You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by "jensg-st (via GitHub)" <gi...@apache.org> on 2023/03/21 14:02:06 UTC
[GitHub] [apisix-ingress-controller] jensg-st opened a new issue, #1738: request help:
jensg-st opened a new issue, #1738:
URL: https://github.com/apache/apisix-ingress-controller/issues/1738
### Issue description
We are trying to replace nginx ingress controller with apisix but we are experiencing an issue with TCP streaming. We want to proxy SMTP via apisix and the behaviour is different from nginx ingress controller. It might be a apure apisix question or nginx configuration thing.
With nginx we configured the helm chart like that as an example:
```yaml
ingress-nginx:
tcp:
2525: default/smtp-listener:2525
```
This worked perfectly fine.
Now we are configuring the ingress controller in regards to TCP like this:
```yaml
gateway:
type: LoadBalancer
tls:
enabled: true
sslProtocols: "TLSv1 TLSv1.1 TLSv1.2"
stream:
enabled: true
tcp:
- 2525
```
This opens port 2525 on the gateway side and on apisix. With a route we are adding the backend service.
```yaml
apiVersion: apisix.apache.org/v2
kind: ApisixRoute
metadata:
name: tcp-route
spec:
stream:
- name: tcp-route-rule1
protocol: TCP
match:
ingressPort: 2525
backend:
serviceName: smtp-listener
servicePort: 2525
```
The problem here is the behaviour of the proxy itself I'm assuming. With nginx ingress controller or port-forwarding to the service we are getting the following:
```
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
220 localhost ESMTP Service Ready
```
With apisix it seems the connection "hangs" till the first data or command is set:
```
Trying 192.168.0.1...
Connected to computer.local.
Escape character is '^]'.
AUTH LOGIN
220 localhost ESMTP Service Ready
502 5.5.1 Please introduce yourself first.
```
As you can see, the `ESMTP Service Ready` comes AFTER sending the first data to the service. Is there a configuration I need to add so the data is getting send immediately? This breaks every SMTP client which considers this service not as SMTP service.
### Environment
- your apisix-ingress-controller version (output of apisix-ingress-controller version --long):
```
Version: 1.6.0
Git SHA: no-git-module
Go Version: go1.19.5
Building OS/Arch: linux/amd64
Running OS/Arch: linux/amd64
```
- your Kubernetes cluster version (output of kubectl version):
```
Client Version: version.Info{Major:"1", Minor:"24", GitVersion:"v1.24.7+k3s1", GitCommit:"7af5b16788afe9ce1718d7b75b35eafac7454705", GitTreeState:"clean", BuildDate:"2022-10-25T19:31:34Z", GoVersion:"go1.18.7", Compiler:"gc", Platform:"linux/amd64"}
Kustomize Version: v4.5.4
Server Version: version.Info{Major:"1", Minor:"24", GitVersion:"v1.24.7+k3s1", GitCommit:"7af5b16788afe9ce1718d7b75b35eafac7454705", GitTreeState:"clean", BuildDate:"2022-10-25T19:31:34Z", GoVersion:"go1.18.7", Compiler:"gc", Platform:"linux/amd64"}
```
- if you run apisix-ingress-controller in Bare-metal environment, also show your OS version (uname -a):
```
5.19.0-32-generic #33~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Mon Jan 30 17:03:34 UTC 2 x86_64 x86_64 x86_64 GNU/Linux
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-ingress-controller] jensg-st commented on issue #1738: request help: how to use APISIX Ingress proxy SMTP
Posted by "jensg-st (via GitHub)" <gi...@apache.org>.
jensg-st commented on issue #1738:
URL: https://github.com/apache/apisix-ingress-controller/issues/1738#issuecomment-1490253248
Thank you for replying. I kind of figured out what the issue is/was. We have some problems with Ubuntu hosts and the centos7 image you are using (#1602) and we don't need Hong Kong timezone for our images.
Because of the DNS issue we had with the image we did build our own image based on Ubuntu 22.04. I don't know what the issue with that base image is but it had this TCP "hang". We decided now to use Rocky Linux as base image for the ingress controller because it is basically one of the successors of Centos. That works like a charm. Thanks again.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-ingress-controller] jensg-st closed issue #1738: request help: how to use APISIX Ingress proxy SMTP
Posted by "jensg-st (via GitHub)" <gi...@apache.org>.
jensg-st closed issue #1738: request help: how to use APISIX Ingress proxy SMTP
URL: https://github.com/apache/apisix-ingress-controller/issues/1738
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-ingress-controller] ps-19 commented on issue #1738: request help: how to use APISIX Ingress proxy SMTP
Posted by "ps-19 (via GitHub)" <gi...@apache.org>.
ps-19 commented on issue #1738:
URL: https://github.com/apache/apisix-ingress-controller/issues/1738#issuecomment-1490346063
Use the `stream_timeout` option to configure Apisix to send the SMTP Service response after the connection is established.
_Default value of stream_timeout is 10 sec._
```
gateway:
type: LoadBalancer
tls:
enabled: true
sslProtocols: "TLSv1 TLSv1.1 TLSv1.2"
stream:
enabled: true
tcp:
- 2525
timeout: 2
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-ingress-controller] tao12345666333 commented on issue #1738: request help: how to use APISIX Ingress proxy SMTP
Posted by "tao12345666333 (via GitHub)" <gi...@apache.org>.
tao12345666333 commented on issue #1738:
URL: https://github.com/apache/apisix-ingress-controller/issues/1738#issuecomment-1479067168
I don't know exactly what's going on here.
Can you provide more information? For example, what is your server?
In addition, I suggest that you can use `tcpdump` to capture packets to check whether there is any difference when using APISIX and NGINX.
FYI:
* https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118016-troubleshoot-esa-00.html
* https://learn.microsoft.com/en-us/exchange/mail-flow/test-smtp-telnet?view=exchserver-2019
* https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/113423-asa-esmtp-smtp-inspection.html
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-ingress-controller] AlinsRan commented on issue #1738: request help:
Posted by "AlinsRan (via GitHub)" <gi...@apache.org>.
AlinsRan commented on issue #1738:
URL: https://github.com/apache/apisix-ingress-controller/issues/1738#issuecomment-1478772217
Let me check it.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org