[GitHub] [apisix] tokers commented on issue #5125: request help: configure etcd tls and stream_proxy at the same time, etcd cannot connect

Sat, 25 Sep 2021 19:02:50 -0700 


tokers commented on issue #5125:
URL: https://github.com/apache/apisix/issues/5125#issuecomment-927213947


   > I have verified this, the result is the same as yours, case 1 is normal, 
case 2 is abnormal
   > 
   > my configuration is as below:
   > 
   > ```yaml
   > apisix:
   >   admin_key:
   >     - name: admin
   >       key: edd1c9f034335f136f87ad84b625c8f1
   >       role: admin
   >   ssl:
   >     ssl_trusted_certificate: t/certs/apisix.crt
   >   stream_proxy:
   >     only: false
   >     tcp:
   >       - addr: 9200
   >         tls: true
   > etcd:
   >   host:
   >     - "https://test.com:12379";
   >   tls:
   >     cert: t/certs/apisix.crt
   >     key: t/certs/apisix.key
   > ```
   > 
   > and add this iterm to `/etc/hosts`
   > 
   > ```
   > 127.0.0.1       test.com
   > ```
   > 
   > case 2 error.log is:
   > 
   > ```
   > 2021/09/24 18:31:52 [warn] 24912#2151585: *35 stream [lua] v3.lua:631: 
request_chunk(): https://test.com:12379: 18: self signed certificate. Retrying, 
context: ngx.timer
   > 2021/09/24 18:31:52 [warn] 24919#2151592: *123 stream [lua] v3.lua:631: 
request_chunk(): https://test.com:12379: 18: self signed certificate. Retrying, 
context: ngx.timer
   > 2021/09/24 18:31:52 [warn] 24919#2151592: *50 stream [lua] 
health_check.lua:63: report_failure(): update endpoint: https://test.com:12379 
to unhealthy, context: ngx.timer
   > 2021/09/24 18:31:52 [warn] 24919#2151592: *50 stream [lua] v3.lua:631: 
request_chunk(): https://test.com:12379: 18: self signed certificate. Retrying, 
context: ngx.timer
   > ```
   > 
   > I found something strange, the `nginx.conf` generated by above conf is:
   > 
   > ```nginx
   > stream {
   > ……
   >     lua_ssl_trusted_certificate 
/usr/local/Cellar/apisix/t/certs/apisix.crt;
   > ……
   > 
   > http {
   >     lua_ssl_trusted_certificate 
/usr/local/Cellar/apisix/t/certs/apisix.crt;
   > ```
   > 
   > `lua_ssl_trusted_certificate` exists in both the `stream` and `http` 
subsystems, is there a conflict? @spacewander
   
   As per the description in 
[stream-lua-nginx-module](https://github.com/openresty/stream-lua-nginx-module),
 the `lua_ssl_trusted_certificate` is same to the one in http subsystem.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to