You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2022/01/04 10:20:50 UTC
[GitHub] [apisix] yinyuncan opened a new issue #6006: docs: stream_routes 中基于 SNI 的路由规则有问题 配置如果配置了这个则不可正常代理
yinyuncan opened a new issue #6006:
URL: https://github.com/apache/apisix/issues/6006
### Improved or typo fixed.
事情由来:想配置一个tidb的tcp代理 然后发现死活连不上 ,一直报
` Lost connection to MySQL server at 'reading initial communication packet'`
这个是我之前的配置:
```yaml
apisix:
# stream 代理(tcp/udp)
stream_proxy: # TCP/UDP proxy
only: false
tcp: # TCP proxy address list
- 1998
```
这个是请求admin api的配置数据
```
curl http://127.0.0.1:9180/apisix/admin/stream_routes/1 -H "X-API-KEY: apisix-yimazhinengkeji-2022@" -X PUT -d '
{
"sni": "tidb.xxxx.cn",
"server_port": 1998,
"upstream": {
"nodes": {
"10.0.0.80:4000": 1,
"10.0.0.76:4000": 1,
"10.0.0.74:4000": 1
},
"type": "roundrobin"
}
}'
```
按道理连接命令应该是可以连接上的
`mysql --host=tidb.xxxx.cn --port=1998-u root -p`
结果就是一直报` Lost connection to MySQL server at 'reading initial communication packet'` 这个问题困扰了我一下午
下班回到家 又经过各种尝试 最终发现只需要把 sni 参数去除就可以正常连接了
我也不太好确定这个问题是否为bug 总之我还是反馈一下吧 总感觉这个坑很容易踩到
### Solution
可以正常代理tcp的配置:
```
curl http://127.0.0.1:9180/apisix/admin/stream_routes/1 -H "X-API-KEY: apisix-yimazhinengkeji-2022@" -X PUT -d '
{
"server_port": 1998,
"upstream": {
"nodes": {
"10.0.0.80:4000": 1,
"10.0.0.76:4000": 1,
"10.0.0.74:4000": 1
},
"type": "roundrobin"
}
}'
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] catwangjunfeng commented on issue #6006: docs: stream_routes 中基于 SNI 的路由规则有问题 配置如果配置了这个则不可正常代理
Posted by GitBox <gi...@apache.org>.
catwangjunfeng commented on issue #6006:
URL: https://github.com/apache/apisix/issues/6006#issuecomment-1006357500
@yinyuncan 解决了吗?我好像也遇到一样的问题
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] tokers commented on issue #6006: docs: stream_routes 中基于 SNI 的路由规则有问题 配置如果配置了这个则不可正常代理
Posted by GitBox <gi...@apache.org>.
tokers commented on issue #6006:
URL: https://github.com/apache/apisix/issues/6006#issuecomment-1005302251
> > You have to configure an SSL object (the TLS certificate bundle) or APISIX cannot setup a TLS connection with the client and the SNI can be fetched correctly.
>
> 噢噢 这样呀 原来sni必须配置ssl才会生效 我想文档上应该要写清楚这一点
Welcome to submit a PR :)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] spacewander closed issue #6006: docs: stream_routes 中基于 SNI 的路由规则有问题 配置如果配置了这个则不可正常代理
Posted by GitBox <gi...@apache.org>.
spacewander closed issue #6006:
URL: https://github.com/apache/apisix/issues/6006
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] tokers commented on issue #6006: docs: stream_routes 中基于 SNI 的路由规则有问题 配置如果配置了这个则不可正常代理
Posted by GitBox <gi...@apache.org>.
tokers commented on issue #6006:
URL: https://github.com/apache/apisix/issues/6006#issuecomment-1004701405
What does the SSL object looks like in Apache APISIX? BTW, please use English, thanks!
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] yinyuncan commented on issue #6006: docs: stream_routes 中基于 SNI 的路由规则有问题 配置如果配置了这个则不可正常代理
Posted by GitBox <gi...@apache.org>.
yinyuncan commented on issue #6006:
URL: https://github.com/apache/apisix/issues/6006#issuecomment-1004710527
> Apache APISIX 中的 SSL 对象是什么样的?BTW,请用英文,谢谢!
英语不太好 抱歉
我这个没配置ssl噢!
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] spacewander commented on issue #6006: docs: stream_routes 中基于 SNI 的路由规则有问题 配置如果配置了这个则不可正常代理
Posted by GitBox <gi...@apache.org>.
spacewander commented on issue #6006:
URL: https://github.com/apache/apisix/issues/6006#issuecomment-1005379915
> When the connection is TLS over TCP, we can use the SNI to match a route, like
https://github.com/apache/apisix/blob/master/docs/en/latest/stream-proxy.md
The doc already makes it clear.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] tokers commented on issue #6006: docs: stream_routes 中基于 SNI 的路由规则有问题 配置如果配置了这个则不可正常代理
Posted by GitBox <gi...@apache.org>.
tokers commented on issue #6006:
URL: https://github.com/apache/apisix/issues/6006#issuecomment-1004748418
You have to configure an SSL object (the TLS certificate bundle) or APISIX cannot setup a TLS connection with the client and the SNI can be fetched correctly.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] yinyuncan commented on issue #6006: docs: stream_routes 中基于 SNI 的路由规则有问题 配置如果配置了这个则不可正常代理
Posted by GitBox <gi...@apache.org>.
yinyuncan commented on issue #6006:
URL: https://github.com/apache/apisix/issues/6006#issuecomment-1004773831
> You have to configure an SSL object (the TLS certificate bundle) or APISIX cannot setup a TLS connection with the client and the SNI can be fetched correctly.
噢噢 这样呀 原来sni必须配置ssl才会生效 我想文档上应该要写清楚这一点
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org