Comments (8)
Yes, in 3.6.0
there was a couple of big bumps on dependencies. OpenSSL and OpenResty. We need to check what is going on. Thank you for reporting, unfortunately we didn't catch this.
from kong.
We are working on fix right now : ) Thanks for you patience.
Alerady some updates on this topic?
We're currently running into the same issue after updating to 3.6.x
from kong.
I bet that's because of the 0.8.25 to 1.2.0 upgrade of resty-openssl
mentioned here: https://docs.konghq.com/gateway/changelog/#3600 and introduced here: #12265.
That's a bummer. It's sad to see, but Kong's stability with the new releases is surprisingly low and the introduced versions are full of smaller bugs. E.g. I have to stay on 3.4.2, because 3.5.X does not tolerate custom logging format and I cannot upgrade to 3.6.1, because of the SSL issue.
from kong.
I have the same problem but with postgres 15
from kong.
Just link some context here:
https://github.com/Kong/pgmoon/blob/v1.16.2/pgmoon/init.lua#L397-L398
local ssl = require("resty.openssl.ssl").from_socket(self.sock) -- it seams this line returns `nil`
local server_cert = ssl:get_peer_certificate()
@michael-todorovic, could you modify that line (in most probably /usr/local/share/lua/5.1/pgmoon/init.lua
):
local ssl = require("resty.openssl.ssl").from_socket(self.sock) -- it seams this line returns `nil`
to:
local ssl, err = require("resty.openssl.ssl").from_socket(self.sock) -- it seams this line returns `nil`
if err then
error(err)
end
And report back?
from kong.
Also @fffonion could you take a look at it. Is the auxilary module compiled with CE? Is it a requirement now? Is there difference in EE shipped pgmoon
regards to this?
from kong.
Any updates on this? I got the same, working on 3.5 and stopped with 3.6 and 3.6.1. Leaving my trace just in case :)
KONG_PG_DATABASE=xxx \
KONG_PG_HOST=xxxxx \
KONG_PG_PASSWORD=xxxx \
KONG_PG_PORT=5432 \
KONG_PG_SSL=on \
KONG_PG_SSL_REQUIRED=on \
KONG_PG_SSL_VERSION=tlsv1_3 \
KONG_PG_USER=kong kong migrations up --v
On 3.5:
2024/04/19 10:53:19 [verbose] Kong: 3.5.0
2024/04/19 10:53:19 [verbose] no config file found at /etc/kong/kong.conf
2024/04/19 10:53:19 [verbose] no config file found at /etc/kong.conf
2024/04/19 10:53:19 [verbose] no config file, skip loading
2024/04/19 10:53:19 [verbose] prefix in use: /usr/local/kong
2024/04/19 10:53:19 [verbose] preparing nginx prefix directory at /usr/local/kong
2024/04/19 10:53:19 [verbose] SSL enabled on proxy, no custom certificate set: using default certificates
2024/04/19 10:53:19 [verbose] generating proxy SSL certificate (/usr/local/kong/ssl/kong-default.crt) and key (/usr/local/kong/ssl/kong-default.key) for listener
2024/04/19 10:53:19 [verbose] generating proxy SSL certificate (/usr/local/kong/ssl/kong-default-ecdsa.crt) and key (/usr/local/kong/ssl/kong-default-ecdsa.key) for listener
2024/04/19 10:53:19 [verbose] SSL enabled on admin, no custom certificate set: using default certificates
2024/04/19 10:53:19 [verbose] generating admin SSL certificate (/usr/local/kong/ssl/admin-kong-default.crt) and key (/usr/local/kong/ssl/admin-kong-default.key) for listener
2024/04/19 10:53:19 [verbose] generating admin SSL certificate (/usr/local/kong/ssl/admin-kong-default-ecdsa.crt) and key (/usr/local/kong/ssl/admin-kong-default-ecdsa.key) for listener
2024/04/19 10:53:19 [verbose] SSL enabled on admin_gui, no custom certificate set: using default certificates
2024/04/19 10:53:19 [verbose] generating admin_gui SSL certificate (/usr/local/kong/ssl/admin-gui-kong-default.crt) and key (/usr/local/kong/ssl/admin-gui-kong-default.key) for listener
2024/04/19 10:53:20 [verbose] generating admin_gui SSL certificate (/usr/local/kong/ssl/admin-gui-kong-default-ecdsa.crt) and key (/usr/local/kong/ssl/admin-gui-kong-default-ecdsa.key) for listener
2024/04/19 10:53:20 [verbose] generating trusted certs combined file in /usr/local/kong/.ca_combined
2024/04/19 10:53:20 [warn] 15#0: *2 [lua] nginx.lua:261: get_ngx_ssl_from_socket_ctx(): note resty.openssl.auxiliary.nginx is using plain FFI and it's only intended to be used in development, consider using lua-resty-openssl.aux-module in production., context: ngx.timer
2024/04/19 10:53:20 [verbose] retrieving database schema state...
2024/04/19 10:53:20 [verbose] schema state retrieved
2024/04/19 10:53:20 [verbose] retrieving database schema state...
2024/04/19 10:53:20 [verbose] schema state retrieved
2024/04/19 10:53:20 [info] Database is already up-to-date
On 3.6.1:
2024/04/19 10:51:50 [verbose] Kong: 3.6.1
2024/04/19 10:51:50 [verbose] no config file found at /etc/kong/kong.conf
2024/04/19 10:51:50 [verbose] no config file found at /etc/kong.conf
2024/04/19 10:51:50 [verbose] no config file, skip loading
2024/04/19 10:51:50 [verbose] prefix in use: /usr/local/kong
2024/04/19 10:51:50 [verbose] preparing nginx prefix directory at /usr/local/kong
2024/04/19 10:51:50 [verbose] SSL enabled on proxy, no custom certificate set: using default certificates
2024/04/19 10:51:50 [verbose] proxy SSL certificate found at /usr/local/kong/ssl/kong-default.crt
2024/04/19 10:51:50 [verbose] proxy SSL certificate found at /usr/local/kong/ssl/kong-default-ecdsa.crt
2024/04/19 10:51:50 [verbose] SSL enabled on admin, no custom certificate set: using default certificates
2024/04/19 10:51:50 [verbose] admin SSL certificate found at /usr/local/kong/ssl/admin-kong-default.crt
2024/04/19 10:51:50 [verbose] admin SSL certificate found at /usr/local/kong/ssl/admin-kong-default-ecdsa.crt
2024/04/19 10:51:50 [verbose] SSL enabled on admin_gui, no custom certificate set: using default certificates
2024/04/19 10:51:50 [verbose] admin_gui SSL certificate found at /usr/local/kong/ssl/admin-gui-kong-default.crt
2024/04/19 10:51:50 [verbose] admin_gui SSL certificate found at /usr/local/kong/ssl/admin-gui-kong-default-ecdsa.crt
2024/04/19 10:51:50 [verbose] generating trusted certs combined file in /usr/local/kong/.ca_combined
2024/04/19 10:51:50 [warn] 64#0: *2 [lua] nginx.lua:300: get_ngx_ssl_from_socket_ctx(): note resty.openssl.auxiliary.nginx is using plain FFI and it's only intended to be used in development, consider using lua-resty-openssl.aux-module in production., context: ngx.timer
Error:
/usr/local/share/lua/5.1/pgmoon/init.lua:398: attempt to index local 'ssl' (a nil value)
stack traceback:
/usr/local/share/lua/5.1/pgmoon/init.lua:398: in function 'auth'
/usr/local/share/lua/5.1/pgmoon/init.lua:268: in function 'connect'
.../share/lua/5.1/kong/db/strategies/postgres/connector.lua:215: in function 'connect'
.../share/lua/5.1/kong/db/strategies/postgres/connector.lua:546: in function 'query'
.../share/lua/5.1/kong/db/strategies/postgres/connector.lua:296: in function 'init'
/usr/local/share/lua/5.1/kong/db/init.lua:144: in function 'init_connector'
/usr/local/share/lua/5.1/kong/cmd/migrations.lua:101: in function 'cmd_exec'
/usr/local/share/lua/5.1/kong/cmd/init.lua:31: in function </usr/local/share/lua/5.1/kong/cmd/init.lua:31>
[C]: in function 'xpcall'
/usr/local/share/lua/5.1/kong/cmd/init.lua:31: in function </usr/local/share/lua/5.1/kong/cmd/init.lua:15>
(command line -e):7: in function 'inline_gen'
init_worker_by_lua(nginx.conf:170):44: in function <init_worker_by_lua(nginx.conf:170):43>
[C]: in function 'xpcall'
init_worker_by_lua(nginx.conf:170):52: in function <init_worker_by_lua(nginx.conf:170):50>
from kong.
We are working on fix right now : ) Thanks for you patience.
from kong.
Related Issues (20)
- custom proxy_access_log still not working in 3.4.* HOT 3
- Kong prometheus plugin does not record 404 response codes from proxy HOT 2
- Timeout when running migrations from 3.5 to 3.6 leading to corrupted data (migration ran twice) HOT 3
- Admin API address in "New Connnection" form only support IP, not DNS. HOT 3
- Upsert target is not an upsert HOT 4
- failed to set X-Kong-Upstream-Status header while sending to client HOT 2
- [PostgreSQL error] failed to retrieve PostgreSQL server_version_num: connection refused HOT 2
- DNS resolution failed: dns server error: 3 name error HOT 14
- Optional capture groups are broken with the request-transformer plugin and traditional_compatible router HOT 4
- Error in logs: failed to run timer HOT 2
- Database migration failed while using helm chart HOT 2
- JWT Plugin bypasses validation process occasionally on frequent requests HOT 3
- TLS SNI Route not work HOT 6
- Kong info, notice, inspect logs are all getting logged as error in GCP(google cloud platform) HOT 1
- Cannot use kong.db
- http-log plugin: Host header not including port
- Every time request localhost:8001/metrics, kong-cp-kong-pod will prompt a license-related error
- Dataplane not getting information from the ControlPlane in Hybrid mode
- go plugin error, worker-events: event callback failed; source=plugin_server, event=reset_instance
- Error: attempt to index local 'ssl' (a nil value) for Kong >= 3.6.0 when KONG_PG_SSL=on
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kong.