withlogicco / ceryx Goto Github PK

During the ceryx container build:

...

Step 5/10 : RUN /usr/local/openresty/luajit/bin/luarocks install lua-resty-auto-ssl 0.12.0
---> Running in 583e3c3268ff
Illegal instruction (core dumped)
ERROR: Service 'ceryx' failed to build: The command '/bin/sh -c /usr/local/openresty/luajit/bin/luarocks install lua-resty-auto-ssl 0.12.0' returned a non-zero code: 132

Creating ceryx_proxy_1
ERROR: proxy/nginx/lualib includes invalid characters for a local volume name, only [a-zA-Z0-9][a-zA-Z0-9_.-] are allowed

Got above error, using the below link to be fixed:

https://github.com/dogdep/dogpro/issues/6

docker run -d
--name ceryx
-p 80:80 -p 443:443
--restart=always
sourcelair/ceryx usr/local/openresty/bin/openresty -g - daemon off

I get:

• '[' == true ']'
  /entrypoint.sh: line 5: [: ==: unary operator expected
• export CERYX_LOG_LEVEL=info
• CERYX_LOG_LEVEL=info
• /usr/local/bin/dockerize -template /usr/local/openresty/nginx/conf/nginx.conf.tmpl:/usr/local/openresty/nginx/conf/nginx.conf -template /usr/local/openresty/nginx/conf/ceryx.conf.tmpl:/usr/local/openresty/nginx/conf/ceryx.conf -wait tcp://redis:6379
  2019/08/31 13:24:02 Waiting for: tcp://redis:6379
  2019/08/31 13:24:02 Connected to tcp://redis:6379
• exec usr/local/openresty/bin/openresty -g - daemon off
  nginx: invalid option: "daemon"
• '[' == true ']'
  /entrypoint.sh: line 5: [: ==: unary operator expected

I believe it is a bash error related to the assignment in entrypoint.sh.

Thanks for your help

I can't seem to wrap my head around the endpoints that the API uses, so all I get from is are 404 error codes.

I've tried GET/POST/PUT/DELETE etc. and from the Python code, I can't even seem to be able to find where the endpoints are defined at.

I don't suppose you could point me in the right direction?

I have been evaluating ceryz for the last couple of days. Everything has been working just fine.

Is there any way to route requests to remote hosts with different IPs? For example;
ContainerA running in HostA
ContainerB running in HostB

Thanks for your help.

Issue when installing using docker-compose up -d

Can you please post some example how to populate redis so I will be able to add "virtulhosts" and coresponting routes ?

Thanks.

Hello,
When a client request to sync the system time of all of servers behind Ceryx reserve proxy, such as to sync with a timestamp server. Could Ceryx comply this kind of specifiction? If yes, could we design a control program via API, and how? Thanks.

Hi, i'm trying to use ceryx with my project, which hosted on kubernetes. And I'm having some issues.
API is working fine

curl -H "Content-Type: application/json" -X POST -d '{"source":"t1-proxy.nlu-v35.dev-kuber.internal.domain","target":"127.0.0.1:5555"}' http://localhost:5555/api/routes
{   
    "source": "t1-proxy.nlu-v35.dev-kuber.internal.domain",
    "target": "127.0.0.1:5555"
}

redis works fine too

127.0.0.1:6379> keys *
1) "ceryx:routes:api-proxy.nlu-v35.internal.domain"
2) "ceryx:routes:t1-proxy.nlu-v35.internal.domain"

On ceryx-proxy

 # netstat -pant
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:6379            0.0.0.0:*               LISTEN      -
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      1/openresty -g daem
tcp        0      0 127.0.0.1:5555          0.0.0.0:*  

But all the tome im on the same page:

$ curl t1-proxy.nlu-v35.dev-kuber.internal.domain
<html><head><title>Something.</title></head>
<body>Something.</body>
</html>

How can i debug ceryx proxy to see that lua module is working correctly or maybe I had missed some setting before?

My kubernetes manifest just for a case:

kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: redis-ebs
spec:
  storageClassName: gp2
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 2Gi
---
apiVersion: apps/v1beta1
kind: Deployment
metadata:
  name: ceryx
  labels:
    app: ceryx
spec:
  replicas: 1
  template:
    metadata:
      name: ceryx
      labels:
        app: ceryx
    spec:
      containers:
      - name: redis
        image: redis:latest
        volumeMounts:
          - name: redis-ebs-volume
            mountPath: /data
      - name: ceryx-proxy
        image: sourcelair/ceryx-proxy:latest
        env:
        - name: CERYX_DEBUG
          value: "true"
        - name: CERYX_REDIS_HOST
          value: "localhost"
        - name: CERYX_REDIS_PORT
          value: "6379"
        - name: CERYX_REDIS_PREFIX
          value: "ceryx"
      - name: ceryx-api
        image: sourcelair/ceryx-api:latest
        env:
        - name: CERYX_DEBUG
          value: "true"
        - name: CERYX_NAME
          value: "ceryx"
        - name: CERYX_API_HOST
          value: "localhost"
        - name: CERYX_API_PORT
          value: "5555"
        - name: CERYX_API_HOSTNAME
          value:  "localhost"
        - name: CERYX_REDIS_HOST
          value: "localhost"
        - name: CERYX_REDIS_PORT
          value: "6379"
        - name: CERYX_REDIS_PREFIX
          value: "ceryx"
        ports:
        - containerPort: 80
        - containerPort: 5555
      volumes:
        - name: redis-ebs-volume
          persistentVolumeClaim:
           claimName: redis-ebs
---
apiVersion: v1
kind: Service
metadata:
  annotations:
    external-dns.alpha.kubernetes.io/hostname: "*.nlu-v35.dev-kuber.internal.domain"
    service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0
  name: nlu-reverse-proxy
spec:
  ports:
  - name: nlu-port
    port: 80
  - name: ceryx-api
    port: 5555
  selector:
    app: ceryx
  type: LoadBalancer

Ceryx should be able to be configured through an env file, which is quiet convenient.

Well, this could happen in a couple of ways though. We could either promote usage of the env_file in the docker-compose.yml file, or we could provide built in support for loading environment variables from a .env file in the Ceryx itself.

We can chose the one that suits us better.

Hello,
Is there any way to use wildcard LE instead of checking for every subdomain?
Thanks

Metrics should include:

• Query timing for cache and Redis
• Request timing
  • Both for any request and per host

Step 6/10 : RUN pipenv install --system --dev --deploy
---> Running in 1dfbb88fe4c8
Installing dependencies from Pipfile.lock (fc7fa7)…
An error occurred while installing uvloop==0.15.1; sys_platform != 'win32'! Will try again.
Installing initially–failed dependencies…
Looking in indexes: https://pypi.python.org/simple
Collecting uvloop==0.15.1
Using cached uvloop-0.15.1.tar.gz (2.1 MB)

ERROR: Command errored out with exit status 1:
 command: /usr/local/bin/python -c 'import sys, setuptools, tokenize; sys.argv[0] = '"'"'/tmp/pip-install-i0e0pcsx/uvloop_bd47fed1e1c1482996c798433cf0622c/setup.py'"'"'; __file__='"'"'/tmp/pip-install-i0e0pcsx/uvloop_bd47fed1e1c1482996c798433cf0622c/setup.py'"'"';f=getattr(tokenize, '"'"'open'"'"', open)(__file__);code=f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, __file__, '"'"'exec'"'"'))' egg_info --egg-base /tmp/pip-pip-egg-info-jofc99l7
     cwd: /tmp/pip-install-i0e0pcsx/uvloop_bd47fed1e1c1482996c798433cf0622c/
Complete output (5 lines):
Traceback (most recent call last):
  File "<string>", line 1, in <module>
  File "/tmp/pip-install-i0e0pcsx/uvloop_bd47fed1e1c1482996c798433cf0622c/setup.py", line 5, in <module>
    raise RuntimeError('uvloop requires Python 3.7 or greater')
RuntimeError: uvloop requires Python 3.7 or greater
----------------------------------------

WARNING: Discarding https://files.pythonhosted.org/packages/94/98/9dc814f391b2293ecc790b9752e005296c69c3694fd9975b6cb77c448135/uvloop-0.15.1.tar.gz#sha256=7846828112bfb49abc5fdfc47d0e4dfd7402115c9fde3c14c31818cfbeeb63dc (from https://pypi.org/simple/uvloop/). Command errored out with exit status 1: python setup.py egg_info Check the logs for full command output.
ERROR: Could not find a version that satisfies the requirement uvloop==0.15.1
ERROR: No matching distribution found for uvloop==0.15.1

The command '/bin/sh -c pipenv install --system --dev --deploy' returned a non-zero code: 1
ERROR: Service 'api' failed to build : Build failed

Currently, in Redis we store the routes. We could also store SSL certificates for certain domain and serve these certificates with OpenResty.

This would require:

• API endpoint for the certificates
• use of the ssl_certificate_by_lua_block directive to serve the SSL certificates.

Hello,

I'm testing ceryx as an API gateway for one testing platform but I'm having trouble trying to understand how to dynamically add a route using the flask API.

Could you please elaborate a little bit on how to make it useable with a minimal example?

Thanks!

Ceryx currently supports only single endpoints to be placed for routes, aka my.route.com -> my.backend.com:9999

We could introduce more backends per route and load balance traffic in these routes, for example we could utilize balancer Open-Resty module.

https://github.com/Olivine-Labs/waco-kid

I've been working on a drop in replacement for vulcand in openresty for a few days. It currently supports vulcand's Route syntax(host, header, method, and uri matching) and uses and ffi binding to libr3(https://github.com/c9s/r3) for the actual routing. It also uses an ffi cache for configuration, and updates the routing tree in the background only when changes occur. I get 15-20 million routes matched per second per core with this configuration on my laptop.

Currently it only supports etcd with vulcand's configuration format, but with some minor changes it could support ceryx as well! It uses an intermediate format stored in the cache for building routes, so only the portion of code for updating that config would need to change.

When I am trying to add a new route using the given CURL command. The route is not getting added to the ceryx and a message as Redirecting to: /api/routes is being shown, where would my installation could have gone wrong?

After upgrading to 0.7 version, all certificate generation started failing. After setting it to DEBUG true, I get the following in the ceryx log:

2019/12/26 19:31:18 [error] 40#40: [lua] init_master.lua:67: generate_config(): auto-ssl: failed to create letsencrypt dir permissions: Executing command failed (exit code 1): chmod 777 /etc/resty-auto-ssl/letsencrypt 2>&1
Output: chmod: changing permissions of '/etc/resty-auto-ssl/letsencrypt': Operation not permitted

Running the command manually in the directory did not help:
chmod -R 777 /etc/resty-auto-ssl/

The log still shows the same error and the routing to SSL requiring domains stopped as well.

Please advice.

Thanks in advance.

Hey team,

Started to put together a PR and realised I couldn't determine what the intended behaviour is here.

I note that the API's new update_parser takes only a target argument. However, the PUT route is marshalled with resource_fields which contains a source argument also. As a result, the PUT request is responded to with a null source, such that submitting {"target":"127.0.0.1"} to /api/routes/test.com results in a response containing {"source": null,"target": "127.0.0.1"}.

Should this return value draw the source from a valid location, or should source be omitted from the return value?

I have cloned the repo and then did the docker-compose up -d command, It seems like it works since when I access the server from my browser it shows the "ceryx no app here" page. However I can't seem to access the ceryx-api at all.

There are no ports exposed for it. I have tried making requests to http://localhost:5555 but they never connect to anything.

Am I doing something wrong, I'm not that familiar with docker, and I'm trying to write a script that will dynamically add routes that I will run on the VPS.

It might be useful if it was possible to pass details of a certificate when create a route, or later update an existing route with a custom certificate.

Is it possible to add a configuration option to disable these protocols?

If you simple do a docker pull sourcelair/ceryx-proxy:dynamic-ssl
and run it part of the docker-compose-dev.yaml file it's incomplete, after referencing it in base.yml
cd into ceryx/dynamic-ssl and do docker build and it's the same
following is the output

> proxy_1  |      no file '/usr/local/lib/lua/5.1/loadall.so'
> proxy_1  | stack traceback:
> proxy_1  |      [C]: in function 'require'
> proxy_1  |      init_by_lua:2: in main chunk
> proxy_1  | nginx: [error] init_by_lua error: init_by_lua:2: module 'resty.auto-ssl' not found:
> proxy_1  |      no field package.preload['resty.auto-ssl']
> proxy_1  |      no file '/usr/local/openresty/nginx//lualib/resty/auto-ssl.lua'
> proxy_1  |      no file '/usr/local/openresty/site/lualib/resty/auto-ssl.lua'
> proxy_1  |      no file '/usr/local/openresty/site/lualib/resty/auto-ssl/init.lua'
> proxy_1  |      no file '/usr/local/openresty/lualib/resty/auto-ssl.lua'
> proxy_1  |      no file '/usr/local/openresty/lualib/resty/auto-ssl/init.lua'
> proxy_1  |      no file './resty/auto-ssl.lua'
> proxy_1  |      no file '/usr/local/openresty/luajit/share/luajit-2.1.0-beta2/resty/auto-ssl.lua'
> proxy_1  |      no file '/usr/local/share/lua/5.1/resty/auto-ssl.lua'
> proxy_1  |      no file '/usr/local/share/lua/5.1/resty/auto-ssl/init.lua'
> proxy_1  |      no file '/usr/local/openresty/luajit/share/lua/5.1/resty/auto-ssl.lua'
> proxy_1  |      no file '/usr/local/openresty/luajit/share/lua/5.1/resty/auto-ssl/init.lua'
> proxy_1  |      no file '/usr/local/openresty/site/lualib/resty/auto-ssl.so'
> proxy_1  |      no file '/usr/local/openresty/lualib/resty/auto-ssl.so'
> proxy_1  |      no file './resty/auto-ssl.so'
> proxy_1  |      no file '/usr/local/lib/lua/5.1/resty/auto-ssl.so'
> proxy_1  |      no file '/usr/local/openresty/luajit/lib/lua/5.1/resty/auto-ssl.so'
> proxy_1  |      no file '/usr/local/lib/lua/5.1/loadall.so'
> proxy_1  |      no file '/usr/local/openresty/site/lualib/resty.so'
> proxy_1  |      no file '/usr/local/openresty/lualib/resty.so'
> proxy_1  |      no file './resty.so'
> proxy_1  |      no file '/usr/local/lib/lua/5.1/resty.so'
> proxy_1  |      no file '/usr/local/openresty/luajit/lib/lua/5.1/resty.so'
> proxy_1  |      no file '/usr/local/lib/lua/5.1/loadall.so'
> proxy_1  | stack traceback:
> proxy_1  |      [C]: in function 'require'
> proxy_1  |      init_by_lua:2: in main chunk
> 

I built a docker image using ceryx/Proxy/Dockerfile.xenial but starting an image based on the image failed as the xfs user did not exists. I added RUN useradd xfs to the dockerfile and was able to start it.

For now dynamic SSL doesn't check if host is in sources.

There is only mechanism to specify CERYX_SSL_PATTERN env var but it kills dynamism.

I would like to have more detailed documentation。Thanks

I want to serve static files with auto-ssl. but I could'nt find any documentation related to that. Is there any plan to support it ?
BTW the tool is awesome :)

Hi,
I get the following warnings when the debug is turned on:

today at 11:20 AM 2020/03/17 15:20:44 [warn] 13#13: *34 [lua] _G write guard:12: __newindex(): writing a global lua variable ('formatTarget') which may lead to race conditions between concurrent requests, so prefer the use of 'local' variables
today at 11:20 AM stack traceback:
today at 11:20 AM /usr/local/openresty/nginx/lualib/router.lua:12: in main chunk, client: 207.46.13.223, server: , request: "GET / HTTP/1.1", host: "wpworkplace.com"
today at 11:20 AM 2020/03/17 15:20:44 [warn] 13#13: *34 [lua] _G write guard:12: __newindex(): writing a global lua variable ('redirect') which may lead to race conditions between concurrent requests, so prefer the use of 'local' variables
today at 11:20 AM stack traceback:
today at 11:20 AM /usr/local/openresty/nginx/lualib/router.lua:19: in main chunk, client: 207.46.13.223, server: , request: "GET / HTTP/1.1", host: "wpworkplace.com"
today at 11:20 AM 2020/03/17 15:20:44 [warn] 13#13: *34 [lua] _G write guard:12: __newindex(): writing a global lua variable ('proxy') which may lead to race conditions between concurrent requests, so prefer the use of 'local' variables
today at 11:20 AM stack traceback:
today at 11:20 AM /usr/local/openresty/nginx/lualib/router.lua:24: in main chunk, client: 207.46.13.223, server: , request: "GET / HTTP/1.1", host: "wpworkplace.com"
today at 11:20 AM 2020/03/17 15:20:44 [warn] 13#13: *34 [lua] _G write guard:12: __newindex(): writing a global lua variable ('routeRequest') which may lead to race conditions between concurrent requests, so prefer the use of 'local' variables
today at 11:20 AM stack traceback:
today at 11:20 AM /usr/local/openresty/nginx/lualib/router.lua:29: in main chunk, client: 207.46.13.223, server: , request: "GET / HTTP/1.1", host: "wpworkplace.com"
today at 11:20 AM 207.46.13.223 - - [17/Mar/2020:15:20:44 +0000] "GET / HTTP/1.1" 301 175 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"
today at 11:20 AM 2020/03/17 15:20:44 [info] 13#13: *34 client 207.46.13.223 closed keepalive connection
today at 11:22 AM 2020/03/17 15:22:03 [warn] 13#13: *36 [lua] _G write guard:12: __newindex(): writing a global lua variable ('starts_with') which may lead to race conditions between concurrent requests, so prefer the use of 'local' variables
today at 11:22 AM stack traceback:
today at 11:22 AM /usr/local/openresty/nginx/lualib/ceryx/utils.lua:3: in main chunk
today at 11:22 AM [C]: in function 'require'
today at 11:22 AM /usr/local/openresty/nginx/lualib/ceryx/redis.lua:2: in main chunk
today at 11:22 AM [C]: in function 'require'
today at 11:22 AM /usr/local/openresty/nginx/lualib/router.lua:1: in main chunk, client: 10.0.0.3, server: , request: "POST /wp-admin/admin-ajax.php HTTP/1.1", host: "blogwp.com", referrer: "http://blogwp.com/wp-admin/admin.php?page=intrapress_settings"
today at 11:22 AM 2020/03/17 15:22:03 [warn] 13#13: *36 [lua] _G write guard:12: __newindex(): writing a global lua variable ('ends_with') which may lead to race conditions between concurrent requests, so prefer the use of 'local' variables
today at 11:22 AM stack traceback:
today at 11:22 AM /usr/local/openresty/nginx/lualib/ceryx/utils.lua:7: in main chunk
today at 11:22 AM [C]: in function 'require'
today at 11:22 AM /usr/local/openresty/nginx/lualib/ceryx/redis.lua:2: in main chunk
today at 11:22 AM [C]: in function 'require'
today at 11:22 AM /usr/local/openresty/nginx/lualib/router.lua:1: in main chunk, client: 10.0.0.3, server: , request: "POST /wp-admin/admin-ajax.php HTTP/1.1", host: "blogwp.com", referrer: "http://blogwp.com/wp-admin/admin.php?page=intrapress_settings"
today at 11:22 AM 2020/03/17 15:22:03 [warn] 13#13: *36 [lua] _G write guard:12: __newindex(): writing a global lua variable ('starts_with_protocol') which may lead to race conditions between concurrent requests, so prefer the use of 'local' variables
today at 11:22 AM stack traceback:
today at 11:22 AM /usr/local/openresty/nginx/lualib/ceryx/utils.lua:11: in main chunk
today at 11:22 AM [C]: in function 'require'
today at 11:22 AM /usr/local/openresty/nginx/lualib/ceryx/redis.lua:2: in main chunk
today at 11:22 AM [C]: in function 'require'
today at 11:22 AM /usr/local/openresty/nginx/lualib/router.lua:1: in main chunk, client: 10.0.0.3, server: , request: "POST /wp-admin/admin-ajax.php HTTP/1.1", host: "blogwp.com", referrer: "http://blogwp.com/wp-admin/admin.php?page=intrapress_settings"
today at 11:22 AM 2020/03/17 15:22:03 [warn] 13#13: *36 [lua] _G write guard:12: __newindex(): writing a global lua variable ('has_trailing_slash') which may lead to race conditions between concurrent requests, so prefer the use of 'local' variables
today at 11:22 AM stack traceback:
today at 11:22 AM /usr/local/openresty/nginx/lualib/ceryx/utils.lua:15: in main chunk
today at 11:22 AM [C]: in function 'require'
today at 11:22 AM /usr/local/openresty/nginx/lualib/ceryx/redis.lua:2: in main chunk
today at 11:22 AM [C]: in function 'require'
today at 11:22 AM /usr/local/openresty/nginx/lualib/router.lua:1: in main chunk, client: 10.0.0.3, server: , request: "POST /wp-admin/admin-ajax.php HTTP/1.1", host: "blogwp.com", referrer: "http://blogwp.com/wp-admin/admin.php?page=intrapress_settings"
today at 11:22 AM 2020/03/17 15:22:03 [warn] 13#13: *36 [lua] _G write guard:12: __newindex(): writing a global lua variable ('getRouteKeyForSource') which may lead to race conditions between concurrent requests, so prefer the use of 'local' variables
today at 11:22 AM stack traceback:
today at 11:22 AM /usr/local/openresty/nginx/lualib/ceryx/routes.lua:5: in main chunk
today at 11:22 AM [C]: in function 'require'
today at 11:22 AM /usr/local/openresty/nginx/lualib/router.lua:2: in main chunk, client: 10.0.0.3, server: , request: "POST /wp-admin/admin-ajax.php HTTP/1.1", host: "blogwp.com", referrer: "http://blogwp.com/wp-admin/admin.php?page=intrapress_settings"
today at 11:22 AM 2020/03/17 15:22:03 [warn] 13#13: *36 [lua] _G write guard:12: __newindex(): writing a global lua variable ('getSettingsKeyForSource') which may lead to race conditions between concurrent requests, so prefer the use of 'local' variables
today at 11:22 AM stack traceback:
today at 11:22 AM /usr/local/openresty/nginx/lualib/ceryx/routes.lua:9: in main chunk
today at 11:22 AM [C]: in function 'require'
today at 11:22 AM /usr/local/openresty/nginx/lualib/router.lua:2: in main chunk, client: 10.0.0.3, server: , request: "POST /wp-admin/admin-ajax.php HTTP/1.1", host: "blogwp.com", referrer: "http://blogwp.com/wp-admin/admin.php?page=intrapress_settings"
today at 11:22 AM 2020/03/17 15:22:03 [warn] 13#13: *36 [lua] _G write guard:12: __newindex(): writing a global lua variable ('targetIsInValid') which may lead to race conditions between concurrent requests, so prefer the use of 'local' variables
today at 11:22 AM stack traceback:
today at 11:22 AM /usr/local/openresty/nginx/lualib/ceryx/routes.lua:13: in main chunk
today at 11:22 AM [C]: in function 'require'
today at 11:22 AM /usr/local/openresty/nginx/lualib/router.lua:2: in main chunk, client: 10.0.0.3, server: , request: "POST /wp-admin/admin-ajax.php HTTP/1.1", host: "blogwp.com", referrer: "http://blogwp.com/wp-admin/admin.php?page=intrapress_settings"
today at 11:22 AM 2020/03/17 15:22:03 [warn] 13#13: *36 [lua] _G write guard:12: __newindex(): writing a global lua variable ('getTargetForSource') which may lead to race conditions between concurrent requests, so prefer the use of 'local' variables
