Opened 2 years ago

Closed 2 years ago

Last modified 19 months ago

#2407 closed defect (fixed)

server_name using regex loses variable after first request in h3

Reported by: Paul Scholz Owned by: Sergey Kandaurov
Priority: minor Milestone: nginx-1.23
Component: http/3 Version: 1.23.x
Keywords: Cc:
uname -a: Linux 9d941f5cbfb3 5.15.0-52-generic #58-Ubuntu SMP Thu Oct 13 08:03:55 UTC 2022 x86_64 Linux
nginx -V: nginx version: nginx/1.23.2 (quic-3be953161026-boringssl-8ce0e1c14e48109773f1e94e5f8b020aa1e24dc5)
built by gcc 11.2.1 20220219 (Alpine 11.2.1_git20220219)
built with OpenSSL 1.1.1 (compatible; BoringSSL) (running with BoringSSL)
TLS SNI support enabled
configure arguments: --build=quic-3be953161026-boringssl-8ce0e1c14e48109773f1e94e5f8b020aa1e24dc5 --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module --with-http_xslt_module=dynamic --with-http_image_filter_module=dynamic --with-http_geoip_module=dynamic --with-http_perl_module=dynamic --with-threads --with-stream --with-stream_ssl_module --with-stream_ssl_preread_module --with-stream_realip_module --with-stream_geoip_module=dynamic --with-http_slice_module --with-mail --with-mail_ssl_module --with-compat --with-file-aio --with-http_v2_module --with-http_v3_module --add-module=/usr/src/ngx_brotli --add-module=/usr/src/headers-more-nginx-module-0.34 --add-module=/usr/src/njs/nginx --add-dynamic-module=/usr/src/ngx_http_geoip2_module --with-cc-opt=-I../boringssl/include --with-ld-opt='-L../boringssl/build/ssl -L../boringssl/build/crypto'

Description

Nginx with h3 leaves variables generated by server_name regex empty.
I defined a variable called subdomain in the server_name to redirect based on it. While using it with h2 it works well. But when switching to h3 the regex variables are not set.

I tried this using

curl --http2 https://test.repo.limine.de/index.html

and

# alt-svc cache required
curl --http3 https://test.repo.limine.de/index.html

Proxied server shows empty subdomain variable using h3.

Setup is described below:

Config:

server {

    listen 443 http3;
    listen 443 ssl http2;

    # regex in server_name combined with h3 does not work well
    server_name ~^(?<subdomain>.*)\.repo\.limine\.de$;

    ssl_certificate         /etc/acme/limine.de/fullchain.pem;
    ssl_certificate_key     /etc/acme/limine.de/privkey.pem;
    ssl_trusted_certificate /etc/acme/limine.de/cert.pem;

    add_header alt-svc 'h3=":443"; ma=86400';
    add_header Strict-Transport-Security max-age=15768000;

    location ~ ^/(.*)$ {
        proxy_pass http://localhost:8080/$subdomain/$1;
    }

}

Serving HTTP on 0.0.0.0 port 8080 (http://0.0.0.0:8080/) ...
10.89.0.63 - - [08/Nov/2022 12:11:42] code 404, message File not found
10.89.0.63 - - [08/Nov/2022 12:11:42] "GET //index.html HTTP/1.0" 404 - h3
10.89.0.63 - - [08/Nov/2022 12:12:12] "GET /test/index.html HTTP/1.0" 200 - h2

Change History (4)

comment:1 by Sergey Kandaurov, 2 years ago

Owner: set to Sergey Kandaurov
Status: newassigned

comment:2 by Sergey Kandaurov, 2 years ago

Can you please try this patch and report the results?

# HG changeset patch
# User Sergey Kandaurov <pluknet@nginx.com>
# Date 1668422301 -14400
#      Mon Nov 14 14:38:21 2022 +0400
# Branch quic
# Node ID e1c359fc6a4d7fbedfe31eb11057fdb8ab4981af
# Parent  3be9531610265d5e906baab1cac1cac608a952a3
HTTP/3: fixed server_name regex captures (ticket #2407).

Previously, HTTP/3 stream connection didn't inherit the servername regex
from the main QUIC connection saved when processing SNI and using regular
expressions in server names.  As a result, it didn't execute to set regex
captures when choosing the virtual server after parsing HTTP/3 headers.

diff --git a/src/http/v3/ngx_http_v3_request.c b/src/http/v3/ngx_http_v3_request.c
--- a/src/http/v3/ngx_http_v3_request.c
+++ b/src/http/v3/ngx_http_v3_request.c
@@ -83,6 +83,10 @@ ngx_http_v3_init(ngx_connection_t *c)
         hc->ssl_servername = phc->ssl_servername;
         hc->conf_ctx = phc->conf_ctx;
 
+        if (phc->ssl_servername_regex) {
+            hc->ssl_servername_regex = phc->ssl_servername_regex;
+        }
+
         ngx_set_connection_log(c, clcf->error_log);
     }
 

comment:3 by Sergey Kandaurov, 2 years ago

Resolution: fixed
Status: assignedclosed

A slightly modified patch committed in https://hg.nginx.org/nginx-quic/rev/0f5fc7a320db

comment:4 by Sergey Kandaurov <pluknet@…>, 19 months ago

In 9037:0f5fc7a320db/nginx:

HTTP/3: fixed server_name regex captures (ticket #2407).

Previously, HTTP/3 stream connection didn't inherit the servername regex
from the main QUIC connection saved when processing SNI and using regular
expressions in server names. As a result, it didn't execute to set regex
captures when choosing the virtual server while parsing HTTP/3 headers.

Note: See TracTickets for help on using tickets.