Hello,
Since today we started getting this error in archiving cronjob and in UI when browsing plugins or checking for updates:
curl_exec: Recv failure: Connection reset by peer. Hostname requested was: plugins matomo org
This prevents for checking updates, but also our license key is not shown.
Are outgoing connections blocked?
What do you get with the following command?
curl -I https://plugins.matomo.org/
Hello Markus
Outgoing connections are not blocked.
This is the output:
# curl -I https://plugins.matomo.org/
HTTP/2 200
date: Thu, 08 Aug 2024 08:12:52 GMT
server: Apache
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'self'; form-action 'self'; connect-src https://www.userlike.com https://demo-web.matomo.org http://demo-web.matomo.org https://demo2.matomo.org https://api.userlike.com https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com wss://umd.userlike.com/umd/; font-src 'self' https://shop.matomo.org https://local.test.shop.matomo.org https://userlike-cdn-umm.b-cdn.net https://shop.matomo.org https://plugins.matomo.org https://d3dc1lgancj6l0.cloudfront.net; frame-src https://shop.matomo.org https://local.test.shop.matomo.org https://www.youtube-nocookie.com; img-src 'self' data: https://i.ytimg.com https://cloud.githubusercontent.com https://www.innocraft.com https://www.ab-tests.net https://img.shields.io https://www.paypalobjects.com https://api.flattr.com https://matomo.org https://img.youtube.com https://raw.githubusercontent.com https://github.com https://raw.github.com https://button.flattr.com https://avatars.githubusercontent.com https://userlike-cdn-operators.s3-eu-west-1.amazonaws.com https://demo-web.matomo.org https://plugins.matomo.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://userlike-cdn-umm.b-cdn.net https://demo2.matomo.org https://demo-web.matomo.org http://demo-web.matomo.org https://api.userlike.com https://d3dc1lgancj6l0.cloudfront.net https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com; style-src 'self' 'unsafe-inline'
cache-control: max-age=691200
expires: Fri, 16 Aug 2024 08:12:52 GMT
vary: Accept-Encoding
x-xss-protection: 0
x-content-type-options: nosniff
content-type: text/html;charset=UTF-8
via: 2.0 alproxy
I’ve noticed that a newer docker image (with the same tag 5.1.0-fpm-alpine) was published yesterday and contains an updated version of curl, so I deployed that, and also tried to increase the max execution time, these both seem to have fixed the issue.
At least when I check for newer version (via button), it works now, and I also can see the “manage subscriptions” page, which was sometimes failing previously.
Is there a way to make the max_execution_time permanent in docker container? I mean via matomo config, to avoid mounting this file from the host?
It seems that I still occasionally get the same error
The same error when running curl in CLI, this happens only sometimes:
# curl -Iv https://plugins.matomo.org/
* Host plugins.matomo.org:443 was resolved.
* IPv6: 2a00:b6e0:1:200:177::1
* IPv4: 185.31.40.177
* Trying 185.31.40.177:443...
* Connected to plugins.matomo.org (185.31.40.177) port 443
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: /etc/ssl/certs
* Recv failure: Connection reset by peer
* OpenSSL SSL_connect: Connection reset by peer in connection to plugins.matomo.org:443
* closing connection #0
curl: (35) Recv failure: Connection reset by peer
I have executed the following curl command a few times and sometimes I see the same problem.
$ curl -Iv https://plugins.matomo.org/
* Host plugins.matomo.org:443 was resolved.
* IPv6: 2a00:b6e0:1:200:177::1
* IPv4: 185.31.40.177
* Trying [2a00:b6e0:1:200:177::1]:443...
* Connected to plugins.matomo.org (2a00:b6e0:1:200:177::1) port 443
* ALPN: curl offers h2,http/1.1
* (304) (OUT), TLS handshake, Client hello (1):
* CAfile: /etc/ssl/cert.pem
* CApath: none
* Recv failure: Connection reset by peer
* LibreSSL/3.3.6: error:02FFF036:system library:func(4095):Connection reset by peer
* Closing connection
curl: (35) Recv failure: Connection reset by peer