发布于 6 个月前
发布于 6 个月前
OTWS
更新于 6 个月前
0
0
雷池自动生成的配置,将统一认证的地址配到了192.168.0.10,本地可ping通,但是端口无法访问,打不开网页,提示 NS_ERR_CONNECTION_REFUSED
查看本地连接,发现服务器自身ip多了个safeline的,但也不是192.168.0.10
safeline-ce: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:9a:4a:b2:0b brd ff:ff:ff:ff:ff:ff
inet 192.168.0.1/24 brd 192.168.0.255 scope global safeline-ce
valid_lft forever preferred_lft forever
inet6 fe80::42:9aff:fe4a:b20b/64 scope link
valid_lft forever preferred_lft forever
location ^~ /.safeline/auth/ {
proxy_set_header X-SLCE-Portal 1;
set_real_ip_from 127.0.0.0/8;
real_ip_header proxy_protocol;
proxy_set_header X-Real-IP $proxy_protocol_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://192.168.0.10:8088/auth/;
t1k_intercept off;
tx_intercept off;
}
location ^~ /api {
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://192.168.0.10:8088/portal/api;
include proxy_params;
set_real_ip_from 127.0.0.0/8;
real_ip_header proxy_protocol;
proxy_set_header X-Real-IP $proxy_protocol_addr;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_protocol_addr;
add_header Strict-Transport-Security $hsts_header always;
t1k_intercept off;
tx_intercept off;
}
location ^~ / {
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://192.168.0.10:8088/portal/frontend/;
include proxy_params;
set_real_ip_from 127.0.0.0/8;
real_ip_header proxy_protocol;
proxy_set_header X-Real-IP $proxy_protocol_addr;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_protocol_addr;
add_header Strict-Transport-Security $hsts_header always;
t1k_intercept off;
tx_intercept off;
}
}
神经蛙
更新于 6 个月前
0
0
192.168.0.10 应该是safeline-chaos的地址
docker logs safeline-chaos看看有没有报错
OTWS
更新于 6 个月前
chaos日志如下:
2025/06/01 11:29:11 Config file generated successfully
2025-06-01 11:29:12,492 CRIT Supervisor is running as root. Privileges were not dropped because no user is specified in the config file. If you intend to run as root, you can set user=root in the config file to avoid this message.
2025-06-01 11:29:12,494 INFO supervisord started with pid 1
2025-06-01 11:29:13,496 INFO spawned: 'auth' with pid 16
2025-06-01 11:29:13,498 INFO spawned: 'challenge-server' with pid 17
2025-06-01 11:29:13,499 INFO spawned: 'chaos' with pid 18
2025-06-01 11:29:13,501 INFO spawned: 'waiting' with pid 19
--- Configuration ---
Debug: false
Server: 0.0.0.0:8080
Robot:
Threshold: 1.000000
Debug: false
Calculators:
range: 1
sampling: 1
smoothness: 1
acceleration: 1
dpi: 1
JWT:
SecretKey: ********
PublicKey: -----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAET8hcUE2KU3o9QbUUj+Fj+JYDjKKU
Z5/KnsNJSdeSu1d4snNpeaRDs7zm+Bd2fH3u2COr5YKPInR+V9jgfpZWAg==
-----END PUBLIC KEY-----
Algorithm: ES256
ExpireSeconds: 30
---------------------
⇨ http server started on [::]:8080
current runtime dir: /app/chaos
current config: Config {
log: Log {
writer: Console {
stdout: false,
},
level: Info,
},
core: CoreConfig {
heavy_worker: 10,
max_cache_size: 3000,
item_count: 10,
item_ttl: 3600,
},
http: HttpConfig {
listen: "0.0.0.0:9000",
process_timeout: 300ms,
},
stpp: StppConfig {
listen: "unix:///app/chaos/stpp.sock",
max_package_limit: 10485760,
process_timeout: 1.5s,
},
}
listen and serve on unix:///app/sock/waiting.sock
start tcp server on unix:///app/sock/waiting_tcp.sock
2025/06/01 11:29:13 WARN stat file failed path=/app/auth/config/config.yaml err="stat /app/auth/config/config.yaml: no such file or directory"
2025-06-01 11:29:14,693 INFO success: auth entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2025-06-01 11:29:14,693 INFO success: challenge-server entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2025-06-01 11:29:14,693 INFO success: chaos entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2025-06-01 11:29:14,693 INFO success: waiting entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2025-06-01T11:29:15.065613Z INFO chaos_serve::route: listening on 0.0.0.0:9000
2025-06-01T11:29:15.065733Z INFO chaos_serve::stpp: listening on "/app/chaos/stpp.sock" (pathname)
2025-06-01T11:29:18.488019233Z id= remote_ip=192.168.0.4 host=safeline-chaos:8080 method=GET uri=/challenge/v2/api/auth/keys user_agent=Go-http-client/1.1 status=200 error= latency=18923 latency_human=18.923µs bytes_in=0 bytes_out=177
2025/06/01 11:42:28 WARN expire verify failed error="failed to connect to `host=safeline-pg user=safeline-ce database=safeline-ce`: dial error (dial tcp 192.168.0.2:5432: connect: no route to host)"
2025/06/01 11:43:16 WARN expire verify failed error="failed to connect to `host=safeline-pg user=safeline-ce database=safeline-ce`: dial error (dial tcp 192.168.0.2:5432: connect: no route to host)"
2025-06-01 11:43:21,814 WARN received SIGTERM indicating exit request
2025-06-01 11:43:21,821 INFO waiting for auth, challenge-server, chaos, waiting to die
2025-06-01 11:43:21,825 WARN stopped: waiting (terminated by SIGTERM)
2025-06-01T11:43:21.827327Z INFO chaos_serve: receive signal interrupt -> exec graceful shutdown
2025-06-01 11:43:21,839 INFO stopped: chaos (exit status 0)
2025/06/01 11:43:21 shutting down gracefully, press Ctrl+C again to force
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x18 pc=0x740a9b]
goroutine 7 [running]:
git.in.chaitin.net/safeline-ce/challenge/server.(*APIServer).Shutdown(0xc00007eec0)
/app/server/server.go:83 +0xdb
main.gracefulShutdown(0xc00007eec0, 0xc00006a460)
/app/cmd/server/main.go:26 +0x132
created by main.main in goroutine 1
/app/cmd/server/main.go:69 +0x389
2025-06-01 11:43:21,876 WARN stopped: challenge-server (exit status 2)
2025-06-01 11:43:21,880 WARN stopped: auth (terminated by SIGTERM)
2025/06/01 11:46:15 Config file already exists, skipping generation
2025-06-01 11:46:18,404 CRIT Supervisor is running as root. Privileges were not dropped because no user is specified in the config file. If you intend to run as root, you can set user=root in the config file to avoid this message.
