App connection closed before request/response completed


Node app running on single VM in US.
The app takes an incoming request (every 4 hours), responds quickly with a 202 and then does a bunch of work and that is that.
From the fly logs output we can see if the app did its job smoothly, and typically all is well.
The past 4 times though, after the app was done with its work, the fly logs show something like:

2021-12-23T03:35:01.518 proxy[0659ff0f] ams [error] error.code=2003 error.message="App connection closed before request/response completed" request.method="CONNECT" request.url="""01FQJNPF1BDEKJCFPQA1CH7BSK" response.status=502

What is this?
Interesting is the timestamp. Another service of ours sends the request to the app every 4 hours (00, 04, etc) so this error at 03:35 is weird.

In the other error entries in the fly logs output, the value of request.url is e.g. and

The app does not crash or anything and the next scheduled job runs fine on it, but I’d like to understand this.

Since every app gets its own IP address, it’s possible you’re just getting spam with the Host header set to those values. The connection closing might happen if it’s a malformed request being rejected. Do you have any authentication on your service?

Just to be clear, is this a request you were expecting or a weird one from someone else spidering/spamming your IP?

That specific error means the Node app closed the connection before sending an HTTP response.

This is a weird and unexpected request.
While the app is publicly available, it acts as a helper component in our service and is only used ‘internally’.

Makes sense to assume this is a request to our IP that is spam/spider or something else, but that goes through a Fly proxy first.
Does the proxy send the request with method CONNECT to our app or is that method from the request that came into Fly?

Is it correct the request to our app was for host on port 443 if the log entry shows request.url="" ?

That request is probably not to, it’s likely something setting headers to spoof things.

Requests to your IP hit our proxy and then we naively forward them along. So if the method was CONNECT, that’s the request we received.

We’re shipping a feature to force SSL redirects that will stop most of these as a side effect. For now, you can just ignore them.