You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2020/12/18 03:25:06 UTC
[GitHub] [apisix-docker] liyin37 opened a new issue #106: 9443 端口无法请求
liyin37 opened a new issue #106:
URL: https://github.com/apache/apisix-docker/issues/106
当前是用docker方式部署的,直接用的是官方example下的示例docker-compose.yaml
公网可以测试:
error:https://gisuni.top:9443/apisix/admin/routes?X-API-KEY=edd1c9f034335f136f87ad84b625c8f1
right:http://gisuni.top:9080/apisix/admin/routes?X-API-KEY=edd1c9f034335f136f87ad84b625c8f1
报错为:
2020/12/18 03:20:07 [error] 52#52: *228173 [lua] radixtree_sni.lua:219: match_and_set(): failed to find any SSL certificate by SNI: gisuni.top, context: ssl_certificate_by_lua*, client: 118.114.197.21, server: 0.0.0.0:9443
配置文件config.yaml:
ssl:
enable: true # ssl is disabled by default
# enable it to use your own cert and key
enable_http2: true
listen_port: 9443
# ssl_trusted_certificate: /path/to/ca-cert # Specifies a file path with trusted CA certificates in the PEM format
# used to verify the certificate when APISIX needs to do SSL/TLS handshaking
# with external services (e.g. etcd)
ssl_cert: /usr/local/apisix/conf/cert/server.cert
ssl_cert_key: /usr/local/apisix/conf/cert/server.key
ssl_protocols: "TLSv1.2 TLSv1.3"
ssl_ciphers: "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"
ssl_session_tickets: false # disable ssl_session_tickets by default for 'ssl_session_tickets' would make Perfect Forward Secrecy useless.
# ref: https://github.com/mozilla/server-side-tls/issues/135
key_encrypt_salt: "edd1c9f0985e76a2" # If not set, will save origin ssl key into etcd.
# If set this, must be a string of length 16. And it will encrypt ssl key with AES-128-CBC
# !!! So do not change it after saving your ssl, it can't decrypt the ssl keys have be saved if you change !!
其中此域名的证书都是可授信的证书,帮忙看下这个如何处理?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-docker] gxthrj commented on issue #106: 9443 端口无法请求
Posted by GitBox <gi...@apache.org>.
gxthrj commented on issue #106:
URL: https://github.com/apache/apisix-docker/issues/106#issuecomment-751260516
Close this issue now , feel free to reopen if you have any doubt.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-docker] liyin37 commented on issue #106: 9443 端口无法请求
Posted by GitBox <gi...@apache.org>.
liyin37 commented on issue #106:
URL: https://github.com/apache/apisix-docker/issues/106#issuecomment-748718665
I just change the cert and key ,the new result is below:
buy the way,the certificate must use the trusted certs? If I use the Self signature certs ,it does't work?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-docker] liyin37 commented on issue #106: 9443 端口无法请求
Posted by GitBox <gi...@apache.org>.
liyin37 commented on issue #106:
URL: https://github.com/apache/apisix-docker/issues/106#issuecomment-750799051
@gxthrj 还有一个问题 就是使用接口请求的时候 "sni": "gisuni.top" 如果是多域名如何填写?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-docker] liyin37 commented on issue #106: 9443 端口无法请求
Posted by GitBox <gi...@apache.org>.
liyin37 commented on issue #106:
URL: https://github.com/apache/apisix-docker/issues/106#issuecomment-748595269
2020/12/20 11:28:29 [error] 51#51: *428393 [lua] init.lua:180: http_ssl_phase(): failed to fetch ssl config: failed to parse PEM cert: PEM_read_bio_X509_AUX() failed, context: ssl_certificate_by_lua*, client: 175.152.148.237, server: 0.0.0.0:9443
2020/12/20 11:28:50 [error] 50#50: *429894 [lua] init.lua:180: http_ssl_phase(): failed to fetch ssl config: failed to parse PEM cert: PEM_read_bio_X509_AUX() failed, context: ssl_certificate_by_lua*, client: 8.210.143.155, server: 0.0.0.0:9443
2020/12/20 11:28:59 [error] 53#53: *430547 [lua] init.lua:180: http_ssl_phase(): failed to fetch ssl config: failed to parse PEM cert: PEM_read_bio_X509_AUX() failed, context: ssl_certificate_by_lua*, client: 8.210.143.155, server: 0.0.0.0:9443
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-docker] tokers commented on issue #106: 9443 端口无法请求
Posted by GitBox <gi...@apache.org>.
tokers commented on issue #106:
URL: https://github.com/apache/apisix-docker/issues/106#issuecomment-748713303
@liyin37 Why your certificate is not leaded by "--- BEGIN CERTIFICATE---" ?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-docker] liyin37 commented on issue #106: 9443 端口无法请求
Posted by GitBox <gi...@apache.org>.
liyin37 commented on issue #106:
URL: https://github.com/apache/apisix-docker/issues/106#issuecomment-747900567
@membphis
curl http://127.0.0.1:9080/apisix/admin/ssl/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
{
"cert": "xxxxxxxxxxxxxx",
"key": "xxxxxxxxxxxxxx",
"sni": "gisuni.top"
}'
结果是:
{"action":"set","node":{"value":{"sni":"gisuni.top","update_time":1608273355,"id":"1","status":1,"create_time":1608259534,"key":"MIIEpAIBAAKCAQEAra86K70M4E4YDUzdouOE2I4mgq0Jaoeb28dbdhxGmwvOTsL4\nOT9mgy7NnriBsonuihg15MChYHqt\/tVEpZjIcPHxzbGTNCNj+vTsvEONa3IGcRZu\nzgjO4oYGZ9V7FA6IrX5FnfRZCH6pNcOExZKoaHcXDMVag1z4OSd1cGYQPn6t7N1o\nHAfOWw8LYAwfCuSv417lXKbb0ntDFZOJaek0RzKnylJTgEFdVDmlrUf6CscUzJ2O\nfgrxUOhdxx1TVfPfQeA4RgRe4ESxxIgxX1MNeyAT9lPnivKe5vTxhUzMa3bzxO40\nT+rOOLgJlWwSDOT190yECJTzH2Fau+JXkTkI9wIDAQABAoIBAHPW0NdnKXVY4JXO\nVGxVjr7YYDr7qbIRbBQzbH7j8Ptr7ld9lgyoinin+KAJswcfE6eq6hb9myQ77lxu\nZXCE6\/rYg0uLSgCWMhKo1FPkQigNTtqR+akVGtbeSNtr+MCxyNrdwxTMaa1OvRCM\nrLsRS50RAKCV5\/6BPVTxSlSC3gavYU8++35nNnXv\/BjuQUS7KhiP+SHDNEqe4w+O\n3w2F0thHcAB5lFTnZzhL+\/8og5\/lq28vdzXbEgXBkUy9p+hlDD\/CdxIUmrP9DZcI\n1MfwHmCA6RzniiKkXktdcF9keKez2U2\/zunK6P5omdPChINO9uVqbLd0qMUc9Ewz\nU0M+zYECgYEA2+ScPZNxFcLaNAJuUYwDNnVyoP5C\/Y\/NaKzz3ycFlT\/Md5c+XP7o\n4tYJa5o7xuEinlvMlsoYIaxO0of051Vpk+bUNqY3re9cliOGhRAgGOZj5wz5NNf
t\ngfqcy6jMTonfXLeih1d+ekyG2b3423kfnr2uZ1Z6xvIffyNEYkBS0eECgYEAyjQz\nv\/GVxGgknia5fg9mdB\/u\/4SWCX8LP06GuSub8ZjkSH51DUwJ6jT7tpU6r7jqSoiB\n7w\/x9+vMF+\/B+6IxjHF2ZVOvzQnVplopER+f\/sGmJ\/swsuW5nRI6QaQbnTzHgR1i\nL20+W\/NN\/TmkkpOcJJXIsKyEvcQbLtxz1uR9ZdcCgYEAmKkXW5yQRxZXHQKPCmhV\nFqrlYSYE5jq+1aw1Rzi1JI\/9aQ2Ei1Wh41HLinuygnls6lo7KHi31jDlLD6dZTmk\nKb14mVQ+la\/3LHkPfDPcxMy2kQMtxGUgjDusPaw7407O1nTbDnFM6qVUfbjpG530\nuOVhPncImDQib8bRRBD6LqECgYBE3iy19iEtSM8X8laBAdvCN1IeQtkbGOMKx8MI\n9DpjudAehLt3MOu7khodIIxhZxidFAs1Efg2mV\/k0yr9ektn6wkJD8yzh+L1ioWs\nKFpE2U2vFlWKyMVEIv4mdy9UiWvlpM1ZG9r+VEq+sVBE\/\/NRXpaA3fFD9LPRbRIj\nIaU39wKBgQDP7S3QNrbwnr1iCtEB+HsRuod7qgjmt6+QGyeY1oy5b\/5JknQ1SJvf\nY8rE\/21cB5CSaNz\/mlMznRhN8H+KbTpasAk4XL2fD3zKGTLsCk\/tTsoUCEcOHh9C\nk2Amf2JmNthhgGPrLL5Cet\/mDhz46YsHqxZQK+g2QFpcU7B06q009A==","cert":"MIIFpDCCBIygAwIBAgIQBy6vpqNRtP83VyKsW\/zkWTANBgkqhkiG9w0BAQsFADBy\nMQswCQYDVQQGEwJDTjElMCMGA1UEChMcVHJ1c3RBc2lhIFRlY2hub2xvZ2llcywg\nSW5jLjEdMBsGA1UECxMURG9tYWluIFZhbGlkYXRlZCBTU0wxHT
AbBgNVBAMTFFRy\ndXN0QXNpYSBUTFMgUlNBIENBMB4XDTIwMTIxNzAwMDAwMFoXDTIxMTIxNjIzNTk1\nOVowFTETMBEGA1UEAxMKZ2lzdW5pLnRvcDCCASIwDQYJKoZIhvcNAQEBBQADggEP\nADCCAQoCggEBAK2vOiu9DOBOGA1M3aLjhNiOJoKtCWqHm9vHW3YcRpsLzk7C+Dk\/\nZoMuzZ64gbKJ7ooYNeTAoWB6rf7VRKWYyHDx8c2xkzQjY\/r07LxDjWtyBnEWbs4I\nzuKGBmfVexQOiK1+RZ30WQh+qTXDhMWSqGh3FwzFWoNc+DkndXBmED5+rezdaBwH\nzlsPC2AMHwrkr+Ne5Vym29J7QxWTiWnpNEcyp8pSU4BBXVQ5pa1H+grHFMydjn4K\n8VDoXccdU1Xz30HgOEYEXuBEscSIMV9TDXsgE\/ZT54rynub08YVMzGt288TuNE\/q\nzji4CZVsEgzk9fdMhAiU8x9hWrviV5E5CPcCAwEAAaOCApEwggKNMB8GA1UdIwQY\nMBaAFH\/TmfOgRw4xAFZWIo63zJ7dygGKMB0GA1UdDgQWBBT\/CZ0DAnBnaQzfDtfW\n5u+icW3LSTAlBgNVHREEHjAcggpnaXN1bmkudG9wgg53d3cuZ2lzdW5pLnRvcDAO\nBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMEwG\nA1UdIARFMEMwNwYJYIZIAYb9bAECMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3\nLmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQIBMIGSBggrBgEFBQcBAQSBhTCBgjA0\nBggrBgEFBQcwAYYoaHR0cDovL3N0YXR1c2UuZGlnaXRhbGNlcnR2YWxpZGF0aW9u\nLmNvbTBKBggrBgEFBQcwAoY+aHR0cDovL2NhY2VydHMuZGlnaXR
hbGNlcnR2YWxp\nZGF0aW9uLmNvbS9UcnVzdEFzaWFUTFNSU0FDQS5jcnQwCQYDVR0TBAIwADCCAQUG\nCisGAQQB1nkCBAIEgfYEgfMA8QB2APZclC\/RdzAiFFQYCDCUVo7jTRMZM7\/fDC8g\nC8xO8WTjAAABdm651uoAAAQDAEcwRQIhALDtD8Le0VulgfDZKkH3AoJ67mBDDXho\nSUzL9uO+riVNAiAQLjr9oYBGkOg4i0IPFyQu2NXeX5zB+03ZYPOqeY\/UHgB3AFzc\nQ5L+5qtFRLFemtRW5hA3+9X6R9yhc5SyXub2xw7KAAABdm6510sAAAQDAEgwRgIh\nAJzck8uolVoYpyYKoONIaJppJi2qbrm41HnNj6xP\/NSwAiEAsQh\/FE2p9+svk3B\/\najiqHgquOKnvZNlwl\/\/HXoI0M0kwDQYJKoZIhvcNAQELBQADggEBABMF8yxTLsxo\ntKCyFLABpsm0kFxG4g8J1c1Ty4kgpRyUNa8bLQSzV1wyTyVy95DA5gnafo+YzBxe\neLwUGRL6gmbIXkJz9NIqOCpAkjp\/KSIDf+\/3wOj6xb0KGfPZfF51+3RoQjAYUaqj\nbjkCyeifh2rPFj509qppfwiF6omhLwmde1HO01trtSaWAgcued0x8gKVwyuzrtWD\ns\/XPkNCQmSlgucACC1s6R4zQ8yYfy+t7cbpfeFh1DuimloQh+dd+rMKCtznfdJf\/\nqxfUWcJ1ui1E8zF2XClJo08eq5BfFVEn5206scRQ1EaOjrk5yQT7zsb1ouOn9kO\/\nbfO9vNOCSQo="},"key":"\/apisix\/ssl\/1"},"header":{"cluster_id":"14841639068965178418","raft_term":"3","member_id":"10276657743932975437","revision":"16"}}
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-docker] tokers commented on issue #106: 9443 端口无法请求
Posted by GitBox <gi...@apache.org>.
tokers commented on issue #106:
URL: https://github.com/apache/apisix-docker/issues/106#issuecomment-748713843
It seems the cert is not a real certificate.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-docker] tokers commented on issue #106: 9443 端口无法请求
Posted by GitBox <gi...@apache.org>.
tokers commented on issue #106:
URL: https://github.com/apache/apisix-docker/issues/106#issuecomment-748716259
> @membphis
> curl http://127.0.0.1:9080/apisix/admin/ssl/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
> {
> "cert": "xxxxxxxxxxxxxx",
> "key": "xxxxxxxxxxxxxx",
> "sni": "gisuni.top"
> }'
>
> 结果是:
> {"action":"set","node":{"value":{"sni":"gisuni.top","update_time":1608273355,"id":"1","status":1,"create_time":1608259534,"key":"MIIEpAIBAAKCAQEAra86K70M4E4YDUzdouOE2I4mgq0Jaoeb28dbdhxGmwvOTsL4\nOT9mgy7NnriBsonuihg15MChYHqt/tVEpZjIcPHxzbGTNCNj+vTsvEONa3IGcRZu\nzgjO4oYGZ9V7FA6IrX5FnfRZCH6pNcOExZKoaHcXDMVag1z4OSd1cGYQPn6t7N1o\nHAfOWw8LYAwfCuSv417lXKbb0ntDFZOJaek0RzKnylJTgEFdVDmlrUf6CscUzJ2O\nfgrxUOhdxx1TVfPfQeA4RgRe4ESxxIgxX1MNeyAT9lPnivKe5vTxhUzMa3bzxO40\nT+rOOLgJlWwSDOT190yECJTzH2Fau+JXkTkI9wIDAQABAoIBAHPW0NdnKXVY4JXO\nVGxVjr7YYDr7qbIRbBQzbH7j8Ptr7ld9lgyoinin+KAJswcfE6eq6hb9myQ77lxu\nZXCE6/rYg0uLSgCWMhKo1FPkQigNTtqR+akVGtbeSNtr+MCxyNrdwxTMaa1OvRCM\nrLsRS50RAKCV5/6BPVTxSlSC3gavYU8++35nNnXv/BjuQUS7KhiP+SHDNEqe4w+O\n3w2F0thHcAB5lFTnZzhL+/8og5/lq28vdzXbEgXBkUy9p+hlDD/CdxIUmrP9DZcI\n1MfwHmCA6RzniiKkXktdcF9keKez2U2/zunK6P5omdPChINO9uVqbLd0qMUc9Ewz\nU0M+zYECgYEA2+ScPZNxFcLaNAJuUYwDNnVyoP5C/Y/NaKzz3ycFlT/Md5c+XP7o\n4tYJa5o7xuEinlvMlsoYIaxO0of051Vpk+bUNqY3re9cliOGhRAgGOZj5wz5NNft\ngfqcy6
jMTonfXLeih1d+ekyG2b3423kfnr2uZ1Z6xvIffyNEYkBS0eECgYEAyjQz\nv/GVxGgknia5fg9mdB/u/4SWCX8LP06GuSub8ZjkSH51DUwJ6jT7tpU6r7jqSoiB\n7w/x9+vMF+/B+6IxjHF2ZVOvzQnVplopER+f/sGmJ/swsuW5nRI6QaQbnTzHgR1i\nL20+W/NN/TmkkpOcJJXIsKyEvcQbLtxz1uR9ZdcCgYEAmKkXW5yQRxZXHQKPCmhV\nFqrlYSYE5jq+1aw1Rzi1JI/9aQ2Ei1Wh41HLinuygnls6lo7KHi31jDlLD6dZTmk\nKb14mVQ+la/3LHkPfDPcxMy2kQMtxGUgjDusPaw7407O1nTbDnFM6qVUfbjpG530\nuOVhPncImDQib8bRRBD6LqECgYBE3iy19iEtSM8X8laBAdvCN1IeQtkbGOMKx8MI\n9DpjudAehLt3MOu7khodIIxhZxidFAs1Efg2mV/k0yr9ektn6wkJD8yzh+L1ioWs\nKFpE2U2vFlWKyMVEIv4mdy9UiWvlpM1ZG9r+VEq+sVBE//NRXpaA3fFD9LPRbRIj\nIaU39wKBgQDP7S3QNrbwnr1iCtEB+HsRuod7qgjmt6+QGyeY1oy5b/5JknQ1SJvf\nY8rE/21cB5CSaNz/mlMznRhN8H+KbTpasAk4XL2fD3zKGTLsCk/tTsoUCEcOHh9C\nk2Amf2JmNthhgGPrLL5Cet/mDhz46YsHqxZQK+g2QFpcU7B06q009A==","cert":"MIIFpDCCBIygAwIBAgIQBy6vpqNRtP83VyKsW/zkWTANBgkqhkiG9w0BAQsFADBy\nMQswCQYDVQQGEwJDTjElMCMGA1UEChMcVHJ1c3RBc2lhIFRlY2hub2xvZ2llcywg\nSW5jLjEdMBsGA1UECxMURG9tYWluIFZhbGlkYXRlZCBTU0wxHTAbBgNVBAMTFFRy\ndXN0QXNpYSBUT