today at 11:22 AM stack traceback:
today at 11:22 AM /usr/local/openresty/nginx/lualib/ceryx/routes.lua:17: in main chunk
today at 11:22 AM [C]: in function 'require'
today at 11:22 AM /usr/local/openresty/nginx/lualib/router.lua:2: in main chunk, client: 10.0.0.3, server: , request: "POST /wp-admin/admin-ajax.php HTTP/1.1", host: "blogwp.com", referrer: "http://blogwp.com/wp-admin/admin.php?page=intrapress_settings"
today at 11:22 AM 2020/03/17 15:22:03 [warn] 13#13: *36 [lua] _G write guard:12: __newindex(): writing a global lua variable ('getModeForSource') which may lead to race conditions between concurrent requests, so prefer the use of 'local' variables
today at 11:22 AM stack traceback:
today at 11:22 AM /usr/local/openresty/nginx/lualib/ceryx/routes.lua:40: in main chunk
today at 11:22 AM [C]: in function 'require'
today at 11:22 AM /usr/local/openresty/nginx/lualib/router.lua:2: in main chunk, client: 10.0.0.3, server: , request: "POST /wp-admin/admin-ajax.php HTTP/1.1", host: "blogwp.com", referrer: "http://blogwp.com/wp-admin/admin.php?page=intrapress_settings"
today at 11:22 AM 2020/03/17 15:22:03 [warn] 13#13: *36 [lua] _G write guard:12: __newindex(): writing a global lua variable ('getRouteForSource') which may lead to race conditions between concurrent requests, so prefer the use of 'local' variables
today at 11:22 AM stack traceback:
today at 11:22 AM /usr/local/openresty/nginx/lualib/ceryx/routes.lua:52: in main chunk
today at 11:22 AM [C]: in function 'require'
today at 11:22 AM /usr/local/openresty/nginx/lualib/router.lua:2: in main chunk, client: 10.0.0.3, server: , request: "POST /wp-admin/admin-ajax.php HTTP/1.1", host: "blogwp.com", referrer: "http://blogwp.com/wp-admin/admin.php?page=intrapress_settings"
today at 11:22 AM 2020/03/17 15:22:03 [debug] 13#13: *36 [lua] redis.lua:14: client(): Preparing Redis client.
today at 11:22 AM 2020/03/17 15:22:03 [debug] 13#13: *36 [lua] redis.lua:27: client(): Redis client prepared.
today at 11:22 AM 2020/03/17 15:22:03 [debug] 13#13: *36 [lua] redis.lua:37: client(): Authenticated with Redis.
today at 11:22 AM 2020/03/17 15:22:03 [warn] 13#13: *36 [lua] _G write guard:12: __newindex(): writing a global lua variable ('formatTarget') which may lead to race conditions between concurrent requests, so prefer the use of 'local' variables
today at 11:22 AM stack traceback:
today at 11:22 AM /usr/local/openresty/nginx/lualib/router.lua:12: in main chunk, client: 10.0.0.3, server: , request: "POST /wp-admin/admin-ajax.php HTTP/1.1", host: "blogwp.com", referrer: "http://blogwp.com/wp-admin/admin.php?page=intrapress_settings"
today at 11:22 AM 2020/03/17 15:22:03 [warn] 13#13: *36 [lua] _G write guard:12: __newindex(): writing a global lua variable ('redirect') which may lead to race conditions between concurrent requests, so prefer the use of 'local' variables
today at 11:22 AM stack traceback:
today at 11:22 AM /usr/local/openresty/nginx/lualib/router.lua:19: in main chunk, client: 10.0.0.3, server: , request: "POST /wp-admin/admin-ajax.php HTTP/1.1", host: "blogwp.com", referrer: "http://blogwp.com/wp-admin/admin.php?page=intrapress_settings"
today at 11:22 AM 2020/03/17 15:22:03 [warn] 13#13: *36 [lua] _G write guard:12: __newindex(): writing a global lua variable ('proxy') which may lead to race conditions between concurrent requests, so prefer the use of 'local' variables
today at 11:22 AM stack traceback:
today at 11:22 AM /usr/local/openresty/nginx/lualib/router.lua:24: in main chunk, client: 10.0.0.3, server: , request: "POST /wp-admin/admin-ajax.php HTTP/1.1", host: "blogwp.com", referrer: "http://blogwp.com/wp-admin/admin.php?page=intrapress_settings"
today at 11:22 AM 2020/03/17 15:22:03 [warn] 13#13: *36 [lua] _G write guard:12: __newindex(): writing a global lua variable ('routeRequest') which may lead to race conditions between concurrent requests, so prefer the use of 'local' variables
today at 11:22 AM stack traceback:

All of these variables need to be declared as local.

Thanks

1. Can ceryx auto delete route after the client who adds it terminates?
2. Does the client need to re-add the route when ceryx restarts?
3. Does ceryx relies on that redis is always available and data in redis will never be lost?
4. Can I run multipe ceryx instance for load balancing? Then what "ceryx-api-host" should be when calling its API? I think the IP of any instance is OK since each instance will save to the same Redis, right?

Thanks.

Hello, I could not find the project documentation, api or even a quickstart

Is there a document?

There is no way to correctly set Forward Secrecy.
See this article:
https://www.digicert.com/ssl-support/ssl-enabling-perfect-forward-secrecy.htm#nginx_forward_secrecy

I tried making a WebSocket connection through ceryx but it failed. How can we establish a successful WebSocket connection using ceryx?

Hi,

I have been using your great tool for a while and recently I have been testing the latest version which includes certificate management, redirects, ... in short, it's good.

However I am encountering a problem with the json display of the "enforce_https" parameter when I request the API, it always has the value "false" even when the value is "1" in the redis database.
Have you ever encountered this problem?

PS : sorry for the quality of my english

Hi there,

Big fan of Ceryx 👍

Could you update the "official" dockerhub repo with a newer version? Looks like it hasn't been update for two months:
https://hub.docker.com/r/sourcelair/ceryx-proxy/tags/

Thanks!

Hey team,

Hoping to put together some quick notes on usage of the API. It seems as though the PUT route in https://github.com/sourcelair/ceryx/blob/master/api/ceryx/api/views.py requires a source both in the URL as well as requiring a source as an explicit parameter. Am I correct in my reading of this?

If I PUT {"target":"127.0.0.1:80"} to '/api/routes/test', I am told that a source is required.
I I PUT {"source":"test","target":"127.0.0.1:80"} to '/api/routes', the method is not allowed.

The only way I can get it to function is by submitting {"source":"test","target":"127.0.0.1:80"} to '/api/routes/any_words_here' where any_words_here is required but not used and doesn't have to match the source parameter.

I have set up a couple of dockered services (i.e. example:8080, monitor:8080) and exposed them at external URLs as https://serv.example.com and https://mon.serv.example.com correspondingly, enforcing https and also redirecting http calls to https.

For several months this was working perfectly, but last week I had some certificate errors out of the blue only for the first service located at https://serv.example.com.

I have checked the logs and I got the following:

2019/11/27 13:33:40 [info] 24#24: *134900 [lua] router.lua:56: HOST MY.IP.ADDRESS.HERE, client: 10.255.0.2, server: , request: "GET / HTTP/1.1", host: "MY.IP.ADDRESS.HERE"
2019/11/27 13:33:40 [info] 24#24: *134900 [lua] routes.lua:24: getTargetForSource(): Could not find target for MY.IP.ADDRESS.HERE., client: 10.255.0.2, server: , request: "GET / HTTP/1.1", host: "MY.IP.ADDRESS.HERE"
2019/11/27 13:33:40 [info] 24#24: *134900 [lua] router.lua:60: No $wildcard target configured for fallback. Exiting with Bad Gateway., client: 10.255.0.2, server: , request: "GET / HTTP/1.1", host: "MY.IP.ADDRESS.HERE"

client sent invalid method while reading client request line, client: 10.255.0.2, server: , request: "�/*�Cookie: mstshash=Administr"
2019/11/27 13:35:06 [info] 24#24: *134915 recv() failed (104: Connection reset by peer) while reading client request line, client: 10.255.0.2, server: , request: "�/*�Cookie: mstshash=Administr"
10.255.0.2 - - [27/Nov/2019:13:35:06 +0000] "\x03\x00\x00/*\xE0\x00\x00\x00\x00\x00Cookie: mstshash=Administr" 400 179 "-" "-"

