kj415j45 commented on issue #10673:
URL: https://github.com/apache/apisix/issues/10673#issuecomment-1916462825
However, it does work if I pass the actual Codespace's host when I test this
with HTTP deployment at localhost.
Then I moved the test onto our cloud APISIX deployment that uses HTTPS.
route:
```
{
"uri": "/codespace/test/*",
"name": "test",
"plugins": {
"proxy-rewrite": {
"regex_uri": [
"^/codespace/test/(.*)",
"/$1"
]
}
},
"upstream_id": "491592889084674753",
"status": 1
}
```
upstream
```
{
"nodes": [
{
"host": "fuzzy-garbanzo-7vjw5wj7x77f7pw-8080.app.github.dev",
"port": 443,
"weight": 1
}
],
"timeout": {
"connect": 6,
"send": 6,
"read": 6
},
"type": "roundrobin",
"scheme": "https",
"pass_host": "node",
"name": "codespace test",
"keepalive_pool": {
"idle_timeout": 60,
"requests": 1000,
"size": 320
}
}
```
<details><summary>Direct</summary>
<p>
```
$ curl -vvv https://[REDACTED]/codespace/test/README
* Uses proxy env variable NO_PROXY == 'localhost,127.0.0.1,::1'
* Trying 116.253.30.121:443...
* Connected to [REDACTED] (116.253.30.121) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
* CApath: none
* (304) (OUT), TLS handshake, Client hello (1):
* (304) (IN), TLS handshake, Server hello (2):
* (304) (IN), TLS handshake, Unknown (8):
* (304) (IN), TLS handshake, Certificate (11):
* (304) (IN), TLS handshake, CERT verify (15):
* (304) (IN), TLS handshake, Finished (20):
* (304) (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / AEAD-AES256-GCM-SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: CN=[REDACTED]
* start date: Jan 30 00:39:41 2024 GMT
* expire date: Apr 29 00:39:40 2024 GMT
* subjectAltName: host "[REDACTED]" matched cert's "[REDACTED]"
* issuer: C=US; O=Let's Encrypt; CN=R3
* SSL certificate verify ok.
> GET /codespace/test/README HTTP/1.1
> Host: [REDACTED]
> User-Agent: curl/7.79.1
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 308 Permanent Redirect
< Server: Tengine
< Content-Type: text/html; charset=utf-8
< Content-Length: 164
< Connection: keep-alive
< Date: Tue, 30 Jan 2024 09:43:02 GMT
< Location: https://[REDACTED]/README
< Strict-Transport-Security: max-age=31536000; includeSubDomains
< X-Request-Id: 82757f0b-9dc2-4e48-b8d9-e20b004e5ef4
< X-Served-By: tunnels-prod-rel-asse-v3-cluster
< Via: cache3.l2st4-5[195,0], ens-cache12.cn4969[218,0]
< Timing-Allow-Origin: *
< EagleId: 74fd1e2017066077824122874e
<
<html>
<head><title>308 Permanent Redirect</title></head>
<body>
<center><h1>308 Permanent Redirect</h1></center>
<hr><center>nginx</center>
</body>
</html>
* Connection #0 to host [REDACTED] left intact
```
</p>
</details>
<details><summary>With `-L`</summary>
<p>
```
$ curl -L -vvv https://[REDACTED]/codespace/test/README
* Uses proxy env variable NO_PROXY == 'localhost,127.0.0.1,::1'
* Trying 116.253.30.121:443...
* Connected to [REDACTED] (116.253.30.121) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
* CApath: none
* (304) (OUT), TLS handshake, Client hello (1):
* (304) (IN), TLS handshake, Server hello (2):
* (304) (IN), TLS handshake, Unknown (8):
* (304) (IN), TLS handshake, Certificate (11):
* (304) (IN), TLS handshake, CERT verify (15):
* (304) (IN), TLS handshake, Finished (20):
* (304) (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / AEAD-AES256-GCM-SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: CN=[REDACTED]
* start date: Jan 30 00:39:41 2024 GMT
* expire date: Apr 29 00:39:40 2024 GMT
* subjectAltName: host "[REDACTED]" matched cert's "[REDACTED]"
* issuer: C=US; O=Let's Encrypt; CN=R3
* SSL certificate verify ok.
