Closed immtelecom closed 1 year ago
Hello. This seems like it's working as intended. If you have Nginx handling the TLS connection logic, it should also handle the check, as the TLS data isn't sent over a plain TCP connection.
Let me tell you why I'm doing this
These two points ensure that my DNS service is not accessed without authorization and that only people I have explicitly told about the domain can use it
I see, thanks. That makes sense. I guess a way to go around that would be to either add a separate setting to disable the SNI check for DoH only. Using the Host
header really doesn't seem like a good idea, and we're about to remove that crutch for DoH3, since the bug in the external library we used to use seems to have been fixed.
I got a new error in the latest v0.107.24 version
Feb 19 21:19:01 debian adguard[4758]: 2023/02/19 21:19:01.759392 4758#436 [debug] request came from proxy server 127.0.0.1:9706
Feb 19 21:19:01 debian adguard[4758]: 2023/02/19 21:19:01.759448 4758#436 [debug] github.com/AdguardTeam/dnsproxy/proxy.(*Proxy).logDNSMessage(): IN: ;; opcode: QUERY, status: NOERROR, id: 0
Feb 19 21:19:01 debian adguard[4758]: ;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
Feb 19 21:19:01 debian adguard[4758]: ;; QUESTION SECTION:
Feb 19 21:19:01 debian adguard[4758]: ;test. IN A
Feb 19 21:19:01 debian adguard[4758]: 2023/02/19 21:19:01.759619 4758#436 [debug] web: plain: http: panic serving 127.0.0.1:9706: runtime error: invalid memory address or nil pointer dereference
Feb 19 21:19:01 debian adguard[4758]: goroutine 436 [running]:
Feb 19 21:19:01 debian adguard[4758]: net/http.(*conn).serve.func1()
Feb 19 21:19:01 debian adguard[4758]: net/http/server.go:1850 +0xbf
Feb 19 21:19:01 debian adguard[4758]: panic({0xc96700, 0x1e6d290})
Feb 19 21:19:01 debian adguard[4758]: runtime/panic.go:890 +0x262
Feb 19 21:19:01 debian adguard[4758]: github.com/AdguardTeam/AdGuardHome/internal/dnsforward.clientServerName(0x1b4?, {0xd9fe7a, 0x5})
Feb 19 21:19:01 debian adguard[4758]: github.com/AdguardTeam/AdGuardHome/internal/dnsforward/clientid.go:154 +0x2ba
Feb 19 21:19:01 debian adguard[4758]: github.com/AdguardTeam/AdGuardHome/internal/dnsforward.(*Server).clientIDFromDNSContext(0xc0002c8000, 0xc000bdbb00?)
Feb 19 21:19:01 debian adguard[4758]: github.com/AdguardTeam/AdGuardHome/internal/dnsforward/clientid.go:133 +0x13e
Feb 19 21:19:01 debian adguard[4758]: github.com/AdguardTeam/AdGuardHome/internal/dnsforward.(*Server).beforeRequestHandler(0xc0002c8000, 0xd80b80?, 0xc000bdbb00)
Feb 19 21:19:01 debian adguard[4758]: github.com/AdguardTeam/AdGuardHome/internal/dnsforward/filter.go:22 +0x3e
Feb 19 21:19:01 debian adguard[4758]: github.com/AdguardTeam/dnsproxy/proxy.(*Proxy).handleDNSRequest(0xc0001db500, 0xc000bdbb00)
Feb 19 21:19:01 debian adguard[4758]: github.com/AdguardTeam/dnsproxy@v0.47.1-0.20230207130636-533058b17239/proxy/server.go:91 +0xb0
Feb 19 21:19:01 debian adguard[4758]: github.com/AdguardTeam/dnsproxy/proxy.(*Proxy).ServeHTTP(0xc0001db500, {0x19047d0?, 0xc000295ea0}, 0xc000bdba00)
Feb 19 21:19:01 debian adguard[4758]: github.com/AdguardTeam/dnsproxy@v0.47.1-0.20230207130636-533058b17239/proxy/server_https.go:161 +0x95c
Feb 19 21:19:01 debian adguard[4758]: github.com/AdguardTeam/AdGuardHome/internal/dnsforward.(*Server).ServeHTTP(0x6e13af?, {0x19047d0, 0xc000295ea0}, 0xda0810?)
Feb 19 21:19:01 debian adguard[4758]: github.com/AdguardTeam/AdGuardHome/internal/dnsforward/dnsforward.go:683 +0x45
Feb 19 21:19:01 debian adguard[4758]: github.com/AdguardTeam/AdGuardHome/internal/dnsforward.(*Server).handleDoH(0xc0002c8000, {0x19047d0, 0xc000295ea0}, 0xc000bdba00)
Feb 19 21:19:01 debian adguard[4758]: github.com/AdguardTeam/AdGuardHome/internal/dnsforward/http.go:711 +0x65
Feb 19 21:19:01 debian adguard[4758]: github.com/AdguardTeam/AdGuardHome/internal/home.postInstall.func1({0x19047d0, 0xc000295ea0}, 0xc000bdba00)
Feb 19 21:19:01 debian adguard[4758]: github.com/AdguardTeam/AdGuardHome/internal/home/control.go:383 +0x102
Feb 19 21:19:01 debian adguard[4758]: net/http.HandlerFunc.ServeHTTP(0xc001d4e420?, {0x19047d0?, 0xc000295ea0?}, 0xce8d60?)
Feb 19 21:19:01 debian adguard[4758]: net/http/server.go:2109 +0x2f
Feb 19 21:19:01 debian adguard[4758]: net/http.(*ServeMux).ServeHTTP(0xce8d60?, {0x19047d0, 0xc000295ea0}, 0xc000bdba00)
Feb 19 21:19:01 debian adguard[4758]: net/http/server.go:2487 +0x149
Feb 19 21:19:01 debian adguard[4758]: github.com/AdguardTeam/AdGuardHome/internal/home.limitRequestBody.func1({0x19047d0, 0xc000295ea0}, 0xc000bdb900)
Feb 19 21:19:01 debian adguard[4758]: github.com/AdguardTeam/AdGuardHome/internal/home/middlewares.go:75 +0x379
Feb 19 21:19:01 debian adguard[4758]: net/http.HandlerFunc.ServeHTTP(0x7f80423e7d60?, {0x19047d0?, 0xc000295ea0?}, 0x40?)
Feb 19 21:19:01 debian adguard[4758]: net/http/server.go:2109 +0x2f
Feb 19 21:19:01 debian adguard[4758]: golang.org/x/net/http2/h2c.h2cHandler.ServeHTTP({{0x18fe020?, 0xc0002ee630?}, 0xc000334410?}, {0x19047d0, 0xc000295ea0}, 0xc000bdb900)
Feb 19 21:19:01 debian adguard[4758]: golang.org/x/net@v0.7.0/http2/h2c/h2c.go:125 +0x59b
Feb 19 21:19:01 debian adguard[4758]: net/http.serverHandler.ServeHTTP({0xc00054e270?}, {0x19047d0, 0xc000295ea0}, 0xc000bdb900)
Feb 19 21:19:01 debian adguard[4758]: net/http/server.go:2947 +0x30c
Feb 19 21:19:01 debian adguard[4758]: net/http.(*conn).serve(0xc000bb6820, {0x19053b0, 0xc0056f9770})
Feb 19 21:19:01 debian adguard[4758]: net/http/server.go:1991 +0x607
Feb 19 21:19:01 debian adguard[4758]: created by net/http.(*Server).Serve
Feb 19 21:19:01 debian adguard[4758]: net/http/server.go:3102 +0x4db
I got this error as well, I use Kubernetes with Traefik Proxy.
set allow_unencrypted_doh=true
and follow https
traffic to adguard http
.
@ImmTelecom, @kamontat, Could you test the latest version, v0.108.0-a.440+a556ce8f
, from the Edge channel? It should fix the panic and it also takes the Host
header into account like the OP requested. If that works for you, we'll make a hotfix release soon.
@ImmTelecom, @kamontat, Could you test the latest version,
v0.108.0-a.440+a556ce8f
, from the Edge channel? It should fix the panic and it also takes theHost
header into account like the OP requested. If that works for you, we'll make a hotfix release soon.
I can confirm on v0.108.0-a.440+a556ce8f that it does not work.
I tested on v0.108.0-a.443+ff9b24ad
, it's working.
I tested v0.107.25 and it works fine
Prerequisites
[X] I have checked the Wiki and Discussions and found no answer
[X] I have searched other issues and found no duplicates
[X] I want to report a bug and not ask a question
Operating system type
Linux, Other (please mention the version in the description)
CPU architecture
AMD64
Installation
Other (please mention in the description)
Setup
On one machine
AdGuard Home version
v0.107.22
Description
What did you do?
Expected result
When I access through Nginx, I get the correct response
Actual result
A large number of the following log contents are generated
Screenshots (if applicable)
Additional information
After some more checks on the source code I fixed the problem. But I won't issue a PR, so I hope you can make changes for the next release
Here are my fixes, It should help you