withlogicco / ceryx Goto Github PK
View Code? Open in Web Editor NEWDynamic reverse proxy based on NGINX OpenResty with an API
License: MIT License
Dynamic reverse proxy based on NGINX OpenResty with an API
License: MIT License
Hi,
I have been using your great tool for a while and recently I have been testing the latest version which includes certificate management, redirects, ... in short, it's good.
However I am encountering a problem with the json display of the "enforce_https" parameter when I request the API, it always has the value "false" even when the value is "1" in the redis database.
Have you ever encountered this problem?
PS : sorry for the quality of my english
Hello, I could not find the project documentation, api or even a quickstart
Is there a document?
Step 6/10 : RUN pipenv install --system --dev --deploy
---> Running in 1dfbb88fe4c8
Installing dependencies from Pipfile.lock (fc7fa7)…
An error occurred while installing uvloop==0.15.1; sys_platform != 'win32'! Will try again.
Installing initially–failed dependencies…
Looking in indexes: https://pypi.python.org/simple
Collecting uvloop==0.15.1
Using cached uvloop-0.15.1.tar.gz (2.1 MB)
ERROR: Command errored out with exit status 1:
command: /usr/local/bin/python -c 'import sys, setuptools, tokenize; sys.argv[0] = '"'"'/tmp/pip-install-i0e0pcsx/uvloop_bd47fed1e1c1482996c798433cf0622c/setup.py'"'"'; __file__='"'"'/tmp/pip-install-i0e0pcsx/uvloop_bd47fed1e1c1482996c798433cf0622c/setup.py'"'"';f=getattr(tokenize, '"'"'open'"'"', open)(__file__);code=f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, __file__, '"'"'exec'"'"'))' egg_info --egg-base /tmp/pip-pip-egg-info-jofc99l7
cwd: /tmp/pip-install-i0e0pcsx/uvloop_bd47fed1e1c1482996c798433cf0622c/
Complete output (5 lines):
Traceback (most recent call last):
File "<string>", line 1, in <module>
File "/tmp/pip-install-i0e0pcsx/uvloop_bd47fed1e1c1482996c798433cf0622c/setup.py", line 5, in <module>
raise RuntimeError('uvloop requires Python 3.7 or greater')
RuntimeError: uvloop requires Python 3.7 or greater
----------------------------------------
WARNING: Discarding https://files.pythonhosted.org/packages/94/98/9dc814f391b2293ecc790b9752e005296c69c3694fd9975b6cb77c448135/uvloop-0.15.1.tar.gz#sha256=7846828112bfb49abc5fdfc47d0e4dfd7402115c9fde3c14c31818cfbeeb63dc (from https://pypi.org/simple/uvloop/). Command errored out with exit status 1: python setup.py egg_info Check the logs for full command output.
ERROR: Could not find a version that satisfies the requirement uvloop==0.15.1
ERROR: No matching distribution found for uvloop==0.15.1
The command '/bin/sh -c pipenv install --system --dev --deploy' returned a non-zero code: 1
ERROR: Service 'api' failed to build : Build failed
I have cloned the repo and then did the docker-compose up -d
command, It seems like it works since when I access the server from my browser it shows the "ceryx no app here" page. However I can't seem to access the ceryx-api at all.
There are no ports exposed for it. I have tried making requests to http://localhost:5555
but they never connect to anything.
Am I doing something wrong, I'm not that familiar with docker, and I'm trying to write a script that will dynamically add routes that I will run on the VPS.
Hello,
When a client request to sync the system time of all of servers behind Ceryx reserve proxy, such as to sync with a timestamp server. Could Ceryx comply this kind of specifiction? If yes, could we design a control program via API, and how? Thanks.
Ceryx should be able to be configured through an env file, which is quiet convenient.
Well, this could happen in a couple of ways though. We could either promote usage of the env_file
in the docker-compose.yml
file, or we could provide built in support for loading environment variables from a .env
file in the Ceryx itself.
We can chose the one that suits us better.
I tried making a WebSocket connection through ceryx but it failed. How can we establish a successful WebSocket connection using ceryx?
Hi there,
Big fan of Ceryx 👍
Could you update the "official" dockerhub repo with a newer version? Looks like it hasn't been update for two months:
https://hub.docker.com/r/sourcelair/ceryx-proxy/tags/
Thanks!
If you simple do a docker pull sourcelair/ceryx-proxy:dynamic-ssl
and run it part of the docker-compose-dev.yaml file it's incomplete, after referencing it in base.yml
cd into ceryx/dynamic-ssl and do docker build and it's the same
following is the output
> proxy_1 | no file '/usr/local/lib/lua/5.1/loadall.so'
> proxy_1 | stack traceback:
> proxy_1 | [C]: in function 'require'
> proxy_1 | init_by_lua:2: in main chunk
> proxy_1 | nginx: [error] init_by_lua error: init_by_lua:2: module 'resty.auto-ssl' not found:
> proxy_1 | no field package.preload['resty.auto-ssl']
> proxy_1 | no file '/usr/local/openresty/nginx//lualib/resty/auto-ssl.lua'
> proxy_1 | no file '/usr/local/openresty/site/lualib/resty/auto-ssl.lua'
> proxy_1 | no file '/usr/local/openresty/site/lualib/resty/auto-ssl/init.lua'
> proxy_1 | no file '/usr/local/openresty/lualib/resty/auto-ssl.lua'
> proxy_1 | no file '/usr/local/openresty/lualib/resty/auto-ssl/init.lua'
> proxy_1 | no file './resty/auto-ssl.lua'
> proxy_1 | no file '/usr/local/openresty/luajit/share/luajit-2.1.0-beta2/resty/auto-ssl.lua'
> proxy_1 | no file '/usr/local/share/lua/5.1/resty/auto-ssl.lua'
> proxy_1 | no file '/usr/local/share/lua/5.1/resty/auto-ssl/init.lua'
> proxy_1 | no file '/usr/local/openresty/luajit/share/lua/5.1/resty/auto-ssl.lua'
> proxy_1 | no file '/usr/local/openresty/luajit/share/lua/5.1/resty/auto-ssl/init.lua'
> proxy_1 | no file '/usr/local/openresty/site/lualib/resty/auto-ssl.so'
> proxy_1 | no file '/usr/local/openresty/lualib/resty/auto-ssl.so'
> proxy_1 | no file './resty/auto-ssl.so'
> proxy_1 | no file '/usr/local/lib/lua/5.1/resty/auto-ssl.so'
> proxy_1 | no file '/usr/local/openresty/luajit/lib/lua/5.1/resty/auto-ssl.so'
> proxy_1 | no file '/usr/local/lib/lua/5.1/loadall.so'
> proxy_1 | no file '/usr/local/openresty/site/lualib/resty.so'
> proxy_1 | no file '/usr/local/openresty/lualib/resty.so'
> proxy_1 | no file './resty.so'
> proxy_1 | no file '/usr/local/lib/lua/5.1/resty.so'
> proxy_1 | no file '/usr/local/openresty/luajit/lib/lua/5.1/resty.so'
> proxy_1 | no file '/usr/local/lib/lua/5.1/loadall.so'
> proxy_1 | stack traceback:
> proxy_1 | [C]: in function 'require'
> proxy_1 | init_by_lua:2: in main chunk
>
Ceryx currently supports only single endpoints to be placed for routes, aka my.route.com -> my.backend.com:9999
We could introduce more backends per route and load balance traffic in these routes, for example we could utilize balancer Open-Resty module.
There is no way to correctly set Forward Secrecy.
See this article:
https://www.digicert.com/ssl-support/ssl-enabling-perfect-forward-secrecy.htm#nginx_forward_secrecy
When I am trying to add a new route using the given CURL command. The route is not getting added to the ceryx and a message as Redirecting to: /api/routes
is being shown, where would my installation could have gone wrong?
Creating ceryx_proxy_1
ERROR: proxy/nginx/lualib includes invalid characters for a local volume name, only [a-zA-Z0-9][a-zA-Z0-9_.-] are allowed
Got above error, using the below link to be fixed:
https://github.com/Olivine-Labs/waco-kid
I've been working on a drop in replacement for vulcand in openresty for a few days. It currently supports vulcand's Route syntax(host, header, method, and uri matching) and uses and ffi binding to libr3(https://github.com/c9s/r3) for the actual routing. It also uses an ffi cache for configuration, and updates the routing tree in the background only when changes occur. I get 15-20 million routes matched per second per core with this configuration on my laptop.
Currently it only supports etcd with vulcand's configuration format, but with some minor changes it could support ceryx as well! It uses an intermediate format stored in the cache for building routes, so only the portion of code for updating that config would need to change.
docker run -d
--name ceryx
-p 80:80 -p 443:443
--restart=always
sourcelair/ceryx usr/local/openresty/bin/openresty -g - daemon off
I get:
I believe it is a bash error related to the assignment in entrypoint.sh.
