This is the mail archive of the cygwin mailing list for the Cygwin project.
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
Other format: | [Raw text] |
Hi All, I tried to configure SSL reverse proxy server with Nginx. And I noticed strange behavior. nginx/Windows-1.14.0 works as expected. But nginx/Cygwin-1.14.0-1 doesn't work as expected. The details are as follows. Test Patterns and Results: ------------------------------------------------------------ Test Patterns: 1. reverse proxy server (http -> http) http://www.example.com/ -> http://93.184.216.34/ 2. reverse proxy server (http -> https) http://www.example.net/ -> https://93.184.216.34/ 3. reverse proxy server (https -> http) https://www.example.com/ -> http://93.184.216.34/ 4. reverse proxy server (https -> https) https://www.example.net/ -> https://93.184.216.34/ 5. web server (http) http://www.example.edu/index.html 6. web server (https) https://www.example.edu/index.html Test Results (Server: nginx/Cygwin-1.14.0-1): 1. Nginx send http response as expected. 2. Nginx send http response as expected. 3. Nginx doesn't send http response until server stop. 4. Nginx doesn't send http response until server stop. 5. Nginx send http response as expected. 6. Nginx doesn't send http response until server stop. Test Results (Server: nginx/Windows-1.14.0): 1. Nginx send http response as expected. 2. Nginx send http response as expected. 3. Nginx send http response as expected. 4. Nginx send http response as expected. 5. Nginx send http response as expected. 6. Nginx send http response as expected. ------------------------------------------------------------ Steps to reproduce: ------------------------------------------------------------ OS: Windows 10 Pro (64bit) Web browser: Chrome 68 (64bit) A-1) Start Nginx $ /usr/sbin/nginx -c /etc/nginx/nginx.conf_www.example.org_cygwin A-2) Access to https://www.example.edu/index.html Wireshark packet capture results(nginx/Cygwin-1.14.0-1): Chrome Nginx | | | TCP(SYN) | |---------------------------------------------->| | TCP(SYN+ACK) | |<----------------------------------------------| | TCP(ACK) | |---------------------------------------------->| | TLSv1.2(Client Hello) | |---------------------------------------------->| | TCP(ACK) | |<----------------------------------------------| | TLSv1.2(Server Hello, Certificate) | |<----------------------------------------------| | TLSv1.2(Server Key Exchange, | | Server Hello Done) | |<----------------------------------------------| | TCP(ACK) | |---------------------------------------------->| | TLSv1.2(Client Key Exchange, | | Client Cipher Spec, | | Finished) | |---------------------------------------------->| | TCP(ACK) | |<----------------------------------------------| | HTTP(GET /index.html HTTP/1.1) | |---------------------------------------------->| | TCP(ACK) | |<----------------------------------------------| | TLSv1.2(New Session Ticket, | | Change Cipher Spec, | | Finished) | |<----------------------------------------------| | TCP(ACK) | |---------------------------------------------->| | | | A-3) No response from Nginx. | | Stop Nginx. | | | | $ /usr/sbin/nginx -s stop | | | | Nginx send http response. | | HTTP(HTTP/1.1 200 OK) | * |<----------------------------------------------| | TCP(ACK) | |---------------------------------------------->| | TLSv1.2(Alert (Level: Warning, | | Description: Close Notify)) | |<----------------------------------------------| | TCP(ACK) | |---------------------------------------------->| | TCP(FIN+ACK) | |<----------------------------------------------| | TCP(ACK) | |---------------------------------------------->| | TCP(FIN+ACK) | |---------------------------------------------->| | TCP(ACK) | |<----------------------------------------------| | | B-1) Start Nginx C:\nginx-1.14.0>start nginx -c C:\nginx-1.14.0\conf\nginx.conf_www.example.org_windows B-2) Access to https://www.example.edu/index.html Wireshark packet capture results(nginx/Windows-1.14.0): Chrome Nginx | | | TCP(SYN) | |---------------------------------------------->| | TCP(SYN+ACK) | |<----------------------------------------------| | TCP(ACK) | |---------------------------------------------->| | TLSv1.2(Client Hello) | |---------------------------------------------->| | TCP(ACK) | |<----------------------------------------------| | TLSv1.2(Server Hello, Certificate) | |<----------------------------------------------| | TLSv1.2(Server Key Exchange, | | Server Hello Done) | |<----------------------------------------------| | TCP(ACK) | |---------------------------------------------->| | TLSv1.2(Client Key Exchange, | | Client Cipher Spec, | | Finished) | |---------------------------------------------->| | TCP(ACK) | |<----------------------------------------------| | HTTP(GET /index.html HTTP/1.1) | |---------------------------------------------->| | TCP(ACK) | |<----------------------------------------------| | TLSv1.2(New Session Ticket, | | Change Cipher Spec, | | Finished) | |<----------------------------------------------| | TCP(ACK) | |---------------------------------------------->| | HTTP(HTTP/1.1 200 OK) | * |<----------------------------------------------| | TCP(ACK) | |---------------------------------------------->| | | ------------------------------------------------------------ /cygdrive/c/Windows/System32/drivers/etc/hosts: ------------------------------------------------------------ 127.0.0.1 www.example.org 127.0.0.2 example.com 127.0.0.3 