Comments (4)
agentzh
commented on September 14, 2024
1
@hololoev It's not the Host HTTP request header at all. It is the TLS extension SNI. It's completely normal for an SSL client to not use this TLS extension or jut not provide the SNI name.
The only way to be 100% sure is to inspect the SSL client_hello packets directly.
from lua-resty-core.
agentzh
commented on September 14, 2024
@hololoev Are you 100% sure the problematic SSL connection indeed provides an SNI name? The line number you referenced is clearly for the case that there is no SNI name present in the SSL client's request packet.
from lua-resty-core.
agentzh
commented on September 14, 2024
@hololoev To support those older SSL clients with no SNI support, you have to use different server IP addresses for each different SSL domains. There is just no other way around this.
from lua-resty-core.
hololoev
commented on September 14, 2024
@agentzh I'm sure on 100%, but I'm not sure that it's a bug. Mb we do something wrong. So, right now we have 2 different servers. Old one uses typical nginx scheme - one config file for one client.
Like:
{
server_name ...
cert ...
key ...
...
etc
}
And new one uses lua ssl cert management. The part of this manager is:
local ssl = require('ngx.ssl')
local rawServerName, snerr = ssl.server_name() -- error here
if rawServerName == nil then
ngx.log(ngx.ERR, "LUA-SSL-ERR rawServerName is nil. " .. inspect(snerr) ) -- snerr is nil too
return ngx.exit(405)
end
The old is working fine. And as I understand it means that all necessary headers are present in request. But new (only for yamoney and only for several IPs) doesn't. Old and new servers use the same IPs.
The same lua ssl manager works with about 2000 different websites, but we have a problem only with several.
Is there a way to dig deeper?
from lua-resty-core.
Related Issues (20)
- Error : failed to run balancer_by_lua*: /usr/local/lib/lua/resty/core/base.lua:24: ngx_http_lua_module 0.10.19 or 0.10.20 required HOT 2
- can ngx.resty.core support proxy ceritificate setting directives
- ngx.var.ssl_ciphers in ssl_certificate_by_lua HOT 1
- Failed on IBM Z/S390x HOT 1
- how to set error log level ? HOT 4
- 2022/06/14 05:43:28 [error] 159#0: *45 lua entry thread aborted: runtime error: /opt/nginx/lib/lua/resty/core/misc.lua:178: /usr/local/lib/libluajit-5.1.so.2: undefined symbol: ngx_http_lua_ffi_req_is_internal stack traceback: coroutine 0: [C]: in function '__index' /opt/nginx/lib/lua/resty/core/misc.lua:178: in function 'is_internal' /opt/nginx/scripts/manage_access_session.lua:70: in main chunk, client: 10.221.16.1 HOT 11
- no ssl session caching happen, always new session ID!
- 0.1.24 tag missing features from lua-nginx-module 0.10.22
- I want to get all the extension information of client hello, not just server name , what can I do? HOT 6
- b64.encode_base64url problem HOT 3
- undocumented that errlog.set_filter_level can not be set lower than error_log level HOT 1
- ngx.sleep() does not work in ssl_client_hello_by_lua* HOT 13
- undefined symbol: ngx_http_lua_ffi_var_get HOT 3
- ngx.balancer 如何设置重试状态码 HOT 3
- why the lua version number is commented out in Makefile HOT 4
- nginx: [alert] failed to load the 'resty.core' module (https://github.com/openresty/lua-resty-core); ensure you are using an OpenResty release from https://openresty.org/en/download.html (reason: module 'resty.core' not found: HOT 5
- ngx.shared.DICT:ttl() returns 0 for the exipred key
- Requesting information about security fixes. HOT 1
- runtime error: /usr/local/openresty/lualib/ngx/semaphore.lua:129: attempt to perform arithmetic on a nil value HOT 1
- get_client_hello_ext() | lua-resty-core/lib/ngx/ssl | Issue with custom TLS Extension Type 17516
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from lua-resty-core.