apache
help request: apisix arm image
Description
Now we need to use apisix on the arm server. Currently, we use the arm apisix image provided by docker-hub, which does not enable tls verification. Therefore, we compiled the apisix arm image according to the guidance of apisix-build-tools.
Then use the following command,where the base images in image_base and dockerfile are both arm:
make package type=deb app=apisix-base version=2.7 checkout=2.7 image_base=ubuntu image_tag=20.04, we got apisix-base_2.7-0~el7_arm64.deb.
make package type=deb app=apisix version=2.7 checkout=2.7 local_code_path=./apisix image_base=ubuntu image_tag=20.04, we got apisix_2.7-0~el7_arm64.deb.
Then we use dockerfile to install apisix-base_2.7-0~el7_arm64.deb and apisix_2.7-0~el7_arm64.deb in ubuntu20.04.
We have turned on client verify, but when accessing https, apisix got an error SSL: error:1417C0C7:SSL routines:tls_process_client_certificate:peer did not return a certificate) while SSL handshaking. Normally it should return client certificate was not present.
Environment
- APISIX version (run
apisix version):2.7 - Operating system (run
uname -a):Linux apisix-645bdc8df8-gg6ln 5.4.185 #1 SMP Mon Jul 4 20:19:59 CST 2022 aarch64 aarch64 aarch64 GNU/Linux - OpenResty / Nginx version (run
openresty -Vornginx -V):nginx version: openresty/1.19.9.1 built by gcc 9.4.0 (Ubuntu 9.4.0-1ubuntu1~20.04.1) built with OpenSSL 1.1.1n 15 Mar 2022 TLS SNI support enabled configure arguments: --prefix=/usr/local/openresty/nginx --with-cc-opt='-O2 -DAPISIX_BASE_VER=2.7 -DNGX_LUA_ABORT_AT_PANIC -I/usr/local/openresty/zlib/include -I/usr/local/openresty/pcre/include -I/usr/local/openresty/openssl111/include' --add-module=../ngx_devel_kit-0.3.1 --add-module=../echo-nginx-module-0.62 --add-module=../xss-nginx-module-0.06 --add-module=../ngx_coolkit-0.2 --add-module=../set-misc-nginx-module-0.32 --add-module=../form-input-nginx-module-0.12 --add-module=../encrypted-session-nginx-module-0.08 --add-module=../srcache-nginx-module-0.32 --add-module=../ngx_lua-0.10.20 --add-module=../ngx_lua_upstream-0.07 --add-module=../headers-more-nginx-module-0.33 --add-module=../array-var-nginx-module-0.05 --add-module=../memc-nginx-module-0.19 --add-module=../redis2-nginx-module-0.15 --add-module=../redis-nginx-module-0.3.7 --add-module=../ngx_stream_lua-0.0.10 --with-ld-opt='-Wl,-rpath,/usr/local/openresty/luajit/lib -Wl,-rpath,/usr/local/openresty/wasmtime-c-api/lib -L/usr/local/openresty/zlib/lib -L/usr/local/openresty/pcre/lib -L/usr/local/openresty/openssl111/lib -Wl,-rpath,/usr/local/openresty/zlib/lib:/usr/local/openresty/pcre/lib:/usr/local/openresty/openssl111/lib' --add-module=/tmp/tmp.dhA8PjUQ7U/openresty-1.19.9.1/../mod_dubbo-1.0.2 --add-module=/tmp/tmp.dhA8PjUQ7U/openresty-1.19.9.1/../ngx_multi_upstream_module-1.1.0 --add-module=/tmp/tmp.dhA8PjUQ7U/openresty-1.19.9.1/../apisix-nginx-module-1.9.0 --add-module=/tmp/tmp.dhA8PjUQ7U/openresty-1.19.9.1/../apisix-nginx-module-1.9.0/src/stream --add-module=/tmp/tmp.dhA8PjUQ7U/openresty-1.19.9.1/../apisix-nginx-module-1.9.0/src/meta --add-module=/tmp/tmp.dhA8PjUQ7U/openresty-1.19.9.1/../wasm-nginx-module-0.6.1 --add-module=/tmp/tmp.dhA8PjUQ7U/openresty-1.19.9.1/../lua-var-nginx-module-v0.5.2 --with-poll_module --with-pcre-jit --with-stream --with-stream_ssl_module --with-stream_ssl_preread_module --with-http_v2_module --without-mail_pop3_module --without-mail_imap_module --without-mail_smtp_module --with-http_stub_status_module --with-http_realip_module --with-http_addition_module --with-http_auth_request_module --with-http_secure_link_module --with-http_random_index_module --with-http_gzip_static_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-threads --with-compat --with-stream --with-http_ssl_module - etcd version, if relevant (run
curl http://127.0.0.1:9090/v1/server_info): - APISIX Dashboard version, if relevant:
- Plugin runner version, for issues related to plugin runners:
- LuaRocks version, for installation issues (run
luarocks --version):
apisix got an error SSL: error:1417C0C7:SSL routines:tls_process_client_certificate:peer did not return a certificate) while SSL handshaking. Normally it should return client certificate was not present.
We change the way we verify the client certificate. Now it is done in apisix-base if possible.
apisix got an error SSL: error:1417C0C7:SSL routines:tls_process_client_certificate:peer did not return a certificate) while SSL handshaking. Normally it should return client certificate was not present.
We change the way we verify the client certificate. Now it is done in apisix-base if possible.
I also think that the verification is performed in apisix-base. There is no problem with the x86 apisix-base compiled in the same way, but there is such a problem in the arm environment.
The apisix-base in the two platform are in different versions?
Yes, the two platform are the same version (tag: apisix 2.7).
@membphis @soulbird is the ARM image ready?
Currently only alpine is available, others are not ready yet.
@membphis @soulbird is the ARM image ready?
Currently only alpine is available, others are not ready yet.
wait for the official centos arm image ;)
@membphis @soulbird is the ARM image ready?
Currently only alpine is available, others are not ready yet.
wait for the official centos arm image ;)
Now, you can download centos arm64 image:
docker pull apache/apisix:2.15.0-centos