Qliksense enterprise with Application load balance... - Qlik Community

Mrugesh · ‎2022-05-23

Hi Team,

I am trying to connect with java client using web-socket over SSL (wss://XXX.com:4747) to qlik sense enterprise deployment.

However seeing the 502 bad gateway error in SSL response. PFA.

Does any one have faced similar issue ?

Below are the logs :

0000: 48 54 54 50 2F 31 2E 31 20 35 30 32 20 42 61 64 HTTP/1.1 502 Bad
0010: 20 47 61 74 65 77 61 79 0D 0A 53 65 72 76 65 72 Gateway..Server
0020: 3A 20 61 77 73 65 6C 62 2F 32 2E 30 0D 0A 44 61 : awselb/2.0..Da
0030: 74 65 3A 20 46 72 69 2C 20 32 30 20 4D 61 79 20 te: Fri, 20 May
0040: 32 30 32 32 20 30 39 3A 31 39 3A 31 31 20 47 4D 2022 09:19:11 GM
0050: 54 0D 0A 43 6F 6E 74 65 6E 74 2D 54 79 70 65 3A T..Content-Type:
0060: 20 74 65 78 74 2F 68 74 6D 6C 0D 0A 43 6F 6E 74 text/html..Cont
0070: 65 6E 74 2D 4C 65 6E 67 74 68 3A 20 31 32 32 0D ent-Length: 122.
0080: 0A 43 6F 6E 6E 65 63 74 69 6F 6E 3A 20 6B 65 65 .Connection: kee
0090: 70 2D 61 6C 69 76 65 0D 0A 53 65 74 2D 43 6F 6F p-alive..Set-Coo
00A0: 6B 69 65 3A 20 41 57 53 41 4C 42 54 47 3D 2F 4C kie: AWSALBTG=/L
00B0: 4E 68 53 4B 57 36 48 41 4E 54 74 50 33 6E 72 75 NhSKW6HANTtP3nru
00C0: 30 50 69 75 55 69 36 33 79 37 39 77 59 4F 69 6B 0PiuUi63y79wYOik
00D0: 46 66 59 76 50 64 35 63 78 50 69 79 33 37 6D 56 FfYvPd5cxPiy37mV
00E0: 36 44 48 56 62 75 6C 72 74 56 76 6E 4D 4B 57 6B 6DHVbulrtVvnMKWk
00F0: 57 30 6A 54 43 34 6A 4A 2F 31 5A 57 78 7A 46 4B W0jTC4jJ/1ZWxzFK
0100: 51 75 43 54 6D 75 65 36 36 50 32 78 43 79 38 44 QuCTmue66P2xCy8D
0110: 76 63 41 75 68 54 6E 7A 2F 39 79 77 4F 4B 52 6B vcAuhTnz/9ywOKRk
0120: 66 66 6A 79 53 38 4B 39 57 46 51 59 75 47 44 79 ffjyS8K9WFQYuGDy
0130: 34 34 36 78 49 44 78 5A 50 63 62 69 63 72 69 43 446xIDxZPcbicriC
0140: 75 71 42 65 2B 79 41 6D 58 4B 4F 6E 70 59 58 65 uqBe+yAmXKOnpYXe
0150: 30 6C 42 39 6C 32 4F 76 7A 36 4B 5A 79 6E 4D 51 0lB9l2Ovz6KZynMQ
0160: 73 3D 3B 20 45 78 70 69 72 65 73 3D 46 72 69 2C s=; Expires=Fri,
0170: 20 32 37 20 4D 61 79 20 32 30 32 32 20 30 39 3A 27 May 2022 09:
0180: 31 39 3A 31 31 20 47 4D 54 3B 20 50 61 74 68 3D 19:11 GMT; Path=
0190: 2F 0D 0A 53 65 74 2D 43 6F 6F 6B 69 65 3A 20 41 /..Set-Cookie: A
01A0: 57 53 41 4C 42 54 47 43 4F 52 53 3D 2F 4C 4E 68 WSALBTGCORS=/LNh
01B0: 53 4B 57 36 48 41 4E 54 74 50 33 6E 72 75 30 50 SKW6HANTtP3nru0P
01C0: 69 75 55 69 36 33 79 37 39 77 59 4F 69 6B 46 66 iuUi63y79wYOikFf
01D0: 59 76 50 64 35 63 78 50 69 79 33 37 6D 56 36 44 YvPd5cxPiy37mV6D
01E0: 48 56 62 75 6C 72 74 56 76 6E 4D 4B 57 6B 57 30 HVbulrtVvnMKWkW0
01F0: 6A 54 43 34 6A 4A 2F 31 5A 57 78 7A 46 4B 51 75 jTC4jJ/1ZWxzFKQu
0200: 43 54 6D 75 65 36 36 50 32 78 43 79 38 44 76 63 CTmue66P2xCy8Dvc
0210: 41 75 68 54 6E 7A 2F 39 79 77 4F 4B 52 6B 66 66 AuhTnz/9ywOKRkff
0220: 6A 79 53 38 4B 39 57 46 51 59 75 47 44 79 34 34 jyS8K9WFQYuGDy44
0230: 36 78 49 44 78 5A 50 63 62 69 63 72 69 43 75 71 6xIDxZPcbicriCuq
0240: 42 65 2B 79 41 6D 58 4B 4F 6E 70 59 58 65 30 6C Be+yAmXKOnpYXe0l
0250: 42 39 6C 32 4F 76 7A 36 4B 5A 79 6E 4D 51 73 3D B9l2Ovz6KZynMQs=
0260: 3B 20 45 78 70 69 72 65 73 3D 46 72 69 2C 20 32 ; Expires=Fri, 2
0270: 37 20 4D 61 79 20 32 30 32 32 20 30 39 3A 31 39 7 May 2022 09:19
0280: 3A 31 31 20 47 4D 54 3B 20 50 61 74 68 3D 2F 3B :11 GMT; Path=/;
0290: 20 53 61 6D 65 53 69 74 65 3D 4E 6F 6E 65 3B 20 SameSite=None;
02A0: 53 65 63 75 72 65 0D 0A 53 65 74 2D 43 6F 6F 6B Secure..Set-Cook
02B0: 69 65 3A 20 41 57 53 41 4C 42 3D 74 67 68 62 7A ie: AWSALB=tghbz
02C0: 69 57 66 71 6E 50 73 71 47 64 2B 67 74 34 42 46 iWfqnPsqGd+gt4BF
02D0: 6B 35 6E 6C 38 71 6B 50 4E 31 76 2F 68 54 61 6D k5nl8qkPN1v/hTam
02E0: 6A 46 79 58 68 2F 76 4F 48 45 37 4A 6E 68 58 6A jFyXh/vOHE7JnhXj
02F0: 6A 4E 58 74 31 4E 41 50 69 32 32 68 6A 65 63 4C jNXt1NAPi22hjecL
