Set Content-Length header in Traffic Router

[zrhoffman]

What does this PR (Pull Request) do?

• This PR fixes Traffic Router inconsistent behavior on HTTP HEAD requests #3965 by making the Traffic Router API and routing responses include a Content-Length header with every response
• Exposes LocationController endpoints to HEAD requests
• HEAD requests for routing responses return the same Content-Type and Content-Length as GET requests

Which Traffic Control components are affected by this PR?

• Documentation
• Traffic Router

What is the best way to verify this PR?

Run the following external tests:

• org.apache.traffic_control.traffic_router.core.external.BufferedResponseTest
• org.apache.traffic_control.traffic_router.core.external.LocationsTest

If this is a bug fix, what versions of Traffic Control are affected?

• master (c65ee2e)
• 6.0.0

The following criteria are ALL met by this PR

• This PR includes tests
• This PR includes documentation
• This PR includes an update to CHANGELOG.md
• This PR includes any and all required license headers
• This PR DOES NOT FIX A SERIOUS SECURITY VULNERABILITY (see the Apache Software Foundation's security guidelines for details)

[asf-ci]

Can one of the admins verify this patch?

[ocket8888]

Docs look fine and I glanced over the Java and everything looks alright, but somebody more familiar with TR should take a look.

[mitchell852]

Docs look fine and I glanced over the Java and everything looks alright, but somebody more familiar with TR should take a look.

maybe @rawlinp or @ajschmidt can look at it.

[rawlinp]

Nice work! The code changes look good -- I just want to do some more testing against it before merging.

[ocket8888]

Can you rebase to fix conflicts? Idk if @rawlinp ever got around to that testing, but it can't be merged in any case while it has conflicts.

[zrhoffman]

@ocket8888 Okay, I have rebased it. Merge conflicts are resolved.

[rawlinp]

add to whitelist

(this is just to tell the asf-ci bot that your PRs are ok to run through CI)

[asf-ci]

Refer to this link for build results (access rights to CI server needed):
https://builds.apache.org/job/trafficcontrol-PR/4970/

[zrhoffman]

Rebased to fix merge conflicts from #6008.

As of f8dcdf2320, Traffic Router closes the connection once the response is sent, so if a user does curl -X HEAD (which would previously keep the connection alive, since curl expects to receive a request body and does not) instead of curl --head, Traffic Router won't keep the connection open for an additional 10 seconds.

Undrafted, #4074 is ready for review.

[rawlinp]

This worries me, because we might be fixing the performance of invalid requests (e.g. curl -X HEAD), at the expense of valid requests. Keeping client connections alive where possible can be a good thing.

[zrhoffman]

It can be, but some CDNs seem to prefer Connection: close for redirects:

• [zrhoffman@computer ~]$ curl -I https://apple.com/
  HTTP/1.1 301 Redirect
  Date: Wed, 02 Nov 2022 15:18:11 GMT
  Connection: close
  Via: http/1.1 xxxx.ts.apple.com (acdn/000.00000)
  Cache-Control: no-store
  Location: https://www.apple.com/
  Content-Type: text/html
  Content-Language: en
  X-Cache: none
  CDNUUID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx-xxxxxxxxxx
  Content-Length: 304

• [zrhoffman@computer ~]$ curl -I http://fastly.com/
  HTTP/1.1 301 Moved Permanently
  Connection: close
  Content-Length: 0
  Retry-After: 0
  Accept-Ranges: bytes
  Date: Wed, 02 Nov 2022 15:18:50 GMT
  X-Served-By: cache-xxx0000-XXX
  X-Cache: HIT
  X-Cache-Hits: 0
  Cache-Control: max-age=0, private, must-revalidate
  Server: Artisanal bits
  Location: https://fastly.com/

• Looks like cloudfront.com is trying to close the connection but mistyped it as Cneonction:

  [zrhoffman@computer ~]$ curl -I http://cloudfront.com/
  HTTP/1.1 302 Found
  Date: Wed, 02 Nov 2022 15:19:19 GMT
  Server: Server
  Location: http://aws.amazon.com/cloudfront
  Cneonction: close
  Content-Type: text/html; charset=iso-8859-1
  ```

[ocket8888]

Does TR support HTTP/2? The spec for HTTP/2 says that clients must treat any message containing a connection-specific header as malformed. So we definitely shouldn't send that on requests for that protocol.

[ocket8888]

close is the default behavior for HTTP/1.0, so really you just want to add this header if the request is HTTP/1.1. You can check that with the request's getProtocol method, I think.

[zrhoffman]

Does TR support HTTP/2?

No, and curl -X HEAD doesn't hang for HTTP/2 anyway.

As an alternative to Connection: close, we could just reduce Connector.connectionTimeout from 10 seconds to something shorter, like 3 or 5 seconds:

https://github.com/apache/trafficcontrol/blob/b24649869407d902301ce6997c629e367285b44f/traffic_router/core/src/main/conf/server.xml#L38

https://github.com/apache/trafficcontrol/blob/b24649869407d902301ce6997c629e367285b44f/traffic_router/core/src/main/conf/server.xml#L41

https://github.com/apache/trafficcontrol/blob/b24649869407d902301ce6997c629e367285b44f/traffic_router/core/src/main/conf/server.xml#L43

https://github.com/apache/trafficcontrol/blob/b24649869407d902301ce6997c629e367285b44f/traffic_router/core/src/main/conf/server.xml#L47

[ocket8888]

Ideally @rawlinp would chime in to say whether or not that's acceptable

[rawlinp]

Connection: close still kind of worries me, especially because there may be clients out there relying on high connection rates to TR, whether that is really the right approach or not, reusing connections could actually be helping TR performance. Maybe I don't fully understand the need for it here? Are HEAD requests broken without it?

Changing connectionTimeout in server.xml seems like it would be more fine-tuned via the CDN operator's ansible playbooks (or equivalent) if the CDN had issues with slow clients. I think Tomcat ships with a 20s default, and 10s seems reasonable for a TR default.

[zrhoffman]

Looks like cloudfront.com is trying to close the connection but mistyped it as Cneonction:

As @rob05c pointed out to me, Cneonction is just a hack to get around Connection header differences between the origin and caches.

Maybe I don't fully understand the need for it here? Are HEAD requests broken without it?

Nope we don't need it, it would only be to appease invalid requests like curl -X HEAD. But curl -X HEAD doesn't cause a timeout anyway in HTTP/2, so there isn't a long-term reason to do it, especially with the benefits from reusing the connection like you mentioned.

Even if we did want to change any connection behavior, that belongs in a separate PR, #4074 should just be to resolve disparities between HEAD and GET.

[zrhoffman]

Forgot to mention: Reverted closing the connection in 97d38f2234

[rawlinp]

mvn clean verify appears to pass for me on master, but in this PR I get an error:

Results :

Tests in error:
  SteeringTest.z_itemsMigrateFromSmallerToLargerBucket:327 » HttpHostConnect Con...

[zrhoffman]

Rebased to fix merge conflicts from #6390

[zrhoffman]

Rebased to fix a changelog merge conflict

[zrhoffman]

The TR Ultimate Test Harness workflow fails on the master branch (and on #4074), fixed by #7175.

[zrhoffman]

Rebased onto master so tests will pass now that #7175 is merged