-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Technical Questions #3
Comments
Good questions! Some answers below:
https://gravitational.com/teleport/docs/admin-guide/#graceful-restarts
We usually recommend to use systemd units for background operatoin
This is not an expected behavior, so it might be a bug
|
One extra note on the part of
This can be a gotcha for some people. Teleport requires a TLS/SSL cert for the proxy, this is in reference to For hosts that terminate TLS/SSL at the load balancer we provide the We also have this example that shows obtaining it with ACM https://gravitational.com/teleport/docs/aws_oss_guide/#prerequisites |
|
yes, thank you! |
@benarent On a slightly different tangent with the |
this is a good observation, the way it works is that |
OK that's the answer to my question! Thanks. Updating the CLI docs will definitely help. At a first run I would assume that most people haven't read the CLI docs very deeply so the messaging there isn't as crucial at least for early-stage users. Would it make sense to add an instruction to ensure that I'll think about where to add the info about |
I think these issues on the main repo have already summarized what I experience gravitational#2910 gravitational#2040 If you want a new issue though I'm happy to do that! |
Just filed this bug on |
teleport
or is^C
/kill
the right way at the moment?teleport start &
?tsh join
will work only from hosts that can reach the advertised IP of a node such as a public-facing IP or from a client that can access the private IP. For example, from my machine I cantsh join
a remote session if the advertised IP is explicitly set to a public IP but not if it is defaulted tolocalhost
or the private10.x.x.x
IP. This is different from what I expected since it doesn't match the behavior oftsh ssh
. In the Architecture section the diagrams are pretty good at showing how data flows through the proxy server usingtsh ssh
but I'm assuming this doesn't work the same way withtsh join
. Is that correct? Any additional feedback here would be great!/var/lib/teleport/webproxy_cert.pem
but that doesn't appear to be the one that is used. At one point I got a ssh handshake error (which I was able to fix) that had these principles listed `["[host_uuid].[hostname]" "[nodename | hostname]" "remote.kube.proxy.teleport.cluster.local"].The text was updated successfully, but these errors were encountered: