-
-
Save mmisztal1980/37a288ded1f153774147f7fe0f213d67 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
openssl s_client -connect traefik.k8s.cloud-technologies.net:443 | |
CONNECTED(00000003) | |
4663060076:error:140790E5:SSL routines:ssl23_write:ssl handshake failure:s23_lib.c:177: | |
--- | |
no peer certificate available | |
--- | |
No client certificate CA names sent | |
--- | |
SSL handshake has read 0 bytes and written 307 bytes | |
--- | |
New, (NONE), Cipher is (NONE) | |
Secure Renegotiation IS NOT supported | |
Compression: NONE | |
Expansion: NONE | |
No ALPN negotiated | |
SSL-Session: | |
Protocol : TLSv1.2 | |
Cipher : 0000 | |
Session-ID: | |
Session-ID-ctx: | |
Master-Key: | |
Key-Arg : None | |
PSK identity: None | |
PSK identity hint: None | |
SRP username: None | |
Start Time: 1563394829 | |
Timeout : 300 (sec) | |
Verify return code: 0 (ok) | |
--- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
kubectl -n ingress logs traefik-744b9bfb5b-rmhqv | |
time="2019-07-17T20:16:15Z" level=info msg="Using TOML configuration file /config/traefik.toml" | |
time="2019-07-17T20:16:15Z" level=info msg="No tls.defaultCertificate given for https: using the first item in tls.certificates as a fallback." | |
time="2019-07-17T20:16:15Z" level=info msg="Traefik version v1.7.12 built on 2019-05-29_07:35:02PM" | |
time="2019-07-17T20:16:15Z" level=info msg="\nStats collection is disabled.\nHelp us improve Traefik by turning this feature on :)\nMore details on: https://docs.traefik.io/basics/#collected-data\n" | |
time="2019-07-17T20:16:15Z" level=info msg="Preparing server http &{Address::80 TLS:<nil> Redirect:0xc000642a80 Auth:<nil> WhitelistSourceRange:[] WhiteList:<nil> Compress:true ProxyProtocol:<nil> ForwardedHeaders:0xc000691480} with readTimeout=0s writeTimeout=0s idleTimeout=3m0s" | |
time="2019-07-17T20:16:15Z" level=info msg="Preparing server https &{Address::443 TLS:0xc00016a7e0 Redirect:<nil> Auth:<nil> WhitelistSourceRange:[] WhiteList:<nil> Compress:true ProxyProtocol:<nil> ForwardedHeaders:0xc0006914a0} with readTimeout=0s writeTimeout=0s idleTimeout=3m0s" | |
time="2019-07-17T20:16:15Z" level=info msg="Starting server on :80" | |
time="2019-07-17T20:16:15Z" level=info msg="Preparing server traefik &{Address::8080 TLS:<nil> Redirect:<nil> Auth:<nil> WhitelistSourceRange:[] WhiteList:<nil> Compress:false ProxyProtocol:<nil> ForwardedHeaders:0xc0006914c0} with readTimeout=0s writeTimeout=0s idleTimeout=3m0s" | |
time="2019-07-17T20:16:15Z" level=info msg="Starting server on :443" | |
time="2019-07-17T20:16:15Z" level=info msg="Starting server on :8080" | |
time="2019-07-17T20:16:15Z" level=info msg="Starting provider configuration.ProviderAggregator {}" | |
time="2019-07-17T20:16:15Z" level=info msg="Starting provider *kubernetes.Provider {\"Watch\":true,\"Filename\":\"\",\"Constraints\":[],\"Trace\":false,\"TemplateVersion\":0,\"DebugLogGeneratedTemplate\":false,\"Endpoint\":\"\",\"Token\":\"\",\"CertAuthFilePath\":\"\",\"DisablePassHostHeaders\":false,\"EnablePassTLSCert\":false,\"Namespaces\":null,\"LabelSelector\":\"\",\"IngressClass\":\"\",\"IngressEndpoint\":null}" | |
time="2019-07-17T20:16:15Z" level=info msg="ingress label selector is: \"\"" | |
time="2019-07-17T20:16:15Z" level=info msg="Creating in-cluster Provider client" | |
time="2019-07-17T20:16:15Z" level=info msg="Starting provider *acme.Provider {\"Email\":\"maciej.misztal@cloud-technologies.net\",\"ACMELogging\":true,\"CAServer\":\"https://acme-v02.api.letsencrypt.org/directory\",\"Storage\":\"/acme/acme.json\",\"EntryPoint\":\"https\",\"KeyType\":\"\",\"OnHostRule\":true,\"OnDemand\":false,\"DNSChallenge\":{\"Provider\":\"digitalocean\",\"DelayBeforeCheck\":0,\"Resolvers\":null,\"DisablePropagationCheck\":false},\"HTTPChallenge\":null,\"TLSChallenge\":null,\"Domains\":null,\"Store\":{}}" | |
time="2019-07-17T20:16:15Z" level=info msg="Testing certificate renew..." | |
time="2019-07-17T20:16:15Z" level=info msg="Server configuration reloaded on :80" | |
time="2019-07-17T20:16:15Z" level=info msg="Server configuration reloaded on :443" | |
time="2019-07-17T20:16:15Z" level=info msg="Server configuration reloaded on :8080" | |
time="2019-07-17T20:16:16Z" level=info msg="Server configuration reloaded on :80" | |
time="2019-07-17T20:16:16Z" level=info msg="Server configuration reloaded on :443" | |
time="2019-07-17T20:16:16Z" level=info msg="Server configuration reloaded on :8080" | |
time="2019-07-17T20:16:16Z" level=info msg="The key type is empty. Use default key type 4096." | |
time="2019-07-17T20:16:28Z" level=info msg="Server configuration reloaded on :80" | |
time="2019-07-17T20:16:28Z" level=info msg="Server configuration reloaded on :443" | |
time="2019-07-17T20:16:28Z" level=info msg="Server configuration reloaded on :8080" | |
time="2019-07-17T20:16:37Z" level=info msg=Register... | |
time="2019-07-17T20:16:37Z" level=info msg="legolog: [INFO] acme: Registering account for maciej.misztal@cloud-technologies.net" | |
time="2019-07-17T20:16:37Z" level=info msg="legolog: [INFO] [traefik.k8s.cloud-technologies.net] acme: Obtaining bundled SAN certificate" | |
time="2019-07-17T20:16:38Z" level=info msg="legolog: [INFO] [traefik.k8s.cloud-technologies.net] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz/Ck-QOFZqlNrFJg5vEFKGe84BRFyg-laayxC7wkegR7g" | |
time="2019-07-17T20:16:38Z" level=info msg="legolog: [INFO] [traefik.k8s.cloud-technologies.net] acme: Could not find solver for: tls-alpn-01" | |
time="2019-07-17T20:16:38Z" level=info msg="legolog: [INFO] [traefik.k8s.cloud-technologies.net] acme: Could not find solver for: http-01" | |
time="2019-07-17T20:16:38Z" level=info msg="legolog: [INFO] [traefik.k8s.cloud-technologies.net] acme: use dns-01 solver" | |
time="2019-07-17T20:16:38Z" level=info msg="legolog: [INFO] [traefik.k8s.cloud-technologies.net] acme: Preparing to solve DNS-01" | |
time="2019-07-17T20:16:39Z" level=info msg="legolog: [INFO] [traefik.k8s.cloud-technologies.net] acme: Trying to solve DNS-01" | |
time="2019-07-17T20:16:39Z" level=info msg="legolog: [INFO] [traefik.k8s.cloud-technologies.net] acme: Checking DNS record propagation using [10.245.0.10:53]" | |
time="2019-07-17T20:16:39Z" level=info msg="legolog: [INFO] Wait for propagation [timeout: 1m0s, interval: 5s]" | |
time="2019-07-17T20:16:42Z" level=info msg="legolog: [INFO] [traefik.k8s.cloud-technologies.net] The server validated our request" | |
time="2019-07-17T20:16:42Z" level=info msg="legolog: [INFO] [traefik.k8s.cloud-technologies.net] acme: Cleaning DNS-01 challenge" | |
time="2019-07-17T20:16:43Z" level=info msg="legolog: [INFO] [traefik.k8s.cloud-technologies.net] acme: Validations succeeded; requesting certificates" | |
time="2019-07-17T20:17:44Z" level=info msg="legolog: [INFO] [traefik.k8s.cloud-technologies.net] Server responded with a certificate." | |
time="2019-07-17T20:17:44Z" level=info msg="Server configuration reloaded on :443" | |
time="2019-07-17T20:17:44Z" level=info msg="Server configuration reloaded on :8080" | |
time="2019-07-17T20:17:44Z" level=info msg="Server configuration reloaded on :80" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
debug: | |
enabled: false | |
rbac: | |
enabled: true | |
dashboard: | |
enabled: true | |
domain: traefik.k8s.cloud-technologies.net | |
serviceType: NodePort | |
service: | |
nodeports: | |
http: 30080 | |
https: 30443 | |
ssl: | |
enabled: true | |
enforced: true | |
permanentRedirect: true | |
acme: | |
enabled: true | |
staging: false | |
logging: true | |
email: "maciej.misztal@cloud-technologies.net" | |
challengeType: "dns-01" | |
domains: | |
enabled: true | |
domainList: | |
- main: "*.k8s.cloud-technologies.net" | |
- sans: | |
- "k8s.cloud-technologies.net" | |
dnsProvider: | |
name: digitalocean | |
digitalocean: | |
DO_AUTH_TOKEN: "{token}" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
FYI the ingress is configured in nodePort mode, there's a load balancer in front of the cluster, which is routing :