You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2022/06/23 07:36:44 UTC
[GitHub] [apisix-ingress-controller] 283713406 opened a new issue, #1100: Use apisix, must use the domain name followed by the path to access, otherwise you will lose the port
283713406 opened a new issue, #1100:
URL: https://github.com/apache/apisix-ingress-controller/issues/1100
### Issue description
apisixroute配置如下:
apisix-gateway服务使用nodeport类型
问题:
使用https://krmp-manage.kylincloud.com:30234访问会直接变成https://krmp-manage.kylincloud.com/users/login。端口丢失
当使用https://krmp-manage.kylincloud.com:30234/users/login这种方式访问时却可以
请问这是什么原因造成的?
### Environment
Environment
your apisix-ingress-controller version (output of apisix-ingress-controller version --long):
apisix-ingress-controller version 1.4.0-b7dd90a-go1.16
your Kubernetes cluster version (output of kubectl version):
Client Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.1", GitCommit:"206bcadf021e76c27513500ca24182692aabd17e", GitTreeState:"clean", BuildDate:"2020-09-09T11:26:42Z", GoVersion:"go1.15", Compiler:"gc", Platform:"linux/arm64"}
Server Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.1", GitCommit:"206bcadf021e76c27513500ca24182692aabd17e", GitTreeState:"clean", BuildDate:"2020-09-09T11:18:22Z", GoVersion:"go1.15", Compiler:"gc", Platform:"linux/arm64"}
if you run apisix-ingress-controller in Bare-metal environment, also show your OS version (uname -a):
Linux master1 4.19.90-17.ky10.aarch64 misc: some basic goals https://github.com/apache/apisix-ingress-controller/issues/1 SMP Sun Jun 28 14:27:40 CST 2020 aarch64 aarch64 aarch64 GNU/Linux
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-ingress-controller] 283713406 commented on issue #1100: Use apisix, must use the domain name followed by the path to access, otherwise you will lose the port
Posted by GitBox <gi...@apache.org>.
283713406 commented on issue #1100:
URL: https://github.com/apache/apisix-ingress-controller/issues/1100#issuecomment-1165064521
curl -k -v https://krmp-manage.kylincloud.com:30234
```
* Trying 172.20.144.234:30234...
* TCP_NODELAY set
* Connected to krmp-manage.kylincloud.com (172.20.144.234) port 30234 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
* subject: O=kylinsoft; CN=kylinos.cn
* start date: Jun 13 21:21:39 2022 GMT
* expire date: Jun 5 21:21:39 2052 GMT
* issuer: CN=kylinos.cn
* SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0xaaabc785a4d0)
> GET / HTTP/2
> Host: krmp-manage.kylincloud.com:30234
> User-Agent: curl/7.66.0
> Accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
< HTTP/2 302
< content-type: text/html; charset=utf-8
< location: https://krmp-manage.kylincloud.com/users/login
< cache-control: no-cache
* Added cookie _session_id="9291b342e781a4a7eeefaddeaa0b0475" for domain krmp-manage.kylincloud.com, path /, expire 0
< set-cookie: _session_id=9291b342e781a4a7eeefaddeaa0b0475; path=/; HttpOnly; secure; SameSite=Lax
< x-request-id: 486170f1-17c6-4cc3-96d1-fdd37b362175
< x-runtime: 0.084065
< strict-transport-security: max-age=0; includeSubdomains
< x-frame-options: sameorigin
< x-content-type-options: nosniff
< x-xss-protection: 1; mode=block
< x-download-options: noopen
< x-permitted-cross-domain-policies: none
< content-security-policy: default-src 'self'; child-src 'self'; connect-src 'self' ws: wss:; img-src 'self' data:; script-src 'unsafe-eval' 'unsafe-inline' 'self'; style-src 'unsafe-inline' 'self'
< vary: Origin
< server: APISIX/2.10.4
<
* Connection #0 to host krmp-manage.kylincloud.com left intact
<html><body>You are being <a href="https://krmp-manage.kylincloud.com/users/login">redirected</a>.</body></html>
```
curl -k -v https://krmp-manage.kylincloud.com:30234/users/login
`* Trying 172.20.144.234:30234...
* TCP_NODELAY set
* Connected to krmp-manage.kylincloud.com (172.20.144.234) port 30234 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
* subject: O=kylinsoft; CN=kylinos.cn
* start date: Jun 13 21:21:39 2022 GMT
* expire date: Jun 5 21:21:39 2052 GMT
* issuer: CN=kylinos.cn
* SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0xaaaca645a4d0)
> GET /users/login HTTP/2
> Host: krmp-manage.kylincloud.com:30234
> User-Agent: curl/7.66.0
> Accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
< HTTP/2 200
< content-type: text/html; charset=utf-8
< etag: W/"5fe0121cde83b811a5b2570235626094"
< cache-control: max-age=0, private, must-revalidate
* Added cookie _session_id="bda8176911d0a14e8708143f4915e15b" for domain krmp-manage.kylincloud.com, path /, expire 0
< set-cookie: _session_id=bda8176911d0a14e8708143f4915e15b; path=/; HttpOnly; secure; SameSite=Lax
< x-request-id: d33a7c6d-dc0c-4765-8430-4669406e0a88
< x-runtime: 0.083146
< strict-transport-security: max-age=0; includeSubdomains
< x-frame-options: sameorigin
< x-content-type-options: nosniff
< x-xss-protection: 1; mode=block
< x-download-options: noopen
< x-permitted-cross-domain-policies: none
< content-security-policy: default-src 'self'; child-src 'self'; connect-src 'self' ws: wss:; img-src 'self' data:; script-src 'unsafe-eval' 'unsafe-inline' 'self'; style-src 'unsafe-inline' 'self'
< vary: Origin
< server: APISIX/2.10.4
<
* Connection #0 to host krmp-manage.kylincloud.com left intact`
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-ingress-controller] 283713406 commented on issue #1100: Use apisix, must use the domain name followed by the path to access, otherwise you will lose the port
Posted by GitBox <gi...@apache.org>.
283713406 commented on issue #1100:
URL: https://github.com/apache/apisix-ingress-controller/issues/1100#issuecomment-1165433178
@tokers Can I use plugins to solve this problem?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-ingress-controller] github-actions[bot] closed issue #1100: Use apisix, must use the domain name followed by the path to access, otherwise you will lose the port
Posted by GitBox <gi...@apache.org>.
github-actions[bot] closed issue #1100: Use apisix, must use the domain name followed by the path to access, otherwise you will lose the port
URL: https://github.com/apache/apisix-ingress-controller/issues/1100
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-ingress-controller] tao12345666333 commented on issue #1100: Use apisix, must use the domain name followed by the path to access, otherwise you will lose the port
Posted by GitBox <gi...@apache.org>.
tao12345666333 commented on issue #1100:
URL: https://github.com/apache/apisix-ingress-controller/issues/1100#issuecomment-1164500821
I'm guessing your web app checks the current login status and redirects, right?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-ingress-controller] github-actions[bot] commented on issue #1100: Use apisix, must use the domain name followed by the path to access, otherwise you will lose the port
Posted by GitBox <gi...@apache.org>.
github-actions[bot] commented on issue #1100:
URL: https://github.com/apache/apisix-ingress-controller/issues/1100#issuecomment-1288285516
This issue has been closed due to lack of activity. If you think that is incorrect, or the issue requires additional review, you can revive the issue at any time.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-ingress-controller] 283713406 commented on issue #1100: Use apisix, must use the domain name followed by the path to access, otherwise you will lose the port
Posted by GitBox <gi...@apache.org>.
283713406 commented on issue #1100:
URL: https://github.com/apache/apisix-ingress-controller/issues/1100#issuecomment-1165060612
@tao12345666333 Yes, will it make any difference? How to solve it? thank you
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-ingress-controller] 283713406 commented on issue #1100: Use apisix, must use the domain name followed by the path to access, otherwise you will lose the port
Posted by GitBox <gi...@apache.org>.
283713406 commented on issue #1100:
URL: https://github.com/apache/apisix-ingress-controller/issues/1100#issuecomment-1165100003
@tokers
curl -k -v https://krmp-manage.kylincloud.com:30234/
```
* Trying 172.20.144.234:30234...
* TCP_NODELAY set
* Connected to krmp-manage.kylincloud.com (172.20.144.234) port 30234 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
* subject: O=kylinsoft; CN=kylinos.cn
* start date: Jun 13 21:21:39 2022 GMT
* expire date: Jun 5 21:21:39 2052 GMT
* issuer: CN=kylinos.cn
* SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0xaaabc785a4d0)
> GET / HTTP/2
> Host: krmp-manage.kylincloud.com:30234
> User-Agent: curl/7.66.0
> Accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
< HTTP/2 302
< content-type: text/html; charset=utf-8
< location: https://krmp-manage.kylincloud.com/users/login
< cache-control: no-cache
* Added cookie _session_id="9291b342e781a4a7eeefaddeaa0b0475" for domain krmp-manage.kylincloud.com, path /, expire 0
< set-cookie: _session_id=9291b342e781a4a7eeefaddeaa0b0475; path=/; HttpOnly; secure; SameSite=Lax
< x-request-id: 486170f1-17c6-4cc3-96d1-fdd37b362175
< x-runtime: 0.084065
< strict-transport-security: max-age=0; includeSubdomains
< x-frame-options: sameorigin
< x-content-type-options: nosniff
< x-xss-protection: 1; mode=block
< x-download-options: noopen
< x-permitted-cross-domain-policies: none
< content-security-policy: default-src 'self'; child-src 'self'; connect-src 'self' ws: wss:; img-src 'self' data:; script-src 'unsafe-eval' 'unsafe-inline' 'self'; style-src 'unsafe-inline' 'self'
< vary: Origin
< server: APISIX/2.10.4
<
* Connection #0 to host krmp-manage.kylincloud.com left intact
<html><body>You are being <a href="https://krmp-manage.kylincloud.com/users/login">redirected</a>.</body></html>
```
curl -k -v https://krmp-manage.kylincloud.com:30234/users/login
```
* Trying 172.20.144.234:30234...
TCP_NODELAY set
Connected to krmp-manage.kylincloud.com (172.20.144.234) port 30234 (#0)
ALPN, offering h2
ALPN, offering http/1.1
successfully set certificate verify locations:
CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
TLSv1.3 (OUT), TLS handshake, Client hello (1):
TLSv1.3 (IN), TLS handshake, Server hello (2):
TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
TLSv1.3 (IN), TLS handshake, Certificate (11):
TLSv1.3 (IN), TLS handshake, CERT verify (15):
TLSv1.3 (IN), TLS handshake, Finished (20):
TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
TLSv1.3 (OUT), TLS handshake, Finished (20):
SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
ALPN, server accepted to use h2
Server certificate:
subject: O=kylinsoft; CN=kylinos.cn
start date: Jun 13 21:21:39 2022 GMT
expire date: Jun 5 21:21:39 2052 GMT
issuer: CN=kylinos.cn
SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
Using HTTP2, server supports multi-use
Connection state changed (HTTP/2 confirmed)
Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
Using Stream ID: 1 (easy handle 0xaaaca645a4d0)
GET /users/login HTTP/2
Host: krmp-manage.kylincloud.com:30234
User-Agent: curl/7.66.0
Accept: /
TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
old SSL session ID is stale, removing
Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
< HTTP/2 200
< content-type: text/html; charset=utf-8
< etag: W/"5fe0121cde83b811a5b2570235626094"
< cache-control: max-age=0, private, must-revalidate
Added cookie _session_id="bda8176911d0a14e8708143f4915e15b" for domain krmp-manage.kylincloud.com, path /, expire 0
< set-cookie: _session_id=bda8176911d0a14e8708143f4915e15b; path=/; HttpOnly; secure; SameSite=Lax
< x-request-id: d33a7c6d-dc0c-4765-8430-4669406e0a88
< x-runtime: 0.083146
< strict-transport-security: max-age=0; includeSubdomains
< x-frame-options: sameorigin
< x-content-type-options: nosniff
< x-xss-protection: 1; mode=block
< x-download-options: noopen
< x-permitted-cross-domain-policies: none
< content-security-policy: default-src 'self'; child-src 'self'; connect-src 'self' ws: wss:; img-src 'self' data:; script-src 'unsafe-eval' 'unsafe-inline' 'self'; style-src 'unsafe-inline' 'self'
< vary: Origin
< server: APISIX/2.10.4
<
Connection #0 to host krmp-manage.kylincloud.com left intact
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-ingress-controller] github-actions[bot] commented on issue #1100: Use apisix, must use the domain name followed by the path to access, otherwise you will lose the port
Posted by GitBox <gi...@apache.org>.
github-actions[bot] commented on issue #1100:
URL: https://github.com/apache/apisix-ingress-controller/issues/1100#issuecomment-1255710901
This issue has been marked as stale due to 90 days of inactivity. It will be closed in 30 days if no further activity occurs. If this issue is still relevant, please simply write any comment. Even if closed, you can still revive the issue at any time or discuss it on the dev@apisix.apache.org list. Thank you for your contributions.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-ingress-controller] 283713406 commented on issue #1100: Use apisix, must use the domain name followed by the path to access, otherwise you will lose the port
Posted by GitBox <gi...@apache.org>.
283713406 commented on issue #1100:
URL: https://github.com/apache/apisix-ingress-controller/issues/1100#issuecomment-1164168310
@tao12345666333
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-ingress-controller] tokers commented on issue #1100: Use apisix, must use the domain name followed by the path to access, otherwise you will lose the port
Posted by GitBox <gi...@apache.org>.
tokers commented on issue #1100:
URL: https://github.com/apache/apisix-ingress-controller/issues/1100#issuecomment-1165431467
If you just use `NodePort` to expose APISIX, I think there is no `X-Forwarded-Port` header (carry the node port) when the request reach APISIX so Apache APISIX cannot pass this header to the backend and hence your backend cannot use the correct port.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-ingress-controller] tokers commented on issue #1100: Use apisix, must use the domain name followed by the path to access, otherwise you will lose the port
Posted by GitBox <gi...@apache.org>.
tokers commented on issue #1100:
URL: https://github.com/apache/apisix-ingress-controller/issues/1100#issuecomment-1165060056
@283713406 Hi, could you send a request to the first URL via cURL and paste the response headers and body here?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org