You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2021/06/07 03:55:41 UTC
[GitHub] [apisix] whioue opened a new issue #4383: request help: build OpenResty for APISIX
whioue opened a new issue #4383:
URL: https://github.com/apache/apisix/issues/4383
### Issue description
When I execute build-apimix-openresty.sh, an error is reported, as shown in the figure below
I'm not sure if it's because of the low version of OpenSSL, I try to upgrade to OpenSSL 1.1.1k, or I will report the same error
### Environment
centos7
It's already installed apisix 2.6 version
* apisix version (cmd: `apisix version`):
* OS (cmd: `uname -a`):
* OpenResty / Nginx version (cmd: `nginx -V` or `openresty -V`):
* etcd version, if have (cmd: run `curl http://127.0.0.1:9090/v1/server_info` to get the info from server-info API):
* apisix-dashboard version, if have:
* luarocks version, if the issue is about installation (cmd: `luarocks --version`):
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] whioue removed a comment on issue #4383: request help: build OpenResty for APISIX
Posted by GitBox <gi...@apache.org>.
whioue removed a comment on issue #4383:
URL: https://github.com/apache/apisix/issues/4383#issuecomment-855601792
When I finished the compilation by modifying build-apisix-openresty.sh, but when I started apisix, I reported an error. I don't know what caused it. The certificate I have configured and can get the result through the command line of etcdctl --endpoints="https://127.0.0.1:2379" --cacert="ca.pem" --key="client-key.pem" --cert="client.pem" get /apisix/plugins
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] spacewander commented on issue #4383: request help: build OpenResty for APISIX
Posted by GitBox <gi...@apache.org>.
spacewander commented on issue #4383:
URL: https://github.com/apache/apisix/issues/4383#issuecomment-856415324
BTW, what's your etcd version?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] spacewander commented on issue #4383: request help: build OpenResty for APISIX
Posted by GitBox <gi...@apache.org>.
spacewander commented on issue #4383:
URL: https://github.com/apache/apisix/issues/4383#issuecomment-857346058
https://github.com/apache/apisix/tree/master/t/certs
You can try the /t/certs/mtls_*
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] whioue edited a comment on issue #4383: request help: build OpenResty for APISIX
Posted by GitBox <gi...@apache.org>.
whioue edited a comment on issue #4383:
URL: https://github.com/apache/apisix/issues/4383#issuecomment-855607967
> You can use openresty-openssl111, see this PR: https://github.com/api7/apisix-build-tools/pull/40/files
When I finished the compilation by modifying build-apisix-openresty.sh, but when I started apisix, I reported an error. I don't know what caused it. The certificate I have configured and can get the result through the command line of etcdctl --endpoints="https://127.0.0.1:2379" --cacert="ca.pem" --key="client-key.pem" --cert="client.pem" get /apisix/plugins
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] whioue commented on issue #4383: request help: build OpenResty for APISIX
Posted by GitBox <gi...@apache.org>.
whioue commented on issue #4383:
URL: https://github.com/apache/apisix/issues/4383#issuecomment-855607967
> You can use openresty-openssl111, see this PR: https://github.com/api7/apisix-build-tools/pull/40/files
When I finished the compilation by modifying build-apisix-openresty.sh, but when I started apisix, I reported an error. I don't know what caused it. The certificate I have configured and can get the result through the command line of etcdctl --endpoints="https://127.0.0.1:2379" --cacert="ca.pem" --key="client-key.pem" --cert="client.pem" get /apisix/plugins
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] whioue commented on issue #4383: request help: build OpenResty for APISIX
Posted by GitBox <gi...@apache.org>.
whioue commented on issue #4383:
URL: https://github.com/apache/apisix/issues/4383#issuecomment-857341249
> I found this in the etcd's error log:
>
> > 2021-06-09 11:10:13.022735 I | embed: rejected connection from "127.0.0.1:50898" (error "tls: failed to verify client's certificate: x509: certificate specifies an incompatible key usage", ServerName "")
> > WARNING: 2021/06/09 11:10:13 grpc: addrConn.createTransport failed to connect to {127.0.0.1:12379 0 }. Err :connection error: desc = "transport: authentication handshake failed: remote error: tls: bad certificate". Reconnecting...
>
> Maybe it relates to [etcd-io/etcd#9785](https://github.com/etcd-io/etcd/issues/9785) and [etcd-io/etcd#9398](https://github.com/etcd-io/etcd/issues/9398)
May be related to my certificate error, can you provide a certificate that can be used normally
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] spacewander commented on issue #4383: request help: build OpenResty for APISIX
Posted by GitBox <gi...@apache.org>.
spacewander commented on issue #4383:
URL: https://github.com/apache/apisix/issues/4383#issuecomment-857339183
I found this in the etcd's error log:
> 2021-06-09 11:10:13.022735 I | embed: rejected connection from "127.0.0.1:50898" (error "tls: failed to verify client's certificate: x509: certificate specifies an incompatible key usage", ServerName "")
WARNING: 2021/06/09 11:10:13 grpc: addrConn.createTransport failed to connect to {127.0.0.1:12379 <nil> 0 <nil>}. Err :connection error: desc = "transport: authentication handshake failed: remote error: tls: bad certificate". Reconnecting...
Maybe it relates to https://github.com/etcd-io/etcd/issues/9785 and https://github.com/etcd-io/etcd/issues/9398
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] whioue commented on issue #4383: request help: build OpenResty for APISIX
Posted by GitBox <gi...@apache.org>.
whioue commented on issue #4383:
URL: https://github.com/apache/apisix/issues/4383#issuecomment-857364517
> https://github.com/apache/apisix/tree/master/t/certs
>
> You can try the /t/certs/mtls_* files.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] whioue commented on issue #4383: request help: build OpenResty for APISIX
Posted by GitBox <gi...@apache.org>.
whioue commented on issue #4383:
URL: https://github.com/apache/apisix/issues/4383#issuecomment-856420327
> Can you send us the
>
> * ca.pem
> * server.pem
> * server-key.pem
> * client.pem
> * client-key.pem
>
> So we are able to reproduce it on our side?
ok, thanks. The etcd version: 3.4.13
ca.pem
-----BEGIN CERTIFICATE-----
MIIDfjCCAmagAwIBAgIUUfd6wRB6JfFctEuVeM1EPOuUoeswDQYJKoZIhvcNAQEL
BQAwRTELMAkGA1UEBhMCQ04xEDAOBgNVBAgTB2JlaWppbmcxCzAJBgNVBAcTAkJK
MRcwFQYDVQQDEw5UT1BBR1cgRXRjZCBDQTAeFw0yMTA2MDExNTI5MDBaFw0yNjA1
MzExNTI5MDBaMEUxCzAJBgNVBAYTAkNOMRAwDgYDVQQIEwdiZWlqaW5nMQswCQYD
VQQHEwJCSjEXMBUGA1UEAxMOVE9QQUdXIEV0Y2QgQ0EwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQC4QH/JvU0UrVNnQD4eE18Dgc0WEg4s+sWjWQ0rNj5t
O58qVqNOH6ScsIVjvZDX9p7s0UJOQdnH9+z0phAH4CmEdxxTqrz+DLLS0kDW8Xud
UaQp3u1QQsi/Wc8cG6bzx5nyCafRwDaDfK88KAKFLmpd31qgBHaPNX0fVmu554z2
uyYaS7l71+eK3r7vJKgm+UaBfNPJVyOHSXHVDZJGFj4TVO0QZhtGES6rKNWz2OQ5
rRLIjimDR2aoaEVN+y5ovUPi3ACzSMQp0cBSTiHhmjVTuL55zl+be3PW5FMV2ZJM
EANI+yR3gscPozeB7eWaOpPnQ7QhhyiB6l/HwjVYclIXAgMBAAGjZjBkMA4GA1Ud
DwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgECMB0GA1UdDgQWBBSiHT7oxEB6
88xkwS9mlYx819xmTDAfBgNVHSMEGDAWgBSiHT7oxEB688xkwS9mlYx819xmTDAN
BgkqhkiG9w0BAQsFAAOCAQEARcLkrULpAWalQZo/FI8Sjk/bRBoFHICN1ExQzXc8
SXEMWo1jsq6sz0NeV0oOq+LNZcEM1FfKWCSD7iZIe15nKGAwejNgOvZcYBow0b/+
q3sWj9Fc0kMLW/dp332CjSoxfaaZy2H/j7ON5NwQZFCw1l6OJGMplbXinOrlJeNe
CIME5fdakiOc9nL8e/bU9DRp7penDgxqkUkFRtBevIPwBA9G5jclh+7PAtP0xULw
6RxkC/fgIJIIWNsP+t3xCnt85Xs/MtspvMheaYoEKAJJ3sIafggQh6pd9iYtXLdm
FtKVW43ArdcNOzRccivi1C9HEoNAwfeA5Z7EiMMlVveREA==
-----END CERTIFICATE-----
server.pem
-----BEGIN CERTIFICATE-----
MIIDKzCCAhOgAwIBAgIUHMWqFRrTvBoImMdiS8j+PjyGgvEwDQYJKoZIhvcNAQEL
BQAwRTELMAkGA1UEBhMCQ04xEDAOBgNVBAgTB2JlaWppbmcxCzAJBgNVBAcTAkJK
MRcwFQYDVQQDEw5UT1BBR1cgRXRjZCBDQTAgFw0yMTA2MDExNTMyMDBaGA8yMDUx
MDUyNTE1MzIwMFowgYAxCzAJBgNVBAYTAkNOMRAwDgYDVQQIEwdCZWlqaW5nMRAw
DgYDVQQHEwdCZWlqaW5nMQ8wDQYDVQQKEwZUb3BzZWMxJDAiBgNVBAsTG0Nsb3Vk
IHNlY3VyaXR5IHByb2R1Y3QgbGluZTEWMBQGA1UEAxMNVE9QQUdXIHNlcnZlcjBZ
MBMGByqGSM49AgEGCCqGSM49AwEHA0IABLcXD8nU75bF+ASBg6Id2+B4pIHSTgxM
OwF1qEQFMdswCoQPSGpxsNzluN18kbdMh2RKE76NiUDzfNl/8CTu7m2jgZ8wgZww
DgYDVR0PAQH/BAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB/wQC
MAAwHQYDVR0OBBYEFIhZfimDE6MMesrnqebv4prPHM57MB8GA1UdIwQYMBaAFKId
PujEQHrzzGTBL2aVjHzX3GZMMCcGA1UdEQQgMB6CCmV0Y2RjbGllbnSCBGV0Y2SH
BH8AAAGHBAAAAAAwDQYJKoZIhvcNAQELBQADggEBAKeKKqpNAV7Na6bltPN51S18
s72wxeHaQpca8FQnLnmGupcGsBAfTrBDiMmk2PbH3p5/IE+y4Q5xBpczCw1JHCVq
DTiFYAu6bbGrvtVmDZX9WGCEdASpW0OwlBW5hrfxyZrAtDoIHerbs3hZUjkC71DU
/WNgRYzCyxYRC1IHPxTV5orUSW5FUnCTQB2vkcNiwV1rQFihqlHJ9CexAs1ZcBB4
StyHoT8BeKz3Xx6AGO7k5TeeXvO71ndq+ihe8goU2VCYrWK3nCui4D7NozWBblUq
JJqUQmS7iGzmB23UOwezlByIUu0stpkewSCOMKwLxK9VaO0wshiwanlkPFojorQ=
-----END CERTIFICATE-----
server-key.pem
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIGExqbJxomfuewqLIIwX+6FnJoTqz/UnBn0WZPTi8/FLoAoGCCqGSM49
AwEHoUQDQgAEtxcPydTvlsX4BIGDoh3b4HikgdJODEw7AXWoRAUx2zAKhA9IanGw
3OW43XyRt0yHZEoTvo2JQPN82X/wJO7ubQ==
-----END EC PRIVATE KEY-----
client.pem
-----BEGIN CERTIFICATE-----
MIIDDzCCAfegAwIBAgIUXPcEhRqwzUf/C8jWDADXy+kOGTswDQYJKoZIhvcNAQEL
BQAwRTELMAkGA1UEBhMCQ04xEDAOBgNVBAgTB2JlaWppbmcxCzAJBgNVBAcTAkJK
MRcwFQYDVQQDEw5UT1BBR1cgRXRjZCBDQTAgFw0yMTA2MDExNTMyMDBaGA8yMDUx
MDUyNTE1MzIwMFowgYAxCzAJBgNVBAYTAkNOMRAwDgYDVQQIEwdCZWlqaW5nMRAw
DgYDVQQHEwdCZWlqaW5nMQ8wDQYDVQQKEwZUb3BzZWMxJDAiBgNVBAsTG0Nsb3Vk
IHNlY3VyaXR5IHByb2R1Y3QgbGluZTEWMBQGA1UEAxMNVE9QQUdXIGNsaWVudDBZ
MBMGByqGSM49AgEGCCqGSM49AwEHA0IABATznSNl2KQnCqB3AuScEEsXndNYMhqz
DzJ6lsxU3RliCffWEH2qHnOLJHD3KrXg1X5AUAjFaf6749nE3z4xM9CjgYMwgYAw
DgYDVR0PAQH/BAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAwGA1UdEwEB/wQC
MAAwHQYDVR0OBBYEFLxEaEYbP6yX7u5jo2SoeYJ8v+a9MB8GA1UdIwQYMBaAFKId
PujEQHrzzGTBL2aVjHzX3GZMMAsGA1UdEQQEMAKCADANBgkqhkiG9w0BAQsFAAOC
AQEAJg4iNHdVpu0HHm5jO9ecYhx1EsAb+sWBnwm8R1ccF/041s9IT83QtbGabeaf
9c3hhkBdfmeP1X76wGt4XXah7QndZknXIDfXxZ4bbLxYdKIonGvsdXksqiFHiUh7
SuRF19KIQSiXUZwIrGB9hEuWEW4SitKAkPiQdUp95TgIyzIoMV20gONuKmU1FcbH
8e2tVu6FblDgI9otoJUWwuqWh5ACNNdAJcwzsoXhzBG09AqMJWMqBXGfMTp47r8d
zZXt8qN3LbKKpz06ECbERUETRCvPpgB064jW983fwXHu6PawQgcADcCgU4beCr7+
LpcEat5C7yxTR66fN1qIAZFPqw==
-----END CERTIFICATE-----
client-key.pem
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIMWK4VLgo7Ng/CwtingaMnQ0TfPLdY59Rud9nrXfz4L8oAoGCCqGSM49
AwEHoUQDQgAEBPOdI2XYpCcKoHcC5JwQSxed01gyGrMPMnqWzFTdGWIJ99YQfaoe
c4skcPcqteDVfkBQCMVp/rvj2cTfPjEz0A==
-----END EC PRIVATE KEY-----
The file compression package is as follows
[etcd_pem.tar.gz](https://github.com/apache/apisix/files/6613383/etcd_pem.tar.gz)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] spacewander commented on issue #4383: request help: build OpenResty for APISIX
Posted by GitBox <gi...@apache.org>.
spacewander commented on issue #4383:
URL: https://github.com/apache/apisix/issues/4383#issuecomment-856414950
Can you send us the
* ca.pem
* server.pem
* server-key.pem
* client.pem
* client-key.pem
So we are able to reproduce it on our side?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] spacewander edited a comment on issue #4383: request help: build OpenResty for APISIX
Posted by GitBox <gi...@apache.org>.
spacewander edited a comment on issue #4383:
URL: https://github.com/apache/apisix/issues/4383#issuecomment-857346058
https://github.com/apache/apisix/tree/master/t/certs
You can try the /t/certs/mtls_* files.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] whioue commented on issue #4383: request help: build OpenResty for APISIX
Posted by GitBox <gi...@apache.org>.
whioue commented on issue #4383:
URL: https://github.com/apache/apisix/issues/4383#issuecomment-857331772
> BTW, what's your etcd version?
my etcd version is 3.4.13
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] whioue closed issue #4383: request help: build OpenResty for APISIX
Posted by GitBox <gi...@apache.org>.
whioue closed issue #4383:
URL: https://github.com/apache/apisix/issues/4383
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] whioue commented on issue #4383: request help: build OpenResty for APISIX
Posted by GitBox <gi...@apache.org>.
whioue commented on issue #4383:
URL: https://github.com/apache/apisix/issues/4383#issuecomment-856383986
> Have you trusted `ca.pem` in the
>
> https://github.com/apache/apisix/blob/27ee55199d62fe0771ae19c90da4fe58a860f2d7/conf/config-default.yaml#L116
I tried to add a CA certificate, but received this error message
My configuration is like this:
etcd configuration is:
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] spacewander commented on issue #4383: request help: build OpenResty for APISIX
Posted by GitBox <gi...@apache.org>.
spacewander commented on issue #4383:
URL: https://github.com/apache/apisix/issues/4383#issuecomment-856358150
Have you trusted `ca.pem` in the https://github.com/apache/apisix/blob/27ee55199d62fe0771ae19c90da4fe58a860f2d7/conf/config-default.yaml#L116
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] spacewander commented on issue #4383: request help: build OpenResty for APISIX
Posted by GitBox <gi...@apache.org>.
spacewander commented on issue #4383:
URL: https://github.com/apache/apisix/issues/4383#issuecomment-855557011
You can use openresty-openssl111, see this PR: https://github.com/api7/apisix-build-tools/pull/40/files
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] whioue commented on issue #4383: request help: build OpenResty for APISIX
Posted by GitBox <gi...@apache.org>.
whioue commented on issue #4383:
URL: https://github.com/apache/apisix/issues/4383#issuecomment-855601792
When I finished the compilation by modifying build-apisix-openresty.sh, but when I started apisix, I reported an error. I don't know what caused it. The certificate I have configured and can get the result through the command line of etcdctl --endpoints="https://127.0.0.1:2379" --cacert="ca.pem" --key="client-key.pem" --cert="client.pem" get /apisix/plugins
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org