Uploaded image for project: 'Core ReactOS'
  1. Core ReactOS
  2. CORE-18301

NGINX not working with HTTPS (request getting stuck)

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Duplicate
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None

      Description

      For testing purposes, I’m running NGINX 1.23.1 on ReactOS (demo site).

      This works fine, but HTTPS doesn’t work. I’ve tested this with build 20220808-0.4.15-dev-4916-gd519b11.GNU_8.4.0.

      I tested the same configuration on Windows 11 where it works properly.

      I’ve set up a basic HTTPS server with the following configuration:

          server {
              listen       443 ssl;
              server_name  localhost;
       
              ssl_certificate      d://certs/fullchain.pem;
              ssl_certificate_key  d://certs/privkey.pem;
       
              ssl_session_cache    shared:SSL:1m;
              ssl_session_timeout  5m;
       
              ssl_ciphers  HIGH:!aNULL:!MD5;
              ssl_prefer_server_ciphers  on;
       
              location / {
                  root   d://htdocs;
                  index  index.html;
              }
          }
      

      When requesting the site via curl, it stops here:

      # curl -v -k https://localhost:8443
      *   Trying 127.0.0.1:8443...
      * Connected to localhost (127.0.0.1) port 8443 (#0)
      * ALPN, offering h2
      * ALPN, offering http/1.1
      * TLSv1.0 (OUT), TLS header, Certificate Status (22):
      * TLSv1.3 (OUT), TLS handshake, Client hello (1):
      * TLSv1.2 (IN), TLS header, Certificate Status (22):
      * TLSv1.3 (IN), TLS handshake, Server hello (2):
      * TLSv1.2 (IN), TLS header, Certificate Status (22):
      * TLSv1.2 (IN), TLS handshake, Certificate (11):
      * TLSv1.2 (IN), TLS header, Certificate Status (22):
      * TLSv1.2 (IN), TLS handshake, Server key exchange (12):
      * TLSv1.2 (IN), TLS header, Certificate Status (22):
      * TLSv1.2 (IN), TLS handshake, Server finished (14):
      * TLSv1.2 (OUT), TLS header, Certificate Status (22):
      * TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
      * TLSv1.2 (OUT), TLS header, Finished (20):
      * TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
      * TLSv1.2 (OUT), TLS header, Certificate Status (22):
      * TLSv1.2 (OUT), TLS handshake, Finished (20):
      * TLSv1.2 (IN), TLS header, Finished (20):
      * TLSv1.2 (IN), TLS header, Certificate Status (22):
      * TLSv1.2 (IN), TLS handshake, Finished (20):
      * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
      * ALPN, server accepted to use http/1.1
      * Server certificate:
      *  subject: CN=reactos.aaron.cc
      *  start date: Aug  9 18:18:00 2022 GMT
      *  expire date: Nov  7 18:17:59 2022 GMT
      *  issuer: C=US; O=Let's Encrypt; CN=R3
      *  SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
      * TLSv1.2 (OUT), TLS header, Supplemental data (23):
      > GET / HTTP/1.1
      > Host: localhost:8443
      > User-Agent: curl/7.81.0
      > Accept: */*
      >
      

      At this point, NGINX is just stuck. It also won’t accept additional requests on port 80 until I cancel the curl command with CTRL + C.

      The NGINX error.log (with log level debug) looks like this:

      This is a QEMU virtual machine started with the following settings:

      /usr/bin/qemu-system-i386 \
          -snapshot \
          -hda "/root/reactos/drive_c.img" \
          -cdrom "/root/reactos-tools.iso" \
          -boot c \
          -rtc base=localtime \
          -m 256 \
          -vnc :1 \
          -monitor unix:/tmp/qemu-monitor-socket,server,nowait \
          -net nic,model=virtio -net user,hostfwd=tcp::80-:80,hostfwd=tcp::8443-:443 \
          -serial stdio \
          -usbdevice tablet
      

      I’m not sure which module this issue belongs in, so I’m leaving this field empty.

      Note that I had originally posted this in the support forum here. I got the advise there to file this as a bug report.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                aaronk6 aaronk6
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: