You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by "sccblue (via GitHub)" <gi...@apache.org> on 2023/03/03 06:50:54 UTC
[GitHub] [apisix] sccblue opened a new issue, #9003: bug: 找不到证书
sccblue opened a new issue, #9003:
URL: https://github.com/apache/apisix/issues/9003
### Current Behavior
在dashboard上传证书后,apisix能自行找到https证书并处理https请求
但是,当运行apisix(traditional mode)的pod全部被重启过一遍后(可以让deployment副本数为1,即只运行一个pod,然后kubectl delete pod),待新pod起来后,http请求可以正常转发,https请求会报错 failed to find any SSL certificate by SNI
用户自行修复的方式:进入dashboard控制台-证书。在“证书列表“中的所有证书删除再次删除,即可恢复(全部域名都需要操作一次)
### Expected Behavior
不要出现该问题
### Error Logs
_No response_
### Steps to Reproduce
在dashboard上传证书后,apisix能自行找到https证书并处理https请求
但是,当运行apisix(traditional mode)的pod全部被重启过一遍后(可以让deployment副本数为1,即只运行一个pod,然后kubectl delete pod),待新pod起来后,http请求可以正常转发,https请求会报错 failed to find any SSL certificate by SNI
用户自行修复的方式:进入dashboard控制台-证书。在“证书列表“中的所有证书删除再次删除,即可恢复(全部域名都需要操作一次)
### Environment
- APISIX version (run `apisix version`):2.15.1 2.15.2
- Operating system (run `uname -a`):5.4.0-1065-gke #68-Ubuntu SMP Wed Mar 2 14:58:37 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux (从官方下载的docker pull apache/apisix:2.15.2-centos docker pull apache/apisix:2.15.1-centos)
-
- OpenResty / Nginx version (run `openresty -V` or `nginx -V`):
- nginx version: openresty/1.21.4.1
built by gcc 9.3.1 20200408 (Red Hat 9.3.1-2) (GCC)
built with OpenSSL 1.1.1n 15 Mar 2022 (running with OpenSSL 1.1.1s 1 Nov 2022)
TLS SNI support enabled
configure arguments: --prefix=/usr/local/openresty/nginx --with-cc-opt='-O2 -DAPISIX_BASE_VER=1.21.4.1.3 -DNGX_GRPC_CLI_ENGINE_PATH=/usr/local/openresty/libgrpc_engine.so -DNGX_HTTP_GRPC_CLI_ENGINE_PATH=/usr/local/openresty/libgrpc_engine.so -DNGX_LUA_ABORT_AT_PANIC -I/usr/local/openresty/zlib/include -I/usr/local/openresty/pcre/include -I/usr/local/openresty/openssl111/include' --add-module=../ngx_devel_kit-0.3.1 --add-module=../echo-nginx-module-0.62 --add-module=../xss-nginx-module-0.06 --add-module=../ngx_coolkit-0.2 --add-module=../set-misc-nginx-module-0.33 --add-module=../form-input-nginx-module-0.12 --add-module=../encrypted-session-nginx-module-0.09 --add-module=../srcache-nginx-module-0.32 --add-module=../ngx_lua-0.10.21 --add-module=../ngx_lua_upstream-0.07 --add-module=../headers-more-nginx-module-0.33 --add-module=../array-var-nginx-module-0.05 --add-module=../memc-nginx-module-0.19 --add-module=../redis2-nginx-module-0.15 --add-module=../redis-nginx-module-0.3.9 --ad
d-module=../ngx_stream_lua-0.0.11 --with-ld-opt='-Wl,-rpath,/usr/local/openresty/luajit/lib -Wl,-rpath,/usr/local/openresty/wasmtime-c-api/lib -L/usr/local/openresty/zlib/lib -L/usr/local/openresty/pcre/lib -L/usr/local/openresty/openssl111/lib -Wl,-rpath,/usr/local/openresty/zlib/lib:/usr/local/openresty/pcre/lib:/usr/local/openresty/openssl111/lib' --add-module=/tmp/tmp.Xhr2NIouwg/openresty-1.21.4.1/../mod_dubbo-1.0.2 --add-module=/tmp/tmp.Xhr2NIouwg/openresty-1.21.4.1/../ngx_multi_upstream_module-1.1.1 --add-module=/tmp/tmp.Xhr2NIouwg/openresty-1.21.4.1/../apisix-nginx-module-1.11.0 --add-module=/tmp/tmp.Xhr2NIouwg/openresty-1.21.4.1/../apisix-nginx-module-1.11.0/src/stream --add-module=/tmp/tmp.Xhr2NIouwg/openresty-1.21.4.1/../apisix-nginx-module-1.11.0/src/meta --add-module=/tmp/tmp.Xhr2NIouwg/openresty-1.21.4.1/../wasm-nginx-module-0.6.4 --add-module=/tmp/tmp.Xhr2NIouwg/openresty-1.21.4.1/../lua-var-nginx-module-v0.5.3 --add-module=/tmp/tmp.Xhr2NIouwg/openresty-1.21.4.1/../grp
c-client-nginx-module-v0.3.1 --with-poll_module --with-pcre-jit --with-stream --with-stream_ssl_module --with-stream_ssl_preread_module --with-http_v2_module --without-mail_pop3_module --without-mail_imap_module --without-mail_smtp_module --with-http_stub_status_module --with-http_realip_module --with-http_addition_module --with-http_auth_request_module --with-http_secure_link_module --with-http_random_index_module --with-http_gzip_static_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-threads --with-compat --with-stream --with-http_ssl_module
- etcd version, if relevant (run `curl http://127.0.0.1:9090/v1/server_info`): {"etcdserver":"3.5.7","etcdcluster":"3.5.0"}
-
- APISIX Dashboard version, if relevant: docker pull apache/apisix-dashboard:3.0.0-centos
- Plugin runner version, for issues related to plugin runners:
- LuaRocks version, for installation issues (run `luarocks --version`):
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] sccblue commented on issue #9003: bug: 找不到证书
Posted by "sccblue (via GitHub)" <gi...@apache.org>.
sccblue commented on issue #9003:
URL: https://github.com/apache/apisix/issues/9003#issuecomment-1455685318
> please
upgrade apisix version to 3.1.0, It fix
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] Baoyuantop commented on issue #9003: bug: 找不到证书
Posted by "Baoyuantop (via GitHub)" <gi...@apache.org>.
Baoyuantop commented on issue #9003:
URL: https://github.com/apache/apisix/issues/9003#issuecomment-1453085667
Dashboard 3.0.0 cannot be used with APISIX 2.15.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] Baoyuantop commented on issue #9003: bug: 找不到证书
Posted by "Baoyuantop (via GitHub)" <gi...@apache.org>.
Baoyuantop commented on issue #9003:
URL: https://github.com/apache/apisix/issues/9003#issuecomment-1455283493
This can lead to compatibility issues, so please use Dashboard 2.15.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] sccblue closed issue #9003: bug: 找不到证书
Posted by "sccblue (via GitHub)" <gi...@apache.org>.
sccblue closed issue #9003: bug: 找不到证书
URL: https://github.com/apache/apisix/issues/9003
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org