Hi Marcello. on Dienstag, 17. Oktober 2017 at 09:11 was written:
> Hi, > I'm using a re-encrypt configuration to preserve the x-forwrded-for > information. The configuration is: > > Name: callcentergw-dev-external > Namespace: dev-shared > Created: 17 hours ago > Labels: <none> > Annotations: <none> > Requested Host: callcenter.test.local > exposed on router router 17 hours ago > Path: <none> > TLS Termination: reencrypt > Insecure Policy: Redirect > Endpoint Port: 443-tcp > Service: callcentergw-dev > Weight: 100 (100%) > Endpoints: 10.131.0.138:443, 10.131.0.138:80 I miss the destinationCACertificate maybe it's shown with export. oc export route -n dev-shared callcentergw-dev-external You can add in the GUI (=> Webinterface ) all four values under "Security" settings. There is a section "Certificates" . key: [as in edge termination] certificate: [as in edge termination] caCertificate: [as in edge termination] destinationCACertificate: ... Please can you also show us the output of curl -vk callcenter.test.local > Marcello Best Regards Aleks > Il 16 Ott 2017 20:45, "Aleksandar Lazic" <[email protected]> ha scritto: > Hi Marcello. > on Montag, 16. Oktober 2017 at 15:23 was written: >> Hi, >> I have tried it and it worked fine but the problem is override the >> default wildcard certificate and configure a different certificate, >> because it's not possible to configure the intermediate CA chain into >> the admin panel. I tried to configure the CA cert with the root CA and >> the subordinate CA files and the router is ok but if I navigate the >> new route I received a security error. > do you use reencrypted or passthrough route > please can you show us the output of. > oc get route -n your-project > oc describe route -n your-project your-route > Best Regards > Aleks >> Marcello >> On Thu, Oct 12, 2017 at 1:14 PM, Aleksandar Lazic <[email protected]> >> wrote: >> >> Hi Marcello Lorenzi. >> have you used -servername in s_client? >> The ssl solution is based on sni ( >> https://en.wikipedia.org/wiki/Server_Name_Indication ) >> Regards >> Aleks >> on Donnerstag, 12. Oktober 2017 at 13:02 was written: >> Hi All, >> thanks for the response and we checked the configuration. If I tried >> to check the certificated propagate with the passthrough configuration >> with openssl s_client and the certificate provided is the wilcard >> domain certificate and not the pod itself. Is it normal? >> Thanks, >> Marcello >> On Thu, Oct 12, 2017 at 10:34 AM, Aleksandar Lazic <[email protected]> >>wrote: >> Hi. >> Additionally to joel suggestion can you also use reencrypted route >> if you want to talk encrypted with apache webserver. >> https://docs.openshift.org/3.6/architecture/networking/routes.html#re-encryption-termination >> Regards >> Aleks >> on Mittwoch, 11. Oktober 2017 at 15:51 was written: >> Sorry I meant it say, it *cannot modify the http request in any way. >> On Thu, 12 Oct 2017 at 12:51 am, Joel Pearson >> <[email protected]> wrote: >> Hi Marcelo, >> If you use Passthrough termination then that means that OpenShift >> cannot add the X-Forwarded-For header, because as the name suggests it >> is just passing the packets through and because it’s encrypted it can >> modify the http request in anyway. >> If you want X-Forwarded-For you will need to switch to Edge termination. >> Thanks, >> Joel >> On Thu, 12 Oct 2017 at 12:27 am, Marcello Lorenzi <[email protected]> >>wrote: >> Hi All, >> we tried to configure a route on Origin 3.6 with a Passthrough >> termination to an Apache webserver present into a single POD but we >> can't notice the X-Forwarded-Header to Apache logs. We tried to capture it >> without success. >> Could you confirm if there are some method to extract it from the POD side? >> Thanks, >> Marcello >> _______________________________________________ >> users mailing list >> [email protected] >> http://lists.openshift.redhat.com/openshiftmm/listinfo/users-- >> Kind Regards, >> Joel Pearson >> Agile Digital | Senior Software Consultant >> Love Your Software™ | ABN 98 106 361 273 >> p: 1300 858 277 | m: 0405 417 843 | w: agiledigital.com.au-- >> Kind Regards, >> Joel Pearson >> Agile Digital | Senior Software Consultant >> Love Your Software™ | ABN 98 106 361 273 >> p: 1300 858 277 | m: 0405 417 843 | w: agiledigital.com.au
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
