Thanks Ketan, So GO_SERVER_URL should point to the SSL port you want your agent to talk to. Great. (That was not obvious from the documentation IMHO.)
/ Fredrik 2016-11-21 10:54 GMT+01:00 Ketan Padegaonkar <[email protected]>: > On Mon, Nov 21, 2016 at 3:11 PM Fredrik Wendt <[email protected]> > wrote: > >> Thanks Andrew! >> I only have one concern really, and that is: >> * how to configure the gocd server so that agents know the canonical >> URL/endpoints >> > * do you point the agents to 8154 port? >> > > It is the agents that need to know the endpoint of your server (including > port 8154). The server url you refer to, is primarily used to generate some > urls in emails that get sent out. > > Before 16.7 users were expected to provide an ip/hostname in GO_SERVER > (which was expected to only contain a hostname), the initial handshake was > over HTTP after which the agent knew what SSL port to connect to — > > $ curl --silent http://your-go-server:8153/go/admin/agent --head | grep > Port > Cruise-Server-Ssl-Port: 8154 > > This mechanism was inherently insecure and prone to MITM attacks, so it > was decided to implement end-to-end-transport-security > <https://docs.go.cd/current/installation/ssl_tls/end_to_end_transport_security.html>. > You're now expected to set a GO_SERVER_URL (instead of a GO_SERVER) in > order to configure the agent. The agent still supports GO_SERVER for > backward compatibility, but that support will be removed soon. > > -- > You received this message because you are subscribed to a topic in the > Google Groups "go-cd" group. > To unsubscribe from this topic, visit https://groups.google.com/d/ > topic/go-cd/9dBuLWlgis0/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- cell: +46 702 778511 skype: fredrikwendt -- You received this message because you are subscribed to the Google Groups "go-cd" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