0300: 77 5A 55 75 57 72 70 43 67 5A 44 2F 66 34 2B 63 wZUuWrpCgZD/f4+c
0310: 51 4B 30 72 45 42 74 74 6A 79 61 30 47 30 4D 4F QK0rEBttjya0G0MO
0320: 4D 39 4F 7A 4B 31 6F 39 77 37 58 45 6C 53 62 30 M9OzK1o9w7XElSb0
0330: 42 49 6F 48 7A 6E 34 3B 20 45 78 70 69 72 65 73 BIoHzn4; Expires
0340: 3D 46 72 69 2C 20 32 37 20 4D 61 79 20 32 30 32 =Fri, 27 May 202
0350: 32 20 30 39 3A 31 39 3A 31 31 20 47 4D 54 3B 20 2 09:19:11 GMT;
0360: 50 61 74 68 3D 2F 0D 0A 53 65 74 2D 43 6F 6F 6B Path=/..Set-Cook
0370: 69 65 3A 20 41 57 53 41 4C 42 43 4F 52 53 3D 74 ie: AWSALBCORS=t
0380: 67 68 62 7A 69 57 66 71 6E 50 73 71 47 64 2B 67 ghbziWfqnPsqGd+g
0390: 74 34 42 46 6B 35 6E 6C 38 71 6B 50 4E 31 76 2F t4BFk5nl8qkPN1v/
03A0: 68 54 61 6D 6A 46 79 58 68 2F 76 4F 48 45 37 4A hTamjFyXh/vOHE7J
03B0: 6E 68 58 6A 6A 4E 58 74 31 4E 41 50 69 32 32 68 nhXjjNXt1NAPi22h
03C0: 6A 65 63 4C 77 5A 55 75 57 72 70 43 67 5A 44 2F jecLwZUuWrpCgZD/
03D0: 66 34 2B 63 51 4B 30 72 45 42 74 74 6A 79 61 30 f4+cQK0rEBttjya0
03E0: 47 30 4D 4F 4D 39 4F 7A 4B 31 6F 39 77 37 58 45 G0MOM9OzK1o9w7XE
03F0: 6C 53 62 30 42 49 6F 48 7A 6E 34 3B 20 45 78 70 lSb0BIoHzn4; Exp
0400: 69 72 65 73 3D 46 72 69 2C 20 32 37 20 4D 61 79 ires=Fri, 27 May
0410: 20 32 30 32 32 20 30 39 3A 31 39 3A 31 31 20 47 2022 09:19:11 G
0420: 4D 54 3B 20 50 61 74 68 3D 2F 3B 20 53 61 6D 65 MT; Path=/; Same
0430: 53 69 74 65 3D 4E 6F 6E 65 3B 20 53 65 63 75 72 Site=None; Secur
0440: 65 0D 0A 0D 0A 3C 68 74 6D 6C 3E 0D 0A 3C 68 65 e....<html>..<he
0450: 61 64 3E 3C 74 69 74 6C 65 3E 35 30 32 20 42 61 ad><title>502 Ba
0460: 64 20 47 61 74 65 77 61 79 3C 2F 74 69 74 6C 65 d Gateway</title
0470: 3E 3C 2F 68 65 61 64 3E 0D 0A 3C 62 6F 64 79 3E ></head>..<body>
0480: 0D 0A 3C 63 65 6E 74 65 72 3E 3C 68 31 3E 35 30 ..<center><h1>50
0490: 32 20 42 61 64 20 47 61 74 65 77 61 79 3C 2F 68 2 Bad Gateway</h
04A0: 31 3E 3C 2F 63 65 6E 74 65 72 3E 0D 0A 3C 2F 62 1></center>..</b
04B0: 6F 64 79 3E 0D 0A 3C 2F 68 74 6D 6C 3E 0D 0A ody>..</html>..
)
javax.net.ssl|DEBUG|19|WebSocketWriteThread-25|2022-05-20 09:19:11.540 UTC|null:-1|duplex close of SSLSocket
javax.net.ssl|DEBUG|19|WebSocketWriteThread-25|2022-05-20 09:19:11.540 UTC|null:-1|WRITE: TLS12 alert(close_notify), length = 10
javax.net.ssl|DEBUG|19|WebSocketWriteThread-25|2022-05-20 09:19:11.541 UTC|null:-1|Plaintext before ENCRYPTION (
0000: 01 00 ..
)
javax.net.ssl|DEBUG|19|WebSocketWriteThread-25|2022-05-20 09:19:11.542 UTC|null:-1|Raw write (
0000: 15 03 03 00 1A 00 00 00 00 00 00 00 02 9A 64 56 ..............dV
0010: 52 70 14 E0 2A 08 72 01 AE CF 69 FD 17 D1 3A Rp..*.r...i...:
)
javax.net.ssl|DEBUG|19|WebSocketWriteThread-25|2022-05-20 09:19:11.542 UTC|null:-1|close the underlying socket
javax.net.ssl|DEBUG|19|WebSocketWriteThread-25|2022-05-20 09:19:11.542 UTC|null:-1|close the SSL connection (initiative)
javax.net.ssl|DEBUG|19|WebSocketWriteThread-25|2022-05-20 09:19:11.543 UTC|null:-1|close inbound of SSLSocket
javax.net.ssl|WARNING|19|WebSocketWriteThread-25|2022-05-20 09:19:11.544 UTC|null:-1|SSLSocket duplex close failed (
"throwable" : {
java.net.SocketException: Socket is closed
at java.base/java.net.Socket.shutdownInput(Unknown Source)
at java.base/sun.security.ssl.BaseSSLSocketImpl.shutdownInput(Unknown Source)
at java.base/sun.security.ssl.SSLSocketImpl.shutdownInput(Unknown Source)
at java.base/sun.security.ssl.SSLSocketImpl.bruteForceCloseInput(Unknown Source)
at java.base/sun.security.ssl.SSLSocketImpl.duplexCloseOutput(Unknown Source)
at java.base/sun.security.ssl.SSLSocketImpl.close(Unknown Source)
at org.java_websocket.client.WebSocketClient$WebsocketWriteThread.closeSocket(WebSocketClient.java:786)
at org.java_websocket.client.WebSocketClient$WebsocketWriteThread.run(WebSocketClient.java:755)
at java.base/java.lang.Thread.run(Unknown Source)}

