Not able to create keys: Possible connectivity issue

Getting Nonce failed error message on Tyk Startup

Nonce failed! Node:d1680fa1-12db-4f7a-57e4-d6e41c5b417f Nonce was:XXXXXXX Should be: YYYYYYY"

How can I resolve this issue?

We’ll need the full log output of your gateway and your dashboard in order to diagnose.

This can be safely ignored if your APIs are loading as it may just be a failed heartbeat, it eventually synchronises.

There were no other error messages other than that when the Tyk started.
Once I tried to add a new API, the following error messages appeared.
Dashboard log:

time="Jun  6 19:23:29" level=info msg="Sending notification{ApiUpdated e36aeb71460a431a5329b73a01dfbc73}" 
time="Jun  6 19:23:44" level=error msg="Something went wrong, couldn't get Api list" 
time="Jun  6 19:23:44" level=error msg="read tcp 172.17.0.3:44978->1.1.1.2:27017: read: connection reset by peer" 
time="Jun  6 19:23:44" level=info msg="Attempting to reconnect" 
time="Jun  6 19:24:04" level=error msg="No nodes available" 
time="Jun  6 19:24:09" level=error msg="No nodes available" 
time="Jun  6 19:24:14" level=error msg="No nodes available" 
..........

Gateway log:

time="Jun  6 19:23:29" level=info msg="Initiating reload" 
time="Jun  6 19:23:44" level=error msg="Failed to decode body: json: cannot unmarshal string into Go value of type []main.ResponseStruct" 
time="Jun  6 19:23:44" level=info msg="--> Retrying in 20s" 
time="Jun  6 19:23:59" level=warning msg="Reloader timed out! Removing sentinel" 
time="Jun  6 19:24:04" level=info msg="Registering node." 
time="Jun  6 19:24:04" level=error msg="Failed to register node, retrying in 5s" 
time="Jun  6 19:24:09" level=error msg="Failed to register node, retrying in 5s" 
time="Jun  6 19:24:14" level=error msg="Failed to register node, retrying in 5s" 
time="Jun  6 19:24:19" level=error msg="Failed to register node, retrying in 5s" 
time="Jun  6 19:24:24" level=error msg="Failed to register node, retrying in 5s" 
...............

Also, there were no issues shown in GUI and API created is in the shown.

From what I can tell:

  1. Your gateway can talk to the dashboard, this is good, it can see it but not register itself
  2. Your dashboard seems to have been running successfully enough to have an API list and to let you save one (which caused the update notification), but then mongodb failed or dropped the connection and the dashboard tried to reconnect (which it might have, who knows)
  3. Your gateway detects the pub/sub signal to reload (good, it can see redis) but then can’t seem to register wth the dashboard, I have a feeling it never saw the dashboard and never registered.
  4. Back to your dashboard logs, the dash seems to think that your license does not have any nodes available at all.

So, we can see everything seems to be connected, even though MongoDB is a little shaky, you must have a valid license, otherwise you couldn’t do anything in the dashboard, so you are either running more than your license allocation of gateway instances or you’ve been restarting your gateway jnstance aggressively.

Do you have a license in Your tyk_analytics.conf file?

Are you running more than one instance of the gateway container?

Have you been restarting the gateway a lot, there’s a TTL on node IDs so 20s is expected for a single node license between restarts?

  1. Yes, I have a license in tyk_analaytics.conf.

  2. No, Only 1 instance is running.

  3. Yes, I’m giving 1 min break when I re-install.

After few hours, when I created key again, it got created successfully. I created 2 apis and keys, then creating key for 3rd api gave me the earlier error

time="Jun  7 00:38:42" level=info msg="Reset quota for key." inbound-key=5755d297cb86370001000001e59a306c6a9c49f567dcfd58cb6fb8b5 key=quota-db8e5470 
2016/06/07 00:38:42 http: panic serving 172.17.0.1:49012: runtime error: invalid memory address or nil pointer dereference
goroutine 685 [running]:
net/http.(*conn).serve.func1(0xc8205ce200)
	/usr/local/go/src/net/http/server.go:1389 +0xc1
panic(0xc90e00, 0xc8200120c0)
	/usr/local/go/src/runtime/panic.go:426 +0x4e9
main.createKeyHandler(0x7f1d8be2dbf8, 0xc820126410, 0xc82008c380)
	/home/tyk/go/src/github.com/lonelycode/tyk/api.go:1315 +0x141b
main.CheckIsAPIOwner.func1(0x7f1d8be2dbf8, 0xc820126410, 0xc82008c380)
	/home/tyk/go/src/github.com/lonelycode/tyk/middleware_api_security_handler.go:24 +0xe1
net/http.HandlerFunc.ServeHTTP(0xc8202c3ea0, 0x7f1d8be2dbf8, 0xc820126410, 0xc82008c380)
	/usr/local/go/src/net/http/server.go:1618 +0x3a
github.com/gorilla/mux.(*Router).ServeHTTP(0xc82000efa0, 0x7f1d8be2dbf8, 0xc820126410, 0xc82008c380)
	/home/tyk/go/src/github.com/gorilla/mux/mux.go:98 +0x29e
net/http.(*ServeMux).ServeHTTP(0xc8201fc7e0, 0x7f1d8be2dbf8, 0xc820126410, 0xc82008c380)
	/usr/local/go/src/net/http/server.go:1910 +0x17d
net/http.serverHandler.ServeHTTP(0xc8201bf080, 0x7f1d8be2dbf8, 0xc820126410, 0xc82008c380)
	/usr/local/go/src/net/http/server.go:2081 +0x19e
net/http.(*conn).serve(0xc8205ce200)
	/usr/local/go/src/net/http/server.go:1472 +0xf2e
created by net/http.(*Server).Serve
	/usr/local/go/src/net/http/server.go:2137 +0x44etime="Jun  7 00:38:42" level=info msg="Reset quota for key." inbound-key=5755d297cb86370001000001e59a306c6a9c49f567dcfd58cb6fb8b5 key=quota-db8e5470 
2016/06/07 00:38:42 http: panic serving 172.17.0.1:49012: runtime error: invalid memory address or nil pointer dereference
goroutine 685 [running]:
net/http.(*conn).serve.func1(0xc8205ce200)
	/usr/local/go/src/net/http/server.go:1389 +0xc1
panic(0xc90e00, 0xc8200120c0)
	/usr/local/go/src/runtime/panic.go:426 +0x4e9
main.createKeyHandler(0x7f1d8be2dbf8, 0xc820126410, 0xc82008c380)
	/home/tyk/go/src/github.com/lonelycode/tyk/api.go:1315 +0x141b
main.CheckIsAPIOwner.func1(0x7f1d8be2dbf8, 0xc820126410, 0xc82008c380)
	/home/tyk/go/src/github.com/lonelycode/tyk/middleware_api_security_handler.go:24 +0xe1
net/http.HandlerFunc.ServeHTTP(0xc8202c3ea0, 0x7f1d8be2dbf8, 0xc820126410, 0xc82008c380)
	/usr/local/go/src/net/http/server.go:1618 +0x3a
github.com/gorilla/mux.(*Router).ServeHTTP(0xc82000efa0, 0x7f1d8be2dbf8, 0xc820126410, 0xc82008c380)
	/home/tyk/go/src/github.com/gorilla/mux/mux.go:98 +0x29e
net/http.(*ServeMux).ServeHTTP(0xc8201fc7e0, 0x7f1d8be2dbf8, 0xc820126410, 0xc82008c380)
	/usr/local/go/src/net/http/server.go:1910 +0x17d
net/http.serverHandler.ServeHTTP(0xc8201bf080, 0x7f1d8be2dbf8, 0xc820126410, 0xc82008c380)
	/usr/local/go/src/net/http/server.go:2081 +0x19e
net/http.(*conn).serve(0xc8205ce200)
	/usr/local/go/src/net/http/server.go:1472 +0xf2e
created by net/http.(*Server).Serve
	/usr/local/go/src/net/http/server.go:2137 +0x44e

Tried again and managed to create key for the third api.

Is the third API open? You can’t create a token for an open API, that would also cause this error.

None of the APIs are open(keyless).

Can you share the config for your third API, is it live?

@Martin Tyk is working fine after re-installation. Thanks for your effort.