2025-06-01 11:46:18,421 INFO supervisord started with pid 1
2025-06-01 11:46:19,435 INFO spawned: 'auth' with pid 15
2025-06-01 11:46:19,437 INFO spawned: 'challenge-server' with pid 16
2025-06-01 11:46:19,439 INFO spawned: 'chaos' with pid 17
2025-06-01 11:46:19,440 INFO spawned: 'waiting' with pid 18
--- Configuration ---
Debug: false
Server: 0.0.0.0:8080
Robot:
Threshold: 1.000000
Debug: false
Calculators:
dpi: 1
acceleration: 1
range: 1
sampling: 1
smoothness: 1
JWT:
SecretKey: ********
PublicKey: -----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAET8hcUE2KU3o9QbUUj+Fj+JYDjKKU
Z5/KnsNJSdeSu1d4snNpeaRDs7zm+Bd2fH3u2COr5YKPInR+V9jgfpZWAg==
-----END PUBLIC KEY-----
Algorithm: ES256
ExpireSeconds: 30
---------------------
⇨ http server started on [::]:8080
current runtime dir: /app/chaos
current config: Config {
log: Log {
writer: Console {
stdout: false,
},
level: Info,
},
core: CoreConfig {
heavy_worker: 10,
max_cache_size: 3000,
item_count: 10,
item_ttl: 3600,
},
http: HttpConfig {
listen: "0.0.0.0:9000",
process_timeout: 300ms,
},
stpp: StppConfig {
listen: "unix:///app/chaos/stpp.sock",
max_package_limit: 10485760,
process_timeout: 1.5s,
},
}
listen and serve on unix:///app/sock/waiting.sock
start tcp server on unix:///app/sock/waiting_tcp.sock
2025-06-01 11:46:20,831 INFO success: auth entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2025/06/01 11:46:20 WARN stat file failed path=/app/auth/config/config.yaml err="stat /app/auth/config/config.yaml: no such file or directory"
2025-06-01 11:46:20,833 INFO success: challenge-server entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2025-06-01 11:46:20,833 INFO success: chaos entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2025-06-01 11:46:20,833 INFO success: waiting entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2025-06-01T11:46:25.235291447Z id= remote_ip=192.168.0.4 host=safeline-chaos:8080 method=GET uri=/challenge/v2/api/auth/keys user_agent=Go-http-client/1.1 status=200 error= latency=1397394 latency_human=1.397394ms bytes_in=0 bytes_out=177
2025-06-01T11:46:29.920833Z INFO chaos_serve::route: listening on 0.0.0.0:9000
2025-06-01T11:46:29.935979Z INFO chaos_serve::stpp: listening on "/app/chaos/stpp.sock" (pathname)
2025-06-01T12:08:09.794184Z INFO process_js_with_custom_pass:parse_js_as_input:Compiler.parse: swc_timer: Done in 263.424099ms kind="perf"
2025-06-01T12:08:10.345267Z INFO process_js_with_custom_pass:swc::Compiler::apply_transforms:Compiler::print: swc_timer: Done in 45.436906ms kind="perf"
[GIN] 2025/06/04 - 15:26:12 | 200 | 37.652608ms | | PUT "/api/waiting/rules"
用雷池给对应地址配了一下,从外部访问,返回TLS错误。直接用在雷池内部配的统一认证的地址来访问,也是一样的错误。
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS alert, unrecognized name (624):
* TLS connect error: error:0A000458:SSL routines::tlsv1 unrecognized name
* closing connection #0
curl: (35) TLS connect error: error:0A000458:SSL routines::tlsv1 unrecognized name
雷池 - 小小
更新于 6 个月前
0
0
麻烦给一下统一认证的配置截图,以及你的浏览器访问截图
OTWS
更新于 6 个月前
神经蛙
更新于 6 个月前
是用这个地址请求的嘛
OTWS
更新于 6 个月前
是的。这个端口是frp的远程端口,会转发到内网的25443端口,即雷池监听的端口。
神经蛙
更新于 6 个月前
雷池监听的不是 43004 嘛
“网站不存在”表示访问对应应用的时候 Host 和域名没有对应上
OTWS
更新于 5 个月前
定位到问题了,不知道为什么,雷池的SUBNET_PREFIX被初始化到192.168.0.0/24了。这个网段实际上有其它设备在用,所以冲突了,换一个以后就正常了。