)

FYI...

Followed below steps while setting up qliksense (application to connect from client) in private subnet:

Created 2 subnets in same availability zone
a) Public - to communicate outside using ALB
b) Private - qliksense instance

Updated private subnet route table with NAT gateway
a) NAT gateway in public subnet of Engineering VPC

Updated public subnet route with Internet gateway
a) Internet gateway in public subnet of Engineering VPC

Deployed Application load balancer with Internet facing(to access from internet) option
a) Added same availability zone as public subnet
b) Created listener for HTTP 80 and HTTPS 4747 to attach private subnet EC2 instance

Created A record Alias using CNAME for ALB DNS name

Deployed EC2 in private subnet
a) Overridden the private IP of EC2 with the A record name
b) Overridden record name given as host name while installing qliksense
c) Certificate gets generate by qliksense at time of installation have SAN value same as A record name
d) Attached to both the ALB listeners for forwarding the requests
e) Disable the windows firewall for qliksense instance

Updated the HTTPS 4747 listener with the qliksense certificates for communication.

Created security group for 80,443,4747,3389,ICMP for inbound communication and all traffic for outbound communication.

Alan_Slaughter · ‎2022-07-15

Hi Please review the following article:

https://community.qlik.com/t5/Knowledge/Qlik-Sense-error-502-Web-service-received-an-invalid-respons...

Qliksense enterprise with Application load balancer on AWS - 502 bad gateway Error in SSL handshake

General Question

Virtual Private Cloud