You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2021/05/31 07:59:25 UTC
[GitHub] [apisix] Marco-Zheng opened a new issue #4343: bug: set https certificate but doesn't work
Marco-Zheng opened a new issue #4343:
URL: https://github.com/apache/apisix/issues/4343
### Issue description
I set https certificate but doesn't work
http://test-hello.laoganma.fun/ is ok but https://test-hello.laoganma.fun/ exist with timeout
### Environment
Bug report without environment information will be ignored or closed.
* apisix version (cmd: `apisix version`): 2.4
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] spacewander commented on issue #4343: bug: set https certificate but doesn't work
Posted by GitBox <gi...@apache.org>.
spacewander commented on issue #4343:
URL: https://github.com/apache/apisix/issues/4343#issuecomment-851322022
Need to provide detailed configuration (etcd data, etc.), and the steps to reproduce it.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] spacewander commented on issue #4343: bug: set https certificate but doesn't work
Posted by GitBox <gi...@apache.org>.
spacewander commented on issue #4343:
URL: https://github.com/apache/apisix/issues/4343#issuecomment-851432080
Could you also provide the packet capture file?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] spacewander commented on issue #4343: bug: set https certificate but doesn't work
Posted by GitBox <gi...@apache.org>.
spacewander commented on issue #4343:
URL: https://github.com/apache/apisix/issues/4343#issuecomment-851375715
Don't send us the screenshot. We can't copy your configuration from it. And you doesn't show the most important part: the SSL configuration.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] starsz commented on issue #4343: bug: set https certificate but doesn't work
Posted by GitBox <gi...@apache.org>.
starsz commented on issue #4343:
URL: https://github.com/apache/apisix/issues/4343#issuecomment-851575895
> no error was found, no request path was found after checking access.log
Can you try to use `curl` with --resolve option?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] Marco-Zheng commented on issue #4343: bug: set https certificate but doesn't work
Posted by GitBox <gi...@apache.org>.
Marco-Zheng commented on issue #4343:
URL: https://github.com/apache/apisix/issues/4343#issuecomment-851422737
@spacewander
Sorry, here is the route configuration
```
{
"uris": [
"/*"
],
"name": "test-hello",
"methods": [
"GET",
"HEAD",
"POST",
"PUT",
"DELETE",
"OPTIONS",
"PATCH"
],
"hosts": [
"test-hello.laoganma.fun"
],
"upstream_id": "357208006879871749",
"status": 1
}
```
SNI is `*.laoganma.fun` `laoganma.fun` , the certificate is private so i can't paste it, is there any other SSL configuration need to be added
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] Marco-Zheng edited a comment on issue #4343: bug: set https certificate but doesn't work
Posted by GitBox <gi...@apache.org>.
Marco-Zheng edited a comment on issue #4343:
URL: https://github.com/apache/apisix/issues/4343#issuecomment-851842405
@tokers Ok, i'll have a try, my apisix deploy on k8s, there has node port 30017 map to apisix port 80, but ssl port is 443, may be we need expose it?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] Marco-Zheng commented on issue #4343: bug: set https certificate but doesn't work
Posted by GitBox <gi...@apache.org>.
Marco-Zheng commented on issue #4343:
URL: https://github.com/apache/apisix/issues/4343#issuecomment-851339614
@spacewander Hi, my etcd version is etcd-5.2.1, apisix version (cmd: apisix version): 2.4, apisix-dashboard version: 2.5
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] Marco-Zheng commented on issue #4343: bug: set https certificate but doesn't work
Posted by GitBox <gi...@apache.org>.
Marco-Zheng commented on issue #4343:
URL: https://github.com/apache/apisix/issues/4343#issuecomment-851760299
@spacewander @tokers @starsz Hi, i use command`openssl s_client -connect {APISIX HTTPS Host}:{APISIX HTTPS PORT} -servername test-hello.laoganma.fun
` locally, it show that `no peer certificate available`
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] tokers commented on issue #4343: bug: set https certificate but doesn't work
Posted by GitBox <gi...@apache.org>.
tokers commented on issue #4343:
URL: https://github.com/apache/apisix/issues/4343#issuecomment-852064011
> > > @tokers Ok, i'll have a try, my apisix deploy on k8s, there has node port 30017 map to apisix port 80, but ssl port is 443, may be we need expose it?
> >
> >
> > How did you deploy your APISIX?
>
> @tokers by using helm chart
PR's welcome to optimize it.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] Marco-Zheng edited a comment on issue #4343: bug: set https certificate but doesn't work
Posted by GitBox <gi...@apache.org>.
Marco-Zheng edited a comment on issue #4343:
URL: https://github.com/apache/apisix/issues/4343#issuecomment-851339614
@spacewander Hi, my etcd version is etcd-5.2.1, apisix version (cmd: apisix version): 2.4, apisix-dashboard version: 2.5
step:
1、add certificate for https
2、add route
3、send request to http://test-hello.laoganma.fun, it was successed
send request to https://test-hello.laoganma.fun, it was failed
4、check error.log and access.log
no error was found, no request path was found after checking access.log
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] Marco-Zheng commented on issue #4343: bug: set https certificate but doesn't work
Posted by GitBox <gi...@apache.org>.
Marco-Zheng commented on issue #4343:
URL: https://github.com/apache/apisix/issues/4343#issuecomment-852037263
> > @tokers Ok, i'll have a try, my apisix deploy on k8s, there has node port 30017 map to apisix port 80, but ssl port is 443, may be we need expose it?
>
> How did you deploy your APISIX?
@tokers by using helm chart
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] Marco-Zheng commented on issue #4343: bug: set https certificate but doesn't work
Posted by GitBox <gi...@apache.org>.
Marco-Zheng commented on issue #4343:
URL: https://github.com/apache/apisix/issues/4343#issuecomment-851842405
@tokers Ok, i'll have a try, my apisix deploy on k8s, there has node port 30017 map to apisix port 80, but ssl port for apisix is 443, may be we need expose it?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] tokers commented on issue #4343: bug: set https certificate but doesn't work
Posted by GitBox <gi...@apache.org>.
tokers commented on issue #4343:
URL: https://github.com/apache/apisix/issues/4343#issuecomment-851827329
@Marco-Zheng It seems that APISIX doesn't return the correct cert for this connection, you may try to adjust the error_log level (for instance, `info` )and see some detailed error message.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] tokers commented on issue #4343: bug: set https certificate but doesn't work
Posted by GitBox <gi...@apache.org>.
tokers commented on issue #4343:
URL: https://github.com/apache/apisix/issues/4343#issuecomment-851749006
@Marco-Zheng Could you tell us the particular error message?
You may also use `openssl s_client` to check the TLS handshaking details like:
```sh
openssl s_client -connect {APISIX HTTPS Host}:{APISIX HTTPS PORT} -servername test-hello.laoganma.fun
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] spacewander edited a comment on issue #4343: bug: set https certificate but doesn't work
Posted by GitBox <gi...@apache.org>.
spacewander edited a comment on issue #4343:
URL: https://github.com/apache/apisix/issues/4343#issuecomment-851375715
Don't send us the screenshot. We can't copy your configuration from it. And you didn't show the most important part: the SSL configuration.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] tokers commented on issue #4343: bug: set https certificate but doesn't work
Posted by GitBox <gi...@apache.org>.
tokers commented on issue #4343:
URL: https://github.com/apache/apisix/issues/4343#issuecomment-852026079
> @tokers Ok, i'll have a try, my apisix deploy on k8s, there has node port 30017 map to apisix port 80, but ssl port is 443, may be we need expose it?
How did you deploy your APISIX?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org