do_global_send_request in lua is the function called for the TS_HTTP_SEND_REQUEST_HDR_HOOK - https://docs.trafficserver.apache.org/en/latest/developer-guide/plugins/hooks-and-transactions/adding-hooks.en.html
You are getting a 502 from ATS for this - curl -k -H "Host: httbin.org:443" https://127.0.0.1:8443 -vv" . So what does your remap.config looks like? For the above to work, you will need a remap rule to map httbin.org (not httpbin.org?) to somewhere. It looks like ATS is not able to connect to that "somewhere" and thus if you have a "do_global_send_request" function in your lua script, it won't get executed. Kit On Sat, Dec 5, 2020 at 12:31 PM Lei Sun <[email protected]> wrote: > > It seems whenever https was the end URL, do_global_send_request is never > called. > > Is it possible to force the above execution path for https? > > Essentially, I'm looking for a way for the ATS (dynamically through lua) to > hand over the request to a parent proxy. > > Thanks, > Lei > > On Sat, Dec 5, 2020 at 2:20 PM Lei Sun <[email protected]> wrote: >> >> Hi Alan, >> >> Yes, great point! >> >> Here are the output for the latest recommandations >> >>> $ curl -H "Host: httbin.org:443" https://127.0.0.1:8443 -vv >>> * Rebuilt URL to: https://127.0.0.1:8443/ >>> * Trying 127.0.0.1... >>> * TCP_NODELAY set >>> * Connected to 127.0.0.1 (127.0.0.1) port 8443 (#0) >>> * ALPN, offering h2 >>> * ALPN, offering http/1.1 >>> * Cipher selection: >>> ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH >>> * successfully set certificate verify locations: >>> * CAfile: /etc/ssl/cert.pem >>> CApath: none >>> * TLSv1.2 (OUT), TLS handshake, Client hello (1): >>> * TLSv1.2 (IN), TLS handshake, Server hello (2): >>> * TLSv1.2 (IN), TLS handshake, Certificate (11): >>> * TLSv1.2 (OUT), TLS alert, Server hello (2): >>> * SSL certificate problem: self signed certificate >>> * stopped the pause stream! >>> * Closing connection 0 >>> curl: (60) SSL certificate problem: self signed certificate >>> More details here: https://curl.haxx.se/docs/sslcerts.html >>> curl performs SSL certificate verification by default, using a "bundle" >>> of Certificate Authority (CA) public keys (CA certs). If the default >>> bundle file isn't adequate, you can specify an alternate file >>> using the --cacert option. >>> If this HTTPS server uses a certificate signed by a CA represented in >>> the bundle, the certificate verification probably failed due to a >>> problem with the certificate (it might be expired, or the name might >>> not match the domain name in the URL). >>> If you'd like to turn off curl's verification of the certificate, use >>> the -k (or --insecure) option. >>> HTTPS-proxy has similar options --proxy-cacert and --proxy-insecure. >> >> >> Then I tried >>> >>> $ curl -k -H "Host: httbin.org:443" https://127.0.0.1:8443 -vv >>> * Rebuilt URL to: https://127.0.0.1:8443/ >>> * Trying 127.0.0.1... >>> * TCP_NODELAY set >>> * Connected to 127.0.0.1 (127.0.0.1) port 8443 (#0) >>> * ALPN, offering h2 >>> * ALPN, offering http/1.1 >>> * Cipher selection: >>> ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH >>> * successfully set certificate verify locations: >>> * CAfile: /etc/ssl/cert.pem >>> CApath: none >>> * TLSv1.2 (OUT), TLS handshake, Client hello (1): >>> * TLSv1.2 (IN), TLS handshake, Server hello (2): >>> * TLSv1.2 (IN), TLS handshake, Certificate (11): >>> * TLSv1.2 (IN), TLS handshake, Server key exchange (12): >>> * TLSv1.2 (IN), TLS handshake, Server finished (14): >>> * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): >>> * TLSv1.2 (OUT), TLS change cipher, Client hello (1): >>> * TLSv1.2 (OUT), TLS handshake, Finished (20): >>> * TLSv1.2 (IN), TLS change cipher, Client hello (1): >>> * TLSv1.2 (IN), TLS handshake, Finished (20): >>> * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384 >>> * ALPN, server accepted to use h2 >>> * Server certificate: >>> * subject: C=US >>> * start date: Dec 5 04:41:08 2020 GMT >>> * expire date: Dec 3 04:41:08 2030 GMT >>> * issuer: C=US >>> * SSL certificate verify result: self signed certificate (18), continuing >>> anyway. >>> * Using HTTP2, server supports multi-use >>> * Connection state changed (HTTP/2 confirmed) >>> * Copying HTTP/2 data in stream buffer to connection buffer after upgrade: >>> len=0 >>> * Using Stream ID: 1 (easy handle 0x7f9cf9006600) >>> > GET / HTTP/2 >>> > Host: httbin.org:443 >>> > User-Agent: curl/7.54.0 >>> > Accept: */* >>> > >>> * Connection state changed (MAX_CONCURRENT_STREAMS updated)! >>> < HTTP/2 502 >>> < date: Sat, 05 Dec 2020 20:16:39 GMT >>> < server: ATS/10.0.0 >>> < cache-control: no-store >>> < content-type: text/html >>> < content-language: en >>> < content-length: 247 >>> < >>> <HTML> >>> <HEAD> >>> <TITLE>Could Not Connect</TITLE> >>> </HEAD> >>> <BODY BGCOLOR="white" FGCOLOR="black"> >>> <H1>Could Not Connect</H1> >>> <HR> >>> <FONT FACE="Helvetica,Arial"><B> >>> Description: Could not connect to the requested server host. >>> </B></FONT> >>> <HR> >>> </BODY> >>> * Connection #0 to host 127.0.0.1 left intact >> >> >>> $ curl -k --proxy-insecure --proxy https://127.0.0.1:8443 >>> https://httpbin.org:8443/get?answer=42 -v >>> * Trying 127.0.0.1... >>> * TCP_NODELAY set >>> * Connected to 127.0.0.1 (127.0.0.1) port 8443 (#0) >>> * ALPN, offering h2 >>> * ALPN, offering http/1.1 >>> * Cipher selection: >>> ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH >>> * successfully set certificate verify locations: >>> * CAfile: /etc/ssl/cert.pem >>> CApath: none >>> * TLSv1.2 (OUT), TLS handshake, Client hello (1): >>> * TLSv1.2 (IN), TLS handshake, Server hello (2): >>> * TLSv1.2 (IN), TLS handshake, Certificate (11): >>> * TLSv1.2 (IN), TLS handshake, Server key exchange (12): >>> * TLSv1.2 (IN), TLS handshake, Server finished (14): >>> * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): >>> * TLSv1.2 (OUT), TLS change cipher, Client hello (1): >>> * TLSv1.2 (OUT), TLS handshake, Finished (20): >>> * TLSv1.2 (IN), TLS change cipher, Client hello (1): >>> * TLSv1.2 (IN), TLS handshake, Finished (20): >>> * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384 >>> * ALPN, server accepted to use h2 >>> * Proxy certificate: >>> * subject: C=US >>> * start date: Dec 5 04:41:08 2020 GMT >>> * expire date: Dec 3 04:41:08 2030 GMT >>> * issuer: C=US >>> * SSL certificate verify result: self signed certificate (18), continuing >>> anyway. >>> * Establish HTTP proxy tunnel to httpbin.org:8443 >>> > CONNECT httpbin.org:8443 HTTP/1.1 >>> > Host: httpbin.org:8443 >>> > User-Agent: curl/7.54.0 >>> > Proxy-Connection: Keep-Alive >>> > >>> * TLSv1.2 (IN), TLS alert, Client hello (1): >>> * Proxy CONNECT aborted >>> * Connection #0 to host 127.0.0.1 left intact >>> curl: (56) Proxy CONNECT aborted >> >> >> Hi Guys, if anyone has a few minutes, happy to hop on a zoom, and share my >> screen, where we can quickly try out different options? >> >> Thanks, >> Lei >> >> > > > -- > Stay Hungry, Stay Foolish. > Lei Sun > Cell: 408-306-9199