example.edu 127.0.0.4 example.net 127.0.0.5 example.org 127.0.0.6 www.example.com 127.0.0.7 www.example.edu 127.0.0.8 www.example.net ------------------------------------------------------------ /etc/nginx/nginx.conf_www.example.org_cygwin: ------------------------------------------------------------ worker_processes 5; events { worker_connections 1024; } http { # www.example.com (HTTP -> HTTP) server { listen 127.0.0.6:80; location / { proxy_set_header Host $host; proxy_set_header X-Custom-Header-Test 1; proxy_pass http://93.184.216.34/; } } # www.example.net (HTTP -> HTTPS) server { listen 127.0.0.8:80; location / { proxy_set_header Host $host; proxy_set_header X-Custom-Header-Test 1; proxy_pass https://93.184.216.34/; } } # www.example.com (HTTPS -> HTTP) server { listen 127.0.0.6:443 ssl; # Multi Domain SSL Certificate ssl_certificate /etc/nginx/www.example.org.cer; ssl_certificate_key /etc/nginx/www.example.org.key.nopass; location / { proxy_set_header Host $host; proxy_set_header X-Custom-Header-Test 1; proxy_pass http://93.184.216.34/; } } # www.example.net (HTTPS -> HTTPS) server { listen 127.0.0.8:443 ssl; # Multi Domain SSL Certificate ssl_certificate /etc/nginx/www.example.org.cer; ssl_certificate_key /etc/nginx/www.example.org.key.nopass; location / { proxy_set_header Host $host; proxy_set_header X-Custom-Header-Test 1; proxy_pass https://93.184.216.34/; } } # www.example.edu (HTTP) server { listen 127.0.0.7:80; } # www.example.edu (HTTPS) server { listen 127.0.0.7:443 ssl; # Multi Domain SSL Certificate ssl_certificate /etc/nginx/www.example.org.cer; ssl_certificate_key /etc/nginx/www.example.org.key.nopass; } } ------------------------------------------------------------ /cygdrive/c/nginx-1.14.0/conf/nginx.conf_www.example.org_windows: ------------------------------------------------------------ $ diff /etc/nginx/nginx.conf_www.example.org_cygwin /cygdrive/c/nginx-1.14.0/conf/nginx.conf_www.example.org_windows 33,34c33,34 < ssl_certificate /etc/nginx/www.example.org.cer; < ssl_certificate_key /etc/nginx/www.example.org.key.nopass; --- > ssl_certificate C:/nginx-1.14.0/conf/www.example.org.cer; > ssl_certificate_key C:/nginx-1.14.0/conf/www.example.org.key.nopass; 48,49c48,49 < ssl_certificate /etc/nginx/www.example.org.cer; < ssl_certificate_key /etc/nginx/www.example.org.key.nopass; --- > ssl_certificate C:/nginx-1.14.0/conf/www.example.org.cer; > ssl_certificate_key C:/nginx-1.14.0/conf/www.example.org.key.nopass; 68,69c68,69 < ssl_certificate /etc/nginx/www.example.org.cer; < ssl_certificate_key /etc/nginx/www.example.org.key.nopass; --- > ssl_certificate C:/nginx-1.14.0/conf/www.example.org.cer; > ssl_certificate_key C:/nginx-1.14.0/conf/www.example.org.key.nopass; ------------------------------------------------------------ Other information: ------------------------------------------------------------ $ uname -a CYGWIN_NT-10.0 DESKTOP-FJ1M9IS 2.11.1(0.329/5/3) 2018-09-05 10:24 x86_64 Cygwin $ /usr/sbin/nginx -V nginx version: nginx/1.14.0 built with OpenSSL 1.0.2o 27 Mar 2018 TLS SNI support enabled configure arguments: --prefix=/usr/share/nginx --sbin-path=/usr/sbin/nginx.exe --modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf --lock-path=/var/run/nginx.lock --pid-path=/var/run/nginx.pid --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/lib/nginx/tmp/client_body --http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi --http-proxy-temp-path=/var/lib/nginx/tmp/proxy --http-scgi-temp-path=/var/lib/nginx/tmp/scgi --http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module=dynamic --with-http_image_filter_module=dynamic --with-http_geoip_module=dynamic --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_auth_request_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_slice_module --with-http_stub_status_module --with-http_perl_module=dynamic --with-mail=dynamic --with-mail_ssl_module --with-pcre --with-pcre-jit --with-stream --with-stream_geoip_module=dynamic --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-ipv6 --with-cc-opt='-DFD_SETSIZE=2048 -D_GNU_SOURCE' ------------------------------------------------------------ C:\nginx-1.14.0>nginx -V nginx version: nginx/1.14.0 built by cl 16.00.40219.01 for 80x86 built with OpenSSL 1.0.2o 27 Mar 2018 TLS SNI support enabled configure arguments: --with-cc=cl --builddir=objs.msvc8 --with-debug --prefix= --conf-path=conf/nginx.conf --pid-path=logs/nginx.pid --http-log-path=logs/access.log --error-log-path=logs/error.log --sbin-path=nginx.exe --http-client-body-temp-path=temp/client_body_temp --http-proxy-temp-path=temp/proxy_temp --http-fastcgi-temp-path=temp/fastcgi_temp --http-scgi-temp-path=temp/scgi_temp --http-uwsgi-temp-path=temp/uwsgi_temp --with-cc-opt=-DFD_SETSIZE=1024 --with-pcre=objs.msvc8/lib/pcre-8.42 --with-zlib=objs.msvc8/lib/zlib-1.2.11 --with-select_module --with-http_v2_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_stub_status_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_auth_request_module --with-http_random_index_module --with-http_secure_link_module --with-http_slice_module --with-mail --with-stream --with-openssl=objs.msvc8/lib/openssl-1.0.2o --with-openssl-opt=no-asm --with-http_ssl_module --with-mail_ssl_module --with-stream_ssl_module ------------------------------------------------------------ Is there anything wrong with my configuration file? Regards, Ryu
Attachment:
cygcheck.out
Description: Binary data
-- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |