mTLS: tls internal error

basil · August 1, 2021, 3:42am

@francislavoie Over the month of July, since moving away from this structure…

    reverse_proxy @mtls {backend} {
      header_up Host {http.reverse_proxy.upstream.hostport}
      header_up X-Forwarded-Host {host}
      transport http {
        tls
      }
    }

…to this structure…

(proxy-mtls) {
  @{args.0} host {args.0}.udance.com.au
  reverse_proxy @{args.0} https://{args.1} {
    header_up Host {http.reverse_proxy.upstream.hostport}
    header_up X-Forwarded-Host {host}
  }
}

mTLS has been rock solid. Not relying on a fix, but I’ll leave you with the observation that mTLS is unreliable under the former structure.

francislavoie · August 1, 2021, 3:57am

Strange. Well the main difference is that in the former, the upstream is dynamic, and in the latter, it’s known upfront. I’ll need to follow up and read the code to see if I can glean anything from that regarding mTLS. I’m afk for the weekend.

francislavoie · August 10, 2021, 12:00pm

This topic was automatically closed after 51 days. New replies are no longer allowed.