Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Struggling to use HTTPS / Enable HAPROXY_SSL #245

Closed
sllabres opened this issue Jan 19, 2017 · 5 comments
Closed

Struggling to use HTTPS / Enable HAPROXY_SSL #245

sllabres opened this issue Jan 19, 2017 · 5 comments

Comments

@sllabres
Copy link

Hello,

We've been able to run the platform without issue using HTTP only. However, we're looking to run all our services / web apps over https. We've enabled the flag "HAPROXY_SSL" as per readme and mapped pem file. Subsequent requests are rejected by haproxy.

We've spent a fair bit of time looking through a number of scripts (haproxy.cfg, haproxy.cfg.ctmpl, haproxy_reload.sh). We've learned that haproxy.cfg uses an environment variable "PORT_HTTP" to set the port binding (line 37).

We removed that variable and manually set it to "443" we're able to access the application.

We put the variable back in the haproxy.cfg file and set the PORT_HTTP variable ourselves to 443 and then ran haproxy_reload.sh. This stopped the application working. We've seen that line 63 in haproxy_reload.sh sets the variable that the haproxy.cfg file uses, which appears to set it to a blank value in its default state.

My bash isn't up to much so I'm not clear on what's stupposed to happen and if we've missed a setting elsewhere in our configuration / application setup.

Would anyone be able to offer some help / guidance?

Thank you,

Seb
sielaq pushed a commit to sielaq/PanteraS that referenced this issue Jan 19, 2017
Fix for eBayClassifiedsGroup#245
345f9d9
@sielaq
Copy link
Contributor

sielaq commented Jan 19, 2017

I suspect that you have first tried with no SSL (port 80) and then you have enabled ( port 443)
and that cleanup of previous iptables mapping did work.
Seems like we have missed the fix that was already mentioned in some issue before.

sielaq added a commit that referenced this issue Jan 19, 2017
@sielaq
Merge pull request #246 from sielaq/master
551ac7e 
Fix for #245
@sielaq
Copy link
Contributor

sielaq commented Jan 19, 2017
edited
Loading

please wait till latest image is build and try again (pull the latest and re-tag it for 0.3.3 version)

@sielaq
Copy link
Contributor

sielaq commented Jan 19, 2017
edited
Loading 

docker pull panteras/paas-in-a-box:latest
docker tag panteras/paas-in-a-box:latest panteras/paas-in-a-box:0.3.3
docker-compose rm -f
docker-compose up -d
docker exec -ti <name> bash
supervisotctl restart consul-template_haproxy

the last command should stop and do the cleanup up of your current iptables , and start ( set up a new with 443 port)

@sielaq
Copy link
Contributor

sielaq commented Jan 26, 2017

any update on this ?

@sllabres
Copy link
Author

Apologies for the slow reply. I've been away. My team picked it up in my absence and it worked perfectly.

Thank you!

We're still struggling to get HTTPS working in full as our marathon health checks are failing. I suspect we're missing something daft!

@sielaq sielaq closed this as completed Apr 29, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sllabres @sielaq