This is the mail archive of the cygwin mailing list for the Cygwin project.
| Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
|---|---|---|
| Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
| Other format: | [Raw text] | |
Hi All,
I tried to configure SSL reverse proxy server with Nginx.
And I noticed strange behavior.
nginx/Windows-1.14.0 works as expected.
But nginx/Cygwin-1.14.0-1 doesn't work as expected.
The details are as follows.
Test Patterns and Results:
------------------------------------------------------------
Test Patterns:
1. reverse proxy server (http -> http)
http://www.example.com/ -> http://93.184.216.34/
2. reverse proxy server (http -> https)
http://www.example.net/ -> https://93.184.216.34/
3. reverse proxy server (https -> http)
https://www.example.com/ -> http://93.184.216.34/
4. reverse proxy server (https -> https)
https://www.example.net/ -> https://93.184.216.34/
5. web server (http)
http://www.example.edu/index.html
6. web server (https)
https://www.example.edu/index.html
Test Results (Server: nginx/Cygwin-1.14.0-1):
1. Nginx send http response as expected.
2. Nginx send http response as expected.
3. Nginx doesn't send http response until server stop.
4. Nginx doesn't send http response until server stop.
5. Nginx send http response as expected.
6. Nginx doesn't send http response until server stop.
Test Results (Server: nginx/Windows-1.14.0):
1. Nginx send http response as expected.
2. Nginx send http response as expected.
3. Nginx send http response as expected.
4. Nginx send http response as expected.
5. Nginx send http response as expected.
6. Nginx send http response as expected.
------------------------------------------------------------
Steps to reproduce:
------------------------------------------------------------
OS: Windows 10 Pro (64bit)
Web browser: Chrome 68 (64bit)
A-1) Start Nginx
$ /usr/sbin/nginx -c /etc/nginx/nginx.conf_www.example.org_cygwin
A-2) Access to https://www.example.edu/index.html
Wireshark packet capture results(nginx/Cygwin-1.14.0-1):
Chrome Nginx
| |
| TCP(SYN) |
|---------------------------------------------->|
| TCP(SYN+ACK) |
|<----------------------------------------------|
| TCP(ACK) |
|---------------------------------------------->|
| TLSv1.2(Client Hello) |
|---------------------------------------------->|
| TCP(ACK) |
|<----------------------------------------------|
| TLSv1.2(Server Hello, Certificate) |
|<----------------------------------------------|
| TLSv1.2(Server Key Exchange, |
| Server Hello Done) |
|<----------------------------------------------|
| TCP(ACK) |
|---------------------------------------------->|
| TLSv1.2(Client Key Exchange, |
| Client Cipher Spec, |
| Finished) |
|---------------------------------------------->|
| TCP(ACK) |
|<----------------------------------------------|
| HTTP(GET /index.html HTTP/1.1) |
|---------------------------------------------->|
| TCP(ACK) |
|<----------------------------------------------|
| TLSv1.2(New Session Ticket, |
| Change Cipher Spec, |
| Finished) |
|<----------------------------------------------|
| TCP(ACK) |
|---------------------------------------------->|
| |
| A-3) No response from Nginx. |
| Stop Nginx. |
| |
| $ /usr/sbin/nginx -s stop |
| |
| Nginx send http response. |
| HTTP(HTTP/1.1 200 OK) | *
|<----------------------------------------------|
| TCP(ACK) |
|---------------------------------------------->|
| TLSv1.2(Alert (Level: Warning, |
| Description: Close Notify)) |
|<----------------------------------------------|
| TCP(ACK) |
|---------------------------------------------->|
| TCP(FIN+ACK) |
|<----------------------------------------------|
| TCP(ACK) |
|---------------------------------------------->|
| TCP(FIN+ACK) |
|---------------------------------------------->|
| TCP(ACK) |
|<----------------------------------------------|
| |
B-1) Start Nginx
