Git Product home page Git Product logo

Comments (8)

bungle avatar bungle commented on May 26, 2024 2

Yes, in 3.6.0 there was a couple of big bumps on dependencies. OpenSSL and OpenResty. We need to check what is going on. Thank you for reporting, unfortunately we didn't catch this.

from kong.

weberpatr avatar weberpatr commented on May 26, 2024 2

We are working on fix right now : ) Thanks for you patience.

Alerady some updates on this topic?
We're currently running into the same issue after updating to 3.6.x

from kong.

sgrzemski avatar sgrzemski commented on May 26, 2024

I bet that's because of the 0.8.25 to 1.2.0 upgrade of resty-openssl mentioned here: https://docs.konghq.com/gateway/changelog/#3600 and introduced here: #12265.
That's a bummer. It's sad to see, but Kong's stability with the new releases is surprisingly low and the introduced versions are full of smaller bugs. E.g. I have to stay on 3.4.2, because 3.5.X does not tolerate custom logging format and I cannot upgrade to 3.6.1, because of the SSL issue.

from kong.

walter-bd avatar walter-bd commented on May 26, 2024

I have the same problem but with postgres 15

from kong.

bungle avatar bungle commented on May 26, 2024

Just link some context here:
https://github.com/Kong/pgmoon/blob/v1.16.2/pgmoon/init.lua#L397-L398

local ssl = require("resty.openssl.ssl").from_socket(self.sock) -- it seams this line returns `nil`
local server_cert = ssl:get_peer_certificate()

@michael-todorovic, could you modify that line (in most probably /usr/local/share/lua/5.1/pgmoon/init.lua):

local ssl = require("resty.openssl.ssl").from_socket(self.sock) -- it seams this line returns `nil`

to:

local ssl, err = require("resty.openssl.ssl").from_socket(self.sock) -- it seams this line returns `nil`
if err then
  error(err)
end

And report back?

from kong.

bungle avatar bungle commented on May 26, 2024

Also @fffonion could you take a look at it. Is the auxilary module compiled with CE? Is it a requirement now? Is there difference in EE shipped pgmoon regards to this?

from kong.

pmorelli92 avatar pmorelli92 commented on May 26, 2024

Any updates on this? I got the same, working on 3.5 and stopped with 3.6 and 3.6.1. Leaving my trace just in case :)

KONG_PG_DATABASE=xxx \
KONG_PG_HOST=xxxxx \
KONG_PG_PASSWORD=xxxx \
KONG_PG_PORT=5432 \
KONG_PG_SSL=on \
KONG_PG_SSL_REQUIRED=on \
KONG_PG_SSL_VERSION=tlsv1_3 \
KONG_PG_USER=kong kong migrations up --v

On 3.5:

2024/04/19 10:53:19 [verbose] Kong: 3.5.0
2024/04/19 10:53:19 [verbose] no config file found at /etc/kong/kong.conf
2024/04/19 10:53:19 [verbose] no config file found at /etc/kong.conf
2024/04/19 10:53:19 [verbose] no config file, skip loading
2024/04/19 10:53:19 [verbose] prefix in use: /usr/local/kong
2024/04/19 10:53:19 [verbose] preparing nginx prefix directory at /usr/local/kong
2024/04/19 10:53:19 [verbose] SSL enabled on proxy, no custom certificate set: using default certificates
2024/04/19 10:53:19 [verbose] generating proxy SSL certificate (/usr/local/kong/ssl/kong-default.crt) and key (/usr/local/kong/ssl/kong-default.key) for listener
2024/04/19 10:53:19 [verbose] generating proxy SSL certificate (/usr/local/kong/ssl/kong-default-ecdsa.crt) and key (/usr/local/kong/ssl/kong-default-ecdsa.key) for listener
2024/04/19 10:53:19 [verbose] SSL enabled on admin, no custom certificate set: using default certificates
2024/04/19 10:53:19 [verbose] generating admin SSL certificate (/usr/local/kong/ssl/admin-kong-default.crt) and key (/usr/local/kong/ssl/admin-kong-default.key) for listener
2024/04/19 10:53:19 [verbose] generating admin SSL certificate (/usr/local/kong/ssl/admin-kong-default-ecdsa.crt) and key (/usr/local/kong/ssl/admin-kong-default-ecdsa.key) for listener
2024/04/19 10:53:19 [verbose] SSL enabled on admin_gui, no custom certificate set: using default certificates
2024/04/19 10:53:19 [verbose] generating admin_gui SSL certificate (/usr/local/kong/ssl/admin-gui-kong-default.crt) and key (/usr/local/kong/ssl/admin-gui-kong-default.key) for listener
2024/04/19 10:53:20 [verbose] generating admin_gui SSL certificate (/usr/local/kong/ssl/admin-gui-kong-default-ecdsa.crt) and key (/usr/local/kong/ssl/admin-gui-kong-default-ecdsa.key) for listener
2024/04/19 10:53:20 [verbose] generating trusted certs combined file in /usr/local/kong/.ca_combined
2024/04/19 10:53:20 [warn] 15#0: *2 [lua] nginx.lua:261: get_ngx_ssl_from_socket_ctx(): note resty.openssl.auxiliary.nginx is using plain FFI and it's only intended to be used in development, consider using lua-resty-openssl.aux-module in production., context: ngx.timer
2024/04/19 10:53:20 [verbose] retrieving database schema state...
2024/04/19 10:53:20 [verbose] schema state retrieved
2024/04/19 10:53:20 [verbose] retrieving database schema state...
2024/04/19 10:53:20 [verbose] schema state retrieved
2024/04/19 10:53:20 [info] Database is already up-to-date

