You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2021/09/18 03:29:05 UTC

[GitHub] [apisix] fregie opened a new issue #5094: request help: Is apisix support request https via IP?

fregie opened a new issue #5094:
URL: https://github.com/apache/apisix/issues/5094


   ### Issue description
   
   I used `ssl.fallback_sni` and the apisix still return a error when I request via IP:
   ```bash
   # curl -V
   curl 7.29.0 (x86_64-redhat-linux-gnu) libcurl/7.29.0 NSS/3.53.1 zlib/1.2.7 libidn/1.28 libssh2/1.8.0
   Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smtp smtps telnet tftp
   # curl https://*.*.*.*/api/1/ip -k -v
   * About to connect() to *.*.*.* port 443 (#0)
   *   Trying *.*.*.*...
   * Connected to *.*.*.* (*.*.*.*) port 443 (#0)
   * Initializing NSS with certpath: sql:/etc/pki/nssdb
   * NSS error -12188 (SSL_ERROR_INTERNAL_ERROR_ALERT)
   * Peer reports it experienced an internal error.
   * Closing connection 0
   curl: (35) Peer reports it experienced an internal error.
   ```
   apisix error:
   ```
   2021/09/18 03:19:57 [error] 41#41: *6423 [lua] init.lua:154: http_ssl_phase(): failed to fetch ssl config: failed to find SNI: please check if the client requests via IP or uses an outdated protocol. If you need to report an issue, provide a packet capture file of the TLS handshake., context: ssl_certificate_by_lua*, client: 172.25.1.1, server: 0.0.0.0:9443
   ```
   
   In some situations, we do need to request https via a IP.
   For example,reverse proxy through public network.Using a domain has risk of exposing the real IP address, using http is not safe when through public network
   
   ### Environment
   
   - apisix version: 2.9 from apache/apisix:2.9-alpine
   - OS: k8s
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] spacewander closed issue #5094: request help: Is apisix support request https via IP?

Posted by GitBox <gi...@apache.org>.

spacewander closed issue #5094:
URL: https://github.com/apache/apisix/issues/5094


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] spacewander commented on issue #5094: request help: Is apisix support request https via IP?

Posted by GitBox <gi...@apache.org>.

spacewander commented on issue #5094:
URL: https://github.com/apache/apisix/issues/5094#issuecomment-922174300


   This feature is only in the master branch yet: https://github.com/apache/apisix/commit/dd4bc04c7dd74cacf18b3b6b728419e854c8fc17


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org