C:\nginx-1.14.0>start nginx -c C:\nginx-1.14.0\conf\nginx.conf_www.example.org_windows
B-2) Access to https://www.example.edu/index.html
Wireshark packet capture results(nginx/Windows-1.14.0):
Chrome Nginx
| |
| TCP(SYN) |
|---------------------------------------------->|
| TCP(SYN+ACK) |
|<----------------------------------------------|
| TCP(ACK) |
|---------------------------------------------->|
| TLSv1.2(Client Hello) |
|---------------------------------------------->|
| TCP(ACK) |
|<----------------------------------------------|
| TLSv1.2(Server Hello, Certificate) |
|<----------------------------------------------|
| TLSv1.2(Server Key Exchange, |
| Server Hello Done) |
|<----------------------------------------------|
| TCP(ACK) |
|---------------------------------------------->|
| TLSv1.2(Client Key Exchange, |
| Client Cipher Spec, |
| Finished) |
|---------------------------------------------->|
| TCP(ACK) |
|<----------------------------------------------|
| HTTP(GET /index.html HTTP/1.1) |
|---------------------------------------------->|
| TCP(ACK) |
|<----------------------------------------------|
| TLSv1.2(New Session Ticket, |
| Change Cipher Spec, |
| Finished) |
|<----------------------------------------------|
| TCP(ACK) |
|---------------------------------------------->|
| HTTP(HTTP/1.1 200 OK) | *
|<----------------------------------------------|
| TCP(ACK) |
|---------------------------------------------->|
| |
------------------------------------------------------------
/cygdrive/c/Windows/System32/drivers/etc/hosts:
------------------------------------------------------------
127.0.0.1 www.example.org
127.0.0.2 example.com
127.0.0.3 example.edu
127.0.0.4 example.net
127.0.0.5 example.org
127.0.0.6 www.example.com
127.0.0.7 www.example.edu
127.0.0.8 www.example.net
------------------------------------------------------------
/etc/nginx/nginx.conf_www.example.org_cygwin:
------------------------------------------------------------
worker_processes 5;
events {
worker_connections 1024;
}
http {
# www.example.com (HTTP -> HTTP)
server {
listen 127.0.0.6:80;
location / {
proxy_set_header Host $host;
proxy_set_header X-Custom-Header-Test 1;
proxy_pass http://93.184.216.34/;
}
}
# www.example.net (HTTP -> HTTPS)
server {
listen 127.0.0.8:80;
location / {
proxy_set_header Host $host;
proxy_set_header X-Custom-Header-Test 1;
proxy_pass https://93.184.216.34/;
}
}
# www.example.com (HTTPS -> HTTP)
server {
listen 127.0.0.6:443 ssl;
# Multi Domain SSL Certificate
ssl_certificate /etc/nginx/www.example.org.cer;
ssl_certificate_key /etc/nginx/www.example.org.key.nopass;
location / {
proxy_set_header Host $host;
proxy_set_header X-Custom-Header-Test 1;
proxy_pass http://93.184.216.34/;
}
}
# www.example.net (HTTPS -> HTTPS)
server {
listen 127.0.0.8:443 ssl;
# Multi Domain SSL Certificate
ssl_certificate /etc/nginx/www.example.org.cer;
ssl_certificate_key /etc/nginx/www.example.org.key.nopass;
location / {
proxy_set_header Host $host;
proxy_set_header X-Custom-Header-Test 1;
proxy_pass https://93.184.216.34/;
}
}
# www.example.edu (HTTP)
server {
listen 127.0.0.7:80;
}
# www.example.edu (HTTPS)
server {
listen 127.0.0.7:443 ssl;
# Multi Domain SSL Certificate
ssl_certificate /etc/nginx/www.example.org.cer;
ssl_certificate_key /etc/nginx/www.example.org.key.nopass;
}
}
------------------------------------------------------------
/cygdrive/c/nginx-1.14.0/conf/nginx.conf_www.example.org_windows:
------------------------------------------------------------
$ diff /etc/nginx/nginx.conf_www.example.org_cygwin /cygdrive/c/nginx-1.14.0/conf/nginx.conf_www.example.org_windows
33,34c33,34
< ssl_certificate /etc/nginx/www.example.org.cer;
< ssl_certificate_key /etc/nginx/www.example.org.key.nopass;
---
> ssl_certificate C:/nginx-1.14.0/conf/www.example.org.cer;
> ssl_certificate_key C:/nginx-1.14.0/conf/www.example.org.key.nopass;
48,49c48,49
< ssl_certificate /etc/nginx/www.example.org.cer;
< ssl_certificate_key /etc/nginx/www.example.org.key.nopass;
---
> ssl_certificate C:/nginx-1.14.0/conf/www.example.org.cer;
> ssl_certificate_key C:/nginx-1.14.0/conf/www.example.org.key.nopass;
68,69c68,69
< ssl_certificate /etc/nginx/www.example.org.cer;
< ssl_certificate_key /etc/nginx/www.example.org.key.nopass;
---
> ssl_certificate C:/nginx-1.14.0/conf/www.example.org.cer;
> ssl_certificate_key C:/nginx-1.14.0/conf/www.example.org.key.nopass;
------------------------------------------------------------
Other information:
------------------------------------------------------------
$ uname -a
CYGWIN_NT-10.0 DESKTOP-FJ1M9IS 2.11.1(0.329/5/3) 2018-09-05 10:24 x86_64 Cygwin
$ /usr/sbin/nginx -V
nginx version: nginx/1.14.0
built with OpenSSL 1.0.2o 27 Mar 2018
TLS SNI support enabled
configure arguments:
--prefix=/usr/share/nginx
--sbin-path=/usr/sbin/nginx.exe
--modules-path=/usr/lib/nginx/modules
--conf-path=/etc/nginx/nginx.conf
--lock-path=/var/run/nginx.lock
--pid-path=/var/run/nginx.pid
--error-log-path=/var/log/nginx/error.log
--http-log-path=/var/log/nginx/access.log
--http-client-body-temp-path=/var/lib/nginx/tmp/client_body
--http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi
--http-proxy-temp-path=/var/lib/nginx/tmp/proxy
--http-scgi-temp-path=/var/lib/nginx/tmp/scgi
--http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi
--with-http_ssl_module
--with-http_v2_module
--with-http_realip_module
--with-http_addition_module
--with-http_xslt_module=dynamic
--with-http_image_filter_module=dynamic
--with-http_geoip_module=dynamic
--with-http_sub_module
--with-http_dav_module
--with-http_flv_module
--with-http_mp4_module
--with-http_gunzip_module
--with-http_gzip_static_module
--with-http_auth_request_module
--with-http_random_index_module
--with-http_secure_link_module
--with-http_degradation_module
--with-http_slice_module
--with-http_stub_status_module
--with-http_perl_module=dynamic
--with-mail=dynamic
--with-mail_ssl_module
--with-pcre
--with-pcre-jit
--with-stream
--with-stream_geoip_module=dynamic
--with-stream_realip_module
--with-stream_ssl_module
--with-stream_ssl_preread_module
--with-ipv6
--with-cc-opt='-DFD_SETSIZE=2048 -D_GNU_SOURCE'
------------------------------------------------------------
C:\nginx-1.14.0>nginx -V
nginx version: nginx/1.14.0
built by cl 16.00.40219.01 for 80x86
built with OpenSSL 1.0.2o 27 Mar 2018
TLS SNI support enabled
configure arguments:
--with-cc=cl
--builddir=objs.msvc8
--with-debug
--prefix=
--conf-path=conf/nginx.conf
--pid-path=logs/nginx.pid
--http-log-path=logs/access.log
--error-log-path=logs/error.log
--sbin-path=nginx.exe
--http-client-body-temp-path=temp/client_body_temp
--http-proxy-temp-path=temp/proxy_temp
--http-fastcgi-temp-path=temp/fastcgi_temp
--http-scgi-temp-path=temp/scgi_temp
--http-uwsgi-temp-path=temp/uwsgi_temp
--with-cc-opt=-DFD_SETSIZE=1024
--with-pcre=objs.msvc8/lib/pcre-8.42
--with-zlib=objs.msvc8/lib/zlib-1.2.11
--with-select_module
--with-http_v2_module
--with-http_realip_module
--with-http_addition_module
--with-http_sub_module
--with-http_dav_module
--with-http_stub_status_module
--with-http_flv_module
--with-http_mp4_module
--with-http_gunzip_module
--with-http_gzip_static_module
--with-http_auth_request_module
--with-http_random_index_module
--with-http_secure_link_module
--with-http_slice_module
--with-mail
--with-stream
--with-openssl=objs.msvc8/lib/openssl-1.0.2o
--with-openssl-opt=no-asm
--with-http_ssl_module
--with-mail_ssl_module
--with-stream_ssl_module
------------------------------------------------------------
Is there anything wrong with my configuration file?
Regards,
Ryu
Attachment:
cygcheck.out
Description: Binary data
-- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
| Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
|---|---|---|
| Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |