Hallo Beno Many thanks for the report. I would need two additional things in order to understand this:
1. Your certificate (human-readable dump if possible). 2. Running Pound with high debug level, to see exactly what it does. Please post these and we'll take it from there. On Thu, 2020-09-17 at 14:20 -0400, Breno Brand Fernandes wrote: > Hi all, > > I've been testing Pound 3.0d and I found some issues. > Would you mind helping me out? Maybe I'm missing something. > > I list below the environment and tests that were produced. > > - The environment: > OS: CentOS Linux release 8.2.2004 (Core) > Kernel version: 4.18.0-193.14.2.el8_2.x86_64 > > Pound 2.8 > /etc/pound.cfg: > User "pound" > Group "pound" > Control "/var/lib/pound/pound.cfg" > > ListenHTTP > Address 0.0.0.0 > Port 80 > Service > BackEnd > Address 127.0.0.1 > Port 8080 > End > End > End > > ListenHTTPS > Address 0.0.0.0 > Port 443 > Cert "/etc/ssl/cert.pem" > Service > BackEnd > Address 127.0.0.1 > Port 8080 > End > End > End > > Pound 3.0d > /etc/pound/pound.yaml: > Backends: > - &be > Address: 127.0.0.1 > Port: 8080 > > HTTPListeners: > - Address: 0.0.0.0 > Port: 80 > Services: > - Backends: > - *be > > HTTPSListeners: > - Address: 0.0.0.0 > Port: 443 > Services: > - Backends: > - *be > Certificates: > - "/etc/ssl/cert.pem" > > Nginx 1.14.1: Default configuration listening in the port 8080 only > with > the module php-fpm enabled. No ssl configuration. > Apache 2.4.37: Default configuration listening in the port 8080 only > with > the module php-fpm enabled. No ssl configuration. > > - The tests & results: > 1 Pound 2.8 and Nginx or Apache with PHP configured. > HTTP/HTTPS: > - Html pages work through. > - PHP pages work through. > > 2 Pound 3.0d and Nginx or Apache with PHP configured. > HTTP: > - Html pages work through. > - PHP pages partially load. Using curl -v, it is possible to see > errors > related to encoding: Malformed encoding found in chunked-encoding. > HTTPS: > Either HTML or PHP pages throw a core dump in the function > do_sni. > > You can see the backtrace here [1]. > > Another thing I noted is that some options from Pound 2 seem to be > missing > on Pound 3 or I couldn't find them in the man file. E.g. Alive, xHTTP > values, HeadRemove, RewriteLocation, AddHeader vs HeadAdd, > SSLHonorCipherOrder, SSLAllowClientRenegotiation, XSSLHeaders, > Disable (for > SSL/TSL protocols), among others (see man pound vs man pound3). > > Are we planing on having those options on Pound 3 as well? > > PS: I built an RPM for Pound 3 on el8 here [2]. > It is just a draft and might require improvement. > > 1 > https://copr.fedorainfracloud.org/coprs/brandfbb/Pound3-Experimental/ > 2 https://pastebin.com/WfuB8a9F > > Thanks in advance. > > - Breno -- Robert Segall Apsis GmbH Postfach, Uetikon am See, CH-8707 Tel: +41-32-512 30 19 -- pound mailing list pound@apsis.ch https://admin.hostpoint.ch/mailman/listinfo/pound_apsis.ch