FMgUlNBIENBMB4XDTIwMTIxNzAwMDAwMFoXDTIxMTIxNjIzNTk1\nOVowFTETMBEGA1UEAxMKZ2lzdW5pLnRvcDCCASIwDQYJKoZIhvcNAQEBBQADggEP\nADCCAQoCggEBAK2vOiu9DOBOGA1M3aLjhNiOJoKtCWqHm9vHW3YcRpsLzk7C+Dk/\nZoMuzZ64gbKJ7ooYNeTAoWB6rf7VRKWYyHDx8c2xkzQjY/r07LxDjWtyBnEWbs4I\nzuKGBmfVexQOiK1+RZ30WQh+qTXDhMWSqGh3FwzFWoNc+DkndXBmED5+rezdaBwH\nzlsPC2AMHwrkr+Ne5Vym29J7QxWTiWnpNEcyp8pSU4BBXVQ5pa1H+grHFMydjn4K\n8VDoXccdU1Xz30HgOEYEXuBEscSIMV9TDXsgE/ZT54rynub08YVMzGt288TuNE/q\nzji4CZVsEgzk9fdMhAiU8x9hWrviV5E5CPcCAwEAAaOCApEwggKNMB8GA1UdIwQY\nMBaAFH/TmfOgRw4xAFZWIo63zJ7dygGKMB0GA1UdDgQWBBT/CZ0DAnBnaQzfDtfW\n5u+icW3LSTAlBgNVHREEHjAcggpnaXN1bmkudG9wgg53d3cuZ2lzdW5pLnRvcDAO\nBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMEwG\nA1UdIARFMEMwNwYJYIZIAYb9bAECMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3\nLmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQIBMIGSBggrBgEFBQcBAQSBhTCBgjA0\nBggrBgEFBQcwAYYoaHR0cDovL3N0YXR1c2UuZGlnaXRhbGNlcnR2YWxpZGF0aW9u\nLmNvbTBKBggrBgEFBQcwAoY+aHR0cDovL2NhY2VydHMuZGlnaXRhbGNlcnR2YWxp\nZGF0aW9uLmNvbS9UcnVz
dEFzaWFUTFNSU0FDQS5jcnQwCQYDVR0TBAIwADCCAQUG\nCisGAQQB1nkCBAIEgfYEgfMA8QB2APZclC/RdzAiFFQYCDCUVo7jTRMZM7/fDC8g\nC8xO8WTjAAABdm651uoAAAQDAEcwRQIhALDtD8Le0VulgfDZKkH3AoJ67mBDDXho\nSUzL9uO+riVNAiAQLjr9oYBGkOg4i0IPFyQu2NXeX5zB+03ZYPOqeY/UHgB3AFzc\nQ5L+5qtFRLFemtRW5hA3+9X6R9yhc5SyXub2xw7KAAABdm6510sAAAQDAEgwRgIh\nAJzck8uolVoYpyYKoONIaJppJi2qbrm41HnNj6xP/NSwAiEAsQh/FE2p9+svk3B/\najiqHgquOKnvZNlwl//HXoI0M0kwDQYJKoZIhvcNAQELBQADggEBABMF8yxTLsxo\ntKCyFLABpsm0kFxG4g8J1c1Ty4kgpRyUNa8bLQSzV1wyTyVy95DA5gnafo+YzBxe\neLwUGRL6gmbIXkJz9NIqOCpAkjp/KSIDf+/3wOj6xb0KGfPZfF51+3RoQjAYUaqj\nbjkCyeifh2rPFj509qppfwiF6omhLwmde1HO01trtSaWAgcued0x8gKVwyuzrtWD\ns/XPkNCQmSlgucACC1s6R4zQ8yYfy+t7cbpfeFh1DuimloQh+dd+rMKCtznfdJf/\nqxfUWcJ1ui1E8zF2XClJo08eq5BfFVEn5206scRQ1EaOjrk5yQT7zsb1ouOn9kO/\nbfO9vNOCSQo="},"key":"/apisix/ssl/1"},"header":{"cluster_id":"14841639068965178418","raft_term":"3","member_id":"10276657743932975437","revision":"16"}}
Please see the cert in this reply, it's the real copy in APISIX.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-docker] tokers commented on issue #106: 9443 端口无法请求
Posted by GitBox <gi...@apache.org>.
tokers commented on issue #106:
URL: https://github.com/apache/apisix-docker/issues/106#issuecomment-749857341
> I just change the cert and key ,the new result is below:
> 
>
> buy the way,the certificate must use the trusted certs? If I use the Self signature certs ,it does't work?
I have said you should check the cert that passed to APISIX, the cert in APISIX is invalid, you may suffer some exceptions when you request to APISIX SSL admin api.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-docker] tokers commented on issue #106: 9443 端口无法请求
Posted by GitBox <gi...@apache.org>.
tokers commented on issue #106:
URL: https://github.com/apache/apisix-docker/issues/106#issuecomment-748709006
> 2020/12/20 11:28:29 [error] 51#51: _428393 [lua] init.lua:180: http_ssl_phase(): failed to fetch ssl config: failed to parse PEM cert: PEM_read_bio_X509_AUX() failed, context: ssl_certificate_by_lua_, client: 175.152.148.237, server: 0.0.0.0:9443
> 2020/12/20 11:28:50 [error] 50#50: _429894 [lua] init.lua:180: http_ssl_phase(): failed to fetch ssl config: failed to parse PEM cert: PEM_read_bio_X509_AUX() failed, context: ssl_certificate_by_lua_, client: 8.210.143.155, server: 0.0.0.0:9443
> 2020/12/20 11:28:59 [error] 53#53: _430547 [lua] init.lua:180: http_ssl_phase(): failed to fetch ssl config: failed to parse PEM cert: PEM_read_bio_X509_AUX() failed, context: ssl_certificate_by_lua_, client: 8.210.143.155, server: 0.0.0.0:9443
It seems your certificate format is invalid, so it cannot be parsed.
You may try to validate it from `openssl x509`:
```sh
openssl x509 -in /path/to/your/cert -text -noout`
```
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-docker] membphis commented on issue #106: 9443 端口无法请求
Posted by GitBox <gi...@apache.org>.
membphis commented on issue #106:
URL: https://github.com/apache/apisix-docker/issues/106#issuecomment-747846058
@liyin37 you need to set the SSL object via Admin API first:
https://github.com/apache/apisix/blob/master/doc/admin-api.md#ssl
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-docker] liyin37 commented on issue #106: 9443 端口无法请求
Posted by GitBox <gi...@apache.org>.
liyin37 commented on issue #106:
URL: https://github.com/apache/apisix-docker/issues/106#issuecomment-748711692
the certificate is the trusted file :
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
07:2e:af:a6:a3:51:b4:ff:37:57:22:ac:5b:fc:e4:59
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=CN, O=TrustAsia Technologies, Inc., OU=Domain Validated SSL, CN=TrustAsia TLS RSA CA
Validity
Not Before: Dec 17 00:00:00 2020 GMT
Not After : Dec 16 23:59:59 2021 GMT
Subject: CN=gisuni.top
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:ad:af:3a:2b:bd:0c:e0:4e:18:0d:4c:dd:a2:e3:
84:d8:8e:26:82:ad:09:6a:87:9b:db:c7:5b:76:1c:
46:9b:0b:ce:4e:c2:f8:39:3f:66:83:2e:cd:9e:b8:
81:b2:89:ee:8a:18:35:e4:c0:a1:60:7a:ad:fe:d5:
44:a5:98:c8:70:f1:f1:cd:b1:93:34:23:63:fa:f4:
ec:bc:43:8d:6b:72:06:71:16:6e:ce:08:ce:e2:86:
06:67:d5:7b:14:0e:88:ad:7e:45:9d:f4:59:08:7e:
a9:35:c3:84:c5:92:a8:68:77:17:0c:c5:5a:83:5c:
f8:39:27:75:70:66:10:3e:7e:ad:ec:dd:68:1c:07:
ce:5b:0f:0b:60:0c:1f:0a:e4:af:e3:5e:e5:5c:a6:
db:d2:7b:43:15:93:89:69:e9:34:47:32:a7:ca:52:
53:80:41:5d:54:39:a5:ad:47:fa:0a:c7:14:cc:9d:
8e:7e:0a:f1:50:e8:5d:c7:1d:53:55:f3:df:41:e0:
38:46:04:5e:e0:44:b1:c4:88:31:5f:53:0d:7b:20:
13:f6:53:e7:8a:f2:9e:e6:f4:f1:85:4c:cc:6b:76:
f3:c4:ee:34:4f:ea:ce:38:b8:09:95:6c:12:0c:e4:
f5:f7:4c:84:08:94:f3:1f:61:5a:bb:e2:57:91:39:
08:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Authority Key Identifier:
keyid:7F:D3:99:F3:A0:47:0E:31:00:56:56:22:8E:B7:CC:9E:DD:CA:01:8A
X509v3 Subject Key Identifier:
FF:09:9D:03:02:70:67:69:0C:DF:0E:D7:D6:E6:EF:A2:71:6D:CB:49
X509v3 Subject Alternative Name:
DNS:gisuni.top, DNS:www.gisuni.top
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Certificate Policies:
Policy: 2.16.840.1.114412.1.2
CPS: https://www.digicert.com/CPS
Policy: 2.23.140.1.2.1
Authority Information Access:
OCSP - URI:http://statuse.digitalcertvalidation.com
CA Issuers - URI:http://cacerts.digitalcertvalidation.com/TrustAsiaTLSRSACA.crt
X509v3 Basic Constraints:
CA:FALSE
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1(0)
Log ID : F6:5C:94:2F:D1:77:30:22:14:54:18:08:30:94:56:8E:
E3:4D:13:19:33:BF:DF:0C:2F:20:0B:CC:4E:F1:64:E3
Timestamp : Dec 17 03:24:01.642 2020 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:B0:ED:0F:C2:DE:D1:5B:A5:81:F0:D9:
2A:41:F7:02:82:7A:EE:60:43:0D:78:68:49:4C:CB:F6:
E3:BE:AE:25:4D:02:20:10:2E:3A:FD:A1:80:46:90:E8:
38:8B:42:0F:17:24:2E:D8:D5:DE:5F:9C:C1:FB:4D:D9:
60:F3:AA:79:8F:D4:1E
Signed Certificate Timestamp:
Version : v1(0)
Log ID : 5C:DC:43:92:FE:E6:AB:45:44:B1:5E:9A:D4:56:E6:10:
37:FB:D5:FA:47:DC:A1:73:94:B2:5E:E6:F6:C7:0E:CA
Timestamp : Dec 17 03:24:01.739 2020 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:9C:DC:93:CB:A8:95:5A:18:A7:26:0A:
A0:E3:48:68:9A:69:26:2D:AA:6E:B9:B8:D4:79:CD:8F:
AC:4F:FC:D4:B0:02:21:00:B1:08:7F:14:4D:A9:F7:EB:
2F:93:70:7F:6A:38:AA:1E:0A:AE:38:A9:EF:64:D9:70:
97:FF:C7:5E:82:34:33:49
Signature Algorithm: sha256WithRSAEncryption
13:05:f3:2c:53:2e:cc:68:b4:a0:b2:14:b0:01:a6:c9:b4:90:
5c:46:e2:0f:09:d5:cd:53:cb:89:20:a5:1c:94:35:af:1b:2d:
04:b3:57:5c:32:4f:25:72:f7:90:c0:e6:09:da:7e:8f:98:cc:
1c:5e:78:bc:14:19:12:fa:82:66:c8:5e:42:73:f4:d2:2a:38:
2a:40:92:3a:7f:29:22:03:7f:ef:f7:c0:e8:fa:c5:bd:0a:19:
f3:d9:7c:5e:75:fb:74:68:42:30:18:51:aa:a3:6e:39:02:c9:
e8:9f:87:6a:cf:16:3e:74:f6:aa:69:7f:08:85:ea:89:a1:2f:
09:9d:7b:51:ce:d3:5b:6b:b5:26:96:02:07:2e:79:dd:31:f2:
02:95:c3:2b:b3:ae:d5:83:b3:f5:cf:90:d0:90:99:29:60:b9:
c0:02:0b:5b:3a:47:8c:d0:f3:26:1f:cb:eb:7b:71:ba:5f:78:
58:75:0e:e8:a6:96:84:21:f9:d7:7e:ac:c2:82:b7:39:df:74:
97:ff:ab:17:d4:59:c2:75:ba:2d:44:f3:31:76:5c:29:49:a3:
4f:1e:ab:90:5f:15:51:27:e7:6d:3a:b1:c4:50:d4:46:8e:8e:
b9:39:c9:04:fb:ce:c6:f5:a2:e3:a7:f6:43:bf:6d:f3:bd:bc:
d3:82:49:0a
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-docker] moonming commented on issue #106: 9443 端口无法请求
Posted by GitBox <gi...@apache.org>.
