Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

nginx: [warn] [lua] http_connect.lua:21: failed to load module resty.openssl.*, mTLS isn't supported without lua-resty-openssl #160

Closed
JIFVGWHvAseSovQ opened this issue Apr 25, 2024 · 1 comment
Closed

nginx: [warn] [lua] http_connect.lua:21: failed to load module resty.openssl.*, mTLS isn't supported without lua-resty-openssl #160

JIFVGWHvAseSovQ opened this issue Apr 25, 2024 · 1 comment

Comments

@JIFVGWHvAseSovQ
Copy link

JIFVGWHvAseSovQ commented Apr 25, 2024
edited
Loading

It seems like there's an issue with loading the required Lua modules resty.acme.autossl, and it's indicating that resty.openssl.* modules are not found, which implies that mTLS isn't supported due to the absence of lua-resty-openssl.
Considering that both lua-resty-acme and lua-resty-openssl are installed and located in /usr/local/lib/resty/, and the lua_package_path is correctly set to include this directory, it's perplexing why the modules cannot be found.

https://github.com/openresty/luajit2/archive/refs/tags/v2.1-20240314.tar.gz
https://github.com/vision5/ngx_devel_kit/archive/refs/tags/v0.3.3.tar.gz
https://github.com/openresty/lua-nginx-module/archive/refs/tags/v0.10.26.tar.gz
https://github.com/openresty/lua-resty-core/archive/refs/tags/v0.1.28.tar.gz
https://github.com/fffonion/lua-resty-acme/archive/refs/tags/0.13.0.tar.gz
https://github.com/fffonion/lua-resty-openssl/archive/refs/tags/1.3.1.tar.gz

https://freenginx.org/download/freenginx-1.26.0.tar.gz

user www-data;
worker_processes 1;
events {
  worker_connections 500;
}
http {
  lua_package_cpath '/usr/local/lua/?.so;';
  lua_package_path '/usr/local/lib/?.lua;/usr/local/lib/resty/?.lua;';
  init_by_lua_block {
    require("resty.acme.autossl").init({
      -- the ACME v2 API endpoint to use
      api_uri = "https://acme-v02.api.letsencrypt.org/directory",
      -- setting the following to true
      -- implies that you read and accepted https://letsencrypt.org/repository/
      tos_accepted = true,
      -- uncomment following for first time setup
      staging = true,
      -- uncomment following to enable RSA + ECC double cert
      domain_key_types = {'ecc'},
      -- uncomment following to enable tls-alpn-01 challenge
      -- enabled_challenge_handlers = { 'http-01', 'tls-alpn-01' },
      account_key_path = "/etc/nginx/ssl/account.key",
      account_email = "admin@domain.com",
      domain_whitelist = {"domain.com", "www.domain.com"}
    })
  }
  server {
    listen 400;
    location / {
      content_by_lua_block {
        require("cjson")
        require("resty.http")
        ngx.say(package.path)
      }
    }
  }
}

|  | nginx: [warn] [lua] http_connect.lua:21: failed to load module `resty.openssl.*`, mTLS isn't supported without lua-resty-openssl:
|  | /usr/local/lib/resty/openssl/x509/chain.lua:6: module 'resty.openssl.x509' not found:
|  |   no field package.preload['resty.openssl.x509']
|  |   no file '/usr/local/lib/resty/openssl/x509.lua'
|  |   no file '/usr/local/lib/resty/resty/openssl/x509.lua'
|  |   no file '/usr/local/lua/resty/openssl/x509.so'
|  |   no file '/usr/local/lua/resty.so'
|  | stack traceback:
|  |   [C]: in function 'require'
|  |   /usr/local/lib/resty/openssl/x509/chain.lua:6: in main chunk
|  |   [C]: in function 'require'
|  |   /usr/local/lib/resty/http_connect.lua:15: in function </usr/local/lib/resty/http_connect.lua:14>
|  |   [C]: in function 'xpcall'
|  |   /usr/local/lib/resty/http_connect.lua:14: in main chunk
|  |   [C]: in function 'require'
|  |   /usr/local/lib/resty/http.lua:166: in main chunk
|  |   [C]: in function 'require'
|  |   init_by_lua(nginx.conf:9):3: in main chunk
|  | nginx: [error] init_by_lua error: /usr/local/lib/resty/openssl/pkey.lua:13: module 'resty.openssl.include.x509' not found:
|  |   no field package.preload['resty.openssl.include.x509']
|  |   no file '/usr/local/lib/resty/openssl/include/x509.lua'
|  |   no file '/usr/local/lib/resty/resty/openssl/include/x509.lua'
|  |   no file '/usr/local/lua/resty/openssl/include/x509.so'
|  |   no file '/usr/local/lua/resty.so'
|  | stack traceback:
|  |   [C]: in function 'require'
|  |   /usr/local/lib/resty/openssl/pkey.lua:13: in main chunk
|  |   [C]: in function 'require'
|  |   /usr/local/lib/resty/acme/openssl.lua:8: in main chunk
|  |   [C]: in function 'require'
|  |   /usr/local/lib/resty/acme/util.lua:4: in main chunk
|  |   [C]: in function 'require'
|  |   /usr/local/lib/resty/acme/client.lua:3: in main chunk
|  |   [C]: in function 'require'
|  |   /usr/local/lib/resty/acme/autossl.lua:2: in main chunk
|  |   [C]: in function 'require'
|  |   init_by_lua(nginx.conf:9):4: in main chunk

Snipaste_2024-04-25_12-30-14
Snipaste_2024-04-25_13-24-17
@fffonion
Copy link
Owner

In lua_package_path you would want both path/?.lua and path/?/init.lua pattern.
You can consult the default lua_package_path from luajit or openresty for example.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@fffonion @JIFVGWHvAseSovQ