You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by "laizuan (via GitHub)" <gi...@apache.org> on 2023/04/28 16:20:31 UTC
[GitHub] [apisix] laizuan opened a new issue, #9397: help request: Cannot you access https correctly after configuring ssl?
laizuan opened a new issue, #9397:
URL: https://github.com/apache/apisix/issues/9397
### Description
I applied for an ssl certificate on Tencent Cloud platform.
Console config
config.yml
`
apisix:
node_listen:
- 80
- 443
ssl:
enable: true
listen:
- port: 443
enable_ipv6: false
enable_server_tokens: false
enable_control: true
control:
ip: "0.0.0.0"
port: 9092
`
docker compose
`
version: "3"
services:
apisix-dashboard:
image: apache/apisix-dashboard:3.0.1-alpine
restart: always
environment:
- TZ=Asia/Shanghai
container_name: apisix-dashboard
volumes:
- ./dashboard_conf/conf.yaml:/usr/local/apisix-dashboard/conf/conf.yaml
ports:
- "9000:9000"
networks:
apisix:
apisix:
image: apache/apisix:${APISIX_IMAGE_TAG:-3.2.0-debian}
restart: always
container_name: apisix
environment:
- TZ=Asia/Shanghai
volumes:
- ./apisix_conf/config.yaml:/usr/local/apisix/conf/config.yaml:ro
#- ./static:/home
depends_on:
- etcd
##network_mode: host
ports:
- "80:80/tcp"
- "443:443/tcp"
networks:
apisix:
etcd:
image: bitnami/etcd:3.4.15
restart: always
container_name: etcd
volumes:
- etcd_data:/bitnami/etcd
environment:
ETCD_ENABLE_V2: "true"
ALLOW_NONE_AUTHENTICATION: "yes"
ETCD_ADVERTISE_CLIENT_URLS: "http://etcd:2379"
ETCD_LISTEN_CLIENT_URLS: "http://0.0.0.0:2379"
ports:
- "2379:2379/tcp"
networks:
apisix:
`
route config
`
{
"uri": "/nexus/*",
"name": "nexus",
"methods": [
"GET",
"POST",
"PUT",
"DELETE",
"PATCH",
"HEAD",
"OPTIONS",
"CONNECT",
"TRACE",
"PURGE"
],
"plugins": {
"proxy-rewrite": {
"regex_uri": [
"^/nexus/(.*)",
"/${1}"
]
}
},
"upstream": {
"nodes": [
{
"host": "localhost",
"port": 8081,
"weight": 1
}
],
"timeout": {
"connect": 6,
"send": 6,
"read": 6
},
"type": "roundrobin",
"scheme": "http",
"pass_host": "pass",
"keepalive_pool": {
"idle_timeout": 60,
"requests": 1000,
"size": 320
}
},
"enable_websocket": true,
"status": 1
}
`
2.png…]()
### Environment
- APISIX version (run `apisix version`):
- Operating system (run `uname -a`):
uname -a
Linux master-yzjbz2158990521-1542702819626 5.4.0-70-generic #78-Ubuntu SMP Fri Mar 19 13:29:52 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
- OpenResty / Nginx version (run `openresty -V` or `nginx -V`):
nginx version: openresty/1.21.4.1
- etcd version, if relevant (run `curl http://127.0.0.1:9090/v1/server_info`):
- APISIX Dashboard version, if relevant:
- Plugin runner version, for issues related to plugin runners:
- LuaRocks version, for installation issues (run `luarocks --version`):
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] An-DJ commented on issue #9397: help request: Cannot you access https correctly after configuring ssl?
Posted by "An-DJ (via GitHub)" <gi...@apache.org>.
An-DJ commented on issue #9397:
URL: https://github.com/apache/apisix/issues/9397#issuecomment-1564135476
Hi, a new doc about how to configure HTTPS between client and APISIX is published here:
https://docs.api7.ai/apisix/how-to-guide/traffic-management/tls-and-mtls/configure-https-between-client-and-apisix
Maybe it is helpful to you @laizuan @xiaolei000129
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] shreemaan-abhishek commented on issue #9397: help request: Cannot you access https correctly after configuring ssl?
Posted by "shreemaan-abhishek (via GitHub)" <gi...@apache.org>.
shreemaan-abhishek commented on issue #9397:
URL: https://github.com/apache/apisix/issues/9397#issuecomment-1528774272
Hey, one screenshot is missing from your issue description please add it.
<img width="653" alt="image" src="https://user-images.githubusercontent.com/61597896/235301829-ccceedde-daaf-41a3-8091-77605a443acc.png">
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] laizuan closed issue #9397: help request: Cannot you access https correctly after configuring ssl?
Posted by "laizuan (via GitHub)" <gi...@apache.org>.
laizuan closed issue #9397: help request: Cannot you access https correctly after configuring ssl?
URL: https://github.com/apache/apisix/issues/9397
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] An-DJ commented on issue #9397: help request: Cannot you access https correctly after configuring ssl?
Posted by "An-DJ (via GitHub)" <gi...@apache.org>.
An-DJ commented on issue #9397:
URL: https://github.com/apache/apisix/issues/9397#issuecomment-1533987141
@laizuan FYI, do you want to configure a route to access an HTTPS backend?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] xiaolei000129 commented on issue #9397: help request: Cannot you access https correctly after configuring ssl?
Posted by "xiaolei000129 (via GitHub)" <gi...@apache.org>.
xiaolei000129 commented on issue #9397:
URL: https://github.com/apache/apisix/issues/9397#issuecomment-1556150486
解决了吗?我也遇到这个问题了,我们的前端是https 但是我的接口是http://xxx:9080 不知道怎么使用https 实现
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] laizuan commented on issue #9397: help request: Cannot you access https correctly after configuring ssl?
Posted by "laizuan (via GitHub)" <gi...@apache.org>.
laizuan commented on issue #9397:
URL: https://github.com/apache/apisix/issues/9397#issuecomment-1635227442
@An-DJ
Hi. thank you very much for providing documentation help, I followed the documentation in a clean environment. It worked
I checked the configuration file and found the problem, FYI:
- I modified the port of 'apisix' in the `docker-compose` file
```yaml
##This is wrong
ports:
- "80:80/tcp"
- "443:443/tcp"
## Right way. === Don't delete port bindings that you don't think are useful ===
ports:
- "9180:9180/tcp"
- "80:9080/tcp"
- "9091:9091/tcp"
- "443:9443/tcp"
- "9092:9092/tcp"
```
Additionally, I tested and found that 'X-API-KEY' was set to '1234567890' or exceeded 32 characters in length, and the verification did not pass correctly. Does it have rules?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] laizuan commented on issue #9397: help request: Cannot you access https correctly after configuring ssl?
Posted by "laizuan (via GitHub)" <gi...@apache.org>.
laizuan commented on issue #9397:
URL: https://github.com/apache/apisix/issues/9397#issuecomment-1528813510
I used docker to redeploy nginx and configure ssl. It works fine
```txt
server {
listen 443 ssl;
server_name devops.xxxxxxx.com;
ssl_certificate /etc/nginx/conf.d/ssl/ssl.crt;
ssl_certificate_key /etc/nginx/conf.d/ssl/ssl.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
location / {
default_type application/json;
return 200 '{"status": "success"}';
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
```
when I copied the nginx.conf configuration ssl code from the apisix container, it had the same problem
i am not sure if there is a problem with the ssl configuration generated by apisix. i'm going to try to configure my ssl in this [way](https://apisix.apache.org/zh/docs/apisix/FAQ/#%E5%A6%82%E4%BD%95%E5%9F%BA%E4%BA%8E-acmesh-%E8%87%AA%E5%8A%A8%E6%9B%B4%E6%96%B0-apisix-ssl-%E8%AF%81%E4%B9%A6)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] laizuan commented on issue #9397: help request: Cannot you access https correctly after configuring ssl?
Posted by "laizuan (via GitHub)" <gi...@apache.org>.
laizuan commented on issue #9397:
URL: https://github.com/apache/apisix/issues/9397#issuecomment-1528810621
@shreemaan-abhishek Hey, I updated my terrible description
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] laizuan commented on issue #9397: help request: Cannot you access https correctly after configuring ssl?
Posted by "laizuan (via GitHub)" <gi...@apache.org>.
laizuan commented on issue #9397:
URL: https://github.com/apache/apisix/issues/9397#issuecomment-1564139965
Wow, is this the new official website? I like it very much. In addition, I will try your suggestion, THK
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org