> GET /codespace/test/README HTTP/1.1
> Host: [REDACTED]
> User-Agent: curl/7.79.1
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 308 Permanent Redirect
< Server: Tengine
< Content-Type: text/html; charset=utf-8
< Content-Length: 164
< Connection: keep-alive
< Date: Tue, 30 Jan 2024 09:44:12 GMT
< Location: https://[REDACTED]/README
< Strict-Transport-Security: max-age=31536000; includeSubDomains
< X-Request-Id: c53f8452-8722-40da-ac01-5edb3615685a
< X-Served-By: tunnels-prod-rel-asse-v3-cluster
< Via: cache3.l2st4-5[415,0], ens-cache17.cn4969[433,0]
< Timing-Allow-Origin: *
< EagleId: 74fd1e2517066078521194566e
<
* Ignoring the response-body
* Connection #0 to host [REDACTED] left intact
* Issue another request to this URL: 'https://[REDACTED]/README'
* Uses proxy env variable NO_PROXY == 'localhost,127.0.0.1,::1'
* Found bundle for host [REDACTED]: 0x600003b90a20 [serially]
* Can not multiplex, even if we wanted to!
* Re-using existing connection! (#0) with host [REDACTED]
* Connected to [REDACTED] (116.253.30.121) port 443 (#0)
> GET /README HTTP/1.1
> Host: [REDACTED]
> User-Agent: curl/7.79.1
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 404 Not Found
< Server: Tengine
< Content-Type: text/plain; charset=utf-8
< Transfer-Encoding: chunked
< Connection: keep-alive
< Date: Tue, 30 Jan 2024 09:44:12 GMT
< X-Request-Id: 5fd315c2-7b43-419d-bb98-9d804c2c03cc
< x-alicdn-da-ups-status: endOs,0,404
< Via: cache5.l2st4-5[4,0], ens-cache17.cn4969[25,0]
< Timing-Allow-Origin: *
< EagleId: 74fd1e2517066078526376531e
<
{"error_msg":"404 Route Not Found"}
* Connection #0 to host [REDACTED] left intact
```
</p>
</details>
<details><summary>With `-H 'Host: [Codespace Host]'` (looks being blocked by
CDN)</summary>
<p>
```
$ curl -H 'Host: fuzzy-garbanzo-7vjw5wj7x77f7pw-8080.app.github.dev' -L -vvv
https://[REDACTED]/codespace/test/README
* Uses proxy env variable NO_PROXY == 'localhost,127.0.0.1,::1'
* Trying 116.253.30.119:443...
* Connected to [REDACTED] (116.253.30.119) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
* CApath: none
* (304) (OUT), TLS handshake, Client hello (1):
* (304) (IN), TLS handshake, Server hello (2):
* (304) (IN), TLS handshake, Unknown (8):
* (304) (IN), TLS handshake, Certificate (11):
* (304) (IN), TLS handshake, CERT verify (15):
* (304) (IN), TLS handshake, Finished (20):
* (304) (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / AEAD-AES256-GCM-SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: CN=[REDACTED]
* start date: Jan 30 00:39:41 2024 GMT
* expire date: Apr 29 00:39:40 2024 GMT
* subjectAltName: host "[REDACTED]" matched cert's "[REDACTED]"
* issuer: C=US; O=Let's Encrypt; CN=R3
* SSL certificate verify ok.
> GET /codespace/test/README HTTP/1.1
> Host: fuzzy-garbanzo-7vjw5wj7x77f7pw-8080.app.github.dev
> User-Agent: curl/7.79.1
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 403 Forbidden
< Server: Tengine
< Date: Tue, 30 Jan 2024 09:46:03 GMT
< Content-Type: text/html
< Content-Length: 238
< Connection: keep-alive
< X-Tengine-Error: non-existent domain
< Via: ens-cache23.cn4969[,0]
< Timing-Allow-Origin: *
< EagleId: 74fd1e2b17066079632142839e
<
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html>
<head><title>403 Forbidden</title></head>
<body>
<h1>403 Forbidden</h1>
<p>You don't have permission to access the URL on this server.<hr/>Powered
by Tengine</body>
</html>
* Connection #0 to host [REDACTED] left intact
```
</p>
</details>
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
