You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Allow using Expose Paths with HTTPS, in addition to the existing http and http2 modes.
My alternatives
I downgrade the server I want to expose from HTTP to HTTPS (not an option for me)
I expose the HTTPS server outside of the Connect network (but intentions won't apply!)
Use Case(s)
I am using cockroachdb, set up with my own self-signed certificates manually (because otherwise it enters this restrictive 'insecure' mode).
It exposes health checks and metrics endpoints I would like to scrape with prometheus, but these are served via HTTPS only.
I tried using the expose config with Nomad, but it seems that TLS is terminated somewhere by the sidecar:
# the sidecar proxy exposes the path at 10.10.0.1:20373
❯ curl 10.10.0.1:20373/_status/vars
# this is returned by the cockroachdb HTTP server and forwarded appropriately:
<a href="https://10.10.0.1:20373/_status/vars">Temporary Redirect</a>.
❯ curl https://10.10.0.1:20373/_status/vars
# sidecar returned HTTP response?
curl: (35) LibreSSL/3.3.6: error:1404B42E:SSL routines:ST_CONNECT:tlsv1 alert protocol version
I do not mind that the sidecar terminates HTTPS and exposes the path at HTTP (although ideally it would not terminate TLS at all) but in this case I would expect to be able to reach my container's HTTPS endpoint for scraping
The text was updated successfully, but these errors were encountered:
Feature Description
Allow using Expose Paths with HTTPS, in addition to the existing
http
andhttp2
modes.My alternatives
Use Case(s)
I am using cockroachdb, set up with my own self-signed certificates manually (because otherwise it enters this restrictive 'insecure' mode).
It exposes health checks and metrics endpoints I would like to scrape with prometheus, but these are served via HTTPS only.
I tried using the expose config with Nomad, but it seems that TLS is terminated somewhere by the sidecar:
I do not mind that the sidecar terminates HTTPS and exposes the path at HTTP (although ideally it would not terminate TLS at all) but in this case I would expect to be able to reach my container's HTTPS endpoint for scraping
The text was updated successfully, but these errors were encountered: