Hi, I have a https (self signed) RESTAPI running in a container on localhost(uses host networking) that I'm trying to access from my cockpit plugin. However, despite numerous changes, I can't get it to work.
Can someone tell me what I'm doing wrong? I've confirmed that the crt and key files work against the API with curl curl -i -k --key /etc/ansible-runner-service/certs/client/client.key --cert /etc/ansible-runner-service/certs/client/client.crt https://localhost:5001/api/v1/playbooks HTTP/1.1 200 OK Server: nginx/1.12.2 Date: Thu, 09 May 2019 05:43:05 GMT Content-Type: application/json Content-Length: 183 Connection: keep-alive The client crt and key files start with "----BEGIN CERTIFICATE-----", and "-----BEGIN RSA PRIVATE KEY-----" respectively - so I believe the format is OK. they also are readable [root@rh460p client]# ls -al total 32 drwxr-xr-x. 2 root root 4096 May 9 16:37 . drwxr-xr-x. 5 root root 4096 May 9 17:16 .. -rw-r--r--. 1 root root 1424 May 9 12:39 client.crt -rw-r--r--. 1 root root 891 May 9 12:39 client.key (The client key was created with 1024bits) My plugin has this defined for the http interaction; const apiPort = 5001; const apiHost = 'localhost'; const http = cockpit.http({ "address": apiHost, "port": apiPort, "tls": { "certificate": { "file": "/etc/ansible-runner-service/certs/client/client.crt", }, "key": { "file": "/etc/ansible-runner-service/certs/client/client.key", }, "validate": false // localhost isn't tls validated anyway } }); export function checkAPI(svcToken) { console.log("checking API is there @ " + now()); return http.get("api"); // , null, {Authorization: svcToken}); } When checkAPI gets called the connection to the API fails. In the client browser I get error {"status":400,"reason":"Bad Request","message":"Bad Request","problem":null} In nginx's log within the container, I see [info] 19#0: *72 client sent invalid request while reading client request line, client: 127.0.0.1, server: , request: "GET api HTTP/1.1" I get the same result with and without selinux enabled (couldn't see any denied messages in the audit.log anyway!) Hopefully this makes some sense... _______________________________________________ cockpit-devel mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
