#2407 closed defect (fixed)
server_name using regex loses variable after first request in h3
| Reported by: | Paul Scholz | Owned by: | Sergey Kandaurov |
|---|---|---|---|
| Priority: | minor | Milestone: | nginx-1.23 |
| Component: | http/3 | Version: | 1.23.x |
| Keywords: | Cc: | ||
| uname -a: | Linux 9d941f5cbfb3 5.15.0-52-generic #58-Ubuntu SMP Thu Oct 13 08:03:55 UTC 2022 x86_64 Linux | ||
| nginx -V: |
nginx version: nginx/1.23.2 (quic-3be953161026-boringssl-8ce0e1c14e48109773f1e94e5f8b020aa1e24dc5)
built by gcc 11.2.1 20220219 (Alpine 11.2.1_git20220219) built with OpenSSL 1.1.1 (compatible; BoringSSL) (running with BoringSSL) TLS SNI support enabled configure arguments: --build=quic-3be953161026-boringssl-8ce0e1c14e48109773f1e94e5f8b020aa1e24dc5 --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module --with-http_xslt_module=dynamic --with-http_image_filter_module=dynamic --with-http_geoip_module=dynamic --with-http_perl_module=dynamic --with-threads --with-stream --with-stream_ssl_module --with-stream_ssl_preread_module --with-stream_realip_module --with-stream_geoip_module=dynamic --with-http_slice_module --with-mail --with-mail_ssl_module --with-compat --with-file-aio --with-http_v2_module --with-http_v3_module --add-module=/usr/src/ngx_brotli --add-module=/usr/src/headers-more-nginx-module-0.34 --add-module=/usr/src/njs/nginx --add-dynamic-module=/usr/src/ngx_http_geoip2_module --with-cc-opt=-I../boringssl/include --with-ld-opt='-L../boringssl/build/ssl -L../boringssl/build/crypto' |
||
Description
Nginx with h3 leaves variables generated by server_name regex empty.
I defined a variable called subdomain in the server_name to redirect based on it. While using it with h2 it works well. But when switching to h3 the regex variables are not set.
I tried this using
curl --http2 https://test.repo.limine.de/index.html
and
# alt-svc cache required curl --http3 https://test.repo.limine.de/index.html
Proxied server shows empty subdomain variable using h3.
Setup is described below:
Config:
server {
listen 443 http3;
listen 443 ssl http2;
# regex in server_name combined with h3 does not work well
server_name ~^(?<subdomain>.*)\.repo\.limine\.de$;
ssl_certificate /etc/acme/limine.de/fullchain.pem;
ssl_certificate_key /etc/acme/limine.de/privkey.pem;
ssl_trusted_certificate /etc/acme/limine.de/cert.pem;
add_header alt-svc 'h3=":443"; ma=86400';
add_header Strict-Transport-Security max-age=15768000;
location ~ ^/(.*)$ {
proxy_pass http://localhost:8080/$subdomain/$1;
}
}
Serving HTTP on 0.0.0.0 port 8080 (http://0.0.0.0:8080/) ... 10.89.0.63 - - [08/Nov/2022 12:11:42] code 404, message File not found 10.89.0.63 - - [08/Nov/2022 12:11:42] "GET //index.html HTTP/1.0" 404 - h3 10.89.0.63 - - [08/Nov/2022 12:12:12] "GET /test/index.html HTTP/1.0" 200 - h2
Change History (4)
comment:1 by , 2 years ago
| Owner: | set to |
|---|---|
| Status: | new → assigned |
comment:2 by , 2 years ago
comment:3 by , 2 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
A slightly modified patch committed in https://hg.nginx.org/nginx-quic/rev/0f5fc7a320db
Note:
See TracTickets
for help on using tickets.
Can you please try this patch and report the results?
# HG changeset patch # User Sergey Kandaurov <pluknet@nginx.com> # Date 1668422301 -14400 # Mon Nov 14 14:38:21 2022 +0400 # Branch quic # Node ID e1c359fc6a4d7fbedfe31eb11057fdb8ab4981af # Parent 3be9531610265d5e906baab1cac1cac608a952a3 HTTP/3: fixed server_name regex captures (ticket #2407). Previously, HTTP/3 stream connection didn't inherit the servername regex from the main QUIC connection saved when processing SNI and using regular expressions in server names. As a result, it didn't execute to set regex captures when choosing the virtual server after parsing HTTP/3 headers. diff --git a/src/http/v3/ngx_http_v3_request.c b/src/http/v3/ngx_http_v3_request.c --- a/src/http/v3/ngx_http_v3_request.c +++ b/src/http/v3/ngx_http_v3_request.c @@ -83,6 +83,10 @@ ngx_http_v3_init(ngx_connection_t *c) hc->ssl_servername = phc->ssl_servername; hc->conf_ctx = phc->conf_ctx; + if (phc->ssl_servername_regex) { + hc->ssl_servername_regex = phc->ssl_servername_regex; + } + ngx_set_connection_log(c, clcf->error_log); }