openziti / ngx_ziti_module Goto Github PK
View Code? Open in Web Editor NEWAn NGINX module that allows OpenZiti to front upstream servers
License: Apache License 2.0
An NGINX module that allows OpenZiti to front upstream servers
License: Apache License 2.0
Experienced
Stopping the upstream target server after a connection was already made causes clients to sit thinking the connection was open.
Expected
If the target server is unreachable/stopped, close the connection.
If the target server has restarted, close existing connections and attempt to reconnect for new connections.
Reproduction
ziti
block for a target upstream server (i.e. HTTP Server)This module allows NGINX to bind Ziti services and proxy incoming requests that arrive via Ziti to Ziti-service-specific upstreams via the normal network i.e. underlay.
The module appears to override or ignore the tunneler host.v1
config. I'd appreciate confirmation of understanding that there's no conflict with this module if a tunneler host.v1
config happens to be present on the bound Ziti service. The hosting config is merely ignored because the Edge SDK implementation in this module is not a tunneler per se, correct?
I ran get method to 2 different API endpoints with the same result.
NGINX service configs:
ziti myZitiInstaceNameUsedForLogging {
identity_file /home/ziggy/azure-nginx-01.json;
bind akssand-d225fb69.4b98eb49-011c-426f-9ce3-edfa150aa84e.privatelink.centralus.azmk8s.io {
upstream akssand-d225fb69.4b98eb49-011c-426f-9ce3-edfa150aa84e.privatelink.centralus.azmk8s.io:443;
}
bind helloworld {
upstream 10.17.1.114:5000;
}
bind 414523ab-69ab-47af-a99d-48467720a1c4.production.netfoundry.io {
upstream 414523ab-69ab-47af-a99d-48467720a1c4.production.netfoundry.io:443;
}
}
NGINX Debug logs:
service = 414523ab-69ab-47af-a99d-48467720a1c4.production.netfoundry.io
2022/12/07 23:42:09 [debug] 58552#58559: writing upstream
2022/12/07 23:42:09 [debug] 58552#58559: wrote 239d
2022/12/07 23:42:09 [debug] 58552#58559: writing to client
2022/12/07 23:42:09 [debug] 58552#58559: --wrote 2399d
2022/12/07 23:42:09 [debug] 58552#58559: writing upstream
2022/12/07 23:42:09 [debug] 58552#58559: wrote 94d
2022/12/07 23:42:09 [debug] 58552#58559: writing upstream
2022/12/07 23:42:09 [debug] 58552#58559: wrote 232d
2022/12/07 23:42:09 [debug] 58552#58559: writing to client
2022/12/07 23:42:09 [debug] 58552#58559: --wrote 24d
2022/12/07 23:42:09 [debug] 58552#58559: closing, upstream disconnected
2022/12/07 23:42:09 [debug] 58552#58559: service client thread exited
service = akssand-d225fb69.4b98eb49-011c-426f-9ce3-edfa150aa84e.privatelink.centralus.azmk8s.io
2022/12/07 23:56:35 [debug] 58552#58560: writing upstream
2022/12/07 23:56:35 [debug] 58552#58560: wrote 239d
2022/12/07 23:56:35 [debug] 58552#58560: writing to client
2022/12/07 23:56:35 [debug] 58552#58560: --wrote 2529d
2022/12/07 23:56:35 [debug] 58552#58560: writing upstream
2022/12/07 23:56:35 [debug] 58552#58560: wrote 94d
2022/12/07 23:56:35 [debug] 58552#58560: writing upstream
2022/12/07 23:56:35 [debug] 58552#58560: wrote 256d
2022/12/07 23:56:35 [debug] 58552#58560: writing to client
2022/12/07 23:56:35 [debug] 58552#58560: --wrote 24d
2022/12/07 23:56:35 [debug] 58552#58560: closing, upstream disconnected
2022/12/07 23:56:35 [debug] 58552#58560: service client thread exited
Client Side Responses:
dsliwinski:/mnt/c/Users/dsliwinski/Repos/go-http$ build/ziti-client-resty -n 414523ab-69ab-47af-a99d-48467720a1c4.production.netfoundry.io -i ../sdk-golang/example/build/dariusz-curlz.json -s
2022/12/07 18:42:09 Error: Get "https://414523ab-69ab-47af-a99d-48467720a1c4.production.netfoundry.io": net/http: HTTP/1.x transport connection broken: malformed HTTP response "\x17\x03\x03\x00\x13ї\xa5HH\x1a\xb6\xe0qsD\xf0tZ\xd2F\xb5\xd4\xd6"
2022/12/07 18:42:09
dsliwinski:/mnt/c/Users/dsliwinski/Repos/go-http$
dsliwinski:/mnt/c/Users/dsliwinski/Repos/go-http$ build/ziti-client-resty -n akssand-d225fb69.4b98eb49-011c-426f-9ce3-edfa150aa84e.privatelink.centralus.azmk8s.io -i ../sdk-golang/example/build/dariusz-curlz.json -s
2022/12/07 18:58:09 Error: Get "https://akssand-d225fb69.4b98eb49-011c-426f-9ce3-edfa150aa84e.privatelink.centralus.azmk8s.io": net/http: HTTP/1.x transport connection broken: malformed HTTP response "\x17\x03\x03\x00\x13Q\xff\fU\x8b\xa9\xa6\x86nR\xbc3gה\xa4{c\x14"
2022/12/07 18:58:09
dsliwinski:/mnt/c/Users/dsliwinski/Repos/go-http$
Experienced
The service is not reachable with the following error on the client side:
/mnt/c/Users/dsliwinski/Repos/sdk-golang/example$ build/curlz https://akssand-d225fb69.4b98eb49-011c-426f-9ce3-edfa150aa84e.privatelink.centralus.azmk8s.io build/dariusz-curlz.json
panic: Get "https://akssand-d225fb69.4b98eb49-011c-426f-9ce3-edfa150aa84e.privatelink.centralus.azmk8s.io": unable to dial service 'akssand-d225fb69.4b98eb49-011c-426f-9ce3-edfa150aa84e.privatelink.centralus.azmk8s.io': dial failed: service 47clQA1FrqLNXEwB8RHxEX has no terminators
goroutine 1 [running]:
main.main()
/mnt/c/Users/dsliwinski/Repos/sdk-golang/example/curlz/curlz.go:63 +0x105
dsliwinski:/mnt/c/Users/dsliwinski/Repos/sdk-golang/example$
No logs recorded in the nginx log error file related to Ziti
Expected
Nginx process to run in daemon mode and able to reach services.
Reproduction
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.