1 Like

HI,

I’m facing the same problem here while creating an additional key. Tyk version 2.2. Configuration unchanged. I added 2 APIs.

curl -H "x-tyk-authorization: 352d20ee67be67f6340b4c0605b044b7"\ 
 -s\
 -H "Content-Type: application/json"\
 -X POST\
 -d '{
    "allowance": 1000,
    "rate": 1000,
    "per": 1,
    "expires": -1,
    "quota_max": -1,
    "quota_renews": 1449051461,
    "quota_remaining": -1,
    "quota_renewal_rate": 60,
    "access_rights": {
        "f36b90007f594c8f70875078f49f74d6": {
            "api_id": "f36b90007f594c8f70875078f49f74d6",
            "api_name": "test auth",
            "versions": ["Default"]
        }
    },
    "meta_data": {}
 }'\
 http://192.168.99.100:8080/tyk/keys/create

Here is the log output:

2016/07/08 13:17:24 http: panic serving 192.168.99.1:51566: runtime error: invalid memory address or nil pointer dereference
goroutine 256 [running]:
net/http.(*conn).serve.func1(0xc820227100)
	/usr/local/go/src/net/http/server.go:1389 +0xc1
panic(0xd25820, 0xc820010070)
	/usr/local/go/src/runtime/panic.go:426 +0x4e9
main.createKeyHandler(0x7f796c0ec1f8, 0xc820199ad0, 0xc820073880)
	/home/tyk/go/src/github.com/lonelycode/tyk/api.go:1315 +0x141b
main.CheckIsAPIOwner.func1(0x7f796c0ec1f8, 0xc820199ad0, 0xc820073880)
	/home/tyk/go/src/github.com/lonelycode/tyk/middleware_api_security_handler.go:24 +0xe1
net/http.HandlerFunc.ServeHTTP(0xc8203d18a0, 0x7f796c0ec1f8, 0xc820199ad0, 0xc820073880)
	/usr/local/go/src/net/http/server.go:1618 +0x3a
github.com/gorilla/mux.(*Router).ServeHTTP(0xc8205bfe00, 0x7f796c0ec1f8, 0xc820199ad0, 0xc820073880)
	/home/tyk/go/src/github.com/gorilla/mux/mux.go:98 +0x29e
net/http.(*ServeMux).ServeHTTP(0xc8206cb5c0, 0x7f796c0ec1f8, 0xc820199ad0, 0xc820073880)
	/usr/local/go/src/net/http/server.go:1910 +0x17d
net/http.serverHandler.ServeHTTP(0xc82035f980, 0x7f796c0ec1f8, 0xc820199ad0, 0xc820073880)
	/usr/local/go/src/net/http/server.go:2081 +0x19e
net/http.(*conn).serve(0xc820227100)
	/usr/local/go/src/net/http/server.go:1472 +0xf2e
created by net/http.(*Server).Serve
	/usr/local/go/src/net/http/server.go:2137 +0x44e

Here is the API description:

{
    "id": "577f97b14dcd470001000008",
    "name": "test auth",
    "slug": "test-auth",
    "api_id": "f36b90007f594c8f70875078f49f74d6",
    "org_id": "577f8ec74dcd470001000001",
    "use_keyless": false,
    "use_oauth2": false,
    "use_openid": false,
    "openid_options": {
        "providers": [],
        "segregate_by_client": false
    },
    "oauth_meta": {
        "allowed_access_types": [],
        "allowed_authorize_types": [],
        "auth_login_redirect": ""
    },
    "auth": {
        "use_param": false,
        "param_name": "",
        "use_cookie": false,
        "cookie_name": "",
        "auth_header_name": "Authorization"
    },
    "use_basic_auth": false,
    "enable_jwt": false,
    "jwt_signing_method": "",
    "jwt_source": "",
    "jwt_identity_base_field": "",
    "jwt_client_base_field": "",
    "jwt_policy_field_name": "",
    "notifications": {
        "shared_secret": "",
        "oauth_on_keychange_url": ""
    },
    "enable_signature_checking": true,
    "hmac_allowed_clock_skew": -1,
    "definition": {
        "location": "header",
        "key": "x-api-version"
    },
    "version_data": {
        "not_versioned": true,
        "versions": {
            "Default": {
                "name": "Default",
                "expires": "",
                "paths": {
                    "ignored": [],
                    "white_list": [],
                    "black_list": []
                },
                "use_extended_paths": true,
                "extended_paths": {
                    "ignored": [],
                    "white_list": [
                        {
                            "path": "html",
                            "method_actions": {
                                "GET": {
                                    "action": "no_action",
                                    "code": 200,
                                    "data": "",
                                    "headers": {}
                                }
                            }
                        }
                    ],
                    "black_list": [],
                    "cache": [],
                    "transform": [],
                    "transform_response": [],
                    "transform_headers": [],
                    "transform_response_headers": [],
                    "hard_timeouts": [],
                    "circuit_breakers": [],
                    "url_rewrites": [],
                    "virtual": [],
                    "size_limits": [],
                    "method_transforms": []
                },
                "global_headers": {},
                "global_headers_remove": [],
                "global_size_limit": 0,
                "override_target": ""
            }
        }
    },
    "uptime_tests": {
        "check_list": [],
        "config": {
            "expire_utime_after": 0,
            "service_discovery": {
                "use_discovery_service": false,
                "query_endpoint": "",
                "use_nested_query": false,
                "parent_data_path": "",
                "data_path": "",
                "port_data_path": "",
                "target_path": "",
                "use_target_list": false,
                "cache_timeout": 60,
                "endpoint_returns_list": false
            },
            "recheck_wait": 0
        }
    },
    "proxy": {
        "preserve_host_header": false,
        "listen_path": "/",
        "target_url": "http://httpbin.org/",
        "strip_listen_path": true,
        "enable_load_balancing": false,
        "target_list": [],
        "check_host_against_uptime_tests": false,
        "service_discovery": {
            "use_discovery_service": false,
            "query_endpoint": "",
            "use_nested_query": false,
            "parent_data_path": "",
            "data_path": "hostname",
            "port_data_path": "port",
            "target_path": "/api-slug",
            "use_target_list": false,
            "cache_timeout": 60,
            "endpoint_returns_list": false
        }
    },
    "custom_middleware": {
        "pre": [],
        "post": [],
        "response": []
    },
    "cache_options": {
        "cache_timeout": 60,
        "enable_cache": true,
        "cache_all_safe_requests": false,
        "cache_response_codes": [],
        "enable_upstream_cache_control": false
    },
    "session_lifetime": 0,
    "active": true,
    "auth_provider": {
        "name": "",
        "storage_engine": "",
        "meta": {}
    },
    "session_provider": {
        "name": "",
        "storage_engine": "",
        "meta": null
    },
    "event_handlers": {
        "events": {}
    },
    "enable_batch_request_support": false,
    "enable_ip_whitelisting": false,
    "allowed_ips": [],
    "dont_set_quota_on_create": false,
    "expire_analytics_after": 0,
    "response_processors": [],
    "CORS": {
        "enable": false,
        "allowed_origins": [],
        "allowed_methods": [],
        "allowed_headers": [],
        "exposed_headers": [],
        "allow_credentials": false,
        "max_age": 24,
        "options_passthrough": false,
        "debug": false
    },
    "domain": "docker.example.com",
    "do_not_track": false,
    "tags": [],
    "enable_context_vars": false
}

Hi, can you share the full log output? It would be interesting to look at the first messages.

time="Jul  8 14:20:16" level=info msg="Reset quota for key." inbound-key=a976a5c984cb41a146b7cb2c6af22b76 key=quota-2b3be4b9
2016/07/08 14:20:16 http: panic serving 192.168.99.1:51806: runtime error: invalid memory address or nil pointer dereference
goroutine 276 [running]:
net/http.(*conn).serve.func1(0xc820227200)
	/usr/local/go/src/net/http/server.go:1389 +0xc1
panic(0xd25820, 0xc820010070)
	/usr/local/go/src/runtime/panic.go:426 +0x4e9
main.createKeyHandler(0x7f796c0ec1f8, 0xc820199d40, 0xc8200735e0)
	/home/tyk/go/src/github.com/lonelycode/tyk/api.go:1315 +0x141b
main.CheckIsAPIOwner.func1(0x7f796c0ec1f8, 0xc820199d40, 0xc8200735e0)
	/home/tyk/go/src/github.com/lonelycode/tyk/middleware_api_security_handler.go:24 +0xe1
net/http.HandlerFunc.ServeHTTP(0xc8203d18a0, 0x7f796c0ec1f8, 0xc820199d40, 0xc8200735e0)
	/usr/local/go/src/net/http/server.go:1618 +0x3a
github.com/gorilla/mux.(*Router).ServeHTTP(0xc8205bfe00, 0x7f796c0ec1f8, 0xc820199d40, 0xc8200735e0)
	/home/tyk/go/src/github.com/gorilla/mux/mux.go:98 +0x29e
net/http.(*ServeMux).ServeHTTP(0xc8206cb5c0, 0x7f796c0ec1f8, 0xc820199d40, 0xc8200735e0)
	/usr/local/go/src/net/http/server.go:1910 +0x17d
net/http.serverHandler.ServeHTTP(0xc82035f980, 0x7f796c0ec1f8, 0xc820199d40, 0xc8200735e0)
	/usr/local/go/src/net/http/server.go:2081 +0x19e
net/http.(*conn).serve(0xc820227200)
	/usr/local/go/src/net/http/server.go:1472 +0xf2e
created by net/http.(*Server).Serve
	/usr/local/go/src/net/http/server.go:2137 +0x44e

Sorry, I meant the Tyk startup log messages.

For example, when I start Tyk I get something like this:

[Jul  8 10:27:22]  INFO Connection dropped, connecting..
[Jul  8 10:27:22]  INFO host-check-mgr: Starting Poller
[Jul  8 10:27:22]  INFO main: Setting up Server
[Jul  8 10:27:22]  INFO main: --> Standard listener (http)

Well I think I found the issue. I defined two APIs with path overlap.

time="Jul  8 12:09:42" level=warning msg="Reloader timed out! Removing sentinel"
time="Jul  8 12:09:46" level=info msg="Detected 5 APIs"
time="Jul  8 12:09:46" level=info msg="Loading API configurations."
time="Jul  8 12:09:46" level=info msg="--> Loading API: Portal Assets"
time="Jul  8 12:09:46" level=info msg="----> Tracking: www.tyk-portal-test.com"
time="Jul  8 12:09:46" level=info msg="----> Checking security policy: Open"
time="Jul  8 12:09:46" level=info msg="--> Loading API: Portal API"
time="Jul  8 12:09:46" level=info msg="----> Tracking: www.tyk-portal-test.com"
time="Jul  8 12:09:46" level=info msg="----> Checking security policy: Open"
time="Jul  8 12:09:46" level=info msg="--> Loading API: Portal"
time="Jul  8 12:09:46" level=info msg="----> Tracking: www.tyk-portal-test.com"
time="Jul  8 12:09:46" level=info msg="----> Checking security policy: Open"
time="Jul  8 12:09:46" level=info msg="--> Loading API: test"
time="Jul  8 12:09:46" level=info msg="----> Tracking: docker.example.com"
time="Jul  8 12:09:46" level=info msg="----> Checking security policy: Open"
time="Jul  8 12:09:46" level=info msg="--> Loading API: test auth"
time="Jul  8 12:09:46" level=error msg="Duplicate listen path found, skipping. API ID: f36b90007f594c8f70875078f49f74d6"
time="Jul  8 12:09:46" level=warning msg="----> Skipped!"
time="Jul  8 12:09:46" level=info msg="Loading uptime tests..."
time="Jul  8 12:09:46" level=info msg="Initialised API Definitions"
time="Jul  8 12:09:46" level=info msg="API reload complete"

The problem occurred afterwards and disappeared once I removed one of the two APIs. Thanks for the pointer.

I see, you’re welcome!

However staying with the httpbin.org example I would like to achieve the following:

tyk endpoint -> origin endpoint
tyk/ip -> httpbin.org/ip with authentication mode set to HMAC
tyk/html -> httpbin.org/html without authentication mode set

I was creating two APIs that share the same Custom Domain and Listen path settings. That lead the the error above.

Is the scenario described above possible with tyk?

Thanks for having a look into that.

The scenario you’re describing could be achieved by using httpbin.org/ip as API 1 and httpbin.org/html as API 2, having both in the same API and with different authentication modes is not possible!