Docker Community Forums

Share and learn in the Docker community.

[Solved] Can't get Interlock 2.0 working with SSL termination

beta

(Cgjimwel) #1

Hi,

I’m currently trying to test HRM2 (Interlock 2.0) with the Beta, but I can’t get this working with SSL termination. Without SSL it’s just working like documented here: https://beta.docs.docker.com/ee/ucp/interlock/usage/. But when trying this with SSL documented here: https://beta.docs.docker.com/ee/ucp/interlock/usage/ssl/ it simply does not work like it’s documented. I have done the installation and all the actions like below. What am I doing wrong here?

Tested with image on AWS (https://aws.amazon.com/marketplace/pp/B00O7WM7QW). This is the official image that CentOS provides for AWS. See (https://wiki.centos.org/Cloud/AWS)

docker container run --rm -it --name ucp \
>   -v /var/run/docker.sock:/var/run/docker.sock \
>   docker/ucp:3.0.0-beta2 install \
>   --host-address 172.31.12.160 \
>   --interactive
Unable to find image 'docker/ucp:3.0.0-beta2' locally
3.0.0-beta2: Pulling from docker/ucp
2fdfe1cd78c2: Pull complete 
7a50ccffb2b0: Pull complete 
2dd8b461d2d3: Pull complete 
Digest: sha256:638ded3590d3c088377dbbcb5478f269192b1ad24c4f9cf6944264f4af8dcb07
Status: Downloaded newer image for docker/ucp:3.0.0-beta2
INFO[0000] Verifying your system is compatible with UCP 3.0.0-beta2 (4f665c3) 
INFO[0000] Your engine version 17.06.3-ee-1-beta2, build f5446d6 (3.10.0-693.17.1.el7.x86_64) is compatible 
Admin Username: admin
Admin Password: 
Confirm Admin Password: 
INFO[0009] Pulling required images... (this may take a while) 
INFO[0009] Pulling docker/ucp-hyperkube:3.0.0-beta2     
INFO[0042] Pulling docker/ucp-controller:3.0.0-beta2    
INFO[0045] Pulling docker/ucp-dsinfo:3.0.0-beta2        
INFO[0060] Pulling docker/ucp-etcd:3.0.0-beta2          
INFO[0062] Pulling docker/ucp-calico-node:3.0.0-beta2   
INFO[0068] Pulling docker/ucp-cfssl:3.0.0-beta2         
INFO[0069] Pulling docker/ucp-pause:3.0.0-beta2         
INFO[0070] Pulling docker/ucp-agent:3.0.0-beta2         
INFO[0071] Pulling docker/ucp-metrics:3.0.0-beta2       
INFO[0074] Pulling docker/ucp-kube-compose:3.0.0-beta2  
INFO[0075] Pulling docker/ucp-interlock:3.0.0-beta2     
INFO[0076] Pulling docker/ucp-auth:3.0.0-beta2          
INFO[0077] Pulling docker/ucp-calico-cni:3.0.0-beta2    
INFO[0080] Pulling docker/ucp-calico-kube-controllers:3.0.0-beta2 
INFO[0082] Pulling docker/ucp-compose:3.0.0-beta2       
INFO[0084] Pulling docker/ucp-auth-store:3.0.0-beta2    
INFO[0085] Pulling docker/ucp-kube-dns:3.0.0-beta2      
INFO[0087] Pulling docker/ucp-kube-dns-sidecar:3.0.0-beta2 
INFO[0089] Pulling docker/ucp-interlock-extension:3.0.0-beta2 
INFO[0091] Pulling docker/ucp-interlock-proxy:3.0.0-beta2 
INFO[0092] Pulling docker/ucp-kube-dns-dnsmasq-nanny:3.0.0-beta2 
INFO[0093] Pulling docker/ucp-swarm:3.0.0-beta2         
We detected the following hostnames/IP addresses for this system [ip-172-31-12-160.us-east-2.compute.internal 127.0.0.1 172.17.0.1 172.31.12.160]

You may enter additional aliases (SANs) now or press enter to proceed with the above list.
Additional aliases: 52.15.113.107
INFO[0000] Initializing a new swarm at 172.31.12.160    
INFO[0005] Establishing mutual Cluster Root CA with Swarm 
INFO[0008] Installing UCP with host address 172.31.12.160 - If this is incorrect, please specify an alternative address with the '--host-address' flag 
INFO[0008] Generating UCP Client Root CA                
INFO[0008] Deploying UCP Service                        
INFO[0051] Installation completed on ip-172-31-12-160.us-east-2.compute.internal (node sq3ckkk69tdtwrz5x08yitxgg) 
INFO[0051] UCP Instance ID: uwm36qn6gq1zz6tzi6a5j8rq2   
INFO[0051] UCP Server SSL: SHA-256 Fingerprint=F3:79:D8:2A:4C:BD:C7:09:C3:20:AE:88:35:BB:5F:49:51:5D:C7:72:09:7F:A6:33:C2:0D:B0:B7:CC:1E:CB:D2 
INFO[0051] Login to UCP at https://172.31.12.160:443    
INFO[0051] Username: admin                              
INFO[0051] Password: (your admin password)              

docker version
Client: Docker EE 2.0
 Version:	17.06.3-ee-1-beta2
 API version:	1.30
 Go version:	go1.8.5
 Git commit:	f5446d6
 Built:	Sat Jan 13 00:34:39 2018
 OS/Arch:	linux/amd64

Server: Docker EE 2.0
 Engine:
  Version:	17.06.3-ee-1-beta2
  API version:	1.30 (minimum version 1.12)
  Go version:	go1.8.5
  Git commit:	f5446d6
  Built:	Sat Jan 13 00:35:59 2018
  OS/Arch:	linux/amd64
  Experimental:	false

Create HRM2 with SSL Termination (https://beta.docs.docker.com/ee/ucp/interlock/usage/ssl/):
openssl req \
>     -new \
>     -newkey rsa:4096 \
>     -days 3650 \
>     -nodes \
>     -x509 \
>     -subj "/C=US/ST=SomeState/L=SomeCity/O=Interlock/CN=demo.local" \
>     -keyout demo.local.key \
>     -out demo.local.cert
Generating a 4096 bit RSA private key
..++
..................................................................................................................................................................................................++
writing new private key to 'demo.local.key'
-----

docker secret create demo.local.cert demo.local.cert
6acxawabnsoqras40r4tvuhy8

docker secret create demo.local.key demo.local.key
dk79t6bk87cpxllfu91oeeewq

docker network create -d overlay demo
qmsc5tvwpdch9cbn23jf8lwv4

docker service create \
>     --name demo \
>     --network demo \
>     --label com.docker.lb.hosts=demo.local \
>     --label com.docker.lb.port=8080 \
>     --label com.docker.lb.ssl_cert=demo.local.cert \
>     --label com.docker.lb.ssl_key=demo.local.key \
>     ehazlett/docker-demo
t2pcu05blh86sw8zsij65h9gn
Since --detach=false was not specified, tasks will be created in the background.
In a future release, --detach=false will become the default.

cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4 demo.local
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

curl -vsk https://demo.local/ping
* About to connect() to demo.local port 443 (#0)
*   Trying 127.0.0.1...
* Connected to demo.local (127.0.0.1) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* skipping SSL peer certificate verification
* NSS: client certificate not found (nickname not specified)
* SSL connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* Server certificate:
* 	subject: CN=system:ucp:sq3ckkk69tdtwrz5x08yitxgg,OU=ucp
* 	start date: Feb 06 16:05:00 2018 GMT
* 	expire date: May 07 16:05:00 2018 GMT
* 	common name: system:ucp:sq3ckkk69tdtwrz5x08yitxgg
* 	issuer: CN=UCP Client Root CA
> GET /ping HTTP/1.1
> User-Agent: curl/7.29.0
> Host: demo.local
> Accept: */*
> 
< HTTP/1.1 404 Not Found
< Content-Type: text/plain; charset=utf-8
< X-Content-Type-Options: nosniff
< Date: Tue, 06 Feb 2018 16:18:58 GMT
< Content-Length: 19
< 
404 page not found
* Connection #0 to host demo.local left intact

