How to obtain human-readable mercurial push-command traffic example - mercurial

I am doing push using mercurial hg to bitbucket.org using https.
There is a bunch of changes to text files and also binary files added. So I would like to capture the real traffic of this command in http format to analyze. How can I make it? Or at least inspecting an example of captured human-readable push would be great.
There is a link for mercurial wire protocol, but no example how it might really look.


There are a couple of proxies (http://mitmproxy.org/ is popular, I really like http://www.charlesproxy.com/) which can MITM the HTTPS connection… However, it might be simpler to start a local Mercurial server, then sniff that connection:
$ cd some-hg-repo/
$ hg serve
… listening at http://127.0.0.1:8000/ …
Then fire up your packet sniffer watching on the loopback interface, and from another shell:
% hg clone http://127.0.0.1:8000/ repo-clone
% cd repo-clone
% fortune > foo.c
% hg commit -m "change to foo"
% hg push
And here's a bit of what it looks like:
$ sudo tcpdump -i lo0 -A 'tcp port 8000 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'
03:15:05.515867 IP localhost.52031 > localhost.irdmi: Flags [P.], seq 2116430132:2116430284, ack 835526317, win 40830, options [nop,nop,TS val 269453377 ecr 269453377], length 152
E....2#.#............?.#~&)41......~.......
...A...AGET /?cmd=capabilities HTTP/1.1
Accept-Encoding: identity
host: localhost:8000
accept: application/mercurial-0.1
user-agent: mercurial/proto-1.0
… snip …
03:15:05.516780 IP localhost.irdmi > localhost.52031: Flags [P.], seq 173:303, ack 152, win 40830, options [nop,nop,TS val 269453378 ecr 269453378], length 130
E...8b#.#............#.?1..Y~&)....~.......
...B...Blookup changegroupsubset branchmap pushkey known getbundle unbundlehash batch stream unbundle=HG10GZ,HG10BZ,HG10UN httpheader=1024
GET /?cmd=batch HTTP/1.1
Accept-Encoding: identity
x-hgarg-1: cmds=heads+%3Bknown+nodes%3D
host: localhost:8000
vary: X-HgArg-1
accept: application/mercurial-0.1
user-agent: mercurial/proto-1.0
…snip…
03:15:05.528852 IP localhost.irdmi > localhost.52033: Flags [P.], seq 474:516, ack 355, win 40830, options [nop,nop,TS val 269453389 ecr 269453389], length 42
E..^.h#.#............#.A.W...,.....~.R.....
...M...M92550c48fd2dc2c112ac88215eff29a5012abff1
;
03:15:05.529756 IP localhost.52033 > localhost.irdmi: Flags [P.], seq 355:628, ack 516, win 40830, options [nop,nop,TS val 269453390 ecr 269453389], length 273
E..E.N#.#............A.#.,...W.....~.9.....
...N...MGET /?cmd=getbundle HTTP/1.1
Accept-Encoding: identity
x-hgarg-1: common=0000000000000000000000000000000000000000&heads=92550c48fd2dc2c112ac88215eff29a5012abff1
host: localhost:8000
vary: X-HgArg-1
accept: application/mercurial-0.1
user-agent: mercurial/proto-1.0
…snip…
03:15:05.535163 IP localhost.irdmi > localhost.52033: Flags [P.], seq 688:6194, ack 628, win 40830, options [nop,nop,TS val 269453395 ecr 269453394], length 5506
E...AZ#.#............#.A.W...,.....~.......
........]..>O..3.x....L .-.....I.mh....M}.i!..Bh8.PL. .O
1iB ...C.....4.4....:...H..w....7.\..#.{.p.......-g.....^u....5...H...MWu.#....c.C4Y^19QP....l.....1.d.ukh.5..M.....k.A..<'.2..,.2.......{.q.(?.....rc"._.........m.xx.';...]V_0..e..j..{....OWf.n........J.bZ&kVXAR4...!....*..J.b..x.....#.Y..P........e.i;#....c.F..._.m.a|. .........=.
… snip …

Related

Using hping to inject packet into TCP netcat connection

I have a netcat connection open between a server and a client and i am trying to craft a packet using hping to print the text on the client.
My issue is I am able to craft a very similar packet to what is needed but I am missing the TCP options that are in the packets that are sent from server to the client via netcat.
here is my hping command
hping3 -A -y -M 717766814 -L 3830111434 -N 37033 -w 227 -b -p 55526 -s 5555 -P 192.168.0.116 -c 1 -d 8 -E task4.txt
here is the packet i craft
11:16:45.116157 00:a0:98:64:9f:40 > 00:a0:98:36:c8:07, ethertype IPv4 (0x0800), length 62: (tos 0x0, ttl 64, id 37033, offset 0, flags [DF], proto TCP (6), length 48)
192.168.0.216.5555 > 192.168.0.116.55526: Flags [P.], cksum 0x5600 (incorrect -> 0x0355), seq 717766814:717766822, ack 3830111434, win 227, length 8
0x0000: 4500 0030 90a9 4000 4006 2782 c0a8 00d8 E..0..#.#.'.....
0x0010: c0a8 0074 15b3 d8e6 2ac8 409e e44a dcca ...t....*.#..J..
0x0020: 5018 00e3 5600 0000 4243 4445 4647 410a P...V...BCDEFGA.
the actual packet i need to craft
11:16:52.352624 00:a0:98:64:9f:40 > 00:a0:98:36:c8:07, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 64, id 38493, offset 0, flags [DF], proto TCP (6), length 60)
192.168.0.216.5555 > 192.168.0.116.55526: Flags [P.], cksum 0x82cb (incorrect -> 0x0ce8), seq 717766814:717766822, ack 3830111434, win 227, options [nop,nop,TS val 1099353487 ecr 208117467], length 8
0x0000: 4500 003c 965d 4000 4006 21c2 c0a8 00d8 E..<.]#.#.!.....
0x0010: c0a8 0074 15b3 d8e6 2ac8 409e e44a dcca ...t....*.#..J..
0x0020: 8018 00e3 82cb 0000 0101 080a 4186 cd8f ............A...
0x0030: 0c67 9edb 4142 4344 4546 470a .g..ABCDEFG.
the packets are identical other than missing the options and the checksum
How can i add the options to my crafted packet or is there a another method to getting test to appear on the client using hping?

As you saw, hping3 does not provide a way to set TCP options out-of-the-box.
However, good news is that the TCP options are right next to the TCP payload in the packet. So you can prepend your data with the TCP options:
Instead of just the data, put the TCP options + data in the file you provide to hping3:
echo "0101080a4186cd8f0c679edb414243444546470a" | python3 -c "import sys, binascii; sys.stdout.buffer.write(binascii.unhexlify(input().strip()))" > /tmp/task4.txt
Send using hping3, you will need to change the data size to 20 and set the data offset to 8 (default data offset is 5 32 bits words) to properly identify the added TCP options:
-O --tcpoff
Set fake tcp data offset. Normal data offset is tcphdrlen / 4.
hping3 -A -y -M 717766814 -L 3830111434 -N 37033 -w 227 -b -p 55526 -s 5555 -P 192.168.134.161 -c 1 -d 20 -O 8 -E task4.txt
Resulting crafted packet:
08:27:07.956095 IP (tos 0x0, ttl 64, id 37033, offset 0, flags [DF], proto TCP (6), length 60)
192.168.134.142.5555 > 192.168.134.161.55526: Flags [P.], cksum 0x5451 (incorrect -> 0x0104), seq 0:8, ack 1, win 227, options [nop,nop,TS val 1099353487 ecr 208117467], length 8
0x0000: 4500 003c 90a9 4000 4006 1b92 c0a8 868e E..<..#.#.......
0x0010: c0a8 86a1 15b3 d8e6 2ac8 409e e44a dcca ........*.#..J..
0x0020: 8018 00e3 5451 0000 0101 080a 4186 cd8f ....TQ......A...
0x0030: 0c67 9edb 4142 4344 4546 470a .g..ABCDEFG.

Zabbix Server behind HAProxy

Hi my infrastructure of zabbix servers looks like this:
Two Zabbix Servers are behind HAProxy Servers in Active/Passive mode. Part of haproxy.cfg from one of the HAProxy server.
frontend ha-monit-app
bind :10051
mode tcp
default_backend monit-app
backend monit-app
server monit-app-01 10.164.0.10:10051 check
server monit-app-02 10.156.0.10:10051 check backup
There are two HAProxy servers with the same configuration and switched using failover ip 172.31.255.254
I've checked with nmap & ping is the failover ip available from other nodes, specially from zabbix web server (frontend) and here those results:
PING 172.31.255.254 (172.31.255.254) 56(84) bytes of data.
64 bytes from 172.31.255.254: icmp_seq=1 ttl=64 time=1.43 ms
64 bytes from 172.31.255.254: icmp_seq=2 ttl=64 time=0.284 ms
64 bytes from 172.31.255.254: icmp_seq=3 ttl=64 time=0.326 ms
64 bytes from 172.31.255.254: icmp_seq=4 ttl=64 time=0.306 ms
64 bytes from 172.31.255.254: icmp_seq=5 ttl=64 time=0.277 ms
--- 172.31.255.254 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4054ms
rtt min/avg/max/mdev = 0.277/0.525/1.433/0.454 ms
nmap -Pn -p 10051 172.31.255.254
Starting Nmap 7.40 ( https://nmap.org ) at 2018-06-15 00:59 CEST
Nmap scan report for 172.31.255.254
Host is up (0.0012s latency).
PORT STATE SERVICE
10051/tcp open zabbix-trapper
Nmap done: 1 IP address (1 host up) scanned in 0.29 seconds
telnet 172.31.255.254 10051
Trying 172.31.255.254...
Connected to 172.31.255.254.
Escape character is '^]'.
^CConnection closed by foreign host.
So everything looks good. That's why on frontend server in zabbix.conf.php I've set following values:
$ZBX_SERVER = '172.31.255.254';
$ZBX_SERVER_PORT = '10051';
$ZBX_SERVER_NAME = 'Zabbix GCP HAProxy';
But I see that this doesn't work on frontend at all
This a Zabbix Frontend / Status of Zabbix Server
I'm adding tcpdumps
=========== tcpdump ==============
Listening on Active HAProxy (10.164.0.3 / 172.31.255.254 Floating IP) for Active Zabbix Server (monit-app-01 - 10.156.0.10)
tcpdump -n host 10.156.0.10
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
10:11:44.301714 IP 10.164.0.3.60374 > 10.156.0.10.10051: Flags [S], seq 904325550, win 28400, options [mss 1420,sackOK,TS val 11110278 ecr 0,nop,wscale 7], length 0
10:11:44.308930 IP 10.156.0.10.10051 > 10.164.0.3.60374: Flags [S.], seq 1332485152, ack 904325551, win 28160, options [mss 1420,sackOK,TS val 12859862 ecr 11110278,nop,wscale 7], length 0
10:11:44.309007 IP 10.164.0.3.60374 > 10.156.0.10.10051: Flags [R.], seq 1, ack 1, win 222, options [nop,nop,TS val 11110280 ecr 12859862], length 0
10:11:46.309574 IP 10.164.0.3.60378 > 10.156.0.10.10051: Flags [S], seq 355584253, win 28400, options [mss 1420,sackOK,TS val 11110780 ecr 0,nop,wscale 7], length 0
10:11:46.316691 IP 10.156.0.10.10051 > 10.164.0.3.60378: Flags [S.], seq 3081623376, ack 355584254, win 28160, options [mss 1420,sackOK,TS val 12860364 ecr 11110780,nop,wscale 7], length 0
10:11:46.316769 IP 10.164.0.3.60378 > 10.156.0.10.10051: Flags [R.], seq 1, ack 1, win 222, options [nop,nop,TS val 11110782 ecr 12860364], length 0
Listening on Active HAProxy (10.164.0.3 / 172.31.255.254 Floating IP) for Zabbix Frontend (monit-front-01 - 10.164.0.7)
sudo tcpdump -n host 10.164.0.7
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
10:18:44.549679 IP 10.164.0.7.56084 > 172.31.255.254.10051: Flags [S], seq 3124977895, win 28400, options [mss 1420,sackOK,TS val 10621333 ecr 0,nop,wscale 7], length 0
10:18:44.549729 IP 172.31.255.254.10051 > 10.164.0.7.56084: Flags [S.], seq 1251960166, ack 3124977896, win 28160, options [mss 1420,sackOK,TS val 11215340 ecr 10621333,nop,wscale 7], length 0
10:18:44.550406 IP 10.164.0.7.56084 > 172.31.255.254.10051: Flags [.], ack 1, win 222, options [nop,nop,TS val 10621334 ecr 11215340], length 0
10:18:44.550576 IP 10.164.0.7.56084 > 172.31.255.254.10051: Flags [P.], seq 1:80, ack 1, win 222, options [nop,nop,TS val 10621334 ecr 11215340], length 79
10:18:44.550587 IP 172.31.255.254.10051 > 10.164.0.7.56084: Flags [.], ack 80, win 220, options [nop,nop,TS val 11215340 ecr 10621334], length 0
10:18:44.550620 IP 172.31.255.254.10051 > 10.164.0.7.56084: Flags [F.], seq 1:189, ack 80, win 220, options [nop,nop,TS val 11215340 ecr 10621334], length 188
10:18:44.550843 IP 10.164.0.7.56084 > 172.31.255.254.10051: Flags [F.], seq 80, ack 190, win 231, options [nop,nop,TS val 10621334 ecr 11215340], length 0
10:18:44.550849 IP 172.31.255.254.10051 > 10.164.0.7.56084: Flags [.], ack 81, win 220, options [nop,nop,TS val 11215340 ecr 10621334], length 0
10:18:47.820231 IP 10.164.0.7.56092 > 172.31.255.254.10051: Flags [S], seq 3701025043, win 28400, options [mss 1420,sackOK,TS val 10622151 ecr 0,nop,wscale 7], length 0
10:18:47.820304 IP 172.31.255.254.10051 > 10.164.0.7.56092: Flags [S.], seq 3543291301, ack 3701025044, win 28160, options [mss 1420,sackOK,TS val 11216157 ecr 10622151,nop,wscale 7], length 0
10:18:47.820562 IP 10.164.0.7.56092 > 172.31.255.254.10051: Flags [.], ack 1, win 222, options [nop,nop,TS val 10622151 ecr 11216157], length 0
10:18:47.820665 IP 10.164.0.7.56092 > 172.31.255.254.10051: Flags [P.], seq 1:80, ack 1, win 222, options [nop,nop,TS val 10622151 ecr 11216157], length 79
10:18:47.820672 IP 172.31.255.254.10051 > 10.164.0.7.56092: Flags [.], ack 80, win 220, options [nop,nop,TS val 11216158 ecr 10622151], length 0
10:18:47.820707 IP 172.31.255.254.10051 > 10.164.0.7.56092: Flags [F.], seq 1:189, ack 80, win 220, options [nop,nop,TS val 11216158 ecr 10622151], length 188
10:18:47.820947 IP 10.164.0.7.56092 > 172.31.255.254.10051: Flags [F.], seq 80, ack 190, win 231, options [nop,nop,TS val 10622151 ecr 11216158], length 0
10:18:47.820957 IP 172.31.255.254.10051 > 10.164.0.7.56092: Flags [.], ack 81, win 220, options [nop,nop,TS val 11216158 ecr 10622151], length 0
And I get NOSRV in haproxy.log
=============== HAProxy =============
Jun 15 10:34:49 ha-monit-app-01-6zxn haproxy[1471]: 10.164.0.7:58088 [15/Jun/2018:10:34:49.680] ha-monit-app monit-app/<NOSRV> -1/-1/0 188 PR 0/0/0/0/3 0/0
Jun 15 10:34:50 ha-monit-app-01-6zxn haproxy[1471]: 10.164.0.7:58096 [15/Jun/2018:10:34:50.646] ha-monit-app monit-app/<NOSRV> -1/-1/0 188 PR 0/0/0/0/3 0/0
Jun 15 10:35:00 ha-monit-app-01-6zxn haproxy[1471]: 10.164.0.7:58112 [15/Jun/2018:10:35:00.927] ha-monit-app monit-app/<NOSRV> -1/-1/0 188 PR 1/1/1/0/3 0/0
Jun 15 10:35:00 ha-monit-app-01-6zxn haproxy[1471]: 10.164.0.7:58110 [15/Jun/2018:10:35:00.927] ha-monit-app monit-app/<NOSRV> -1/-1/0 188 PR 0/0/0/0/3 0/0
Jun 15 10:35:11 ha-monit-app-01-6zxn haproxy[1471]: 10.164.0.7:58130 [15/Jun/2018:10:35:11.839] ha-monit-app monit-app/<NOSRV> -1/-1/0 188 PR 0/0/0/0/3 0/0
Jun 15 10:35:11 ha-monit-app-01-6zxn haproxy[1471]: 10.164.0.7:58132 [15/Jun/2018:10:35:11.853] ha-monit-app monit-app/<NOSRV> -1/-1/0 188 PR 0/0/0/0/3 0/0
Jun 15 10:35:22 ha-monit-app-01-6zxn haproxy[1471]: 10.164.0.7:58150 [15/Jun/2018:10:35:22.672] ha-monit-app monit-app/<NOSRV> -1/-1/0 188 PR 1/1/1/0/3 0/0
Jun 15 10:35:22 ha-monit-app-01-6zxn haproxy[1471]: 10.164.0.7:58148 [15/Jun/2018:10:35:22.672] ha-monit-app monit-app/<NOSRV> -1/-1/0 188 PR 0/0/0/0/3 0/0
Jun 15 10:35:32 ha-monit-app-01-6zxn haproxy[1471]: 10.164.0.7:58182 [15/Jun/2018:10:35:32.712] ha-monit-app monit-app/<NOSRV> -1/-1/0 188 PR 0/0/0/0/3 0/0
Jun 15 10:35:33 ha-monit-app-01-6zxn haproxy[1471]: 10.164.0.7:58196 [15/Jun/2018:10:35:33.793] ha-monit-app monit-app/<NOSRV> -1/-1/0 188 PR 0/0/0/0/3 0/0
Jun 15 10:35:43 ha-monit-app-01-6zxn haproxy[1471]: 10.164.0.7:58204 [15/Jun/2018:10:35:43.707] ha-monit-app monit-app/<NOSRV> -1/-1/0 188 PR 0/0/0/0/3 0/0
Jun 15 10:35:44 ha-monit-app-01-6zxn haproxy[1471]: 10.164.0.7:58212 [15/Jun/2018:10:35:44.742] ha-monit-app monit-app/<NOSRV> -1/-1/0 188 PR 0/0/0/0/3 0/0
status of HAProxy from stats

It's solved
Missing obvious parameter in the backend section
mode: tcp
defaults
log global
mode http
option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
frontend ha-monit-app
bind :10051
mode tcp
default_backend monit-app
backend monit-app
mode tcp <-- this one
server monit-app-01 10.156.0.10:10051 check
server monit-app-02 10.164.0.10:10051 check backup
listen stats
bind :80
mode http
stats enable
stats uri /
stats hide-version
stats realm Zabbix\ Server\ HAProxy
stats auth xxxx:xxxx
It was using http on backends because it was a default parameter from
defaults
mode http

fiware-orion NGSIv2 update context

I created a small stack using with orion and the populated mongodb from the tour guide app.
I don't understand why the updates queries are not working :(
if I query the context:
curl -s -X GET -H "Accept: text/plain" -H "fiware-service: tourguide" 'http://localhost:1026/v2/entities/0115206c51f60b48b77e4c937835795c33bb953f/attrs/capacity/value'
I get correctly the value "50"
if I update the value, following the query examples:
curl -s -v -X PUT -H "Accept: text/plain" -H "fiware-service: tourguide" -H "Content-Type: text/plain" 'http://160.85.2.22:1026/v2/entities/0115206c51f60b48b77e4c937835795c33bb953f/attrs/capacity/value' -d 52
i get error "The requested entity has not been found. Check type and id"
* Trying 160.85.2.22...
* Connected to 160.85.2.22 (160.85.2.22) port 1026 (#0)
> PUT /v2/entities/0115206c51f60b48b77e4c937835795c33bb953f/attrs/capacity/value?type=Restaurant HTTP/1.1
> Host: 160.85.2.22:1026
> User-Agent: curl/7.47.0
> Accept: application/json
> fiware-service: tourguide
> Content-Type: text/plain
> Content-Length: 2
>
} [2 bytes data]
* upload completely sent off: 2 out of 2 bytes
< HTTP/1.1 404 Not Found
< Connection: Keep-Alive
< Content-Length: 95
< Content-Type: application/json
< Fiware-Correlator: 9d2f4164-48f3-11e6-af87-0242ac110004
< Date: Wed, 13 Jul 2016 12:16:23 GMT
<
{ [95 bytes data]
* Connection #0 to host 160.85.2.22 left intact
{
"description": "The requested entity has not been found. Check type and id",
"error": "NotFound"
}

As far as I understand, you are using the context data of the FIWARE Tour Guide Application. In that context data, Restaurant entities belong to different service paths. In particular, each Resturant belong to a service path corresponding to the value of its department attribute.
Thus, have a look to the department attribute of the 0115206c51f60b48b77e4c937835795c33bb953f entity (using the Fiware-Service header: "tourguide"). If the value of the attribute is for example "Franchise4" then you have to use the following service path header in your PUT request (pay attention to the initial /):
-H "fiware-servicepath: /Franchise4"
Why GET request on attribute value is working without service path header while PUT request on attribute value isn't? When the header is omitted, query requests default to /# (which means "any service path") while create/udpate requests default to / (which is the root service path, which doesn't match with /Franchise4).

Error Accessing Data Volumes for MobileFirst Platform Analytics Container on Bluemix

I am creating MobileFirst container groups on Bluemix. My issue is with creating the Analytics container group. I have edited the appropriate .properties files, and in args/startanalyticsgroup.properties, I have set ENABLE_ANALYTICS_DATA_VOLUME=Y and ANALYTICS_DATA_VOLUME_NAME=mfp_analytics_$ANALYTICS_CONTAINER_GROUP_NAME.
When I execute the ./startanalyticsgroup.sh args/startanalyticsgroup.properties the volume gets created successfully. However, as the script continues to process it throws an error saying the data volume cannot be retrieved. The error message is below. Thank you in advance for any assistance you can provide.
./startanalyticsgroup.sh args/startanalyticsgroup.properties
Arguments :
-----------
ANALYTICS_IMAGE_NAME : registry.ng.bluemix.net/dockercontainerrepo/mfpanalytics71
ANALYTICS_CONTAINER_GROUP_NAME : mfpAnalytics
ANALYTICS_CONTAINER_GROUP_MIN : 1
ANALYTICS_CONTAINER_GROUP_MAX : 2
ANALYTICS_CONTAINER_GROUP_DESIRED : 1
ENABLE_AUTORECOVERY : Y
ANALYTICS_CONTAINER_GROUP_HOST : mfpanalytics
ANALYTICS_CONTAINER_GROUP_DOMAIN : mybluemix.net
SERVER_MEM : 2048
TRACE_SPEC :
MAX_LOG_FILES :
MAX_LOG_FILE_SIZE :
MFPF_PROPERTIES :
ENABLE_VOLUME : N
ENABLE_ANALYTICS_DATA_VOLUME : Y
ANALYTICS_DATA_VOLUME_NAME : mfp_analytics_mfpAnalytics
ANALYTICS_DATA_DIRECTORY : /analyticsData
The volume mfp_analytics_mfpAnalytics will be created to store analytics data.
OK
Volume 'mfp_analytics_mfpAnalytics' was created.
Starting the analytics container group : mfpAnalytics
Executing command : cf ic group create --name mfpAnalytics -n mfpanalytics -d mybluemix.net -m 2048 --min 1 --max 2 --desired 1 -p 9080 --auto -v mfp_analytics_mfpAnalytics:/analyticsData -e ANALYTICS_DATA_DIRECTORY=/analyticsData -e ANALYTICS_TRACE_LEVEL=*~info -e ANALYTICS_MAX_LOG_FILES=5 -e ANALYTICS_MAX_LOG_FILE_SIZE=20 registry.ng.bluemix.net/dockercontainerrepo/mfpanalytics71
REQUEST: [2016-05-19T13:43:03-04:00]
POST /UAALoginServerWAR/oauth/token HTTP/1.1
Host: login.ng.bluemix.net
Accept: application/json
Authorization: [PRIVATE DATA HIDDEN]
Content-Type: application/x-www-form-urlencoded
User-Agent: go-cli 6.17.0+5d0be0a / darwin
grant_type=refresh_token&refresh_token=eyJhbGciOiJIUzI1NiJ9.eyJqdGkiOiI5ZTgzZmQyZS00Y2MxLTQ4OWUtODA1Yi1lYWNjMzcyOWYzNDEtciIsInN1YiI6ImZlMzU4Y2IwLWNmYjYtNDI3MC05NmMyLTYyNzVmNTA5NjI1OCIsInNjb3BlIjpbIm9wZW5pZCIsImNsb3VkX2NvbnRyb2xsZXIucmVhZCIsInBhc3N3b3JkLndyaXRlIiwiY2xvdWRfY29udHJvbGxlci53cml0ZSJdLCJpYXQiOjE0NjM2NzkxNjYsImV4cCI6MTQ2NjI3MTE2NiwiY2lkIjoiY2YiLCJjbGllbnRfaWQiOiJjZiIsImlzcyI6Imh0dHBzOi8vdWFhLm5nLmJsdWVtaXgubmV0L29hdXRoL3Rva2VuIiwiemlkIjoidWFhIiwiZ3JhbnRfdHlwZSI6InBhc3N3b3JkIiwidXNlcl9uYW1lIjoibG9uZ3RAdXMuaWJtLmNvbSIsIm9yaWdpbiI6InVhYSIsInVzZXJfaWQiOiJmZTM1OGNiMC1jZmI2LTQyNzAtOTZjMi02Mjc1ZjUwOTYyNTgiLCJyZXZfc2lnIjoiZmI2ZjZkZmEiLCJhdWQiOlsiY2YiLCJvcGVuaWQiLCJjbG91ZF9jb250cm9sbGVyIiwicGFzc3dvcmQiXX0.QXXRHERyg5JbAg2l8Jx7O7e-JRC4vgwmrgDMWPjm2LQ&scope=
RESPONSE: [2016-05-19T13:43:03-04:00]
HTTP/1.1 200 OK
Transfer-Encoding: chunked
Cache-Control: no-cache, no-store, max-age=0, must-revalidate,no-store
Connection: Keep-Alive
Content-Type: application/json;charset=UTF-8
Date: Thu, 19 May 2016 17:43:03 GMT
Expires: 0
Pragma: no-cache,no-cache
Server: Apache-Coyote/1.1
X-Backside-Transport: OK OK,OK OK
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Global-Transaction-Id: 1067898045
X-Powered-By: Servlet/3.1
X-Xss-Protection: 1; mode=block
699
{"access_token":"[PRIVATE DATA HIDDEN]","token_type":"bearer","refresh_token":"[PRIVATE DATA HIDDEN]","expires_in":43200,"scope":"cloud_controller.read password.write cloud_controller.write openid","jti":"cd2c3f32-be0e-4b35-acb0-058f0e49fac1"}
0
FAILED
"{\n \"code\": \"IC5051E\", \n \"description\": \"The image registry.ng.bluemix.net/mfp_analytics_mfpAnalytics:/analyticsData could not be retrieved. Verify that the image ID or name is correct.\", \n \"incident_id\": \"740-1463679783.961-19195817\", \n \"name\": \"ImageNotFound\", \n \"rc\": \"404\", \n \"type\": \"Infrastructure\"\n}"

The latest version of 'cf' (6.17+) is now pulling out the -v parameter for its own usage.
Use --volume instead of -v should fix it:
e.g.:
cf ic group create --name mfpAnalytics -n mfpanalytics -d mybluemix.net -m 2048 --min 1 --max 2 --desired 1 -p 9080 --auto --volume mfp_analytics_mfpAnalytics:/analyticsData -e ANALYTICS_DATA_DIRECTORY=/analyticsData -e ANALYTICS_TRACE_LEVEL=*~info -e ANALYTICS_MAX_LOG_FILES=5 -e ANALYTICS_MAX_LOG_FILE_SIZE=20 registry.ng.bluemix.net/dockercontainerrepo/mfpanalytics71
Or, simpler, switch back to cf version 6.16 for now.

What's the difference of $host and $http_host in Nginx

In Nginx, what's the difference between variables $host and $http_host.

$host is a variable of the Core module.
$host
This variable is equal to line Host in the header of request or
name of the server processing the request if the Host header is not
available.
This variable may have a different value from $http_host in such
cases: 1) when the Host input header is absent or has an empty value,
$host equals to the value of server_name directive; 2)when the value
of Host contains port number, $host doesn't include that port number.
$host's value is always lowercase since 0.8.17.
$http_host is also a variable of the same module but you won't find it with that name because it is defined generically as $http_HEADER (ref).
$http_HEADER
The value of the HTTP request header HEADER when converted to lowercase and with 'dashes' converted to 'underscores', e.g. $http_user_agent, $http_referer...;
Summarizing:
$http_host equals always the HTTP_HOST request header.
$host equals $http_host, lowercase and without the port number (if present), except when HTTP_HOST is absent or is an empty value. In that case, $host equals the value of the server_name directive of the server which processed the request.

The accepted answer and its comments don't seem to be correct (anymore). The docs (http://nginx.org/en/docs/http/ngx_http_core_module.html#var_host) say that $host is
in this order of precedence: host name from the request line, or host name from the “Host” request header field, or the server name matching a request
So $http_host is always the value of the Host header field. They might differ if the host in the request line (if specified) differs from the Host header field. Or if the Host header is not set.
server_name matches only the Host header field (http://nginx.org/en/docs/http/request_processing.html), so that $host may differ from the matched server_name.

$http_host
$http_host always equals Host request header field
Host: example.org
$host
$host is in this order of precedence (from high to low):
Host name from the request line
GET http://example.org/test/ HTTP/1.1
Host request header field
The server_name (in Nginx config) matching a request, even if server_name is wildcard (Ex: server_name *.example.org;)
Host name from the request line
When open URL http://example.org/test/ ...
Most browser send the request like this
GET /test/ HTTP/1.1
Host: example.org
Most browser doesn't send the request like this (but this is valid request)
GET http://example.org/test/ HTTP/1.1
Validation
Nginx testing config
server {
listen 80;
server_name *.example.org;
location / {
default_type "text/plain";
return 200 "[host] = $host";
}
}
When all exist ...
$host = host name from the request line
curl http://127.0.0.1 -v \
--request-target http://request.example.org/test/ \
--path-as-is \
-H "Host: host.example.org"
This command will
Connect to 127.0.0.1
Send request path as GET http://request.example.org/test/ HTTP/1.1
Set Host header to Host: host.example.org
* Trying 127.0.0.1:80...
* TCP_NODELAY set
* Connected to 127.0.0.1 (127.0.0.1) port 80 (#0)
> GET http://request.example.org/test/ HTTP/1.1
> Host: host.example.org
> User-Agent: curl/7.68.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Server: nginx/1.23.1
< Date: Fri, 21 Oct 2022 02:00:56 GMT
< Content-Type: text/plain
< Content-Length: 28
< Connection: keep-alive
<
* Connection #0 to host 127.0.0.1 left intact
[host] = request.example.org
When only Host header exist ...
$host = Host header
curl http://127.0.0.1/test/ -v \
-H "Host: host.example.org"
* Trying 127.0.0.1:80...
* TCP_NODELAY set
* Connected to 127.0.0.1 (127.0.0.1) port 80 (#0)
> GET /test/ HTTP/1.1
> Host: host.example.org
> User-Agent: curl/7.68.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Server: nginx/1.23.1
< Date: Fri, 21 Oct 2022 02:01:37 GMT
< Content-Type: text/plain
< Content-Length: 25
< Connection: keep-alive
<
* Connection #0 to host 127.0.0.1 left intact
[host] = host.example.org
When none exist ...
$host = server_name (in Nginx config)
# HTTP 1.1 must have Host header, so use HTTP 1.0
curl http://127.0.0.1/test/ -v -H "Host:" -0
* Trying 127.0.0.1:80...
* TCP_NODELAY set
* Connected to 127.0.0.1 (127.0.0.1) port 80 (#0)
> GET /test/ HTTP/1.0
> User-Agent: curl/7.68.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Server: nginx/1.23.1
< Date: Fri, 21 Oct 2022 02:02:20 GMT
< Content-Type: text/plain
< Content-Length: 22
< Connection: close
<
* Closing connection 0
[host] = *.example.org
Ref: ngx_http_core_module, Nginx $host validation