Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

in Connect, I cannot expose path for HTTPS endpoints inside the container #20930

Open
cottand opened this issue Mar 28, 2024 · 0 comments · May be fixed by #21134
Open

in Connect, I cannot expose path for HTTPS endpoints inside the container #20930

cottand opened this issue Mar 28, 2024 · 0 comments · May be fixed by #21134

Comments

@cottand
Copy link

cottand commented Mar 28, 2024

Feature Description

Allow using Expose Paths with HTTPS, in addition to the existing http and http2 modes.

My alternatives

  • I downgrade the server I want to expose from HTTP to HTTPS (not an option for me)
  • I expose the HTTPS server outside of the Connect network (but intentions won't apply!)

Use Case(s)

I am using cockroachdb, set up with my own self-signed certificates manually (because otherwise it enters this restrictive 'insecure' mode).

It exposes health checks and metrics endpoints I would like to scrape with prometheus, but these are served via HTTPS only.

I tried using the expose config with Nomad, but it seems that TLS is terminated somewhere by the sidecar:

# the sidecar proxy exposes the path at 10.10.0.1:20373

❯ curl 10.10.0.1:20373/_status/vars
# this is returned by the cockroachdb HTTP server and forwarded appropriately:
<a href="https://10.10.0.1:20373/_status/vars">Temporary Redirect</a>.


❯ curl https://10.10.0.1:20373/_status/vars
# sidecar returned HTTP response?
curl: (35) LibreSSL/3.3.6: error:1404B42E:SSL routines:ST_CONNECT:tlsv1 alert protocol version

I do not mind that the sidecar terminates HTTPS and exposes the path at HTTP (although ideally it would not terminate TLS at all) but in this case I would expect to be able to reach my container's HTTPS endpoint for scraping

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

1 participant