Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bad Request This combination of host and port requires TLS. #138

Closed
m4dm4rtig4n opened this issue Feb 8, 2024 · 4 comments
Closed

Bad Request This combination of host and port requires TLS. #138

m4dm4rtig4n opened this issue Feb 8, 2024 · 4 comments

Comments

@m4dm4rtig4n
Copy link

Reporting bugs/issues

Hello,

I have deploy your container in k8s cluster with ingress behind and redirect my ingress to 8443 but i have this error message :

Bad Request
This combination of host and port requires TLS.

I'm in HTTPS, but communication beetwen my ingress (traefik) and Unifi container is n HTTP.

me -> (https) -> ingress -> (http) -> container

It's possible to disable SSL Check if all SSL layer is supported behind container ?
@goofball222
Copy link
Owner

You're trying to send unencrypted http requests/traffic from Traefik to UniFi on a https port that requires SSL/TLS, thus the error.

Either send the requests to the UniFi standard http port 8080 or if UniFi is configured to redirect to https, configure Traefik to use https when communicating with the UniFi container(s). In that instance you might also need to set Traefik serversTransport to insecureSkipVerify to disable internal SSL certificate validation.

@m4dm4rtig4n
Copy link
Author

m4dm4rtig4n commented Feb 8, 2024
edited
Loading

Hello @goofball222 i have allready sent it :/

apiVersion: traefik.containo.us/v1alpha1
kind: ServersTransport
metadata:
  labels:
    kustomize.toolkit.fluxcd.io/name: unifi
    kustomize.toolkit.fluxcd.io/namespace: unifi
  name: traefik-insecureskipverify
  namespace: unifi
spec:
  insecureSkipVerify: true

My Chart :
Port => 8443

apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
  name: ${name}
  annotations:
    fluxcd.io/automated: "true"
spec:
  releaseName: ${name}
  timeout: 1m
  interval: 10m
  chart:
    spec:
      chart: app-template
      version: 2.0.3
      sourceRef:
        kind: HelmRepository
        name: bjw-s
        namespace: flux-infra
      interval: 1m
  values:
    #
    #    DEFAULT VALUE YAML
    #    https://github.com/bjw-s/helm-charts/blob/main/charts/library/common/values.yaml
    #
    service:
      main:
        type: LoadBalancer
        loadBalancerIP: ${loadBalancerIP}
        ports:
          http:
            port: ${port}       
            targetPort: ${port}     
          inform:
            # controller:
            enable: true
            port: 8080
            protocol: TCP
            targetPort: 8080
          portail-http:
            enabled: true
            port: 8880
            protocol: HTTP
            targetPort: 8880
          portail-https:
            enable: true
            port: 8843
            protocol: TCP
            targetPort: 8843
          android:
            enable: true
            port: 6789
            protocol: TCP
            targetPort: 6789
          stun:
            enable: true
            port: 3478
            protocol: UDP
            targetPort: 3478
          syslog:
            enable: true
            port: 5514
            protocol: UDP
            targetPort: 5514
          discovery:
            enable: true
            port: 10001
            protocol: UDP
            targetPort: 10001
    defaultPodOptions:
      dnsConfig:
        options:
          - name: ndots
            value: "1"
      nodeSelector:
        kubernetes.io/arch: amd64
    controllers:
      main:
        enabled: true
        type: statefulset
        replicas: 1
        strategy: RollingUpdate
        rollingUpdate:
          unavailable: 1
          surge: 1
        revisionHistoryLimit: 3
        containers:
          main:
            image:
              repository: ${docker_image}
              tag: 8.0.28 # {"$imagepolicy": "unifi:unifi:tag"}
              pullPolicy: Always
            resources:
              limits:
                memory: 1024Mi
              requests:
            env:
              TZ: Europe/Paris
              RUNAS_UID0: "true"
              UNIFI_UID: "0"
              UNIFI_GID: "0"
              JVM_INIT_HEAP_SIZE:
              JVM_MAX_HEAP_SIZE: 1024M
              UNIFI_DB_NAME: ${name}
              DB_MONGO_LOCAL: false
              DB_MONGO_URI: mongodb://${name}-mongodb/${name}
              STATDB_MONGO_URI: mongodb://${name}-mongodb/${name}_stat            
              UNIFI_HTTPS_REDIRECT: false
            probes:
              liveness:
                enabled: false
              readiness:
                enabled: false
              startup:
                enabled: false
    ingress:
      main:
        enabled: true
        annotations:
          external-dns.alpha.kubernetes.io/target: ${external_domain}
          kubernetes.io/ingress.class: traefik
          cert-manager.io/cluster-issuer: letsencrypt-cloudflare
          traefik.ingress.kubernetes.io/router.middlewares: authelia-authelia@kubernetescrd
          traefik.ingress.kubernetes.io/router.entrypoints: websecure
          traefik.ingress.kubernetes.io/router.tls: "true"
          gethomepage.dev/enabled: "true"
          gethomepage.dev/name: "${name_beautiful}"
          gethomepage.dev/description: "${description}"
          gethomepage.dev/group: "${group}"
          gethomepage.dev/icon: "${icon}"
        hosts:
          - host: ${subdomain}.${external_domain}
            paths:
              - path: /
                pathType: Prefix
                service:
                  name: ${service_name}
                  port: ${port} 
          - host: ${subdomain}.${internal_domain}
            paths:
              - path: /
                pathType: Prefix
                service:
                  name: ${service_name}
                  port: ${port} 
        tls:
          - secretName: ${name}-tls
            hosts:
              - ${subdomain}.${external_domain}
              - ${subdomain}.${internal_domain}
    persistence:
      cert:
        enabled: true
        accessMode: ReadWriteOnce
        size: 1Gi
        globalMounts:
          - path: /usr/lib/unifi/cert
      data:
        enabled: true
        accessMode: ReadWriteOnce
        size: 1Gi
        globalMounts:
          - path: /usr/lib/unifi/data
      logs:
        enabled: true
        accessMode: ReadWriteOnce
        size: 1Gi
        globalMounts:
          - path: /usr/lib/unifi/logs

@m4dm4rtig4n
Copy link
Author

m4dm4rtig4n commented Feb 9, 2024
edited
Loading

I have found solution :)
Add this annotation to service (not ingress) to configure destination service in https.

        annotations:
          traefik.ingress.kubernetes.io/service.serversscheme: https

image

@m4dm4rtig4n
Copy link
Author

@goofball222 with this solution you keep TLS in full road.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@m4dm4rtig4n @goofball222