Revolyssup commented on issue #2176: URL: https://github.com/apache/apisix-ingress-controller/issues/2176#issuecomment-1996891518
> The following specific logs are visible in the APISIX Log. Did SSL Handshake Failure Affect? > > ``` > 2024/03/13 15:42:17 [error] 50#50: *33439 [lua] healthcheck.lua:1383: log(): [healthcheck] (upstream#/apisix/upstreams/32eb11c7) failed SSL handshake with 'X.X.X.X (X.X.X.X:443)', using server name (sni) 'svc01.corp.com': 19: self-signed certificate in certificate chain, context: ngx.timer, client: X.X.X.X, server: 0.0.0.0:9080 > ``` he active and passive health checks on upstreams work on HTTP codes but in case the HTTP connection is never established with the upstream, like in the case of SSL handshake failure then the upstream will not be excluded from the list of available upstreams. As the healthchecks wont work, the client will get 503. This is a tcp connection failure, you can use something like unhealthy.tcp_failures -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