System information installed packages:
rpm -qa  | sort -n
acl-2.2.51-12.el7.x86_64
audit-2.7.6-3.el7.x86_64
audit-libs-2.7.6-3.el7.x86_64
audit-libs-python-2.7.6-3.el7.x86_64
authconfig-6.2.8-30.el7.x86_64
basesystem-10.0-7.el7.centos.noarch
bash-4.2.46-29.el7_4.x86_64
bind-libs-lite-9.9.4-51.el7_4.2.x86_64
bind-license-9.9.4-51.el7_4.2.noarch
binutils-2.25.1-32.base.el7_4.2.x86_64
btrfs-progs-4.9.1-1.el7.x86_64
bzip2-libs-1.0.6-13.el7.x86_64
ca-certificates-2017.2.14-71.el7.noarch
centos-release-7-4.1708.el7.centos.x86_64
checkpolicy-2.5-4.el7.x86_64
chkconfig-1.7.4-1.el7.x86_64
chrony-3.1-2.el7.centos.x86_64
cloud-init-0.7.9-9.el7.centos.2.x86_64
cloud-utils-growpart-0.29-2.el7.noarch
container-selinux-2.36-1.gitff95335.el7.noarch
coreutils-8.22-18.el7.x86_64
cpio-2.11-25.el7_4.x86_64
cracklib-2.9.0-11.el7.x86_64
cracklib-dicts-2.9.0-11.el7.x86_64
cronie-1.4.11-17.el7.x86_64
cronie-anacron-1.4.11-17.el7.x86_64
crontabs-1.11-6.20121102git.el7.noarch
cryptsetup-libs-1.7.4-3.el7_4.1.x86_64
curl-7.29.0-42.el7_4.1.x86_64
cyrus-sasl-lib-2.1.26-21.el7.x86_64
dbus-1.6.12-17.el7.x86_64
dbus-glib-0.100-7.el7.x86_64
dbus-libs-1.6.12-17.el7.x86_64
dbus-python-1.1.1-9.el7.x86_64
device-mapper-1.02.140-8.el7.x86_64
device-mapper-event-1.02.140-8.el7.x86_64
device-mapper-event-libs-1.02.140-8.el7.x86_64
device-mapper-libs-1.02.140-8.el7.x86_64
device-mapper-persistent-data-0.7.0-0.1.rc6.el7_4.1.x86_64
dhclient-4.2.5-58.el7.centos.1.x86_64
dhcp-common-4.2.5-58.el7.centos.1.x86_64
dhcp-libs-4.2.5-58.el7.centos.1.x86_64
diffutils-3.3-4.el7.x86_64
dmidecode-3.0-5.el7.x86_64
docker-ee-2.0.0.ee.1-1.2.beta2.el7.centos.x86_64
dracut-033-502.el7_4.1.x86_64
dracut-config-generic-033-502.el7_4.1.x86_64
dracut-config-rescue-033-502.el7_4.1.x86_64
dracut-network-033-502.el7_4.1.x86_64
e2fsprogs-1.42.9-10.el7.x86_64
e2fsprogs-libs-1.42.9-10.el7.x86_64
elfutils-default-yama-scope-0.168-8.el7.noarch
elfutils-libelf-0.168-8.el7.x86_64
elfutils-libs-0.168-8.el7.x86_64
epel-release-7-11.noarch
ethtool-4.8-1.el7.x86_64
expat-2.1.0-10.el7_3.x86_64
file-5.11-33.el7.x86_64
file-libs-5.11-33.el7.x86_64
filesystem-3.2-21.el7.x86_64
findutils-4.5.11-5.el7.x86_64
fipscheck-1.4.1-6.el7.x86_64
fipscheck-lib-1.4.1-6.el7.x86_64
freetype-2.4.11-15.el7.x86_64
gawk-4.0.2-4.el7_3.1.x86_64
gdbm-1.10-8.el7.x86_64
GeoIP-1.5.0-11.el7.x86_64
gettext-0.19.8.1-2.el7.x86_64
gettext-libs-0.19.8.1-2.el7.x86_64
git-1.8.3.1-12.el7_4.x86_64
glib2-2.50.3-3.el7.x86_64
glibc-2.17-196.el7_4.2.x86_64
glibc-common-2.17-196.el7_4.2.x86_64
gmp-6.0.0-15.el7.x86_64
gnupg2-2.0.22-4.el7.x86_64
gobject-introspection-1.50.0-1.el7.x86_64
gpgme-1.3.2-5.el7.x86_64
gpg-pubkey-352c64e5-52ae6884
gpg-pubkey-76682bc9-58adebaf
gpg-pubkey-f4a80eb5-53a7ff4b
gpm-libs-1.20.7-5.el7.x86_64
grep-2.20-3.el7.x86_64
groff-base-1.22.2-8.el7.x86_64
grub2-2.02-0.65.el7.centos.2.x86_64
grub2-common-2.02-0.65.el7.centos.2.noarch
grub2-pc-2.02-0.65.el7.centos.2.x86_64
grub2-pc-modules-2.02-0.65.el7.centos.2.noarch
grub2-tools-2.02-0.65.el7.centos.2.x86_64
grub2-tools-extra-2.02-0.65.el7.centos.2.x86_64
grub2-tools-minimal-2.02-0.65.el7.centos.2.x86_64
grubby-8.28-23.el7.x86_64
gssproxy-0.7.0-4.el7.x86_64
gzip-1.5-9.el7.x86_64
hardlink-1.0-19.el7.x86_64
hostname-3.13-3.el7.x86_64
info-5.1-4.el7.x86_64
initscripts-9.49.39-1.el7_4.1.x86_64
iproute-3.10.0-87.el7.x86_64
iptables-1.4.21-18.2.el7_4.x86_64
iputils-20160308-10.el7.x86_64
irqbalance-1.0.7-10.el7.x86_64
iwl7265-firmware-22.0.7.0-58.el7_4.noarch
jansson-2.10-1.el7.x86_64
kbd-1.15.5-13.el7.x86_64
kbd-legacy-1.15.5-13.el7.noarch
kbd-misc-1.15.5-13.el7.noarch
kernel-3.10.0-693.11.6.el7.x86_64
kernel-3.10.0-693.17.1.el7.x86_64
kernel-tools-3.10.0-693.17.1.el7.x86_64
kernel-tools-libs-3.10.0-693.17.1.el7.x86_64
kexec-tools-2.0.14-17.2.el7.x86_64
keyutils-1.5.8-3.el7.x86_64
keyutils-libs-1.5.8-3.el7.x86_64
kmod-20-15.el7_4.7.x86_64
kmod-libs-20-15.el7_4.7.x86_64
kpartx-0.4.9-111.el7_4.2.x86_64
krb5-libs-1.15.1-8.el7.x86_64
less-458-9.el7.x86_64
libacl-2.2.51-12.el7.x86_64
libaio-0.3.109-13.el7.x86_64
libassuan-2.1.0-3.el7.x86_64
libattr-2.4.46-12.el7.x86_64
libbasicobjects-0.1.1-27.el7.x86_64
libblkid-2.23.2-43.el7_4.2.x86_64
libcap-2.22-9.el7.x86_64
libcap-ng-0.7.5-4.el7.x86_64
libcgroup-0.41-13.el7.x86_64
libcollection-0.6.2-27.el7.x86_64
libcom_err-1.42.9-10.el7.x86_64
libcroco-0.6.11-1.el7.x86_64
libcurl-7.29.0-42.el7_4.1.x86_64
libdaemon-0.14-7.el7.x86_64
libdb-5.3.21-21.el7_4.x86_64
libdb-utils-5.3.21-21.el7_4.x86_64
libedit-3.0-12.20121213cvs.el7.x86_64
libestr-0.1.9-2.el7.x86_64
libevent-2.0.21-4.el7.x86_64
libfastjson-0.99.4-2.el7.x86_64
libffi-3.0.13-18.el7.x86_64
libgcc-4.8.5-16.el7_4.1.x86_64
libgcrypt-1.5.3-14.el7.x86_64
libgnome-keyring-3.12.0-1.el7.x86_64
libgomp-4.8.5-16.el7_4.1.x86_64
libgpg-error-1.12-3.el7.x86_64
libidn-1.28-4.el7.x86_64
libini_config-1.3.0-27.el7.x86_64
libmnl-1.0.3-7.el7.x86_64
libmount-2.23.2-43.el7_4.2.x86_64
libndp-1.2-7.el7.x86_64
libnetfilter_conntrack-1.0.6-1.el7_3.x86_64
libnfnetlink-1.0.1-4.el7.x86_64
libnfsidmap-0.25-17.el7.x86_64
libnl3-3.2.28-4.el7.x86_64
libnl3-cli-3.2.28-4.el7.x86_64
libpath_utils-0.2.1-27.el7.x86_64
libpipeline-1.2.3-3.el7.x86_64
libpwquality-1.2.3-4.el7.x86_64
libref_array-0.1.5-27.el7.x86_64
libseccomp-2.3.1-3.el7.x86_64
libselinux-2.5-11.el7.x86_64
libselinux-python-2.5-11.el7.x86_64
libselinux-utils-2.5-11.el7.x86_64
libsemanage-2.5-8.el7.x86_64
libsemanage-python-2.5-8.el7.x86_64
libsepol-2.5-6.el7.x86_64
libss-1.42.9-10.el7.x86_64
libssh2-1.4.3-10.el7_2.1.x86_64
libstdc++-4.8.5-16.el7_4.1.x86_64
libsysfs-2.1.0-16.el7.x86_64
libtasn1-4.10-1.el7.x86_64
libteam-1.25-5.el7.x86_64
libtirpc-0.2.4-0.10.el7.x86_64
libtool-ltdl-2.4.2-22.el7_3.x86_64
libunistring-0.9.3-9.el7.x86_64
libuser-0.60-7.el7_1.x86_64
libutempter-1.1.6-4.el7.x86_64
libuuid-2.23.2-43.el7_4.2.x86_64
libverto-0.2.5-4.el7.x86_64
libverto-libevent-0.2.5-4.el7.x86_64
libxml2-2.9.1-6.el7_2.3.x86_64
libxml2-python-2.9.1-6.el7_2.3.x86_64
libyaml-0.1.4-11.el7_0.x86_64
linux-firmware-20170606-58.gitc990aae.el7_4.noarch
logrotate-3.8.6-14.el7.x86_64
lua-5.1.4-15.el7.x86_64
lvm2-2.02.171-8.el7.x86_64
lvm2-libs-2.02.171-8.el7.x86_64
lzo-2.06-8.el7.x86_64
make-3.82-23.el7.x86_64
man-db-2.6.3-9.el7.x86_64
mariadb-libs-5.5.56-2.el7.x86_64
microcode_ctl-2.1-22.5.el7_4.x86_64
mozjs17-17.0.0-19.el7.x86_64
ncurses-5.9-14.20130511.el7_4.x86_64
ncurses-base-5.9-14.20130511.el7_4.noarch
ncurses-libs-5.9-14.20130511.el7_4.x86_64
net-tools-2.0-0.22.20131004git.el7.x86_64
newt-0.52.15-4.el7.x86_64
newt-python-0.52.15-4.el7.x86_64
nfs-utils-1.3.0-0.48.el7_4.1.x86_64
nspr-4.13.1-1.0.el7_3.x86_64
nss-3.28.4-15.el7_4.x86_64
nss-pem-1.0.3-4.el7.x86_64
nss-softokn-3.28.3-8.el7_4.x86_64
nss-softokn-freebl-3.28.3-8.el7_4.x86_64
nss-sysinit-3.28.4-15.el7_4.x86_64
nss-tools-3.28.4-15.el7_4.x86_64
nss-util-3.28.4-3.el7.x86_64
numactl-libs-2.0.9-6.el7_2.x86_64
openldap-2.4.44-5.el7.x86_64
openssh-7.4p1-13.el7_4.x86_64
openssh-clients-7.4p1-13.el7_4.x86_64
openssh-server-7.4p1-13.el7_4.x86_64
openssl-1.0.2k-8.el7.x86_64
openssl-libs-1.0.2k-8.el7.x86_64
os-prober-1.58-9.el7.x86_64
p11-kit-0.23.5-3.el7.x86_64
p11-kit-trust-0.23.5-3.el7.x86_64
pam-1.1.8-18.el7.x86_64
parted-3.1-28.el7.x86_64
passwd-0.79-4.el7.x86_64
pciutils-libs-3.5.1-2.el7.x86_64
pcre-8.32-17.el7.x86_64
perl-5.16.3-292.el7.x86_64
perl-Carp-1.26-244.el7.noarch
perl-constant-1.27-2.el7.noarch
perl-Encode-2.51-7.el7.x86_64
perl-Error-0.17020-2.el7.noarch
perl-Exporter-5.68-3.el7.noarch
perl-File-Path-2.09-2.el7.noarch
perl-File-Temp-0.23.01-3.el7.noarch
perl-Filter-1.49-3.el7.x86_64
perl-Getopt-Long-2.40-2.el7.noarch
perl-Git-1.8.3.1-12.el7_4.noarch
perl-HTTP-Tiny-0.033-3.el7.noarch
perl-libs-5.16.3-292.el7.x86_64
perl-macros-5.16.3-292.el7.x86_64
perl-parent-0.225-244.el7.noarch
perl-PathTools-3.40-5.el7.x86_64
perl-Pod-Escapes-1.04-292.el7.noarch
perl-podlators-2.5.1-3.el7.noarch
perl-Pod-Perldoc-3.20-4.el7.noarch
perl-Pod-Simple-3.28-4.el7.noarch
perl-Pod-Usage-1.63-3.el7.noarch
perl-Scalar-List-Utils-1.27-248.el7.x86_64
perl-Socket-2.010-4.el7.x86_64
perl-Storable-2.45-3.el7.x86_64
perl-TermReadKey-2.30-20.el7.x86_64
perl-Text-ParseWords-3.29-4.el7.noarch
perl-threads-1.87-4.el7.x86_64
perl-threads-shared-1.43-6.el7.x86_64
perl-Time-HiRes-1.9725-3.el7.x86_64
perl-Time-Local-1.2300-2.el7.noarch
pinentry-0.8.1-17.el7.x86_64
pkgconfig-0.27.1-4.el7.x86_64
policycoreutils-2.5-17.1.el7.x86_64
policycoreutils-python-2.5-17.1.el7.x86_64
polkit-0.112-12.el7_3.x86_64
polkit-pkla-compat-0.1-4.el7.x86_64
popt-1.13-16.el7.x86_64
postfix-2.10.1-6.el7.x86_64
procps-ng-3.3.10-16.el7.x86_64
pth-2.0.7-23.el7.x86_64
pygpgme-0.3-9.el7.x86_64
pyliblzma-0.5.3-11.el7.x86_64
pyserial-2.6-6.el7.noarch
python-2.7.5-58.el7.x86_64
python-babel-0.9.6-8.el7.noarch
python-backports-1.0-8.el7.x86_64
python-backports-ssl_match_hostname-3.4.0.2-4.el7.noarch
python-chardet-2.2.1-1.el7_1.noarch
python-configobj-4.7.2-7.el7.noarch
python-decorator-3.4.0-3.el7.noarch
python-gobject-base-3.22.0-1.el7_4.1.x86_64
python-iniparse-0.4-9.el7.noarch
python-IPy-0.75-6.el7.noarch
python-jinja2-2.7.2-2.el7.noarch
python-jsonpatch-1.2-4.el7.noarch
python-jsonpointer-1.9-2.el7.noarch
python-kitchen-1.1.1-5.el7.noarch
python-libs-2.7.5-58.el7.x86_64
python-linux-procfs-0.4.9-3.el7.noarch
python-markupsafe-0.11-10.el7.x86_64
python-perf-3.10.0-693.17.1.el7.x86_64
python-prettytable-0.7.2-3.el7.noarch
python-pycurl-7.19.0-19.el7.x86_64
python-pyudev-0.15-9.el7.noarch
python-requests-2.6.0-1.el7_1.noarch
python-schedutils-0.4-6.el7.x86_64
python-setuptools-0.9.8-7.el7.noarch
python-six-1.9.0-2.el7.noarch
python-urlgrabber-3.10-8.el7.noarch
python-urllib3-1.10.2-3.el7.noarch
pyxattr-0.5.1-5.el7.x86_64
PyYAML-3.10-11.el7.x86_64
qemu-guest-agent-2.8.0-2.el7.x86_64
qrencode-libs-3.4.1-3.el7.x86_64
quota-4.01-14.el7.x86_64
quota-nls-4.01-14.el7.noarch
readline-6.2-10.el7.x86_64
rootfiles-8.1-11.el7.noarch
rpcbind-0.2.0-42.el7.x86_64
rpm-4.11.3-25.el7.x86_64
rpm-build-libs-4.11.3-25.el7.x86_64
rpm-libs-4.11.3-25.el7.x86_64
rpm-python-4.11.3-25.el7.x86_64
rsync-3.0.9-18.el7.x86_64
rsyslog-8.24.0-12.el7.x86_64
sed-4.2.2-5.el7.x86_64
selinux-policy-3.13.1-166.el7_4.7.noarch
selinux-policy-targeted-3.13.1-166.el7_4.7.noarch
setools-libs-3.3.8-1.1.el7.x86_64
setup-2.8.71-7.el7.noarch
shadow-utils-4.1.5.1-24.el7.x86_64
shared-mime-info-1.8-3.el7.x86_64
slang-2.2.4-11.el7.x86_64
snappy-1.1.0-3.el7.x86_64
sqlite-3.7.17-8.el7.x86_64
sudo-1.8.19p2-11.el7_4.x86_64
systemd-219-42.el7_4.7.x86_64
systemd-libs-219-42.el7_4.7.x86_64
systemd-sysv-219-42.el7_4.7.x86_64
sysvinit-tools-2.88-14.dsf.el7.x86_64
tar-1.26-32.el7.x86_64
tcp_wrappers-7.6-77.el7.x86_64
tcp_wrappers-libs-7.6-77.el7.x86_64
teamd-1.25-5.el7.x86_64
tuned-2.8.0-5.el7_4.2.noarch
tzdata-2018c-1.el7.noarch
unzip-6.0-16.el7.x86_64
ustr-1.0.4-16.el7.x86_64
util-linux-2.23.2-43.el7_4.2.x86_64
vim-common-7.4.160-2.el7.x86_64
vim-enhanced-7.4.160-2.el7.x86_64
vim-filesystem-7.4.160-2.el7.x86_64
vim-minimal-7.4.160-2.el7.x86_64
virt-what-1.13-10.el7.x86_64
wget-1.14-15.el7_4.1.x86_64
which-2.20-7.el7.x86_64
wpa_supplicant-2.6-5.el7_4.1.x86_64
xfsprogs-4.5.0-12.el7.x86_64
xz-5.2.2-1.el7.x86_64
xz-libs-5.2.2-1.el7.x86_64
yum-3.4.3-154.el7.centos.1.noarch
yum-metadata-parser-1.1.4-10.el7.x86_64
yum-plugin-fastestmirror-1.1.31-42.el7.noarch
yum-utils-1.1.31-42.el7.noarch
zlib-1.2.7-17.el7.x86_64

cat /etc/redhat-release 
CentOS Linux release 7.4.1708 (Core)  

uname -a
Linux ip-172-31-12-160.us-east-2.compute.internal 3.10.0-693.17.1.el7.x86_64 #1 SMP Thu Jan 25 20:13:58 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

Thanks in advance!


(Evan) #2

Can you attach the logs from the ucp-interlock and ucp-interlock-extension services?


(Cgjimwel) #3

Hi, I sure can. I have attached the complete run with the logs of ucp-interlock* and configuration that was saved in the nginx.conf.

[root@ip-172-31-1-186 ~]# openssl req \
>     -new \
>     -newkey rsa:4096 \
>     -days 3650 \
>     -nodes \
>     -x509 \
>     -subj "/C=US/ST=SomeState/L=SomeCity/O=Interlock/CN=demo.local" \
>     -keyout demo.local.key \
>     -out demo.local.cert
Generating a 4096 bit RSA private key
......++
.......................................................................................++
writing new private key to 'demo.local.key'
-----
[root@ip-172-31-1-186 ~]# docker secret create demo.local.cert demo.local.cert
dh4vau0xitgky7w1yu6ug5cfw

[root@ip-172-31-1-186 ~]# docker secret create demo.local.key demo.local.key
nxt6hy6gepd1497pg6ihio3k2
[root@ip-172-31-1-186 ~]# docker network create -d overlay demo
iguph6hzykfeqysvc6cg3f3sf

[root@ip-172-31-1-186 ~]# docker service create \
>     --name demo \
>     --network demo \
>     --label com.docker.lb.hosts=demo.local \
>     --label com.docker.lb.port=8080 \
>     --label com.docker.lb.ssl_cert=demo.local.cert \
>     --label com.docker.lb.ssl_key=demo.local.key \
>     ehazlett/docker-demo
w5e4r42be6uzjoix5ci33s5ew
Since --detach=false was not specified, tasks will be created in the background.
In a future release, --detach=false will become the default.

[root@ip-172-31-1-186 ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4 demo.local
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

[root@ip-172-31-1-186 ~]# curl -vsk https://demo.local/ping
* About to connect() to demo.local port 443 (#0)
*   Trying 127.0.0.1...
* Connected to demo.local (127.0.0.1) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* skipping SSL peer certificate verification
* NSS: client certificate not found (nickname not specified)
* SSL connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* Server certificate:
* 	subject: CN=system:ucp:u452t8a0smk74hzu1usp9fdib,OU=ucp
* 	start date: Feb 13 12:17:00 2018 GMT
* 	expire date: May 14 12:17:00 2018 GMT
* 	common name: system:ucp:u452t8a0smk74hzu1usp9fdib
* 	issuer: CN=UCP Client Root CA
> GET /ping HTTP/1.1
> User-Agent: curl/7.29.0
> Host: demo.local
> Accept: */*
> 
< HTTP/1.1 404 Not Found
< Content-Type: text/plain; charset=utf-8
< X-Content-Type-Options: nosniff
< Date: Tue, 13 Feb 2018 12:40:25 GMT
< Content-Length: 19
< 
404 page not found
* Connection #0 to host demo.local left intact

[root@ip-172-31-1-186 ~]# docker service logs ucp-interlock-proxy
nothing...

[root@ip-172-31-1-186 ~]# docker service logs ucp-interlock-extension
ucp-interlock-extension.1.djl9beovwpzo@ip-172-31-1-186.us-east-2.compute.internal    | time="2018-02-13T12:39:15Z" level=debug msg="debug enabled" 
ucp-interlock-extension.1.djl9beovwpzo@ip-172-31-1-186.us-east-2.compute.internal    | time="2018-02-13T12:39:15Z" level=debug msg="loading service config" 
ucp-interlock-extension.1.djl9beovwpzo@ip-172-31-1-186.us-east-2.compute.internal    | time="2018-02-13T12:39:15Z" level=debug msg="connecting to interlock" addrs="[ucp-interlock:8080]" 
ucp-interlock-extension.1.djl9beovwpzo@ip-172-31-1-186.us-east-2.compute.internal    | time="2018-02-13T12:39:15Z" level=info msg="extension running" 
ucp-interlock-extension.1.djl9beovwpzo@ip-172-31-1-186.us-east-2.compute.internal    | time="2018-02-13T12:39:20Z" level=debug msg=poll current= version=8388ec 
ucp-interlock-extension.1.djl9beovwpzo@ip-172-31-1-186.us-east-2.compute.internal    | time="2018-02-13T12:39:20Z" level=debug msg="updated config" backends="[]" version=8388ec 
ucp-interlock-extension.1.djl9beovwpzo@ip-172-31-1-186.us-east-2.compute.internal    | time="2018-02-13T12:39:20Z" level=debug msg="updating proxy config" 
ucp-interlock-extension.1.djl9beovwpzo@ip-172-31-1-186.us-east-2.compute.internal    | time="2018-02-13T12:39:20Z" level=debug msg="proxy config updated" version=8388ec 
ucp-interlock-extension.1.djl9beovwpzo@ip-172-31-1-186.us-east-2.compute.internal    | time="2018-02-13T12:39:25Z" level=debug msg=poll current=8388ec version=8388ec 
ucp-interlock-extension.1.djl9beovwpzo@ip-172-31-1-186.us-east-2.compute.internal    | time="2018-02-13T12:39:30Z" level=debug msg=poll current=8388ec version=8388ec 
ucp-interlock-extension.1.djl9beovwpzo@ip-172-31-1-186.us-east-2.compute.internal    | time="2018-02-13T12:39:35Z" level=debug msg=poll current=8388ec version=8388ec 
ucp-interlock-extension.1.djl9beovwpzo@ip-172-31-1-186.us-east-2.compute.internal    | time="2018-02-13T12:39:40Z" level=debug msg=poll current=8388ec version=8388ec 
ucp-interlock-extension.1.djl9beovwpzo@ip-172-31-1-186.us-east-2.compute.internal    | time="2018-02-13T12:39:45Z" level=debug msg=poll current=8388ec version=8388ec 
ucp-interlock-extension.1.djl9beovwpzo@ip-172-31-1-186.us-east-2.compute.internal    | time="2018-02-13T12:39:50Z" level=debug msg=poll current=8388ec version=8388ec 
ucp-interlock-extension.1.djl9beovwpzo@ip-172-31-1-186.us-east-2.compute.internal    | time="2018-02-13T12:39:55Z" level=debug msg=poll current=8388ec version=8388ec 
ucp-interlock-extension.1.djl9beovwpzo@ip-172-31-1-186.us-east-2.compute.internal    | time="2018-02-13T12:40:00Z" level=debug msg=poll current=8388ec version=8388ec 
ucp-interlock-extension.1.djl9beovwpzo@ip-172-31-1-186.us-east-2.compute.internal    | time="2018-02-13T12:40:05Z" level=debug msg=poll current=8388ec version=8388ec 
ucp-interlock-extension.1.djl9beovwpzo@ip-172-31-1-186.us-east-2.compute.internal    | time="2018-02-13T12:40:10Z" level=debug msg=poll current=8388ec version=09f559 
ucp-interlock-extension.1.djl9beovwpzo@ip-172-31-1-186.us-east-2.compute.internal    | time="2018-02-13T12:40:10Z" level=debug msg="updated config" backends="[name:\"demo\" hosts:\"demo.local\" ssl_cert:\"demo.local.cert\" ssl_key:\"demo.local.key\" targets:\"10.0.1.3:8080\" port:8080 ]" version=09f559 
ucp-interlock-extension.1.djl9beovwpzo@ip-172-31-1-186.us-east-2.compute.internal    | time="2018-02-13T12:40:10Z" level=debug msg="configured ssl backend" host=demo.local sslBackend="{Host:demo.local Port:4000 ProxyProtocolPort:0 Passthrough:false DefaultBackend:false}" 
ucp-interlock-extension.1.djl9beovwpzo@ip-172-31-1-186.us-east-2.compute.internal    | time="2018-02-13T12:40:10Z" level=debug msg="updating proxy config" 
ucp-interlock-extension.1.djl9beovwpzo@ip-172-31-1-186.us-east-2.compute.internal    | time="2018-02-13T12:40:10Z" level=debug msg="proxy config updated" version=09f559 
ucp-interlock-extension.1.djl9beovwpzo@ip-172-31-1-186.us-east-2.compute.internal    | time="2018-02-13T12:40:15Z" level=debug msg=poll current=09f559 version=09f559 
ucp-interlock-extension.1.djl9beovwpzo@ip-172-31-1-186.us-east-2.compute.internal    | time="2018-02-13T12:40:20Z" level=debug msg=poll current=09f559 version=09f559 
ucp-interlock-extension.1.djl9beovwpzo@ip-172-31-1-186.us-east-2.compute.internal    | time="2018-02-13T12:40:25Z" level=debug msg=poll current=09f559 version=09f559 
ucp-interlock-extension.1.djl9beovwpzo@ip-172-31-1-186.us-east-2.compute.internal    | time="2018-02-13T12:40:30Z" level=debug msg=poll current=09f559 version=09f559 
ucp-interlock-extension.1.djl9beovwpzo@ip-172-31-1-186.us-east-2.compute.internal    | time="2018-02-13T12:40:35Z" level=debug msg=poll current=09f559 version=09f559 
ucp-interlock-extension.1.djl9beovwpzo@ip-172-31-1-186.us-east-2.compute.internal    | time="2018-02-13T12:40:40Z" level=debug msg=poll current=09f559 version=09f559 
ucp-interlock-extension.1.djl9beovwpzo@ip-172-31-1-186.us-east-2.compute.internal    | time="2018-02-13T12:40:45Z" level=debug msg=poll current=09f559 version=09f559 
ucp-interlock-extension.1.djl9beovwpzo@ip-172-31-1-186.us-east-2.compute.internal    | time="2018-02-13T12:40:50Z" level=debug msg=poll current=09f559 version=09f559 
ucp-interlock-extension.1.djl9beovwpzo@ip-172-31-1-186.us-east-2.compute.internal    | time="2018-02-13T12:40:55Z" level=debug msg=poll current=09f559 version=09f559 
ucp-interlock-extension.1.djl9beovwpzo@ip-172-31-1-186.us-east-2.compute.internal    | time="2018-02-13T12:41:00Z" level=debug msg=poll current=09f559 version=09f559 
ucp-interlock-extension.1.djl9beovwpzo@ip-172-31-1-186.us-east-2.compute.internal    | time="2018-02-13T12:41:05Z" level=debug msg=poll current=09f559 version=09f559 
ucp-interlock-extension.1.djl9beovwpzo@ip-172-31-1-186.us-east-2.compute.internal    | time="2018-02-13T12:41:10Z" level=debug msg=poll current=09f559 version=09f559 
ucp-interlock-extension.1.djl9beovwpzo@ip-172-31-1-186.us-east-2.compute.internal    | time="2018-02-13T12:41:15Z" level=debug msg=poll current=09f559 version=09f559 
ucp-interlock-extension.1.djl9beovwpzo@ip-172-31-1-186.us-east-2.compute.internal    | time="2018-02-13T12:41:20Z" level=debug msg=poll current=09f559 version=09f559 
ucp-interlock-extension.1.djl9beovwpzo@ip-172-31-1-186.us-east-2.compute.internal    | time="2018-02-13T12:41:25Z" level=debug msg=poll current=09f559 version=09f559 
ucp-interlock-extension.1.djl9beovwpzo@ip-172-31-1-186.us-east-2.compute.internal    | time="2018-02-13T12:41:30Z" level=debug msg=poll current=09f559 version=09f559 
ucp-interlock-extension.1.djl9beovwpzo@ip-172-31-1-186.us-east-2.compute.internal    | time="2018-02-13T12:41:35Z" level=debug msg=poll current=09f559 version=09f559 
ucp-interlock-extension.1.djl9beovwpzo@ip-172-31-1-186.us-east-2.compute.internal    | time="2018-02-13T12:41:40Z" level=debug msg=poll current=09f559 version=09f559 
ucp-interlock-extension.1.djl9beovwpzo@ip-172-31-1-186.us-east-2.compute.internal    | time="2018-02-13T12:41:45Z" level=debug msg=poll current=09f559 version=09f559 
ucp-interlock-extension.1.djl9beovwpzo@ip-172-31-1-186.us-east-2.compute.internal    | time="2018-02-13T12:41:50Z" level=debug msg=poll current=09f559 version=09f559 
ucp-interlock-extension.1.djl9beovwpzo@ip-172-31-1-186.us-east-2.compute.internal    | time="2018-02-13T12:41:55Z" level=debug msg=poll current=09f559 version=09f559 
ucp-interlock-extension.1.djl9beovwpzo@ip-172-31-1-186.us-east-2.compute.internal    | time="2018-02-13T12:42:00Z" level=debug msg=poll current=09f559 version=09f559 
ucp-interlock-extension.1.djl9beovwpzo@ip-172-31-1-186.us-east-2.compute.internal    | time="2018-02-13T12:42:05Z" level=debug msg=poll current=09f559 version=09f559 
ucp-interlock-extension.1.djl9beovwpzo@ip-172-31-1-186.us-east-2.compute.internal    | time="2018-02-13T12:42:10Z" level=debug msg=poll current=09f559 version=09f559 
ucp-interlock-extension.1.djl9beovwpzo@ip-172-31-1-186.us-east-2.compute.internal    | time="2018-02-13T12:42:15Z" level=debug msg=poll current=09f559 version=09f559 
ucp-interlock-extension.1.djl9beovwpzo@ip-172-31-1-186.us-east-2.compute.internal    | time="2018-02-13T12:42:20Z" level=debug msg=poll current=09f559 version=09f559 
ucp-interlock-extension.1.djl9beovwpzo@ip-172-31-1-186.us-east-2.compute.internal    | time="2018-02-13T12:42:25Z" level=debug msg=poll current=09f559 version=09f559 
ucp-interlock-extension.1.djl9beovwpzo@ip-172-31-1-186.us-east-2.compute.internal    | time="2018-02-13T12:42:30Z" level=debug msg=poll current=09f559 version=09f559 
ucp-interlock-extension.1.djl9beovwpzo@ip-172-31-1-186.us-east-2.compute.internal    | time="2018-02-13T12:42:35Z" level=debug msg=poll current=09f559 version=09f559 
ucp-interlock-extension.1.djl9beovwpzo@ip-172-31-1-186.us-east-2.compute.internal    | time="2018-02-13T12:42:40Z" level=debug msg=poll current=09f559 version=09f559 
ucp-interlock-extension.1.djl9beovwpzo@ip-172-31-1-186.us-east-2.compute.internal    | time="2018-02-13T12:42:45Z" level=debug msg=poll current=09f559 version=09f559 
ucp-interlock-extension.1.djl9beovwpzo@ip-172-31-1-186.us-east-2.compute.internal    | time="2018-02-13T12:42:50Z" level=debug msg=poll current=09f559 version=09f559 
ucp-interlock-extension.1.djl9beovwpzo@ip-172-31-1-186.us-east-2.compute.internal    | time="2018-02-13T12:42:55Z" level=debug msg=poll current=09f559 version=09f559 
ucp-interlock-extension.1.djl9beovwpzo@ip-172-31-1-186.us-east-2.compute.internal    | time="2018-02-13T12:43:00Z" level=debug msg=poll current=09f559 version=09f559 
ucp-interlock-extension.1.djl9beovwpzo@ip-172-31-1-186.us-east-2.compute.internal    | time="2018-02-13T12:43:05Z" level=debug msg=poll current=09f559 version=09f559 
ucp-interlock-extension.1.djl9beovwpzo@ip-172-31-1-186.us-east-2.compute.internal    | time="2018-02-13T12:43:10Z" level=debug msg=poll current=09f559 version=09f559 
ucp-interlock-extension.1.djl9beovwpzo@ip-172-31-1-186.us-east-2.compute.internal    | time="2018-02-13T12:43:15Z" level=debug msg=poll current=09f559 version=09f559 

[root@ip-172-31-1-186 ~]# docker service logs ucp-interlock
ucp-interlock.1.v4hrz56y5bgw@ip-172-31-1-186.us-east-2.compute.internal    | time="2018-02-13T12:39:14Z" level=info msg="interlock interlock/2.0.0-dev (9317398c) linux/amd64" 
ucp-interlock.1.v4hrz56y5bgw@ip-172-31-1-186.us-east-2.compute.internal    | time="2018-02-13T12:39:14Z" level=info msg="starting server" 
ucp-interlock.1.v4hrz56y5bgw@ip-172-31-1-186.us-east-2.compute.internal    | time="2018-02-13T12:39:17Z" level=info msg="update detected" currentVersion= updatedVersion=b36089 
ucp-interlock.1.v4hrz56y5bgw@ip-172-31-1-186.us-east-2.compute.internal    | time="2018-02-13T12:39:20Z" level=info msg="configured proxy service" id=575w08tjrigr07is4tkgutesc service_cluster= 
ucp-interlock.1.v4hrz56y5bgw@ip-172-31-1-186.us-east-2.compute.internal    | time="2018-02-13T12:40:05Z" level=info msg="update detected" currentVersion=b36089 updatedVersion=8dc3d9 
ucp-interlock.1.v4hrz56y5bgw@ip-172-31-1-186.us-east-2.compute.internal    | time="2018-02-13T12:40:05Z" level=warning msg="skipping task; task is not running" service=demo status=preparing task=mbpenni7rytakauvqc51cbo6k 
ucp-interlock.1.v4hrz56y5bgw@ip-172-31-1-186.us-east-2.compute.internal    | time="2018-02-13T12:40:08Z" level=info msg="update detected" currentVersion=8dc3d9 updatedVersion=089f92 
ucp-interlock.1.v4hrz56y5bgw@ip-172-31-1-186.us-east-2.compute.internal    | time="2018-02-13T12:40:10Z" level=info msg="configured proxy service" id=575w08tjrigr07is4tkgutesc service_cluster= 