Thanks for your help
Can you please post some example how to populate redis so I will be able to add "virtulhosts" and coresponting routes ?
Thanks.
After upgrading to 0.7 version, all certificate generation started failing. After setting it to DEBUG true, I get the following in the ceryx log:
2019/12/26 19:31:18 [error] 40#40: [lua] init_master.lua:67: generate_config(): auto-ssl: failed to create letsencrypt dir permissions: Executing command failed (exit code 1): chmod 777 /etc/resty-auto-ssl/letsencrypt 2>&1
Output: chmod: changing permissions of '/etc/resty-auto-ssl/letsencrypt': Operation not permitted
Running the command manually in the directory did not help:
chmod -R 777 /etc/resty-auto-ssl/
The log still shows the same error and the routing to SSL requiring domains stopped as well.
Please advice.
Thanks in advance.
Hey team,
Started to put together a PR and realised I couldn't determine what the intended behaviour is here.
I note that the API's new update_parser takes only a target argument. However, the PUT route is marshalled with resource_fields which contains a source argument also. As a result, the PUT request is responded to with a null source, such that submitting {"target":"127.0.0.1"} to /api/routes/test.com results in a response containing {"source": null,"target": "127.0.0.1"}.
Should this return value draw the source from a valid location, or should source be omitted from the return value?
I built a docker image using ceryx/Proxy/Dockerfile.xenial but starting an image based on the image failed as the xfs user did not exists. I added RUN useradd xfs
to the dockerfile and was able to start it.
During the ceryx container build:
...
Step 5/10 : RUN /usr/local/openresty/luajit/bin/luarocks install lua-resty-auto-ssl 0.12.0
---> Running in 583e3c3268ff
Illegal instruction (core dumped)
ERROR: Service 'ceryx' failed to build: The command '/bin/sh -c /usr/local/openresty/luajit/bin/luarocks install lua-resty-auto-ssl 0.12.0' returned a non-zero code: 132
For now dynamic SSL doesn't check if host is in sources.
There is only mechanism to specify CERYX_SSL_PATTERN env var but it kills dynamism.
I have been evaluating ceryz for the last couple of days. Everything has been working just fine.
Is there any way to route requests to remote hosts with different IPs? For example;
ContainerA running in HostA
ContainerB running in HostB
Thanks for your help.
Thanks.
Currently, in Redis we store the routes. We could also store SSL certificates for certain domain and serve these certificates with OpenResty.
This would require:
ssl_certificate_by_lua_block
directive to serve the SSL certificates.Hi,
I get the following warnings when the debug is turned on:
today at 11:20 AM 2020/03/17 15:20:44 [warn] 13#13: *34 [lua] _G write guard:12: __newindex(): writing a global lua variable ('formatTarget') which may lead to race conditions between concurrent requests, so prefer the use of 'local' variables
today at 11:20 AM stack traceback:
today at 11:20 AM /usr/local/openresty/nginx/lualib/router.lua:12: in main chunk, client: 207.46.13.223, server: , request: "GET / HTTP/1.1", host: "wpworkplace.com"
today at 11:20 AM 2020/03/17 15:20:44 [warn] 13#13: *34 [lua] _G write guard:12: __newindex(): writing a global lua variable ('redirect') which may lead to race conditions between concurrent requests, so prefer the use of 'local' variables
today at 11:20 AM stack traceback:
today at 11:20 AM /usr/local/openresty/nginx/lualib/router.lua:19: in main chunk, client: 207.46.13.223, server: , request: "GET / HTTP/1.1", host: "wpworkplace.com"
today at 11:20 AM 2020/03/17 15:20:44 [warn] 13#13: *34 [lua] _G write guard:12: __newindex(): writing a global lua variable ('proxy') which may lead to race conditions between concurrent requests, so prefer the use of 'local' variables
today at 11:20 AM stack traceback:
today at 11:20 AM /usr/local/openresty/nginx/lualib/router.lua:24: in main chunk, client: 207.46.13.223, server: , request: "GET / HTTP/1.1", host: "wpworkplace.com"
today at 11:20 AM 2020/03/17 15:20:44 [warn] 13#13: *34 [lua] _G write guard:12: __newindex(): writing a global lua variable ('routeRequest') which may lead to race conditions between concurrent requests, so prefer the use of 'local' variables
today at 11:20 AM stack traceback:
today at 11:20 AM /usr/local/openresty/nginx/lualib/router.lua:29: in main chunk, client: 207.46.13.223, server: , request: "GET / HTTP/1.1", host: "wpworkplace.com"
today at 11:20 AM 207.46.13.223 - - [17/Mar/2020:15:20:44 +0000] "GET / HTTP/1.1" 301 175 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"
today at 11:20 AM 2020/03/17 15:20:44 [info] 13#13: *34 client 207.46.13.223 closed keepalive connection
today at 11:22 AM 2020/03/17 15:22:03 [warn] 13#13: *36 [lua] _G write guard:12: __newindex(): writing a global lua variable ('starts_with') which may lead to race conditions between concurrent requests, so prefer the use of 'local' variables
today at 11:22 AM stack traceback:
today at 11:22 AM /usr/local/openresty/nginx/lualib/ceryx/utils.lua:3: in main chunk
today at 11:22 AM [C]: in function 'require'
today at 11:22 AM /usr/local/openresty/nginx/lualib/ceryx/redis.lua:2: in main chunk
today at 11:22 AM [C]: in function 'require'
today at 11:22 AM /usr/local/openresty/nginx/lualib/router.lua:1: in main chunk, client: 10.0.0.3, server: , request: "POST /wp-admin/admin-ajax.php HTTP/1.1", host: "blogwp.com", referrer: "http://blogwp.com/wp-admin/admin.php?page=intrapress_settings"
today at 11:22 AM 2020/03/17 15:22:03 [warn] 13#13: *36 [lua] _G write guard:12: __newindex(): writing a global lua variable ('ends_with') which may lead to race conditions between concurrent requests, so prefer the use of 'local' variables
today at 11:22 AM stack traceback:
today at 11:22 AM /usr/local/openresty/nginx/lualib/ceryx/utils.lua:7: in main chunk
today at 11:22 AM [C]: in function 'require'
today at 11:22 AM /usr/local/openresty/nginx/lualib/ceryx/redis.lua:2: in main chunk
today at 11:22 AM [C]: in function 'require'
today at 11:22 AM /usr/local/openresty/nginx/lualib/router.lua:1: in main chunk, client: 10.0.0.3, server: , request: "POST /wp-admin/admin-ajax.php HTTP/1.1", host: "blogwp.com", referrer: "http://blogwp.com/wp-admin/admin.php?page=intrapress_settings"
today at 11:22 AM 2020/03/17 15:22:03 [warn] 13#13: *36 [lua] _G write guard:12: __newindex(): writing a global lua variable ('starts_with_protocol') which may lead to race conditions between concurrent requests, so prefer the use of 'local' variables
today at 11:22 AM stack traceback:
today at 11:22 AM /usr/local/openresty/nginx/lualib/ceryx/utils.lua:11: in main chunk
today at 11:22 AM [C]: in function 'require'
today at 11:22 AM /usr/local/openresty/nginx/lualib/ceryx/redis.lua:2: in main chunk
today at 11:22 AM [C]: in function 'require'
today at 11:22 AM /usr/local/openresty/nginx/lualib/router.lua:1: in main chunk, client: 10.0.0.3, server: , request: "POST /wp-admin/admin-ajax.php HTTP/1.1", host: "blogwp.com", referrer: "http://blogwp.com/wp-admin/admin.php?page=intrapress_settings"
today at 11:22 AM 2020/03/17 15:22:03 [warn] 13#13: *36 [lua] _G write guard:12: __newindex(): writing a global lua variable ('has_trailing_slash') which may lead to race conditions between concurrent requests, so prefer the use of 'local' variables
today at 11:22 AM stack traceback:
today at 11:22 AM /usr/local/openresty/nginx/lualib/ceryx/utils.lua:15: in main chunk
today at 11:22 AM [C]: in function 'require'
today at 11:22 AM /usr/local/openresty/nginx/lualib/ceryx/redis.lua:2: in main chunk
today at 11:22 AM [C]: in function 'require'
today at 11:22 AM /usr/local/openresty/nginx/lualib/router.lua:1: in main chunk, client: 10.0.0.3, server: , request: "POST /wp-admin/admin-ajax.php HTTP/1.1", host: "blogwp.com", referrer: "http://blogwp.com/wp-admin/admin.php?page=intrapress_settings"
today at 11:22 AM 2020/03/17 15:22:03 [warn] 13#13: *36 [lua] _G write guard:12: __newindex(): writing a global lua variable ('getRouteKeyForSource') which may lead to race conditions between concurrent requests, so prefer the use of 'local' variables
today at 11:22 AM stack traceback:
today at 11:22 AM /usr/local/openresty/nginx/lualib/ceryx/routes.lua:5: in main chunk
today at 11:22 AM [C]: in function 'require'
today at 11:22 AM /usr/local/openresty/nginx/lualib/router.lua:2: in main chunk, client: 10.0.0.3, server: , request: "POST /wp-admin/admin-ajax.php HTTP/1.1", host: "blogwp.com", referrer: "http://blogwp.com/wp-admin/admin.php?page=intrapress_settings"
today at 11:22 AM 2020/03/17 15:22:03 [warn] 13#13: *36 [lua] _G write guard:12: __newindex(): writing a global lua variable ('getSettingsKeyForSource') which may lead to race conditions between concurrent requests, so prefer the use of 'local' variables
today at 11:22 AM stack traceback:
today at 11:22 AM /usr/local/openresty/nginx/lualib/ceryx/routes.lua:9: in main chunk
today at 11:22 AM [C]: in function 'require'
today at 11:22 AM /usr/local/openresty/nginx/lualib/router.lua:2: in main chunk, client: 10.0.0.3, server: , request: "POST /wp-admin/admin-ajax.php HTTP/1.1", host: "blogwp.com", referrer: "http://blogwp.com/wp-admin/admin.php?page=intrapress_settings"
today at 11:22 AM 2020/03/17 15:22:03 [warn] 13#13: *36 [lua] _G write guard:12: __newindex(): writing a global lua variable ('targetIsInValid') which may lead to race conditions between concurrent requests, so prefer the use of 'local' variables
today at 11:22 AM stack traceback:
today at 11:22 AM /usr/local/openresty/nginx/lualib/ceryx/routes.lua:13: in main chunk
today at 11:22 AM [C]: in function 'require'
today at 11:22 AM /usr/local/openresty/nginx/lualib/router.lua:2: in main chunk, client: 10.0.0.3, server: , request: "POST /wp-admin/admin-ajax.php HTTP/1.1", host: "blogwp.com", referrer: "http://blogwp.com/wp-admin/admin.php?page=intrapress_settings"
today at 11:22 AM 2020/03/17 15:22:03 [warn] 13#13: *36 [lua] _G write guard:12: __newindex(): writing a global lua variable ('getTargetForSource') which may lead to race conditions between concurrent requests, so prefer the use of 'local' variables
today at 11:22 AM stack traceback:
today at 11:22 AM /usr/local/openresty/nginx/lualib/ceryx/routes.lua:17: in main chunk
today at 11:22 AM [C]: in function 'require'
today at 11:22 AM /usr/local/openresty/nginx/lualib/router.lua:2: in main chunk, client: 10.0.0.3, server: , request: "POST /wp-admin/admin-ajax.php HTTP/1.1", host: "blogwp.com", referrer: "http://blogwp.com/wp-admin/admin.php?page=intrapress_settings"
today at 11:22 AM 2020/03/17 15:22:03 [warn] 13#13: *36 [lua] _G write guard:12: __newindex(): writing a global lua variable ('getModeForSource') which may lead to race conditions between concurrent requests, so prefer the use of 'local' variables
today at 11:22 AM stack traceback:
today at 11:22 AM /usr/local/openresty/nginx/lualib/ceryx/routes.lua:40: in main chunk
today at 11:22 AM [C]: in function 'require'
today at 11:22 AM /usr/local/openresty/nginx/lualib/router.lua:2: in main chunk, client: 10.0.0.3, server: , request: "POST /wp-admin/admin-ajax.php HTTP/1.1", host: "blogwp.com", referrer: "http://blogwp.com/wp-admin/admin.php?page=intrapress_settings"
today at 11:22 AM 2020/03/17 15:22:03 [warn] 13#13: *36 [lua] _G write guard:12: __newindex(): writing a global lua variable ('getRouteForSource') which may lead to race conditions between concurrent requests, so prefer the use of 'local' variables
today at 11:22 AM stack traceback:
today at 11:22 AM /usr/local/openresty/nginx/lualib/ceryx/routes.lua:52: in main chunk
today at 11:22 AM [C]: in function 'require'
today at 11:22 AM /usr/local/openresty/nginx/lualib/router.lua:2: in main chunk, client: 10.0.0.3, server: , request: "POST /wp-admin/admin-ajax.php HTTP/1.1", host: "blogwp.com", referrer: "http://blogwp.com/wp-admin/admin.php?page=intrapress_settings"
today at 11:22 AM 2020/03/17 15:22:03 [debug] 13#13: *36 [lua] redis.lua:14: client(): Preparing Redis client.
today at 11:22 AM 2020/03/17 15:22:03 [debug] 13#13: *36 [lua] redis.lua:27: client(): Redis client prepared.
today at 11:22 AM 2020/03/17 15:22:03 [debug] 13#13: *36 [lua] redis.lua:37: client(): Authenticated with Redis.
today at 11:22 AM 2020/03/17 15:22:03 [warn] 13#13: *36 [lua] _G write guard:12: __newindex(): writing a global lua variable ('formatTarget') which may lead to race conditions between concurrent requests, so prefer the use of 'local' variables
today at 11:22 AM stack traceback:
today at 11:22 AM /usr/local/openresty/nginx/lualib/router.lua:12: in main chunk, client: 10.0.0.3, server: , request: "POST /wp-admin/admin-ajax.php HTTP/1.1", host: "blogwp.com", referrer: "http://blogwp.com/wp-admin/admin.php?page=intrapress_settings"
today at 11:22 AM 2020/03/17 15:22:03 [warn] 13#13: *36 [lua] _G write guard:12: __newindex(): writing a global lua variable ('redirect') which may lead to race conditions between concurrent requests, so prefer the use of 'local' variables
today at 11:22 AM stack traceback:
today at 11:22 AM /usr/local/openresty/nginx/lualib/router.lua:19: in main chunk, client: 10.0.0.3, server: , request: "POST /wp-admin/admin-ajax.php HTTP/1.1", host: "blogwp.com", referrer: "http://blogwp.com/wp-admin/admin.php?page=intrapress_settings"
today at 11:22 AM 2020/03/17 15:22:03 [warn] 13#13: *36 [lua] _G write guard:12: __newindex(): writing a global lua variable ('proxy') which may lead to race conditions between concurrent requests, so prefer the use of 'local' variables
today at 11:22 AM stack traceback:
today at 11:22 AM /usr/local/openresty/nginx/lualib/router.lua:24: in main chunk, client: 10.0.0.3, server: , request: "POST /wp-admin/admin-ajax.php HTTP/1.1", host: "blogwp.com", referrer: "http://blogwp.com/wp-admin/admin.php?page=intrapress_settings"
today at 11:22 AM 2020/03/17 15:22:03 [warn] 13#13: *36 [lua] _G write guard:12: __newindex(): writing a global lua variable ('routeRequest') which may lead to race conditions between concurrent requests, so prefer the use of 'local' variables
today at 11:22 AM stack traceback:
All of these variables need to be declared as local.
Thanks
Hi, i'm trying to use ceryx with my project, which hosted on kubernetes. And I'm having some issues.
API is working fine
curl -H "Content-Type: application/json" -X POST -d '{"source":"t1-proxy.nlu-v35.dev-kuber.internal.domain","target":"127.0.0.1:5555"}' http://localhost:5555/api/routes
{
"source": "t1-proxy.nlu-v35.dev-kuber.internal.domain",
"target": "127.0.0.1:5555"
}
redis works fine too
127.0.0.1:6379> keys *
1) "ceryx:routes:api-proxy.nlu-v35.internal.domain"
2) "ceryx:routes:t1-proxy.nlu-v35.internal.domain"
On ceryx-proxy
# netstat -pant
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:6379 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1/openresty -g daem
tcp 0 0 127.0.0.1:5555 0.0.0.0:*
But all the tome im on the same page:
$ curl t1-proxy.nlu-v35.dev-kuber.internal.domain
<html><head><title>Something.</title></head>
<body>Something.</body>
</html>
How can i debug ceryx proxy to see that lua module is working correctly or maybe I had missed some setting before?
