-
Notifications
You must be signed in to change notification settings - Fork 4.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
HAProxy routes stop working when invalid cert/key is uploaded for any of route #1706
Labels
kind/bug
Categorizes issue or PR as related to a bug.
Comments
@abhgupta could someone on the runtime team look into this? |
@pweil- Can you please take a look at this? |
Yes, I'll take a look to see what kind of validations we can put in place. |
Status update: there are two issues here:
|
PR for item 1 above: #1817 |
PR for item 2 above: #1824 |
Closing in favor of remaining PR: #1824 |
Hello, Has this been fixed? And in what version? Thanks! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
If a user misconfigures SSL for one of its routes then HAProxy stops completely serving all routes with message in log
2015-04-13T05:04:55.840373604Z [ALERT] 102/010455 (9097) : Fatal errors found in configuration.
2015-04-13T05:05:43.460748843Z E0413 01:05:43.460661 1 router.go:126] Error reloading router: exit status 1
2015-04-13T05:05:43.460748843Z Reload output: + config_file=/var/lib/haproxy/conf/haproxy.config
2015-04-13T05:05:43.460748843Z + pid_file=/var/lib/haproxy/run/haproxy.pid
2015-04-13T05:05:43.460748843Z + old_pid=
2015-04-13T05:05:43.460748843Z + '[' -f /var/lib/haproxy/run/haproxy.pid ']'
2015-04-13T05:05:43.460748843Z + old_pid=6061
2015-04-13T05:05:43.460748843Z + '[' -n 6061 ']'
2015-04-13T05:05:43.460748843Z + /usr/sbin/haproxy -f /var/lib/haproxy/conf/haproxy.config -p /var/lib/haproxy/run/haproxy.pid -sf 6061
2015-04-13T05:05:43.460748843Z [ALERT] 102/010543 (9100) : parsing [/var/lib/haproxy/conf/haproxy.config:66] : 'bind 127.0.0.1:10444' : inconsistencies between private key and certificate loaded from PEM file '/var/lib/containers/router/certs/ws.cloudapps.example.com.pem'.
2015-04-13T05:05:43.460748843Z [ALERT] 102/010543 (9100) : Error(s) found in configuration file : /var/lib/haproxy/conf/haproxy.config
2015-04-13T05:05:43.460748843Z [WARNING] 102/010543 (9100) : Setting tune.ssl.default-dh-param to 1024 by default, if your workload permits it you should set it to at least 2048. Please set a value >= 1024 to make this warning disappear.
2015-04-13T05:05:43.460748843Z [ALERT] 102/010543 (9100) : Fatal errors found in configuration.
Albeit all routes were remove the message still appears in the log.
I see two problems right now
If I remove the offending file form container then it starts working again
The text was updated successfully, but these errors were encountered: