Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[example] update add-ssl example #789

Merged
merged 1 commit into from
Jun 26, 2018
Merged

[example] update add-ssl example #789

merged 1 commit into from
Jun 26, 2018

Conversation

mikz
Copy link
Contributor

@mikz mikz commented Jun 26, 2018
edited
Loading

Use builtin HTTPS functionality instead of a customization.

/cc @3scale/documentation

@mikz
[example] update add-ssl example
1dfc40c 
Use builtin HTTPS functionality instead of a customization.
@mikz mikz requested a review from a team as a code owner June 26, 2018 07:55
@mikz mikz mentioned this pull request Jun 26, 2018
Closed
@mikz mikz requested a review from a team June 26, 2018 07:58
@mikz
Copy link
Contributor Author

mikz commented Jun 26, 2018

@4integration do you have any feedback on this?

@4integration
Copy link

I have looked at the configuration and it is the same as I have but I am using docker-compose and .env file.
But noticed that the image is different.
I have used:
registry.access.redhat.com/3scale-amp22/apicast-gateway:1.8
and could not get HTTPS to work so tested with the same as you
quay.io/3scale/apicast:master

That makes the HTTPS listener going and responding but getting

C:\>curl -v https://gwdomain.com:8443/_threescale/healthz
*   Trying 10.57.49.13...
* Connected to gw.domain.com (10.57.49.13) port 8443 (#0)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: C:\Apps\curl-7.46.0-win64\bin\curl-ca-bundle.crt
  CApath: none
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Unknown (21):
* TLSv1.2 (IN), TLS alert, Server hello (2):
* error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error
* Closing connection 0
curl: (35) error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error

@mayorova
Copy link
Contributor

@4integration registry.access.redhat.com/3scale-amp22/apicast-gateway:1.8 image corresponds to the v3.2.0 of the APIcast upstream.
These new APICAST_HTTPS_* environment variables appeared after the release, and currently are not available in the productized APIcast image (only in the latest upstream – quay.io/3scale/apicast:master).
See the entry ENV variables to make APIcast listen on HTTPS port in the CHANGELOG.

For registry.access.redhat.com/3scale-amp22/apicast-gateway:1.8 the old approach still needs to be used.

@mikz
Copy link
Contributor Author

mikz commented Jun 26, 2018

@4integration the example shows the curl call with --cacert param to expect the self signed certificate.

@mikz mikz merged commit b39ebd6 into master Jun 26, 2018
@mikz mikz deleted the fix-add-ssl-example branch June 26, 2018 11:48
@4integration
Copy link

@mayorova thanks a lot for the clarification.
Since it didn't work just to pick the latest image
registry.access.redhat.com/3scale-amp22/apicast-gateway:1.8

but now I got it working :)

The only things I have changed are:

  • Changed volume mount point for certs
  • Using absolute path for certs

So 1-2 of these caused the issue, now solved.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@davidor davidor davidor approved these changes

Assignees

@mikz mikz

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@mikz @4integration @mayorova @davidor