24#24: *134917 [lua] certificates.lua:19: getCertificatesForHost(): Could not retrieve SSL certificate path for MY.IP.ADDRESS.HERE from Redis: N/A, context: ssl_certificate_by_lua*, client: 10.255.0.2, server: 0.0.0.0:443
2019/11/27 13:36:03 [info] 24#24: *134917 [lua] certificate.lua:47: No valid SSL certificate has been configured for MY.IP.ADDRESS.HERE., context: ssl_certificate_by_lua*, client: 10.255.0.2, server: 0.0.0.0:443
2019/11/27 13:36:03 [info] 24#24: *134917 [lua] certificate.lua:50: Passing SSL certificate handling for MY.IP.ADDRESS.HERE to Let's Encrypt., context: ssl_certificate_by_lua*, client: 10.255.0.2, server: 0.0.0.0:443
2019/11/27 13:36:03 [info] 24#24: *134917 [lua] routes.lua:24: getTargetForSource(): Could not find target for MY.IP.ADDRESS.HERE., context: ssl_certificate_by_lua*, client: 10.255.0.2, server: 0.0.0.0:443
2019/11/27 13:36:03 [notice] 24#24: *134917 [lua] ssl_certificate.lua:284: auto-ssl: domain not allowed - using fallback - MY.IP.ADDRESS.HERE, context: ssl_certificate_by_lua*, client: 10.255.0.2, server: 0.0.0.0:443
10.255.0.2 - - [27/Nov/2019:13:36:03 +0000] "GET / HTTP/1.1" 503 1062 "-" "Mozilla/5.0 zgrab/0.x"
2019/11/27 13:36:03 [info] 24#24: *134916 [lua] router.lua:56: HOST MY.IP.ADDRESS.HERE, client: 10.255.0.2, server: , request: "GET / HTTP/1.1", host: "MY.IP.ADDRESS.HERE"
2019/11/27 13:36:03 [info] 24#24: *134916 [lua] routes.lua:24: getTargetForSource(): Could not find target for MY.IP.ADDRESS.HERE., client: 10.255.0.2, server: , request: "GET / HTTP/1.1", host: "MY.IP.ADDRESS.HERE"
2019/11/27 13:36:03 [info] 24#24: *134916 [lua] router.lua:60: No $wildcard target configured for fallback. Exiting with Bad Gateway., client: 10.255.0.2, server: , request: "GET / HTTP/1.1", host: "MY.IP.ADDRESS.HERE"
2019/11/27 13:36:13 [info] 24#24: *134916 client 10.255.0.2 closed keepalive connection

and after a while the following:

Generating account key...
+ Registering account key with ACME server...
 err:   + ERROR: An error occurred while sending post-request to https://acme-v01.api.letsencrypt.org/acme/new-reg (Status 403)

Details:
{
  "type": "urn:acme:error:unauthorized",
  "detail": "Account creation on ACMEv1 is disabled. Please upgrade your ACME client to a version that supports ACMEv2 / RFC 8555. See https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430 for details.",
  "status": 403
}

rm: cannot remove '/etc/resty-auto-ssl/letsencrypt/domains.txt': No such file or directory

I have checked within the ceryx container (ceryx_ceryx.blahblah) to find that directory /etc/resty-auto-ssl/letsencrypt/accounts/MY_HEXADECIMAL_ACCOUNT_NR/ was empty... I checked another ceryx installation on another machine that works fine and I've found that the same directory has two files in there, an account_key.pem and a registration_info.json file.

But the funny thing is that this error appears only for the first URL (https://serv.example.com) and not the second (https://mon.serv.example.com), despite the above findings...

Seems nginx doesn't allow DELETE and PUT methods, so API requests proxied through ceryx are not working:

➜ web-proxy git:(master) ✗ curl -H "Content-Type: application/json"
-X DELETE
-d '{"source":"localhost"}'
http://ceryx-api..../api/routes
{"status": 405, "message": "Method Not Allowed"}%