My kubernetes manifest just for a case:
kind: PersistentVolumeClaim apiVersion: v1 metadata: name: redis-ebs spec: storageClassName: gp2 accessModes: - ReadWriteOnce resources: requests: storage: 2Gi --- apiVersion: apps/v1beta1 kind: Deployment metadata: name: ceryx labels: app: ceryx spec: replicas: 1 template: metadata: name: ceryx labels: app: ceryx spec: containers: - name: redis image: redis:latest volumeMounts: - name: redis-ebs-volume mountPath: /data - name: ceryx-proxy image: sourcelair/ceryx-proxy:latest env: - name: CERYX_DEBUG value: "true" - name: CERYX_REDIS_HOST value: "localhost" - name: CERYX_REDIS_PORT value: "6379" - name: CERYX_REDIS_PREFIX value: "ceryx" - name: ceryx-api image: sourcelair/ceryx-api:latest env: - name: CERYX_DEBUG value: "true" - name: CERYX_NAME value: "ceryx" - name: CERYX_API_HOST value: "localhost" - name: CERYX_API_PORT value: "5555" - name: CERYX_API_HOSTNAME value: "localhost" - name: CERYX_REDIS_HOST value: "localhost" - name: CERYX_REDIS_PORT value: "6379" - name: CERYX_REDIS_PREFIX value: "ceryx" ports: - containerPort: 80 - containerPort: 5555 volumes: - name: redis-ebs-volume persistentVolumeClaim: claimName: redis-ebs --- apiVersion: v1 kind: Service metadata: annotations: external-dns.alpha.kubernetes.io/hostname: "*.nlu-v35.dev-kuber.internal.domain" service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0 name: nlu-reverse-proxy spec: ports: - name: nlu-port port: 80 - name: ceryx-api port: 5555 selector: app: ceryx type: LoadBalancer
Metrics should include:
I have set up a couple of dockered services (i.e. example:8080, monitor:8080) and exposed them at external URLs as https://serv.example.com and https://mon.serv.example.com correspondingly, enforcing https and also redirecting http calls to https.
For several months this was working perfectly, but last week I had some certificate errors out of the blue only for the first service located at https://serv.example.com.
I have checked the logs and I got the following:
2019/11/27 13:33:40 [info] 24#24: *134900 [lua] router.lua:56: HOST MY.IP.ADDRESS.HERE, client: 10.255.0.2, server: , request: "GET / HTTP/1.1", host: "MY.IP.ADDRESS.HERE"
2019/11/27 13:33:40 [info] 24#24: *134900 [lua] routes.lua:24: getTargetForSource(): Could not find target for MY.IP.ADDRESS.HERE., client: 10.255.0.2, server: , request: "GET / HTTP/1.1", host: "MY.IP.ADDRESS.HERE"
2019/11/27 13:33:40 [info] 24#24: *134900 [lua] router.lua:60: No $wildcard target configured for fallback. Exiting with Bad Gateway., client: 10.255.0.2, server: , request: "GET / HTTP/1.1", host: "MY.IP.ADDRESS.HERE"
client sent invalid method while reading client request line, client: 10.255.0.2, server: , request: "�/*�Cookie: mstshash=Administr"
2019/11/27 13:35:06 [info] 24#24: *134915 recv() failed (104: Connection reset by peer) while reading client request line, client: 10.255.0.2, server: , request: "�/*�Cookie: mstshash=Administr"
10.255.0.2 - - [27/Nov/2019:13:35:06 +0000] "\x03\x00\x00/*\xE0\x00\x00\x00\x00\x00Cookie: mstshash=Administr" 400 179 "-" "-"
24#24: *134917 [lua] certificates.lua:19: getCertificatesForHost(): Could not retrieve SSL certificate path for MY.IP.ADDRESS.HERE from Redis: N/A, context: ssl_certificate_by_lua*, client: 10.255.0.2, server: 0.0.0.0:443
2019/11/27 13:36:03 [info] 24#24: *134917 [lua] certificate.lua:47: No valid SSL certificate has been configured for MY.IP.ADDRESS.HERE., context: ssl_certificate_by_lua*, client: 10.255.0.2, server: 0.0.0.0:443
2019/11/27 13:36:03 [info] 24#24: *134917 [lua] certificate.lua:50: Passing SSL certificate handling for MY.IP.ADDRESS.HERE to Let's Encrypt., context: ssl_certificate_by_lua*, client: 10.255.0.2, server: 0.0.0.0:443
2019/11/27 13:36:03 [info] 24#24: *134917 [lua] routes.lua:24: getTargetForSource(): Could not find target for MY.IP.ADDRESS.HERE., context: ssl_certificate_by_lua*, client: 10.255.0.2, server: 0.0.0.0:443
2019/11/27 13:36:03 [notice] 24#24: *134917 [lua] ssl_certificate.lua:284: auto-ssl: domain not allowed - using fallback - MY.IP.ADDRESS.HERE, context: ssl_certificate_by_lua*, client: 10.255.0.2, server: 0.0.0.0:443
