Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ClientCAFiles ignored #604

Closed
ouziel-slama opened this issue Aug 5, 2016 · 4 comments
Closed

ClientCAFiles ignored #604

ouziel-slama opened this issue Aug 5, 2016 · 4 comments
Labels
status/5-frozen-due-to-age

Comments

@ouziel-slama
Copy link

Hi,

Trying to set up TLS mutual auth but ClientCAFiles is just ignored by Traefik. The entrypoint continues to accept any connection without cert.

With containous/traefik:v1.0.2

Here my configuration file:

logLevel = "DEBUG"

defaultEntryPoints = ["https"]

[entryPoints]
  [entryPoints.https]
  address = ":443"
    [entryPoints.https.tls]
    ClientCAFiles = ["/etc/ssl/certs/cluster-cert"]
      [[entryPoints.https.tls.certificates]]
      CertFile = "/etc/ssl/certs/server-cert"
      KeyFile = "/etc/ssl/certs/server-key"

Here the beginning of the logs, CertFile and KeyFile appear in msg="Global configuration loaded .." but not ClientCAFiles. There is no errors neither warnings in the logs.

time="2016-08-05T19:12:00Z" level=info msg="Traefik version v1.0.2 built on 2016-08-02_05:29:50PM"
time="2016-08-05T19:12:00Z" level=info msg="Using TOML configuration file /etc/traefik/traefik.toml"
time="2016-08-05T19:12:00Z" level=debug msg="Global configuration loaded {\"GraceTimeOut\":10,\"Debug\":false,\"AccessLogsFile\":\"\",\"TraefikLogsFile\":\"\",\"LogLevel\":\"DEBUG\",\"EntryPoints\":{\"https\":{\"Network\":\"\",\"Address\":\":443\",\"TLS\":{\"Certificates\":[{\"CertFile\":\"/etc/ssl/certs/server-cert\",\"KeyFile\":\"/etc/ssl/certs/server-key\"}]},\"Redirect\":null}},\"Constraints\":[],\"ACME\":null,\"DefaultEntryPoints\":[\"https\"],\"ProvidersThrottleDuration\":2000000000,\"MaxIdleConnsPerHost\":200,\"Retry\":null,\"Docker\":null,\"File\":null,\"Web\":null,\"Marathon\":null,\"Consul\":null,\"ConsulCatalog\":null,\"Etcd\":null,\"Zookeeper\":null,\"Boltdb\":null,\"Kubernetes\":{\"Watch\":false,\"Filename\":\"\",\"Constraints\":null,\"Endpoint\":\"\",\"DisablePassHostHeaders\":false,\"Namespaces\":[\"default\",\"kube-system\"]}}"
time="2016-08-05T19:12:00Z" level=info msg="Preparing server https &{Network: Address::443 TLS:0xc820343a60 Redirect:<nil>}"
time="2016-08-05T19:12:00Z" level=info msg="Starting provider *provider.Kubernetes {\"Watch\":false,\"Filename\":\"\",\"Constraints\":null,\"Endpoint\":\"\",\"DisablePassHostHeaders\":false,\"Namespaces\":[\"default\",\"kube-system\"]}"
time="2016-08-05T19:12:00Z" level=info msg="Starting server on :443"
....

I tried also with the command line arguments:

--entryPoints=Name:https Address::443 TLS:/etc/ssl/certs/server-cert,/etc/ssl/certs/server-key CA:/etc/ssl/certs/cluster-cert

And got exactly the same problem.

Thanks in advance for the help.
@emilevauge
Copy link
Member

Mutual authentication is in the master, but not released yet.

@ouziel-slama
Copy link
Author

:-) oh ok! thanks for the fast answer!
Is there a planned date for this release ?

@errm
Copy link
Contributor

errm commented Sep 27, 2016

the first RC should be out quite soon (this week)

@migueleliasweb
Copy link

@errm What a great news !

@traefik traefik locked and limited conversation to collaborators Sep 1, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
status/5-frozen-due-to-age
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@errm @migueleliasweb @ouziel-slama @emilevauge @traefiker