Created
January 30, 2018 23:52
-
-
Save negz/5975feb8844e1edae22fb23bdd933e2f to your computer and use it in GitHub Desktop.
linkerd HTTPS failure
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"/$/inet/localhost/8001": { | |
"state": "bound", | |
"addresses": [ | |
"localhost:8001" | |
] | |
}, | |
"/$/io.buoyant.rinet/443/www.example.org": { | |
"state": "bound", | |
"addresses": [ | |
"www.example.org:443" | |
] | |
}, | |
"/$/io.buoyant.rinet/443/example.org": { | |
"state": "bound", | |
"addresses": [ | |
"example.org:443" | |
] | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
namers: | |
- kind: io.l5d.k8s | |
prefix: /io.l5d.k8s.http | |
transformers: | |
- kind: io.l5d.k8s.daemonset | |
namespace: kube-system | |
port: http-incoming | |
service: l5d | |
hostNetwork: true | |
routers: | |
- label: http-outgoing | |
originator: true | |
protocol: http | |
servers: | |
- port: 4140 | |
ip: 0.0.0.0 | |
# This cap is specific to this particular router. It does not guarantee | |
# that linkerd as a whole will only allow 5000 concurrent connections. | |
maxConcurrentRequests: 5000 | |
dtab: | | |
/ph => /$/io.buoyant.rinet ; # /ph/80/google.com -> /$/io.buoyant.rinet/80/google.com | |
/svc => /ph/80 ; # /svc/google.com -> /ph/80/google.com | |
/svc => /$/io.buoyant.porthostPfx/ph ; # /svc/google.com:80 -> /ph/80/google.com | |
/k8s => /#/io.l5d.k8s.http ; # /k8s/default/http/foo -> /#/io.l5d.k8s.http/default/http/foo | |
/portNsSvc => /#/portNsSvcToK8s ; # /portNsSvc/http/default/foo -> /k8s/default/http/foo | |
/host => /portNsSvc/http/default ; # /host/foo -> /portNsSvc/http/default/foo | |
/host => /portNsSvc/http ; # /host/default/foo -> /portNsSvc/http/default/foo | |
/svc => /$/io.buoyant.http.domainToPathPfx/host ; # /svc/foo.default -> /host/default/foo | |
client: | |
kind: io.l5d.static | |
configs: | |
- prefix: "/$/io.buoyant.rinet/443/{service}" | |
tls: | |
commonName: "{service}" | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
https_proxy=http://${NODE_NAME}:4140 curl -v https://www.example.org | |
* Rebuilt URL to: https://www.example.org/ | |
* Trying 10.176.0.21... | |
* Connected to tfk-uc11-wrk-75br-h8m3.c.planet-k8s-prod.internal (10.176.0.21) port 4140 (#0) | |
* Establish HTTP proxy tunnel to www.example.org:443 | |
> CONNECT www.example.org:443 HTTP/1.1 | |
> Host: www.example.org:443 | |
> User-Agent: curl/7.47.0 | |
> Proxy-Connection: Keep-Alive | |
> | |
< HTTP/1.1 400 Bad Request | |
< Content-Type: text/html | |
< Content-Length: 349 | |
< Date: Tue, 30 Jan 2018 23:47:47 GMT | |
< Server: ECSF (ord/4CB9) | |
< l5d-success-class: 1.0 | |
< Via: 1.1 linkerd | |
< | |
* Received HTTP code 400 from proxy after CONNECT | |
* Closing connection 0 | |
curl: (56) Received HTTP code 400 from proxy after CONNECT |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment