Re: Passthrough TLS route not working
Hm, then you lose the ability to do cookie based load balancing On Fri, Jan 19, 2018, 5:11 PM Joel Pearsonwrote: > In the reference implementation they use Classic ELB load balancers in TCP > mode: > > See this cloud formation template: > https://github.com/openshift/openshift-ansible-contrib/blob/master/reference-architecture/aws-ansible/playbooks/roles/cloudformation-infra/files/greenfield.json.j2#L763 > > On Sat, Jan 20, 2018 at 8:55 AM Joel Pearson < > japear...@agiledigital.com.au> wrote: > >> What mode are you running the AWS load balancers in? You probably want to >> run them as TCP load balancers and not HTTP. That way as you say the SNI >> will not get messed with. >> On Sat, 20 Jan 2018 at 4:45 am, Marc Boorshtein >> wrote: >> >>> So if I bypass the AWS load balancer, everything works great. Why >>> doesn't HAProxy like the incoming requests? I'm trying to debug the issue >>> by enabling logging with >>> >>> oc set env dc/router ROUTER_SYSLOG_ADDRESS=127.0.0.1 ROUTER_LOG_LEVEL=debug >>> >>> But the logging doesn't seem to get there (I also tried a remote server as >>> well). I'm guessing this is probably an SNI configuration issue? >>> >>> >>> >>> On Fri, Jan 19, 2018 at 11:59 AM Marc Boorshtein >>> wrote: >>> I'm running origin 3.7 on AWS. I have an AWS load balancer in front of my infrastructure node. I have a pod listening on TLS on port 9090. The service links to the pod and then I have a route that is setup with passthrough tls to the pod, but every time i try to access it I get the "Application is not availble" screen even though looking in the console the service references both the router and the pod. I have deployments that do the same thing but will only work with re-encrypt. Am I missing something? Is there an issue using the AWS load balancer with passthrough? Thanks >>> ___ >>> users mailing list >>> users@lists.openshift.redhat.com >>> http://lists.openshift.redhat.com/openshiftmm/listinfo/users >>> >> ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
Re: Passthrough TLS route not working
In the reference implementation they use Classic ELB load balancers in TCP mode: See this cloud formation template: https://github.com/openshift/openshift-ansible-contrib/blob/master/reference-architecture/aws-ansible/playbooks/roles/cloudformation-infra/files/greenfield.json.j2#L763 On Sat, Jan 20, 2018 at 8:55 AM Joel Pearsonwrote: > What mode are you running the AWS load balancers in? You probably want to > run them as TCP load balancers and not HTTP. That way as you say the SNI > will not get messed with. > On Sat, 20 Jan 2018 at 4:45 am, Marc Boorshtein > wrote: > >> So if I bypass the AWS load balancer, everything works great. Why >> doesn't HAProxy like the incoming requests? I'm trying to debug the issue >> by enabling logging with >> >> oc set env dc/router ROUTER_SYSLOG_ADDRESS=127.0.0.1 ROUTER_LOG_LEVEL=debug >> >> But the logging doesn't seem to get there (I also tried a remote server as >> well). I'm guessing this is probably an SNI configuration issue? >> >> >> >> On Fri, Jan 19, 2018 at 11:59 AM Marc Boorshtein >> wrote: >> >>> I'm running origin 3.7 on AWS. I have an AWS load balancer in front of >>> my infrastructure node. I have a pod listening on TLS on port 9090. The >>> service links to the pod and then I have a route that is setup with >>> passthrough tls to the pod, but every time i try to access it I get the >>> "Application is not availble" screen even though looking in the console the >>> service references both the router and the pod. I have deployments that do >>> the same thing but will only work with re-encrypt. Am I missing >>> something? Is there an issue using the AWS load balancer with passthrough? >>> >>> Thanks >>> >> ___ >> users mailing list >> users@lists.openshift.redhat.com >> http://lists.openshift.redhat.com/openshiftmm/listinfo/users >> > ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
Re: Passthrough TLS route not working
What mode are you running the AWS load balancers in? You probably want to run them as TCP load balancers and not HTTP. That way as you say the SNI will not get messed with. On Sat, 20 Jan 2018 at 4:45 am, Marc Boorshteinwrote: > So if I bypass the AWS load balancer, everything works great. Why doesn't > HAProxy like the incoming requests? I'm trying to debug the issue by > enabling logging with > > oc set env dc/router ROUTER_SYSLOG_ADDRESS=127.0.0.1 ROUTER_LOG_LEVEL=debug > > But the logging doesn't seem to get there (I also tried a remote server as > well). I'm guessing this is probably an SNI configuration issue? > > > > On Fri, Jan 19, 2018 at 11:59 AM Marc Boorshtein > wrote: > >> I'm running origin 3.7 on AWS. I have an AWS load balancer in front of >> my infrastructure node. I have a pod listening on TLS on port 9090. The >> service links to the pod and then I have a route that is setup with >> passthrough tls to the pod, but every time i try to access it I get the >> "Application is not availble" screen even though looking in the console the >> service references both the router and the pod. I have deployments that do >> the same thing but will only work with re-encrypt. Am I missing >> something? Is there an issue using the AWS load balancer with passthrough? >> >> Thanks >> > ___ > users mailing list > users@lists.openshift.redhat.com > http://lists.openshift.redhat.com/openshiftmm/listinfo/users > ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
Re: Passthrough TLS route not working
So if I bypass the AWS load balancer, everything works great. Why doesn't HAProxy like the incoming requests? I'm trying to debug the issue by enabling logging with oc set env dc/router ROUTER_SYSLOG_ADDRESS=127.0.0.1 ROUTER_LOG_LEVEL=debug But the logging doesn't seem to get there (I also tried a remote server as well). I'm guessing this is probably an SNI configuration issue? On Fri, Jan 19, 2018 at 11:59 AM Marc Boorshteinwrote: > I'm running origin 3.7 on AWS. I have an AWS load balancer in front of my > infrastructure node. I have a pod listening on TLS on port 9090. The > service links to the pod and then I have a route that is setup with > passthrough tls to the pod, but every time i try to access it I get the > "Application is not availble" screen even though looking in the console the > service references both the router and the pod. I have deployments that do > the same thing but will only work with re-encrypt. Am I missing > something? Is there an issue using the AWS load balancer with passthrough? > > Thanks > ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users