设置
Omeka S (v3.0.1)的一个实例在 Red Hat OpenShift 容器中运行,并配置为使用 laminas-http 代理适配器通过代理服务器发出 http 请求。
/omeka-s/config/local.config.php
'http_client' => [
'adapter' => \Laminas\Http\Client\Adapter\Proxy::class,
'proxy_host' => ‘<proxy.address>’,
'proxy_port' => <port number>,
],
问题
尝试使用 oembed 媒体创建项目并使用 CSVImport 模块时出现问题。
代理适配器在尝试建立 SSL 连接时抛出异常,报告应用程序无法连接到目标服务器。PHP 警告提供了更多细节,指出代理身份验证是问题所在。
容器中通过相同代理发出 http 请求的其他程序按预期工作。示例包括 yum、curl 和用于从 Omeka S 发送电子邮件的 smtp 程序。
根据我在下面的尝试,问题似乎特定于层、代理和/或目标服务器之间的交互。
Laminas\Http\Client\Adapter\Exception\RuntimeException: Unable to connect to HTTPS server through proxy: could not negotiate secure connection. in /opt/app-root/src/omeka-s/vendor/laminas/laminas-http/src/Client/Adapter/Proxy.php:296
Stack trace:
#0 /opt/app-root/src/omeka-s/vendor/laminas/laminas-http/src/Client/Adapter/Proxy.php(165): Laminas\Http\Client\Adapter\Proxy->connectHandshake('vimeo.com', 443, '1.1', Array)
#1 /opt/app-root/src/omeka-s/vendor/laminas/laminas-http/src/Client.php(1457): Laminas\Http\Client\Adapter\Proxy->write('GET', Object(Laminas\Uri\Http), '1.1', Array, '')
#2 /opt/app-root/src/omeka-s/vendor/laminas/laminas-http/src/Client.php(945): Laminas\Http\Client->doRequest(Object(Laminas\Uri\Http), 'GET', true, Array, '')
#3 /opt/app-root/src/omeka-s/application/src/Media/Ingester/OEmbed.php(142): Laminas\Http\Client->send()
#4 /opt/app-root/src/omeka-s/application/src/Media/Ingester/OEmbed.php(73): Omeka\Media\Ingester\OEmbed->makeRequest('https://vimeo.c...', 'OEmbed URL', Object(Omeka\Stdlib\ErrorStore))
#5 /opt/app-root/src/omeka-s/application/src/Api/Adapter/MediaAdapter.php(159): Omeka\Media\Ingester\OEmbed->ingest(Object(Omeka\Entity\Media), Object(Omeka\Api\Request), Object(Omeka\Stdlib\ErrorStore))
...
2021-03-02T20:05:21+00:00 ERR (3): Laminas\Http\Client\Adapter\Exception\RuntimeException: Unable to connect to HTTPS server through proxy: could not negotiate secure connection. in /opt/app-root/src/omeka-s/vendor/laminas/laminas-http/src/Client/Adapter/Proxy.php:296
Stack trace:
#0 /opt/app-root/src/omeka-s/vendor/laminas/laminas-http/src/Client/Adapter/Proxy.php(165): Laminas\Http\Client\Adapter\Proxy->connectHandshake('www.dropbox.com', 443, '1.1', Array)
#1 /opt/app-root/src/omeka-s/vendor/laminas/laminas-http/src/Client.php(1457): Laminas\Http\Client\Adapter\Proxy->write('GET', Object(Laminas\Uri\Http), '1.1', Array, '')
#2 /opt/app-root/src/omeka-s/vendor/laminas/laminas-http/src/Client.php(945): Laminas\Http\Client->doRequest(Object(Laminas\Uri\Http), 'GET', true, Array, '')
#3 /opt/app-root/src/omeka-s/application/src/File/Downloader.php(64): Laminas\Http\Client->send()
#4 /opt/app-root/src/omeka-s/application/src/Media/Ingester/Url.php(63): Omeka\File\Downloader->download(Object(Laminas\Uri\Http), Object(Omeka\Stdlib\ErrorStore))
#5 /opt/app-root/src/omeka-s/application/src/Api/Adapter/MediaAdapter.php(159): Omeka\Media\Ingester\Url->ingest(Object(Omeka\Entity\Media), Object(Omeka\Api\Request), Object(Omeka\Stdlib\ErrorStore))
...
Warning: stream_socket_enable_crypto(): Peer certificate CN=`vimeo.map.fastly.net' did not match expected CN=`<proxy.address>’ in /opt/app-root/src/omeka-s/vendor/laminas/laminas-http/src/Client/Adapter/Proxy.php on line 289
Warning: stream_socket_enable_crypto(): SSL/TLS already set-up for this stream in /opt/app-root/src/omeka-s/vendor/laminas/laminas-http/src/Client/Adapter/Proxy.php on line 289
...
尝试了什么
禁用 SSL 对等验证。
/omeka-s/config/local.config.php
'http_client' => [
...
'sslverifypeer' => false,
'sslverifypeername' => false,
],
结果是可以在多次尝试后导入项目,但现在请求可能由于两个新原因而失败:连接可能会失败,但出现与上述相同的异常,但 php 报告这是由于握手超时,以及代理或目标服务器可能返回格式错误/空的响应。
Warning: stream_socket_enable_crypto(): SSL: Handshake timed out in /opt/app-root/src/omeka-s/vendor/laminas/laminas-http/src/Client/Adapter/Proxy.php on line 289
Laminas\Http\Exception\InvalidArgumentException: A valid response status line was not found in the provided string in /opt/app-root/src/omeka-s/vendor/laminas/laminas-http/src/Response.php:266
Stack trace:
#0 /opt/app-root/src/omeka-s/vendor/laminas/laminas-http/src/Response.php(204): Laminas\Http\Response->parseStatusLine('')
#1 /opt/app-root/src/omeka-s/vendor/laminas/laminas-http/src/Client/Adapter/Proxy.php(271): Laminas\Http\Response::fromString('')
#2 /opt/app-root/src/omeka-s/vendor/laminas/laminas-http/src/Client/Adapter/Proxy.php(165): Laminas\Http\Client\Adapter\Proxy->connectHandshake('vimeo.com', 443, '1.1', Array)
#3 /opt/app-root/src/omeka-s/vendor/laminas/laminas-http/src/Client.php(1457): Laminas\Http\Client\Adapter\Proxy->write('GET', Object(Laminas\Uri\Http), '1.1', Array, '')
#4 /opt/app-root/src/omeka-s/vendor/laminas/laminas-http/src/Client.php(945): Laminas\Http\Client->doRequest(Object(Laminas\Uri\Http), 'GET', true, Array, '')
#5 /opt/app-root/src/omeka-s/application/src/Media/Ingester/OEmbed.php(142): Laminas\Http\Client->send()
#6 /opt/app-root/src/omeka-s/application/src/Media/Ingester/OEmbed.php(73): Omeka\Media\Ingester\OEmbed->makeRequest('https://vimeo.c...', 'OEmbed URL', Object(Omeka\Stdlib\ErrorStore))
#7 /opt/app-root/src/omeka-s/application/src/Api/Adapter/MediaAdapter.php(159): Omeka\Media\Ingester\OEmbed->ingest(Object(Omeka\Entity\Media), Object(Omeka\Api\Request), Object(Omeka\Stdlib\ErrorStore))
...
切换到 laminas-http curl 适配器。
首先测试curl命令行工具和一个使用php curl库的测试php程序,确认可以成功使用代理。没有一个测试请求失败。但是响应时间变化很大。有些请求需要 40 多秒才能完成。
切换到 curl 适配器允许 Omeka S 成功下载 oembed 资源。我在使用该应用程序时看到了相同的请求时间变化,它多次报告 504 网关超时错误。当我导航回管理面板时,返回 504 错误响应的项目仍然显示为成功创建。
我不确定 504 是来自容器的 apache 实例、代理还是目标网站。
'http_client' => [
'adapter' => \Laminas\Http\Client\Adapter\Curl::class,
'proxy_host' => ‘<proxy.address>’,
'proxy_port' => <proxy port>,
],
通过代理路由非容器化实例。
待定。如果可以复制错误,则问题出在层和代理之间。如果不能,那么问题是在容器的上下文中使用了层板。