Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Serve 404's on / requests for http://ns.test-ns-signed.internet.nl #1175

Open
Tracked by #1176
bwbroersma opened this issue Nov 14, 2023 · 1 comment · May be fixed by #1179
Open
Tracked by #1176

Serve 404's on / requests for http://ns.test-ns-signed.internet.nl #1175

bwbroersma opened this issue Nov 14, 2023 · 1 comment · May be fixed by #1179
Labels
infrastructure-docker

Comments

@bwbroersma
Copy link
Collaborator

bwbroersma commented Nov 14, 2023
edited

Do not return website on http://ns.test-ns-signed.internet.nl

Somehow it returns a 200 here, while curl internet.nl -H 'Host: random.internet.nl' or the direct IP do return a 404, it's just ns.test-ns-signed.internet.nl that seems to work.

Update: this is needed for the connection test

Internet.nl/docker/webserver/nginx_templates/app.conf.template

Lines 88 to 113 in 80ff426

# http server for connection test XHR requests
server {
listen 80 http2;
listen [::]:80 http2;
server_name
*.test-ns-signed.${INTERNETNL_DOMAINNAME}
*.test-ns6-signed.${INTERNETNL_DOMAINNAME}
[${IPV6_TEST_ADDR}];
# pass specific connection test paths to backend
# /
# /connection/addr-test/6330d6a09e56387e4dd59502418fa642/
location ~ ^(/|/connection/addr-test/.+/)$ {
# forward information about the connecting client to the connection test
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# pass host for Django's allowed_hosts
proxy_set_header Host $host;
# disable CSP on connection test
proxy_hide_header Content-Security-Policy;
proxy_pass http://${IPV4_IP_APP_INTERNAL}:8080;
}
}

However, the /| on line 101 can be removed, so this would result in a 404, except for the XHR requests.
Update2: the connection test actually uses both paths:

  • http://[0-9a-f]{32}.{bogus,aaaa,a}.conn.test-ns-signed.internet.nl/?callback= and
  • http://[0-9a-f]{32}.a-aaaa.conn.test-ns6-signed.internet.nl/?callback= and
  • http://[ipv6]/connection/addr-test/[0-9a-f]{32}/?callback=

See:

Internet.nl/frontend/js/internetnl.connection.js

Lines 50 to 54 in 80ff426

fetchTest(test_id+".bogus.conn.test-ns-signed."+connTestDomain, test_id);
fetchTest(test_id+".aaaa.conn.test-ns-signed."+connTestDomain, test_id);
fetchTest(test_id+".a.conn.test-ns-signed."+connTestDomain, test_id);
fetchTest(test_id+".a-aaaa.conn.test-ns6-signed."+connTestDomain, test_id);
fetchTest("["+ipv6TestAddr+"]/connection/addr-test/"+test_id+"/", test_id);

@bwbroersma bwbroersma mentioned this issue Nov 14, 2023
Open
11 tasks
@bwbroersma bwbroersma changed the title Do not return website on http://ns.test-ns-signed.internet.nl Serve 404's on non /connection/ requests to http://*.test-ns-signed.internet.nl Nov 14, 2023
@bwbroersma
Copy link
Collaborator Author

If we add a wildcard cert on *.test-ns-signed / TLS to the connection test, of course the whole HTTP can be removed, see:

@bwbroersma bwbroersma changed the title Serve 404's on non /connection/ requests to http://*.test-ns-signed.internet.nl Serve 404's on / requests for http://ns.test-ns-signed.internet.nl Nov 14, 2023
bwbroersma added a commit to bwbroersma/Internet.nl that referenced this issue Nov 14, 2023
@bwbroersma
Nginx more specific server_name
fe7d194 
Partly fixes internetstandards#1175

Signed-off-by: Benjamin W. Broersma <bw@broersma.com>
@bwbroersma bwbroersma linked a pull request Nov 14, 2023 that will close this issue
Draft
bwbroersma added a commit to bwbroersma/Internet.nl that referenced this issue Nov 14, 2023
@bwbroersma
Nginx more specific server_name
47977cb 
Partly fixes internetstandards#1175

Signed-off-by: Benjamin W. Broersma <bw@broersma.com>
bwbroersma added a commit to bwbroersma/Internet.nl that referenced this issue Nov 14, 2023
@bwbroersma
Nginx more specific server_name
d6fe966 
Partly fixes internetstandards#1175

Signed-off-by: Benjamin W. Broersma <bw@broersma.com>
bwbroersma added a commit to bwbroersma/Internet.nl that referenced this issue Nov 14, 2023
@bwbroersma
Nginx more specific server_name
cd3c030 
Partly fixes internetstandards#1175

Signed-off-by: Benjamin W. Broersma <bw@broersma.com>
mxsasha pushed a commit to bwbroersma/Internet.nl that referenced this issue Nov 15, 2023
@bwbroersma @mxsasha
Nginx more specific server_name
3f2b82d 
Partly fixes internetstandards#1175

Signed-off-by: Benjamin W. Broersma <bw@broersma.com>
@bwbroersma bwbroersma mentioned this issue Dec 14, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
infrastructure-docker
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

WIP Nginx more specific server_name bwbroersma/Internet.nl
1 participant
@bwbroersma