46
German - Deutsch / Re: Wie haproxy komplett reseten
« on: March 16, 2024, 06:06:44 pm »
So, im Log steht nun folgendes:
"error","ts":"2024-03-16T17:02:51Z","logger":"http.log.error","msg":"tls: failed to verify certificate: x509: certificate relies on legacy Common Name field, use SANs instead","request":{"remote_ip":"92.192.134.202","remote_port":"54045","client_ip":"92.192.134.202","proto":"HTTP/2.0","method":"GET","host":"wiki.leibling.de","uri":"/","headers":{"User-Agent":["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36"],"Sec-Fetch-Mode":["navigate"],"Accept-Encoding":["gzip, deflate, br, zstd"],"Accept-Language":["de-DE,de;q=0.9,en-US;q=0.8,en;q=0.7"],"Cache-Control":["max-age=0"],"Upgrade-Insecure-Requests":["1"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"],"Sec-Fetch-Site":["none"],"Dnt":["1"],"Sec-Fetch-User":["?1"],"Sec-Ch-Ua":["\"Chromium\";v=\"122\", \"Not(A:Brand\";v=\"24\", \"Google Chrome\";v=\"122\""],"Sec-Ch-Ua-Platform":["\"macOS\""],"Sec-Ch-Ua-Mobile":["?0"],"Sec-Fetch-Dest":["document"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"wiki.leibling.de"}},"duration":0.002282527,"status":502,"err_id":"bgjqkx9ym","err_trace":"reverseproxy.statusError (reverseproxy.go:1267)"}
Wenn ich gar nichts angeben bei TLS Name, dann bekomme ich die folgende Meldung:
"error","ts":"2024-03-16T17:09:28Z","logger":"http.log.error","msg":"tls: failed to verify certificate: x509: cannot validate certificate for 192.168.33.3 because it doesn't contain any IP SANs","request":{"remote_ip":"92.192.134.202","remote_port":"54099","client_ip":"92.192.134.202","proto":"HTTP/2.0","method":"GET","host":"wiki.leibling.de","uri":"/","headers":{"Sec-Ch-Ua":["\"Chromium\";v=\"122\", \"Not(A:Brand\";v=\"24\", \"Google Chrome\";v=\"122\""],"User-Agent":["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"],"Sec-Fetch-Mode":["navigate"],"Sec-Fetch-Dest":["document"],"Accept-Encoding":["gzip, deflate, br, zstd"],"Sec-Ch-Ua-Platform":["\"macOS\""],"Dnt":["1"],"Upgrade-Insecure-Requests":["1"],"Sec-Fetch-Site":["none"],"Accept-Language":["de-DE,de;q=0.9,en-US;q=0.8,en;q=0.7"],"Cache-Control":["max-age=0"],"Sec-Ch-Ua-Mobile":["?0"],"Sec-Fetch-User":["?1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"wiki.leibling.de"}},"duration":0.002541955,"status":502,"err_id":"3x4y13434","err_trace":"reverseproxy.statusError (reverseproxy.go:1267)"}
Das Zertifikat hat aber wenn ich es richtig sehe keine SAN Namen - nur eim Common Namen. Kann man das irgendwie ändern? Oder was muss ich einstellen?!?
"error","ts":"2024-03-16T17:02:51Z","logger":"http.log.error","msg":"tls: failed to verify certificate: x509: certificate relies on legacy Common Name field, use SANs instead","request":{"remote_ip":"92.192.134.202","remote_port":"54045","client_ip":"92.192.134.202","proto":"HTTP/2.0","method":"GET","host":"wiki.leibling.de","uri":"/","headers":{"User-Agent":["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36"],"Sec-Fetch-Mode":["navigate"],"Accept-Encoding":["gzip, deflate, br, zstd"],"Accept-Language":["de-DE,de;q=0.9,en-US;q=0.8,en;q=0.7"],"Cache-Control":["max-age=0"],"Upgrade-Insecure-Requests":["1"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"],"Sec-Fetch-Site":["none"],"Dnt":["1"],"Sec-Fetch-User":["?1"],"Sec-Ch-Ua":["\"Chromium\";v=\"122\", \"Not(A:Brand\";v=\"24\", \"Google Chrome\";v=\"122\""],"Sec-Ch-Ua-Platform":["\"macOS\""],"Sec-Ch-Ua-Mobile":["?0"],"Sec-Fetch-Dest":["document"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"wiki.leibling.de"}},"duration":0.002282527,"status":502,"err_id":"bgjqkx9ym","err_trace":"reverseproxy.statusError (reverseproxy.go:1267)"}
Wenn ich gar nichts angeben bei TLS Name, dann bekomme ich die folgende Meldung:
"error","ts":"2024-03-16T17:09:28Z","logger":"http.log.error","msg":"tls: failed to verify certificate: x509: cannot validate certificate for 192.168.33.3 because it doesn't contain any IP SANs","request":{"remote_ip":"92.192.134.202","remote_port":"54099","client_ip":"92.192.134.202","proto":"HTTP/2.0","method":"GET","host":"wiki.leibling.de","uri":"/","headers":{"Sec-Ch-Ua":["\"Chromium\";v=\"122\", \"Not(A:Brand\";v=\"24\", \"Google Chrome\";v=\"122\""],"User-Agent":["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"],"Sec-Fetch-Mode":["navigate"],"Sec-Fetch-Dest":["document"],"Accept-Encoding":["gzip, deflate, br, zstd"],"Sec-Ch-Ua-Platform":["\"macOS\""],"Dnt":["1"],"Upgrade-Insecure-Requests":["1"],"Sec-Fetch-Site":["none"],"Accept-Language":["de-DE,de;q=0.9,en-US;q=0.8,en;q=0.7"],"Cache-Control":["max-age=0"],"Sec-Ch-Ua-Mobile":["?0"],"Sec-Fetch-User":["?1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"wiki.leibling.de"}},"duration":0.002541955,"status":502,"err_id":"3x4y13434","err_trace":"reverseproxy.statusError (reverseproxy.go:1267)"}
Das Zertifikat hat aber wenn ich es richtig sehe keine SAN Namen - nur eim Common Namen. Kann man das irgendwie ändern? Oder was muss ich einstellen?!?