HttpClient

Module for outbound HTTP

Introduction

Platform module for application outbound HTTP requests.

This module is used by other modules to perform outbound HTTP request.

Multiple instances of the module can be configured to support outbound request with different properties, like timeouts, proxies or SSL/TLS settings.

Callers targets the requested instance by its name which must be configuration unique.

Configuration

Module name: HttpClient

Name
Description
Default
Mandatory

name

Configuration unique instance name.

"default"

follow_redirects

Turn on/off HTTP redirect support. By default redirects are NOT followed, instead the redirect response is returned to caller.

false

enable_user_agent

Enables the User-Agent request header.

false

user_agent

Custom User-Agent request header value.

"Fortified-HttpClient"

enable_keep_alive

Enable HTTP keep-alive.

false

enable_ssl

Enable support for SSL. If not enabled HTTPS connections will fail.

true

enable_alpn

Enable support for ALPN (Application Layer Protocol Negotiation), required for using HTTP/2 over SSL/TLS.

false

request_timeout_ms

Request timeout in ms. If a request takes longer than this amount it is aborted. 0 means no timeout.

2000

connect_timeout_ms

Connection timeout in ms. If a connection takes longer than this amount to connect it is aborted. 0 means no timeout. Note that if this value is larger than request_timeout_ms, request timeout will occur first.

1000

idle_timeout_ms

Connection idle timeout in ms. A connection that has been idle for more than this amount of ms is closed. 0 means no timeout.

1000

ssl_truststore

Configuration truststore object for SSL/TLS.

ssl_truststore_path

Path to truststore in PKCS12 or JKS format.

ssl_truststore_password

Truststore password.

ssl_keystore

Configuration keystore object for SSL/TLS.

ssl_key_alias

Alias of key to use.

ssl_key_password

Key password.

ssl_keystore_path

Path to SSL/TLS keystore in PKCS12 or JKS format.

ssl_keystore_password

Keystore password

ssl_keystore_alias

Alias of key to use. Note: this property must be used for alias in combination with ssl_keystore_path.

ssl_trust_all

Flag to enable trust for all server certs - use only for test.

false

ssl_verify_host

Flag to disable certificate hostname verification. Setting this flag to false means that client will accept server certificates with non-matching host/dns-name(s). Use only for test.

true

non_proxy_hosts

List of hosts that should bypass proxy settings.

use_proxy

Flag turning on/off use of proxy

false

proxy

Proxy configuration object.

proxy.host

Hostname or IP of proxy to use.

"localhost"

proxy.port

Proxy port.

3128

proxy.username

Proxy username (optional, use only if required by proxy).

proxy.password

Proxy password (optional, use only if required by proxy).

circuit_breaker

Metrics

This module produces metrics for each request.

name

fortified.internal.httpclient_<metric-name>

tags

name=<instance-name>

See separate metrics documentation on how metrics work and how to consume metric data.

Circuit breaker

This module has support for circuit breaker.

The circuit breaker monitor requests and keeps track of the time and the number of failures and opens the circuit when a configurable threshold is reached, resulting in instant failure (i.e no wait for request timeout etc) for a better end user experience and for off-loading the application by reducing resources waiting for a likely timeout.

The circuit breaker does not prevent failures by performing retries etc.

Name
Description
Default
Mandatory

enabled

Flag turning on/off circuit breaker.

true

default_config.maxFailures

Failure threshold. When the number of failures reaches this value, the circuit is opened and new request will instantly fail.

5

default_config.timeout

Timeout in ms. If a request takes longer then this value it is considered a failure.

2000

default_config.resetTimeout

Time in ms before the circuit is reset/closed. When this time is reached the circuit will be closed to test if problem still remains. If test is successful, circuit is closed, otherwise it will be opened again.

10000

Troubleshooting

Keystore errors

Path to keystore is invalid/not found:

Invalid keystore path: <path>

Path to truststore is invalid/not found:

Invalid truststore path: <path>

Incorrect keystore/truststore password:

Failed to load keystore: Keystore was tampered with, or password was incorrect

Unknown keystore alias:

Failed to get entry '<alias>' from keystore: Entry not found: <alias>

Incorrect key password:

Failed to get entry '<alias>' from keystore:  Cannot recover key

Timeout getting response ("response timeout")

Request did not return within the specified request_timeout_ms period:

The timeout period of <timeout-value>ms has been exceeded while executing <method> /<path> for server <host>:<port>

Timeout establishing a connection ("connect timeout")

Connect timeout occurs when establishing a connection takes too long. Two errors are possible depending on how timeouts are configured.

If request_timeout_ms is shorter than connect_timeout_ms:

The timeout of <timeout-value> ms has been exceeded when getting a connection to <host>:<port>

If connect_timeout_ms is shorter than request_timeout_ms:

connection timed out: /<host>:<port>