10.255.0.2 - - [27/Nov/2019:13:36:03 +0000] "GET / HTTP/1.1" 503 1062 "-" "Mozilla/5.0 zgrab/0.x"
2019/11/27 13:36:03 [info] 24#24: *134916 [lua] router.lua:56: HOST MY.IP.ADDRESS.HERE, client: 10.255.0.2, server: , request: "GET / HTTP/1.1", host: "MY.IP.ADDRESS.HERE"
2019/11/27 13:36:03 [info] 24#24: *134916 [lua] routes.lua:24: getTargetForSource(): Could not find target for MY.IP.ADDRESS.HERE., client: 10.255.0.2, server: , request: "GET / HTTP/1.1", host: "MY.IP.ADDRESS.HERE"
2019/11/27 13:36:03 [info] 24#24: *134916 [lua] router.lua:60: No $wildcard target configured for fallback. Exiting with Bad Gateway., client: 10.255.0.2, server: , request: "GET / HTTP/1.1", host: "MY.IP.ADDRESS.HERE"
2019/11/27 13:36:13 [info] 24#24: *134916 client 10.255.0.2 closed keepalive connection
and after a while the following:
Generating account key...
+ Registering account key with ACME server...
err: + ERROR: An error occurred while sending post-request to https://acme-v01.api.letsencrypt.org/acme/new-reg (Status 403)
Details:
{
"type": "urn:acme:error:unauthorized",
"detail": "Account creation on ACMEv1 is disabled. Please upgrade your ACME client to a version that supports ACMEv2 / RFC 8555. See https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430 for details.",
"status": 403
}
rm: cannot remove '/etc/resty-auto-ssl/letsencrypt/domains.txt': No such file or directory
I have checked within the ceryx container (ceryx_ceryx.blahblah) to find that directory /etc/resty-auto-ssl/letsencrypt/accounts/MY_HEXADECIMAL_ACCOUNT_NR/
was empty... I checked another ceryx installation on another machine that works fine and I've found that the same directory has two files in there, an account_key.pem
and a registration_info.json
file.
But the funny thing is that this error appears only for the first URL (https://serv.example.com) and not the second (https://mon.serv.example.com), despite the above findings...
I can't seem to wrap my head around the endpoints that the API uses, so all I get from is are 404 error codes.
I've tried GET/POST/PUT/DELETE etc. and from the Python code, I can't even seem to be able to find where the endpoints are defined at.
I don't suppose you could point me in the right direction?
Hey team,
Hoping to put together some quick notes on usage of the API. It seems as though the PUT route in https://github.com/sourcelair/ceryx/blob/master/api/ceryx/api/views.py requires a source both in the URL as well as requiring a source as an explicit parameter. Am I correct in my reading of this?
If I PUT {"target":"127.0.0.1:80"} to '/api/routes/test', I am told that a source is required.
I I PUT {"source":"test","target":"127.0.0.1:80"} to '/api/routes', the method is not allowed.
The only way I can get it to function is by submitting {"source":"test","target":"127.0.0.1:80"} to '/api/routes/any_words_here' where any_words_here is required but not used and doesn't have to match the source parameter.
Hello,
Is there any way to use wildcard LE instead of checking for every subdomain?
Thanks
I want to serve static files with auto-ssl. but I could'nt find any documentation related to that. Is there any plan to support it ?
BTW the tool is awesome :)
Is it possible to add a configuration option to disable these protocols?
I would like to have more detailed documentation。Thanks
Hello,
I'm testing ceryx as an API gateway for one testing platform but I'm having trouble trying to understand how to dynamically add a route using the flask API.
Could you please elaborate a little bit on how to make it useable with a minimal example?
Thanks!
Seems nginx doesn't allow DELETE and PUT methods, so API requests proxied through ceryx are not working:
➜ web-proxy git:(master) ✗ curl -H "Content-Type: application/json"
-X DELETE
-d '{"source":"localhost"}'
http://ceryx-api..../api/routes
{"status": 405, "message": "Method Not Allowed"}%
It might be useful if it was possible to pass details of a certificate when create a route, or later update an existing route with a custom certificate.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.