[root@ip-172-31-1-186 ~]# docker exec -ti ucp-interlock-proxy.2.ycin4we54120uwgdnswrrvoxc /bin/sh
/ # cat /etc/nginx/nginx.conf
# interlock config version 09f559
user nginx;
worker_processes 1;

error_log  /dev/stdout warn;
pid        /var/run/proxy.pid;


events {
    worker_connections 1024;
}

http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;
    server_names_hash_bucket_size 128;

    log_format  main '$remote_addr - $remote_user [$time_local] "$request" '
		    '$status $body_bytes_sent "$http_referer" '
		    '"$http_user_agent" "$http_x_forwarded_for"';

    log_format trace '$remote_addr - $remote_user [$time_local] "$request" $status '
		    '$body_bytes_sent "$http_referer" "$http_user_agent" '
		    '"$http_x_forwarded_for" $request_id $msec $request_time '
		    '$upstream_connect_time $upstream_header_time $upstream_response_time';

    access_log  /dev/stdout main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    add_header x-request-id $request_id;
    add_header x-proxy-id $hostname;
    add_header x-server-info "interlock/2.0.0-dev (9317398c) linux/amd64";
    add_header x-upstream-addr $upstream_addr;
    add_header x-upstream-response-time $upstream_response_time;

    proxy_connect_timeout 600;
    proxy_send_timeout 0;
    proxy_read_timeout 600;
    proxy_set_header        X-Real-IP         $remote_addr;
    proxy_set_header        X-Forwarded-For   $proxy_add_x_forwarded_for;
    proxy_set_header        Host              $http_host;
    proxy_set_header x-request-id $request_id;
    send_timeout 0;
    proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;

    ssl_prefer_server_ciphers on;
    ssl_ciphers HIGH:!aNULL:!MD5;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    

    map $http_upgrade $connection_upgrade {
        default upgrade;
        ''      close;
    }

    
    # default host return 503
    server {
	listen 80 default_server;
	server_name _;

	root /usr/share/nginx/html;

	error_page   503 /503.html;
	location = /503.html {
	    try_files /503.html @error;
	    internal;
	}

	location @error {
	    root /usr/share/nginx/html;
	}

	location / {
	    return 503;
	}

	location /nginx_status {
	    stub_status on;
	    access_log off;
	}
    }
    

    
    
    
    upstream up-demo.local {
        zone up-demo.local_backend 64k;
	
	
        server 10.0.1.3:8080;
        
         
    }
    
    server {
        listen 80;
	server_name demo.local;

	

	
	
        location / {
            proxy_pass http://up-demo.local;
        }
	

         
	 
        location /nginx_status {
            stub_status on;
            access_log off;
        }
	
    }
     

    
    
    
    server {
	listen 127.0.0.1:4000 ssl proxy_protocol;
        server_name demo.local;
        ssl on;
        ssl_certificate /run/secrets/demo.local.cert;
	ssl_certificate_key /run/secrets/demo.local.key;
	set_real_ip_from 127.0.0.1/32;
	real_ip_header proxy_protocol;

	
	
        location / {
            proxy_pass http://up-demo.local;
        }
	

         
	 
        location /nginx_status {
            stub_status on;
            access_log off;
        }
    }  
     

     

    include       /etc/nginx/conf.d/*.conf;
}

stream {
    # main log compatible format
    log_format stream '$remote_addr - - [$time_local] "$ssl_preread_server_name -> $name ($protocol)" '
                          '$status $bytes_sent "" "" "" ';
    map $ssl_preread_server_name $name {
	
	demo.local 127.0.0.1:4000; 
	
	
    }
    
    upstream pt-up-demo.local {
	
	
	server 10.0.1.3:8080;
	 
	 
    } 

    
    
    
     
     

    server {
	listen 443;
	proxy_pass $name;
	proxy_protocol on;
	ssl_preread on;
	access_log /dev/stdout stream;
    }
}

(Evan) #4

This actually looks pretty good. Did you try the request again after a short time? Sometimes it can take the cluster up to 30 seconds to publish the service.


(Cgjimwel) #5

Hi,

I figured out the problem I was having. By default the Routing Mesh when setting up is default for SSL enabled on port 8443. So by doing a:

curl -vsk https://demo.local:8443/ping

It simply worked. I also tested by setting this also on port 443, and this works as well. Thanks for your help.


(Evan) #6

Ah cool. Glad you got it working!