}

This function is being used alongside with:

// NonWWWRedirect redirects www requests to non www.
func NonWWWRedirect(next http.Handler) http.Handler {
    return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
        if r.Host[:3] != "www" {
            // If already non www, then continue.
            next.ServeHTTP(w, r)
            return
        }
        u := *r.URL
        u.Host = r.Host[4:]
        u.Scheme = utils.Scheme(r)
        http.Redirect(w, r, u.String(), http.StatusMovedPermanently)
    })
}

And then I have two functions that serves from port 80 and 443.

func serveHTTP(h http.Handler) {
    log.Fatal(http.ListenAndServe(":80", h))
}

func serveHTTPS(h http.Handler) {
    log.Fatal(http.ListenAndServeTLS(":443", cfg.TLSCertFile, cfg.TLSKeyFile, h))
}

I have made a wrapper around julienschmidt httprouter to make things more convenient:

// https://gist.github.com/nmerouze/5ed810218c661b40f5c4
type router struct {
    r *httprouter.Router
}

func newRouter() *router {
    return &router{r: httprouter.New()}
}

In main I have something like this:

func main() {
    router := newRouter()
    recover := alice.New(recoverHandler)    

    // ....

    redirect := alice.New(HTTPSNonWWWRedirect, NonWWWRedirect)
    handler := redirect.Then(router.r)
    go serveHTTP(handler)
    serveHTTPS(handler) 
}

Here are the contents of handler.go

package main

import (
    "context"
    "log"
    "net/http"
    "os"
    "path/filepath"
    "strings"

    "github.com/julienschmidt/httprouter"

    cfg "srorapp.no/config"
    "srorapp.no/user"
    "srorapp.no/utils"
)

// https://gist.github.com/nmerouze/5ed810218c661b40f5c4
type router struct {
    r *httprouter.Router
}

func newRouter() *router {
    return &router{r: httprouter.New()}
}

var paramsKey utils.CtxKey = "params"

func paramsHandler(h http.Handler) httprouter.Handle {
    return httprouter.Handle(func(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
        ctx := context.WithValue(r.Context(), paramsKey, ps)
        h.ServeHTTP(w, r.WithContext(ctx))
    })
}

// https://www.calhoun.io/pitfalls-of-context-values-and-how-to-avoid-or-mitigate-them/
func params(r *http.Request) httprouter.Params {
    // https://blog.golang.org/context
    // "Value allows a Context to carry request-scoped data.
    // That data must be safe for simultaneous use by multiple goroutines."
    // http://stackoverflow.com/questions/42893937/do-i-need-mutex-read-lock-when-retrieving-slice-values-with-context-in-go?noredirect=1#comment72889988_42893937
    // Do not need a mutex here since I will access it in a simple way and not concurrently.
    value := r.Context().Value(paramsKey)
    if ps, ok := value.(httprouter.Params); ok {
        return ps
    }
    return httprouter.Params{}
}

func (r *router) GET(path string, handler http.Handler) {
    r.r.GET(path, paramsHandler(handler))
}

func (r *router) POST(path string, handler http.Handler) {
    r.r.POST(path, paramsHandler(handler))
}

// -------------------------------------------------------------------------------------------

type errorHandlerFunc func(http.ResponseWriter, *http.Request) error

// http://stackoverflow.com/questions/42871194/how-can-i-combine-go-middleware-pattern-with-error-returning-request-handlers/42876307#42876307
func errorHandler(h errorHandlerFunc) http.Handler {
    return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
        // Set Content-Type to plain text when sending http.Error.
        w.Header().Set("Content-Type", "application/json")
        if err := h(w, r); err != nil {
            // w.Header().Set("Content-Type", "text/html; charset=utf-8")
            // http.Error(w, err.Error(), http.StatusBadRequest)
            http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest)
            log.Println(err)
        }
    })
}

// -------------------------------------------------------------------------------------------

// https://github.com/labstack/echo/blob/master/middleware/redirect.go
// http://stackoverflow.com/questions/42916952/do-you-have-to-return-after-a-http-redirect-if-you-want-the-code-after-to-stop-e
// https://play.golang.org/p/uk0S1hCPhu

