Closed kevinbowman-ta closed 7 years ago
Hi @kevinbowman-ta
I am sorry you are having problems with Vagrant Share. Could you please share your Vagrantfile and apache config?
/cc @armon for any info on the share proxy side of things.
Sure; the vagrantfile looks like:
Vagrant.configure(2) do |config|
config.vm.box = "ubuntu/precise64"
config.ssh.forward_agent = true
config.vm.synced_folder "salt/roots/", "/srv/salt/"
config.vm.provision :salt, run: "always" do |salt|
salt.minion_config = "salt/minion"
salt.run_highstate = true
end
config.vm.provider "virtualbox" do |v|
v.memory = 1024
end
config.dns.tld = "rd"
config.vm.hostname = "machine"
config.dns.patterns = [/^.*.rd$/]
config.vm.network "private_network", ip: "192.168.33.10"
config.vm.synced_folder "../", "/odyssey/"
end
And the relevant bit of the Apache config looks like:
<VirtualHost *:443>
DocumentRoot "/odyssey/Source/System"
ServerName my.server.name
# Re-writes
RewriteEngine On
# ... snipped a whole bunch of rewrite rules ...
SSLEngine on
SSLCertificateFile /etc/ssl/cert.crt
SSLCertificateKeyFile /etc/ssl/cert.key
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
both of which I think are fairly ordinary, and the forwarding works ok over HTTP for a similar Apache config on port 8080.
An example of the exact error message is:
[Tue Mar 17 10:34:33 2015] [error] Hostname hard-porpoise-0361 provided via SNI and hostname hard-porpoise-0361.vagrantshare.com provided via HTTP are different
Thanks for looking into this.
Hi @kevinbowman-ta
Are you able to provide a single Vagrantfile to reproduce this issue without Salt (perhaps just using the shell provisioner)? I am having difficulty reproducing this issue myself.
It should be able to reproduce this issue if you have one main default vhost with ssl and *.vagrant-share.com as SNI ssl vhost.
SNI check fails because of this issue: [ssl:error] [pid 16295:tid 140042871084800] AH02032: Hostname hardworking-prairie-4191 provided via SNI and hostname hardworking-prairie-4191.vagrantshare.com provided via HTTP are different
Temporary workaround: Use a custom domain. Downside: self-signed certs (and possibly "real" certs) cause trust warnings in most browsers and don't work from android apps. Further, the cert will probably mismatch (you'll have a cert for *.vagrantshare.com being offered to your users, which probably won't match your domain).
Permanent workaround: use ngrok.
Why is the domain part "vagrantshare.com" stripped from the SNI? I don't think the browser would do that (please correct me if I am wrong). I can only imagine that the vagrant-infrastructure has a misbehaving proxy in between.
Is there any possibility/workaround to show an https:// vagrant box quickly with "vagrant share" to a client/co-worker?
@emanb29 Setting up a custom domain still works? With the only limitation being another certificate? I'd like to ask before starting to configure.
NB: the Vagrant docs at https://atlas.hashicorp.com/help/vagrant/shares should state the current restrictions with HTTPS to save others from the hassle!
From my tests a while back, this issue appears to be Apache specific. Using vagrant share on an nginx machine should work.
Yes, I can confirm. vagrant share with https over nginx works fine. Thanks, @mikeyxkcd
Any plans to address this or anyone have a workaround for apache?
FYI @sumnercreations, on one of my newer puphpet generated apache boxes, I no longer experience the SNI issue.
@mikeyxkcd , could you share your Apache config (or provide repro steps) so the rest of us can see an example of what works? I am also currently experiencing this issue.
@law this is my puphpet config.yaml
last created in August:
vagrantfile:
target: local
vm:
provider:
local:
box: puphpet/ubuntu1404-x64
box_url: puphpet/ubuntu1404-x64
box_version: 'false'
chosen_virtualizer: vmware_workstation
virtualizers:
virtualbox:
modifyvm:
natdnshostresolver1: false
showgui: 0
vmware:
numvcpus: 1
parallels:
use_linked_clone: 0
check_guest_tools: 0
update_guest_tools: 0
machines:
vflm_l5unnu4axvy7:
id: mikeyxkcd
hostname: mikeyxkcd.vagrant
network:
private_network: 192.168.56.247
forwarded_port:
vflmnfp_jdtcn5v5mc78:
host: '5895'
guest: '22'
memory: '1024'
cpus: '1'
provision:
puppet:
manifests_path: puphpet/puppet/manifests
module_path: puphpet/puppet/modules
options:
- '--verbose'
- '--hiera_config /vagrant/puphpet/puppet/hiera.yaml'
synced_folder:
vflsf_bvil61dh5k2v:
source: ../application/
target: /var/www/mikeyxkcd
sync_type: nfs
smb:
smb_host: ''
smb_username: ''
smb_password: ''
mount_options:
dir_mode: '0775'
file_mode: '0664'
rsync:
args:
- '--verbose'
- '--archive'
- '-z'
exclude:
- .vagrant/
- .git/
auto: 'true'
owner: www-data
group: www-data
usable_port_range:
start: 10200
stop: 10500
post_up_message: ''
ssh:
host: 'false'
port: 'false'
private_key_path: 'false'
username: vagrant
guest_port: 'false'
keep_alive: '1'
forward_agent: 'false'
forward_x11: 'false'
shell: 'bash -l'
insert_key: 'false'
vagrant:
host: detect
proxy:
http: ''
https: ''
ftp: ''
no_proxy: ''
server:
install: '1'
packages:
- htop
- vim
- php-apc
- imagemagick
- memcached
users_groups:
install: '1'
groups: { }
users: { }
locale:
install: '1'
settings:
default_locale: en_GB.UTF-8
locales:
- en_GB.UTF-8
- en_US.UTF-8
timezone: UTC
firewall:
install: '1'
rules: { }
cron:
install: '1'
jobs: { }
nginx:
install: '0'
settings:
default_vhost: 1
proxy_buffer_size: 128k
proxy_buffers: '4 256k'
proxy_connect_timeout: 600s
proxy_send_timeout: 600s
proxy_read_timeout: 600s
names_hash_bucket_size: 128
upstreams: { }
vhosts:
nxv_v660bh3396sj:
server_name: awesome.dev
server_aliases:
- www.awesome.dev
www_root: /var/www/awesome
listen_port: '80'
index_files:
- index.html
- index.htm
- index.php
client_max_body_size: 1m
ssl: '0'
ssl_cert: ''
ssl_key: ''
ssl_port: '443'
ssl_protocols: ''
ssl_ciphers: ''
rewrite_to_https: '1'
spdy: '1'
locations:
nxvl_2czp5887r922:
location: /
try_files:
- $uri
- $uri/
- /index.php$is_args$args
fastcgi: ''
fastcgi_index: ''
fastcgi_split_path: ''
proxy: ''
proxy_redirect: ''
nxvl_9b3fqszmyoq7:
location: '~ \.php$'
try_files:
- $uri
- $uri/
- /index.php$is_args$args
fastcgi: '127.0.0.1:9000'
fastcgi_index: index.php
fastcgi_split_path: '^(.+\.php)(/.*)$'
fast_cgi_params_extra:
- 'SCRIPT_FILENAME $request_filename'
- 'APP_ENV dev'
proxy: ''
proxy_redirect: ''
proxies: { }
apache:
install: '1'
settings:
version: 2.4
user: www-data
group: www-data
default_vhost: true
manage_user: false
manage_group: false
sendfile: 0
modules:
- headers
- proxy_fcgi
- rewrite
vhosts:
av_jgr6qpjsharu:
servername: mikeyxkcd.vagrant
serveraliases:
- mikeyxkcd
- '*.vagrantshare.com'
docroot: /var/www/mikeyxkcd/web
port: '80'
setenv:
- 'APP_ENV dev'
custom_fragment: ''
ssl: '0'
ssl_cert: ''
ssl_key: ''
ssl_chain: ''
ssl_certs_dir: ''
ssl_protocol: ''
ssl_cipher: ''
directories:
avd_qnc6vl7wwmuz:
path: /var/www/mikeyxkcd/web
options:
- Indexes
- FollowSymlinks
- MultiViews
allow_override:
- All
require:
- 'all granted'
custom_fragment: ''
files_match:
avdfm_58u1bdqnto16:
path: \.php$
sethandler: 'proxy:fcgi://127.0.0.1:9000'
custom_fragment: ''
provider: filesmatch
provider: directory
av_7cfbsetnveh6:
servername: mikeyxkcd.vagrant
serveraliases:
- mikeyxkcd
- '*.vagrantshare.com'
docroot: /var/www/mikeyxkcd/web
port: '443'
setenv:
- 'APP_ENV dev'
custom_fragment: ''
ssl: '1'
ssl_cert: ''
ssl_key: ''
ssl_chain: ''
ssl_certs_dir: ''
ssl_protocol: ''
ssl_cipher: ''
directories:
avd_3r97fub30o8p:
path: /var/www/mikeyxkcd/web
options:
- Indexes
- FollowSymlinks
- MultiViews
allow_override:
- All
require:
- 'all granted'
custom_fragment: ''
files_match:
avdfm_vezl4lzit16a:
path: \.php$
sethandler: 'proxy:fcgi://127.0.0.1:9000'
custom_fragment: ''
provider: filesmatch
provider: directory
letsencrypt:
install: '1'
settings:
email: ''
domains: { }
php:
install: '1'
settings:
version: '56'
modules:
php:
- cli
- intl
- mcrypt
- curl
- imagick
- memcached
- gd
pear: { }
pecl: { }
ini:
display_errors: 'On'
error_reporting: '-1'
session.save_path: /var/lib/php/session
date.timezone: UTC
fpm_ini:
error_log: /var/log/php-fpm.log
fpm_pools:
phpfp_cusaw6h960kg:
ini:
prefix: www
listen: '127.0.0.1:9000'
security.limit_extensions: .php
user: www-user
group: www-data
composer: '1'
composer_home: ''
xdebug:
install: '1'
settings:
xdebug.default_enable: '1'
xdebug.remote_autostart: '0'
xdebug.remote_connect_back: '1'
xdebug.remote_enable: '1'
xdebug.remote_handler: dbgp
xdebug.remote_port: '9000'
xdebug.max_nesting_level: '250'
blackfire:
install: '0'
settings:
server_id: ''
server_token: ''
agent:
http_proxy: ''
https_proxy: ''
log_file: stderr
log_level: '1'
php:
agent_timeout: '0.25'
log_file: ''
log_level: '1'
xhprof:
install: '0'
wpcli:
install: '0'
version: v0.19.0
drush:
install: '0'
version: 6.3.0
ruby:
install: '1'
versions:
rv_2u2mrchjo5nk:
version: ''
gems:
- sass
- compass
python:
install: '1'
packages: { }
versions: { }
nodejs:
install: '1'
settings:
version: null
npm_packages:
- gulp
- bower
- uglify-js
- uglifycss
hhvm:
install: '0'
nightly: 0
composer: '1'
composer_home: ''
settings: { }
server_ini:
hhvm.server.host: 127.0.0.1
hhvm.server.port: '9000'
hhvm.log.use_log_file: '1'
hhvm.log.file: /var/log/hhvm/error.log
php_ini:
display_errors: 'On'
error_reporting: '-1'
date.timezone: UTC
mariadb:
install: '0'
settings:
version: '10.1'
root_password: '123'
override_options: { }
adminer: 0
users:
mariadbnu_q8yug87b9olp:
name: dbuser
password: '123'
databases:
mariadbnd_s5k0t8v8psi2:
name: dbname
sql: ''
grants:
mariadbng_y2qtabtrfv9l:
user: dbuser
table: '*.*'
privileges:
- ALL
mysql:
install: '1'
settings:
version: '5.6'
root_password: '123'
override_options: { }
adminer: 0
users:
mysqlnu_tl4w5sj73m0u:
name: mikeyxkcd
password: '123'
databases:
mysqlnd_xiljmfu0us6j:
name: mikeyxkcd
sql: ''
grants:
mysqlng_kqbn8zn9meke:
user: mikeyxkcd
table: 'mikeyxkcd.*'
privileges:
- ALL
postgresql:
install: '0'
settings:
global:
encoding: UTF8
version: '9.3'
server:
postgres_password: '123'
databases: { }
users: { }
grants: { }
adminer: 0
mongodb:
install: '0'
settings:
bind_ip: 127.0.0.1
port: '27017'
globals:
version: 2.6.0
databases: { }
redis:
install: '0'
settings:
port: '6379'
sqlite:
install: '0'
adminer: 0
databases: { }
mailhog:
install: '1'
settings:
smtp_ip: 0.0.0.0
smtp_port: 1025
http_ip: 0.0.0.0
http_port: '8025'
path: /usr/local/bin/mailhog
beanstalkd:
install: '0'
settings:
listenaddress: 0.0.0.0
listenport: '13000'
maxjobsize: '65535'
maxconnections: '1024'
binlogdir: /var/lib/beanstalkd/binlog
binlogfsync: null
binlogsize: '10485760'
beanstalk_console: 0
rabbitmq:
install: '0'
settings:
port: '5672'
users: { }
vhosts: { }
plugins: { }
elastic_search:
install: '0'
settings:
version: 1.4.1
java_install: true
instances: { }
solr:
install: '0'
settings:
version: 4.10.2
port: '8984'
You might need to delete your existing box, and destroy your current vagrant instance for the project (tell me if there's anything special about my config), goodluck!
This still seems to be an issue in 1.8.7. Custom domains do solve the SNI/HTTP mismatch issue, but create a new issue of the mismatched SSL certificate for the custom domain.
I agree with @jonaseberle that is seems to be a problem with the vagrant share handling of standard *.vagrantshare.com hosts. Apache2 considers that a browser bug and responds with a 400, but it seems Nginx lets it through. At any rate, there doesn't seem to be a valid case for the HTTP Host header not matching the SNI host.
Hi there,
Thanks for reporting this bug. I'm sure this was a real issue when originally reported (our fault for not looking sooner!) but there have been multiple Vagrant releases since the original report. I'm going to close this issue now and request you reopen the issue if you're still experiencing this problem. I'm sorry this wasn't looked at earlier :frowning_face:
Cheers!
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.
When we try to use vagrant share to expose an HTTPS endpoint using Apache inside the virtualbox, the Apache serves a "400 Bad Request" response. From looking at our Apache error log inside the Vagrant box, it's complaining that the hostnames provided via SNI (eg wonkey-donkey-123) and the HTTP host header (eg wonkey-donkey-123.vagrantshare.com) are different (note the domain suffix on the HTTP host header which is missing on the SNI name).
We're using Apache 2.2.22 on Ubuntu 12.04.5.