On 3.6.1:

2024/04/19 10:51:50 [verbose] Kong: 3.6.1
2024/04/19 10:51:50 [verbose] no config file found at /etc/kong/kong.conf
2024/04/19 10:51:50 [verbose] no config file found at /etc/kong.conf
2024/04/19 10:51:50 [verbose] no config file, skip loading
2024/04/19 10:51:50 [verbose] prefix in use: /usr/local/kong
2024/04/19 10:51:50 [verbose] preparing nginx prefix directory at /usr/local/kong
2024/04/19 10:51:50 [verbose] SSL enabled on proxy, no custom certificate set: using default certificates
2024/04/19 10:51:50 [verbose] proxy SSL certificate found at /usr/local/kong/ssl/kong-default.crt
2024/04/19 10:51:50 [verbose] proxy SSL certificate found at /usr/local/kong/ssl/kong-default-ecdsa.crt
2024/04/19 10:51:50 [verbose] SSL enabled on admin, no custom certificate set: using default certificates
2024/04/19 10:51:50 [verbose] admin SSL certificate found at /usr/local/kong/ssl/admin-kong-default.crt
2024/04/19 10:51:50 [verbose] admin SSL certificate found at /usr/local/kong/ssl/admin-kong-default-ecdsa.crt
2024/04/19 10:51:50 [verbose] SSL enabled on admin_gui, no custom certificate set: using default certificates
2024/04/19 10:51:50 [verbose] admin_gui SSL certificate found at /usr/local/kong/ssl/admin-gui-kong-default.crt
2024/04/19 10:51:50 [verbose] admin_gui SSL certificate found at /usr/local/kong/ssl/admin-gui-kong-default-ecdsa.crt
2024/04/19 10:51:50 [verbose] generating trusted certs combined file in /usr/local/kong/.ca_combined
2024/04/19 10:51:50 [warn] 64#0: *2 [lua] nginx.lua:300: get_ngx_ssl_from_socket_ctx(): note resty.openssl.auxiliary.nginx is using plain FFI and it's only intended to be used in development, consider using lua-resty-openssl.aux-module in production., context: ngx.timer
Error: 
/usr/local/share/lua/5.1/pgmoon/init.lua:398: attempt to index local 'ssl' (a nil value)
stack traceback:
	/usr/local/share/lua/5.1/pgmoon/init.lua:398: in function 'auth'
	/usr/local/share/lua/5.1/pgmoon/init.lua:268: in function 'connect'
	.../share/lua/5.1/kong/db/strategies/postgres/connector.lua:215: in function 'connect'
	.../share/lua/5.1/kong/db/strategies/postgres/connector.lua:546: in function 'query'
	.../share/lua/5.1/kong/db/strategies/postgres/connector.lua:296: in function 'init'
	/usr/local/share/lua/5.1/kong/db/init.lua:144: in function 'init_connector'
	/usr/local/share/lua/5.1/kong/cmd/migrations.lua:101: in function 'cmd_exec'
	/usr/local/share/lua/5.1/kong/cmd/init.lua:31: in function </usr/local/share/lua/5.1/kong/cmd/init.lua:31>
	[C]: in function 'xpcall'
	/usr/local/share/lua/5.1/kong/cmd/init.lua:31: in function </usr/local/share/lua/5.1/kong/cmd/init.lua:15>
	(command line -e):7: in function 'inline_gen'
	init_worker_by_lua(nginx.conf:170):44: in function <init_worker_by_lua(nginx.conf:170):43>
	[C]: in function 'xpcall'
	init_worker_by_lua(nginx.conf:170):52: in function <init_worker_by_lua(nginx.conf:170):50>

from kong.

fffonion avatar fffonion commented on May 26, 2024

We are working on fix right now : ) Thanks for you patience.

from kong.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.