moonming commented on issue #106:
URL: https://github.com/apache/apisix-docker/issues/106#issuecomment-748692788
@gxthrj so how to fix it?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-docker] gxthrj commented on issue #106: 9443 端口无法请求
Posted by GitBox <gi...@apache.org>.
gxthrj commented on issue #106:
URL: https://github.com/apache/apisix-docker/issues/106#issuecomment-749418715
@liyin37 Just confirm, do `cert` and `key` use `pem-encoded`?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-docker] gxthrj commented on issue #106: 9443 端口无法请求
Posted by GitBox <gi...@apache.org>.
gxthrj commented on issue #106:
URL: https://github.com/apache/apisix-docker/issues/106#issuecomment-749881174
> @liyin37 Just confirm, do `cert` and `key` use `pem-encoded`?
@liyin37 I saw that your `cert` and `key` is RSA Encryption, the [admin api](https://github.com/apache/apisix/blob/master/doc/https.md#single-sni) for setting ssl need `Pem-Encoded`, we should covert RSA to PEM first.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-docker] gxthrj closed issue #106: 9443 端口无法请求
Posted by GitBox <gi...@apache.org>.
gxthrj closed issue #106:
URL: https://github.com/apache/apisix-docker/issues/106
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-docker] liyin37 commented on issue #106: 9443 端口无法请求
Posted by GitBox <gi...@apache.org>.
liyin37 commented on issue #106:
URL: https://github.com/apache/apisix-docker/issues/106#issuecomment-748715088
but I check it in https://myssl.com/cert_decode.html ,it dont find error
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-docker] gxthrj commented on issue #106: 9443 端口无法请求
Posted by GitBox <gi...@apache.org>.
gxthrj commented on issue #106:
URL: https://github.com/apache/apisix-docker/issues/106#issuecomment-750907229
If there are no other problems, will close this issue tomorrow.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-docker] gxthrj commented on issue #106: 9443 端口无法请求
Posted by GitBox <gi...@apache.org>.
gxthrj commented on issue #106:
URL: https://github.com/apache/apisix-docker/issues/106#issuecomment-750797452
@liyin37 any news ? Do you still have errors ?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-docker] gxthrj commented on issue #106: 9443 端口无法请求
Posted by GitBox <gi...@apache.org>.
gxthrj commented on issue #106:
URL: https://github.com/apache/apisix-docker/issues/106#issuecomment-750905184
You can use `snis`.
e.g.
```json
{
"snis":["*.foo.com", "bar.com"],
"cert": xxx,
"key": "yyy"
}
```
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-docker] gxthrj edited a comment on issue #106: 9443 端口无法请求
Posted by GitBox <gi...@apache.org>.
gxthrj edited a comment on issue #106:
URL: https://github.com/apache/apisix-docker/issues/106#issuecomment-750905184
@liyin37 You can use `snis`.
e.g.
```json
{
"snis":["*.foo.com", "bar.com"],
"cert": xxx,
"key": "yyy"
}
```
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-docker] gxthrj commented on issue #106: 9443 端口无法请求
Posted by GitBox <gi...@apache.org>.
gxthrj commented on issue #106:
URL: https://github.com/apache/apisix-docker/issues/106#issuecomment-748611466
Related to #97
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-docker] tokers edited a comment on issue #106: 9443 端口无法请求
Posted by GitBox <gi...@apache.org>.
tokers edited a comment on issue #106:
URL: https://github.com/apache/apisix-docker/issues/106#issuecomment-748713303
I try your certificates:
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org