Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TLS handshake error #878

Closed
sehnemvinicius opened this issue May 1, 2024 · 1 comment
Closed

TLS handshake error #878

sehnemvinicius opened this issue May 1, 2024 · 1 comment
Labels
question

Comments

@sehnemvinicius
Copy link

Environment info:

  • KrakenD version: 2.6.2
  • System info: docker
  • Hardware specs: Number of CPUs, RAM, etc
  • Backend technology: Node, Go and Rust.
  • Additional environment information:

Describe what are you trying to do:
i created an application to run on an EC2 instance using krakend, i self-signed the certificate and i am getting the following error when making a request from my frontend to krakend: http: TLS handshake error from IP:PORT: remote error: tls: unknown certificate.

Your configuration file:

{
  "$schema": "https://www.krakend.io/schema/krakend.json",
  "version": 3,
  "name": "My app name",
  "timeout": "3000ms",
  "cache_ttl": "300s",
  "output_encoding": "json",
  "port": 8080,
  "endpoints": [
    {
      "endpoint": "/login",
      "method": "POST",
      "output_encoding": "json",
      "backend": [
        {
          "url_pattern": "/login",
          "encoding": "json",
          "sd": "static",
          "method": "POST",
          "host": [
            "node:3000"
          ],
          "disable_host_sanitize": false
        }
      ]
    }
  ],
  "extra_config": {
    "security/cors": {
      "allow_origins": [
        "my-frontend-dns"
      ],
      "expose_headers": [
        "Content-Length",
        "Content-Type"
      ],
      "allow_headers": [
        "Origin",
        "Authorization",
        "Content-Type"
      ],
      "max_age": "12h",
      "allow_methods": [
        "GET",
        "POST",
        "PUT",
        "DELETE",
        "OPTIONS"
      ]
    }
  },
  "tls": {
    "public_key": "/etc/ssl/cert.crt",
    "private_key": "/etc/ssl/key.key"
  },
  "client_tls": {
    "allow_insecure_connections": true
  }
}

Configuration check output:
Result of krakend check -dtc krakend.json --lint command

Parsing configuration file: krakend.json
ERROR compiling the schema:     jsonschema https://www.krakend.io/schema/v2.6/krakend.json compilation failed: Get "https://www.krakend.io/schema/v2.6/krakend.json": tls: failed to verify certificate: x509: certificate signed by unknown authority

Commands used:
i have used docker-compose

services:
  krakend:
      image: devopsfaith/krakend
      ports:
        - 8080:8080
      volumes:
        - ./krakend:/etc/krakend
        - ./ssl:/etc/ssl
      command: ["krakend", "run", "-c", "/etc/krakend/krakend.json"]
      networks:
        - my-network
  ...

Logs:
Logs you saw in the console and debugging information

Additional comments:
@taik0
Copy link
Member

taik0 commented May 9, 2024

Hi @sehnemvinicius

I think you are missing the ca-certificates package in your system. Also, since you are overwriting /etc/ssl you are removing the ca-certificates that are already installed in the krakend container.

Install ca-certificates or remove the volume for /etc/ssl and should work.

@taik0 taik0 closed this as completed May 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@taik0 @sehnemvinicius