Meteor-apm-agent not working with options endpoints using https

Meteor-apm-agent not working with options endpoints using https

I have a problem with mdg:meteor-apm-agent when an instrumented Meteor application tries to connect with a SSL/TLS secured kadira-server. I am testing with the Simple Todos application with mdg:meteor-apm-agent.

I would like to use a Meteor application across untrusted networks and secure the connections with kadira-server using SSL/TLS.

https: fails
http: passes

The Environment Variables:

APM_APP_ID="<the appId>"
APM_APP_SECRET="<the appSecret>"

Setting: APM_OPTIONS_ENDPOINT=“https://kadira.example.com
FAILS

Setting: APM_OPTIONS_ENDPOINT=“http://kadira.example.com
PASSES

I have monitored the Simple Todos application using wireshark. I have also looked at the NGINX access.log and error.log files on the kadira-engine server to identify that the problem comes before the NGINX external interface.

Using curl to simulate the /simplentp/sync and /ping authentication works. The mdg:meteor-apm-agent instrumented app fails the authentication when the options endpoint references a https url.

GET /simplentp/sync HTTP/1.1

POST /ping HTTP/1.1

FAILURE scenario using Simple Todos with mdg:meteor-apm-agent and an https options endpoint.

  1. The SSL/TLS connection to the NGINX proxy server is successfully negotiated for the /simplentp/sync path.
  2. No useable encrypted data is sent to the NGINX proxy.
  3. The SSL/TLS connection is closed by the Simple Todos application.
  4. The SSL/TLS connection to the NGINX proxy server is successfully negotiated for the /ping path.
  5. No usable encrypted data is sent to the NGINX proxy.
  6. The SSL/TLS connection is closed by the Simple Todos application.

The Simple Todos application reports:

Meteor APM: completed instrumening the app<br> => Started your app.<br> => App running at: http://localhost:3000/<br> ? Meteor APM: authentication failed - check your appId & appSecret

The NGINX - access.log // nothing seen for #2 and #5

The NGINX - error.log // for each authentication retry

client closed connection while waiting for request,
client: ip-adrs-of-simple-todos, server: port = 443

It appears that SSL/TLS connection is created from Simple Todos to the NGINX proxy, but no useful http protocol data is sent through the SSL/TLS connection.

I have no problems configuring the NGINX server as a proxy to Meteor and NodeJS applications running on the localhost.

I have not looked into the mdg:meteor-apm-agent code with significant depth to determine where the node.js interfacs are failing.

mdg:meteor-apm-agent @ 3.2.6 still has inability to transmit http payload across https: encryption when establishing a connection.

This situation is inherited from meteorhacks:kadira as forked from version 2.12.1.
package meteorhacks:kadira was updated to version 2.30.2 - but I don’t know if the https: issue has been resolved.