minor fix for stream module

phuslu · Feb 25, 2024 · ce6ebf9 · ce6ebf9
1 parent 3e508a2
commit ce6ebf9
Show file tree

Hide file tree

Showing 5 changed files with 11 additions and 11 deletions.
diff --git a/.github/workflows/nginx.yml b/.github/workflows/nginx.yml
@@ -40,7 +40,7 @@ jobs:
         run: |
           nohup nginx/objs/nginx -p . -c nginx-ssl-fingerprint/nginx.conf </dev/null &>nginx.log &
           sleep 2
-          curl -kv https://127.0.0.1:8833
+          curl -kv https://127.0.0.1:4443
           cat nginx.log
       - name: Fuzzing
         run: |
@@ -53,4 +53,4 @@ jobs:
             pgrep nginx
           done
           curl -kv -sSf https://127.0.0.1:4433
-          curl -kv -sSf https://127.0.0.1:8833
+          curl -kv -sSf https://127.0.0.1:4443
diff --git a/README.md b/README.md
@@ -51,9 +51,9 @@ http {
 #### Example
 
 ```nginx
-http {
+stream {
     server {
-        listen                 127.0.0.1:4433 ssl http2;
+        listen                 127.0.0.1:4443 ssl;
         ssl_certificate        cert.pem;
         ssl_certificate_key    priv.key;
         error_log              /dev/stderr debug;

diff --git a/nginx.conf b/nginx.conf
@@ -8,23 +8,23 @@ events {
 }
 
 http {
+    log_format basic '$remote_addr ja3: $http_ssl_ja3 greased: $http_ssl_greased h2fp: $http2_fingerprint';
     server {
         listen                 0.0.0.0:4433 ssl http2;
-        access_log             /dev/stdout;
+        access_log             /dev/stdout basic;
         ssl_certificate_key    "data:-----BEGIN EC PARAMETERS-----\nBggqhkjOPQMBBw==\n-----END EC PARAMETERS-----\n-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIL02pwZutbzkmdIM0QpvD7W3pcL2dGaeWrbQ8pNCHPFeoAoGCCqGSM49\nAwEHoUQDQgAE0Jektzpg3tJx3iPU05WwG4GweCwGWv87kkZQGB+6vG/kQQeOhnZ7\n7TCroQgY4ZVnBRZTD0lvxSyR6rwt3lWQ4A==\n-----END EC PRIVATE KEY-----\n";
         ssl_certificate        "data:-----BEGIN CERTIFICATE-----\nMIIBtjCCAV2gAwIBAgIUN/O0uv7B+18ohuf05ygsoC82liswCgYIKoZIzj0EAwIw\nMTELMAkGA1UEBhMCVVMxDDAKBgNVBAsMA1dlYjEUMBIGA1UEAwwLZXhhbXBsZS5v\ncmcwHhcNMjIwNzI4MTgzMzA2WhcNMjMwNzI5MTgzMzA2WjAxMQswCQYDVQQGEwJV\nUzEMMAoGA1UECwwDV2ViMRQwEgYDVQQDDAtleGFtcGxlLm9yZzBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABNCXpLc6YN7Scd4j1NOVsBuBsHgsBlr/O5JGUBgfurxv\n5EEHjoZ2e+0wq6EIGOGVZwUWUw9Jb8Uskeq8Ld5VkOCjUzBRMB0GA1UdDgQWBBSH\n9cc3JRcpyPh3nEa41Ux6RDGjLTAfBgNVHSMEGDAWgBSH9cc3JRcpyPh3nEa41Ux6\nRDGjLTAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA0cAMEQCIChRR5U7MMYQ\ntMK0zhNnt2SqRy30VcPIm9qoEms5cNxdAiBb273P7vSkj/PmDd1WsFVkg9NymBaT\n0nsIem2LKav60g==\n-----END CERTIFICATE-----\n";
-        default_type           "application/json";
-        return                 200 '{\n  "ua": "$http_user_agent",\n  "ja3": "$http_ssl_ja3",\n  "h2fp": "$http2_fingerprint",\n  "greased": $http_ssl_greased\n}';
+        return                 200 "ja3: $http_ssl_ja3\ngreased: $http_ssl_greased\nh2fp: $http2_fingerprint\n";
     }
 }
 
 stream {
     log_format basic '$remote_addr ja3: $stream_ssl_ja3 greased: $stream_ssl_greased';
     server {
-        listen                 0.0.0.0:8833 ssl;
+        listen                 0.0.0.0:4443 ssl;
         access_log             /dev/stdout basic;
         ssl_certificate_key    "data:-----BEGIN EC PARAMETERS-----\nBggqhkjOPQMBBw==\n-----END EC PARAMETERS-----\n-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIL02pwZutbzkmdIM0QpvD7W3pcL2dGaeWrbQ8pNCHPFeoAoGCCqGSM49\nAwEHoUQDQgAE0Jektzpg3tJx3iPU05WwG4GweCwGWv87kkZQGB+6vG/kQQeOhnZ7\n7TCroQgY4ZVnBRZTD0lvxSyR6rwt3lWQ4A==\n-----END EC PRIVATE KEY-----\n";
         ssl_certificate        "data:-----BEGIN CERTIFICATE-----\nMIIBtjCCAV2gAwIBAgIUN/O0uv7B+18ohuf05ygsoC82liswCgYIKoZIzj0EAwIw\nMTELMAkGA1UEBhMCVVMxDDAKBgNVBAsMA1dlYjEUMBIGA1UEAwwLZXhhbXBsZS5v\ncmcwHhcNMjIwNzI4MTgzMzA2WhcNMjMwNzI5MTgzMzA2WjAxMQswCQYDVQQGEwJV\nUzEMMAoGA1UECwwDV2ViMRQwEgYDVQQDDAtleGFtcGxlLm9yZzBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABNCXpLc6YN7Scd4j1NOVsBuBsHgsBlr/O5JGUBgfurxv\n5EEHjoZ2e+0wq6EIGOGVZwUWUw9Jb8Uskeq8Ld5VkOCjUzBRMB0GA1UdDgQWBBSH\n9cc3JRcpyPh3nEa41Ux6RDGjLTAfBgNVHSMEGDAWgBSH9cc3JRcpyPh3nEa41Ux6\nRDGjLTAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA0cAMEQCIChRR5U7MMYQ\ntMK0zhNnt2SqRy30VcPIm9qoEms5cNxdAiBb273P7vSkj/PmDd1WsFVkg9NymBaT\n0nsIem2LKav60g==\n-----END CERTIFICATE-----\n";
-        return                 'HTTP/1.1 200 OK\r\n\r\n';
+        return                 "HTTP/1.1 200 OK\r\n\r\nja3: $stream_ssl_ja3\ngreased: $stream_ssl_greased";
     }
 }
diff --git a/src/ngx_http_ssl_fingerprint_module.c b/src/ngx_http_ssl_fingerprint_module.c
@@ -1,7 +1,6 @@
 #include <ngx_config.h>
 #include <ngx_core.h>
 #include <ngx_http.h>
-#include <ngx_log.h>
 
 extern int ngx_ssl_ja3(ngx_connection_t *c);
 extern int ngx_http2_fingerprint(ngx_connection_t *c, ngx_http_v2_connection_t *h2c);

diff --git a/src/ngx_stream_ssl_fingerprint_preread_module.c b/src/ngx_stream_ssl_fingerprint_preread_module.c
@@ -1,7 +1,8 @@
 #include <ngx_config.h>
 #include <ngx_core.h>
 #include <ngx_stream.h>
-#include <ngx_md5.h>
+
+extern int ngx_ssl_ja3(ngx_connection_t *c);
 
 static ngx_int_t ngx_stream_ssl_fingerprint_preread_init(ngx_conf_t *cf);