// HTTPSRedirect redirects HTTP to HTTPS.
func HTTPSRedirect(next http.Handler) http.Handler {
    return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
        if r.TLS != nil {
            // If already using HTTPS then continue.
            next.ServeHTTP(w, r)
            return
        }
        http.Redirect(w, r, "https://"+r.Host+r.RequestURI, http.StatusMovedPermanently)
    })
}

// HTTPSWWWRedirect redirects http requests to https www.
func HTTPSWWWRedirect(next http.Handler) http.Handler {
    return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
        if r.TLS != nil {
            // If already using HTTPS then continue.
            next.ServeHTTP(w, r)
            return
        }
        u := *r.URL // Dereference *url.URL to make a copy.
        u.Scheme = "https"
        u.Host = "www." + strings.TrimPrefix(r.Host, "www.")
        http.Redirect(w, r, u.String(), http.StatusMovedPermanently)
    })
}

// HTTPSNonWWWRedirect redirects http requests to https non www.
func HTTPSNonWWWRedirect(next http.Handler) http.Handler {
    return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
        if r.TLS != nil {
            // If already using HTTPS then continue.
            next.ServeHTTP(w, r)
            return
        }
        u := *r.URL
        u.Scheme = "https"
        if r.Host[:3] != "www" {
            u.Host = r.Host
            http.Redirect(w, r, u.String(), http.StatusMovedPermanently)
            return
        }
        u.Host = r.Host[4:]
        http.Redirect(w, r, u.String(), http.StatusMovedPermanently)
    })
}

// WWWRedirect redirects non www requests to www.
func WWWRedirect(next http.Handler) http.Handler {
    return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
        if r.Host[:3] == "www" {
            // If already www, then continue.
            next.ServeHTTP(w, r)
            return
        }
        u := *r.URL
        u.Host = "www." + r.Host
        u.Scheme = utils.Scheme(r)
        http.Redirect(w, r, u.String(), http.StatusMovedPermanently)
    })
}

// NonWWWRedirect redirects www requests to non www.
func NonWWWRedirect(next http.Handler) http.Handler {
    return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
        if r.Host[:3] != "www" {
            // If already non www, then continue.
            next.ServeHTTP(w, r)
            return
        }
        u := *r.URL
        u.Host = r.Host[4:]
        u.Scheme = utils.Scheme(r)
        http.Redirect(w, r, u.String(), http.StatusMovedPermanently)
    })
}

func canServeGzip(r *http.Request) bool {
    if !strings.Contains(r.Header.Get("Accept-Encoding"), "gzip") {
        // If for some weird reason client does not understand gzip.
        return false
    }
    path := filepath.FromSlash(filepath.Join(cfg.PublicHTML, r.URL.Path))
    if _, err := os.Stat(path); os.IsNotExist(err) {
        // If file or folder does not exists.
        return false
    }
    fileExt := filepath.Ext(r.URL.Path)
    if !utils.StringInSlice(cfg.GzipFileExt, fileExt) {
        // This file should not be served as gzipped content.
        return false
    }
    // Only serve gzipped file if it already exists.
    if _, err := os.Stat(path + ".gz"); os.IsNotExist(err) {
        // TODO: Create the gzipped file.
        // http://stackoverflow.com/questions/16890648/how-can-i-use-golangs-compress-gzip-package-to-gzip-a-file
        return false
    }
    return true
}

func gzipHandler(next http.Handler) http.Handler {
    return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
        defer next.ServeHTTP(w, r)
        if !canServeGzip(r) {
            // fmt.Println("as original", r.URL.Path)
            return
        }
        w.Header().Add("Content-Encoding", "gzip")
        w.Header().Add("Content-Type", contentType(filepath.Ext(r.URL.Path)))
        r.URL.Path = r.URL.Path + ".gz"
        // fmt.Println("as gzip", r.URL.Path)
    })
}

func recoverHandler(next http.Handler) http.Handler {
    fn := func(w http.ResponseWriter, r *http.Request) {
        defer func() {
            if err := recover(); err != nil {
                log.Printf("panic: %+v
", err)
                http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
            }
        }()
        // time.Sleep(time.Millisecond * 500)
        next.ServeHTTP(w, r)
    }
    return http.HandlerFunc(fn)
}

var userIDKey utils.CtxKey = "userID"

func authHandler(next http.Handler) http.Handler {
    return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
        userID, err := user.IsLoggedIn(r)
        if err != nil {
            log.Printf("main authHandler() %v", err)
            http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
            return
        }
        ctx := context.WithValue(r.Context(), userIDKey, userID)
        next.ServeHTTP(w, r.WithContext(ctx))
    })
}

func adminHandler(next http.Handler) http.Handler {
    return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
        // time.Sleep(time.Millisecond * 600)
        isLoggedInAsAdmin, err := user.IsLoggedInAsAdmin(r)
        if err != nil || !isLoggedInAsAdmin {
            if !isLoggedInAsAdmin {
                log.Printf("main adminHandler() User is not logged in as admin %v", err)
            } else {
                log.Printf("main adminHandler() %v", err)
            }
            http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
            return
        }
        ctx := context.WithValue(r.Context(), userIDKey, 1)
        next.ServeHTTP(w, r.WithContext(ctx))
    })
}

// -------------------------------------------------------------------------------------------

func serveDevHTTP(h http.Handler) {
    log.Fatal(http.ListenAndServe(":8080", h))
    // log.Fatal(http.ListenAndServe(":80", h))
}

func serveHTTP(h http.Handler) {
    log.Fatal(http.ListenAndServe(":80", h))
}

func serveHTTPS(h http.Handler) {
    log.Fatal(http.ListenAndServeTLS(":443", cfg.TLSCertFile, cfg.TLSKeyFile, h))
}

I am not sure how to debug this panic.

  • 写回答

1条回答 默认 最新

  • duanfen1992 2018-12-07 01:23
    关注

    1. The Problem

    The handler.go:119 contains an if statement. You tried to get the first three characters from the Host header.

    if r.Host[:3] != "www" {
    u.Host = r.Host
    http.Redirect(w, r, u.String(), http.StatusMovedPermanently)
    return
}

    Normally, the r.Host will store the request URL information. Unless the Host header explicitly changed on the request. From the net/http package doc:

    type Request struct {
    // ...

    // For server requests Host specifies the host on which the URL
    // is sought. Per RFC 7230, section 5.4, this is either the value
    // of the "Host" header or the host name given in the URL itself.
    // It may be of the form "host:port". For international domain
    // names, Host may be in Punycode or Unicode form. Use
    // golang.org/x/net/idna to convert it to either format if
    // needed.
    // To prevent DNS rebinding attacks, server Handlers should
    // validate that the Host header has a value for which the
    // Handler considers itself authoritative. The included
    // ServeMux supports patterns registered to particular host
    // names and thus protects its registered Handlers.
    //
    // For client requests Host optionally overrides the Host
    // header to send. If empty, the Request.Write method uses
    // the value of URL.Host. Host may contain an international
    // domain name.
    Host string

    // ...
}

    So the panic is occurring because r.Host filled with empty string, or some string that the character count is lower than 3.

    2. Testing

    I created very simple web application using go that prints the value of r.Host[:3]. I tested it using curl, with Host header set to empty.

    curl --verbose --header 'Host: ' http://localhost:8080

    It triggers a panic, and I'm pretty sure it's the same panic error like what you get.

    2018/12/07 08:11:54 http: panic serving 127.0.0.1:50889: runtime error: slice bounds out of range
goroutine 37 [running]:
net/http.(*conn).serve.func1(0xc0001380a0)
    /usr/local/opt/go/libexec/src/net/http/server.go:1746 +0xd0
panic(0x125c0c0, 0x14964d0)
    /usr/local/opt/go/libexec/src/runtime/panic.go:513 +0x1b9
main.main.func1(0x12efa80, 0xc00014c2a0, 0xc000162300)
    /Users/novalagung/Desktop/test.go:11 +0x13d
net/http.HandlerFunc.ServeHTTP(0x12bcd98, 0x12efa80, 0xc00014c2a0, 0xc000162300)
    /usr/local/opt/go/libexec/src/net/http/server.go:1964 +0x44
net/http.(*ServeMux).ServeHTTP(0x14a17a0, 0x12efa80, 0xc00014c2a0, 0xc000162300)
    /usr/local/opt/go/libexec/src/net/http/server.go:2361 +0x127
net/http.serverHandler.ServeHTTP(0xc000093110, 0x12efa80, 0xc00014c2a0, 0xc000162300)
    /usr/local/opt/go/libexec/src/net/http/server.go:2741 +0xab
net/http.(*conn).serve(0xc0001380a0, 0x12efc80, 0xc000146100)
    /usr/local/opt/go/libexec/src/net/http/server.go:1847 +0x646
created by net/http.(*Server).Serve
    /usr/local/opt/go/libexec/src/net/http/server.go:2851 +0x2f5

    3. Solution

    The solution is quite simple, just make sure that the r.Host value is not an empty string and the length is greater than 2. Better use strings.HasPrefix() to get this done.

    if strings.HasPrefix(r.Host, "www") {
    u.Host = r.Host
    http.Redirect(w, r, u.String(), http.StatusMovedPermanently)
    return
}
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

  • 从Go制造生产服务器惊慌失措
    2018-12-07 00:59
    回答 1 已采纳 1. The Problem The handler.go:119 contains an if statement. You tried to get the first three char
  • 惊慌失措
    2021-02-09 05:13
    惊慌失措
  • 电源技术的变频器的维护技巧
    2020-11-04 21:30
    在工作当,由于变频器操作人员缺少实战维修经验,因此,碰到变频器发生问题的时候,惊慌失措,在这里教你哦维护变频器使用的六大招数保管你的变频器越用越顺:  1、当变频器坏了以后,最好不要交给没有变频器...
  • 惊慌失措的近义词.doc
    2021-09-17 13:40
    惊慌失措的近义词.doc
  • 服务器崩溃前的数据拯救实践
    2023-10-12 08:58
    cooldream2009的博客 服务器的VMWARE ESXi系统环境,我们经常需要创建虚拟机来运行各种应用程序。然而,服务器如果偶尔出现自动重启以及紫屏报错的问题,说明服务器内部出现了故障,一般情况下重启机器能够解决问题,但时间一长,...
  • 服务器运行一天死机,服务器死机怎么办?教你排除故障
    2021-07-29 11:37
    超级PP大魔王的博客 这意味着,负责服务器的IT管理员难免会惊慌失措。处理服务器死机时,区别所谓的硬死机(call hang)与软死机(soft hang)显得很重要。这常常可以帮助我们根据在服务器上能执行什么操作、不能执行什么操作,至少能够诊断...
  • Go的容错
    2020-04-21 20:18
    danpu0978的博客 在分布式系统,故障是不可避免的。 最终,某些服务将陷入瘫痪,因此无法足够Swift地响应,或者更糟的是,服务将简单地死掉。 除非所有服务都在隔离时充分考虑并正确构建,否则依赖降级(或失效!)服务的服务自然...
  • rmq:用Go编写并由Redis支持的消息队列系统
    2021-02-03 14:25
    注意:我们最近更新了rmq,以显示Redis错误而不是惊慌失措。 这是一个重大更改,因为几乎所有函数现在都返回错误。 建议切换到新版本rmq/v3这样rmq不会因Redis错误而使您的服务崩溃。 如果您还不想升级,则可以继续...
  • objx:Go软件包,用于处理地图,切片,JSON和其他数据
    2021-05-23 04:58
    Objx Objx-Go包,用于处理地图,切片,JSON和其他数据。 开始使用: 用安装Objx,或查看API文档概述Objx提供了objx.Map类型,它是map[string]interface{} ,它公开了一个强大的Get方法(以及其他方法),使您可以...
  • bShare王浩威:面对百度的挑战不必惊慌失措.docx
    2021-09-26 22:32
    bShare王浩威:面对百度的挑战不必惊慌失措.docx
  • ftp文件盘服务器回档,企业网盘和FTP服务器对比
    2021-08-05 00:09
    小问题大学问的博客 原标题:企业网盘和FTP服务器对比FTP服务器,是指互联网上提供存储空间的计算机,其他计算机可以通过FTP协议存取和读写。FTP的全称是File Transfer Protocol(文件传输协议)。顾名思义,就是专门用来传输文件的协议。...
  • 客户端容错,服务端容错机制_Go的容错
    2020-05-17 03:25
    danpu0978的博客 在分布式系统,故障是不可避免的。 最终,某些服务将陷入瘫痪,因此无法足够Swift地做出响应,或者更糟的是,服务将简单地死掉。 除非所有服务在隔离时都牢记在心,否则依赖降级(或失效!)服务的服务自然会受到...
  • 企业生产安全操作规范PPT
    2021-07-17 03:04
    企业生产安全操作规范PPT,共25页; PPT模板封面,使用了红色多边形背景图片。左上方放置企业logo,间填写企业生产安全操作规范PPT标题文字。界面设计与安全PPT主题搭配。 PowerPoint模板内容页,由23页红色黑色...
  • 服务器不稳定 seo,SEO网站排名不稳定怎么办?
    2021-08-06 01:30
    陆zz的博客 其实,这个时候我们应该冷静下来做个测试,而很多人却惊慌失措。现在我想和大家分享一下我的一般处理方法,希望能对大家有所帮助。首先,我们应该看看其他网站的情况。如果大多数网站的排名出现波动,那就是搜索引擎...
  • 在Go处理恐慌
    2020-08-13 00:47
    cukw6666的博客 golang go语言 介绍 (Introduction) Errors that a program encounters fall into two broad categories: those the programmer has anticipated and those the programmer has not. The error interface that we ...
  • 一次服务器被黑的惨痛教训
    2021-11-03 08:28
    ConeZhang的博客 和大家分享一个惨痛的教训,服务器上数据全都不见了,只留下了比特币付款地址,过往的学习记录都没了,惨痛!!! 先来看看事情的经过。 经过 有段时间没上服务器看了,心情不错,连了一下我的服务器 ssh root@...
  • 网站服务器、网站被攻击怎么办
    2017-08-02 17:35
    spartonly的博客  ARP(Address Resolution Protocol,地址解析协议)是一个位于TCP/IP协议栈的网络层,负责将某个IP地址解析成对应的MAC地址。    ARP协议的基本功能就是通过目标设备的IP地址,查询目标设备的MAC地址,以保证...
  • go mysql dsn_Golang数据库编程之GORM库入门
    2021-03-19 08:18
    美丽回忆一瞬间的博客 在线QQ客服:1922638专业的SQL Server、MySQL数据库同步软件在上一篇文章,我们解释了使用Go语言的标准库包操作数据库过程,尽管使用打包操作数据也非常方便,但是您需要自己编写每个SQL语句,因此我们可以再次...
  • 第一章 无限结界服务器,网游之无限副本
    2021-08-11 06:38
    weixin_39969448的博客 迷糊似乎听到了一些莫名其妙的对话。“王医生,你是J市最好的神经科医生了,这样真的有用吗?”“您放心,李少只是暂时性昏迷,虽然有选择性失忆的可能,不过以后会慢慢回忆起来的。这款游戏您也在玩,应该听说过...
  • 【Golang1.20源码阅读】runtime/chan.go
    2023-08-21 23:30
    深漂小码哥的博客 【代码】【Golang1.20源码阅读】chan.go。
  • 没有解决我的问题, 去提问

悬赏问题

  • ¥15 2020长安杯与连接网探
  • ¥15 关于#matlab#的问题:在模糊控制器中选出线路信息,在simulink中根据线路信息生成速度时间目标曲线(初速度为20m/s,15秒后减为0的速度时间图像)我想问线路信息是什么
  • ¥15 banner广告展示设置多少时间不怎么会消耗用户价值
  • ¥16 mybatis的代理对象无法通过@Autowired装填
  • ¥15 可见光定位matlab仿真
  • ¥15 arduino 四自由度机械臂
  • ¥15 wordpress 产品图片 GIF 没法显示
  • ¥15 求三国群英传pl国战时间的修改方法
  • ¥15 matlab代码代写,需写出详细代码,代价私
  • ¥15 ROS系统搭建请教(跨境电商用途)